diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-01-28 05:59:30 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-01-28 05:59:30 +0400 |
commit | b67358982e98475a03b00e06f69da1594fec48ff (patch) | |
tree | 38c354f2ac8ed204a89e81c458edf75ded1b40c7 /core/src/main/java/org/bouncycastle/crypto/tls | |
parent | 18e91d52dff4fd1035bfdda30d9a7b26054b8145 (diff) |
Wire up the extension processing for encrypt_then_mac
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls')
5 files changed, 20 insertions, 0 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java b/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java index b17a8abd..c811eec3 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java @@ -19,6 +19,7 @@ public abstract class AbstractTlsServer protected short[] offeredCompressionMethods; protected Hashtable clientExtensions; + protected boolean encryptThenMACOffered; protected short maxFragmentLengthOffered; protected boolean truncatedHMacOffered; protected Vector supportedSignatureAlgorithms; @@ -41,6 +42,11 @@ public abstract class AbstractTlsServer this.cipherFactory = cipherFactory; } + protected boolean allowEncryptThenMAC() + { + return true; + } + protected boolean allowTruncatedHMac() { return false; @@ -126,6 +132,7 @@ public abstract class AbstractTlsServer if (clientExtensions != null) { + this.encryptThenMACOffered = TlsExtensionsUtils.hasEncryptThenMACExtension(clientExtensions); this.maxFragmentLengthOffered = TlsExtensionsUtils.getMaxFragmentLengthExtension(clientExtensions); this.truncatedHMacOffered = TlsExtensionsUtils.hasTruncatedHMacExtension(clientExtensions); @@ -226,6 +233,11 @@ public abstract class AbstractTlsServer public Hashtable getServerExtensions() throws IOException { + if (this.encryptThenMACOffered && allowEncryptThenMAC()) + { + TlsExtensionsUtils.addEncryptThenMACExtension(checkServerExtensions()); + } + if (this.maxFragmentLengthOffered >= 0) { TlsExtensionsUtils.addMaxFragmentLengthExtension(checkServerExtensions(), this.maxFragmentLengthOffered); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java index c0159f5c..fb058e79 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java @@ -715,6 +715,8 @@ public class DTLSClientProtocol } } + securityParameters.encryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(serverExtensions); + state.maxFragmentLength = evaluateMaxFragmentLengthExtension(state.clientExtensions, serverExtensions, AlertDescription.illegal_parameter); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 7fc23226..d6d6a8d9 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -389,6 +389,8 @@ public class DTLSServerProtocol if (state.serverExtensions != null) { + securityParameters.encryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(state.serverExtensions); + state.maxFragmentLength = evaluateMaxFragmentLengthExtension(state.clientExtensions, state.serverExtensions, AlertDescription.internal_error); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index f339df27..a51b788f 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -769,6 +769,8 @@ public class TlsClientProtocol if (sessionServerExtensions != null) { + this.securityParameters.encryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(sessionServerExtensions); + this.securityParameters.maxFragmentLength = processMaxFragmentLengthExtension(sessionClientExtensions, sessionServerExtensions, AlertDescription.illegal_parameter); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index fee99652..c09e8050 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -695,6 +695,8 @@ public class TlsServerProtocol if (this.serverExtensions != null) { + this.securityParameters.encryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(this.serverExtensions); + this.securityParameters.maxFragmentLength = processMaxFragmentLengthExtension(clientExtensions, this.serverExtensions, AlertDescription.internal_error); |