Class BcTlsCrypto
- java.lang.Object
-
- org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto
-
- org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto
-
- All Implemented Interfaces:
TlsCrypto
public class BcTlsCrypto extends AbstractTlsCrypto
Class for providing cryptographic services for TLS based on implementations in the BC light-weight API.This class provides default implementations for everything. If you need to customise it, extend the class and override the appropriate methods.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
BcTlsCrypto.AeadOperator
-
Constructor Summary
Constructors Constructor Description BcTlsCrypto(java.security.SecureRandom entropySource)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static org.bouncycastle.crypto.Digest
cloneDigest(short hashAlgorithm, org.bouncycastle.crypto.Digest hash)
protected org.bouncycastle.crypto.modes.AEADBlockCipher
createAEADBlockCipher_AES_CCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher
createAEADBlockCipher_AES_GCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher
createAEADBlockCipher_AES_OCB()
protected org.bouncycastle.crypto.modes.AEADBlockCipher
createAEADBlockCipher_ARIA_GCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher
createAEADBlockCipher_Camellia_GCM()
protected org.bouncycastle.crypto.BlockCipher
createAESBlockCipher()
protected TlsCipher
createAESCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm)
protected org.bouncycastle.crypto.BlockCipher
createAESEngine()
protected org.bouncycastle.crypto.BlockCipher
createARIABlockCipher()
protected TlsCipher
createARIACipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm)
protected org.bouncycastle.crypto.BlockCipher
createARIAEngine()
protected org.bouncycastle.crypto.BlockCipher
createCamelliaBlockCipher()
protected TlsCipher
createCamelliaCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm)
protected org.bouncycastle.crypto.BlockCipher
createCamelliaEngine()
TlsCertificate
createCertificate(byte[] encoding)
Create a TlsCertificate from a ASN.1 binary encoding of an X.509 certificate.protected TlsCipher
createChaCha20Poly1305(TlsCryptoParameters cryptoParams)
protected TlsCipher
createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm)
Create a cipher for the specified encryption and MAC algorithms.protected TlsAEADCipher
createCipher_AES_CCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected TlsAEADCipher
createCipher_AES_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected TlsAEADCipher
createCipher_AES_OCB(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected TlsAEADCipher
createCipher_ARIA_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected TlsAEADCipher
createCipher_Camellia_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)
protected org.bouncycastle.crypto.BlockCipher
createDESedeBlockCipher()
protected TlsBlockCipher
createDESedeCipher(TlsCryptoParameters cryptoParams, int macAlgorithm)
TlsDHDomain
createDHDomain(TlsDHConfig dhConfig)
Create an domain object supporting the domain parameters described in dhConfig.org.bouncycastle.crypto.Digest
createDigest(short hashAlgorithm)
TlsECDomain
createECDomain(TlsECConfig ecConfig)
Create an domain object supporting the domain parameters described in ecConfig.protected TlsEncryptor
createEncryptor(TlsCertificate certificate)
Return an encryptor based on the public key in certificate.TlsHash
createHash(short algorithm)
Create a suitable hash for the hash algorithm identifier passed in.TlsHMAC
createHMAC(int macAlgorithm)
Create a suitable HMAC for the MAC algorithm identifier passed in.TlsHMAC
createHMAC(short hashAlgorithm)
Create a suitable HMAC using the hash algorithm identifier passed in.TlsNonceGenerator
createNonceGenerator(byte[] additionalSeedMaterial)
Create a nonce generator.protected TlsNullCipher
createNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm)
protected org.bouncycastle.crypto.StreamCipher
createRC4StreamCipher()
TlsSecret
createSecret(byte[] data)
Create a TlsSecret object based provided data.protected org.bouncycastle.crypto.BlockCipher
createSEEDBlockCipher()
protected TlsBlockCipher
createSEEDCipher(TlsCryptoParameters cryptoParams, int macAlgorithm)
TlsSRP6Client
