diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj
index f8d4fa890..043cd2b27 100644
--- a/crypto/BouncyCastle.Android.csproj
+++ b/crypto/BouncyCastle.Android.csproj
@@ -1803,7 +1803,6 @@
<Compile Include="src\tls\TlsPskIdentityManager.cs" />
<Compile Include="src\tls\TlsPskKeyExchange.cs" />
<Compile Include="src\tls\TlsRsaKeyExchange.cs" />
- <Compile Include="src\tls\TlsRsaUtilities.cs" />
<Compile Include="src\tls\TlsServer.cs" />
<Compile Include="src\tls\TlsServerCertificate.cs" />
<Compile Include="src\tls\TlsServerCertificateImpl.cs" />
diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj
index 90c686996..8f93f8013 100644
--- a/crypto/BouncyCastle.csproj
+++ b/crypto/BouncyCastle.csproj
@@ -1797,7 +1797,6 @@
<Compile Include="src\tls\TlsPskIdentityManager.cs" />
<Compile Include="src\tls\TlsPskKeyExchange.cs" />
<Compile Include="src\tls\TlsRsaKeyExchange.cs" />
- <Compile Include="src\tls\TlsRsaUtilities.cs" />
<Compile Include="src\tls\TlsServer.cs" />
<Compile Include="src\tls\TlsServerCertificate.cs" />
<Compile Include="src\tls\TlsServerCertificateImpl.cs" />
diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj
index 70e241004..6417b95b0 100644
--- a/crypto/BouncyCastle.iOS.csproj
+++ b/crypto/BouncyCastle.iOS.csproj
@@ -1798,7 +1798,6 @@
<Compile Include="src\tls\TlsPskIdentityManager.cs" />
<Compile Include="src\tls\TlsPskKeyExchange.cs" />
<Compile Include="src\tls\TlsRsaKeyExchange.cs" />
- <Compile Include="src\tls\TlsRsaUtilities.cs" />
<Compile Include="src\tls\TlsServer.cs" />
<Compile Include="src\tls\TlsServerCertificate.cs" />
<Compile Include="src\tls\TlsServerCertificateImpl.cs" />
diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj
index 62d523e33..0e9884ab2 100644
--- a/crypto/crypto.csproj
+++ b/crypto/crypto.csproj
@@ -8874,11 +8874,6 @@
BuildAction = "Compile"
/>
<File
- RelPath = "src\tls\TlsRsaUtilities.cs"
- SubType = "Code"
- BuildAction = "Compile"
- />
- <File
RelPath = "src\tls\TlsServer.cs"
SubType = "Code"
BuildAction = "Compile"
diff --git a/crypto/src/tls/TlsDHKeyExchange.cs b/crypto/src/tls/TlsDHKeyExchange.cs
index a00ed67b7..abce91faf 100644
--- a/crypto/src/tls/TlsDHKeyExchange.cs
+++ b/crypto/src/tls/TlsDHKeyExchange.cs
@@ -41,8 +41,7 @@ namespace Org.BouncyCastle.Tls
public override void ProcessServerCertificate(Certificate serverCertificate)
{
- this.m_dhPeerCertificate = serverCertificate.GetCertificateAt(0).CheckUsageInRole(ConnectionEnd.server,
- TlsCertificateRole.DH);
+ this.m_dhPeerCertificate = serverCertificate.GetCertificateAt(0).CheckUsageInRole(TlsCertificateRole.DH);
}
public override short[] GetClientCertificateTypes()
@@ -71,8 +70,7 @@ namespace Org.BouncyCastle.Tls
public override void ProcessClientCertificate(Certificate clientCertificate)
{
- this.m_dhPeerCertificate = clientCertificate.GetCertificateAt(0).CheckUsageInRole(ConnectionEnd.client,
- TlsCertificateRole.DH);
+ this.m_dhPeerCertificate = clientCertificate.GetCertificateAt(0).CheckUsageInRole(TlsCertificateRole.DH);
}
public override void ProcessClientKeyExchange(Stream input)
diff --git a/crypto/src/tls/TlsECDHKeyExchange.cs b/crypto/src/tls/TlsECDHKeyExchange.cs
index 45e83f8ad..e7e2981d5 100644
--- a/crypto/src/tls/TlsECDHKeyExchange.cs
+++ b/crypto/src/tls/TlsECDHKeyExchange.cs
@@ -41,7 +41,7 @@ namespace Org.BouncyCastle.Tls
