org.bouncycastle.tls.crypto.impl.bc

Class BcTlsCrypto

java.lang.Object

org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto

org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto

All Implemented Interfaces:

TlsCrypto

public class BcTlsCrypto
extends AbstractTlsCrypto

Class for providing cryptographic services for TLS based on implementations in the BC light-weight API.

This class provides default implementations for everything. If you need to customise it, extend the class and override the appropriate methods.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	BcTlsCrypto.AeadOperator

Constructor Summary

Constructors

Constructor and Description
BcTlsCrypto(java.security.SecureRandom entropySource)

Method Summary

Modifier and Type	Method and Description
static org.bouncycastle.crypto.Digest	cloneDigest(short hashAlgorithm, org.bouncycastle.crypto.Digest hash)
protected org.bouncycastle.crypto.modes.AEADBlockCipher	createAEADBlockCipher_AES_CCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher	createAEADBlockCipher_AES_GCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher	createAEADBlockCipher_ARIA_GCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher	createAEADBlockCipher_Camellia_GCM()
protected org.bouncycastle.crypto.BlockCipher	createAESBlockCipher()
protected TlsCipher	createAESCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm)
protected org.bouncycastle.crypto.BlockCipher	createAESEngine()
protected org.bouncycastle.crypto.BlockCipher	createARIABlockCipher()
protected TlsCipher	createARIACipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm)
protected org.bouncycastle.crypto.BlockCipher	createARIAEngine()
protected org.bouncycastle.crypto.BlockCipher	createCamelliaBlockCipher()
protected TlsCipher	createCamelliaCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm)
protected org.bouncycastle.crypto.BlockCipher	createCamelliaEngine()
TlsCertificate	createCertificate(byte[] encoding) Create a TlsCertificate from a ASN.1 binary encoding of an X.509 certificate.
protected TlsCipher	createChaCha20Poly1305(TlsCryptoParameters cryptoParams)
protected TlsAEADCipher	createCipher_AES_CCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected TlsAEADCipher	createCipher_AES_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected TlsAEADCipher	createCipher_ARIA_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected TlsAEADCipher	createCipher_Camellia_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected TlsCipher	createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) Create a cipher for the specified encryption and MAC algorithms.
protected org.bouncycastle.crypto.BlockCipher	createDESedeBlockCipher()
protected TlsBlockCipher	createDESedeCipher(TlsCryptoParameters cryptoParams, int macAlgorithm)
TlsDHDomain	createDHDomain(TlsDHConfig dhConfig) Create an domain object supporting the domain parameters described in dhConfig.
org.bouncycastle.crypto.Digest	createDigest(short hashAlgorithm)
TlsECDomain	createECDomain(TlsECConfig ecConfig) Create an domain object supporting the domain parameters described in ecConfig.
protected TlsEncryptor	createEncryptor(TlsCertificate certificate) Return an encryptor based on the public key in certificate.
TlsHash	createHash(short algorithm) Create a suitable hash for the hash algorithm identifier passed in.
protected TlsHMAC	createHMAC_SSL(int macAlgorithm)
TlsHMAC	createHMAC(int macAlgorithm) Create a suitable HMAC for the MAC algorithm identifier passed in.
TlsHMAC	createHMAC(short hashAlgorithm) Create a suitable HMAC using the hash algorithm identifier passed in.
protected TlsHMAC	createMAC(TlsCryptoParameters cryptoParams, int macAlgorithm)
TlsNonceGenerator	createNonceGenerator(byte[] additionalSeedMaterial) Create a nonce generator.
protected TlsNullCipher	createNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm)
protected org.bouncycastle.crypto.StreamCipher	createRC4StreamCipher()
TlsSecret	createSecret(byte[] data) Create a TlsSecret object based provided data.
protected org.bouncycastle.crypto.BlockCipher	createSEEDBlockCipher()
protected TlsBlockCipher	createSEEDCipher(TlsCryptoParameters cryptoParams, int macAlgorithm)
TlsSRP6Client	createSRP6Client(TlsSRPConfig srpConfig) Create an SRP-6 client.
TlsSRP6Server	createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier) Create an SRP-6 server.
TlsSRP6VerifierGenerator	createSRP6VerifierGenerator(TlsSRPConfig srpConfig) Create an SRP-6 verifier generator.
TlsSecret	generateRSAPreMasterSecret(ProtocolVersion version) Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret
java.security.SecureRandom	getSecureRandom() Return the primary (safest) SecureRandom for this crypto.
boolean	hasAllRawSignatureAlgorithms() Return true if this TlsCrypto can perform raw signatures and verifications for all supported algorithms.
boolean	hasDHAgreement() Return true if this TlsCrypto can support DH key agreement.
boolean	hasECDHAgreement() Return true if this TlsCrypto can support ECDH key agreement.
boolean	hasEncryptionAlgorithm(int encryptionAlgorithm) Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
boolean	hasHashAlgorithm(short hashAlgorithm) Return true if this TlsCrypto can support the passed in hash algorithm.
boolean	hasMacAlgorithm(int macAlgorithm) Return true if this TlsCrypto can support the passed in MAC algorithm.
boolean	hasNamedGroup(int namedGroup) Return true if this TlsCrypto supports the passed in named group value.
boolean	hasRSAEncryption() Return true if this TlsCrypto can support RSA encryption/decryption.
boolean	hasSignatureAlgorithm(short signatureAlgorithm) Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).
boolean	hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm) Return true if this TlsCrypto can support the passed in signature algorithm.
boolean	hasSignatureScheme(int signatureScheme) Return true if this TlsCrypto can support the passed in signature scheme.
boolean	hasSRPAuthentication() Return true if this TlsCrypto can support SRP authentication.
TlsSecret	hkdfInit(short hashAlgorithm) Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.

