From c280c388d58e99c644b8239f2b4b2652877f5970 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sun, 6 Apr 2014 12:31:30 +0700 Subject: Port from Java many of the new TLS classes and a few minor changes --- crypto/crypto.csproj | 90 +++++++++++++++++++++++ crypto/src/crypto/tls/BulkCipherAlgorithm.cs | 25 +++++++ crypto/src/crypto/tls/CertChainType.cs | 18 +++++ crypto/src/crypto/tls/CertificateStatusType.cs | 12 +++ crypto/src/crypto/tls/ChangeCipherSpec.cs | 9 +++ crypto/src/crypto/tls/CipherType.cs | 20 +++++ crypto/src/crypto/tls/ClientAuthenticationType.cs | 14 ++++ crypto/src/crypto/tls/ConnectionEnd.cs | 15 ++++ crypto/src/crypto/tls/DigestAlgorithm.cs | 33 +++++---- crypto/src/crypto/tls/DigestInputBuffer.cs | 39 ++++++++++ crypto/src/crypto/tls/ECBasisType.cs | 16 ++++ crypto/src/crypto/tls/EncryptionAlgorithm.cs | 11 ++- crypto/src/crypto/tls/ExporterLabel.cs | 6 +- crypto/src/crypto/tls/ExtensionType.cs | 17 +++-- crypto/src/crypto/tls/HashAlgorithm.cs | 4 +- crypto/src/crypto/tls/HeartbeatMessageType.cs | 18 +++++ crypto/src/crypto/tls/HeartbeatMode.cs | 18 +++++ crypto/src/crypto/tls/KeyExchangeAlgorithm.cs | 11 ++- crypto/src/crypto/tls/MacAlgorithm.cs | 25 +++++++ crypto/src/crypto/tls/MaxFragmentLength.cs | 20 +++++ crypto/src/crypto/tls/NameType.cs | 12 +++ crypto/src/crypto/tls/PrfAlgorithm.cs | 11 ++- crypto/src/crypto/tls/SignerInputBuffer.cs | 39 ++++++++++ crypto/src/crypto/tls/SrtpProtectionProfile.cs | 15 ++++ crypto/src/crypto/tls/SupplementalDataType.cs | 13 ++++ crypto/src/crypto/tls/UserMappingType.cs | 13 ++++ 26 files changed, 479 insertions(+), 45 deletions(-) create mode 100644 crypto/src/crypto/tls/BulkCipherAlgorithm.cs create mode 100644 crypto/src/crypto/tls/CertChainType.cs create mode 100644 crypto/src/crypto/tls/CertificateStatusType.cs create mode 100644 crypto/src/crypto/tls/ChangeCipherSpec.cs create mode 100644 crypto/src/crypto/tls/CipherType.cs create mode 100644 crypto/src/crypto/tls/ClientAuthenticationType.cs create mode 100644 crypto/src/crypto/tls/ConnectionEnd.cs create mode 100644 crypto/src/crypto/tls/DigestInputBuffer.cs create mode 100644 crypto/src/crypto/tls/ECBasisType.cs create mode 100644 crypto/src/crypto/tls/HeartbeatMessageType.cs create mode 100644 crypto/src/crypto/tls/HeartbeatMode.cs create mode 100644 crypto/src/crypto/tls/MacAlgorithm.cs create mode 100644 crypto/src/crypto/tls/MaxFragmentLength.cs create mode 100644 crypto/src/crypto/tls/NameType.cs create mode 100644 crypto/src/crypto/tls/SignerInputBuffer.cs create mode 100644 crypto/src/crypto/tls/SrtpProtectionProfile.cs create mode 100644 crypto/src/crypto/tls/SupplementalDataType.cs create mode 100644 crypto/src/crypto/tls/UserMappingType.cs (limited to 'crypto') diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index 267b8e010..5a9d37797 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -4268,26 +4268,56 @@ SubType = "Code" BuildAction = "Compile" /> + + + + + + + + + + + + + + + + + + RFC 2246 + /// + /// Note that the values here are implementation-specific and arbitrary. It is recommended not to + /// depend on the particular values (e.g. serialization). + /// + public abstract class BulkCipherAlgorithm + { + public const int cls_null = 0; + public const int rc4 = 1; + public const int rc2 = 2; + public const int des = 3; + public const int cls_3des = 4; + public const int des40 = 5; + + /* + * RFC 4346 + */ + public const int aes = 6; + public const int idea = 7; + } +} diff --git a/crypto/src/crypto/tls/CertChainType.cs b/crypto/src/crypto/tls/CertChainType.cs new file