public override void ProcessServerCertificate(Certificate serverCertificate)
{
- this.m_ecdhPeerCertificate = serverCertificate.GetCertificateAt(0).CheckUsageInRole(ConnectionEnd.server,
+ this.m_ecdhPeerCertificate = serverCertificate.GetCertificateAt(0).CheckUsageInRole(
TlsCertificateRole.ECDH);
}
@@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Tls
public override void ProcessClientCertificate(Certificate clientCertificate)
{
- this.m_ecdhPeerCertificate = clientCertificate.GetCertificateAt(0).CheckUsageInRole(ConnectionEnd.client,
+ this.m_ecdhPeerCertificate = clientCertificate.GetCertificateAt(0).CheckUsageInRole(
TlsCertificateRole.ECDH);
}
diff --git a/crypto/src/tls/TlsPskKeyExchange.cs b/crypto/src/tls/TlsPskKeyExchange.cs
index 1055fdc53..8a279c62a 100644
--- a/crypto/src/tls/TlsPskKeyExchange.cs
+++ b/crypto/src/tls/TlsPskKeyExchange.cs
@@ -36,7 +36,7 @@ namespace Org.BouncyCastle.Tls
protected TlsAgreement m_agreement;
protected TlsCredentialedDecryptor m_serverCredentials = null;
- protected TlsCertificate m_serverCertificate;
+ protected TlsEncryptor m_serverEncryptor;
protected TlsSecret m_preMasterSecret;
public TlsPskKeyExchange(int keyExchange, TlsPskIdentity pskIdentity, TlsDHGroupVerifier dhGroupVerifier)
@@ -80,7 +80,7 @@ namespace Org.BouncyCastle.Tls
if (m_keyExchange != KeyExchangeAlgorithm.RSA_PSK)
throw new TlsFatalAlert(AlertDescription.unexpected_message);
- this.m_serverCertificate = serverCertificate.GetCertificateAt(0).CheckUsageInRole(ConnectionEnd.server,
+ this.m_serverEncryptor = serverCertificate.GetCertificateAt(0).CreateEncryptor(
TlsCertificateRole.RsaEncryption);
}
@@ -207,8 +207,8 @@ namespace Org.BouncyCastle.Tls
}
else if (this.m_keyExchange == KeyExchangeAlgorithm.RSA_PSK)
{
- this.m_preMasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(m_context,
- m_serverCertificate, output);
+ this.m_preMasterSecret = TlsUtilities.GenerateEncryptedPreMasterSecret(m_context, m_serverEncryptor,
+ output);
}
}
diff --git a/crypto/src/tls/TlsRsaKeyExchange.cs b/crypto/src/tls/TlsRsaKeyExchange.cs
index 5184ca8fa..a2f5559d1 100644
--- a/crypto/src/tls/TlsRsaKeyExchange.cs
+++ b/crypto/src/tls/TlsRsaKeyExchange.cs
@@ -21,7 +21,7 @@ namespace Org.BouncyCastle.Tls
}
protected TlsCredentialedDecryptor m_serverCredentials = null;
- protected TlsCertificate m_serverCertificate;
+ protected TlsEncryptor m_serverEncryptor;
protected TlsSecret m_preMasterSecret;
public TlsRsaKeyExchange(int keyExchange)
@@ -41,7 +41,7 @@ namespace Org.BouncyCastle.Tls
public override void ProcessServerCertificate(Certificate serverCertificate)
{
- this.m_serverCertificate = serverCertificate.GetCertificateAt(0).CheckUsageInRole(ConnectionEnd.server,
+ this.m_serverEncryptor = serverCertificate.GetCertificateAt(0).CreateEncryptor(
TlsCertificateRole.RsaEncryption);
}
@@ -58,7 +58,7 @@ namespace Org.BouncyCastle.Tls
public override void GenerateClientKeyExchange(Stream output)
{
- this.m_preMasterSecret = TlsRsaUtilities.GenerateEncryptedPreMasterSecret(m_context, m_serverCertificate,
+ this.m_preMasterSecret = TlsUtilities.GenerateEncryptedPreMasterSecret(m_context, m_serverEncryptor,
output);
}
diff --git a/crypto/src/tls/TlsRsaUtilities.cs b/crypto/src/tls/TlsRsaUtilities.cs
deleted file mode 100644
index 065279528..000000000
--- a/crypto/src/tls/TlsRsaUtilities.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-using System;