Methods inherited from class org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto

adoptSecret

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BcTlsCrypto

public BcTlsCrypto(java.security.SecureRandom entropySource)

Method Detail

getSecureRandom

public java.security.SecureRandom getSecureRandom()

Description copied from interface: TlsCrypto

Return the primary (safest) SecureRandom for this crypto.

Returns:

a SecureRandom suitable for key generation.

createCertificate

public TlsCertificate createCertificate(byte[] encoding)
                                 throws java.io.IOException

Description copied from interface: TlsCrypto

Create a TlsCertificate from a ASN.1 binary encoding of an X.509 certificate.

Parameters:

encoding - DER/BER encoding of the certificate of interest.

Returns:

a TlsCertificate.

Throws:

java.io.IOException - if there is an issue on decoding or constructing the certificate.

createCipher

protected TlsCipher createCipher(TlsCryptoParameters cryptoParams,
                                 int encryptionAlgorithm,
                                 int macAlgorithm)
                          throws java.io.IOException

Description copied from class: AbstractTlsCrypto

Create a cipher for the specified encryption and MAC algorithms.

See enumeration classes EncryptionAlgorithm, MACAlgorithm for appropriate argument values.

Specified by:

createCipher in class AbstractTlsCrypto

Parameters:

cryptoParams - context specific parameters.

encryptionAlgorithm - the encryption algorithm to be employed by the cipher.

macAlgorithm - the MAC algorithm to be employed by the cipher.

Returns:

a TlsCipher implementing the encryption and MAC algorithm.

Throws:

java.io.IOException

createDHDomain

public TlsDHDomain createDHDomain(TlsDHConfig dhConfig)

Description copied from interface: TlsCrypto

Create an domain object supporting the domain parameters described in dhConfig.

Parameters:

dhConfig - the config describing the DH parameters to use.

Returns:

a TlsECDomain supporting the parameters in ecConfig.

createECDomain

public TlsECDomain createECDomain(TlsECConfig ecConfig)

Description copied from interface: TlsCrypto

Create an domain object supporting the domain parameters described in ecConfig.

Parameters:

ecConfig - the config describing the EC parameters to use.

Returns:

a TlsECDomain supporting the parameters in ecConfig.

createEncryptor

protected TlsEncryptor createEncryptor(TlsCertificate certificate)
                                throws java.io.IOException

Description copied from class: AbstractTlsCrypto

Return an encryptor based on the public key in certificate.

Specified by:

createEncryptor in class AbstractTlsCrypto

Parameters:

certificate - the certificate carrying the public key.

Returns:

a TlsEncryptor based on the certificate's public key.

Throws:

java.io.IOException

createNonceGenerator

public TlsNonceGenerator createNonceGenerator(byte[] additionalSeedMaterial)

Description copied from interface: TlsCrypto

Create a nonce generator. Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from this TlsCrypto's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.

Parameters:

additionalSeedMaterial - context-specific seed material

Returns:

a TlsNonceGenerator

hasAllRawSignatureAlgorithms

public boolean hasAllRawSignatureAlgorithms()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can perform raw signatures and verifications for all supported algorithms.

Returns:

true if this instance can perform raw signatures and verifications for all supported algorithms, false otherwise.

hasDHAgreement

public boolean hasDHAgreement()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support DH key agreement.

