summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-03-23 23:20:28 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-04-13 17:16:19 +0700
commit3e7fa55a8dfe954d3be4412b745c7b318e764640 (patch)
treeec61c269640aff38ba266bfc4631d14f12358c5b
parentRFC 9146: TlsBlockCipher support for connection ID (diff)
downloadBouncyCastle.NET-ed25519-3e7fa55a8dfe954d3be4412b745c7b318e764640.tar.xz
RFC 9146: DtlsEpoch tracks record header lengths
- accounts for whether connection ID is in use for read/write.
Diffstat
-rw-r--r--crypto/src/tls/DtlsEpoch.cs9
-rw-r--r--crypto/src/tls/DtlsRecordLayer.cs10
2 files changed, 16 insertions, 3 deletions
diff --git a/crypto/src/tls/DtlsEpoch.cs b/crypto/src/tls/DtlsEpoch.cs

index e4ce84948..9d88a3404 100644
--- a/crypto/src/tls/DtlsEpoch.cs
+++ b/crypto/src/tls/DtlsEpoch.cs
@@ -11,10 +11,11 @@ namespace Org.BouncyCastle.Tls
 
         private readonly int m_epoch;
         private readonly TlsCipher m_cipher;
+        private readonly int m_recordHeaderLengthRead, m_recordHeaderLengthWrite;
 
         private long m_sequenceNumber = 0;
 
-        internal DtlsEpoch(int epoch, TlsCipher cipher)
+        internal DtlsEpoch(int epoch, TlsCipher cipher, int recordHeaderLengthRead, int recordHeaderLengthWrite)
         {
             if (epoch < 0)
                 throw new ArgumentException("must be >= 0", "epoch");
@@ -23,6 +24,8 @@ namespace Org.BouncyCastle.Tls
 
             this.m_epoch = epoch;
             this.m_cipher = cipher;
+            this.m_recordHeaderLengthRead = recordHeaderLengthRead;
+            this.m_recordHeaderLengthWrite = recordHeaderLengthWrite;
         }
 
         /// <exception cref="IOException"/>
@@ -47,6 +50,10 @@ namespace Org.BouncyCastle.Tls
             get { return m_epoch; }
         }
 
+        internal int RecordHeaderLengthRead => m_recordHeaderLengthRead;
+
+        internal int RecordHeaderLengthWrite => m_recordHeaderLengthWrite;
+
         internal DtlsReplayWindow ReplayWindow
         {
             get { return m_replayWindow; }
diff --git a/crypto/src/tls/DtlsRecordLayer.cs b/crypto/src/tls/DtlsRecordLayer.cs

index 3cf04b8ac..5d8c217b0 100644
--- a/crypto/src/tls/DtlsRecordLayer.cs
+++ b/crypto/src/tls/DtlsRecordLayer.cs
@@ -122,7 +122,8 @@ namespace Org.BouncyCastle.Tls
 
             this.m_inHandshake = true;
 
-            this.m_currentEpoch = new DtlsEpoch(0, TlsNullNullCipher.Instance);
+            this.m_currentEpoch = new DtlsEpoch(0, TlsNullNullCipher.Instance, RECORD_HEADER_LENGTH,
+                RECORD_HEADER_LENGTH);
             this.m_pendingEpoch = null;
             this.m_readEpoch = m_currentEpoch;
             this.m_writeEpoch = m_currentEpoch;
@@ -175,8 +176,13 @@ namespace Org.BouncyCastle.Tls
              * lifetime."
              */
 
+            var securityParameters = m_context.SecurityParameters;
+            int recordHeaderLengthRead = RECORD_HEADER_LENGTH + (securityParameters.ConnectionIDPeer?.Length ?? 0);
+            int recordHeaderLengthWrite = RECORD_HEADER_LENGTH + (securityParameters.ConnectionIDLocal?.Length ?? 0);
+
             // TODO Check for overflow
-            this.m_pendingEpoch = new DtlsEpoch(m_writeEpoch.Epoch + 1, pendingCipher);
+            this.m_pendingEpoch = new DtlsEpoch(m_writeEpoch.Epoch + 1, pendingCipher, recordHeaderLengthRead,
+                recordHeaderLengthWrite);
         }
 
         internal virtual void HandshakeSuccessful(DtlsHandshakeRetransmit retransmit)
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-03-29 19:28:14 +0000