diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-22 19:05:49 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-22 19:05:49 +0400 |
commit | 6008b9c96a09f4d570a5f1ec8dd4f05331694007 (patch) | |
tree | 573e2c010df4c75db12fb4a823b2fa384f09bfee /core/src/main/java/org/bouncycastle | |
parent | 29becdd4a0c9b76e1fa35a4bd82e446382a6a8df (diff) |
draft-ietf-tls-encrypt-then-mac-033 updates
Diffstat (limited to 'core/src/main/java/org/bouncycastle')
4 files changed, 35 insertions, 7 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java b/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java index c811eec3..dd5c4409 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java @@ -235,7 +235,15 @@ public abstract class AbstractTlsServer { if (this.encryptThenMACOffered && allowEncryptThenMAC()) { - TlsExtensionsUtils.addEncryptThenMACExtension(checkServerExtensions()); + /* + * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC + * request extension from a client and then selects a stream or AEAD cipher suite, it + * MUST NOT send an encrypt-then-MAC response extension back to the client. + */ + if (TlsUtils.isBlockCipherSuite(this.selectedCipherSuite)) + { + TlsExtensionsUtils.addEncryptThenMACExtension(checkServerExtensions()); + } } if (this.maxFragmentLengthOffered >= 0) diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java index 73cfd60b..b88d8f33 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java @@ -718,7 +718,18 @@ public class DTLSClientProtocol } } - securityParameters.encryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(serverExtensions); + /* + * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC + * request extension from a client and then selects a stream or AEAD cipher suite, it + * MUST NOT send an encrypt-then-MAC response extension back to the client. + */ + boolean serverSentEncryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(serverExtensions); + if (serverSentEncryptThenMAC && !TlsUtils.isBlockCipherSuite(state.selectedCipherSuite)) + { + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + + securityParameters.encryptThenMAC = serverSentEncryptThenMAC; state.maxFragmentLength = evaluateMaxFragmentLengthExtension(state.clientExtensions, serverExtensions, AlertDescription.illegal_parameter); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java b/core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java index 02b3bf22..c0a7a90a 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java @@ -49,11 +49,9 @@ public class ExtensionType public static final int session_ticket = 35; /* - * draft-gutmann-tls-encrypt-then-mac-05 - * - * NOTE: This value has not yet been reserved by the IETF + * draft-ietf-tls-encrypt-then-mac-03 */ - public static final int encrypt_then_mac = 66; + public static final int encrypt_then_mac = 22; /* * RFC 5746 3.2. diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index 5f064560..d4d19ef7 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -775,7 +775,18 @@ public class TlsClientProtocol if (sessionServerExtensions != null) { - this.securityParameters.encryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(sessionServerExtensions); + /* + * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC + * request extension from a client and then selects a stream or AEAD cipher suite, it + * MUST NOT send an encrypt-then-MAC response extension back to the client. + */ + boolean serverSentEncryptThenMAC = TlsExtensionsUtils.hasEncryptThenMACExtension(sessionServerExtensions); + if (serverSentEncryptThenMAC && !TlsUtils.isBlockCipherSuite(selectedCipherSuite)) + { + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + + this.securityParameters.encryptThenMAC = serverSentEncryptThenMAC; this.securityParameters.maxFragmentLength = processMaxFragmentLengthExtension(sessionClientExtensions, sessionServerExtensions, AlertDescription.illegal_parameter); |