1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
using System;
using System.IO;
using Org.BouncyCastle.Tls.Crypto;
namespace Org.BouncyCastle.Tls
{
/// <summary>Base interface for a (D)TLS endpoint.</summary>
public interface TlsPeer
{
TlsCrypto Crypto { get; }
void NotifyCloseHandle(TlsCloseable closehandle);
/// <exception cref="IOException"/>
void Cancel();
ProtocolVersion[] GetProtocolVersions();
int[] GetCipherSuites();
/// <summary>Notifies the peer that a new handshake is about to begin.</summary>
/// <exception cref="IOException"/>
void NotifyHandshakeBeginning();
/// <summary>Specify the timeout, in milliseconds, to use for the complete handshake process.</summary>
/// <remarks>
/// NOTE: Currently only respected by DTLS protocols. Negative values are not allowed. A timeout of zero means
/// an infinite timeout (i.e.the handshake will never time out).
/// </remarks>
/// <returns>the handshake timeout, in milliseconds.</returns>
int GetHandshakeTimeoutMillis();
/// <summary>Specify the time, in milliseconds, after which a handshake packet is resent.</summary>
/// <remarks>
/// NOTE: Currently only respected by DTLS protocols.
/// </remarks>
/// <returns>the handshake resend time, in milliseconds.</returns>
// TODO[api]
//int GetHandshakeResendTimeMillis();
bool AllowLegacyResumption();
int GetMaxCertificateChainLength();
int GetMaxHandshakeMessageSize();
short[] GetPskKeyExchangeModes();
/// <remarks>
/// This option is provided as a last resort for interoperability with TLS peers that fail to correctly send a
/// close_notify alert at end of stream. Implementations SHOULD return true; caution is advised if returning
/// false without a full understanding of the implications.
/// </remarks>
bool RequiresCloseNotify();
/// <remarks>This implementation supports RFC 7627 and will always negotiate the extended_master_secret
/// extension where possible. When connecting to a peer that does not offer/accept this extension, it is
/// recommended to abort the handshake.This option is provided for interoperability with legacy peers, although
/// some TLS features will be disabled in that case (see RFC 7627 5.4).
/// </remarks>
/// <returns><c>true</c> if the handshake should be aborted when the peer does not negotiate the
/// extended_master_secret extension, or <c>false</c> to support legacy interoperability.</returns>
bool RequiresExtendedMasterSecret();
bool ShouldUseExtendedMasterSecret();
/// <summary>See RFC 5246 6.2.3.2. Controls whether block cipher encryption may randomly add extra padding
/// beyond the minimum.</summary>
/// <remarks>
/// Note that in configurations where this is known to be potential security risk this setting will be ignored
/// (and extended padding disabled). Extra padding is always supported when decrypting received records.
/// </remarks>
/// <returns><c>true</c> if random extra padding should be added during block cipher encryption, or
/// <c>false</c> to always use the minimum amount of required padding.</returns>
bool ShouldUseExtendedPadding();
/// <summary> draft-mathewson-no-gmtunixtime-00 2. "If existing users of a TLS implementation may rely on
/// gmt_unix_time containing the current time, we recommend that implementors MAY provide the ability to set
/// gmt_unix_time as an option only, off by default.".</summary>
/// <remarks>
/// NOTE: For a server that has negotiated TLS 1.3 (or later), or a client that has offered TLS 1.3 (or later),
/// this is not called and gmt_unix_time is not used.
/// </remarks>
/// <returns><c>true</c> if the current time should be used in the gmt_unix_time field of Random, or
/// <c>false</c> if gmt_unix_time should contain a cryptographically random value.</returns>
bool ShouldUseGmtUnixTime();
/// <summary>RFC 5746 3.4/3.6. In case this is false, peers may want to terminate the handshake instead of
/// continuing; see Section 4.1/4.3 for discussion.</summary>
/// <remarks>
/// NOTE: TLS 1.3 forbids renegotiation, so this is never called when TLS 1.3 (or later) was negotiated.
/// </remarks>
/// <exception cref="IOException"/>
void NotifySecureRenegotiation(bool secureRenegotiation);
/// <exception cref="IOException"/>
TlsKeyExchangeFactory GetKeyExchangeFactory();
/// <summary>This method will be called when an alert is raised by the protocol.</summary>
/// <param name="alertLevel"><see cref="AlertLevel"/></param>
/// <param name="alertDescription"><see cref="AlertDescription"/></param>
/// <param name="message">A human-readable message explaining what caused this alert. May be null.</param>
/// <param name="cause">The <see cref="Exception"/> that caused this alert to be raised. May be null.</param>
void NotifyAlertRaised(short alertLevel, short alertDescription, string message, Exception cause);
/// <summary>This method will be called when an alert is received from the remote peer.</summary>
/// <param name="alertLevel"><see cref="AlertLevel"/></param>
/// <param name="alertDescription"><see cref="AlertDescription"/></param>
void NotifyAlertReceived(short alertLevel, short alertDescription);
/// <summary>Notifies the peer that the handshake has been successfully completed.</summary>
/// <exception cref="IOException"/>
void NotifyHandshakeComplete();
/// <summary>Return a <see cref="TlsHeartbeat"/> instance that will control the generation of heartbeats
/// locally (if permitted by the remote peer), or null to not generate heartbeats. Heartbeats are described in
/// RFC 6520.</summary>
/// <returns>an instance of <see cref="TlsHeartbeat"/>.</returns>
/// <seealso cref="DefaultTlsHeartbeat"/>
TlsHeartbeat GetHeartbeat();
/// <summary>Return the heartbeat mode applicable to the remote peer. Heartbeats are described in RFC 6520.
/// </summary>
/// <remarks>
/// See enumeration class <see cref="HeartbeatMode"/> for appropriate return values.
/// </remarks>
/// <returns>the <see cref="HeartbeatMode"/> value.</returns>
short GetHeartbeatPolicy();
/// <summary>Indicates whether a DTLS connection should ignore corrupt records (bad_record_mac) instead of
/// failing the connection.</summary>
/// <remarks>Called only once at the start of a connection and applies throughout.</remarks>
/// <returns>The value <c>true</c> to ignore corrupt DTLS records, or <c>false</c> to fail the connection.
/// </returns>
bool IgnoreCorruptDtlsRecords { get; }
}
}
|
