Package org.bouncycastle.tls.crypto
Interface TlsCrypto
-
- All Known Implementing Classes:
AbstractTlsCrypto
,BcTlsCrypto
,JcaTlsCrypto
public interface TlsCrypto
Service and object creation interface for the primitive types and services that are associated with cryptography in the API.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description TlsSecret
adoptSecret(TlsSecret secret)
Adopt the passed in secret, creating a new copy of it.TlsCertificate
createCertificate(byte[] encoding)
Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.TlsCertificate
createCertificate(short type, byte[] encoding)
Create a TlsCertificate from a ASN.1 binary encoding of a certificate.TlsCipher
createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm)
Create a cipher for the specified encryption and MAC algorithms.TlsDHDomain
createDHDomain(TlsDHConfig dhConfig)
Create a domain object supporting the domain parameters described in dhConfig.TlsECDomain
createECDomain(TlsECConfig ecConfig)
Create a domain object supporting the domain parameters described in ecConfig.TlsHash
createHash(int cryptoHashAlgorithm)
Create a suitable hash for the hash algorithm identifier passed in.TlsHMAC
createHMAC(int macAlgorithm)
Create a suitable HMAC for the MAC algorithm identifier passed in.TlsHMAC
createHMACForHash(int cryptoHashAlgorithm)
Create a suitable HMAC using the hash algorithm identifier passed in.TlsNonceGenerator
createNonceGenerator(byte[] additionalSeedMaterial)
Create a nonce generator.TlsSecret
createSecret(byte[] data)
Create a TlsSecret object based on provided data.TlsSRP6Client
createSRP6Client(TlsSRPConfig srpConfig)
Create an SRP-6 client.TlsSRP6Server
createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier)
Create an SRP-6 server.TlsSRP6VerifierGenerator
createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
Create an SRP-6 verifier generator.TlsSecret
generateRSAPreMasterSecret(ProtocolVersion clientVersion)
Create a TlsSecret object containing a randomly-generated RSA PreMasterSecretjava.security.SecureRandom
getSecureRandom()
Return the primary (safest) SecureRandom for this crypto.boolean
hasAnyStreamVerifiers(java.util.Vector signatureAndHashAlgorithms)
Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.boolean
hasAnyStreamVerifiersLegacy(short[] clientCertificateTypes)
Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.boolean
hasCryptoHashAlgorithm(int cryptoHashAlgorithm)
Return true if this TlsCrypto can support the passed in hash algorithm.boolean
hasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).boolean
hasDHAgreement()
Return true if this TlsCrypto can support DH key agreement.boolean
hasECDHAgreement()
Return true if this TlsCrypto can support ECDH key agreement.boolean
hasEncryptionAlgorithm(int encryptionAlgorithm)
Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.boolean
hasHKDFAlgorithm(int cryptoHashAlgorithm)
Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.boolean
hasMacAlgorithm(int macAlgorithm)
Return true if this TlsCrypto can support the passed in MAC algorithm.boolean
hasNamedGroup(int namedGroup)
Return true if this TlsCrypto supports the passed innamed group
value.boolean
hasRSAEncryption()
Return true if this TlsCrypto can support RSA encryption/decryption.boolean
hasSignatureAlgorithm(short signatureAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).boolean
hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm.boolean
hasSignatureScheme(int signatureScheme)
Return true if this TlsCrypto can support the passed in signature scheme.boolean
hasSRPAuthentication()
Return true if this TlsCrypto can support SRP authentication.TlsSecret
hkdfInit(int cryptoHashAlgorithm)
Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.
-
-
-
Method Detail
-
hasAnyStreamVerifiers
boolean hasAnyStreamVerifiers(java.util.Vector signatureAndHashAlgorithms)
Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms. This method is only relevant to handshakes negotiating (D)TLS 1.2.- Parameters:
signatureAndHashAlgorithms
- AVector
ofSignatureAndHashAlgorithm
values.- Returns:
- true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.
-
hasAnyStreamVerifiersLegacy
boolean hasAnyStreamVerifiersLegacy(short[] clientCertificateTypes)
Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms. This method is only relevant to handshakes negotiating (D)TLS versions older than 1.2.- Parameters:
clientCertificateTypes
- An array ofClientCertificateType
values.- Returns:
- true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.
