From 8c5c106ef41adcfec646ba23762f59d6e8861e20 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Fri, 7 Jul 2023 09:00:29 +0700 Subject: Refactoring in DTLS --- crypto/src/tls/DtlsClientProtocol.cs | 145 ++++++++++++++++++----------------- crypto/src/tls/DtlsServerProtocol.cs | 133 +++++++++++++++++--------------- 2 files changed, 146 insertions(+), 132 deletions(-) diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs index e96e161d4..3f52d3c6b 100644 --- a/crypto/src/tls/DtlsClientProtocol.cs +++ b/crypto/src/tls/DtlsClientProtocol.cs @@ -23,17 +23,19 @@ namespace Org.BouncyCastle.Tls if (transport == null) throw new ArgumentNullException("transport"); + TlsClientContextImpl clientContext = new TlsClientContextImpl(client.Crypto); + ClientHandshakeState state = new ClientHandshakeState(); state.client = client; - state.clientContext = new TlsClientContextImpl(client.Crypto); + state.clientContext = clientContext; - client.Init(state.clientContext); - state.clientContext.HandshakeBeginning(client); + client.Init(clientContext); + clientContext.HandshakeBeginning(client); - SecurityParameters securityParameters = state.clientContext.SecurityParameters; + SecurityParameters securityParameters = clientContext.SecurityParameters; securityParameters.m_extendedPadding = client.ShouldUseExtendedPadding(); - TlsSession sessionToResume = state.client.GetSessionToResume(); + TlsSession sessionToResume = client.GetSessionToResume(); if (sessionToResume != null && sessionToResume.IsResumable) { SessionParameters sessionParameters = sessionToResume.ExportSessionParameters(); @@ -44,7 +46,7 @@ namespace Org.BouncyCastle.Tls */ if (sessionParameters != null && (sessionParameters.IsExtendedMasterSecret - || (!state.client.RequiresExtendedMasterSecret() && state.client.AllowLegacyResumption()))) + || (!client.RequiresExtendedMasterSecret() && client.AllowLegacyResumption()))) { TlsSecret masterSecret = sessionParameters.MasterSecret; lock (masterSecret) @@ -53,13 +55,13 @@ namespace Org.BouncyCastle.Tls { state.tlsSession = sessionToResume; state.sessionParameters = sessionParameters; - state.sessionMasterSecret = state.clientContext.Crypto.AdoptSecret(masterSecret); + state.sessionMasterSecret = clientContext.Crypto.AdoptSecret(masterSecret); } } } } - DtlsRecordLayer recordLayer = new DtlsRecordLayer(state.clientContext, state.client, transport); + DtlsRecordLayer recordLayer = new DtlsRecordLayer(clientContext, client, transport); client.NotifyCloseHandle(recordLayer); try @@ -97,11 +99,12 @@ namespace Org.BouncyCastle.Tls /// internal virtual DtlsTransport ClientHandshake(ClientHandshakeState state, DtlsRecordLayer recordLayer) { - SecurityParameters securityParameters = state.clientContext.SecurityParameters; + TlsClient client = state.client; + TlsClientContextImpl clientContext = state.clientContext; + SecurityParameters securityParameters = clientContext.SecurityParameters; - DtlsReliableHandshake handshake = new DtlsReliableHandshake(state.clientContext, recordLayer, - state.client.GetHandshakeTimeoutMillis(), TlsUtilities.GetHandshakeResendTimeMillis(state.client), - null); + DtlsReliableHandshake handshake = new DtlsReliableHandshake(clientContext, recordLayer, + client.GetHandshakeTimeoutMillis(), TlsUtilities.GetHandshakeResendTimeMillis(client), null); byte[] clientHelloBody = GenerateClientHello(state); @@ -144,16 +147,16 @@ namespace Org.BouncyCastle.Tls if (securityParameters.IsResumedSession) { securityParameters.m_masterSecret = state.sessionMasterSecret; - recordLayer.InitPendingEpoch(TlsUtilities.InitCipher(state.clientContext)); + recordLayer.InitPendingEpoch(TlsUtilities.InitCipher(clientContext)); // NOTE: Calculated exclusive of the actual Finished message from the server - securityParameters.m_peerVerifyData = TlsUtilities.CalculateVerifyData(state.clientContext, + securityParameters.m_peerVerifyData = TlsUtilities.CalculateVerifyData(clientContext, handshake.HandshakeHash, true); ProcessFinished(handshake.ReceiveMessageBody(HandshakeType.finished), securityParameters.PeerVerifyData); // NOTE: Calculated exclusive of the Finished message itself - securityParameters.m_localVerifyData = TlsUtilities.CalculateVerifyData(state.clientContext, + securityParameters.m_localVerifyData = TlsUtilities.CalculateVerifyData(clientContext, handshake.HandshakeHash, false); handshake.SendMessage(HandshakeType.finished, securityParameters.LocalVerifyData); @@ -169,12 +172,12 @@ namespace Org.BouncyCastle.Tls securityParameters.m_pskIdentity = state.sessionParameters.PskIdentity; securityParameters.m_srpIdentity = state.sessionParameters.SrpIdentity; - state.clientContext.HandshakeComplete(state.client, state.tlsSession); + clientContext.HandshakeComplete(client, state.tlsSession); recordLayer.InitHeartbeat(state.heartbeat, HeartbeatMode.peer_allowed_to_send == state.heartbeatPolicy); - return new DtlsTransport(recordLayer, state.client.IgnoreCorruptDtlsRecords); + return new DtlsTransport(recordLayer, client.IgnoreCorruptDtlsRecords); } InvalidateSession(state); @@ -189,10 +192,10 @@ namespace Org.BouncyCastle.Tls } else { - state.client.ProcessServerSupplementalData(null); + client.ProcessServerSupplementalData(null); } - state.keyExchange = TlsUtilities.InitKeyExchangeClient(state.clientContext, state.client); + state.keyExchange = TlsUtilities.InitKeyExchangeClient(clientContext, client); if (serverMessage.Type == HandshakeType.certificate) { @@ -218,7 +221,7 @@ namespace Org.BouncyCastle.Tls // Okay, CertificateStatus is optional } - TlsUtilities.ProcessServerCertificate(state.clientContext, state.certificateStatus, state.keyExchange, + TlsUtilities.ProcessServerCertificate(clientContext, state.certificateStatus, state.keyExchange, state.authentication, state.clientExtensions, state.serverExtensions); if (serverMessage.Type == HandshakeType.server_key_exchange) @@ -308,7 +311,7 @@ namespace Org.BouncyCastle.Tls state.keyExchange.ProcessClientCredentials(clientAuthCredentials); } - var clientSupplementalData = state.client.GetClientSupplementalData(); + var clientSupplementalData = client.GetClientSupplementalData(); if (clientSupplementalData != null) { byte[] supplementalDataBody = GenerateSupplementalData(clientSupplementalData); @@ -317,7 +320,7 @@ namespace Org.BouncyCastle.Tls if (null != state.certificateRequest) { - SendCertificateMessage(state.clientContext, handshake, clientAuthCertificate, null); + SendCertificateMessage(clientContext, handshake, clientAuthCertificate, null); } byte[] clientKeyExchangeBody = GenerateClientKeyExchange(state); @@ -325,12 +328,12 @@ namespace Org.BouncyCastle.Tls securityParameters.m_sessionHash = TlsUtilities.GetCurrentPrfHash(handshake.HandshakeHash); - TlsProtocol.EstablishMasterSecret(state.clientContext, state.keyExchange); - recordLayer.InitPendingEpoch(TlsUtilities.InitCipher(state.clientContext)); + TlsProtocol.EstablishMasterSecret(clientContext, state.keyExchange); + recordLayer.InitPendingEpoch(TlsUtilities.InitCipher(clientContext)); if (clientAuthSigner != null) { - DigitallySigned certificateVerify = TlsUtilities.GenerateCertificateVerifyClient(state.clientContext, + DigitallySigned certificateVerify = TlsUtilities.GenerateCertificateVerifyClient(clientContext, clientAuthSigner, clientAuthAlgorithm, clientAuthStreamSigner, handshake.HandshakeHash); byte[] certificateVerifyBody = GenerateCertificateVerify(state, certificateVerify); handshake.SendMessage(HandshakeType.certificate_verify, certificateVerifyBody); @@ -338,7 +341,7 @@ namespace Org.BouncyCastle.Tls handshake.PrepareToFinish(); - securityParameters.m_localVerifyData = TlsUtilities.CalculateVerifyData(state.clientContext, + securityParameters.m_localVerifyData = TlsUtilities.CalculateVerifyData(clientContext, handshake.HandshakeHash, false); handshake.SendMessage(HandshakeType.finished, securityParameters.LocalVerifyData); @@ -364,7 +367,7 @@ namespace Org.BouncyCastle.Tls } // NOTE: Calculated exclusive of the actual Finished message from the server - securityParameters.m_peerVerifyData = TlsUtilities.CalculateVerifyData(state.clientContext, + securityParameters.m_peerVerifyData = TlsUtilities.CalculateVerifyData(clientContext, handshake.HandshakeHash, true); ProcessFinished(handshake.ReceiveMessageBody(HandshakeType.finished), securityParameters.PeerVerifyData); @@ -376,7 +379,7 @@ namespace Org.BouncyCastle.Tls .SetCipherSuite(securityParameters.CipherSuite) .SetExtendedMasterSecret(securityParameters.IsExtendedMasterSecret) .SetLocalCertificate(securityParameters.LocalCertificate) - .SetMasterSecret(state.clientContext.Crypto.AdoptSecret(state.sessionMasterSecret)) + .SetMasterSecret(clientContext.Crypto.AdoptSecret(state.sessionMasterSecret)) .SetNegotiatedVersion(securityParameters.NegotiatedVersion) .SetPeerCertificate(securityParameters.PeerCertificate) .SetPskIdentity(securityParameters.PskIdentity) @@ -389,11 +392,11 @@ namespace Org.BouncyCastle.Tls securityParameters.m_tlsUnique = securityParameters.LocalVerifyData; - state.clientContext.HandshakeComplete(state.client, state.tlsSession); + clientContext.HandshakeComplete(client, state.tlsSession); recordLayer.InitHeartbeat(state.heartbeat, HeartbeatMode.peer_allowed_to_send == state.heartbeatPolicy); - return new DtlsTransport(recordLayer, state.client.IgnoreCorruptDtlsRecords); + return new DtlsTransport(recordLayer, client.IgnoreCorruptDtlsRecords); } /// @@ -408,29 +411,30 @@ namespace Org.BouncyCastle.Tls /// protected virtual byte[] GenerateClientHello(ClientHandshakeState state) { - TlsClientContextImpl context = state.clientContext; - SecurityParameters securityParameters = context.SecurityParameters; + TlsClient client = state.client; + TlsClientContextImpl clientContext = state.clientContext; + SecurityParameters securityParameters = clientContext.SecurityParameters; - context.SetClientSupportedVersions(state.client.GetProtocolVersions()); + clientContext.SetClientSupportedVersions(client.GetProtocolVersions()); - ProtocolVersion client_version = ProtocolVersion.GetLatestDtls(context.ClientSupportedVersions); + ProtocolVersion client_version = ProtocolVersion.GetLatestDtls(clientContext.ClientSupportedVersions); if (!ProtocolVersion.IsSupportedDtlsVersionClient(client_version)) throw new TlsFatalAlert(AlertDescription.internal_error); - context.SetClientVersion(client_version); + clientContext.SetClientVersion(client_version); { bool useGmtUnixTime = ProtocolVersion.DTLSv12.IsEqualOrLaterVersionOf(client_version) - && state.client.ShouldUseGmtUnixTime(); + && client.ShouldUseGmtUnixTime(); - securityParameters.m_clientRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, state.clientContext); + securityParameters.m_clientRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, clientContext); } byte[] session_id = TlsUtilities.GetSessionID(state.tlsSession); - bool fallback = state.client.IsFallback(); + bool fallback = client.IsFallback(); - state.offeredCipherSuites = state.client.GetCipherSuites(); + state.offeredCipherSuites = client.GetCipherSuites(); if (session_id.Length > 0 && state.sessionParameters != null) { @@ -440,8 +444,7 @@ namespace Org.BouncyCastle.Tls } } - state.clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised( - state.client.GetClientExtensions()); + state.clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(client.GetClientExtensions()); ProtocolVersion legacy_version = client_version; if (client_version.IsLaterVersionOf(ProtocolVersion.DTLSv12)) @@ -449,10 +452,10 @@ namespace Org.BouncyCastle.Tls legacy_version = ProtocolVersion.DTLSv12; TlsExtensionsUtilities.AddSupportedVersionsExtensionClient(state.clientExtensions, - context.ClientSupportedVersions); + clientContext.ClientSupportedVersions); } - context.SetRsaPreMasterSecretVersion(legacy_version); + clientContext.SetRsaPreMasterSecretVersion(legacy_version); securityParameters.m_clientServerNames = TlsExtensionsUtilities.GetServerNameExtensionClient( state.clientExtensions); @@ -465,16 +468,16 @@ namespace Org.BouncyCastle.Tls securityParameters.m_clientSupportedGroups = TlsExtensionsUtilities.GetSupportedGroupsExtension( state.clientExtensions); - state.clientAgreements = TlsUtilities.AddKeyShareToClientHello(state.clientContext, state.client, + state.clientAgreements = TlsUtilities.AddKeyShareToClientHello(clientContext, client, state.clientExtensions); - if (TlsUtilities.IsExtendedMasterSecretOptional(context.ClientSupportedVersions) - && state.client.ShouldUseExtendedMasterSecret()) + if (TlsUtilities.IsExtendedMasterSecretOptional(clientContext.ClientSupportedVersions) + && client.ShouldUseExtendedMasterSecret()) { TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.clientExtensions); } else if (!TlsUtilities.IsTlsV13(client_version) - && state.client.RequiresExtendedMasterSecret()) + && client.RequiresExtendedMasterSecret()) { throw new TlsFatalAlert(AlertDescription.internal_error); } @@ -512,8 +515,8 @@ namespace Org.BouncyCastle.Tls // Heartbeats { - state.heartbeat = state.client.GetHeartbeat(); - state.heartbeatPolicy = state.client.GetHeartbeatPolicy(); + state.heartbeat = client.GetHeartbeat(); + state.heartbeatPolicy = client.GetHeartbeatPolicy(); if (null != state.heartbeat || HeartbeatMode.peer_allowed_to_send == state.heartbeatPolicy) { @@ -528,7 +531,7 @@ namespace Org.BouncyCastle.Tls cookie: TlsUtilities.EmptyBytes, state.offeredCipherSuites, state.clientExtensions, 0); MemoryStream buf = new MemoryStream(); - clientHello.Encode(state.clientContext, buf); + clientHello.Encode(clientContext, buf); return buf.ToArray(); } @@ -573,17 +576,19 @@ namespace Org.BouncyCastle.Tls throw new TlsFatalAlert(AlertDescription.handshake_failure); } + TlsClientContextImpl clientContext = state.clientContext; + SecurityParameters securityParameters = clientContext.SecurityParameters; + MemoryStream buf = new MemoryStream(body, false); - CertificateRequest certificateRequest = CertificateRequest.Parse(state.clientContext, buf); + CertificateRequest certificateRequest = CertificateRequest.Parse(clientContext, buf); TlsProtocol.AssertEmpty(buf); state.certificateRequest = TlsUtilities.ValidateCertificateRequest(certificateRequest, state.keyExchange); - state.clientContext.SecurityParameters.m_clientCertificateType = - TlsExtensionsUtilities.GetClientCertificateTypeExtensionServer(state.serverExtensions, - CertificateType.X509); + securityParameters.m_clientCertificateType = TlsExtensionsUtilities.GetClientCertificateTypeExtensionServer( + state.serverExtensions, CertificateType.X509); } /// @@ -644,6 +649,11 @@ namespace Org.BouncyCastle.Tls /// protected virtual void ProcessServerHello(ClientHandshakeState state, byte[] body) { + TlsClient client = state.client; + TlsClientContextImpl clientContext = state.clientContext; + SecurityParameters securityParameters = clientContext.SecurityParameters; + + MemoryStream buf = new MemoryStream(body, false); ServerHello serverHello = ServerHello.Parse(buf); @@ -652,16 +662,13 @@ namespace Org.BouncyCastle.Tls state.serverExtensions = serverHello.Extensions; - - SecurityParameters securityParameters = state.clientContext.SecurityParameters; - // TODO[dtls13] Check supported_version extension for negotiated version ReportServerVersion(state, server_version); securityParameters.m_serverRandom = serverHello.Random; - if (!state.clientContext.ClientVersion.Equals(server_version)) + if (!clientContext.ClientVersion.Equals(server_version)) { TlsUtilities.CheckDowngradeMarker(server_version, securityParameters.ServerRandom); } @@ -669,7 +676,7 @@ namespace Org.BouncyCastle.Tls { byte[] selectedSessionID = serverHello.SessionID; securityParameters.m_sessionID = selectedSessionID; - state.client.NotifySessionID(selectedSessionID); + client.NotifySessionID(selectedSessionID); securityParameters.m_resumedSession = selectedSessionID.Length > 0 && state.tlsSession != null && Arrays.AreEqual(selectedSessionID, state.tlsSession.SessionID); } @@ -689,7 +696,7 @@ namespace Org.BouncyCastle.Tls } TlsUtilities.NegotiatedCipherSuite(securityParameters, cipherSuite); - state.client.NotifySelectedCipherSuite(cipherSuite); + client.NotifySelectedCipherSuite(cipherSuite); } /* @@ -726,13 +733,13 @@ namespace Org.BouncyCastle.Tls if (acceptedExtendedMasterSecret) { - if (!securityParameters.IsResumedSession && !state.client.ShouldUseExtendedMasterSecret()) + if (!securityParameters.IsResumedSession && !client.ShouldUseExtendedMasterSecret()) throw new TlsFatalAlert(AlertDescription.handshake_failure); } else { - if (state.client.RequiresExtendedMasterSecret() - || (securityParameters.IsResumedSession && !state.client.AllowLegacyResumption())) + if (client.RequiresExtendedMasterSecret() + || (securityParameters.IsResumedSession && !client.AllowLegacyResumption())) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } @@ -815,7 +822,7 @@ namespace Org.BouncyCastle.Tls } // TODO[compat-gnutls] GnuTLS test server fails to send renegotiation_info extension when resuming - state.client.NotifySecureRenegotiation(securityParameters.IsSecureRenegotiation); + client.NotifySecureRenegotiation(securityParameters.IsSecureRenegotiation); /* * RFC 7301 3.1. When session resumption or session tickets [...] are used, the previous @@ -920,7 +927,7 @@ namespace Org.BouncyCastle.Tls if (sessionClientExtensions != null) { - state.client.ProcessServerExtensions(sessionServerExtensions); + client.ProcessServerExtensions(sessionServerExtensions); } } @@ -943,8 +950,8 @@ namespace Org.BouncyCastle.Tls /// protected virtual void ReportServerVersion(ClientHandshakeState state, ProtocolVersion server_version) { - TlsClientContextImpl context = state.clientContext; - SecurityParameters securityParameters = context.SecurityParameters; + TlsClientContextImpl clientContext = state.clientContext; + SecurityParameters securityParameters = clientContext.SecurityParameters; ProtocolVersion currentServerVersion = securityParameters.NegotiatedVersion; if (null != currentServerVersion) @@ -955,12 +962,12 @@ namespace Org.BouncyCastle.Tls return; } - if (!ProtocolVersion.Contains(context.ClientSupportedVersions, server_version)) + if (!ProtocolVersion.Contains(clientContext.ClientSupportedVersions, server_version)) throw new TlsFatalAlert(AlertDescription.protocol_version); securityParameters.m_negotiatedVersion = server_version; - TlsUtilities.NegotiatedVersionDtlsClient(state.clientContext, state.client); + TlsUtilities.NegotiatedVersionDtlsClient(clientContext, state.client); } /// diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs index 66ab6d294..e3f2d7564 100644 --- a/crypto/src/tls/DtlsServerProtocol.cs +++ b/crypto/src/tls/DtlsServerProtocol.cs @@ -38,16 +38,19 @@ namespace Org.BouncyCastle.Tls if (transport == null) throw new ArgumentNullException("transport"); + TlsServerContextImpl serverContext = new TlsServerContextImpl(server.Crypto); + ServerHandshakeState state = new ServerHandshakeState(); state.server = server; - state.serverContext = new TlsServerContextImpl(server.Crypto); - server.Init(state.serverContext); - state.serverContext.HandshakeBeginning(server); + state.serverContext = serverContext; + + server.Init(serverContext); + serverContext.HandshakeBeginning(server); - SecurityParameters securityParameters = state.serverContext.SecurityParameters; + SecurityParameters securityParameters = serverContext.SecurityParameters; securityParameters.m_extendedPadding = server.ShouldUseExtendedPadding(); - DtlsRecordLayer recordLayer = new DtlsRecordLayer(state.serverContext, state.server, transport); + DtlsRecordLayer recordLayer = new DtlsRecordLayer(serverContext, server, transport); server.NotifyCloseHandle(recordLayer); try @@ -86,11 +89,12 @@ namespace Org.BouncyCastle.Tls internal virtual DtlsTransport ServerHandshake(ServerHandshakeState state, DtlsRecordLayer recordLayer, DtlsRequest request) { - SecurityParameters securityParameters = state.serverContext.SecurityParameters; + TlsServer server = state.server; + TlsServerContextImpl serverContext = state.serverContext; + SecurityParameters securityParameters = serverContext.SecurityParameters; - DtlsReliableHandshake handshake = new DtlsReliableHandshake(state.serverContext, recordLayer, - state.server.GetHandshakeTimeoutMillis(), TlsUtilities.GetHandshakeResendTimeMillis(state.server), - request); + DtlsReliableHandshake handshake = new DtlsReliableHandshake(serverContext, recordLayer, + server.GetHandshakeTimeoutMillis(), TlsUtilities.GetHandshakeResendTimeMillis(server), request); DtlsReliableHandshake.Message clientMessage = null; @@ -132,14 +136,14 @@ namespace Org.BouncyCastle.Tls securityParameters.m_resumedSession = false; securityParameters.m_sessionID = state.tlsSession.SessionID; - state.server.NotifySession(state.tlsSession); + server.NotifySession(state.tlsSession); { byte[] serverHelloBody = GenerateServerHello(state, recordLayer); // TODO[dtls13] Ideally, move this into GenerateServerHello once legacy_record_version clarified { - ProtocolVersion recordLayerVersion = state.serverContext.ServerVersion; + ProtocolVersion recordLayerVersion = serverContext.ServerVersion; recordLayer.ReadVersion = recordLayerVersion; recordLayer.SetWriteVersion(recordLayerVersion); } @@ -149,20 +153,20 @@ namespace Org.BouncyCastle.Tls handshake.HandshakeHash.NotifyPrfDetermined(); - var serverSupplementalData = state.server.GetServerSupplementalData(); + var serverSupplementalData = server.GetServerSupplementalData(); if (serverSupplementalData != null) { byte[] supplementalDataBody = GenerateSupplementalData(serverSupplementalData); handshake.SendMessage(HandshakeType.supplemental_data, supplementalDataBody); } - state.keyExchange = TlsUtilities.InitKeyExchangeServer(state.serverContext, state.server); + state.keyExchange = TlsUtilities.InitKeyExchangeServer(serverContext, server); state.serverCredentials = null; if (!KeyExchangeAlgorithm.IsAnonymous(securityParameters.KeyExchangeAlgorithm)) { - state.serverCredentials = TlsUtilities.EstablishServerCredentials(state.server); + state.serverCredentials = TlsUtilities.EstablishServerCredentials(server); } // Server certificate @@ -180,7 +184,7 @@ namespace Org.BouncyCastle.Tls serverCertificate = state.serverCredentials.Certificate; - SendCertificateMessage(state.serverContext, handshake, serverCertificate, endPointHash); + SendCertificateMessage(serverContext, handshake, serverCertificate, endPointHash); } securityParameters.m_tlsServerEndPoint = endPointHash.ToArray(); @@ -193,7 +197,7 @@ namespace Org.BouncyCastle.Tls if (securityParameters.StatusRequestVersion > 0) { - CertificateStatus certificateStatus = state.server.GetCertificateStatus(); + CertificateStatus certificateStatus = server.GetCertificateStatus(); if (certificateStatus != null) { byte[] certificateStatusBody = GenerateCertificateStatus(state, certificateStatus); @@ -209,7 +213,7 @@ namespace Org.BouncyCastle.Tls if (state.serverCredentials != null) { - state.certificateRequest = state.server.GetCertificateRequest(); + state.certificateRequest = server.GetCertificateRequest(); if (null == state.certificateRequest) { @@ -223,7 +227,7 @@ namespace Org.BouncyCastle.Tls } else { - if (TlsUtilities.IsTlsV12(state.serverContext) + if (TlsUtilities.IsTlsV12(serverContext) != (state.certificateRequest.SupportedSignatureAlgorithms != null)) { throw new TlsFatalAlert(AlertDescription.internal_error); @@ -237,14 +241,14 @@ namespace Org.BouncyCastle.Tls { TlsUtilities.TrackHashAlgorithms(handshake.HandshakeHash, securityParameters.ServerSigAlgs); - if (state.serverContext.Crypto.HasAnyStreamVerifiers(securityParameters.ServerSigAlgs)) + if (serverContext.Crypto.HasAnyStreamVerifiers(securityParameters.ServerSigAlgs)) { handshake.HandshakeHash.ForceBuffering(); } } else { - if (state.serverContext.Crypto.HasAnyStreamVerifiersLegacy(state.certificateRequest.CertificateTypes)) + if (serverContext.Crypto.HasAnyStreamVerifiersLegacy(state.certificateRequest.CertificateTypes)) { handshake.HandshakeHash.ForceBuffering(); } @@ -271,7 +275,7 @@ namespace Org.BouncyCastle.Tls } else { - state.server.ProcessClientSupplementalData(null); + server.ProcessClientSupplementalData(null); } if (state.certificateRequest == null) @@ -287,7 +291,7 @@ namespace Org.BouncyCastle.Tls } else { - if (TlsUtilities.IsTlsV12(state.serverContext)) + if (TlsUtilities.IsTlsV12(serverContext)) { /* * RFC 5246 If no suitable certificate is available, the client MUST send a @@ -313,8 +317,8 @@ namespace Org.BouncyCastle.Tls securityParameters.m_sessionHash = TlsUtilities.GetCurrentPrfHash(handshake.HandshakeHash); - TlsProtocol.EstablishMasterSecret(state.serverContext, state.keyExchange); - recordLayer.InitPendingEpoch(TlsUtilities.InitCipher(state.serverContext)); + TlsProtocol.EstablishMasterSecret(serverContext, state.keyExchange); + recordLayer.InitPendingEpoch(TlsUtilities.InitCipher(serverContext)); /* * RFC 5246 7.4.8 This message is only sent following a client certificate that has signing @@ -337,7 +341,7 @@ namespace Org.BouncyCastle.Tls } // NOTE: Calculated exclusive of the actual Finished message from the client - securityParameters.m_peerVerifyData = TlsUtilities.CalculateVerifyData(state.serverContext, + securityParameters.m_peerVerifyData = TlsUtilities.CalculateVerifyData(serverContext, handshake.HandshakeHash, false); ProcessFinished(handshake.ReceiveMessageBody(HandshakeType.finished), securityParameters.PeerVerifyData); @@ -348,13 +352,13 @@ namespace Org.BouncyCastle.Tls * is going to ignore any session ID it received once it sees the new_session_ticket message. */ - NewSessionTicket newSessionTicket = state.server.GetNewSessionTicket(); + NewSessionTicket newSessionTicket = server.GetNewSessionTicket(); byte[] newSessionTicketBody = GenerateNewSessionTicket(state, newSessionTicket); handshake.SendMessage(HandshakeType.new_session_ticket, newSessionTicketBody); } // NOTE: Calculated exclusive of the Finished message itself - securityParameters.m_localVerifyData = TlsUtilities.CalculateVerifyData(state.serverContext, + securityParameters.m_localVerifyData = TlsUtilities.CalculateVerifyData(serverContext, handshake.HandshakeHash, true); handshake.SendMessage(HandshakeType.finished, securityParameters.LocalVerifyData); @@ -366,7 +370,7 @@ namespace Org.BouncyCastle.Tls .SetCipherSuite(securityParameters.CipherSuite) .SetExtendedMasterSecret(securityParameters.IsExtendedMasterSecret) .SetLocalCertificate(securityParameters.LocalCertificate) - .SetMasterSecret(state.serverContext.Crypto.AdoptSecret(state.sessionMasterSecret)) + .SetMasterSecret(serverContext.Crypto.AdoptSecret(state.sessionMasterSecret)) .SetNegotiatedVersion(securityParameters.NegotiatedVersion) .SetPeerCertificate(securityParameters.PeerCertificate) .SetPskIdentity(securityParameters.PskIdentity) @@ -379,11 +383,11 @@ namespace Org.BouncyCastle.Tls securityParameters.m_tlsUnique = securityParameters.PeerVerifyData; - state.serverContext.HandshakeComplete(state.server, state.tlsSession); + serverContext.HandshakeComplete(server, state.tlsSession); recordLayer.InitHeartbeat(state.heartbeat, HeartbeatMode.peer_allowed_to_send == state.heartbeatPolicy); - return new DtlsTransport(recordLayer, state.server.IgnoreCorruptDtlsRecords); + return new DtlsTransport(recordLayer, server.IgnoreCorruptDtlsRecords); } /// @@ -417,12 +421,13 @@ namespace Org.BouncyCastle.Tls /// internal virtual byte[] GenerateServerHello(ServerHandshakeState state, DtlsRecordLayer recordLayer) { - TlsServerContextImpl context = state.serverContext; - SecurityParameters securityParameters = context.SecurityParameters; + TlsServer server = state.server; + TlsServerContextImpl serverContext = state.serverContext; + SecurityParameters securityParameters = serverContext.SecurityParameters; - ProtocolVersion server_version = state.server.GetServerVersion(); + ProtocolVersion server_version = server.GetServerVersion(); { - if (!ProtocolVersion.Contains(context.ClientSupportedVersions, server_version)) + if (!ProtocolVersion.Contains(serverContext.ClientSupportedVersions, server_version)) throw new TlsFatalAlert(AlertDescription.internal_error); // TODO[dtls13] Read draft/RFC for guidance on the legacy_record_version field @@ -433,16 +438,16 @@ namespace Org.BouncyCastle.Tls //recordLayer.SetWriteVersion(legacy_record_version); securityParameters.m_negotiatedVersion = server_version; - TlsUtilities.NegotiatedVersionDtlsServer(context); + TlsUtilities.NegotiatedVersionDtlsServer(serverContext); } { bool useGmtUnixTime = ProtocolVersion.DTLSv12.IsEqualOrLaterVersionOf(server_version) - && state.server.ShouldUseGmtUnixTime(); + && server.ShouldUseGmtUnixTime(); - securityParameters.m_serverRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, context); + securityParameters.m_serverRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, serverContext); - if (!server_version.Equals(ProtocolVersion.GetLatestDtls(state.server.GetProtocolVersions()))) + if (!server_version.Equals(ProtocolVersion.GetLatestDtls(server.GetProtocolVersions()))) { TlsUtilities.WriteDowngradeMarker(server_version, securityParameters.ServerRandom); } @@ -451,7 +456,7 @@ namespace Org.BouncyCastle.Tls bool resumedSession = securityParameters.IsResumedSession; { - int cipherSuite = ValidateSelectedCipherSuite(state.server.GetSelectedCipherSuite(), + int cipherSuite = ValidateSelectedCipherSuite(server.GetSelectedCipherSuite(), AlertDescription.internal_error); if (!TlsUtilities.IsValidCipherSuiteSelection(state.offeredCipherSuites, cipherSuite) || @@ -464,9 +469,9 @@ namespace Org.BouncyCastle.Tls } state.serverExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised( - state.server.GetServerExtensions()); + server.GetServerExtensions()); - state.server.GetServerExtensionsForConnection(state.serverExtensions); + server.GetServerExtensionsForConnection(state.serverExtensions); ProtocolVersion legacy_version = server_version; if (server_version.IsLaterVersionOf(ProtocolVersion.DTLSv12)) @@ -519,17 +524,17 @@ namespace Org.BouncyCastle.Tls else { securityParameters.m_extendedMasterSecret = state.offeredExtendedMasterSecret - && state.server.ShouldUseExtendedMasterSecret(); + && server.ShouldUseExtendedMasterSecret(); if (securityParameters.IsExtendedMasterSecret) { TlsExtensionsUtilities.AddExtendedMasterSecretExtension(state.serverExtensions); } - else if (state.server.RequiresExtendedMasterSecret()) + else if (server.RequiresExtendedMasterSecret()) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } - else if (resumedSession && !state.server.AllowLegacyResumption()) + else if (resumedSession && !server.AllowLegacyResumption()) { throw new TlsFatalAlert(AlertDescription.internal_error); } @@ -619,7 +624,7 @@ namespace Org.BouncyCastle.Tls state.tlsSession.SessionID, securityParameters.CipherSuite, state.serverExtensions); MemoryStream buf = new MemoryStream(); - serverHello.Encode(state.serverContext, buf); + serverHello.Encode(serverContext, buf); return buf.ToArray(); } @@ -682,12 +687,13 @@ namespace Org.BouncyCastle.Tls MemoryStream buf = new MemoryStream(body, false); - TlsServerContextImpl context = state.serverContext; - DigitallySigned certificateVerify = DigitallySigned.Parse(context, buf); + TlsServerContextImpl serverContext = state.serverContext; + DigitallySigned certificateVerify = DigitallySigned.Parse(serverContext, buf); TlsProtocol.AssertEmpty(buf); - TlsUtilities.VerifyCertificateVerifyClient(context, state.certificateRequest, certificateVerify, handshakeHash); + TlsUtilities.VerifyCertificateVerifyClient(serverContext, state.certificateRequest, certificateVerify, + handshakeHash); } /// @@ -714,44 +720,45 @@ namespace Org.BouncyCastle.Tls - TlsServerContextImpl context = state.serverContext; - SecurityParameters securityParameters = context.SecurityParameters; + TlsServer server = state.server; + TlsServerContextImpl serverContext = state.serverContext; + SecurityParameters securityParameters = serverContext.SecurityParameters; if (!legacy_version.IsDtls) throw new TlsFatalAlert(AlertDescription.illegal_parameter); - context.SetRsaPreMasterSecretVersion(legacy_version); + serverContext.SetRsaPreMasterSecretVersion(legacy_version); - context.SetClientSupportedVersions( + serverContext.SetClientSupportedVersions( TlsExtensionsUtilities.GetSupportedVersionsExtensionClient(state.clientExtensions)); ProtocolVersion client_version = legacy_version; - if (null == context.ClientSupportedVersions) + if (null == serverContext.ClientSupportedVersions) { if (client_version.IsLaterVersionOf(ProtocolVersion.DTLSv12)) { client_version = ProtocolVersion.DTLSv12; } - context.SetClientSupportedVersions(client_version.DownTo(ProtocolVersion.DTLSv10)); + serverContext.SetClientSupportedVersions(client_version.DownTo(ProtocolVersion.DTLSv10)); } else { - client_version = ProtocolVersion.GetLatestDtls(context.ClientSupportedVersions); + client_version = ProtocolVersion.GetLatestDtls(serverContext.ClientSupportedVersions); } if (!ProtocolVersion.SERVER_EARLIEST_SUPPORTED_DTLS.IsEqualOrEarlierVersionOf(client_version)) throw new TlsFatalAlert(AlertDescription.protocol_version); - context.SetClientVersion(client_version); + serverContext.SetClientVersion(client_version); - state.server.NotifyClientVersion(context.ClientVersion); + server.NotifyClientVersion(serverContext.ClientVersion); securityParameters.m_clientRandom = clientHello.Random; - state.server.NotifyFallback(Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)); + server.NotifyFallback(Arrays.Contains(state.offeredCipherSuites, CipherSuite.TLS_FALLBACK_SCSV)); - state.server.NotifyOfferedCipherSuites(state.offeredCipherSuites); + server.NotifyOfferedCipherSuites(state.offeredCipherSuites); /* * TODO[resumption] Check RFC 7627 5.4. for required behaviour @@ -800,7 +807,7 @@ namespace Org.BouncyCastle.Tls } } - state.server.NotifySecureRenegotiation(securityParameters.IsSecureRenegotiation); + server.NotifySecureRenegotiation(securityParameters.IsSecureRenegotiation); state.offeredExtendedMasterSecret = TlsExtensionsUtilities.HasExtendedMasterSecretExtension( state.clientExtensions); @@ -833,14 +840,14 @@ namespace Org.BouncyCastle.Tls { if (HeartbeatMode.peer_allowed_to_send == heartbeatExtension.Mode) { - state.heartbeat = state.server.GetHeartbeat(); + state.heartbeat = server.GetHeartbeat(); } - state.heartbeatPolicy = state.server.GetHeartbeatPolicy(); + state.heartbeatPolicy = server.GetHeartbeatPolicy(); } } - state.server.ProcessClientExtensions(state.clientExtensions); + server.ProcessClientExtensions(state.clientExtensions); } } -- cgit 1.4.1