diff --git a/crypto/src/crypto/tls/ExporterLabel.cs b/crypto/src/crypto/tls/ExporterLabel.cs
index c186d410b..f301ea3c0 100644
--- a/crypto/src/crypto/tls/ExporterLabel.cs
+++ b/crypto/src/crypto/tls/ExporterLabel.cs
@@ -6,12 +6,6 @@ namespace Org.BouncyCastle.Crypto.Tls
public abstract class ExporterLabel
{
/*
- * BC-specific
- */
- internal const string client_random = "client random";
- internal const string server_random = "server random";
-
- /*
* RFC 5246
*/
public const string client_finished = "client finished";
diff --git a/crypto/src/crypto/tls/SecurityParameters.cs b/crypto/src/crypto/tls/SecurityParameters.cs
index 3aa318da2..0707f3d40 100644
--- a/crypto/src/crypto/tls/SecurityParameters.cs
+++ b/crypto/src/crypto/tls/SecurityParameters.cs
@@ -11,6 +11,16 @@ namespace Org.BouncyCastle.Crypto.Tls
internal byte[] clientRandom = null;
internal byte[] serverRandom = null;
+ internal void CopySessionParametersFrom(SecurityParameters other)
+ {
+ //this.entity = other.entity;
+ //this.cipherSuite = other.cipherSuite;
+ //this.compressionAlgorithm = other.compressionAlgorithm;
+ this.prfAlgorithm = other.prfAlgorithm;
+ //this.verifyDataLength = other.verifyDataLength;
+ this.masterSecret = Arrays.Clone(other.masterSecret);
+ }
+
internal virtual void Clear()
{
if (this.masterSecret != null)
diff --git a/crypto/src/crypto/tls/TlsBlockCipher.cs b/crypto/src/crypto/tls/TlsBlockCipher.cs
index 7adab1985..b2c69127c 100644
--- a/crypto/src/crypto/tls/TlsBlockCipher.cs
+++ b/crypto/src/crypto/tls/TlsBlockCipher.cs
@@ -51,7 +51,7 @@ namespace Org.BouncyCastle.Crypto.Tls
SecurityParameters securityParameters = context.SecurityParameters;
- byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, "key expansion",
+ byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, ExporterLabel.key_expansion,
TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
prfSize);
diff --git a/crypto/src/crypto/tls/TlsProtocolHandler.cs b/crypto/src/crypto/tls/TlsProtocolHandler.cs
index cf1296b14..918640db5 100644
--- a/crypto/src/crypto/tls/TlsProtocolHandler.cs
+++ b/crypto/src/crypto/tls/TlsProtocolHandler.cs
@@ -453,6 +453,10 @@ namespace Org.BouncyCastle.Crypto.Tls
this.keyExchange = tlsClient.GetKeyExchange();
connection_state = CS_SERVER_HELLO_RECEIVED;
+
+ // TODO Just a place-holder until other TLS 1.2 changes arrive
+ this.securityParameters.prfAlgorithm = PrfAlgorithm.tls_prf_legacy;
+
break;
default:
this.FailWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
diff --git a/crypto/src/crypto/tls/TlsStreamCipher.cs b/crypto/src/crypto/tls/TlsStreamCipher.cs
index 3e6f7e06d..24e2ce73f 100644
--- a/crypto/src/crypto/tls/TlsStreamCipher.cs
+++ b/crypto/src/crypto/tls/TlsStreamCipher.cs
@@ -29,7 +29,7 @@ namespace Org.BouncyCastle.Crypto.Tls
SecurityParameters securityParameters = context.SecurityParameters;
- byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, "key expansion",
+ byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, ExporterLabel.key_expansion,
TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
prfSize);
|