-
hasCryptoHashAlgorithm
boolean hasCryptoHashAlgorithm(int cryptoHashAlgorithm)
Return true if this TlsCrypto can support the passed in hash algorithm.- Parameters:
cryptoHashAlgorithm
- the algorithm of interest.- Returns:
- true if cryptoHashAlgorithm is supported, false otherwise.
-
hasCryptoSignatureAlgorithm
boolean hasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).- Parameters:
cryptoSignatureAlgorithm
- the algorithm of interest.- Returns:
- true if cryptoSignatureAlgorithm is supported, false otherwise.
-
hasDHAgreement
boolean hasDHAgreement()
Return true if this TlsCrypto can support DH key agreement.- Returns:
- true if this instance can support DH key agreement, false otherwise.
-
hasECDHAgreement
boolean hasECDHAgreement()
Return true if this TlsCrypto can support ECDH key agreement.- Returns:
- true if this instance can support ECDH key agreement, false otherwise.
-
hasEncryptionAlgorithm
boolean hasEncryptionAlgorithm(int encryptionAlgorithm)
Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.- Parameters:
encryptionAlgorithm
- the algorithm of interest.- Returns:
- true if encryptionAlgorithm is supported, false otherwise.
-
hasHKDFAlgorithm
boolean hasHKDFAlgorithm(int cryptoHashAlgorithm)
Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.- Parameters:
cryptoHashAlgorithm
- the algorithm of interest.- Returns:
- true if HKDF is supported with cryptoHashAlgorithm, false otherwise.
-
hasMacAlgorithm
boolean hasMacAlgorithm(int macAlgorithm)
Return true if this TlsCrypto can support the passed in MAC algorithm.- Parameters:
macAlgorithm
- the algorithm of interest.- Returns:
- true if macAlgorithm is supported, false otherwise.
-
hasNamedGroup
boolean hasNamedGroup(int namedGroup)
Return true if this TlsCrypto supports the passed innamed group
value.- Returns:
- true if this instance supports the passed in
named group
value.
-
hasRSAEncryption
boolean hasRSAEncryption()
Return true if this TlsCrypto can support RSA encryption/decryption.- Returns:
- true if this instance can support RSA encryption/decryption, false otherwise.
-
hasSignatureAlgorithm
boolean hasSignatureAlgorithm(short signatureAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).- Parameters:
signatureAlgorithm
- the algorithm of interest.- Returns:
- true if signatureAlgorithm is supported, false otherwise.
-
hasSignatureAndHashAlgorithm
boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm.- Parameters:
sigAndHashAlgorithm
- the algorithm of interest.- Returns:
- true if sigAndHashAlgorithm is supported, false otherwise.
-
hasSignatureScheme
boolean hasSignatureScheme(int signatureScheme)
Return true if this TlsCrypto can support the passed in signature scheme.- Parameters:
signatureScheme
- the scheme of interest.- Returns:
- true if signatureScheme is supported, false otherwise.
-
hasSRPAuthentication
boolean hasSRPAuthentication()
Return true if this TlsCrypto can support SRP authentication.- Returns:
- true if this instance can support SRP authentication, false otherwise.
-
createSecret
TlsSecret createSecret(byte[] data)
Create a TlsSecret object based on provided data.- Parameters:
data
- the data to base the TlsSecret on.- Returns:
- a TlsSecret based on the provided data.
-
generateRSAPreMasterSecret
TlsSecret generateRSAPreMasterSecret(ProtocolVersion clientVersion)
Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret- Parameters:
clientVersion
- the client version to place in the first 2 bytes- Returns:
- a TlsSecret containing the PreMasterSecret.
-
getSecureRandom
java.security.SecureRandom getSecureRandom()
Return the primary (safest) SecureRandom for this crypto.- Returns:
- a SecureRandom suitable for key generation.
-
createCertificate
TlsCertificate createCertificate(byte[] encoding) throws java.io.IOException
Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.- Parameters:
encoding
- DER/BER encoding of the certificate of interest.- Returns:
- a TlsCertificate.
