org.bouncycastle.tls.crypto.impl.jcajce

Class JcaTlsCrypto

java.lang.Object

org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto

org.bouncycastle.tls.crypto.impl.jcajce.JcaTlsCrypto

All Implemented Interfaces:

TlsCrypto

public class JcaTlsCrypto
extends AbstractTlsCrypto

Class for providing cryptographic services for TLS based on implementations in the JCA/JCE.

This class provides default implementations for everything. If you need to customise it, extend the class and override the appropriate methods.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	JcaTlsCrypto(org.bouncycastle.jcajce.util.JcaJceHelper helper, java.security.SecureRandom entropySource, java.security.SecureRandom nonceEntropySource) Base constructor.

Method Summary

Modifier and Type	Method and Description
byte[]	calculateKeyAgreement(java.lang.String agreementAlgorithm, java.security.PrivateKey privateKey, java.security.PublicKey publicKey, java.lang.String secretAlgorithm)
protected TlsAEADCipherImpl	createAEADCipher(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) If you want to create your own versions of the AEAD ciphers required, override this method.
protected TlsBlockCipherImpl	createBlockCipher(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) If you want to create your own versions of the block ciphers required, override this method.
protected TlsBlockCipherImpl	createBlockCipherWithCBCImplicitIV(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) If you want to create your own versions of the block ciphers for < TLS 1.1, override this method.
protected TlsBlockCipherImpl	createCBCBlockCipherImpl(TlsCryptoParameters cryptoParams, java.lang.String algorithm, int cipherKeySize, boolean forEncryption)
TlsCertificate	createCertificate(byte[] encoding) Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.
TlsCertificate	createCertificate(short type, byte[] encoding) Create a TlsCertificate from a ASN.1 binary encoding of a certificate.
protected TlsCipher	createCipher_CBC(TlsCryptoParameters cryptoParams, java.lang.String algorithm, int cipherKeySize, int macAlgorithm)
TlsCipher	createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) Create a cipher for the specified encryption and MAC algorithms.
TlsDHDomain	createDHDomain(TlsDHConfig dhConfig) Create a domain object supporting the domain parameters described in dhConfig.
TlsECDomain	createECDomain(TlsECConfig ecConfig) Create a domain object supporting the domain parameters described in ecConfig.
TlsHash	createHash(int cryptoHashAlgorithm) Create a suitable hash for the hash algorithm identifier passed in.
protected TlsHash	createHash(java.lang.String digestName) If you want to create your own versions of Hash functions, override this method.
protected TlsHMAC	createHMAC_SSL(int macAlgorithm)
TlsHMAC	createHMAC(int macAlgorithm) Create a suitable HMAC for the MAC algorithm identifier passed in.
TlsHMAC	createHMACForHash(int cryptoHashAlgorithm) Create a suitable HMAC using the hash algorithm identifier passed in.
protected TlsHMAC	createMAC(TlsCryptoParameters cryptoParams, int macAlgorithm)
TlsNonceGenerator	createNonceGenerator(byte[] additionalSeedMaterial) Create a nonce generator.
protected TlsNullCipher	createNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) To disable the null cipher suite, override this method with one that throws an IOException.
TlsSecret	createSecret(byte[] data) Create a TlsSecret object based on provided data.
TlsSRP6Client	createSRP6Client(TlsSRPConfig srpConfig) Create an SRP-6 client.
TlsSRP6Server	createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier) Create an SRP-6 server.
TlsSRP6VerifierGenerator	createSRP6VerifierGenerator(TlsSRPConfig srpConfig) Create an SRP-6 verifier generator.
protected TlsStreamSigner	createStreamSigner(SignatureAndHashAlgorithm algorithm, java.security.PrivateKey privateKey, boolean needsRandom)
protected TlsStreamSigner	createStreamSigner(java.lang.String algorithmName, java.security.spec.AlgorithmParameterSpec parameter, java.security.PrivateKey privateKey, boolean needsRandom)
protected TlsStreamVerifier	createStreamVerifier(DigitallySigned digitallySigned, java.security.PublicKey publicKey)