Returns:

true if this instance can support DH key agreement, false otherwise.

hasECDHAgreement

public boolean hasECDHAgreement()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support ECDH key agreement.

Returns:

true if this instance can support ECDH key agreement, false otherwise.

hasEncryptionAlgorithm

public boolean hasEncryptionAlgorithm(int encryptionAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.

Parameters:

encryptionAlgorithm - the algorithm of interest.

Returns:

true if encryptionAlgorithm is supported, false otherwise.

hasHashAlgorithm

public boolean hasHashAlgorithm(short hashAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in hash algorithm.

Parameters:

hashAlgorithm - the algorithm of interest.

Returns:

true if hashAlgorithm is supported, false otherwise.

hasMacAlgorithm

public boolean hasMacAlgorithm(int macAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in MAC algorithm.

Parameters:

macAlgorithm - the algorithm of interest.

Returns:

true if macAlgorithm is supported, false otherwise.

hasNamedGroup

public boolean hasNamedGroup(int namedGroup)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto supports the passed in named group value.

Returns:

true if this instance supports the passed in named group value.

hasRSAEncryption

public boolean hasRSAEncryption()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support RSA encryption/decryption.

Returns:

true if this instance can support RSA encryption/decryption, false otherwise.

hasSignatureAlgorithm

public boolean hasSignatureAlgorithm(short signatureAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

Parameters:

signatureAlgorithm - the algorithm of interest.

Returns:

true if signatureAlgorithm is supported, false otherwise.

hasSignatureAndHashAlgorithm

public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in signature algorithm.

Parameters:

sigAndHashAlgorithm - the algorithm of interest.

Returns:

true if sigAndHashAlgorithm is supported, false otherwise.

hasSignatureScheme

public boolean hasSignatureScheme(int signatureScheme)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in signature scheme.

Parameters:

signatureScheme - the scheme of interest.

Returns:

true if signatureScheme is supported, false otherwise.

hasSRPAuthentication

public boolean hasSRPAuthentication()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support SRP authentication.

Returns:

true if this instance can support SRP authentication, false otherwise.

createSecret

public TlsSecret createSecret(byte[] data)

Description copied from interface: TlsCrypto

Create a TlsSecret object based provided data.

Parameters:

data - the data to base the TlsSecret on.

Returns:

a TlsSecret based on random data.

generateRSAPreMasterSecret

public TlsSecret generateRSAPreMasterSecret(ProtocolVersion version)

Description copied from interface: TlsCrypto

Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret

Parameters:

version - the client version to place in the first 2 bytes

Returns:

a TlsSecret containing the PreMasterSecret.

createDigest

public org.bouncycastle.crypto.Digest createDigest(short hashAlgorithm)

createHash

public TlsHash createHash(short algorithm)

Description copied from interface: TlsCrypto

Create a suitable hash for the hash algorithm identifier passed in.

See enumeration class HashAlgorithm for appropriate argument values.

Parameters:

algorithm - the hash algorithm the hash needs to implement.

Returns:

a TlsHash.

cloneDigest

public static org.bouncycastle.crypto.Digest cloneDigest(short hashAlgorithm,
                                                         org.bouncycastle.crypto.Digest hash)

createAESCipher

protected TlsCipher createAESCipher(TlsCryptoParameters cryptoParams,
                                    int cipherKeySize,
                                    int macAlgorithm)
                             throws java.io.IOException

Throws:

java.io.IOException

createARIACipher

protected TlsCipher createARIACipher(TlsCryptoParameters cryptoParams,
                                     int cipherKeySize,
                                     int macAlgorithm)
                              throws java.io.IOException

Throws:

java.io.IOException

createCamelliaCipher

protected TlsCipher createCamelliaCipher(TlsCryptoParameters cryptoParams,
                                         int cipherKeySize,
                                         int macAlgorithm)
                                  throws java.io.IOException

Throws:

java.io.IOException

createChaCha20Poly1305

protected TlsCipher createChaCha20Poly1305(TlsCryptoParameters cryptoParams)
                                    throws java.io.IOException

Throws:

java.io.IOException

createCipher_AES_CCM

protected TlsAEADCipher createCipher_AES_CCM(TlsCryptoParameters cryptoParams,
                                             int cipherKeySize,
                                             int macSize)
                                      throws java.io.IOException

Throws:

java.io.IOException

createCipher_AES_GCM

protected TlsAEADCipher createCipher_AES_GCM(TlsCryptoParameters cryptoParams,
                                             int cipherKeySize,
                                             int macSize)
                                      throws java.io.IOException

