DTLS: Improve DtlsVerifier performance

author: Peter Dettman <peter.dettman@bouncycastle.org> 2023-05-17 18:16:36 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2023-05-17 18:16:36 +0700
commit: d7557597d18a313c7e573b11e48ba8648d8a50a9 (patch)
tree: c22f9efc8bb7940e1961e4d2ee2e1a50a5027747 /crypto/test
parent: TLS: NotifyConnectionClosed after failure (diff)
download: BouncyCastle.NET-ed25519-d7557597d18a313c7e573b11e48ba8648d8a50a9.tar.xz
1 files changed, 31 insertions, 1 deletions
diff --git a/crypto/test/src/tls/test/DtlsProtocolTest.cs b/crypto/test/src/tls/test/DtlsProtocolTest.cs
index 388003666..7fc49fb51 100644
--- a/crypto/test/src/tls/test/DtlsProtocolTest.cs
+++ b/crypto/test/src/tls/test/DtlsProtocolTest.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Text;
 using System.Threading;
 
 using NUnit.Framework;
@@ -70,7 +71,36 @@ namespace Org.BouncyCastle.Tls.Tests
                 try
                 {
                     MockDtlsServer server = new MockDtlsServer();
-                    DtlsTransport dtlsServer = m_serverProtocol.Accept(server, m_serverTransport);
+
+                    DtlsRequest request = null;
+
+                    // Use DtlsVerifier to require a HelloVerifyRequest cookie exchange before accepting
+                    {
+                        DtlsVerifier verifier = new DtlsVerifier(server.Crypto);
+
+                        // NOTE: Test value only - would typically be the client IP address
+                        byte[] clientID = Encoding.UTF8.GetBytes("MockDtlsClient");
+
+                        int receiveLimit = m_serverTransport.GetReceiveLimit();
+                        int dummyOffset = server.Crypto.SecureRandom.Next(16) + 1;
+                        byte[] transportBuf = new byte[dummyOffset + m_serverTransport.GetReceiveLimit()];
+
+                        do
+                        {
+                            if (m_isShutdown)
+                                return;
+
+                            int length = m_serverTransport.Receive(transportBuf, dummyOffset, receiveLimit, 1000);
+                            if (length > 0)
+                            {
+                                request = verifier.VerifyRequest(clientID, transportBuf, dummyOffset, length,
+                                    m_serverTransport);
+                            }
+                        }
+                        while (request == null);
+                    }
+
+                    DtlsTransport dtlsServer = m_serverProtocol.Accept(server, m_serverTransport, request);
                     byte[] buf = new byte[dtlsServer.GetReceiveLimit()];
                     while (!m_isShutdown)
                     {
author	Peter Dettman <peter.dettman@bouncycastle.org>	2023-05-17 18:16:36 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2023-05-17 18:16:36 +0700
commit	d7557597d18a313c7e573b11e48ba8648d8a50a9 (patch)
tree	c22f9efc8bb7940e1961e4d2ee2e1a50a5027747 /crypto/test
parent	TLS: NotifyConnectionClosed after failure (diff)
download	BouncyCastle.NET-ed25519-d7557597d18a313c7e573b11e48ba8648d8a50a9.tar.xz