diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj
index 043cd2b27..5859a1bc8 100644
--- a/crypto/BouncyCastle.Android.csproj
+++ b/crypto/BouncyCastle.Android.csproj
@@ -1568,6 +1568,7 @@
<Compile Include="src\tls\AbstractTlsServer.cs" />
<Compile Include="src\tls\AlertDescription.cs" />
<Compile Include="src\tls\AlertLevel.cs" />
+ <Compile Include="src\tls\BasicTlsPskExternal.cs" />
<Compile Include="src\tls\BasicTlsPskIdentity.cs" />
<Compile Include="src\tls\BasicTlsSrpIdentity.cs" />
<Compile Include="src\tls\ByteQueue.cs" />
@@ -1799,6 +1800,8 @@
<Compile Include="src\tls\TlsObjectIdentifiers.cs" />
<Compile Include="src\tls\TlsPeer.cs" />
<Compile Include="src\tls\TlsProtocol.cs" />
+ <Compile Include="src\tls\TlsPsk.cs" />
+ <Compile Include="src\tls\TlsPskExternal.cs" />
<Compile Include="src\tls\TlsPskIdentity.cs" />
<Compile Include="src\tls\TlsPskIdentityManager.cs" />
<Compile Include="src\tls\TlsPskKeyExchange.cs" />
diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj
index 8f93f8013..3a3dadd21 100644
--- a/crypto/BouncyCastle.csproj
+++ b/crypto/BouncyCastle.csproj
@@ -1562,6 +1562,7 @@
<Compile Include="src\tls\AbstractTlsServer.cs" />
<Compile Include="src\tls\AlertDescription.cs" />
<Compile Include="src\tls\AlertLevel.cs" />
+ <Compile Include="src\tls\BasicTlsPskExternal.cs" />
<Compile Include="src\tls\BasicTlsPskIdentity.cs" />
<Compile Include="src\tls\BasicTlsSrpIdentity.cs" />
<Compile Include="src\tls\ByteQueue.cs" />
@@ -1793,6 +1794,8 @@
<Compile Include="src\tls\TlsObjectIdentifiers.cs" />
<Compile Include="src\tls\TlsPeer.cs" />
<Compile Include="src\tls\TlsProtocol.cs" />
+ <Compile Include="src\tls\TlsPsk.cs" />
+ <Compile Include="src\tls\TlsPskExternal.cs" />
<Compile Include="src\tls\TlsPskIdentity.cs" />
<Compile Include="src\tls\TlsPskIdentityManager.cs" />
<Compile Include="src\tls\TlsPskKeyExchange.cs" />
diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj
index 6417b95b0..d02d6b97b 100644
--- a/crypto/BouncyCastle.iOS.csproj
+++ b/crypto/BouncyCastle.iOS.csproj
@@ -1563,6 +1563,7 @@
<Compile Include="src\tls\AbstractTlsServer.cs" />
<Compile Include="src\tls\AlertDescription.cs" />
<Compile Include="src\tls\AlertLevel.cs" />
+ <Compile Include="src\tls\BasicTlsPskExternal.cs" />
<Compile Include="src\tls\BasicTlsPskIdentity.cs" />
<Compile Include="src\tls\BasicTlsSrpIdentity.cs" />
<Compile Include="src\tls\ByteQueue.cs" />
@@ -1794,6 +1795,8 @@
<Compile Include="src\tls\TlsObjectIdentifiers.cs" />
<Compile Include="src\tls\TlsPeer.cs" />
<Compile Include="src\tls\TlsProtocol.cs" />
+ <Compile Include="src\tls\TlsPsk.cs" />
+ <Compile Include="src\tls\TlsPskExternal.cs" />
<Compile Include="src\tls\TlsPskIdentity.cs" />
<Compile Include="src\tls\TlsPskIdentityManager.cs" />
<Compile Include="src\tls\TlsPskKeyExchange.cs" />
diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj
index 0e9884ab2..bb2eed13f 100644
--- a/crypto/crypto.csproj
+++ b/crypto/crypto.csproj
@@ -7699,6 +7699,11 @@
BuildAction = "Compile"
/>
<File
+ RelPath = "src\tls\BasicTlsPskExternal.cs"
+ SubType = "Code"
+ BuildAction = "Compile"
+ />
+ <File
RelPath = "src\tls\BasicTlsPskIdentity.cs"
SubType = "Code"
BuildAction = "Compile"
@@ -8854,6 +8859,16 @@
BuildAction = "Compile"
/>
<File
+ RelPath = "src\tls\TlsPsk.cs"
+ SubType = "Code"
+ BuildAction = "Compile"
+ />
+ <File
+ RelPath = "src\tls\TlsPskExternal.cs"
+ SubType = "Code"
+ BuildAction = "Compile"
+ />
+ <File
RelPath = "src\tls\TlsPskIdentity.cs"
SubType = "Code"
BuildAction = "Compile"
diff --git a/crypto/src/tls/AbstractTlsClient.cs b/crypto/src/tls/AbstractTlsClient.cs
index 0a9410cd9..8d9d9de3d 100644
