1 files changed, 66 insertions, 25 deletions

diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java
index fbc39dd..8e50f57 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsExtensionsUtils.java
@@ -9,6 +9,8 @@ import org.bouncycastle.util.Integers;
 
 public class TlsExtensionsUtils
 {
+    public static final Integer EXT_encrypt_then_mac = Integers.valueOf(ExtensionType.encrypt_then_mac);
+    public static final Integer EXT_extended_master_secret = Integers.valueOf(ExtensionType.extended_master_secret);
     public static final Integer EXT_heartbeat = Integers.valueOf(ExtensionType.heartbeat);
     public static final Integer EXT_max_fragment_length = Integers.valueOf(ExtensionType.max_fragment_length);
     public static final Integer EXT_server_name = Integers.valueOf(ExtensionType.server_name);
@@ -20,6 +22,16 @@ public class TlsExtensionsUtils
         return extensions == null ? new Hashtable() : extensions;
     }
 
+    public static void addEncryptThenMACExtension(Hashtable extensions)
+    {
+        extensions.put(EXT_encrypt_then_mac, createEncryptThenMACExtension());
+    }
+
+    public static void addExtendedMasterSecretExtension(Hashtable extensions)
+    {
+        extensions.put(EXT_extended_master_secret, createExtendedMasterSecretExtension());
+    }
+
     public static void addHeartbeatExtension(Hashtable extensions, HeartbeatExtension heartbeatExtension)
         throws IOException
     {
@@ -77,6 +89,18 @@ public class TlsExtensionsUtils
         return extensionData == null ? null : readStatusRequestExtension(extensionData);
     }
 
+    public static boolean hasEncryptThenMACExtension(Hashtable extensions) throws IOException
+    {
+        byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_encrypt_then_mac);
+        return extensionData == null ? false : readEncryptThenMACExtension(extensionData);
+    }
+
+    public static boolean hasExtendedMasterSecretExtension(Hashtable extensions) throws IOException
+    {
+        byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_extended_master_secret);
+        return extensionData == null ? false : readExtendedMasterSecretExtension(extensionData);
+    }
+
     public static boolean hasTruncatedHMacExtension(Hashtable extensions) throws IOException
     {
         byte[] extensionData = TlsUtils.getExtensionData(extensions, EXT_truncated_hmac);
@@ -88,6 +112,16 @@ public class TlsExtensionsUtils
         return TlsUtils.EMPTY_BYTES;
     }
 
+    public static byte[] createEncryptThenMACExtension()
+    {
+        return createEmptyExtensionData();
+    }
+
+    public static byte[] createExtendedMasterSecretExtension()
+    {
+        return createEmptyExtensionData();
+    }
+
     public static byte[] createHeartbeatExtension(HeartbeatExtension heartbeatExtension)
         throws IOException
     {
@@ -106,12 +140,11 @@ public class TlsExtensionsUtils
     public static byte[] createMaxFragmentLengthExtension(short maxFragmentLength)
         throws IOException
     {
-        if (!MaxFragmentLength.isValid(maxFragmentLength))
-        {
-            throw new TlsFatalAlert(AlertDescription.internal_error);
-        }
+        TlsUtils.checkUint8(maxFragmentLength);
 
-        return new byte[]{ (byte)maxFragmentLength };
+        byte[] extensionData = new byte[1];
+        TlsUtils.writeUint8(maxFragmentLength, extensionData, 0);
+        return extensionData;
     }
 
     public static byte[] createServerNameExtension(ServerNameList serverNameList)
@@ -149,6 +182,31 @@ public class TlsExtensionsUtils
         return createEmptyExtensionData();
     }
 
+    private static boolean readEmptyExtensionData(byte[] extensionData) throws IOException
+    {
+        if (extensionData == null)
+        {
+            throw new IllegalArgumentException("'extensionData' cannot be null");
+        }
+
+        if (extensionData.length != 0)
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+        }
+
+        return true;
+    }
+
+    public static boolean readEncryptThenMACExtension(byte[] extensionData) throws IOException
+    {
+        return readEmptyExtensionData(extensionData);
+    }
+
+    public static boolean readExtendedMasterSecretExtension(byte[] extensionData) throws IOException
+    {
+        return readEmptyExtensionData(extensionData);
+    }
+
     public static HeartbeatExtension readHeartbeatExtension(byte[] extensionData)
         throws IOException
     {
@@ -179,14 +237,7 @@ public class TlsExtensionsUtils
             throw new TlsFatalAlert(AlertDescription.decode_error);
         }
 
-        short maxFragmentLength = (short)extensionData[0];
-
-        if (!MaxFragmentLength.isValid(maxFragmentLength))
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-
-        return maxFragmentLength;
+        return TlsUtils.readUint8(extensionData, 0);
     }
 
     public static ServerNameList readServerNameExtension(byte[] extensionData)
@@ -223,18 +274,8 @@ public class TlsExtensionsUtils
         return statusRequest;
     }
 
-    private static boolean readTruncatedHMacExtension(byte[] extensionData) throws IOException
+    public static boolean readTruncatedHMacExtension(byte[] extensionData) throws IOException
     {
-        if (extensionData == null)
-        {
-            throw new IllegalArgumentException("'extensionData' cannot be null");
-        }
-
-        if (extensionData.length != 0)
-        {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-        }
-
-        return true;
+        return readEmptyExtensionData(extensionData);
     }
 }