public class BcTlsCrypto extends AbstractTlsCrypto
This class provides default implementations for everything. If you need to customise it, extend the class and override the appropriate methods.
Modifier and Type | Class and Description |
---|---|
class |
BcTlsCrypto.AeadOperator |
Constructor and Description |
---|
BcTlsCrypto(java.security.SecureRandom entropySource) |
Modifier and Type | Method and Description |
---|---|
static org.bouncycastle.crypto.Digest |
cloneDigest(short hashAlgorithm,
org.bouncycastle.crypto.Digest hash) |
protected org.bouncycastle.crypto.modes.AEADBlockCipher |
createAEADBlockCipher_AES_CCM() |
protected org.bouncycastle.crypto.modes.AEADBlockCipher |
createAEADBlockCipher_AES_GCM() |
protected org.bouncycastle.crypto.modes.AEADBlockCipher |
createAEADBlockCipher_AES_OCB() |
protected org.bouncycastle.crypto.modes.AEADBlockCipher |
createAEADBlockCipher_ARIA_GCM() |
protected org.bouncycastle.crypto.modes.AEADBlockCipher |
createAEADBlockCipher_Camellia_GCM() |
protected org.bouncycastle.crypto.BlockCipher |
createAESBlockCipher() |
protected TlsCipher |
createAESCipher(TlsCryptoParameters cryptoParams,
int cipherKeySize,
int macAlgorithm) |
protected org.bouncycastle.crypto.BlockCipher |
createAESEngine() |
protected org.bouncycastle.crypto.BlockCipher |
createARIABlockCipher() |
protected TlsCipher |
createARIACipher(TlsCryptoParameters cryptoParams,
int cipherKeySize,
int macAlgorithm) |
protected org.bouncycastle.crypto.BlockCipher |
createARIAEngine() |
protected org.bouncycastle.crypto.BlockCipher |
createCamelliaBlockCipher() |
protected TlsCipher |
createCamelliaCipher(TlsCryptoParameters cryptoParams,
int cipherKeySize,
int macAlgorithm) |
protected org.bouncycastle.crypto.BlockCipher |
createCamelliaEngine() |
TlsCertificate |
createCertificate(byte[] encoding)
Create a TlsCertificate from a ASN.1 binary encoding of an X.509 certificate.
|
protected TlsCipher |
createChaCha20Poly1305(TlsCryptoParameters cryptoParams) |
protected TlsAEADCipher |
createCipher_AES_CCM(TlsCryptoParameters cryptoParams,
int cipherKeySize,
int macSize) |
protected TlsAEADCipher |
createCipher_AES_GCM(TlsCryptoParameters cryptoParams,
int cipherKeySize,
int macSize) |
protected TlsAEADCipher |
createCipher_AES_OCB(TlsCryptoParameters cryptoParams,
int cipherKeySize,
int macSize) |
protected TlsAEADCipher |
createCipher_ARIA_GCM(TlsCryptoParameters cryptoParams,
int cipherKeySize,
int macSize) |
protected TlsAEADCipher |
createCipher_Camellia_GCM(TlsCryptoParameters cryptoParams,
int cipherKeySize,
int macSize) |
protected TlsCipher |
createCipher(TlsCryptoParameters cryptoParams,
int encryptionAlgorithm,
int macAlgorithm)
Create a cipher for the specified encryption and MAC algorithms.
|
protected org.bouncycastle.crypto.BlockCipher |
createDESedeBlockCipher() |
protected TlsBlockCipher |
createDESedeCipher(TlsCryptoParameters cryptoParams,
int macAlgorithm) |
TlsDHDomain |
createDHDomain(TlsDHConfig dhConfig)
Create an domain object supporting the domain parameters described in dhConfig.
|
org.bouncycastle.crypto.Digest |
createDigest(short hashAlgorithm) |
TlsECDomain |
createECDomain(TlsECConfig ecConfig)
Create an domain object supporting the domain parameters described in ecConfig.
|
protected TlsEncryptor |
createEncryptor(TlsCertificate certificate)
Return an encryptor based on the public key in certificate.
|
TlsHash |
createHash(short algorithm)
Create a suitable hash for the hash algorithm identifier passed in.
|
TlsHMAC |
createHMAC(int macAlgorithm)
Create a suitable HMAC for the MAC algorithm identifier passed in.
|
TlsHMAC |
createHMAC(short hashAlgorithm)
Create a suitable HMAC using the hash algorithm identifier passed in.