--- a/crypto/src/tls/AbstractTlsClient.cs
+++ b/crypto/src/tls/AbstractTlsClient.cs
@@ -205,6 +205,11 @@ namespace Org.BouncyCastle.Tls
return null;
}
+ public virtual IList GetExternalPsks()
+ {
+ return null;
+ }
+
public virtual bool IsFallback()
{
/*
diff --git a/crypto/src/tls/AbstractTlsPeer.cs b/crypto/src/tls/AbstractTlsPeer.cs
index ad9d83e76..1d730c18e 100644
--- a/crypto/src/tls/AbstractTlsPeer.cs
+++ b/crypto/src/tls/AbstractTlsPeer.cs
@@ -81,6 +81,11 @@ namespace Org.BouncyCastle.Tls
return 32768;
}
+ public virtual short[] GetPskKeyExchangeModes()
+ {
+ return new short[]{ PskKeyExchangeMode.psk_dhe_ke, PskKeyExchangeMode.psk_ke };
+ }
+
public virtual bool RequiresCloseNotify()
{
return true;
diff --git a/crypto/src/tls/BasicTlsPskExternal.cs b/crypto/src/tls/BasicTlsPskExternal.cs
new file mode 100644
index 000000000..dd9b7b221
--- /dev/null
+++ b/crypto/src/tls/BasicTlsPskExternal.cs
@@ -0,0 +1,42 @@
+using System;
+
+using Org.BouncyCastle.Tls.Crypto;
+using Org.BouncyCastle.Utilities;
+
+namespace Org.BouncyCastle.Tls
+{
+ public class BasicTlsPskExternal
+ : TlsPskExternal
+ {
+ protected readonly byte[] m_identity;
+ protected readonly TlsSecret m_key;
+ protected readonly int m_prfAlgorithm;
+
+ public BasicTlsPskExternal(byte[] identity, TlsSecret key)
+ : this(identity, key, Tls.PrfAlgorithm.tls13_hkdf_sha256)
+ {
+ }
+
+ public BasicTlsPskExternal(byte[] identity, TlsSecret key, int prfAlgorithm)
+ {
+ this.m_identity = Arrays.Clone(identity);
+ this.m_key = key;
+ this.m_prfAlgorithm = prfAlgorithm;
+ }
+
+ public virtual byte[] Identity
+ {
+ get { return m_identity; }
+ }
+
+ public virtual TlsSecret Key
+ {
+ get { return m_key; }
+ }
+
+ public virtual int PrfAlgorithm
+ {
+ get { return m_prfAlgorithm; }
+ }
+ }
+}
diff --git a/crypto/src/tls/TlsClient.cs b/crypto/src/tls/TlsClient.cs
index 4d2e15437..a9356aa4b 100644
--- a/crypto/src/tls/TlsClient.cs
+++ b/crypto/src/tls/TlsClient.cs
@@ -18,6 +18,12 @@ namespace Org.BouncyCastle.Tls
/// <seealso cref="SessionParameters.PeerCertificate"/>
TlsSession GetSessionToResume();
+ /// <summary>Return the <see cref="TlsPskExternal">external PSKs</see> to offer in the ClientHello.</summary>
+ /// <remarks>This will only be called when TLS 1.3 or higher is amongst the offered protocol versions.</remarks>
+ /// <returns>an <see cref="IList"/> of <see cref="TlsPskExternal"/> instances, or null if none should be
+ /// offered.</returns>
+ IList GetExternalPsks();
+
bool IsFallback();
/// <returns>(Int32 -> byte[])</returns>
diff --git a/crypto/src/tls/TlsPeer.cs b/crypto/src/tls/TlsPeer.cs
index 29b4288e2..ef2837135 100644
--- a/crypto/src/tls/TlsPeer.cs
+++ b/crypto/src/tls/TlsPeer.cs
@@ -37,6 +37,8 @@ namespace Org.BouncyCastle.Tls
int GetMaxHandshakeMessageSize();
+ short[] GetPskKeyExchangeModes();
+
/// <remarks>
/// This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a
/// close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning
diff --git a/crypto/src/tls/TlsPsk.cs b/crypto/src/tls/TlsPsk.cs
new file mode 100644
index 000000000..c3aac3297
--- /dev/null
+++ b/crypto/src/tls/TlsPsk.cs
@@ -0,0 +1,15 @@
+using System;
+
+using Org.BouncyCastle.Tls.Crypto;
+
+namespace Org.BouncyCastle.Tls
+{
+ public interface TlsPsk
+ {
+ byte[] Identity { get; }
+
+ TlsSecret Key { get; }
+
+ int PrfAlgorithm { get; }
+ }
+}
diff --git a/crypto/src/tls/TlsPskExternal.cs b/crypto/src/tls/TlsPskExternal.cs
new file mode 100644
index 000000000..1e7b717e9
--- /dev/null
+++ b/crypto/src/tls/TlsPskExternal.cs
@@ -0,0 +1,9 @@
+using System;
+
+namespace Org.BouncyCastle.Tls
+{
+ public interface TlsPskExternal
+ : TlsPsk
+ {
+ }
+}
|