createSRP6Client(TlsSRPConfig srpConfig)
Create an SRP-6 client.TlsSRP6Server
createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier)
Create an SRP-6 server.TlsSRP6VerifierGenerator
createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
Create an SRP-6 verifier generator.TlsSecret
generateRSAPreMasterSecret(ProtocolVersion version)
Create a TlsSecret object containing a randomly-generated RSA PreMasterSecretjava.security.SecureRandom
getSecureRandom()
Return the primary (safest) SecureRandom for this crypto.boolean
hasAllRawSignatureAlgorithms()
Return true if this TlsCrypto can perform raw signatures and verifications for all supported algorithms.boolean
hasDHAgreement()
Return true if this TlsCrypto can support DH key agreement.boolean
hasECDHAgreement()
Return true if this TlsCrypto can support ECDH key agreement.boolean
hasEncryptionAlgorithm(int encryptionAlgorithm)
Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.boolean
hasHashAlgorithm(short hashAlgorithm)
Return true if this TlsCrypto can support the passed in hash algorithm.boolean
hasMacAlgorithm(int macAlgorithm)
Return true if this TlsCrypto can support the passed in MAC algorithm.boolean
hasNamedGroup(int namedGroup)
Return true if this TlsCrypto supports the passed innamed group
value.boolean
hasRSAEncryption()
Return true if this TlsCrypto can support RSA encryption/decryption.boolean
hasSignatureAlgorithm(short signatureAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).boolean
hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm.boolean
hasSRPAuthentication()
Return true if this TlsCrypto can support SRP authentication.TlsSecret
hkdfInit(short hashAlgorithm)
Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.-
Methods inherited from class org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto
adoptSecret
-
-
-
-
Method Detail
-
getSecureRandom
public java.security.SecureRandom getSecureRandom()
Description copied from interface:TlsCrypto
Return the primary (safest) SecureRandom for this crypto.- Returns:
- a SecureRandom suitable for key generation.
-
createCertificate
public TlsCertificate createCertificate(byte[] encoding) throws java.io.IOException
Description copied from interface:TlsCrypto
Create a TlsCertificate from a ASN.1 binary encoding of an X.509 certificate.- Parameters:
encoding
- DER/BER encoding of the certificate of interest.- Returns:
- a TlsCertificate.
- Throws:
java.io.IOException
- if there is an issue on decoding or constructing the certificate.
-
createCipher
protected TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) throws java.io.IOException
Description copied from class:AbstractTlsCrypto
Create a cipher for the specified encryption and MAC algorithms.See enumeration classes
EncryptionAlgorithm
,MACAlgorithm
for appropriate argument values.- Specified by:
createCipher
in classAbstractTlsCrypto
- Parameters:
cryptoParams
- context specific parameters.encryptionAlgorithm
- the encryption algorithm to be employed by the cipher.macAlgorithm
- the MAC algorithm to be employed by the cipher.- Returns:
- a
TlsCipher
implementing the encryption and MAC algorithm. - Throws:
java.io.IOException
-
createDHDomain
public TlsDHDomain createDHDomain(TlsDHConfig dhConfig)
Description copied from interface:TlsCrypto
Create an domain object supporting the domain parameters described in dhConfig.- Parameters:
dhConfig
- the config describing the DH parameters to use.- Returns:
- a TlsECDomain supporting the parameters in ecConfig.
-
createECDomain
public TlsECDomain createECDomain(TlsECConfig ecConfig)
Description copied from interface:TlsCrypto
Create an domain object supporting the domain parameters described in ecConfig.- Parameters:
ecConfig
- the config describing the EC parameters to use.- Returns:
- a TlsECDomain supporting the parameters in ecConfig.
-
createEncryptor
protected TlsEncryptor createEncryptor(TlsCertificate certificate) throws java.io.IOException
Description copied from class:AbstractTlsCrypto
Return an encryptor based on the public key in certificate.- Specified by:
createEncryptor
in classAbstractTlsCrypto
- Parameters:
certificate
- the certificate carrying the public key.- Returns:
- a TlsEncryptor based on the certificate's public key.