|
TlsNonceGenerator |
createNonceGenerator(byte[] additionalSeedMaterial)
Create a nonce generator.
|
protected TlsNullCipher |
createNullCipher(TlsCryptoParameters cryptoParams,
int macAlgorithm) |
protected org.bouncycastle.crypto.StreamCipher |
createRC4StreamCipher() |
TlsSecret |
createSecret(byte[] data)
Create a TlsSecret object based provided data.
|
protected org.bouncycastle.crypto.BlockCipher |
createSEEDBlockCipher() |
protected TlsBlockCipher |
createSEEDCipher(TlsCryptoParameters cryptoParams,
int macAlgorithm) |
TlsSRP6Client |
createSRP6Client(TlsSRPConfig srpConfig)
Create an SRP-6 client.
|
TlsSRP6Server |
createSRP6Server(TlsSRPConfig srpConfig,
java.math.BigInteger srpVerifier)
Create an SRP-6 server.
|
TlsSRP6VerifierGenerator |
createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
Create an SRP-6 verifier generator.
|
TlsSecret |
generateRSAPreMasterSecret(ProtocolVersion version)
Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret
|
java.security.SecureRandom |
getSecureRandom()
Return the primary (safest) SecureRandom for this crypto.
|
boolean |
hasAllRawSignatureAlgorithms()
Return true if this TlsCrypto can perform raw signatures and verifications for all supported algorithms.
|
boolean |
hasDHAgreement()
Return true if this TlsCrypto can support DH key agreement.
|
boolean |
hasECDHAgreement()
Return true if this TlsCrypto can support ECDH key agreement.
|
boolean |
hasEncryptionAlgorithm(int encryptionAlgorithm)
Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
|
boolean |
hasHashAlgorithm(short hashAlgorithm)
Return true if this TlsCrypto can support the passed in hash algorithm.
|
boolean |
hasMacAlgorithm(int macAlgorithm)
Return true if this TlsCrypto can support the passed in MAC algorithm.
|
boolean |
hasNamedGroup(int namedGroup)
Return true if this TlsCrypto supports the passed in
named group value. |
boolean |
hasRSAEncryption()
Return true if this TlsCrypto can support RSA encryption/decryption.
|
boolean |
hasSignatureAlgorithm(short signatureAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm
(not necessarily in combination with EVERY hash algorithm).
|
boolean |
hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm.
|
boolean |
hasSRPAuthentication()
Return true if this TlsCrypto can support SRP authentication.
|
TlsSecret |
hkdfInit(short hashAlgorithm)
Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.
|
adoptSecret
public java.security.SecureRandom getSecureRandom()
TlsCrypto
public TlsCertificate createCertificate(byte[] encoding) throws java.io.IOException
TlsCrypto
encoding
- DER/BER encoding of the certificate of interest.java.io.IOException
- if there is an issue on decoding or constructing the certificate.protected TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) throws java.io.IOException
AbstractTlsCrypto
See enumeration classes EncryptionAlgorithm
, MACAlgorithm
for appropriate argument values.
createCipher
in class AbstractTlsCrypto
cryptoParams
- context specific parameters.encryptionAlgorithm
- the encryption algorithm to be employed by the cipher.macAlgorithm
- the MAC algorithm to be employed by the cipher.TlsCipher
implementing the encryption and MAC algorithm.java.io.IOException
public TlsDHDomain createDHDomain(TlsDHConfig dhConfig)
TlsCrypto
dhConfig
- the config describing the DH parameters to use.public TlsECDomain createECDomain(TlsECConfig ecConfig)
TlsCrypto
ecConfig
- the config describing the EC parameters to use.protected TlsEncryptor createEncryptor(TlsCertificate certificate) throws java.io.IOException
AbstractTlsCrypto
createEncryptor
in class AbstractTlsCrypto
certificate
- the certificate carrying the public key.java.io.IOException
public TlsNonceGenerator createNonceGenerator(byte[] additionalSeedMaterial)
TlsCrypto
TlsCrypto
's entropy source, and from the provided additional seed material. The
output of each returned generator must be completely independent of the others.additionalSeedMaterial
- context-specific seed materialTlsNonceGenerator
public boolean hasAllRawSignatureAlgorithms()
TlsCrypto
public boolean hasDHAgreement()
TlsCrypto
public boolean hasECDHAgreement()
TlsCrypto
public boolean hasEncryptionAlgorithm(int encryptionAlgorithm)
TlsCrypto
encryptionAlgorithm
- the algorithm of interest.public boolean hasHashAlgorithm(short hashAlgorithm)
TlsCrypto
hashAlgorithm
- the algorithm of interest.public boolean hasMacAlgorithm(int macAlgorithm)
TlsCrypto
macAlgorithm
- the algorithm of interest.public boolean hasNamedGroup(int namedGroup)
TlsCrypto
named group
value.named group
value.public boolean hasRSAEncryption()
TlsCrypto
public boolean hasSignatureAlgorithm(short signatureAlgorithm)
TlsCrypto
signatureAlgorithm
- the algorithm of interest.public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
TlsCrypto
sigAndHashAlgorithm
- the algorithm of interest.public boolean hasSRPAuthentication()
TlsCrypto
public TlsSecret createSecret(byte[] data)
TlsCrypto
data
- the data to base the TlsSecret on.public TlsSecret generateRSAPreMasterSecret(ProtocolVersion version)
TlsCrypto
version
- the client version to place in the first 2 bytespublic org.bouncycastle.crypto.Digest createDigest(short hashAlgorithm)
public TlsHash createHash(short algorithm)
TlsCrypto
See enumeration class HashAlgorithm
for appropriate argument values.
