Package org.bouncycastle.tls.crypto.impl.bc

Class BcTlsCrypto

java.lang.Object
org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto
org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto
All Implemented Interfaces:
TlsCrypto
public class BcTlsCrypto extends AbstractTlsCrypto
Class for providing cryptographic services for TLS based on implementations in the BC light-weight API.

This class provides default implementations for everything. If you need to customise it, extend the class and override the appropriate methods.

  • Constructor Details

    • BcTlsCrypto

      public BcTlsCrypto(SecureRandom entropySource)

  • Method Details

    • getSecureRandom

      public SecureRandom getSecureRandom()
      Description copied from interface: TlsCrypto
      Return the primary (safest) SecureRandom for this crypto.
      Returns:
      a SecureRandom suitable for key generation.

    • createCertificate

      public TlsCertificate createCertificate(byte[] encoding) throws IOException
      Description copied from interface: TlsCrypto
      Create a TlsCertificate from a ASN.1 binary encoding of an X.509 certificate.
      Parameters:
      encoding - DER/BER encoding of the certificate of interest.
      Returns:
      a TlsCertificate.
      Throws:
      IOException - if there is an issue on decoding or constructing the certificate.

    • createCipher

      public TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) throws IOException
      Description copied from interface: TlsCrypto
      Create a cipher for the specified encryption and MAC algorithms.

      See enumeration classes EncryptionAlgorithm, MACAlgorithm for appropriate argument values.

      Parameters:
      cryptoParams - context specific parameters.
      encryptionAlgorithm - the encryption algorithm to be employed by the cipher.
      macAlgorithm - the MAC algorithm to be employed by the cipher.
      Returns:
      a TlsCipher implementing the encryption and MAC algorithm.
      Throws:
      IOException

    • createDHDomain

      public TlsDHDomain createDHDomain(TlsDHConfig dhConfig)
      Description copied from interface: TlsCrypto
      Create an domain object supporting the domain parameters described in dhConfig.
      Parameters:
      dhConfig - the config describing the DH parameters to use.
      Returns:
      a TlsECDomain supporting the parameters in ecConfig.

    • createECDomain

      public TlsECDomain createECDomain(TlsECConfig ecConfig)
      Description copied from interface: TlsCrypto
      Create an domain object supporting the domain parameters described in ecConfig.
      Parameters:
      ecConfig - the config describing the EC parameters to use.
      Returns:
      a TlsECDomain supporting the parameters in ecConfig.

    • createEncryptor

      protected TlsEncryptor createEncryptor(TlsCertificate certificate) throws IOException
      Description copied from class: AbstractTlsCrypto
      Return an encryptor based on the public key in certificate.
      Specified by:
      createEncryptor in class AbstractTlsCrypto
      Parameters:
      certificate - the certificate carrying the public key.
      Returns:
      a TlsEncryptor based on the certificate's public key.
      Throws:
      IOException

    • createNonceGenerator

      public TlsNonceGenerator createNonceGenerator(byte[] additionalSeedMaterial)
      Description copied from interface: TlsCrypto
      Create a nonce generator. Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from this TlsCrypto's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.
      Parameters:
      additionalSeedMaterial - context-specific seed material
      Returns:
      a TlsNonceGenerator

    • hasAllRawSignatureAlgorithms

      public boolean hasAllRawSignatureAlgorithms()
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can perform raw signatures and verifications for all supported algorithms.
      Returns:
      true if this instance can perform raw signatures and verifications for all supported algorithms, false otherwise.

    • hasDHAgreement

      public boolean hasDHAgreement()
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support DH key agreement.
      Returns:
      true if this instance can support DH key agreement, false otherwise.

    • hasECDHAgreement

      public boolean hasECDHAgreement()
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support ECDH key agreement.
      Returns:
      true if this instance can support ECDH key agreement, false otherwise.

    • hasEncryptionAlgorithm

      public boolean hasEncryptionAlgorithm(int encryptionAlgorithm)
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
      Parameters:
      encryptionAlgorithm - the algorithm of interest.
      Returns:
      true if encryptionAlgorithm is supported, false otherwise.

