DTLS: Use SecurityParameters.m_resumedSession for resumption tracking

author: Peter Dettman <peter.dettman@bouncycastle.org> 2023-07-06 15:42:14 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2023-07-06 15:42:14 +0700
commit: b68d839bdf21d0392125f52f0fc536e12132e345 (patch)
tree: e789d4ef4236bfceae272fe396c62afd369090f0
parent: Nerdbank.GitVersioning 3.6.133 (diff)
download: BouncyCastle.NET-ed25519-b68d839bdf21d0392125f52f0fc536e12132e345.tar.xz
2 files changed, 21 insertions, 21 deletions
diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs
index aab3853fb..b6876bdd1 100644
--- a/crypto/src/tls/DtlsClientProtocol.cs
+++ b/crypto/src/tls/DtlsClientProtocol.cs
@@ -141,7 +141,7 @@ namespace Org.BouncyCastle.Tls
 
             ApplyMaxFragmentLengthExtension(recordLayer, securityParameters.MaxFragmentLength);
 
-            if (state.resumedSession)
+            if (securityParameters.IsResumedSession)
             {
                 securityParameters.m_masterSecret = state.sessionMasterSecret;
                 recordLayer.InitPendingEpoch(TlsUtilities.InitCipher(state.clientContext));
@@ -670,7 +670,7 @@ namespace Org.BouncyCastle.Tls
                 byte[] selectedSessionID = serverHello.SessionID;
                 securityParameters.m_sessionID = selectedSessionID;
                 state.client.NotifySessionID(selectedSessionID);
-                state.resumedSession = selectedSessionID.Length > 0 && state.tlsSession != null
+                securityParameters.m_resumedSession = selectedSessionID.Length > 0 && state.tlsSession != null
                     && Arrays.AreEqual(selectedSessionID, state.tlsSession.SessionID);
             }
 
@@ -726,13 +726,13 @@ namespace Org.BouncyCastle.Tls
 
                 if (acceptedExtendedMasterSecret)
                 {
-                    if (!state.resumedSession && !state.client.ShouldUseExtendedMasterSecret())
+                    if (!securityParameters.IsResumedSession && !state.client.ShouldUseExtendedMasterSecret())
                         throw new TlsFatalAlert(AlertDescription.handshake_failure);
                 }
                 else
                 {
                     if (state.client.RequiresExtendedMasterSecret()
-                        || (state.resumedSession && !state.client.AllowLegacyResumption()))
+                        || (securityParameters.IsResumedSession && !state.client.AllowLegacyResumption()))
                     {
                         throw new TlsFatalAlert(AlertDescription.handshake_failure);
                     }
@@ -776,7 +776,7 @@ namespace Org.BouncyCastle.Tls
                      * extensions appearing in the client hello, and send a server hello containing no
                      * extensions[.]
                      */
-                    if (state.resumedSession)
+                    if (securityParameters.IsResumedSession)
                     {
                         // TODO[compat-gnutls] GnuTLS test server sends server extensions e.g. ec_point_formats
                         // TODO[compat-openssl] OpenSSL test server sends server extensions e.g. ec_point_formats
@@ -864,7 +864,7 @@ namespace Org.BouncyCastle.Tls
             var sessionClientExtensions = state.clientExtensions;
             var sessionServerExtensions = state.serverExtensions;
 
-            if (state.resumedSession)
+            if (securityParameters.IsResumedSession)
             {
                 if (securityParameters.CipherSuite != state.sessionParameters.CipherSuite
                     || !server_version.Equals(state.sessionParameters.NegotiatedVersion))
@@ -893,13 +893,14 @@ namespace Org.BouncyCastle.Tls
                     securityParameters.m_encryptThenMac = serverSentEncryptThenMac;
                 }
 
-                securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension(state.resumedSession,
-                    sessionClientExtensions, sessionServerExtensions, AlertDescription.illegal_parameter);
+                securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension(
+                    securityParameters.IsResumedSession, sessionClientExtensions, sessionServerExtensions,
+                    AlertDescription.illegal_parameter);
 
                 securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension(
                     sessionServerExtensions);
 
-                if (!state.resumedSession)
+                if (!securityParameters.IsResumedSession)
                 {
                     // TODO[tls13] See RFC 8446 4.4.2.1
                     if (TlsUtilities.HasExpectedEmptyExtensionData(sessionServerExtensions,
@@ -912,11 +913,10 @@ namespace Org.BouncyCastle.Tls
                     {
                         securityParameters.m_statusRequestVersion = 1;
                     }
-                }
 
