From d8187def99004d5be735c9694c4f08f7e5fa0221 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sun, 25 Jul 2021 19:58:02 +0700 Subject: TLS 1.3 client API for external PSKs --- crypto/BouncyCastle.Android.csproj | 3 +++ crypto/BouncyCastle.csproj | 3 +++ crypto/BouncyCastle.iOS.csproj | 3 +++ crypto/crypto.csproj | 15 +++++++++++++ crypto/src/tls/AbstractTlsClient.cs | 5 +++++ crypto/src/tls/AbstractTlsPeer.cs | 5 +++++ crypto/src/tls/BasicTlsPskExternal.cs | 42 +++++++++++++++++++++++++++++++++++ crypto/src/tls/TlsClient.cs | 6 +++++ crypto/src/tls/TlsPeer.cs | 2 ++ crypto/src/tls/TlsPsk.cs | 15 +++++++++++++ crypto/src/tls/TlsPskExternal.cs | 9 ++++++++ 11 files changed, 108 insertions(+) create mode 100644 crypto/src/tls/BasicTlsPskExternal.cs create mode 100644 crypto/src/tls/TlsPsk.cs create mode 100644 crypto/src/tls/TlsPskExternal.cs diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj index 043cd2b27..5859a1bc8 100644 --- a/crypto/BouncyCastle.Android.csproj +++ b/crypto/BouncyCastle.Android.csproj @@ -1568,6 +1568,7 @@ + @@ -1799,6 +1800,8 @@ + + diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj index 8f93f8013..3a3dadd21 100644 --- a/crypto/BouncyCastle.csproj +++ b/crypto/BouncyCastle.csproj @@ -1562,6 +1562,7 @@ + @@ -1793,6 +1794,8 @@ + + diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj index 6417b95b0..d02d6b97b 100644 --- a/crypto/BouncyCastle.iOS.csproj +++ b/crypto/BouncyCastle.iOS.csproj @@ -1563,6 +1563,7 @@ + @@ -1794,6 +1795,8 @@ + + diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index 0e9884ab2..bb2eed13f 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -7698,6 +7698,11 @@ SubType = "Code" BuildAction = "Compile" /> + + + TlsSession GetSessionToResume(); + /// Return the external PSKs to offer in the ClientHello. + /// This will only be called when TLS 1.3 or higher is amongst the offered protocol versions. + /// an of instances, or null if none should be + /// offered. + IList GetExternalPsks(); + bool IsFallback(); /// (Int32 -> byte[]) diff --git a/crypto/src/tls/TlsPeer.cs b/crypto/src/tls/TlsPeer.cs index 29b4288e2..ef2837135 100644 --- a/crypto/src/tls/TlsPeer.cs +++ b/crypto/src/tls/TlsPeer.cs @@ -37,6 +37,8 @@ namespace Org.BouncyCastle.Tls int GetMaxHandshakeMessageSize(); + short[] GetPskKeyExchangeModes(); + /// /// This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a /// close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning diff --git a/crypto/src/tls/TlsPsk.cs b/crypto/src/tls/TlsPsk.cs new file mode 100644 index 000000000..c3aac3297 --- /dev/null +++ b/crypto/src/tls/TlsPsk.cs @@ -0,0 +1,15 @@ +using System; + +using Org.BouncyCastle.Tls.Crypto; + +namespace Org.BouncyCastle.Tls +{ + public interface TlsPsk + { + byte[] Identity { get; } + + TlsSecret Key { get; } + + int PrfAlgorithm { get; } + } +} diff --git a/crypto/src/tls/TlsPskExternal.cs b/crypto/src/tls/TlsPskExternal.cs new file mode 100644 index 000000000..1e7b717e9 --- /dev/null +++ b/crypto/src/tls/TlsPskExternal.cs @@ -0,0 +1,9 @@ +using System; + +namespace Org.BouncyCastle.Tls +{ + public interface TlsPskExternal + : TlsPsk + { + } +} -- cgit 1.4.1