mode 100644 index 000000000..b526a79a7 --- /dev/null +++ b/crypto/src/crypto/tls/CertChainType.cs @@ -0,0 +1,18 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /* + * RFC 3546 3.3. + */ + public abstract class CertChainType + { + public const short individual_certs = 0; + public const short pkipath = 1; + + public static bool IsValid(short certChainType) + { + return certChainType >= individual_certs && certChainType <= pkipath; + } + } +} diff --git a/crypto/src/crypto/tls/CertificateStatusType.cs b/crypto/src/crypto/tls/CertificateStatusType.cs new file mode 100644 index 000000000..222d31635 --- /dev/null +++ b/crypto/src/crypto/tls/CertificateStatusType.cs @@ -0,0 +1,12 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + public abstract class CertificateStatusType + { + /* + * RFC 3546 3.6 + */ + public const short ocsp = 1; + } +} diff --git a/crypto/src/crypto/tls/ChangeCipherSpec.cs b/crypto/src/crypto/tls/ChangeCipherSpec.cs new file mode 100644 index 000000000..2ef4c3b34 --- /dev/null +++ b/crypto/src/crypto/tls/ChangeCipherSpec.cs @@ -0,0 +1,9 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + public abstract class ChangeCipherSpec + { + public const short change_cipher_spec = 1; + } +} diff --git a/crypto/src/crypto/tls/CipherType.cs b/crypto/src/crypto/tls/CipherType.cs new file mode 100644 index 000000000..b2ad7d8e1 --- /dev/null +++ b/crypto/src/crypto/tls/CipherType.cs @@ -0,0 +1,20 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// RFC 2246 + /// + /// Note that the values here are implementation-specific and arbitrary. It is recommended not to + /// depend on the particular values (e.g. serialization). + /// + public abstract class CipherType + { + public const int stream = 0; + public const int block = 1; + + /* + * RFC 5246 + */ + public const int aead = 2; + } +} diff --git a/crypto/src/crypto/tls/ClientAuthenticationType.cs b/crypto/src/crypto/tls/ClientAuthenticationType.cs new file mode 100644 index 000000000..51e6e5005 --- /dev/null +++ b/crypto/src/crypto/tls/ClientAuthenticationType.cs @@ -0,0 +1,14 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + public abstract class ClientAuthenticationType + { + /* + * RFC 5077 4 + */ + public const short anonymous = 0; + public const short certificate_based = 1; + public const short psk = 2; + } +} diff --git a/crypto/src/crypto/tls/ConnectionEnd.cs b/crypto/src/crypto/tls/ConnectionEnd.cs new file mode 100644 index 000000000..afc9460f2 --- /dev/null +++ b/crypto/src/crypto/tls/ConnectionEnd.cs @@ -0,0 +1,15 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// RFC 2246 + /// + /// Note that the values here are implementation-specific and arbitrary. It is recommended not to + /// depend on the particular values (e.g. serialization). + /// + public abstract class ConnectionEnd + { + public const int server = 0; + public const int client = 1; + } +} diff --git a/crypto/src/crypto/tls/DigestAlgorithm.cs b/crypto/src/crypto/tls/DigestAlgorithm.cs index cede6b7f8..745bea448 100644 --- a/crypto/src/crypto/tls/DigestAlgorithm.cs +++ b/crypto/src/crypto/tls/DigestAlgorithm.cs @@ -2,20 +2,23 @@ using System; namespace Org.BouncyCastle.Crypto.Tls { - public enum DigestAlgorithm - { - /* - * Note that the values here are implementation-specific and arbitrary. - * It is recommended not to depend on the particular values (e.g. serialization). - */ - NULL, - MD5, - SHA, + /// RFC 2246 + /// + /// Note that the values here are implementation-specific and arbitrary. It is recommended not to + /// depend on the particular values (e.g. serialization). + /// + [Obsolete("Use MacAlgorithm constants instead")] + public enum DigestAlgorithm + { + NULL, + MD5, + SHA, - /* - * RFC 5289 - */ - SHA256, - SHA384, - } + /* + * RFC 5246 + */ + SHA256, + SHA384, + SHA512, + } } diff --git a/crypto/src/crypto/tls/DigestInputBuffer.cs b/crypto/src/crypto/tls/DigestInputBuffer.cs new file mode 100644 index 000000000..547bcab54 --- /dev/null +++ b/crypto/src/crypto/tls/DigestInputBuffer.cs @@ -0,0 +1,39 @@ +using System; +using System.IO; + +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.IO; +using Org.BouncyCastle.Utilities.IO; + +namespace Org.BouncyCastle.Crypto.Tls +{ + internal class DigestInputBuffer + : MemoryStream + { + internal void UpdateDigest(IDigest d) + { + WriteTo(new DigStream(d)); + } + + private class DigStream + : BaseOutputStream + { + private readonly IDigest d; + + internal DigStream(IDigest d) + { + this.d = d; + } + + public override void WriteByte(byte b) + { + d.Update(b); + } + + public override void Write(byte[] buf, int off, int len) + { + d.BlockUpdate(buf, off, len); + } + } + } +} diff --git a/crypto/src/crypto/tls/ECBasisType.cs b/crypto/src/crypto/tls/ECBasisType.cs new file mode 100644 index 000000000..b7c9c6bd7 --- /dev/null +++ b/crypto/src/crypto/tls/ECBasisType.cs @@ -0,0 +1,16 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// RFC 4492 5.4. (Errata ID: 2389) + public abstract class ECBasisType + { + public const short ec_basis_trinomial = 1; + public const short ec_basis_pentanomial = 2; + + public static bool IsValid(short ecBasisType) + { + return ecBasisType >= ec_basis_trinomial && ecBasisType <= ec_basis_pentanomial; + } + } +} diff --git a/crypto/src/crypto/tls/EncryptionAlgorithm.cs b/crypto/src/crypto/tls/EncryptionAlgorithm.cs index 69aee8abc..dbeaa3356 100644 --- a/crypto/src/crypto/tls/EncryptionAlgorithm.cs +++ b/crypto/src/crypto/tls/EncryptionAlgorithm.cs @@ -2,12 +2,11 @@ using System; namespace Org.BouncyCastle.Crypto.Tls { - /** - * RFC 2246 - *

- * Note that the values here are implementation-specific and arbitrary. It is recommended not to - * depend on the particular values (e.g. serialization). - */ + ///

RFC 2246 + /// + /// Note that the values here are implementation-specific and arbitrary. It is recommended not to + /// depend on the particular values (e.g. serialization). + /// public abstract class EncryptionAlgorithm { public const int NULL = 0; diff --git a/crypto/src/crypto/tls/ExporterLabel.cs b/crypto/src/crypto/tls/ExporterLabel.cs index e26f15dc7..c186d410b 100644 --- a/crypto/src/crypto/tls/ExporterLabel.cs +++ b/crypto/src/crypto/tls/ExporterLabel.cs @@ -2,10 +2,8 @@ namespace Org.BouncyCastle.Crypto.Tls { - /** - * RFC 5705 - */ - public class ExporterLabel + /// RFC 5705 + public abstract class ExporterLabel { /* * BC-specific diff --git a/crypto/src/crypto/tls/ExtensionType.cs b/crypto/src/crypto/tls/ExtensionType.cs index 0e6a45b5e..4e265c358 100644 --- a/crypto/src/crypto/tls/ExtensionType.cs +++ b/crypto/src/crypto/tls/ExtensionType.cs @@ -28,11 +28,6 @@ namespace Org.BouncyCastle.Crypto.Tls */ public const int srp = 12; - /* - * RFC 5077 7. - */ - public const int session_ticket = 35; - /* * RFC 5246 7.4.1.4. */ @@ -48,6 +43,18 @@ namespace Org.BouncyCastle.Crypto.Tls */ public const int heartbeat = 15; + /* + * RFC 5077 7. + */ + public const int session_ticket = 35; + + /* + * draft-gutmann-tls-encrypt-then-mac-05 + * + * NOTE: This value has not yet been reserved by the IETF + */ + public static readonly int encrypt_then_mac = 66; + /* * RFC 5746 3.2. */ diff --git