    • hasHashAlgorithm

      public boolean hasHashAlgorithm(short hashAlgorithm)
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support the passed in hash algorithm.
      Parameters:
      hashAlgorithm - the algorithm of interest.
      Returns:
      true if hashAlgorithm is supported, false otherwise.

    • hasMacAlgorithm

      public boolean hasMacAlgorithm(int macAlgorithm)
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support the passed in MAC algorithm.
      Parameters:
      macAlgorithm - the algorithm of interest.
      Returns:
      true if macAlgorithm is supported, false otherwise.

    • hasNamedGroup

      public boolean hasNamedGroup(int namedGroup)
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto supports the passed in named group value.
      Returns:
      true if this instance supports the passed in named group value.

    • hasRSAEncryption

      public boolean hasRSAEncryption()
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support RSA encryption/decryption.
      Returns:
      true if this instance can support RSA encryption/decryption, false otherwise.

    • hasSignatureAlgorithm

      public boolean hasSignatureAlgorithm(short signatureAlgorithm)
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).
      Parameters:
      signatureAlgorithm - the algorithm of interest.
      Returns:
      true if signatureAlgorithm is supported, false otherwise.

    • hasSignatureAndHashAlgorithm

      public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support the passed in signature algorithm.
      Parameters:
      sigAndHashAlgorithm - the algorithm of interest.
      Returns:
      true if sigAndHashAlgorithm is supported, false otherwise.

    • hasSignatureScheme

      public boolean hasSignatureScheme(int signatureScheme)
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support the passed in signature scheme.
      Parameters:
      signatureScheme - the scheme of interest.
      Returns:
      true if signatureScheme is supported, false otherwise.

    • hasSRPAuthentication

      public boolean hasSRPAuthentication()
      Description copied from interface: TlsCrypto
      Return true if this TlsCrypto can support SRP authentication.
      Returns:
      true if this instance can support SRP authentication, false otherwise.

    • createSecret

      public TlsSecret createSecret(byte[] data)
      Description copied from interface: TlsCrypto
      Create a TlsSecret object based provided data.
      Parameters:
      data - the data to base the TlsSecret on.
      Returns:
      a TlsSecret based on random data.

    • generateRSAPreMasterSecret

      public TlsSecret generateRSAPreMasterSecret(ProtocolVersion version)
      Description copied from interface: TlsCrypto
      Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret
      Parameters:
      version - the client version to place in the first 2 bytes
      Returns:
      a TlsSecret containing the PreMasterSecret.

    • createDigest

      public org.bouncycastle.crypto.Digest createDigest(short hashAlgorithm)

    • createHash

      public TlsHash createHash(short algorithm)
      Description copied from interface: TlsCrypto
      Create a suitable hash for the hash algorithm identifier passed in.

      See enumeration class HashAlgorithm for appropriate argument values.

      Parameters:
      algorithm - the hash algorithm the hash needs to implement.
      Returns:
      a TlsHash.

    • cloneDigest

      public static org.bouncycastle.crypto.Digest cloneDigest(short hashAlgorithm, org.bouncycastle.crypto.Digest hash)

    • createAESCipher

      protected TlsCipher createAESCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws IOException
      Throws:
      IOException

    • createARIACipher

      protected TlsCipher createARIACipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws IOException
      Throws:
      IOException

    • createCamelliaCipher

      protected TlsCipher createCamelliaCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws IOException
      Throws:
      IOException

    • createChaCha20Poly1305

      protected TlsCipher createChaCha20Poly1305(TlsCryptoParameters cryptoParams) throws IOException
      Throws:
      IOException

    • createCipher_AES_CCM

      protected TlsAEADCipher createCipher_AES_CCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws IOException
      Throws:
      IOException

    • createCipher_AES_GCM

      protected TlsAEADCipher createCipher_AES_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws IOException
      Throws:
      IOException

