From d7557597d18a313c7e573b11e48ba8648d8a50a9 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Wed, 17 May 2023 18:16:36 +0700 Subject: DTLS: Improve DtlsVerifier performance --- crypto/test/src/tls/test/DtlsProtocolTest.cs | 32 +++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) (limited to 'crypto/test') diff --git a/crypto/test/src/tls/test/DtlsProtocolTest.cs b/crypto/test/src/tls/test/DtlsProtocolTest.cs index 388003666..7fc49fb51 100644 --- a/crypto/test/src/tls/test/DtlsProtocolTest.cs +++ b/crypto/test/src/tls/test/DtlsProtocolTest.cs @@ -1,4 +1,5 @@ using System; +using System.Text; using System.Threading; using NUnit.Framework; @@ -70,7 +71,36 @@ namespace Org.BouncyCastle.Tls.Tests try { MockDtlsServer server = new MockDtlsServer(); - DtlsTransport dtlsServer = m_serverProtocol.Accept(server, m_serverTransport); + + DtlsRequest request = null; + + // Use DtlsVerifier to require a HelloVerifyRequest cookie exchange before accepting + { + DtlsVerifier verifier = new DtlsVerifier(server.Crypto); + + // NOTE: Test value only - would typically be the client IP address + byte[] clientID = Encoding.UTF8.GetBytes("MockDtlsClient"); + + int receiveLimit = m_serverTransport.GetReceiveLimit(); + int dummyOffset = server.Crypto.SecureRandom.Next(16) + 1; + byte[] transportBuf = new byte[dummyOffset + m_serverTransport.GetReceiveLimit()]; + + do + { + if (m_isShutdown) + return; + + int length = m_serverTransport.Receive(transportBuf, dummyOffset, receiveLimit, 1000); + if (length > 0) + { + request = verifier.VerifyRequest(clientID, transportBuf, dummyOffset, length, + m_serverTransport); + } + } + while (request == null); + } + + DtlsTransport dtlsServer = m_serverProtocol.Accept(server, m_serverTransport, request); byte[] buf = new byte[dtlsServer.GetReceiveLimit()]; while (!m_isShutdown) { -- cgit 1.4.1