summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--crypto/src/tls/crypto/impl/AbstractTlsCipher.cs53
-rw-r--r--crypto/src/tls/crypto/impl/TlsAeadCipher.cs20
-rw-r--r--crypto/src/tls/crypto/impl/TlsBlockCipher.cs26
-rw-r--r--crypto/src/tls/crypto/impl/TlsNullCipher.cs26
4 files changed, 79 insertions, 46 deletions
diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs b/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs
new file mode 100644
index 000000000..03d6ddba2
--- /dev/null
+++ b/crypto/src/tls/crypto/impl/AbstractTlsCipher.cs
@@ -0,0 +1,53 @@
+using System;
+
+using Org.BouncyCastle.Utilities.IO.Compression;
+
+namespace Org.BouncyCastle.Tls.Crypto.Impl
+{
+    public abstract class AbstractTlsCipher
+        : TlsCipher
+    {
+        public abstract int GetCiphertextDecodeLimit(int plaintextLimit);
+
+        public abstract int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit);
+
+        // TODO[api] Remove this method from TlsCipher
+        public abstract int GetPlaintextLimit(int ciphertextLimit);
+
+        // TODO[api] Add to TlsCipher
+        public virtual int GetPlaintextDecodeLimit(int ciphertextLimit)
+        {
+            return GetPlaintextLimit(ciphertextLimit);
+        }
+
+        // TODO[api] Add to TlsCipher
+        public virtual int GetPlaintextEncodeLimit(int ciphertextLimit)
+        {
+            return GetPlaintextLimit(ciphertextLimit);
+        }
+
+        public abstract TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+            int headerAllocation, byte[] plaintext, int offset, int len);
+
+#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+        public abstract TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+            int headerAllocation, ReadOnlySpan<byte> plaintext);
+#endif
+
+        // TODO[api] Add span-based version?
+        public abstract TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+            byte[] ciphertext, int offset, int len);
+
+        public virtual void RekeyDecoder()
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        public virtual void RekeyEncoder()
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        public abstract bool UsesOpaqueRecordType { get; }
+    }
+}
diff --git a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
index 8525c2fe9..f238a3afb 100644
--- a/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsAeadCipher.cs
@@ -5,7 +5,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 {
     /// <summary>A generic TLS 1.2 AEAD cipher.</summary>
     public class TlsAeadCipher
-        : TlsCipher
+        : AbstractTlsCipher
     {
         public const int AEAD_CCM = 1;
         public const int AEAD_CHACHA20_POLY1305 = 2;
@@ -134,12 +134,12 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             decryptCipher.Init(dummyNonce, macSize, null);
         }
 
-        public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
+        public override int GetCiphertextDecodeLimit(int plaintextLimit)
         {
             return plaintextLimit + m_macSize + m_record_iv_length + (m_isTlsV13 ? 1 : 0);
         }
 
-        public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+        public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
         {
             int innerPlaintextLimit = plaintextLength;
             if (m_isTlsV13)
@@ -153,12 +153,12 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             return innerPlaintextLimit + m_macSize + m_record_iv_length;
         }
 
-        public virtual int GetPlaintextLimit(int ciphertextLimit)
+        public override int GetPlaintextLimit(int ciphertextLimit)
         {
             return ciphertextLimit - m_macSize - m_record_iv_length - (m_isTlsV13 ? 1 : 0);
         }
 
-        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength)
         {
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -237,7 +237,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
         }
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, ReadOnlySpan<byte> plaintext)
         {
             byte[] nonce = new byte[m_encryptNonce.Length + m_record_iv_length];
@@ -311,7 +311,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
         }
 #endif
 
-        public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+        public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
             byte[] ciphertext, int ciphertextOffset, int ciphertextLength)
         {
             if (GetPlaintextLimit(ciphertextLength) < 0)
@@ -398,17 +398,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             return new TlsDecodeResult(ciphertext, encryptionOffset, plaintextLength, contentType);
         }
 
-        public virtual void RekeyDecoder()
+        public override void RekeyDecoder()
         {
             RekeyCipher(m_cryptoParams.SecurityParameters, m_decryptCipher, m_decryptNonce, !m_cryptoParams.IsServer);
         }
 
-        public virtual void RekeyEncoder()
+        public override void RekeyEncoder()
         {
             RekeyCipher(m_cryptoParams.SecurityParameters, m_encryptCipher, m_encryptNonce, m_cryptoParams.IsServer);
         }
 