algorithm
- the hash algorithm the hash needs to implement.TlsHash
.public static org.bouncycastle.crypto.Digest cloneDigest(short hashAlgorithm, org.bouncycastle.crypto.Digest hash)
protected TlsCipher createAESCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws java.io.IOException
java.io.IOException
protected TlsCipher createARIACipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws java.io.IOException
java.io.IOException
protected TlsCipher createCamelliaCipher(TlsCryptoParameters cryptoParams, int cipherKeySize, int macAlgorithm) throws java.io.IOException
java.io.IOException
protected TlsCipher createChaCha20Poly1305(TlsCryptoParameters cryptoParams) throws java.io.IOException
java.io.IOException
protected TlsAEADCipher createCipher_AES_CCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
java.io.IOException
protected TlsAEADCipher createCipher_AES_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
java.io.IOException
protected TlsAEADCipher createCipher_AES_OCB(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
java.io.IOException
protected TlsAEADCipher createCipher_ARIA_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
java.io.IOException
protected TlsAEADCipher createCipher_Camellia_GCM(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize) throws java.io.IOException
java.io.IOException
protected TlsBlockCipher createDESedeCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws java.io.IOException
java.io.IOException
protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws java.io.IOException
java.io.IOException
protected TlsBlockCipher createSEEDCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws java.io.IOException
java.io.IOException
protected org.bouncycastle.crypto.BlockCipher createAESEngine()
protected org.bouncycastle.crypto.BlockCipher createARIAEngine()
protected org.bouncycastle.crypto.BlockCipher createCamelliaEngine()
protected org.bouncycastle.crypto.BlockCipher createAESBlockCipher()
protected org.bouncycastle.crypto.BlockCipher createARIABlockCipher()
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_CCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_GCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_AES_OCB()
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_ARIA_GCM()
protected org.bouncycastle.crypto.modes.AEADBlockCipher createAEADBlockCipher_Camellia_GCM()
protected org.bouncycastle.crypto.BlockCipher createCamelliaBlockCipher()
protected org.bouncycastle.crypto.BlockCipher createDESedeBlockCipher()
protected org.bouncycastle.crypto.StreamCipher createRC4StreamCipher()
protected org.bouncycastle.crypto.BlockCipher createSEEDBlockCipher()
public TlsHMAC createHMAC(short hashAlgorithm)
TlsCrypto
See enumeration class HashAlgorithm
for appropriate argument values.
hashAlgorithm
- the hash algorithm the HMAC should use.TlsHMAC
.public TlsHMAC createHMAC(int macAlgorithm)
TlsCrypto
See enumeration class MACAlgorithm
for appropriate argument values.
macAlgorithm
- the MAC algorithm the HMAC needs to match.TlsHMAC
.public TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)
TlsCrypto
srpConfig
- client config.public TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier)
TlsCrypto
srpConfig
- server config.srpVerifier
- the SRP6 verifier value.public TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
TlsCrypto
srpConfig
- generator config.public TlsSecret hkdfInit(short hashAlgorithm)
TlsCrypto
hashAlgorithm
- the hash algorithm to instantiate HMAC with. See HashAlgorithm
for values.