+hazel-networking

1 files changed, 84 insertions, 0 deletions

diff --git a/Tools/Hazel-Networking/Hazel/Dtls/IRecordProtection.cs b/Tools/Hazel-Networking/Hazel/Dtls/IRecordProtection.cs
new file mode 100644
index 0000000..cbee1b0
--- /dev/null
+++ b/Tools/Hazel-Networking/Hazel/Dtls/IRecordProtection.cs
@@ -0,0 +1,84 @@
+using System;
+
+namespace Hazel.Dtls
+{
+    /// <summary>
+    /// DTLS cipher suite interface for protection of record payload.
+    /// </summary>
+    public interface IRecordProtection : IDisposable
+    {
+        /// <summary>
+        /// Calculate the size of an encrypted plaintext
+        /// </summary>
+        /// <param name="dataSize">Size of plaintext in bytes</param>
+        /// <returns>Size of encrypted ciphertext in bytes</returns>
+        int GetEncryptedSize(int dataSize);
+
+        /// <summary>
+        /// Calculate the size of decrypted ciphertext
+        /// </summary>
+        /// <param name="dataSize">Size of ciphertext in bytes</param>
+        /// <returns>Size of decrypted plaintext in bytes</returns>
+        int GetDecryptedSize(int dataSize);
+
+        /// <summary>
+        /// Encrypt a plaintext intput with server keys
+        ///
+        /// Output may overlap with input.
+        /// </summary>
+        /// <param name="output">Output ciphertext</param>
+        /// <param name="input">Input plaintext</param>
+        /// <param name="record">Parent DTLS record</param>
+        void EncryptServerPlaintext(ByteSpan output, ByteSpan input, ref Record record);
+
+        /// <summary>
+        /// Encrypt a plaintext intput with client keys
+        ///
+        /// Output may overlap with input.
+        /// </summary>
+        /// <param name="output">Output ciphertext</param>
+        /// <param name="input">Input plaintext</param>
+        /// <param name="record">Parent DTLS record</param>
+        void EncryptClientPlaintext(ByteSpan output, ByteSpan input, ref Record record);
+
+        /// <summary>
+        /// Decrypt a ciphertext intput with server keys
+        ///
+        /// Output may overlap with input.
+        /// </summary>
+        /// <param name="output">Output plaintext</param>
+        /// <param name="input">Input ciphertext</param>
+        /// <param name="record">Parent DTLS record</param>
+        /// <returns>True if the input was authenticated and decrypted. Otherwise false</returns>
+        bool DecryptCiphertextFromServer(ByteSpan output, ByteSpan input, ref Record record);
+
+        /// <summary>
+        /// Decrypt a ciphertext intput with client keys
+        ///
+        /// Output may overlap with input.
+        /// </summary>
+        /// <param name="output">Output plaintext</param>
+        /// <param name="input">Input ciphertext</param>
+        /// <param name="record">Parent DTLS record</param>
+        /// <returns>True if the input was authenticated and decrypted. Otherwise false</returns>
+        bool DecryptCiphertextFromClient(ByteSpan output, ByteSpan input, ref Record record);
+    }
+
+    /// <summary>
+    /// Factory to create record protection from cipher suite identifiers
+    /// </summary>
+    public sealed class RecordProtectionFactory
+    {
+        public static IRecordProtection Create(CipherSuite cipherSuite, ByteSpan masterSecret, ByteSpan serverRandom, ByteSpan clientRandom)
+        {
+            switch (cipherSuite)
+            {
+            case CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
+                return new Aes128GcmRecordProtection(masterSecret, serverRandom, clientRandom);
+
+            default:
+                return null;
+            }
+        }
+    }
+}