summary refs log tree commit diff
path: root/crypto/src/tls/DtlsProtocol.cs
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2021-07-12 15:15:36 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2021-07-12 15:15:36 +0700
commit68c795fe81277f73aeb90d8ad4c6f4305f32c906 (patch)
tree59643344aafef91bbd4c4a3a7973deba3d837a00 /crypto/src/tls/DtlsProtocol.cs
parentTLS test tweaks (diff)
downloadBouncyCastle.NET-ed25519-68c795fe81277f73aeb90d8ad4c6f4305f32c906.tar.xz
Port of new TLS API from bc-java
Diffstat (limited to 'crypto/src/tls/DtlsProtocol.cs')
-rw-r--r--crypto/src/tls/DtlsProtocol.cs107
1 files changed, 107 insertions, 0 deletions
diff --git a/crypto/src/tls/DtlsProtocol.cs b/crypto/src/tls/DtlsProtocol.cs
new file mode 100644
index 000000000..f0f42f968
--- /dev/null
+++ b/crypto/src/tls/DtlsProtocol.cs
@@ -0,0 +1,107 @@
+using System;
+using System.Collections;
+using System.IO;
+
+using Org.BouncyCastle.Utilities;
+
+namespace Org.BouncyCastle.Tls
+{
+    public abstract class DtlsProtocol
+    {
+        internal DtlsProtocol()
+        {
+        }
+
+        /// <exception cref="IOException"/>
+        internal virtual void ProcessFinished(byte[] body, byte[] expected_verify_data)
+        {
+            MemoryStream buf = new MemoryStream(body, false);
+
+            byte[] verify_data = TlsUtilities.ReadFully(expected_verify_data.Length, buf);
+
+            TlsProtocol.AssertEmpty(buf);
+
+            if (!Arrays.ConstantTimeAreEqual(expected_verify_data, verify_data))
+                throw new TlsFatalAlert(AlertDescription.handshake_failure);
+        }
+
+        /// <exception cref="IOException"/>
+        internal static void ApplyMaxFragmentLengthExtension(DtlsRecordLayer recordLayer, short maxFragmentLength)
+        {
+            if (maxFragmentLength >= 0)
+            {
+                if (!MaxFragmentLength.IsValid(maxFragmentLength))
+                    throw new TlsFatalAlert(AlertDescription.internal_error); 
+
+                int plainTextLimit = 1 << (8 + maxFragmentLength);
+                recordLayer.SetPlaintextLimit(plainTextLimit);
+            }
+        }
+
+        /// <exception cref="IOException"/>
+        internal static short EvaluateMaxFragmentLengthExtension(bool resumedSession, IDictionary clientExtensions,
+            IDictionary serverExtensions, short alertDescription)
+        {
+            short maxFragmentLength = TlsExtensionsUtilities.GetMaxFragmentLengthExtension(serverExtensions);
+            if (maxFragmentLength >= 0)
+            {
+                if (!MaxFragmentLength.IsValid(maxFragmentLength)
+                    || (!resumedSession && maxFragmentLength != TlsExtensionsUtilities
+                        .GetMaxFragmentLengthExtension(clientExtensions)))
+                {
+                    throw new TlsFatalAlert(alertDescription);
+                }
+            }
+            return maxFragmentLength;
+        }
+
+        /// <exception cref="IOException"/>
+        internal static byte[] GenerateCertificate(TlsContext context, Certificate certificate, Stream endPointHash)
+        {
+            MemoryStream buf = new MemoryStream();
+            certificate.Encode(context, buf, endPointHash);
+            return buf.ToArray();
+        }
+
+        /// <exception cref="IOException"/>
+        internal static byte[] GenerateSupplementalData(IList supplementalData)
+        {
+            MemoryStream buf = new MemoryStream();
+            TlsProtocol.WriteSupplementalData(buf, supplementalData);
+            return buf.ToArray();
+        }
+
+        /// <exception cref="IOException"/>
+        internal static void SendCertificateMessage(TlsContext context, DtlsReliableHandshake handshake,
+            Certificate certificate, Stream endPointHash)
+        {
+            SecurityParameters securityParameters = context.SecurityParameters;
+            if (null != securityParameters.LocalCertificate)
+                throw new TlsFatalAlert(AlertDescription.internal_error);
+
+            if (null == certificate)
+            {
+                certificate = Certificate.EmptyChain;
+            }
+
+            byte[] certificateBody = GenerateCertificate(context, certificate, endPointHash);
+            handshake.SendMessage(HandshakeType.certificate, certificateBody);
+
+            securityParameters.m_localCertificate = certificate;
+        }
+
+        /// <exception cref="IOException"/>
+        internal static int ValidateSelectedCipherSuite(int selectedCipherSuite, short alertDescription)
+        {
+            switch (TlsUtilities.GetEncryptionAlgorithm(selectedCipherSuite))
+            {
+            case EncryptionAlgorithm.RC4_40:
+            case EncryptionAlgorithm.RC4_128:
+            case -1:
+                throw new TlsFatalAlert(alertDescription);
+            default:
+                return selectedCipherSuite;
+            }
+        }
+    }
+}