diff options
author | David Hook <dgh@cryptoworkshop.com> | 2013-05-31 11:07:45 +0400 |
---|---|---|
committer | David Hook <dgh@cryptoworkshop.com> | 2013-05-31 11:07:45 +0400 |
commit | 2b976f5364cfdbc37d3086019d93483c983eb80b (patch) | |
tree | cb846af3fd1d43f9c2562a1fb2d06b997ad8f229 /core/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java | |
parent | 5f714bd92fbd780d22406f4bc3681be005f6f04a (diff) |
initial reshuffle
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java new file mode 100644 index 00000000..2789b22d --- /dev/null +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSProtocol.java @@ -0,0 +1,84 @@ +package org.bouncycastle.crypto.tls; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.security.SecureRandom; +import java.util.Vector; + +import org.bouncycastle.util.Arrays; + +public abstract class DTLSProtocol +{ + + protected final SecureRandom secureRandom; + + protected DTLSProtocol(SecureRandom secureRandom) + { + + if (secureRandom == null) + { + throw new IllegalArgumentException("'secureRandom' cannot be null"); + } + + this.secureRandom = secureRandom; + } + + protected void processFinished(byte[] body, byte[] expected_verify_data) + throws IOException + { + + ByteArrayInputStream buf = new ByteArrayInputStream(body); + + byte[] verify_data = TlsUtils.readFully(expected_verify_data.length, buf); + + TlsProtocol.assertEmpty(buf); + + if (!Arrays.constantTimeAreEqual(expected_verify_data, verify_data)) + { + throw new TlsFatalAlert(AlertDescription.handshake_failure); + } + } + + protected static byte[] generateCertificate(Certificate certificate) + throws IOException + { + + ByteArrayOutputStream buf = new ByteArrayOutputStream(); + certificate.encode(buf); + return buf.toByteArray(); + } + + protected static byte[] generateSupplementalData(Vector supplementalData) + throws IOException + { + + ByteArrayOutputStream buf = new ByteArrayOutputStream(); + TlsProtocol.writeSupplementalData(buf, supplementalData); + return buf.toByteArray(); + } + + protected static void validateSelectedCipherSuite(int selectedCipherSuite, short alertDescription) + throws IOException + { + + switch (selectedCipherSuite) + { + case CipherSuite.TLS_RSA_EXPORT_WITH_RC4_40_MD5: + case CipherSuite.TLS_RSA_WITH_RC4_128_MD5: + case CipherSuite.TLS_RSA_WITH_RC4_128_SHA: + case CipherSuite.TLS_DH_anon_EXPORT_WITH_RC4_40_MD5: + case CipherSuite.TLS_DH_anon_WITH_RC4_128_MD5: + case CipherSuite.TLS_PSK_WITH_RC4_128_SHA: + case CipherSuite.TLS_DHE_PSK_WITH_RC4_128_SHA: + case CipherSuite.TLS_RSA_PSK_WITH_RC4_128_SHA: + case CipherSuite.TLS_ECDH_ECDSA_WITH_RC4_128_SHA: + case CipherSuite.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: + case CipherSuite.TLS_ECDH_RSA_WITH_RC4_128_SHA: + case CipherSuite.TLS_ECDHE_RSA_WITH_RC4_128_SHA: + case CipherSuite.TLS_ECDH_anon_WITH_RC4_128_SHA: + // TODO Alert + throw new IllegalStateException("RC4 MUST NOT be used with DTLS"); + } + } +} |