diff options
Diffstat (limited to 'crypto/src/tls/TlsUtilities.cs')
-rw-r--r-- | crypto/src/tls/TlsUtilities.cs | 61 |
1 files changed, 58 insertions, 3 deletions
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index c6c4a052a..d1160e372 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -2059,6 +2059,16 @@ namespace Org.BouncyCastle.Tls throw new TlsFatalAlert(AlertDescription.illegal_parameter); } + case CipherSuite.TLS_GOSTR341112_256_WITH_28147_CNT_IMIT: + case CipherSuite.TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC: + case CipherSuite.TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC: + { + if (isTlsV12Exactly) + return PrfAlgorithm.tls_prf_gostr3411_2012_256; + + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + case CipherSuite.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384: case CipherSuite.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384: case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA384: @@ -2543,6 +2553,9 @@ namespace Org.BouncyCastle.Tls { switch (cipherSuite) { + case CipherSuite.TLS_GOSTR341112_256_WITH_28147_CNT_IMIT: + return EncryptionAlgorithm.cls_28147_CNT_IMIT; + case CipherSuite.TLS_DH_anon_WITH_3DES_EDE_CBC_SHA: case CipherSuite.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA: case CipherSuite.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA: @@ -2843,6 +2856,12 @@ namespace Org.BouncyCastle.Tls case CipherSuite.TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256: return EncryptionAlgorithm.CHACHA20_POLY1305; + case CipherSuite.TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC: + return EncryptionAlgorithm.KUZNYECHIK_CTR_OMAC; + + case CipherSuite.TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC: + return EncryptionAlgorithm.MAGMA_CTR_OMAC; + case CipherSuite.TLS_DHE_PSK_WITH_NULL_SHA: case CipherSuite.TLS_ECDH_anon_WITH_NULL_SHA: case CipherSuite.TLS_ECDH_ECDSA_WITH_NULL_SHA: @@ -2925,6 +2944,9 @@ namespace Org.BouncyCastle.Tls case EncryptionAlgorithm.SM4_CBC: return CipherType.block; + case EncryptionAlgorithm.cls_28147_CNT_IMIT: + case EncryptionAlgorithm.KUZNYECHIK_CTR_OMAC: + case EncryptionAlgorithm.MAGMA_CTR_OMAC: case EncryptionAlgorithm.NULL: case EncryptionAlgorithm.RC4_40: case EncryptionAlgorithm.RC4_128: @@ -3172,6 +3194,11 @@ namespace Org.BouncyCastle.Tls case CipherSuite.TLS_ECDHE_RSA_WITH_NULL_SHA: return KeyExchangeAlgorithm.ECDHE_RSA; + case CipherSuite.TLS_GOSTR341112_256_WITH_28147_CNT_IMIT: + case CipherSuite.TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC: + case CipherSuite.TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC: + return KeyExchangeAlgorithm.GOSTR341112_256; + case CipherSuite.TLS_AES_128_CCM_8_SHA256: case CipherSuite.TLS_AES_128_CCM_SHA256: case CipherSuite.TLS_AES_128_GCM_SHA256: @@ -3751,6 +3778,9 @@ namespace Org.BouncyCastle.Tls case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384: case CipherSuite.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384: case CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: + case CipherSuite.TLS_GOSTR341112_256_WITH_28147_CNT_IMIT: + case CipherSuite.TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC: + case CipherSuite.TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC: case CipherSuite.TLS_PSK_DHE_WITH_AES_128_CCM_8: case CipherSuite.TLS_PSK_DHE_WITH_AES_256_CCM_8: case CipherSuite.TLS_PSK_WITH_AES_128_CCM: @@ -3919,8 +3949,6 @@ namespace Org.BouncyCastle.Tls internal static bool IsValidSignatureAlgorithmForServerKeyExchange(short signatureAlgorithm, int keyExchangeAlgorithm) { - // TODO[tls13] - switch (keyExchangeAlgorithm) { case KeyExchangeAlgorithm.DHE_RSA: @@ -3958,6 +3986,7 @@ namespace Org.BouncyCastle.Tls case KeyExchangeAlgorithm.NULL: return SignatureAlgorithm.anonymous != signatureAlgorithm; + case KeyExchangeAlgorithm.GOSTR341112_256: default: return false; } @@ -4220,6 +4249,9 @@ namespace Org.BouncyCastle.Tls return crypto.HasSrpAuthentication() && HasAnyRsaSigAlgs(crypto); + // TODO[RFC 9189] + case KeyExchangeAlgorithm.GOSTR341112_256: + default: return false; } @@ -5275,9 +5307,32 @@ namespace Org.BouncyCastle.Tls { securityParameters.m_verifyDataLength = securityParameters.PrfHashLength; } + else if (negotiatedVersion.IsSsl) + { + securityParameters.m_verifyDataLength = 36; + } else { - securityParameters.m_verifyDataLength = negotiatedVersion.IsSsl ? 36 : 12; + /* + * RFC 9189 4.2.6. The verify_data_length value is equal to 32 for the CTR_OMAC cipher + * suites and is equal to 12 for the CNT_IMIT cipher suite. + */ + switch (cipherSuite) + { + case CipherSuite.TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC: + case CipherSuite.TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC: + { + securityParameters.m_verifyDataLength = 32; + break; + } + + case CipherSuite.TLS_GOSTR341112_256_WITH_28147_CNT_IMIT: + default: + { + securityParameters.m_verifyDataLength = 12; + break; + } + } } } |