protected TlsStreamVerifier	createStreamVerifier(java.lang.String algorithmName, java.security.spec.AlgorithmParameterSpec parameter, byte[] signature, java.security.PublicKey publicKey)
protected Tls13Verifier	createTls13Verifier(java.lang.String algorithmName, java.security.spec.AlgorithmParameterSpec parameter, java.security.PublicKey publicKey)
protected TlsStreamSigner	createVerifyingStreamSigner(SignatureAndHashAlgorithm algorithm, java.security.PrivateKey privateKey, boolean needsRandom, java.security.PublicKey publicKey)
protected TlsStreamSigner	createVerifyingStreamSigner(java.lang.String algorithmName, java.security.spec.AlgorithmParameterSpec parameter, java.security.PrivateKey privateKey, boolean needsRandom, java.security.PublicKey publicKey)
TlsSecret	generateRSAPreMasterSecret(ProtocolVersion version) Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret
org.bouncycastle.jcajce.util.JcaJceHelper	getHelper()
java.security.AlgorithmParameters	getNamedGroupAlgorithmParameters(int namedGroup)
java.security.SecureRandom	getSecureRandom() Return the primary (safest) SecureRandom for this crypto.
java.security.AlgorithmParameters	getSignatureSchemeAlgorithmParameters(int signatureScheme)
boolean	hasAnyStreamVerifiers(java.util.Vector signatureAndHashAlgorithms) Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.
boolean	hasAnyStreamVerifiersLegacy(short[] clientCertificateTypes) Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.
boolean	hasCryptoHashAlgorithm(int cryptoHashAlgorithm) Return true if this TlsCrypto can support the passed in hash algorithm.
boolean	hasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm) Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).
boolean	hasDHAgreement() Return true if this TlsCrypto can support DH key agreement.
boolean	hasECDHAgreement() Return true if this TlsCrypto can support ECDH key agreement.
boolean	hasEncryptionAlgorithm(int encryptionAlgorithm) Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
boolean	hasHKDFAlgorithm(int cryptoHashAlgorithm) Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.
boolean	hasMacAlgorithm(int macAlgorithm) Return true if this TlsCrypto can support the passed in MAC algorithm.
boolean	hasNamedGroup(int namedGroup) Return true if this TlsCrypto supports the passed in named group value.
boolean	hasRSAEncryption() Return true if this TlsCrypto can support RSA encryption/decryption.
boolean	hasSignatureAlgorithm(short signatureAlgorithm) Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).
boolean	hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm) Return true if this TlsCrypto can support the passed in signature algorithm.
boolean	hasSignatureScheme(int signatureScheme) Return true if this TlsCrypto can support the passed in signature scheme.
boolean	hasSRPAuthentication() Return true if this TlsCrypto can support SRP authentication.
TlsSecret	hkdfInit(int cryptoHashAlgorithm) Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.
protected java.lang.Boolean	isSupportedEncryptionAlgorithm(int encryptionAlgorithm)
protected java.lang.Boolean	isSupportedNamedGroup(int namedGroup)
protected boolean	isUsableCipher(java.lang.String cipherAlgorithm, int keySize)
protected boolean	isUsableMAC(java.lang.String macAlgorithm)

Methods inherited from class org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto

adoptSecret

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JcaTlsCrypto

protected JcaTlsCrypto(org.bouncycastle.jcajce.util.JcaJceHelper helper,
                       java.security.SecureRandom entropySource,
                       java.security.SecureRandom nonceEntropySource)

Base constructor.

Parameters:

helper - a JCA/JCE helper configured for the class's default provider.

entropySource - primary entropy source, used for key generation.

nonceEntropySource - secondary entropy source, used for nonce and IV generation.

Method Detail

createNonceGenerator

public TlsNonceGenerator createNonceGenerator(byte[] additionalSeedMaterial)

Description copied from interface: TlsCrypto

Create a nonce generator. Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from this TlsCrypto's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.