a/crypto/src/crypto/tls/HashAlgorithm.cs b/crypto/src/crypto/tls/HashAlgorithm.cs index 41818ca2c..ac6def26f 100644 --- a/crypto/src/crypto/tls/HashAlgorithm.cs +++ b/crypto/src/crypto/tls/HashAlgorithm.cs @@ -2,9 +2,7 @@ namespace Org.BouncyCastle.Crypto.Tls { - /** - * RFC 5246 7.4.1.4.1 - */ + /// RFC 5246 7.4.1.4.1 public abstract class HashAlgorithm { public const byte none = 0; diff --git a/crypto/src/crypto/tls/HeartbeatMessageType.cs b/crypto/src/crypto/tls/HeartbeatMessageType.cs new file mode 100644 index 000000000..9e3ad213c --- /dev/null +++ b/crypto/src/crypto/tls/HeartbeatMessageType.cs @@ -0,0 +1,18 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /* + * RFC 6520 3. + */ + public abstract class HeartbeatMessageType + { + public const short heartbeat_request = 1; + public const short heartbeat_response = 2; + + public static bool IsValid(short heartbeatMessageType) + { + return heartbeatMessageType >= heartbeat_request && heartbeatMessageType <= heartbeat_response; + } + } +} diff --git a/crypto/src/crypto/tls/HeartbeatMode.cs b/crypto/src/crypto/tls/HeartbeatMode.cs new file mode 100644 index 000000000..0968f6e10 --- /dev/null +++ b/crypto/src/crypto/tls/HeartbeatMode.cs @@ -0,0 +1,18 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /* + * RFC 6520 + */ + public abstract class HeartbeatMode + { + public const short peer_allowed_to_send = 1; + public const short peer_not_allowed_to_send = 2; + + public static bool IsValid(short heartbeatMode) + { + return heartbeatMode >= peer_allowed_to_send && heartbeatMode <= peer_not_allowed_to_send; + } + } +} diff --git a/crypto/src/crypto/tls/KeyExchangeAlgorithm.cs b/crypto/src/crypto/tls/KeyExchangeAlgorithm.cs index 3f5088d9b..9b1b3ba5e 100644 --- a/crypto/src/crypto/tls/KeyExchangeAlgorithm.cs +++ b/crypto/src/crypto/tls/KeyExchangeAlgorithm.cs @@ -2,12 +2,11 @@ using System; namespace Org.BouncyCastle.Crypto.Tls { - /** - * RFC 2246 - *

- * Note that the values here are implementation-specific and arbitrary. It is recommended not to - * depend on the particular values (e.g. serialization). - */ + ///

RFC 2246 + /// + /// Note that the values here are implementation-specific and arbitrary. It is recommended not to + /// depend on the particular values (e.g. serialization). + /// public abstract class KeyExchangeAlgorithm { public const int NULL = 0; diff --git a/crypto/src/crypto/tls/MacAlgorithm.cs b/crypto/src/crypto/tls/MacAlgorithm.cs new file mode 100644 index 000000000..e4aa88de6 --- /dev/null +++ b/crypto/src/crypto/tls/MacAlgorithm.cs @@ -0,0 +1,25 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// RFC 2246 + /// + /// Note that the values here are implementation-specific and arbitrary. It is recommended not to + /// depend on the particular values (e.g. serialization). + /// + public abstract class MacAlgorithm + { + public const int cls_null = 0; + public const int md5 = 1; + public const int sha = 2; + + /* + * RFC 5246 + */ + public const int hmac_md5 = md5; + public const int hmac_sha1 = sha; + public const int hmac_sha256 = 3; + public const int hmac_sha384 = 4; + public const int hmac_sha512 = 5; + } +} diff --git a/crypto/src/crypto/tls/MaxFragmentLength.cs b/crypto/src/crypto/tls/MaxFragmentLength.cs new file mode 100644 index 000000000..adb6d129c --- /dev/null +++ b/crypto/src/crypto/tls/MaxFragmentLength.cs @@ -0,0 +1,20 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + public abstract class MaxFragmentLength + { + /* + * RFC 3546 3.2. + */ + public const short pow2_9 = 1; + public const short pow2_10 = 2; + public const