Port of new TLS API from bc-java

1 files changed, 79 insertions, 0 deletions

diff --git a/crypto/src/tls/TlsContext.cs b/crypto/src/tls/TlsContext.cs
new file mode 100644
index 000000000..5a2802f56
--- /dev/null
+++ b/crypto/src/tls/TlsContext.cs
@@ -0,0 +1,79 @@
+using System;
+
+using Org.BouncyCastle.Tls.Crypto;
+
+namespace Org.BouncyCastle.Tls
+{
+    /// <summary>Base interface for a TLS context implementation.</summary>
+    public interface TlsContext
+    {
+        TlsCrypto Crypto { get; }
+
+        TlsNonceGenerator NonceGenerator { get; }
+
+        SecurityParameters SecurityParameters { get; }
+
+        /// <summary>Return true if this context is for a server, false otherwise.</summary>
+        /// <returns>true for a server based context, false for a client based one.</returns>
+        bool IsServer { get; }
+
+        ProtocolVersion[] ClientSupportedVersions { get; }
+
+        ProtocolVersion ClientVersion { get; }
+
+        ProtocolVersion RsaPreMasterSecretVersion { get; }
+
+        ProtocolVersion ServerVersion { get; }
+
+        /// <summary>Used to get the resumable session, if any, used by this connection.</summary>
+        /// <remarks>
+        /// Only available after the handshake has successfully completed.
+        /// </remarks>
+        /// <returns>A <see cref="TlsSession"/> representing the resumable session used by this connection, or null if
+        /// no resumable session available.</returns>
+        /// <seealso cref="TlsPeer.NotifyHandshakeComplete"/>
+        TlsSession ResumableSession { get; }
+
+        /// <summary>Used to get the session information for this connection.</summary>
+        /// <remarks>
+        /// Only available after the handshake has successfully completed. Use <see cref="TlsSession.IsResumable"/>
+        /// to find out if the session is resumable.
+        /// </remarks>
+        /// <returns>A <see cref="TlsSession"/> representing the session used by this connection.</returns>
+        /// <seealso cref="TlsPeer.NotifyHandshakeComplete"/>
+        TlsSession Session { get; }
+
+        object UserObject { get; set; }
+
+        /// <summary>Export the value of the specified channel binding.</summary>
+        /// <remarks>
+        /// Only available after the handshake has successfully completed.
+        /// </remarks>
+        /// <param name="channelBinding">A <see cref="ChannelBinding"/> constant specifying the channel binding to
+        /// export.</param>
+        /// <returns>A copy of the channel binding data as a <c>byte[]</c>, or null if the binding could not be
+        /// determined.</returns>
+        byte[] ExportChannelBinding(int channelBinding);
+
+        /// <summary>Export (early data) keying material according to RFC 5705: "Keying Material Exporters for TLS", as
+        /// updated for TLS 1.3 (RFC 8446).</summary>
+        /// <remarks>
+        /// NOTE: for use in settings where an exporter is needed for 0-RTT data.
+        /// </remarks>
+        /// <param name="asciiLabel">indicates which application will use the exported keys.</param>
+        /// <param name="context_value">allows the application using the exporter to mix its own data with the TLS PRF
+        /// for the exporter output.</param>
+        /// <param name="length">the number of bytes to generate.</param>
+        /// <returns>a pseudorandom bit string of 'length' bytes generated from the (exporter_)master_secret.</returns>
+        byte[] ExportEarlyKeyingMaterial(string asciiLabel, byte[] context_value, int length);
+
+        /// <summary>Export keying material according to RFC 5705: "Keying Material Exporters for TLS", as updated for
+        /// TLS 1.3 (RFC 8446) when negotiated.</summary>
+        /// <param name="asciiLabel">indicates which application will use the exported keys.</param>
+        /// <param name="context_value">allows the application using the exporter to mix its own data with the TLS PRF
+        /// for the exporter output.</param>
+        /// <param name="length">the number of bytes to generate.</param>
+        /// <returns>a pseudorandom bit string of 'length' bytes generated from the (exporter_)master_secret.</returns>
+        byte[] ExportKeyingMaterial(string asciiLabel, byte[] context_value, int length);
+    }
+}