Parameters:

additionalSeedMaterial - context-specific seed material

Returns:

a TlsNonceGenerator

getSecureRandom

public java.security.SecureRandom getSecureRandom()

Description copied from interface: TlsCrypto

Return the primary (safest) SecureRandom for this crypto.

Returns:

a SecureRandom suitable for key generation.

calculateKeyAgreement

public byte[] calculateKeyAgreement(java.lang.String agreementAlgorithm,
                                    java.security.PrivateKey privateKey,
                                    java.security.PublicKey publicKey,
                                    java.lang.String secretAlgorithm)
                             throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

createCertificate

public TlsCertificate createCertificate(byte[] encoding)
                                 throws java.io.IOException

Description copied from interface: TlsCrypto

Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.

Parameters:

encoding - DER/BER encoding of the certificate of interest.

Returns:

a TlsCertificate.

Throws:

java.io.IOException - if there is an issue on decoding or constructing the certificate.

createCertificate

public TlsCertificate createCertificate(short type,
                                        byte[] encoding)
                                 throws java.io.IOException

Description copied from interface: TlsCrypto

Create a TlsCertificate from a ASN.1 binary encoding of a certificate.

Parameters:

type - Certificate type as per IANA TLS Certificate Types registry

encoding - DER/BER encoding of the certificate of interest.

Returns:

a TlsCertificate.

Throws:

java.io.IOException - if there is an issue on decoding or constructing the certificate.

createCipher

public TlsCipher createCipher(TlsCryptoParameters cryptoParams,
                              int encryptionAlgorithm,
                              int macAlgorithm)
                       throws java.io.IOException

Description copied from interface: TlsCrypto

Create a cipher for the specified encryption and MAC algorithms.

See enumeration classes EncryptionAlgorithm, MACAlgorithm for appropriate argument values.

Parameters:

cryptoParams - context specific parameters.

encryptionAlgorithm - the encryption algorithm to be employed by the cipher.

macAlgorithm - the MAC algorithm to be employed by the cipher.

Returns:

a TlsCipher implementing the encryption and MAC algorithms.

Throws:

java.io.IOException

createHMAC

public TlsHMAC createHMAC(int macAlgorithm)

Description copied from interface: TlsCrypto

Create a suitable HMAC for the MAC algorithm identifier passed in.

See enumeration class MACAlgorithm for appropriate argument values.

Parameters:

macAlgorithm - the MAC algorithm the HMAC needs to match.

Returns:

a TlsHMAC.

createHMACForHash

public TlsHMAC createHMACForHash(int cryptoHashAlgorithm)

Description copied from interface: TlsCrypto

Create a suitable HMAC using the hash algorithm identifier passed in.

See enumeration class CryptoHashAlgorithm for appropriate argument values.

Parameters:

cryptoHashAlgorithm - the hash algorithm the HMAC should use.

Returns:

a TlsHMAC.

createHMAC_SSL

protected TlsHMAC createHMAC_SSL(int macAlgorithm)
                          throws java.security.GeneralSecurityException,
                                 java.io.IOException

Throws:

java.security.GeneralSecurityException

java.io.IOException

createMAC

protected TlsHMAC createMAC(TlsCryptoParameters cryptoParams,
                            int macAlgorithm)
                     throws java.security.GeneralSecurityException,
                            java.io.IOException

Throws:

java.security.GeneralSecurityException

java.io.IOException

createSRP6Client

public TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)

Description copied from interface: TlsCrypto

Create an SRP-6 client.

Parameters:

srpConfig - client config.

Returns:

an initialised SRP6 client object.

createSRP6Server

public TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig,
                                      java.math.BigInteger srpVerifier)

Description copied from interface: TlsCrypto

Create an SRP-6 server.

Parameters:

srpConfig - server config.

srpVerifier - the SRP6 verifier value.

