summary refs log tree commit diff
path: root/crypto/src/tls/TlsClientProtocol.cs
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src/tls/TlsClientProtocol.cs')
-rw-r--r--crypto/src/tls/TlsClientProtocol.cs35
1 files changed, 19 insertions, 16 deletions
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index daa5664b0..870a898f8 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -840,8 +840,9 @@ namespace Org.BouncyCastle.Tls
             {
                 if (!Arrays.Contains(m_clientBinders.m_pskKeyExchangeModes, PskKeyExchangeMode.psk_dhe_ke))
                 {
-                    // TODO[tls13-psk] Notify client that no PSK was selected.
                     this.m_clientBinders = null;
+
+                    m_tlsClient.NotifySelectedPsk(null);
                 }
             }
 
@@ -1511,8 +1512,7 @@ namespace Org.BouncyCastle.Tls
             clientHelloExtensions.Remove(ExtensionType.cookie);
             clientHelloExtensions.Remove(ExtensionType.early_data);
             clientHelloExtensions.Remove(ExtensionType.key_share);
-            // TODO[tls13-psk]
-            //clientHelloExtensions.Remove(ExtensionType.pre_shared_key);
+            clientHelloExtensions.Remove(ExtensionType.pre_shared_key);
 
             /*
              * RFC 4.2.2. When sending the new ClientHello, the client MUST copy the contents of the
@@ -1529,6 +1529,21 @@ namespace Org.BouncyCastle.Tls
             }
 
             /*
+             * - Updating the "pre_shared_key" extension if present by recomputing the "obfuscated_ticket_age"
+             * and binder values and (optionally) removing any PSKs which are incompatible with the server's
+             * indicated cipher suite.
+             */
+            if (null != m_clientBinders)
+            {
+                this.m_clientBinders = TlsUtilities.AddPreSharedKeyToClientHelloRetry(m_tlsClientContext,
+                    m_clientBinders, clientHelloExtensions);
+                if (null == m_clientBinders)
+                {
+                    m_tlsClient.NotifySelectedPsk(null);
+                }
+            }
+
+            /*
              * RFC 8446 4.2.8. [..] when sending the new ClientHello, the client MUST replace the
              * original "key_share" extension with one containing only a new KeyShareEntry for the group
              * indicated in the selected_group field of the triggering HelloRetryRequest.
@@ -1544,18 +1559,6 @@ namespace Org.BouncyCastle.Tls
                 clientHelloExtensions, m_retryGroup);
 
             /*
-             * - Updating the "pre_shared_key" extension if present by recomputing the "obfuscated_ticket_age"
-             * and binder values and (optionally) removing any PSKs which are incompatible with the server's
-             * indicated cipher suite.
-             */
-            if (null != m_clientBinders)
-            {
-                // TODO[tls13-psk]
-                //this.m_clientBinders = TlsUtilities.AddPreSharedKeyToClientHelloRetry(m_tlsClientContext,
-                //    m_clientBinders, clientHelloExtensions);
-            }
-
-            /*
              * TODO[tls13] Optionally adding, removing, or changing the length of the "padding"
              * extension [RFC7685].
              */
@@ -1748,7 +1751,7 @@ namespace Org.BouncyCastle.Tls
 
             if (null != m_clientBinders)
             {
-                OfferedPsks.EncodeBinders(message, Context.Crypto, m_handshakeHash, m_clientBinders);
+                OfferedPsks.EncodeBinders(message, m_tlsClientContext.Crypto, m_handshakeHash, m_clientBinders);
             }
 
             message.SendClientHello(this, m_handshakeHash, m_clientHello.BindersSize);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 16:09:01 +0000