summary refs log tree commit diff
path: root/crypto/src/tls/DtlsVerifier.cs
blob: e691685e6802650c5e1b4e920bac88c9fee819a4 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
using System;
using System.IO;

using Org.BouncyCastle.Tls.Crypto;
using Org.BouncyCastle.Utilities;

namespace Org.BouncyCastle.Tls
{
    public class DtlsVerifier
    {
        private static TlsMac CreateCookieMac(TlsCrypto crypto)
        {
            TlsMac mac = crypto.CreateHmac(MacAlgorithm.hmac_sha256);

            byte[] secret = new byte[mac.MacLength];
            crypto.SecureRandom.NextBytes(secret);

            mac.SetKey(secret, 0, secret.Length);

            return mac;
        }

        private readonly TlsMac m_cookieMac;
        private readonly TlsMacSink m_cookieMacSink;

        public DtlsVerifier(TlsCrypto crypto)
        {
            this.m_cookieMac = CreateCookieMac(crypto);
            this.m_cookieMacSink = new TlsMacSink(m_cookieMac);
        }

        public virtual DtlsRequest VerifyRequest(byte[] clientID, byte[] data, int dataOff, int dataLen,
            DatagramSender sender)
        {
            lock (this)
            {
                bool resetCookieMac = true;

                try
                {
                    m_cookieMac.Update(clientID, 0, clientID.Length);

                    DtlsRequest request = DtlsReliableHandshake.ReadClientRequest(data, dataOff, dataLen,
                        m_cookieMacSink);
                    if (null != request)
                    {
                        byte[] expectedCookie = m_cookieMac.CalculateMac();
                        resetCookieMac = false;

                        // TODO Consider stricter HelloVerifyRequest protocol
                        //switch (request.MessageSeq)
                        //{
                        //case 0:
                        //{
                        //    DtlsReliableHandshake.SendHelloVerifyRequest(sender, request.RecordSeq, expectedCookie);
                        //    break;
                        //}
                        //case 1:
                        //{
                        //    if (Arrays.FixedTimeEquals(expectedCookie, request.ClientHello.Cookie))
                        //        return request;

                        //    break;
                        //}
                        //}

                        if (Arrays.FixedTimeEquals(expectedCookie, request.ClientHello.Cookie))
                            return request;

                        DtlsReliableHandshake.SendHelloVerifyRequest(sender, request.RecordSeq, expectedCookie);
                    }
                }
                catch (IOException)
                {
                    // Ignore
                }
                finally
                {
                    if (resetCookieMac)
                    {
                        m_cookieMac.Reset();
                    }
                }

                return null;
            }
        }
    }
}