Returns:

an initialised SRP6 server object.

createSRP6VerifierGenerator

public TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)

Description copied from interface: TlsCrypto

Create an SRP-6 verifier generator.

Parameters:

srpConfig - generator config.

Returns:

an initialized SRP6 verifier generator.

getNamedGroupAlgorithmParameters

public java.security.AlgorithmParameters getNamedGroupAlgorithmParameters(int namedGroup)
                                                                   throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

getSignatureSchemeAlgorithmParameters

public java.security.AlgorithmParameters getSignatureSchemeAlgorithmParameters(int signatureScheme)
                                                                        throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

hasAnyStreamVerifiers

public boolean hasAnyStreamVerifiers(java.util.Vector signatureAndHashAlgorithms)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms. This method is only relevant to handshakes negotiating (D)TLS 1.2.

Parameters:

signatureAndHashAlgorithms - A Vector of SignatureAndHashAlgorithm values.

Returns:

true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

hasAnyStreamVerifiersLegacy

public boolean hasAnyStreamVerifiersLegacy(short[] clientCertificateTypes)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms. This method is only relevant to handshakes negotiating (D)TLS versions older than 1.2.

Parameters:

clientCertificateTypes - An array of ClientCertificateType values.

Returns:

true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

hasCryptoHashAlgorithm

public boolean hasCryptoHashAlgorithm(int cryptoHashAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in hash algorithm.

Parameters:

cryptoHashAlgorithm - the algorithm of interest.

Returns:

true if cryptoHashAlgorithm is supported, false otherwise.

hasCryptoSignatureAlgorithm

public boolean hasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

Parameters:

cryptoSignatureAlgorithm - the algorithm of interest.

Returns:

true if cryptoSignatureAlgorithm is supported, false otherwise.

hasDHAgreement

public boolean hasDHAgreement()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support DH key agreement.

Returns:

true if this instance can support DH key agreement, false otherwise.

hasECDHAgreement

public boolean hasECDHAgreement()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support ECDH key agreement.

Returns:

true if this instance can support ECDH key agreement, false otherwise.

hasEncryptionAlgorithm

public boolean hasEncryptionAlgorithm(int encryptionAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.

Parameters:

encryptionAlgorithm - the algorithm of interest.

Returns:

true if encryptionAlgorithm is supported, false otherwise.

hasHKDFAlgorithm

public boolean hasHKDFAlgorithm(int cryptoHashAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.

Parameters:

cryptoHashAlgorithm - the algorithm of interest.

Returns:

true if HKDF is supported with cryptoHashAlgorithm, false otherwise.

hasMacAlgorithm

public boolean hasMacAlgorithm(int macAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in MAC algorithm.

Parameters:

macAlgorithm - the algorithm of interest.

Returns:

true if macAlgorithm is supported, false otherwise.

hasNamedGroup

public boolean hasNamedGroup(int namedGroup)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto supports the passed in named group value.

Returns:

true if this instance supports the passed in named group value.

hasRSAEncryption

public boolean hasRSAEncryption()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support RSA encryption/decryption.

Returns:

true if this instance can support RSA encryption/decryption, false otherwise.

hasSignatureAlgorithm

public boolean hasSignatureAlgorithm(short signatureAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

Parameters:

signatureAlgorithm - the algorithm of interest.

Returns:

true if signatureAlgorithm is supported, false otherwise.

hasSignatureAndHashAlgorithm

public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in signature algorithm.

Parameters:

sigAndHashAlgorithm - the algorithm of interest.

Returns:

true if sigAndHashAlgorithm is supported, false otherwise.

hasSignatureScheme

public boolean hasSignatureScheme(int signatureScheme)

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support the passed in signature scheme.

Parameters:

signatureScheme - the scheme of interest.

Returns:

true if signatureScheme is supported, false otherwise.

hasSRPAuthentication

public boolean hasSRPAuthentication()

Description copied from interface: TlsCrypto

Return true if this TlsCrypto can support SRP authentication.

