diff --git a/crypto/src/tls/AbstractTlsContext.cs b/crypto/src/tls/AbstractTlsContext.cs
index e8071bfab..c70312721 100644
--- a/crypto/src/tls/AbstractTlsContext.cs
+++ b/crypto/src/tls/AbstractTlsContext.cs
@@ -208,7 +208,7 @@ namespace Org.BouncyCastle.Tls
SecurityParameters sp = SecurityParameters;
return ExportKeyingMaterial13(CheckEarlyExportSecret(sp.EarlyExporterMasterSecret),
- sp.PrfHashAlgorithm, asciiLabel, context, length);
+ sp.PrfCryptoHashAlgorithm, asciiLabel, context, length);
}
public virtual byte[] ExportKeyingMaterial(string asciiLabel, byte[] context, int length)
@@ -235,7 +235,7 @@ namespace Org.BouncyCastle.Tls
if (TlsUtilities.IsTlsV13(sp.NegotiatedVersion))
{
- return ExportKeyingMaterial13(CheckExportSecret(sp.ExporterMasterSecret), sp.PrfHashAlgorithm,
+ return ExportKeyingMaterial13(CheckExportSecret(sp.ExporterMasterSecret), sp.PrfCryptoHashAlgorithm,
asciiLabel, context, length);
}
@@ -244,7 +244,7 @@ namespace Org.BouncyCastle.Tls
return TlsUtilities.Prf(sp, CheckExportSecret(sp.MasterSecret), asciiLabel, seed, length).Extract();
}
- protected virtual byte[] ExportKeyingMaterial13(TlsSecret secret, short hashAlgorithm, string asciiLabel,
+ protected virtual byte[] ExportKeyingMaterial13(TlsSecret secret, int cryptoHashAlgorithm, string asciiLabel,
byte[] context, int length)
{
if (null == context)
@@ -256,7 +256,8 @@ namespace Org.BouncyCastle.Tls
throw new ArgumentException("must have length less than 2^16 (or be null)", "context");
}
- return TlsCryptoUtilities.HkdfExpandLabel(secret, hashAlgorithm, asciiLabel, context, length).Extract();
+ return TlsCryptoUtilities.HkdfExpandLabel(secret, cryptoHashAlgorithm, asciiLabel, context, length)
+ .Extract();
}
protected virtual TlsSecret CheckEarlyExportSecret(TlsSecret secret)
diff --git a/crypto/src/tls/DeferredHash.cs b/crypto/src/tls/DeferredHash.cs
index 43d60d07c..0532d523c 100644
--- a/crypto/src/tls/DeferredHash.cs
+++ b/crypto/src/tls/DeferredHash.cs
@@ -73,7 +73,7 @@ namespace Org.BouncyCastle.Tls
}
default:
{
- CheckTrackingHash(securityParameters.PrfHashAlgorithm);
+ CheckTrackingHash(securityParameters.PrfCryptoHashAlgorithm);
if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion))
{
SealHashAlgorithms();
@@ -116,7 +116,7 @@ namespace Org.BouncyCastle.Tls
}
default:
{
- CloneHash(newHashes, securityParameters.PrfHashAlgorithm);
+ CloneHash(newHashes, securityParameters.PrfCryptoHashAlgorithm);
break;
}
}
@@ -140,7 +140,7 @@ namespace Org.BouncyCastle.Tls
}
default:
{
- prfHash = CloneHash(securityParameters.PrfHashAlgorithm);
+ prfHash = CloneHash(securityParameters.PrfCryptoHashAlgorithm);
break;
}
}
diff --git a/crypto/src/tls/SecurityParameters.cs b/crypto/src/tls/SecurityParameters.cs
index f4aa1ac5a..a04c0af8c 100644
--- a/crypto/src/tls/SecurityParameters.cs
+++ b/crypto/src/tls/SecurityParameters.cs
@@ -12,6 +12,7 @@ namespace Org.BouncyCastle.Tls
internal int m_cipherSuite = Tls.CipherSuite.TLS_NULL_WITH_NULL_NULL;
internal short m_maxFragmentLength = -1;
internal int m_prfAlgorithm = -1;
+ internal int m_prfCryptoHashAlgorithm = -1;
internal short m_prfHashAlgorithm = -1;
internal int m_prfHashLength = -1;
internal int m_verifyDataLength = -1;
@@ -238,6 +239,11 @@ namespace Org.BouncyCastle.Tls
get { return m_prfAlgorithm; }
}
+ public int PrfCryptoHashAlgorithm
+ {
+ get { return m_prfCryptoHashAlgorithm; }
+ }
+
public short PrfHashAlgorithm
{
get { return m_prfHashAlgorithm; }
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index adead624b..9a8665cf5 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -1462,7 +1462,7 @@ namespace Org.BouncyCastle.Tls
private static byte[] CalculateFinishedHmac(SecurityParameters securityParameters, TlsSecret baseKey,
byte[] transcriptHash)
{
- int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm);
+ int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm;
TlsSecret finishedKey = TlsCryptoUtilities.HkdfExpandLabel(baseKey, cryptoHashAlgorithm, "finished",
EmptyBytes, securityParameters.PrfHashLength);
@@ -1501,20 +1501,20 @@ namespace Org.BouncyCastle.Tls
{
TlsCrypto crypto = context.Crypto;
SecurityParameters securityParameters = context.SecurityParameters;
- int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm);
+ int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm;