Throws:

java.io.IOException

createCipher_ARIA_GCM

protected TlsAEADCipher createCipher_ARIA_GCM(TlsCryptoParameters cryptoParams,
                                              int cipherKeySize,
                                              int macSize)
                                       throws java.io.IOException

Throws:

java.io.IOException

createCipher_Camellia_GCM

protected TlsAEADCipher createCipher_Camellia_GCM(TlsCryptoParameters cryptoParams,
                                                  int cipherKeySize,
                                                  int macSize)
                                           throws java.io.IOException

Throws:

java.io.IOException

createDESedeCipher

protected TlsBlockCipher createDESedeCipher(TlsCryptoParameters cryptoParams,
                                            int macAlgorithm)
                                     throws java.io.IOException

Throws:

java.io.IOException

createNullCipher

protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams,
                                         int macAlgorithm)
                                  throws java.io.IOException

Throws:

java.io.IOException

createSEEDCipher

protected TlsBlockCipher createSEEDCipher(TlsCryptoParameters cryptoParams,
                                          int macAlgorithm)
                                   throws java.io.IOException

Throws:

java.io.IOException

createAESEngine

protected org.bouncycastle.crypto.BlockCipher createAESEngine()

createARIAEngine

protected org.bouncycastle.crypto.BlockCipher createARIAEngine()

createCamelliaEngine

protected org.bouncycastle.crypto.BlockCipher createCamelliaEngine()

createAESBlockCipher

protected org.bouncycastle.crypto.BlockCipher createAESBlockCipher()

createARIABlockCipher

protected org.bouncycastle.crypto.BlockCipher createARIABlockCipher()

createAEADBlockCipher_AES_CCM

protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_CCM()

createAEADBlockCipher_AES_GCM

protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_GCM()

createAEADBlockCipher_ARIA_GCM

protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_ARIA_GCM()

createAEADBlockCipher_Camellia_GCM

protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_Camellia_GCM()

createCamelliaBlockCipher

protected org.bouncycastle.crypto.BlockCipher createCamelliaBlockCipher()

createDESedeBlockCipher

protected org.bouncycastle.crypto.BlockCipher createDESedeBlockCipher()

createRC4StreamCipher

protected org.bouncycastle.crypto.StreamCipher createRC4StreamCipher()

createSEEDBlockCipher

protected org.bouncycastle.crypto.BlockCipher createSEEDBlockCipher()

createHMAC

public TlsHMAC createHMAC(short hashAlgorithm)

Description copied from interface: TlsCrypto

Create a suitable HMAC using the hash algorithm identifier passed in.

See enumeration class HashAlgorithm for appropriate argument values.

Parameters:

hashAlgorithm - the hash algorithm the HMAC should use.

Returns:

a TlsHMAC.

createHMAC

public TlsHMAC createHMAC(int macAlgorithm)

Description copied from interface: TlsCrypto

Create a suitable HMAC for the MAC algorithm identifier passed in.

See enumeration class MACAlgorithm for appropriate argument values.

Parameters:

macAlgorithm - the MAC algorithm the HMAC needs to match.

Returns:

a TlsHMAC.

createHMAC_SSL

protected TlsHMAC createHMAC_SSL(int macAlgorithm)
                          throws java.io.IOException

Throws:

java.io.IOException

createMAC

protected TlsHMAC createMAC(TlsCryptoParameters cryptoParams,
                            int macAlgorithm)
                     throws java.io.IOException

Throws:

java.io.IOException

createSRP6Client

public TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)

Description copied from interface: TlsCrypto

Create an SRP-6 client.

Parameters:

srpConfig - client config.

Returns:

an initialised SRP6 client object,

createSRP6Server

public TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig,
                                      java.math.BigInteger srpVerifier)

Description copied from interface: TlsCrypto

Create an SRP-6 server.

Parameters:

srpConfig - server config.

srpVerifier - the SRP6 verifier value.

Returns:

an initialised SRP6 server object.

createSRP6VerifierGenerator

public TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)

Description copied from interface: TlsCrypto

Create an SRP-6 verifier generator.

Parameters:

srpConfig - generator config.

Returns:

an initialized SRP6 verifier generator,

hkdfInit

public TlsSecret hkdfInit(short hashAlgorithm)

Description copied from interface: TlsCrypto

Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.

Parameters:

hashAlgorithm - the hash algorithm to instantiate HMAC with. See HashAlgorithm for values.