Returns:

true if this instance can support SRP authentication, false otherwise.

createSecret

public TlsSecret createSecret(byte[] data)

Description copied from interface: TlsCrypto

Create a TlsSecret object based on provided data.

Parameters:

data - the data to base the TlsSecret on.

Returns:

a TlsSecret based on the provided data.

generateRSAPreMasterSecret

public TlsSecret generateRSAPreMasterSecret(ProtocolVersion version)

Description copied from interface: TlsCrypto

Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret

Parameters:

version - the client version to place in the first 2 bytes

Returns:

a TlsSecret containing the PreMasterSecret.

createHash

public TlsHash createHash(int cryptoHashAlgorithm)

Description copied from interface: TlsCrypto

Create a suitable hash for the hash algorithm identifier passed in.

See enumeration class CryptoHashAlgorithm for appropriate argument values.

Parameters:

cryptoHashAlgorithm - the hash algorithm the hash needs to implement.

Returns:

a TlsHash.

createDHDomain

public TlsDHDomain createDHDomain(TlsDHConfig dhConfig)

Description copied from interface: TlsCrypto

Create a domain object supporting the domain parameters described in dhConfig.

Parameters:

dhConfig - the config describing the DH parameters to use.

Returns:

a TlsDHDomain supporting the parameters in dhConfig.

createECDomain

public TlsECDomain createECDomain(TlsECConfig ecConfig)

Description copied from interface: TlsCrypto

Create a domain object supporting the domain parameters described in ecConfig.

Parameters:

ecConfig - the config describing the EC parameters to use.

Returns:

a TlsECDomain supporting the parameters in ecConfig.

hkdfInit

public TlsSecret hkdfInit(int cryptoHashAlgorithm)

Description copied from interface: TlsCrypto

Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.

Parameters:

cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

createAEADCipher

protected TlsAEADCipherImpl createAEADCipher(java.lang.String cipherName,
                                             java.lang.String algorithm,
                                             int keySize,
                                             boolean isEncrypting)
                                      throws java.security.GeneralSecurityException

If you want to create your own versions of the AEAD ciphers required, override this method.

Parameters:

cipherName - the full name of the cipher (algorithm/mode/padding)

algorithm - the base algorithm name

keySize - keySize (in bytes) for the cipher key.

isEncrypting - true if the cipher is for encryption, false otherwise.

Returns:

an AEAD cipher.

Throws:

java.security.GeneralSecurityException - in case of failure.

createBlockCipher

protected TlsBlockCipherImpl createBlockCipher(java.lang.String cipherName,
                                               java.lang.String algorithm,
                                               int keySize,
                                               boolean isEncrypting)
                                        throws java.security.GeneralSecurityException

If you want to create your own versions of the block ciphers required, override this method.

Parameters:

cipherName - the full name of the cipher (algorithm/mode/padding)

algorithm - the base algorithm name

keySize - keySize (in bytes) for the cipher key.

isEncrypting - true if the cipher is for encryption, false otherwise.

Returns:

a block cipher.

Throws:

java.security.GeneralSecurityException - in case of failure.

createBlockCipherWithCBCImplicitIV

protected TlsBlockCipherImpl createBlockCipherWithCBCImplicitIV(java.lang.String cipherName,
                                                                java.lang.String algorithm,
                                                                int keySize,
                                                                boolean isEncrypting)
                                                         throws java.security.GeneralSecurityException

If you want to create your own versions of the block ciphers for < TLS 1.1, override this method.

Parameters:

cipherName - the full name of the cipher (algorithm/mode/padding)

algorithm - the base algorithm name

keySize - keySize (in bytes) for the cipher key.

isEncrypting - true if the cipher is for encryption, false otherwise.

Returns:

a block cipher.

Throws:

java.security.GeneralSecurityException - in case of failure.

createHash

protected TlsHash createHash(java.lang.String digestName)
                      throws java.security.GeneralSecurityException

If you want to create your own versions of Hash functions, override this method.

