blob: f6f6472bcdf00bc6a0f7e00864b5ae619223948f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
using System;
using System.Collections;
using System.IO;
using Org.BouncyCastle.Tls.Crypto;
namespace Org.BouncyCastle.Tls
{
public class SrpTlsClient
: AbstractTlsClient
{
private static readonly int[] DefaultCipherSuites = new int[]
{
CipherSuite.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
};
protected readonly TlsSrpIdentity m_srpIdentity;
public SrpTlsClient(TlsCrypto crypto, byte[] identity, byte[] password)
: this(crypto, new BasicTlsSrpIdentity(identity, password))
{
}
public SrpTlsClient(TlsCrypto crypto, TlsSrpIdentity srpIdentity)
: base(crypto)
{
this.m_srpIdentity = srpIdentity;
}
protected override int[] GetSupportedCipherSuites()
{
return TlsUtilities.GetSupportedCipherSuites(Crypto, DefaultCipherSuites);
}
protected override ProtocolVersion[] GetSupportedVersions()
{
return ProtocolVersion.TLSv12.Only();
}
protected virtual bool RequireSrpServerExtension
{
// No explicit guidance in RFC 5054; by default an (empty) extension from server is optional
get { return false; }
}
/// <exception cref="IOException"/>
public override IDictionary GetClientExtensions()
{
IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised(
base.GetClientExtensions());
TlsSrpUtilities.AddSrpExtension(clientExtensions, m_srpIdentity.GetSrpIdentity());
return clientExtensions;
}
/// <exception cref="IOException"/>
public override void ProcessServerExtensions(IDictionary serverExtensions)
{
if (!TlsUtilities.HasExpectedEmptyExtensionData(serverExtensions, ExtensionType.srp,
AlertDescription.illegal_parameter))
{
if (RequireSrpServerExtension)
throw new TlsFatalAlert(AlertDescription.illegal_parameter);
}
base.ProcessServerExtensions(serverExtensions);
}
public override TlsSrpIdentity GetSrpIdentity()
{
return m_srpIdentity;
}
/// <exception cref="IOException"/>
public override TlsAuthentication GetAuthentication()
{
/*
* Note: This method is not called unless a server certificate is sent, which may be the
* case e.g. for SRP_DSS or SRP_RSA key exchange.
*/
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
}
|