diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-08-01 17:27:58 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-08-01 17:27:58 +0700 |
| commit | 6fd2fc61dd607475c367d3ee828c659a1651eb4e (patch) | |
| tree | 6349d86f8723158e1cb43c73e0cb810f1ea3201a /crypto/src/tls | |
| parent | Make nextUpdate nullable (diff) | |
| download | BouncyCastle.NET-ed25519-6fd2fc61dd607475c367d3ee828c659a1651eb4e.tar.xz | |
TLS: 'tls-exporter' channel binding
- defined in RFC 9266 - see https://github.com/bcgit/bc-java/issues/1198
Diffstat (limited to 'crypto/src/tls')
| -rw-r--r-- | crypto/src/tls/AbstractTlsContext.cs | 3 | ||||
| -rw-r--r-- | crypto/src/tls/ChannelBinding.cs | 5 |
2 files changed, 8 insertions, 0 deletions
diff --git a/crypto/src/tls/AbstractTlsContext.cs b/crypto/src/tls/AbstractTlsContext.cs index be7a67dfc..a5ac85962 100644 --- a/crypto/src/tls/AbstractTlsContext.cs +++ b/crypto/src/tls/AbstractTlsContext.cs @@ -170,6 +170,9 @@ namespace Org.BouncyCastle.Tls SecurityParameters securityParameters = SecurityParameters; + if (ChannelBinding.tls_exporter == channelBinding) + return ExportKeyingMaterial("EXPORTER-Channel-Binding", TlsUtilities.EmptyBytes, 32); + if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion)) return null; diff --git a/crypto/src/tls/ChannelBinding.cs b/crypto/src/tls/ChannelBinding.cs index 84f8bc4df..d6e0cbe27 100644 --- a/crypto/src/tls/ChannelBinding.cs +++ b/crypto/src/tls/ChannelBinding.cs @@ -15,5 +15,10 @@ namespace Org.BouncyCastle.Tls public const int tls_server_end_point = 0; public const int tls_unique = 1; public const int tls_unique_for_telnet = 2; + + /* + * RFC 9266 + */ + public const int tls_exporter = 3; } } |