Parameters:

digestName - the name of the Hash function required.

Returns:

a hash calculator.

Throws:

java.security.GeneralSecurityException - in case of failure.

createNullCipher

protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams,
                                         int macAlgorithm)
                                  throws java.io.IOException,
                                         java.security.GeneralSecurityException

To disable the null cipher suite, override this method with one that throws an IOException.

Parameters:

macAlgorithm - the name of the algorithm supporting the MAC.

Returns:

a null cipher suite implementation.

Throws:

java.io.IOException - in case of failure.

java.security.GeneralSecurityException - in case of a specific failure in the JCA/JCE layer.

createStreamSigner

protected TlsStreamSigner createStreamSigner(SignatureAndHashAlgorithm algorithm,
                                             java.security.PrivateKey privateKey,
                                             boolean needsRandom)
                                      throws java.io.IOException

Throws:

java.io.IOException

createStreamSigner

protected TlsStreamSigner createStreamSigner(java.lang.String algorithmName,
                                             java.security.spec.AlgorithmParameterSpec parameter,
                                             java.security.PrivateKey privateKey,
                                             boolean needsRandom)
                                      throws java.io.IOException

Throws:

java.io.IOException

createStreamVerifier

protected TlsStreamVerifier createStreamVerifier(DigitallySigned digitallySigned,
                                                 java.security.PublicKey publicKey)
                                          throws java.io.IOException

Throws:

java.io.IOException

createStreamVerifier

protected TlsStreamVerifier createStreamVerifier(java.lang.String algorithmName,
                                                 java.security.spec.AlgorithmParameterSpec parameter,
                                                 byte[] signature,
                                                 java.security.PublicKey publicKey)
                                          throws java.io.IOException

Throws:

java.io.IOException

createTls13Verifier

protected Tls13Verifier createTls13Verifier(java.lang.String algorithmName,
                                            java.security.spec.AlgorithmParameterSpec parameter,
                                            java.security.PublicKey publicKey)
                                     throws java.io.IOException

Throws:

java.io.IOException

createVerifyingStreamSigner

protected TlsStreamSigner createVerifyingStreamSigner(SignatureAndHashAlgorithm algorithm,
                                                      java.security.PrivateKey privateKey,
                                                      boolean needsRandom,
                                                      java.security.PublicKey publicKey)
                                               throws java.io.IOException

Throws:

java.io.IOException

createVerifyingStreamSigner

protected TlsStreamSigner createVerifyingStreamSigner(java.lang.String algorithmName,
                                                      java.security.spec.AlgorithmParameterSpec parameter,
                                                      java.security.PrivateKey privateKey,
                                                      boolean needsRandom,
                                                      java.security.PublicKey publicKey)
                                               throws java.io.IOException

Throws:

java.io.IOException

isSupportedEncryptionAlgorithm

protected java.lang.Boolean isSupportedEncryptionAlgorithm(int encryptionAlgorithm)

isSupportedNamedGroup

protected java.lang.Boolean isSupportedNamedGroup(int namedGroup)

isUsableCipher

protected boolean isUsableCipher(java.lang.String cipherAlgorithm,
                                 int keySize)

isUsableMAC

protected boolean isUsableMAC(java.lang.String macAlgorithm)

getHelper

public org.bouncycastle.jcajce.util.JcaJceHelper getHelper()

createCBCBlockCipherImpl

protected TlsBlockCipherImpl createCBCBlockCipherImpl(TlsCryptoParameters cryptoParams,
                                                      java.lang.String algorithm,
                                                      int cipherKeySize,
                                                      boolean forEncryption)
                                               throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

createCipher_CBC

protected TlsCipher createCipher_CBC(TlsCryptoParameters cryptoParams,
                                     java.lang.String algorithm,
                                     int cipherKeySize,
                                     int macAlgorithm)
                              throws java.security.GeneralSecurityException,
                                     java.io.IOException

Throws:

java.security.GeneralSecurityException

java.io.IOException