RFC 9146: connection_id extension negotiation

author: Peter Dettman <peter.dettman@bouncycastle.org> 2023-03-16 13:11:30 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2023-04-13 17:16:19 +0700
commit: 931368e3fbf4611ed717f7cfe47bc884c4409876 (patch)
tree: 63ef941b75667dbea1f74b32321fe06ffa29191c /crypto/src/tls/DtlsServerProtocol.cs
parent: RFC 9146: Add registry entries (diff)
download: BouncyCastle.NET-ed25519-931368e3fbf4611ed717f7cfe47bc884c4409876.tar.xz
1 files changed, 18 insertions, 0 deletions
diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs
index 3bf92395b..cf16bc302 100644
--- a/crypto/src/tls/DtlsServerProtocol.cs
+++ b/crypto/src/tls/DtlsServerProtocol.cs
@@ -549,6 +549,24 @@ namespace Org.BouncyCastle.Tls
                 state.serverExtensions);
             securityParameters.m_applicationProtocolSet = true;
 
+            // Connection ID
+            if (ProtocolVersion.DTLSv12.Equals(securityParameters.NegotiatedVersion))
+            {
+                /*
+                 * RFC 9146 3. When a DTLS session is resumed or renegotiated, the "connection_id" extension is
+                 * negotiated afresh.
+                 */
+                var serverConnectionID = TlsExtensionsUtilities.GetConnectionIDExtension(state.serverExtensions);
+                if (serverConnectionID != null)
+                {
+                    var clientConnectionID = TlsExtensionsUtilities.GetConnectionIDExtension(state.clientExtensions)
+                        ?? throw new TlsFatalAlert(AlertDescription.internal_error);
+
+                    securityParameters.m_connectionIDLocal = clientConnectionID;
+                    securityParameters.m_connectionIDPeer = serverConnectionID;
+                }
+            }
+
             /*
              * TODO RFC 3546 2.3 If [...] the older session is resumed, then the server MUST ignore
              * extensions appearing in the client hello, and send a server hello containing no
author	Peter Dettman <peter.dettman@bouncycastle.org>	2023-03-16 13:11:30 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2023-04-13 17:16:19 +0700
commit	931368e3fbf4611ed717f7cfe47bc884c4409876 (patch)
tree	63ef941b75667dbea1f74b32321fe06ffa29191c /crypto/src/tls/DtlsServerProtocol.cs
parent	RFC 9146: Add registry entries (diff)
download	BouncyCastle.NET-ed25519-931368e3fbf4611ed717f7cfe47bc884c4409876.tar.xz