    • createCipher_ARIA_GCM

      protected TlsAEADCipher createCipher_ARIA_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws IOException
      Throws:
      IOException

    • createCipher_Camellia_GCM

      protected TlsAEADCipher createCipher_Camellia_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws IOException
      Throws:
      IOException

    • createDESedeCipher

      protected TlsBlockCipher createDESedeCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws IOException
      Throws:
      IOException

    • createNullCipher

      protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws IOException
      Throws:
      IOException

    • createSEEDCipher

      protected TlsBlockCipher createSEEDCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws IOException
      Throws:
      IOException

    • createAESEngine

      protected org.bouncycastle.crypto.BlockCipher createAESEngine()

    • createARIAEngine

      protected org.bouncycastle.crypto.BlockCipher createARIAEngine()

    • createCamelliaEngine

      protected org.bouncycastle.crypto.BlockCipher createCamelliaEngine()

    • createAESBlockCipher

      protected org.bouncycastle.crypto.BlockCipher createAESBlockCipher()

    • createARIABlockCipher

      protected org.bouncycastle.crypto.BlockCipher createARIABlockCipher()

    • createAEADBlockCipher_AES_CCM

      protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_CCM()

    • createAEADBlockCipher_AES_GCM

      protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_GCM()

    • createAEADBlockCipher_ARIA_GCM

      protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_ARIA_GCM()

    • createAEADBlockCipher_Camellia_GCM

      protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_Camellia_GCM()

    • createCamelliaBlockCipher

      protected org.bouncycastle.crypto.BlockCipher createCamelliaBlockCipher()

    • createDESedeBlockCipher

      protected org.bouncycastle.crypto.BlockCipher createDESedeBlockCipher()

    • createRC4StreamCipher

      protected org.bouncycastle.crypto.StreamCipher createRC4StreamCipher()

    • createSEEDBlockCipher

      protected org.bouncycastle.crypto.BlockCipher createSEEDBlockCipher()

    • createHMAC

      public TlsHMAC createHMAC(short hashAlgorithm)
      Description copied from interface: TlsCrypto
      Create a suitable HMAC using the hash algorithm identifier passed in.

      See enumeration class HashAlgorithm for appropriate argument values.

      Parameters:
      hashAlgorithm - the hash algorithm the HMAC should use.
      Returns:
      a TlsHMAC.

    • createHMAC

      public TlsHMAC createHMAC(int macAlgorithm)
      Description copied from interface: TlsCrypto
      Create a suitable HMAC for the MAC algorithm identifier passed in.

      See enumeration class MACAlgorithm for appropriate argument values.

      Parameters:
      macAlgorithm - the MAC algorithm the HMAC needs to match.
      Returns:
      a TlsHMAC.

    • createHMAC_SSL

      protected TlsHMAC createHMAC_SSL(int macAlgorithm) throws IOException
      Throws:
      IOException

    • createMAC

      protected TlsHMAC createMAC(TlsCryptoParameters cryptoParams, int macAlgorithm) throws IOException
      Throws:
      IOException

    • createSRP6Client

      public TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)
      Description copied from interface: TlsCrypto
      Create an SRP-6 client.
      Parameters:
      srpConfig - client config.
      Returns:
      an initialised SRP6 client object,

    • createSRP6Server

      public TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig, BigInteger srpVerifier)
      Description copied from interface: TlsCrypto
      Create an SRP-6 server.
      Parameters:
      srpConfig - server config.
      srpVerifier - the SRP6 verifier value.
      Returns:
      an initialised SRP6 server object.

    • createSRP6VerifierGenerator

      public TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
      Description copied from interface: TlsCrypto
      Create an SRP-6 verifier generator.
      Parameters:
      srpConfig - generator config.
      Returns:
      an initialized SRP6 verifier generator,

    • hkdfInit

      public TlsSecret hkdfInit(short hashAlgorithm)
      Description copied from interface: TlsCrypto
      Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.
      Parameters:
      hashAlgorithm - the hash algorithm to instantiate HMAC with. See HashAlgorithm for values.