A few minor followups to the previous batch of TLS updates

5 files changed, 16 insertions, 8 deletions

diff --git a/crypto/src/crypto/tls/ExporterLabel.cs b/crypto/src/crypto/tls/ExporterLabel.cs

index c186d410b..f301ea3c0 100644
--- a/crypto/src/crypto/tls/ExporterLabel.cs
+++ b/crypto/src/crypto/tls/ExporterLabel.cs
@@ -6,12 +6,6 @@ namespace Org.BouncyCastle.Crypto.Tls
     public abstract class ExporterLabel
     {
         /*
-         * BC-specific
-         */
-        internal const string client_random = "client random";
-        internal const string server_random = "server random";
-
-        /*
          * RFC 5246
          */
         public const string client_finished = "client finished";
diff --git a/crypto/src/crypto/tls/SecurityParameters.cs b/crypto/src/crypto/tls/SecurityParameters.cs

index 3aa318da2..0707f3d40 100644
--- a/crypto/src/crypto/tls/SecurityParameters.cs
+++ b/crypto/src/crypto/tls/SecurityParameters.cs
@@ -11,6 +11,16 @@ namespace Org.BouncyCastle.Crypto.Tls
         internal byte[] clientRandom = null;
         internal byte[] serverRandom = null;
 
+        internal void CopySessionParametersFrom(SecurityParameters other)
+        {
+            //this.entity = other.entity;
+            //this.cipherSuite = other.cipherSuite;
+            //this.compressionAlgorithm = other.compressionAlgorithm;
+            this.prfAlgorithm = other.prfAlgorithm;
+            //this.verifyDataLength = other.verifyDataLength;
+            this.masterSecret = Arrays.Clone(other.masterSecret);
+        }
+
         internal virtual void Clear()
         {
             if (this.masterSecret != null)
diff --git a/crypto/src/crypto/tls/TlsBlockCipher.cs b/crypto/src/crypto/tls/TlsBlockCipher.cs

index 7adab1985..b2c69127c 100644
--- a/crypto/src/crypto/tls/TlsBlockCipher.cs
+++ b/crypto/src/crypto/tls/TlsBlockCipher.cs
@@ -51,7 +51,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             SecurityParameters securityParameters = context.SecurityParameters;
 
-            byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, "key expansion",
+            byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, ExporterLabel.key_expansion,
                 TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
                 prfSize);
 
diff --git a/crypto/src/crypto/tls/TlsProtocolHandler.cs b/crypto/src/crypto/tls/TlsProtocolHandler.cs

index cf1296b14..918640db5 100644
--- a/crypto/src/crypto/tls/TlsProtocolHandler.cs
+++ b/crypto/src/crypto/tls/TlsProtocolHandler.cs
@@ -453,6 +453,10 @@ namespace Org.BouncyCastle.Crypto.Tls
                             this.keyExchange = tlsClient.GetKeyExchange();
 
                             connection_state = CS_SERVER_HELLO_RECEIVED;
+
+                            // TODO Just a place-holder until other TLS 1.2 changes arrive
+                            this.securityParameters.prfAlgorithm = PrfAlgorithm.tls_prf_legacy;
+
                             break;
                         default:
                             this.FailWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
diff --git a/crypto/src/crypto/tls/TlsStreamCipher.cs b/crypto/src/crypto/tls/TlsStreamCipher.cs

index 3e6f7e06d..24e2ce73f 100644
--- a/crypto/src/crypto/tls/TlsStreamCipher.cs
+++ b/crypto/src/crypto/tls/TlsStreamCipher.cs
@@ -29,7 +29,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             SecurityParameters securityParameters = context.SecurityParameters;
 
-            byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, "key expansion",
+            byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, ExporterLabel.key_expansion,
                 TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
                 prfSize);