summary refs log tree commit diff
path: root/crypto/src/tls
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2021-07-25 19:58:02 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2021-07-25 19:58:02 +0700
commitd8187def99004d5be735c9694c4f08f7e5fa0221 (patch)
treeec8b18e46f850f887fe2a646bad2b6a24d35b782 /crypto/src/tls
parentFix Truncate method (diff)
downloadBouncyCastle.NET-ed25519-d8187def99004d5be735c9694c4f08f7e5fa0221.tar.xz
TLS 1.3 client API for external PSKs
Diffstat (limited to 'crypto/src/tls')
-rw-r--r--crypto/src/tls/AbstractTlsClient.cs5


-rw-r--r--crypto/src/tls/AbstractTlsPeer.cs5


-rw-r--r--crypto/src/tls/BasicTlsPskExternal.cs42


-rw-r--r--crypto/src/tls/TlsClient.cs6


-rw-r--r--crypto/src/tls/TlsPeer.cs2


-rw-r--r--crypto/src/tls/TlsPsk.cs15


-rw-r--r--crypto/src/tls/TlsPskExternal.cs9


7 files changed, 84 insertions, 0 deletions
diff --git a/crypto/src/tls/AbstractTlsClient.cs b/crypto/src/tls/AbstractTlsClient.cs
index 0a9410cd9..8d9d9de3d 100644
--- a/crypto/src/tls/AbstractTlsClient.cs
+++ b/crypto/src/tls/AbstractTlsClient.cs
@@ -205,6 +205,11 @@ namespace Org.BouncyCastle.Tls
             return null;
         }
 
+        public virtual IList GetExternalPsks()
+        {
+            return null;
+        }
+
         public virtual bool IsFallback()
         {
             /*
diff --git a/crypto/src/tls/AbstractTlsPeer.cs b/crypto/src/tls/AbstractTlsPeer.cs
index ad9d83e76..1d730c18e 100644
--- a/crypto/src/tls/AbstractTlsPeer.cs
+++ b/crypto/src/tls/AbstractTlsPeer.cs
@@ -81,6 +81,11 @@ namespace Org.BouncyCastle.Tls
             return 32768;
         }
 
+        public virtual short[] GetPskKeyExchangeModes()
+        {
+            return new short[]{ PskKeyExchangeMode.psk_dhe_ke, PskKeyExchangeMode.psk_ke };
+        }
+
         public virtual bool RequiresCloseNotify()
         {
             return true;
diff --git a/crypto/src/tls/BasicTlsPskExternal.cs b/crypto/src/tls/BasicTlsPskExternal.cs
new file mode 100644
index 000000000..dd9b7b221
--- /dev/null
+++ b/crypto/src/tls/BasicTlsPskExternal.cs
@@ -0,0 +1,42 @@
+using System;
+
+using Org.BouncyCastle.Tls.Crypto;
+using Org.BouncyCastle.Utilities;
+
+namespace Org.BouncyCastle.Tls
+{
+    public class BasicTlsPskExternal
+        : TlsPskExternal
+    {
+        protected readonly byte[] m_identity;
+        protected readonly TlsSecret m_key;
+        protected readonly int m_prfAlgorithm; 
+
+        public BasicTlsPskExternal(byte[] identity, TlsSecret key)
+            : this(identity, key, Tls.PrfAlgorithm.tls13_hkdf_sha256)
+        {
+        }
+
+        public BasicTlsPskExternal(byte[] identity, TlsSecret key, int prfAlgorithm)
+        {
+            this.m_identity = Arrays.Clone(identity);
+            this.m_key = key;
+            this.m_prfAlgorithm = prfAlgorithm;
+        }
+
+        public virtual byte[] Identity
+        {
+            get { return m_identity; }
+        }
+
+        public virtual TlsSecret Key
+        {
+            get { return m_key; }
+        }
+
+        public virtual int PrfAlgorithm
+        {
+            get { return m_prfAlgorithm; }
+        }
+    }
+}
diff --git a/crypto/src/tls/TlsClient.cs b/crypto/src/tls/TlsClient.cs
index 4d2e15437..a9356aa4b 100644
--- a/crypto/src/tls/TlsClient.cs
+++ b/crypto/src/tls/TlsClient.cs
@@ -18,6 +18,12 @@ namespace Org.BouncyCastle.Tls
         /// <seealso cref="SessionParameters.PeerCertificate"/>
         TlsSession GetSessionToResume();
 
+        /// <summary>Return the <see cref="TlsPskExternal">external PSKs</see> to offer in the ClientHello.</summary>
+        /// <remarks>This will only be called when TLS 1.3 or higher is amongst the offered protocol versions.</remarks>
+        /// <returns>an <see cref="IList"/> of <see cref="TlsPskExternal"/> instances, or null if none should be
+        /// offered.</returns>
+        IList GetExternalPsks();
+
         bool IsFallback();
 
         /// <returns>(Int32 -> byte[])</returns>
diff --git a/crypto/src/tls/TlsPeer.cs b/crypto/src/tls/TlsPeer.cs
index 29b4288e2..ef2837135 100644
--- a/crypto/src/tls/TlsPeer.cs
+++ b/crypto/src/tls/TlsPeer.cs
@@ -37,6 +37,8 @@ namespace Org.BouncyCastle.Tls
 
         int GetMaxHandshakeMessageSize();
 
+        short[] GetPskKeyExchangeModes();
+
         /// <remarks>
         /// This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a
         /// close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning
diff --git a/crypto/src/tls/TlsPsk.cs b/crypto/src/tls/TlsPsk.cs
new file mode 100644
index 000000000..c3aac3297
--- /dev/null
+++ b/crypto/src/tls/TlsPsk.cs
@@ -0,0 +1,15 @@
+using System;
+
+using Org.BouncyCastle.Tls.Crypto;
+
+namespace Org.BouncyCastle.Tls
+{
+    public interface TlsPsk
+    {
+        byte[] Identity { get; }
+
+        TlsSecret Key { get; }
+
+        int PrfAlgorithm { get; }
+    }
+}
diff --git a/crypto/src/tls/TlsPskExternal.cs b/crypto/src/tls/TlsPskExternal.cs
new file mode 100644
index 000000000..1e7b717e9
--- /dev/null
+++ b/crypto/src/tls/TlsPskExternal.cs
@@ -0,0 +1,9 @@
+using System;
+
+namespace Org.BouncyCastle.Tls
+{
+    public interface TlsPskExternal
+        : TlsPsk
+    {
+    }
+}

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-10 06:07:40 +0000