- Throws:
java.io.IOException
-
createNonceGenerator
public TlsNonceGenerator createNonceGenerator(byte[] additionalSeedMaterial)
Description copied from interface:TlsCrypto
Create a nonce generator. Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from thisTlsCrypto
's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.- Parameters:
additionalSeedMaterial
- context-specific seed material- Returns:
- a
TlsNonceGenerator
-
hasAllRawSignatureAlgorithms
public boolean hasAllRawSignatureAlgorithms()
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can perform raw signatures and verifications for all supported algorithms.- Returns:
- true if this instance can perform raw signatures and verifications for all supported algorithms, false otherwise.
-
hasDHAgreement
public boolean hasDHAgreement()
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support DH key agreement.- Returns:
- true if this instance can support DH key agreement, false otherwise.
-
hasECDHAgreement
public boolean hasECDHAgreement()
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support ECDH key agreement.- Returns:
- true if this instance can support ECDH key agreement, false otherwise.
-
hasEncryptionAlgorithm
public boolean hasEncryptionAlgorithm(int encryptionAlgorithm)
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.- Parameters:
encryptionAlgorithm
- the algorithm of interest.- Returns:
- true if encryptionAlgorithm is supported, false otherwise.
-
hasHashAlgorithm
public boolean hasHashAlgorithm(short hashAlgorithm)
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support the passed in hash algorithm.- Parameters:
hashAlgorithm
- the algorithm of interest.- Returns:
- true if hashAlgorithm is supported, false otherwise.
-
hasMacAlgorithm
public boolean hasMacAlgorithm(int macAlgorithm)
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support the passed in MAC algorithm.- Parameters:
macAlgorithm
- the algorithm of interest.- Returns:
- true if macAlgorithm is supported, false otherwise.
-
hasNamedGroup
public boolean hasNamedGroup(int namedGroup)
Description copied from interface:TlsCrypto
Return true if this TlsCrypto supports the passed innamed group
value.- Returns:
- true if this instance supports the passed in
named group
value.
-
hasRSAEncryption
public boolean hasRSAEncryption()
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support RSA encryption/decryption.- Returns:
- true if this instance can support RSA encryption/decryption, false otherwise.
-
hasSignatureAlgorithm
public boolean hasSignatureAlgorithm(short signatureAlgorithm)
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).- Parameters:
signatureAlgorithm
- the algorithm of interest.- Returns:
- true if signatureAlgorithm is supported, false otherwise.
-
hasSignatureAndHashAlgorithm
public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support the passed in signature algorithm.- Parameters:
sigAndHashAlgorithm
- the algorithm of interest.- Returns:
- true if sigAndHashAlgorithm is supported, false otherwise.
-
hasSRPAuthentication
public boolean hasSRPAuthentication()
Description copied from interface:TlsCrypto
Return true if this TlsCrypto can support SRP authentication.- Returns:
- true if this instance can support SRP authentication, false otherwise.
-
createSecret
public TlsSecret createSecret(byte[] data)
Description copied from interface:TlsCrypto
Create a TlsSecret object based provided data.- Parameters:
data
- the data to base the TlsSecret on.- Returns:
- a TlsSecret based on random data.
-
generateRSAPreMasterSecret
public TlsSecret generateRSAPreMasterSecret(ProtocolVersion version)
Description copied from interface:TlsCrypto
Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret- Parameters:
version
- the client version to place in the first 2 bytes- Returns:
- a TlsSecret containing the PreMasterSecret.
-
createDigest
public org.bouncycastle.crypto.Digest createDigest(short hashAlgorithm)
-
createHash
public TlsHash createHash(short algorithm)
Description copied from interface:TlsCrypto
Create a suitable hash for the hash algorithm identifier passed in.See enumeration class
HashAlgorithm
for appropriate argument values.- Parameters:
algorithm
- the hash algorithm the hash needs to implement.- Returns:
- a
TlsHash
.
