summary refs log tree commit diff
path: root/crypto/src/tls/PskTlsServer.cs
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src/tls/PskTlsServer.cs')
-rw-r--r--crypto/src/tls/PskTlsServer.cs76
1 files changed, 76 insertions, 0 deletions
diff --git a/crypto/src/tls/PskTlsServer.cs b/crypto/src/tls/PskTlsServer.cs
new file mode 100644
index 000000000..7197b6ad8
--- /dev/null
+++ b/crypto/src/tls/PskTlsServer.cs
@@ -0,0 +1,76 @@
+using System;
+using System.IO;
+
+using Org.BouncyCastle.Tls.Crypto;
+
+namespace Org.BouncyCastle.Tls
+{
+    public class PskTlsServer
+        : AbstractTlsServer
+    {
+        private static readonly int[] DefaultCipherSuites = new int[]
+        {
+            CipherSuite.TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+            CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+            CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+            CipherSuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+            CipherSuite.TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
+            CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+        };
+
+        protected readonly TlsPskIdentityManager m_pskIdentityManager;
+
+        public PskTlsServer(TlsCrypto crypto, TlsPskIdentityManager pskIdentityManager)
+            : base(crypto)
+        {
+            this.m_pskIdentityManager = pskIdentityManager;
+        }
+
+        /// <exception cref="IOException"/>
+        protected virtual TlsCredentialedDecryptor GetRsaEncryptionCredentials()
+        {
+            throw new TlsFatalAlert(AlertDescription.internal_error);
+        }
+
+        protected override ProtocolVersion[] GetSupportedVersions()
+        {
+            return ProtocolVersion.TLSv12.DownTo(ProtocolVersion.TLSv10);
+        }
+
+        protected override int[] GetSupportedCipherSuites()
+        {
+            return TlsUtilities.GetSupportedCipherSuites(Crypto, DefaultCipherSuites);
+        }
+
+        public override TlsCredentials GetCredentials()
+        {
+            int keyExchangeAlgorithm = m_context.SecurityParameters.KeyExchangeAlgorithm;
+
+            switch (keyExchangeAlgorithm)
+            {
+            case KeyExchangeAlgorithm.DHE_PSK:
+            case KeyExchangeAlgorithm.ECDHE_PSK:
+            case KeyExchangeAlgorithm.PSK:
+                return null;
+
+            case KeyExchangeAlgorithm.RSA_PSK:
+                return GetRsaEncryptionCredentials();
+
+            default:
+                // Note: internal error here; selected a key exchange we don't implement!
+                throw new TlsFatalAlert(AlertDescription.internal_error);
+            }
+        }
+
+        public override TlsPskIdentityManager GetPskIdentityManager()
+        {
+            return m_pskIdentityManager;
+        }
+    }
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 04:21:16 +0000