-using System.IO;
-
-using Org.BouncyCastle.Tls.Crypto;
-
-namespace Org.BouncyCastle.Tls
-{
- /// <summary>RSA utility methods.</summary>
- public abstract class TlsRsaUtilities
- {
- /// <summary>Generate a pre_master_secret and send it encrypted to the server.</summary>
- /// <exception cref="IOException"/>
- public static TlsSecret GenerateEncryptedPreMasterSecret(TlsContext context, TlsCertificate certificate,
- Stream output)
- {
- TlsSecret preMasterSecret = context.Crypto.GenerateRsaPreMasterSecret(context.RsaPreMasterSecretVersion);
-
- TlsEncryptor encryptor = certificate.CreateEncryptor(TlsCertificateRole.RsaEncryption);
-
- byte[] encryptedPreMasterSecret = preMasterSecret.Encrypt(encryptor);
- TlsUtilities.WriteEncryptedPms(context, encryptedPreMasterSecret, output);
-
- return preMasterSecret;
- }
- }
-}
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index 98d834b6d..4cec13bae 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -5327,6 +5327,18 @@ namespace Org.BouncyCastle.Tls
}
}
+ /// <summary>Generate a pre_master_secret and send it encrypted to the server.</summary>
+ /// <exception cref="IOException"/>
+ public static TlsSecret GenerateEncryptedPreMasterSecret(TlsContext context, TlsEncryptor encryptor,
+ Stream output)
+ {
+ ProtocolVersion version = context.RsaPreMasterSecretVersion;
+ TlsSecret preMasterSecret = context.Crypto.GenerateRsaPreMasterSecret(version);
+ byte[] encryptedPreMasterSecret = preMasterSecret.Encrypt(encryptor);
+ WriteEncryptedPms(context, encryptedPreMasterSecret, output);
+ return preMasterSecret;
+ }
+
#if !PORTABLE || DOTNET
public static bool IsTimeout(SocketException e)
{
diff --git a/crypto/src/tls/crypto/TlsCertificate.cs b/crypto/src/tls/crypto/TlsCertificate.cs
index b9efe37b3..fe507a662 100644
--- a/crypto/src/tls/crypto/TlsCertificate.cs
+++ b/crypto/src/tls/crypto/TlsCertificate.cs
@@ -50,9 +50,8 @@ namespace Org.BouncyCastle.Tls.Crypto
/// <exception cref="IOException"/>
bool SupportsSignatureAlgorithmCA(short signatureAlgorithm);
- /// <param name="connectionEnd"><see cref="ConnectionEnd"/></param>
/// <param name="tlsCertificateRole"><see cref="TlsCertificateRole"/></param>
/// <exception cref="IOException"/>
- TlsCertificate CheckUsageInRole(int connectionEnd, int tlsCertificateRole);
+ TlsCertificate CheckUsageInRole(int tlsCertificateRole);
}
}
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs
index 2f331a166..9d4157050 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs
@@ -342,7 +342,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
}
/// <exception cref="IOException"/>
- public virtual TlsCertificate CheckUsageInRole(int connectionEnd, int tlsCertificateRole)
+ public virtual TlsCertificate CheckUsageInRole(int tlsCertificateRole)
{
switch (tlsCertificateRole)
{
@@ -360,25 +360,6 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
}
}
- if (connectionEnd == ConnectionEnd.server)
- {
- switch (tlsCertificateRole)
- {
- case TlsCertificateRole.RsaEncryption:
- {
- ValidateKeyUsage(KeyUsage.KeyEncipherment);
- this.m_pubKeyRsa = GetPubKeyRsa();
- return this;
- }
- case TlsCertificateRole.Sm2Encryption:
- {
- ValidateKeyUsage(KeyUsage.KeyEncipherment);
- this.m_pubKeyEC = GetPubKeyEC();
- return this;
- }
- }
- }
-
throw new TlsFatalAlert(AlertDescription.certificate_unknown);
}
|