string label = isExternalPsk ? "ext binder" : "res binder";
byte[] emptyTranscriptHash = crypto.CreateHash(cryptoHashAlgorithm).CalculateHash();
- TlsSecret baseKey = DeriveSecret(securityParameters, earlySecret, label, emptyTranscriptHash);
+ TlsSecret binderKey = DeriveSecret(securityParameters, earlySecret, label, emptyTranscriptHash);
try
{
- return CalculateFinishedHmac(securityParameters, baseKey, transcriptHash);
+ return CalculateFinishedHmac(securityParameters, binderKey, transcriptHash);
}
finally
{
- baseKey.Destroy();
+ binderKey.Destroy();
}
}
@@ -1551,7 +1551,7 @@ namespace Org.BouncyCastle.Tls
{
TlsCrypto crypto = context.Crypto;
SecurityParameters securityParameters = context.SecurityParameters;
- int cryptoHashAlgorithm = TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm);
+ int cryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm;
TlsSecret zeros = crypto.HkdfInit(cryptoHashAlgorithm);
byte[] emptyTranscriptHash = crypto.CreateHash(cryptoHashAlgorithm).CalculateHash();
@@ -1686,7 +1686,7 @@ namespace Org.BouncyCastle.Tls
private static TlsSecret Update13TrafficSecret(SecurityParameters securityParameters, TlsSecret secret)
{
- return TlsCryptoUtilities.HkdfExpandLabel(secret, securityParameters.PrfHashAlgorithm, "traffic upd",
+ return TlsCryptoUtilities.HkdfExpandLabel(secret, securityParameters.PrfCryptoHashAlgorithm, "traffic upd",
EmptyBytes, securityParameters.PrfHashLength);
}
@@ -5106,6 +5106,7 @@ namespace Org.BouncyCastle.Tls
case PrfAlgorithm.ssl_prf_legacy:
case PrfAlgorithm.tls_prf_legacy:
{
+ securityParameters.m_prfCryptoHashAlgorithm = -1;
securityParameters.m_prfHashAlgorithm = -1;
securityParameters.m_prfHashLength = -1;
break;
@@ -5113,7 +5114,9 @@ namespace Org.BouncyCastle.Tls
default:
{
short prfHashAlgorithm = GetHashAlgorithmForPrfAlgorithm(prfAlgorithm);
+ int prfCryptoHashAlgorithm = TlsCryptoUtilities.GetHash(prfHashAlgorithm);
+ securityParameters.m_prfCryptoHashAlgorithm = prfCryptoHashAlgorithm;
securityParameters.m_prfHashAlgorithm = prfHashAlgorithm;
securityParameters.m_prfHashLength = HashAlgorithm.GetOutputSize(prfHashAlgorithm);
break;
@@ -5206,13 +5209,14 @@ namespace Org.BouncyCastle.Tls
internal static TlsSecret DeriveSecret(SecurityParameters securityParameters, TlsSecret secret, string label,
byte[] transcriptHash)
{
- short prfHashAlgorithm = securityParameters.PrfHashAlgorithm;
+ int prfCryptoHashAlgorithm = securityParameters.PrfCryptoHashAlgorithm;
int prfHashLength = securityParameters.PrfHashLength;
if (transcriptHash.Length != prfHashLength)
throw new TlsFatalAlert(AlertDescription.internal_error);
- return TlsCryptoUtilities.HkdfExpandLabel(secret, prfHashAlgorithm, label, transcriptHash, prfHashLength);
+ return TlsCryptoUtilities.HkdfExpandLabel(secret, prfCryptoHashAlgorithm, label, transcriptHash,
+ prfHashLength);
}
internal static TlsSecret GetSessionMasterSecret(TlsCrypto crypto, TlsSecret masterSecret)
diff --git a/crypto/src/tls/crypto/TlsCryptoUtilities.cs b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
index adea49017..a22049e5d 100644
--- a/crypto/src/tls/crypto/TlsCryptoUtilities.cs
+++ b/crypto/src/tls/crypto/TlsCryptoUtilities.cs
@@ -127,15 +127,6 @@ namespace Org.BouncyCastle.Tls.Crypto
}
/// <exception cref="IOException"/>
- public static TlsSecret HkdfExpandLabel(TlsSecret secret, short hashAlgorithm, string label, byte[] context,
- int length)
- {
- int cryptoHashAlgorithm = GetHash(hashAlgorithm);
-
- return HkdfExpandLabel(secret, cryptoHashAlgorithm, label, context, length);
- }
-
- /// <exception cref="IOException"/>
public static TlsSecret HkdfExpandLabel(TlsSecret secret, int cryptoHashAlgorithm, string label,
byte[] context, int length)
{
diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
index 80851e440..ec76e98c1 100644
--- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
@@ -339,7 +339,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
if (null == secret)
throw new TlsFatalAlert(AlertDescription.internal_error);
- Setup13Cipher(cipher, nonce, secret, TlsCryptoUtilities.GetHash(securityParameters.PrfHashAlgorithm));
+ Setup13Cipher(cipher, nonce, secret, securityParameters.PrfCryptoHashAlgorithm);
}
protected virtual void Setup13Cipher(TlsAeadCipherImpl cipher, byte[] nonce, TlsSecret secret,
|