short pow2_11 = 3; + public const short pow2_12 = 4; + + public static bool IsValid(short maxFragmentLength) + { + return maxFragmentLength >= pow2_9 && maxFragmentLength <= pow2_12; + } + } +} diff --git a/crypto/src/crypto/tls/NameType.cs b/crypto/src/crypto/tls/NameType.cs new file mode 100644 index 000000000..ffcb639d0 --- /dev/null +++ b/crypto/src/crypto/tls/NameType.cs @@ -0,0 +1,12 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + public abstract class NameType + { + /* + * RFC 3546 3.1. + */ + public const short host_name = 0; + } +} diff --git a/crypto/src/crypto/tls/PrfAlgorithm.cs b/crypto/src/crypto/tls/PrfAlgorithm.cs index 976113495..871241bd2 100644 --- a/crypto/src/crypto/tls/PrfAlgorithm.cs +++ b/crypto/src/crypto/tls/PrfAlgorithm.cs @@ -2,12 +2,11 @@ namespace Org.BouncyCastle.Crypto.Tls { - /** - * RFC 5246 - *

- * Note that the values here are implementation-specific and arbitrary. It is recommended not to - * depend on the particular values (e.g. serialization). - */ + ///

RFC 5246 + /// + /// Note that the values here are implementation-specific and arbitrary. It is recommended not to + /// depend on the particular values (e.g. serialization). + /// public abstract class PrfAlgorithm { /* diff --git a/crypto/src/crypto/tls/SignerInputBuffer.cs b/crypto/src/crypto/tls/SignerInputBuffer.cs new file mode 100644 index 000000000..ef2827c4d --- /dev/null +++ b/crypto/src/crypto/tls/SignerInputBuffer.cs @@ -0,0 +1,39 @@ +using System; +using System.IO; + +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.IO; +using Org.BouncyCastle.Utilities.IO; + +namespace Org.BouncyCastle.Crypto.Tls +{ + internal class SignerInputBuffer + : MemoryStream + { + internal void UpdateSigner(ISigner s) + { + WriteTo(new SigStream(s)); + } + + private class SigStream + : BaseOutputStream + { + private readonly ISigner s; + + internal SigStream(ISigner s) + { + this.s = s; + } + + public override void WriteByte(byte b) + { + s.Update(b); + } + + public override void Write(byte[] buf, int off, int len) + { + s.BlockUpdate(buf, off, len); + } + } + } +} diff --git a/crypto/src/crypto/tls/SrtpProtectionProfile.cs b/crypto/src/crypto/tls/SrtpProtectionProfile.cs new file mode 100644 index 000000000..1ce89f85e --- /dev/null +++ b/crypto/src/crypto/tls/SrtpProtectionProfile.cs @@ -0,0 +1,15 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + public abstract class SrtpProtectionProfile + { + /* + * RFC 5764 4.1.2. + */ + public const int SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001; + public const int SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002; + public const int SRTP_NULL_HMAC_SHA1_80 = 0x0005; + public const int SRTP_NULL_HMAC_SHA1_32 = 0x0006; + } +} diff --git a/crypto/src/crypto/tls/SupplementalDataType.cs b/crypto/src/crypto/tls/SupplementalDataType.cs new file mode 100644 index 000000000..79511c50a --- /dev/null +++ b/crypto/src/crypto/tls/SupplementalDataType.cs @@ -0,0 +1,13 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// RFC 4680 + public abstract class SupplementalDataType + { + /* + * RFC 4681 + */ + public const int user_mapping_data = 0; + } +} diff --git a/crypto/src/crypto/tls/UserMappingType.cs b/crypto/src/crypto/tls/UserMappingType.cs new file mode 100644 index 000000000..6e6d40a58 --- /dev/null +++ b/crypto/src/crypto/tls/UserMappingType.cs @@ -0,0 +1,13 @@ +using System; + +namespace Org.BouncyCastle.Crypto.Tls +{ + /// RFC 4681 + public abstract class UserMappingType + { + /* + * RFC 4681 + */ + public const short upn_domain_hint = 64; + } +} -- cgit 1.4.1