-                state.expectSessionTicket = !state.resumedSession
-                    && TlsUtilities.HasExpectedEmptyExtensionData(sessionServerExtensions,
+                    state.expectSessionTicket = TlsUtilities.HasExpectedEmptyExtensionData(sessionServerExtensions,
                         ExtensionType.session_ticket, AlertDescription.illegal_parameter);
+                }
             }
 
             if (sessionClientExtensions != null)
@@ -995,7 +995,6 @@ namespace Org.BouncyCastle.Tls
             internal int[] offeredCipherSuites = null;
             internal IDictionary<int, byte[]> clientExtensions = null;
             internal IDictionary<int, byte[]> serverExtensions = null;
-            internal bool resumedSession = false;
             internal bool expectSessionTicket = false;
             internal IDictionary<int, TlsAgreement> clientAgreements = null;
             internal TlsKeyExchange keyExchange = null;
diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs
index a4f8f4bc5..82c6ff290 100644
--- a/crypto/src/tls/DtlsServerProtocol.cs
+++ b/crypto/src/tls/DtlsServerProtocol.cs
@@ -129,6 +129,7 @@ namespace Org.BouncyCastle.Tls
                 state.sessionMasterSecret = null;
             }
 
+            securityParameters.m_resumedSession = false;
             securityParameters.m_sessionID = state.tlsSession.SessionID;
 
             state.server.NotifySession(state.tlsSession);
@@ -447,6 +448,8 @@ namespace Org.BouncyCastle.Tls
                 }
             }
 
+            bool resumedSession = securityParameters.IsResumedSession;
+
             {
                 int cipherSuite = ValidateSelectedCipherSuite(state.server.GetSelectedCipherSuite(),
                     AlertDescription.internal_error);
@@ -526,7 +529,7 @@ namespace Org.BouncyCastle.Tls
                 {
                     throw new TlsFatalAlert(AlertDescription.handshake_failure);
                 }
-                else if (state.resumedSession && !state.server.AllowLegacyResumption())
+                else if (resumedSession && !state.server.AllowLegacyResumption())
                 {
                     throw new TlsFatalAlert(AlertDescription.internal_error);
                 }
@@ -578,7 +581,7 @@ namespace Org.BouncyCastle.Tls
                 securityParameters.m_encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension(
                     state.serverExtensions);
 
-                securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension(state.resumedSession,
+                securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension(resumedSession,
                     state.clientExtensions, state.serverExtensions, AlertDescription.internal_error);
 
                 securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension(state.serverExtensions);
@@ -587,7 +590,7 @@ namespace Org.BouncyCastle.Tls
                  * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in
                  * a session resumption handshake.
                  */
-                if (!state.resumedSession)
+                if (!resumedSession)
                 {
                     // TODO[tls13] See RFC 8446 4.4.2.1
                     if (TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions,
@@ -600,11 +603,10 @@ namespace Org.BouncyCastle.Tls
                     {
                         securityParameters.m_statusRequestVersion = 1;
                     }
-                }
 
-                state.expectSessionTicket = !state.resumedSession
-                    && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, ExtensionType.session_ticket,
-                        AlertDescription.internal_error);
+                    state.expectSessionTicket = TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions,
+                        ExtensionType.session_ticket, AlertDescription.internal_error);
+                }
             }
 
             ApplyMaxFragmentLengthExtension(recordLayer, securityParameters.MaxFragmentLength);
@@ -879,7 +881,6 @@ namespace Org.BouncyCastle.Tls
             internal IDictionary<int, byte[]> clientExtensions = null;
             internal IDictionary<int, byte[]> serverExtensions = null;
             internal bool offeredExtendedMasterSecret = false;
-            internal bool resumedSession = false;
             internal bool expectSessionTicket = false;
             internal TlsKeyExchange keyExchange = null;
             internal TlsCredentials serverCredentials = null;
author	Peter Dettman <peter.dettman@bouncycastle.org>	2023-07-06 15:42:14 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2023-07-06 15:42:14 +0700
commit	b68d839bdf21d0392125f52f0fc536e12132e345 (patch)
tree	e789d4ef4236bfceae272fe396c62afd369090f0
parent	Nerdbank.GitVersioning 3.6.133 (diff)
download	BouncyCastle.NET-ed25519-b68d839bdf21d0392125f52f0fc536e12132e345.tar.xz