diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2016-02-03 17:29:12 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2016-02-03 17:29:12 +0700 |
commit | 651ac04de1249a97a63c3b54ada4ba468aca9787 (patch) | |
tree | 8e1eb82b52f9093aa896bb0266d11627bcf96697 /crypto/src | |
parent | Add various ExtensionType values (diff) | |
download | BouncyCastle.NET-ed25519-651ac04de1249a97a63c3b54ada4ba468aca9787.tar.xz |
Implement RFC 7685 in TLS
Diffstat (limited to 'crypto/src')
-rw-r--r-- | crypto/src/crypto/tls/AbstractTlsClient.cs | 5 | ||||
-rw-r--r-- | crypto/src/crypto/tls/DtlsServerProtocol.cs | 3 | ||||
-rw-r--r-- | crypto/src/crypto/tls/TlsExtensionsUtilities.cs | 34 | ||||
-rw-r--r-- | crypto/src/crypto/tls/TlsServerProtocol.cs | 3 |
4 files changed, 45 insertions, 0 deletions
diff --git a/crypto/src/crypto/tls/AbstractTlsClient.cs b/crypto/src/crypto/tls/AbstractTlsClient.cs index ee7a93803..be4702e5e 100644 --- a/crypto/src/crypto/tls/AbstractTlsClient.cs +++ b/crypto/src/crypto/tls/AbstractTlsClient.cs @@ -198,6 +198,11 @@ namespace Org.BouncyCastle.Crypto.Tls { CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.ec_point_formats); } + + /* + * RFC 7685 3. The server MUST NOT echo the extension. + */ + CheckForUnexpectedServerExtension(serverExtensions, ExtensionType.padding); } } diff --git a/crypto/src/crypto/tls/DtlsServerProtocol.cs b/crypto/src/crypto/tls/DtlsServerProtocol.cs index 171984b6f..d05af193c 100644 --- a/crypto/src/crypto/tls/DtlsServerProtocol.cs +++ b/crypto/src/crypto/tls/DtlsServerProtocol.cs @@ -618,6 +618,9 @@ namespace Org.BouncyCastle.Crypto.Tls if (state.clientExtensions != null) { + // NOTE: Validates the padding extension data, if present + TlsExtensionsUtilities.GetPaddingExtension(state.clientExtensions); + state.server.ProcessClientExtensions(state.clientExtensions); } } diff --git a/crypto/src/crypto/tls/TlsExtensionsUtilities.cs b/crypto/src/crypto/tls/TlsExtensionsUtilities.cs index 46851b66c..7f6a26ef2 100644 --- a/crypto/src/crypto/tls/TlsExtensionsUtilities.cs +++ b/crypto/src/crypto/tls/TlsExtensionsUtilities.cs @@ -36,6 +36,12 @@ namespace Org.BouncyCastle.Crypto.Tls } /// <exception cref="IOException"></exception> + public static void AddPaddingExtension(IDictionary extensions, int dataLength) + { + extensions[ExtensionType.padding] = CreatePaddingExtension(dataLength); + } + + /// <exception cref="IOException"></exception> public static void AddServerNameExtension(IDictionary extensions, ServerNameList serverNameList) { extensions[ExtensionType.server_name] = CreateServerNameExtension(serverNameList); @@ -67,6 +73,13 @@ namespace Org.BouncyCastle.Crypto.Tls } /// <exception cref="IOException"></exception> + public static int GetPaddingExtension(IDictionary extensions) + { + byte[] extensionData = TlsUtilities.GetExtensionData(extensions, ExtensionType.padding); + return extensionData == null ? -1 : ReadPaddingExtension(extensionData); + } + + /// <exception cref="IOException"></exception> public static ServerNameList GetServerNameExtension(IDictionary extensions) { byte[] extensionData = TlsUtilities.GetExtensionData(extensions, ExtensionType.server_name); @@ -136,6 +149,13 @@ namespace Org.BouncyCastle.Crypto.Tls } /// <exception cref="IOException"></exception> + public static byte[] CreatePaddingExtension(int dataLength) + { + TlsUtilities.CheckUint16(dataLength); + return new byte[dataLength]; + } + + /// <exception cref="IOException"></exception> public static byte[] CreateServerNameExtension(ServerNameList serverNameList) { if (serverNameList == null) @@ -220,6 +240,20 @@ namespace Org.BouncyCastle.Crypto.Tls } /// <exception cref="IOException"></exception> + public static int ReadPaddingExtension(byte[] extensionData) + { + if (extensionData == null) + throw new ArgumentNullException("extensionData"); + + for (int i = 0; i < extensionData.Length; ++i) + { + if (extensionData[i] != 0) + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + return extensionData.Length; + } + + /// <exception cref="IOException"></exception> public static ServerNameList ReadServerNameExtension(byte[] extensionData) { if (extensionData == null) diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs index 1b790c9e0..38f2befea 100644 --- a/crypto/src/crypto/tls/TlsServerProtocol.cs +++ b/crypto/src/crypto/tls/TlsServerProtocol.cs @@ -612,6 +612,9 @@ namespace Org.BouncyCastle.Crypto.Tls if (mClientExtensions != null) { + // NOTE: Validates the padding extension data, if present + TlsExtensionsUtilities.GetPaddingExtension(mClientExtensions); + mTlsServer.ProcessClientExtensions(mClientExtensions); } } |