diff options
| author | Patrick Krämer <pkr@indeca.de> | 2023-03-30 12:14:06 +0200 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-04-15 17:03:06 +0700 |
| commit | e969275d738e66adb23244ff239ea4942e153202 (patch) | |
| tree | 80cfd43624ee496504d9d2d852d68fa8720c41d6 | |
| parent | Refactor GCM code (diff) | |
| download | BouncyCastle.NET-ed25519-e969275d738e66adb23244ff239ea4942e153202.tar.xz | |
make initial DTLS handshake resend time configurable
| -rw-r--r-- | crypto/src/tls/AbstractTlsPeer.cs | 5 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsClientProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsRecordLayer.cs | 4 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsReliableHandshake.cs | 9 | ||||
| -rw-r--r-- | crypto/src/tls/DtlsServerProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/TlsPeer.cs | 7 |
6 files changed, 21 insertions, 8 deletions
diff --git a/crypto/src/tls/AbstractTlsPeer.cs b/crypto/src/tls/AbstractTlsPeer.cs index 6d7c88f1b..82f8dd1e5 100644 --- a/crypto/src/tls/AbstractTlsPeer.cs +++ b/crypto/src/tls/AbstractTlsPeer.cs @@ -65,6 +65,11 @@ namespace Org.BouncyCastle.Tls return 0; } + public virtual int GetHandshakeResendTimeMillis() + { + return 1000; + } + public virtual bool AllowLegacyResumption() { return false; diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs index 88a077168..4a96eed23 100644 --- a/crypto/src/tls/DtlsClientProtocol.cs +++ b/crypto/src/tls/DtlsClientProtocol.cs @@ -100,7 +100,7 @@ namespace Org.BouncyCastle.Tls SecurityParameters securityParameters = state.clientContext.SecurityParameters; DtlsReliableHandshake handshake = new DtlsReliableHandshake(state.clientContext, recordLayer, - state.client.GetHandshakeTimeoutMillis(), null); + state.client.GetHandshakeTimeoutMillis(), state.client.GetHandshakeResendTimeMillis(), null); byte[] clientHelloBody = GenerateClientHello(state); diff --git a/crypto/src/tls/DtlsRecordLayer.cs b/crypto/src/tls/DtlsRecordLayer.cs index a61688cb0..ab35c49b1 100644 --- a/crypto/src/tls/DtlsRecordLayer.cs +++ b/crypto/src/tls/DtlsRecordLayer.cs @@ -306,7 +306,7 @@ namespace Org.BouncyCastle.Tls HeartbeatMessageType.heartbeat_request, m_heartbeat.GeneratePayload()); this.m_heartbeatTimeout = new Timeout(m_heartbeat.TimeoutMillis, currentTimeMillis); - this.m_heartbeatResendMillis = DtlsReliableHandshake.INITIAL_RESEND_MILLIS; + this.m_heartbeatResendMillis = m_peer.GetHandshakeResendTimeMillis(); this.m_heartbeatResendTimeout = new Timeout(m_heartbeatResendMillis, currentTimeMillis); SendHeartbeatMessage(m_heartbeatInFlight); @@ -405,7 +405,7 @@ namespace Org.BouncyCastle.Tls HeartbeatMessageType.heartbeat_request, m_heartbeat.GeneratePayload()); this.m_heartbeatTimeout = new Timeout(m_heartbeat.TimeoutMillis, currentTimeMillis); - this.m_heartbeatResendMillis = DtlsReliableHandshake.INITIAL_RESEND_MILLIS; + this.m_heartbeatResendMillis = m_peer.GetHandshakeResendTimeMillis(); this.m_heartbeatResendTimeout = new Timeout(m_heartbeatResendMillis, currentTimeMillis); SendHeartbeatMessage(m_heartbeatInFlight); diff --git a/crypto/src/tls/DtlsReliableHandshake.cs b/crypto/src/tls/DtlsReliableHandshake.cs index 8d6eb7b84..90fa17580 100644 --- a/crypto/src/tls/DtlsReliableHandshake.cs +++ b/crypto/src/tls/DtlsReliableHandshake.cs @@ -11,7 +11,6 @@ namespace Org.BouncyCastle.Tls private const int MAX_RECEIVE_AHEAD = 16; private const int MESSAGE_HEADER_LENGTH = 12; - internal const int INITIAL_RESEND_MILLIS = 1000; private const int MAX_RESEND_MILLIS = 60000; /// <exception cref="IOException"/> @@ -85,21 +84,23 @@ namespace Org.BouncyCastle.Tls private IDictionary<int, DtlsReassembler> m_previousInboundFlight = null; private IList<Message> m_outboundFlight = new List<Message>(); + private readonly int m_initialResendMillis; private int m_resendMillis = -1; private Timeout m_resendTimeout = null; private int m_next_send_seq = 0, m_next_receive_seq = 0; - internal DtlsReliableHandshake(TlsContext context, DtlsRecordLayer transport, int timeoutMillis, + internal DtlsReliableHandshake(TlsContext context, DtlsRecordLayer transport, int timeoutMillis, int initialResendMillis, DtlsRequest request) { this.m_recordLayer = transport; this.m_handshakeHash = new DeferredHash(context); this.m_handshakeTimeout = Timeout.ForWaitMillis(timeoutMillis); + m_initialResendMillis = initialResendMillis; if (null != request) { - this.m_resendMillis = INITIAL_RESEND_MILLIS; + this.m_resendMillis = m_initialResendMillis; this.m_resendTimeout = new Timeout(m_resendMillis); long recordSeq = request.RecordSeq; @@ -298,7 +299,7 @@ namespace Org.BouncyCastle.Tls if (null == m_resendTimeout) { - m_resendMillis = INITIAL_RESEND_MILLIS; + m_resendMillis = m_initialResendMillis; m_resendTimeout = new Timeout(m_resendMillis, currentTimeMillis); PrepareInboundFlight(new Dictionary<int, DtlsReassembler>()); diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs index f2eaf31f8..974eed2de 100644 --- a/crypto/src/tls/DtlsServerProtocol.cs +++ b/crypto/src/tls/DtlsServerProtocol.cs @@ -89,7 +89,7 @@ namespace Org.BouncyCastle.Tls SecurityParameters securityParameters = state.serverContext.SecurityParameters; DtlsReliableHandshake handshake = new DtlsReliableHandshake(state.serverContext, recordLayer, - state.server.GetHandshakeTimeoutMillis(), request); + state.server.GetHandshakeTimeoutMillis(), state.server.GetHandshakeResendTimeMillis(), request); DtlsReliableHandshake.Message clientMessage = null; diff --git a/crypto/src/tls/TlsPeer.cs b/crypto/src/tls/TlsPeer.cs index 04d66d38f..f5266f0c9 100644 --- a/crypto/src/tls/TlsPeer.cs +++ b/crypto/src/tls/TlsPeer.cs @@ -31,6 +31,13 @@ namespace Org.BouncyCastle.Tls /// <returns>the handshake timeout, in milliseconds.</returns> int GetHandshakeTimeoutMillis(); + /// <summary>Specify the time, in milliseconds, after which a handshake packet is resent.</summary> + /// <remarks> + /// NOTE: Currently only respected by DTLS protocols. + /// </remarks> + /// <returns>the handshake resend time, in milliseconds.</returns> + int GetHandshakeResendTimeMillis(); + bool AllowLegacyResumption(); int GetMaxCertificateChainLength(); |