summary refs log tree commit diff
path: root/crypto/src/tls/AbstractTlsServer.cs
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-03-16 13:11:30 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-04-13 17:16:19 +0700
commit931368e3fbf4611ed717f7cfe47bc884c4409876 (patch)
tree63ef941b75667dbea1f74b32321fe06ffa29191c /crypto/src/tls/AbstractTlsServer.cs
parentRFC 9146: Add registry entries (diff)
downloadBouncyCastle.NET-ed25519-931368e3fbf4611ed717f7cfe47bc884c4409876.tar.xz
RFC 9146: connection_id extension negotiation
Diffstat (limited to 'crypto/src/tls/AbstractTlsServer.cs')
-rw-r--r--crypto/src/tls/AbstractTlsServer.cs26


1 files changed, 26 insertions, 0 deletions
diff --git a/crypto/src/tls/AbstractTlsServer.cs b/crypto/src/tls/AbstractTlsServer.cs
index 3c62793b6..9f107d905 100644
--- a/crypto/src/tls/AbstractTlsServer.cs
+++ b/crypto/src/tls/AbstractTlsServer.cs
@@ -217,6 +217,16 @@ namespace Org.BouncyCastle.Tls
             return null;
         }
 
+        /// <summary>RFC 9146 DTLS connection ID.</summary>
+        /// <remarks>
+        /// This method will be called if a connection_id extension was sent by the client.
+        /// If the return value is non-null, the server will send this connection ID to the client to use in future packets.
+        /// As future communication doesn't include the connection IDs length, this should either be fixed-length
+        /// or include the connection ID's length. (see explanation in RFC 9146 4. "cid:")
+        /// </remarks>
+        /// <returns>The connection ID to use.</returns>
+        protected virtual byte[] GetNewConnectionID() => null;
+
         public virtual void Init(TlsServerContext context)
         {
             this.m_context = context;
@@ -587,6 +597,22 @@ namespace Org.BouncyCastle.Tls
             {
                 TlsExtensionsUtilities.AddAlpnExtensionServer(serverExtensions, m_selectedProtocolName);
             }
+
+            if (ProtocolVersion.DTLSv12.Equals(m_context.ServerVersion))
+            {
+                /*
+                 * RFC 9146 3. When a DTLS session is resumed or renegotiated, the "connection_id" extension is
+                 * negotiated afresh.
+                 */
+                if (m_clientExtensions.ContainsKey(ExtensionType.connection_id))
+                {
+                    var serverConnectionID = GetNewConnectionID();
+                    if (serverConnectionID != null)
+                    {
+                        TlsExtensionsUtilities.AddConnectionIDExtension(m_serverExtensions, serverConnectionID);
+                    }
+                }
+            }
         }
 
         public virtual IList<SupplementalDataEntry> GetServerSupplementalData()

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 23:58:50 +0000