diff options
Diffstat (limited to 'core/src/main/java')
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java | 7 | ||||
-rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java | 51 |
2 files changed, 46 insertions, 12 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java b/core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java index 8312e932..656dec77 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/ExtensionType.java @@ -49,6 +49,13 @@ public class ExtensionType public static final int heartbeat = 15; /* + * draft-gutmann-tls-encrypt-then-mac-05 + * + * NOTE: This value has not yet been reserved by the IETF + */ + public static final int encrypt_then_mac = 66; + + /* * RFC 5746 3.2. */ public static final int renegotiation_info = 0xff01; diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java index fbc39dd9..a59a1d5a 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java @@ -9,6 +9,7 @@ import org.bouncycastle.util.Integers; public class TlsExtensionsUtils { + public static final Integer EXT_encrypt_then_mac = Integers.valueOf(ExtensionType.encrypt_then_mac); public static final Integer EXT_heartbeat = Integers.valueOf(ExtensionType.heartbeat); public static final Integer EXT_max_fragment_length = Integers.valueOf(ExtensionType.max_fragment_length); public static final Integer EXT_server_name = Integers.valueOf(ExtensionType.server_name); @@ -20,6 +21,11 @@ public class TlsExtensionsUtils return extensions == null ? new Hashtable() : extensions; } + public static void addEncryptThenMACExtension(Hashtable extensions) + { + extensions.put(EXT_encrypt_then_mac, createEncryptThenMACExtension()); + } + public static void addHeartbeatExtension(Hashtable extensions, HeartbeatExtension heartbeatExtension) throws IOException { @@ -77,6 +83,12 @@ public class TlsExtensionsUtils return extensionData == null ? null : readStatusRequestExtension(extensionData); } + public static boolean hasEncryptThenMACExtension(Hashtable extensions) throws IOException + { + byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_encrypt_then_mac); + return extensionData == null ? false : readEncryptThenMACExtension(extensionData); + } + public static boolean hasTruncatedHMacExtension(Hashtable extensions) throws IOException { byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_truncated_hmac); @@ -88,6 +100,11 @@ public class TlsExtensionsUtils return TlsUtils.EMPTY_BYTES; } + public static byte[] createEncryptThenMACExtension() + { + return createEmptyExtensionData(); + } + public static byte[] createHeartbeatExtension(HeartbeatExtension heartbeatExtension) throws IOException { @@ -149,6 +166,26 @@ public class TlsExtensionsUtils return createEmptyExtensionData(); } + private static boolean readEmptyExtensionData(byte[] extensionData) throws IOException + { + if (extensionData == null) + { + throw new IllegalArgumentException("'extensionData' cannot be null"); + } + + if (extensionData.length != 0) + { + throw new TlsFatalAlert(AlertDescription.illegal_parameter); + } + + return true; + } + + public static boolean readEncryptThenMACExtension(byte[] extensionData) throws IOException + { + return readEmptyExtensionData(extensionData); + } + public static HeartbeatExtension readHeartbeatExtension(byte[] extensionData) throws IOException { @@ -223,18 +260,8 @@ public class TlsExtensionsUtils return statusRequest; } - private static boolean readTruncatedHMacExtension(byte[] extensionData) throws IOException + public static boolean readTruncatedHMacExtension(byte[] extensionData) throws IOException { - if (extensionData == null) - { - throw new IllegalArgumentException("'extensionData' cannot be null"); - } - - if (extensionData.length != 0) - { - throw new TlsFatalAlert(AlertDescription.illegal_parameter); - } - - return true; + return readEmptyExtensionData(extensionData); } } |