- Throws:
java.io.IOException
- if there is an issue on decoding or constructing the certificate.
-
createCertificate
TlsCertificate createCertificate(short type, byte[] encoding) throws java.io.IOException
Create a TlsCertificate from a ASN.1 binary encoding of a certificate.- Parameters:
type
- Certificate type as per IANA TLS Certificate Types registryencoding
- DER/BER encoding of the certificate of interest.- Returns:
- a TlsCertificate.
- Throws:
java.io.IOException
- if there is an issue on decoding or constructing the certificate.
-
createCipher
TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) throws java.io.IOException
Create a cipher for the specified encryption and MAC algorithms.See enumeration classes
EncryptionAlgorithm
,MACAlgorithm
for appropriate argument values.- Parameters:
cryptoParams
- context specific parameters.encryptionAlgorithm
- the encryption algorithm to be employed by the cipher.macAlgorithm
- the MAC algorithm to be employed by the cipher.- Returns:
- a
TlsCipher
implementing the encryption and MAC algorithms. - Throws:
java.io.IOException
-
createDHDomain
TlsDHDomain createDHDomain(TlsDHConfig dhConfig)
Create a domain object supporting the domain parameters described in dhConfig.- Parameters:
dhConfig
- the config describing the DH parameters to use.- Returns:
- a TlsDHDomain supporting the parameters in dhConfig.
-
createECDomain
TlsECDomain createECDomain(TlsECConfig ecConfig)
Create a domain object supporting the domain parameters described in ecConfig.- Parameters:
ecConfig
- the config describing the EC parameters to use.- Returns:
- a TlsECDomain supporting the parameters in ecConfig.
-
adoptSecret
TlsSecret adoptSecret(TlsSecret secret)
Adopt the passed in secret, creating a new copy of it.- Parameters:
secret
- the secret to make a copy of.- Returns:
- a TlsSecret based on the original secret.
-
createHash
TlsHash createHash(int cryptoHashAlgorithm)
Create a suitable hash for the hash algorithm identifier passed in.See enumeration class
CryptoHashAlgorithm
for appropriate argument values.- Parameters:
cryptoHashAlgorithm
- the hash algorithm the hash needs to implement.- Returns:
- a
TlsHash
.
-
createHMAC
TlsHMAC createHMAC(int macAlgorithm)
Create a suitable HMAC for the MAC algorithm identifier passed in.See enumeration class
MACAlgorithm
for appropriate argument values.- Parameters:
macAlgorithm
- the MAC algorithm the HMAC needs to match.- Returns:
- a
TlsHMAC
.
-
createHMACForHash
TlsHMAC createHMACForHash(int cryptoHashAlgorithm)
Create a suitable HMAC using the hash algorithm identifier passed in.See enumeration class
CryptoHashAlgorithm
for appropriate argument values.- Parameters:
cryptoHashAlgorithm
- the hash algorithm the HMAC should use.- Returns:
- a
TlsHMAC
.
-
createNonceGenerator
TlsNonceGenerator createNonceGenerator(byte[] additionalSeedMaterial)
Create a nonce generator. Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from thisTlsCrypto
's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.- Parameters:
additionalSeedMaterial
- context-specific seed material- Returns:
- a
TlsNonceGenerator
-
createSRP6Client
TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)
Create an SRP-6 client.- Parameters:
srpConfig
- client config.- Returns:
- an initialised SRP6 client object.
-
createSRP6Server
TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier)
Create an SRP-6 server.- Parameters:
srpConfig
- server config.srpVerifier
- the SRP6 verifier value.- Returns:
- an initialised SRP6 server object.
-
createSRP6VerifierGenerator
TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
Create an SRP-6 verifier generator.- Parameters:
srpConfig
- generator config.- Returns:
- an initialized SRP6 verifier generator.
-
hkdfInit
TlsSecret hkdfInit(int cryptoHashAlgorithm)
Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.- Parameters:
cryptoHashAlgorithm
- the hash algorithm to instantiate HMAC with. SeeCryptoHashAlgorithm
for values.
-
-