From b68d839bdf21d0392125f52f0fc536e12132e345 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Thu, 6 Jul 2023 15:42:14 +0700 Subject: DTLS: Use SecurityParameters.m_resumedSession for resumption tracking --- crypto/src/tls/DtlsClientProtocol.cs | 25 ++++++++++++------------- crypto/src/tls/DtlsServerProtocol.cs | 17 +++++++++-------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs index aab3853fb..b6876bdd1 100644 --- a/crypto/src/tls/DtlsClientProtocol.cs +++ b/crypto/src/tls/DtlsClientProtocol.cs @@ -141,7 +141,7 @@ namespace Org.BouncyCastle.Tls ApplyMaxFragmentLengthExtension(recordLayer, securityParameters.MaxFragmentLength); - if (state.resumedSession) + if (securityParameters.IsResumedSession) { securityParameters.m_masterSecret = state.sessionMasterSecret; recordLayer.InitPendingEpoch(TlsUtilities.InitCipher(state.clientContext)); @@ -670,7 +670,7 @@ namespace Org.BouncyCastle.Tls byte[] selectedSessionID = serverHello.SessionID; securityParameters.m_sessionID = selectedSessionID; state.client.NotifySessionID(selectedSessionID); - state.resumedSession = selectedSessionID.Length > 0 && state.tlsSession != null + securityParameters.m_resumedSession = selectedSessionID.Length > 0 && state.tlsSession != null && Arrays.AreEqual(selectedSessionID, state.tlsSession.SessionID); } @@ -726,13 +726,13 @@ namespace Org.BouncyCastle.Tls if (acceptedExtendedMasterSecret) { - if (!state.resumedSession && !state.client.ShouldUseExtendedMasterSecret()) + if (!securityParameters.IsResumedSession && !state.client.ShouldUseExtendedMasterSecret()) throw new TlsFatalAlert(AlertDescription.handshake_failure); } else { if (state.client.RequiresExtendedMasterSecret() - || (state.resumedSession && !state.client.AllowLegacyResumption())) + || (securityParameters.IsResumedSession && !state.client.AllowLegacyResumption())) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } @@ -776,7 +776,7 @@ namespace Org.BouncyCastle.Tls * extensions appearing in the client hello, and send a server hello containing no * extensions[.] */ - if (state.resumedSession) + if (securityParameters.IsResumedSession) { // TODO[compat-gnutls] GnuTLS test server sends server extensions e.g. ec_point_formats // TODO[compat-openssl] OpenSSL test server sends server extensions e.g. ec_point_formats @@ -864,7 +864,7 @@ namespace Org.BouncyCastle.Tls var sessionClientExtensions = state.clientExtensions; var sessionServerExtensions = state.serverExtensions; - if (state.resumedSession) + if (securityParameters.IsResumedSession) { if (securityParameters.CipherSuite != state.sessionParameters.CipherSuite || !server_version.Equals(state.sessionParameters.NegotiatedVersion)) @@ -893,13 +893,14 @@ namespace Org.BouncyCastle.Tls securityParameters.m_encryptThenMac = serverSentEncryptThenMac; } - securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension(state.resumedSession, - sessionClientExtensions, sessionServerExtensions, AlertDescription.illegal_parameter); + securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension( + securityParameters.IsResumedSession, sessionClientExtensions, sessionServerExtensions, + AlertDescription.illegal_parameter); securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension( sessionServerExtensions); - if (!state.resumedSession) + if (!securityParameters.IsResumedSession) { // TODO[tls13] See RFC 8446 4.4.2.1 if (TlsUtilities.HasExpectedEmptyExtensionData(sessionServerExtensions, @@ -912,11 +913,10 @@ namespace Org.BouncyCastle.Tls { securityParameters.m_statusRequestVersion = 1; } - } - state.expectSessionTicket = !state.resumedSession - && TlsUtilities.HasExpectedEmptyExtensionData(sessionServerExtensions, + state.expectSessionTicket = TlsUtilities.HasExpectedEmptyExtensionData(sessionServerExtensions, ExtensionType.session_ticket, AlertDescription.illegal_parameter); + } } if (sessionClientExtensions != null) @@ -995,7 +995,6 @@ namespace Org.BouncyCastle.Tls internal int[] offeredCipherSuites = null; internal IDictionary clientExtensions = null; internal IDictionary serverExtensions = null; - internal bool resumedSession = false; internal bool expectSessionTicket = false; internal IDictionary clientAgreements = null; internal TlsKeyExchange keyExchange = null; diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs index a4f8f4bc5..82c6ff290 100644 --- a/crypto/src/tls/DtlsServerProtocol.cs +++ b/crypto/src/tls/DtlsServerProtocol.cs @@ -129,6 +129,7 @@ namespace Org.BouncyCastle.Tls state.sessionMasterSecret = null; } + securityParameters.m_resumedSession = false; securityParameters.m_sessionID = state.tlsSession.SessionID; state.server.NotifySession(state.tlsSession); @@ -447,6 +448,8 @@ namespace Org.BouncyCastle.Tls } } + bool resumedSession = securityParameters.IsResumedSession; + { int cipherSuite = ValidateSelectedCipherSuite(state.server.GetSelectedCipherSuite(), AlertDescription.internal_error); @@ -526,7 +529,7 @@ namespace Org.BouncyCastle.Tls { throw new TlsFatalAlert(AlertDescription.handshake_failure); } - else if (state.resumedSession && !state.server.AllowLegacyResumption()) + else if (resumedSession && !state.server.AllowLegacyResumption()) { throw new TlsFatalAlert(AlertDescription.internal_error); } @@ -578,7 +581,7 @@ namespace Org.BouncyCastle.Tls securityParameters.m_encryptThenMac = TlsExtensionsUtilities.HasEncryptThenMacExtension( state.serverExtensions); - securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension(state.resumedSession, + securityParameters.m_maxFragmentLength = EvaluateMaxFragmentLengthExtension(resumedSession, state.clientExtensions, state.serverExtensions, AlertDescription.internal_error); securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension(state.serverExtensions); @@ -587,7 +590,7 @@ namespace Org.BouncyCastle.Tls * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in * a session resumption handshake. */ - if (!state.resumedSession) + if (!resumedSession) { // TODO[tls13] See RFC 8446 4.4.2.1 if (TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, @@ -600,11 +603,10 @@ namespace Org.BouncyCastle.Tls { securityParameters.m_statusRequestVersion = 1; } - } - state.expectSessionTicket = !state.resumedSession - && TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, ExtensionType.session_ticket, - AlertDescription.internal_error); + state.expectSessionTicket = TlsUtilities.HasExpectedEmptyExtensionData(state.serverExtensions, + ExtensionType.session_ticket, AlertDescription.internal_error); + } } ApplyMaxFragmentLengthExtension(recordLayer, securityParameters.MaxFragmentLength); @@ -879,7 +881,6 @@ namespace Org.BouncyCastle.Tls internal IDictionary clientExtensions = null; internal IDictionary serverExtensions = null; internal bool offeredExtendedMasterSecret = false; - internal bool resumedSession = false; internal bool expectSessionTicket = false; internal TlsKeyExchange keyExchange = null; internal TlsCredentials serverCredentials = null; -- cgit 1.4.1