diff options
| -rw-r--r-- | crypto/BouncyCastle.Android.csproj | 3 | ||||
| -rw-r--r-- | crypto/BouncyCastle.csproj | 3 | ||||
| -rw-r--r-- | crypto/BouncyCastle.iOS.csproj | 3 | ||||
| -rw-r--r-- | crypto/crypto.csproj | 15 | ||||
| -rw-r--r-- | crypto/src/tls/AbstractTlsClient.cs | 5 | ||||
| -rw-r--r-- | crypto/src/tls/AbstractTlsPeer.cs | 5 | ||||
| -rw-r--r-- | crypto/src/tls/BasicTlsPskExternal.cs | 42 | ||||
| -rw-r--r-- | crypto/src/tls/TlsClient.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/TlsPeer.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/TlsPsk.cs | 15 | ||||
| -rw-r--r-- | crypto/src/tls/TlsPskExternal.cs | 9 |
11 files changed, 108 insertions, 0 deletions
diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj index 043cd2b27..5859a1bc8 100644 --- a/crypto/BouncyCastle.Android.csproj +++ b/crypto/BouncyCastle.Android.csproj @@ -1568,6 +1568,7 @@ <Compile Include="src\tls\AbstractTlsServer.cs" /> <Compile Include="src\tls\AlertDescription.cs" /> <Compile Include="src\tls\AlertLevel.cs" /> + <Compile Include="src\tls\BasicTlsPskExternal.cs" /> <Compile Include="src\tls\BasicTlsPskIdentity.cs" /> <Compile Include="src\tls\BasicTlsSrpIdentity.cs" /> <Compile Include="src\tls\ByteQueue.cs" /> @@ -1799,6 +1800,8 @@ <Compile Include="src\tls\TlsObjectIdentifiers.cs" /> <Compile Include="src\tls\TlsPeer.cs" /> <Compile Include="src\tls\TlsProtocol.cs" /> + <Compile Include="src\tls\TlsPsk.cs" /> + <Compile Include="src\tls\TlsPskExternal.cs" /> <Compile Include="src\tls\TlsPskIdentity.cs" /> <Compile Include="src\tls\TlsPskIdentityManager.cs" /> <Compile Include="src\tls\TlsPskKeyExchange.cs" /> diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj index 8f93f8013..3a3dadd21 100644 --- a/crypto/BouncyCastle.csproj +++ b/crypto/BouncyCastle.csproj @@ -1562,6 +1562,7 @@ <Compile Include="src\tls\AbstractTlsServer.cs" /> <Compile Include="src\tls\AlertDescription.cs" /> <Compile Include="src\tls\AlertLevel.cs" /> + <Compile Include="src\tls\BasicTlsPskExternal.cs" /> <Compile Include="src\tls\BasicTlsPskIdentity.cs" /> <Compile Include="src\tls\BasicTlsSrpIdentity.cs" /> <Compile Include="src\tls\ByteQueue.cs" /> @@ -1793,6 +1794,8 @@ <Compile Include="src\tls\TlsObjectIdentifiers.cs" /> <Compile Include="src\tls\TlsPeer.cs" /> <Compile Include="src\tls\TlsProtocol.cs" /> + <Compile Include="src\tls\TlsPsk.cs" /> + <Compile Include="src\tls\TlsPskExternal.cs" /> <Compile Include="src\tls\TlsPskIdentity.cs" /> <Compile Include="src\tls\TlsPskIdentityManager.cs" /> <Compile Include="src\tls\TlsPskKeyExchange.cs" /> diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj index 6417b95b0..d02d6b97b 100644 --- a/crypto/BouncyCastle.iOS.csproj +++ b/crypto/BouncyCastle.iOS.csproj @@ -1563,6 +1563,7 @@ <Compile Include="src\tls\AbstractTlsServer.cs" /> <Compile Include="src\tls\AlertDescription.cs" /> <Compile Include="src\tls\AlertLevel.cs" /> + <Compile Include="src\tls\BasicTlsPskExternal.cs" /> <Compile Include="src\tls\BasicTlsPskIdentity.cs" /> <Compile Include="src\tls\BasicTlsSrpIdentity.cs" /> <Compile Include="src\tls\ByteQueue.cs" /> @@ -1794,6 +1795,8 @@ <Compile Include="src\tls\TlsObjectIdentifiers.cs" /> <Compile Include="src\tls\TlsPeer.cs" /> <Compile Include="src\tls\TlsProtocol.cs" /> + <Compile Include="src\tls\TlsPsk.cs" /> + <Compile Include="src\tls\TlsPskExternal.cs" /> <Compile Include="src\tls\TlsPskIdentity.cs" /> <Compile Include="src\tls\TlsPskIdentityManager.cs" /> <Compile Include="src\tls\TlsPskKeyExchange.cs" /> diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index 0e9884ab2..bb2eed13f 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -7699,6 +7699,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\tls\BasicTlsPskExternal.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\tls\BasicTlsPskIdentity.cs" SubType = "Code" BuildAction = "Compile" @@ -8854,6 +8859,16 @@ BuildAction = "Compile" /> <File + RelPath = "src\tls\TlsPsk.