From f9c7378479b48d48c5dbaee155a5f65b4e693092 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 20 Aug 2014 21:34:45 +0700
Subject: A few minor followups to the previous batch of TLS updates

---
 crypto/src/crypto/tls/ExporterLabel.cs      |  6 ------
 crypto/src/crypto/tls/SecurityParameters.cs | 10 ++++++++++
 crypto/src/crypto/tls/TlsBlockCipher.cs     |  2 +-
 crypto/src/crypto/tls/TlsProtocolHandler.cs |  4 ++++
 crypto/src/crypto/tls/TlsStreamCipher.cs    |  2 +-
 5 files changed, 16 insertions(+), 8 deletions(-)

(limited to 'crypto/src')

diff --git a/crypto/src/crypto/tls/ExporterLabel.cs b/crypto/src/crypto/tls/ExporterLabel.cs
index c186d410b..f301ea3c0 100644
--- a/crypto/src/crypto/tls/ExporterLabel.cs
+++ b/crypto/src/crypto/tls/ExporterLabel.cs
@@ -5,12 +5,6 @@ namespace Org.BouncyCastle.Crypto.Tls
     /// <summary>RFC 5705</summary>
     public abstract class ExporterLabel
     {
-        /*
-         * BC-specific
-         */
-        internal const string client_random = "client random";
-        internal const string server_random = "server random";
-
         /*
          * RFC 5246
          */
diff --git a/crypto/src/crypto/tls/SecurityParameters.cs b/crypto/src/crypto/tls/SecurityParameters.cs
index 3aa318da2..0707f3d40 100644
--- a/crypto/src/crypto/tls/SecurityParameters.cs
+++ b/crypto/src/crypto/tls/SecurityParameters.cs
@@ -11,6 +11,16 @@ namespace Org.BouncyCastle.Crypto.Tls
         internal byte[] clientRandom = null;
         internal byte[] serverRandom = null;
 
+        internal void CopySessionParametersFrom(SecurityParameters other)
+        {
+            //this.entity = other.entity;
+            //this.cipherSuite = other.cipherSuite;
+            //this.compressionAlgorithm = other.compressionAlgorithm;
+            this.prfAlgorithm = other.prfAlgorithm;
+            //this.verifyDataLength = other.verifyDataLength;
+            this.masterSecret = Arrays.Clone(other.masterSecret);
+        }
+
         internal virtual void Clear()
         {
             if (this.masterSecret != null)
diff --git a/crypto/src/crypto/tls/TlsBlockCipher.cs b/crypto/src/crypto/tls/TlsBlockCipher.cs
index 7adab1985..b2c69127c 100644
--- a/crypto/src/crypto/tls/TlsBlockCipher.cs
+++ b/crypto/src/crypto/tls/TlsBlockCipher.cs
@@ -51,7 +51,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             SecurityParameters securityParameters = context.SecurityParameters;
 
-            byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, "key expansion",
+            byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, ExporterLabel.key_expansion,
                 TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
                 prfSize);
 
diff --git a/crypto/src/crypto/tls/TlsProtocolHandler.cs b/crypto/src/crypto/tls/TlsProtocolHandler.cs
index cf1296b14..918640db5 100644
--- a/crypto/src/crypto/tls/TlsProtocolHandler.cs
+++ b/crypto/src/crypto/tls/TlsProtocolHandler.cs
@@ -453,6 +453,10 @@ namespace Org.BouncyCastle.Crypto.Tls
                             this.keyExchange = tlsClient.GetKeyExchange();
 
                             connection_state = CS_SERVER_HELLO_RECEIVED;
+
+                            // TODO Just a place-holder until other TLS 1.2 changes arrive
+                            this.securityParameters.prfAlgorithm = PrfAlgorithm.tls_prf_legacy;
+
                             break;
                         default:
                             this.FailWithError(AlertLevel.fatal, AlertDescription.unexpected_message);
diff --git a/crypto/src/crypto/tls/TlsStreamCipher.cs b/crypto/src/crypto/tls/TlsStreamCipher.cs
index 3e6f7e06d..24e2ce73f 100644
--- a/crypto/src/crypto/tls/TlsStreamCipher.cs
+++ b/crypto/src/crypto/tls/TlsStreamCipher.cs
@@ -29,7 +29,7 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             SecurityParameters securityParameters = context.SecurityParameters;
 
-            byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, "key expansion",
+            byte[] keyBlock = TlsUtilities.PRF(context, securityParameters.masterSecret, ExporterLabel.key_expansion,
                 TlsUtilities.Concat(securityParameters.serverRandom, securityParameters.clientRandom),
                 prfSize);
 
-- 
cgit 1.5.1