-        public virtual bool UsesOpaqueRecordType
+        public override bool UsesOpaqueRecordType
         {
             get { return m_isTlsV13; }
         }
diff --git a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
index 64a73bfea..1e6889982 100644
--- a/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsBlockCipher.cs
@@ -8,7 +8,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 {
     /// <summary>A generic TLS 1.0-1.2 block cipher. This can be used for AES or 3DES for example.</summary>
     public class TlsBlockCipher
-        : TlsCipher
+        : AbstractTlsCipher
     {
         protected readonly TlsCryptoParameters m_cryptoParams;
         protected readonly byte[] m_randomData;
@@ -147,7 +147,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             }
         }
 
-        public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
+        public override int GetCiphertextDecodeLimit(int plaintextLimit)
         {
             int blockSize = m_decryptCipher.GetBlockSize();
             int macSize = m_readMac.Size;
@@ -156,7 +156,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             return GetCiphertextLength(blockSize, macSize, maxPadding, plaintextLimit);
         }
 
-        public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+        public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
         {
             int blockSize = m_encryptCipher.GetBlockSize();
             int macSize = m_writeMac.Size;
@@ -165,7 +165,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             return GetCiphertextLength(blockSize, macSize, maxPadding, plaintextLength);
         }
 
-        public virtual int GetPlaintextLimit(int ciphertextLimit)
+        public override int GetPlaintextLimit(int ciphertextLimit)
         {
             int blockSize = m_encryptCipher.GetBlockSize();
             int macSize = m_writeMac.Size;
@@ -196,7 +196,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             return plaintextLimit;
         }
 
-        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, byte[] plaintext, int offset, int len)
         {
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -271,7 +271,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
         }
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, ReadOnlySpan<byte> plaintext)
         {
             int blockSize = m_encryptCipher.GetBlockSize();
@@ -342,7 +342,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
         }
 #endif
 
-        public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+        public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
             byte[] ciphertext, int offset, int len)
         {
             int blockSize = m_decryptCipher.GetBlockSize();
@@ -427,17 +427,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             return new TlsDecodeResult(ciphertext, offset, dec_output_length, recordType);
         }
 
-        public virtual void RekeyDecoder()
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-
-        public virtual void RekeyEncoder()
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-
-        public virtual bool UsesOpaqueRecordType
+        public override bool UsesOpaqueRecordType
         {
             get { return false; }
         }
diff --git a/crypto/src/tls/crypto/impl/TlsNullCipher.cs b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
index 9bb08110a..2008fd1d6 100644
--- a/crypto/src/tls/crypto/impl/TlsNullCipher.cs
+++ b/crypto/src/tls/crypto/impl/TlsNullCipher.cs
@@ -5,7 +5,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
 {
     /// <summary>The NULL cipher.</summary>
     public class TlsNullCipher
-        : TlsCipher
+        : AbstractTlsCipher
     {
         protected readonly TlsCryptoParameters m_cryptoParams;
         protected readonly TlsSuiteHmac m_readMac, m_writeMac;
@@ -56,22 +56,22 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             }
         }
 
-        public virtual int GetCiphertextDecodeLimit(int plaintextLimit)
+        public override int GetCiphertextDecodeLimit(int plaintextLimit)
         {
             return plaintextLimit + m_writeMac.Size;
         }
 
-        public virtual int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
+        public override int GetCiphertextEncodeLimit(int plaintextLength, int plaintextLimit)
         {
             return plaintextLength + m_writeMac.Size;
         }
 
-        public virtual int GetPlaintextLimit(int ciphertextLimit)
+        public override int GetPlaintextLimit(int ciphertextLimit)
         {
             return ciphertextLimit - m_writeMac.Size;
         }
 
-        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, byte[] plaintext, int offset, int len)
         {
             byte[] mac = m_writeMac.CalculateMac(seqNo, contentType, plaintext, offset, len);
@@ -82,7 +82,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
         }
 
 #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
-        public virtual TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
+        public override TlsEncodeResult EncodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
             int headerAllocation, ReadOnlySpan<byte> plaintext)
         {
             byte[] mac = m_writeMac.CalculateMac(seqNo, contentType, plaintext);
@@ -93,7 +93,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
         }
 #endif
 
-        public virtual TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
+        public override TlsDecodeResult DecodeCiphertext(long seqNo, short recordType, ProtocolVersion recordVersion,
             byte[] ciphertext, int offset, int len)
         {
             int macSize = m_readMac.Size;
@@ -111,17 +111,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
             return new TlsDecodeResult(ciphertext, offset, macInputLen, recordType);
         }
 
-        public virtual void RekeyDecoder()
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-
-        public virtual void RekeyEncoder()
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
-
-        public virtual bool UsesOpaqueRecordType
+        public override bool UsesOpaqueRecordType
         {
             get { return false; }
         }