-
cloneDigest
public static org.bouncycastle.crypto.Digest cloneDigest(short hashAlgorithm, org.bouncycastle.crypto.Digest hash)
-
createAESCipher
protected TlsCipher createAESCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
createARIACipher
protected TlsCipher createARIACipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
createCamelliaCipher
protected TlsCipher createCamelliaCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
createChaCha20Poly1305
protected TlsCipher createChaCha20Poly1305(TlsCryptoParameters cryptoParams) throws java.io.IOException
- Throws:
java.io.IOException
-
createCipher_AES_CCM
protected TlsAEADCipher createCipher_AES_CCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
- Throws:
java.io.IOException
-
createCipher_AES_GCM
protected TlsAEADCipher createCipher_AES_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
- Throws:
java.io.IOException
-
createCipher_AES_OCB
protected TlsAEADCipher createCipher_AES_OCB(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
- Throws:
java.io.IOException
-
createCipher_ARIA_GCM
protected TlsAEADCipher createCipher_ARIA_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
- Throws:
java.io.IOException
-
createCipher_Camellia_GCM
protected TlsAEADCipher createCipher_Camellia_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
- Throws:
java.io.IOException
-
createDESedeCipher
protected TlsBlockCipher createDESedeCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
createNullCipher
protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
createSEEDCipher
protected TlsBlockCipher createSEEDCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws java.io.IOException
- Throws:
java.io.IOException
-
createAESEngine
protected org.bouncycastle.crypto.BlockCipher createAESEngine()
-
createARIAEngine
protected org.bouncycastle.crypto.BlockCipher createARIAEngine()
-
createCamelliaEngine
protected org.bouncycastle.crypto.BlockCipher createCamelliaEngine()
-
createAESBlockCipher
protected org.bouncycastle.crypto.BlockCipher createAESBlockCipher()
-
createARIABlockCipher
protected org.bouncycastle.crypto.BlockCipher createARIABlockCipher()
-
createAEADBlockCipher_AES_CCM
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_CCM()
-
createAEADBlockCipher_AES_GCM
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_GCM()
-
createAEADBlockCipher_AES_OCB
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_OCB()
-
createAEADBlockCipher_ARIA_GCM
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_ARIA_GCM()
-
createAEADBlockCipher_Camellia_GCM
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_Camellia_GCM()
-
createCamelliaBlockCipher
protected org.bouncycastle.crypto.BlockCipher createCamelliaBlockCipher()
-
createDESedeBlockCipher
protected org.bouncycastle.crypto.BlockCipher createDESedeBlockCipher()
-
createRC4StreamCipher
protected org.bouncycastle.crypto.StreamCipher createRC4StreamCipher()
-
createSEEDBlockCipher
protected org.bouncycastle.crypto.BlockCipher createSEEDBlockCipher()
-
createHMAC
public TlsHMAC createHMAC(short hashAlgorithm)
Description copied from interface:TlsCrypto
Create a suitable HMAC using the hash algorithm identifier passed in.See enumeration class
HashAlgorithm
for appropriate argument values.- Parameters:
hashAlgorithm
- the hash algorithm the HMAC should use.- Returns:
- a
TlsHMAC
.
-
createHMAC
public TlsHMAC createHMAC(int macAlgorithm)
Description copied from interface:TlsCrypto
Create a suitable HMAC for the MAC algorithm identifier passed in.See enumeration class
MACAlgorithm
for appropriate argument values.- Parameters:
macAlgorithm
- the MAC algorithm the HMAC needs to match.- Returns:
- a
TlsHMAC
.
-
createSRP6Client
public TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)
Description copied from interface:TlsCrypto
Create an SRP-6 client.- Parameters:
srpConfig
- client config.- Returns:
- an initialised SRP6 client object,
-
createSRP6Server
public TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier)
Description copied from interface:TlsCrypto
Create an SRP-6 server.- Parameters:
srpConfig
- server config.srpVerifier
- the SRP6 verifier value.- Returns:
- an initialised SRP6 server object.
-
createSRP6VerifierGenerator
public TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
Description copied from interface:TlsCrypto
Create an SRP-6 verifier generator.- Parameters:
srpConfig
- generator config.- Returns:
- an initialized SRP6 verifier generator,
-
hkdfInit
public TlsSecret hkdfInit(short hashAlgorithm)
Description copied from interface:TlsCrypto
Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.- Parameters:
hashAlgorithm
- the hash algorithm to instantiate HMAC with. SeeHashAlgorithm
for values.
-
-