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File + RelPath = "src\tls\TlsPskExternal.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\tls\TlsPskIdentity.cs" SubType = "Code" BuildAction = "Compile" diff --git a/crypto/src/tls/AbstractTlsClient.cs b/crypto/src/tls/AbstractTlsClient.cs index 0a9410cd9..8d9d9de3d 100644 --- a/crypto/src/tls/AbstractTlsClient.cs +++ b/crypto/src/tls/AbstractTlsClient.cs @@ -205,6 +205,11 @@ namespace Org.BouncyCastle.Tls return null; } + public virtual IList GetExternalPsks() + { + return null; + } + public virtual bool IsFallback() { /* diff --git a/crypto/src/tls/AbstractTlsPeer.cs b/crypto/src/tls/AbstractTlsPeer.cs index ad9d83e76..1d730c18e 100644 --- a/crypto/src/tls/AbstractTlsPeer.cs +++ b/crypto/src/tls/AbstractTlsPeer.cs @@ -81,6 +81,11 @@ namespace Org.BouncyCastle.Tls return 32768; } + public virtual short[] GetPskKeyExchangeModes() + { + return new short[]{ PskKeyExchangeMode.psk_dhe_ke, PskKeyExchangeMode.psk_ke }; + } + public virtual bool RequiresCloseNotify() { return true; diff --git a/crypto/src/tls/BasicTlsPskExternal.cs b/crypto/src/tls/BasicTlsPskExternal.cs new file mode 100644 index 000000000..dd9b7b221 --- /dev/null +++ b/crypto/src/tls/BasicTlsPskExternal.cs @@ -0,0 +1,42 @@ +using System; + +using Org.BouncyCastle.Tls.Crypto; +using Org.BouncyCastle.Utilities; + +namespace Org.BouncyCastle.Tls +{ + public class BasicTlsPskExternal + : TlsPskExternal + { + protected readonly byte[] m_identity; + protected readonly TlsSecret m_key; + protected readonly int m_prfAlgorithm; + + public BasicTlsPskExternal(byte[] identity, TlsSecret key) + : this(identity, key, Tls.PrfAlgorithm.tls13_hkdf_sha256) + { + } + + public BasicTlsPskExternal(byte[] identity, TlsSecret key, int prfAlgorithm) + { + this.m_identity = Arrays.Clone(identity); + this.m_key = key; + this.m_prfAlgorithm = prfAlgorithm; + } + + public virtual byte[] Identity + { + get { return m_identity; } + } + + public virtual TlsSecret Key + { + get { return m_key; } + } + + public virtual int PrfAlgorithm + { + get { return m_prfAlgorithm; } + } + } +} diff --git a/crypto/src/tls/TlsClient.cs b/crypto/src/tls/TlsClient.cs index 4d2e15437..a9356aa4b 100644 --- a/crypto/src/tls/TlsClient.cs +++ b/crypto/src/tls/TlsClient.cs @@ -18,6 +18,12 @@ namespace Org.BouncyCastle.Tls /// <seealso cref="SessionParameters.PeerCertificate"/> TlsSession GetSessionToResume(); + /// <summary>Return the <see cref="TlsPskExternal">external PSKs</see> to offer in the ClientHello.</summary> + /// <remarks>This will only be called when TLS 1.3 or higher is amongst the offered protocol versions.</remarks> + /// <returns>an <see cref="IList"/> of <see cref="TlsPskExternal"/> instances, or null if none should be + /// offered.</returns> + IList GetExternalPsks(); + bool IsFallback(); /// <returns>(Int32 -> byte[])</returns> diff --git a/crypto/src/tls/TlsPeer.cs b/crypto/src/tls/TlsPeer.cs index 29b4288e2..ef2837135 100644 --- a/crypto/src/tls/TlsPeer.cs +++ b/crypto/src/tls/TlsPeer.cs @@ -37,6 +37,8 @@ namespace Org.BouncyCastle.Tls int GetMaxHandshakeMessageSize(); + short[] GetPskKeyExchangeModes(); + /// <remarks> /// This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a /// close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning diff --git a/crypto/src/tls/TlsPsk.cs b/crypto/src/tls/TlsPsk.cs new file mode 100644 index 000000000..c3aac3297 --- /dev/null +++ b/crypto/src/tls/TlsPsk.cs @@ -0,0 +1,15 @@ +using System; + +using Org.BouncyCastle.Tls.Crypto; + +namespace Org.BouncyCastle.Tls +{ + public interface TlsPsk + { + byte[] Identity { get; } + + TlsSecret Key { get; } + + int PrfAlgorithm { get; } + } +} diff --git a/crypto/src/tls/TlsPskExternal.cs b/crypto/src/tls/TlsPskExternal.cs new file mode 100644 index 000000000..1e7b717e9 --- /dev/null +++ b/crypto/src/tls/TlsPskExternal.cs @@ -0,0 +1,9 @@ +using System; + +namespace Org.BouncyCastle.Tls +{ + public interface TlsPskExternal + : TlsPsk + { + } +} |