Package org.bouncycastle.tls.crypto

Interface TlsCrypto

All Known Implementing Classes:
AbstractTlsCrypto, BcTlsCrypto, JcaTlsCrypto
public interface TlsCrypto
Service and object creation interface for the primitive types and services that are associated with cryptography in the API.

  • Method Details

    • hasAnyStreamVerifiers

      boolean hasAnyStreamVerifiers(Vector signatureAndHashAlgorithms)
      Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms. This method is only relevant to handshakes negotiating (D)TLS 1.2.
      Parameters:
      signatureAndHashAlgorithms - A Vector of SignatureAndHashAlgorithm values.
      Returns:
      true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

    • hasAnyStreamVerifiersLegacy

      boolean hasAnyStreamVerifiersLegacy(short[] clientCertificateTypes)
      Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms. This method is only relevant to handshakes negotiating (D)TLS versions older than 1.2.
      Parameters:
      clientCertificateTypes - An array of ClientCertificateType values.
      Returns:
      true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

    • hasCryptoHashAlgorithm

      boolean hasCryptoHashAlgorithm(int cryptoHashAlgorithm)
      Return true if this TlsCrypto can support the passed in hash algorithm.
      Parameters:
      cryptoHashAlgorithm - the algorithm of interest.
      Returns:
      true if cryptoHashAlgorithm is supported, false otherwise.

    • hasCryptoSignatureAlgorithm

      boolean hasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)
      Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).
      Parameters:
      cryptoSignatureAlgorithm - the algorithm of interest.
      Returns:
      true if cryptoSignatureAlgorithm is supported, false otherwise.

    • hasDHAgreement

      boolean hasDHAgreement()
      Return true if this TlsCrypto can support DH key agreement.
      Returns:
      true if this instance can support DH key agreement, false otherwise.

    • hasECDHAgreement

      boolean hasECDHAgreement()
      Return true if this TlsCrypto can support ECDH key agreement.
      Returns:
      true if this instance can support ECDH key agreement, false otherwise.

    • hasKemAgreement

      boolean hasKemAgreement()
      Return true if this TlsCrypto can support KEM key agreement.
      Returns:
      true if this instance can support KEM key agreement, false otherwise.

    • hasEncryptionAlgorithm

      boolean hasEncryptionAlgorithm(int encryptionAlgorithm)
      Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
      Parameters:
      encryptionAlgorithm - the algorithm of interest.
      Returns:
      true if encryptionAlgorithm is supported, false otherwise.

    • hasHKDFAlgorithm

      boolean hasHKDFAlgorithm(int cryptoHashAlgorithm)
      Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.
      Parameters:
      cryptoHashAlgorithm - the algorithm of interest.
      Returns:
      true if HKDF is supported with cryptoHashAlgorithm, false otherwise.

    • hasMacAlgorithm

      boolean hasMacAlgorithm(int macAlgorithm)
      Return true if this TlsCrypto can support the passed in MAC algorithm.
      Parameters:
      macAlgorithm - the algorithm of interest.
      Returns:
      true if macAlgorithm is supported, false otherwise.

    • hasNamedGroup

      boolean hasNamedGroup(int namedGroup)
      Return true if this TlsCrypto supports the passed in named group value.
      Returns:
      true if this instance supports the passed in named group value.

    • hasRSAEncryption

      boolean hasRSAEncryption()
      Return true if this TlsCrypto can support RSA encryption/decryption.
      Returns:
      true if this instance can support RSA encryption/decryption, false otherwise.

    • hasSignatureAlgorithm

      boolean hasSignatureAlgorithm(short signatureAlgorithm)
      Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).
      Parameters:
      signatureAlgorithm - the algorithm of interest.
      Returns:
      true if signatureAlgorithm is supported, false otherwise.

    • hasSignatureAndHashAlgorithm

      boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
      Return true if this TlsCrypto can support the passed in signature algorithm.
      Parameters:
      sigAndHashAlgorithm - the algorithm of interest.
      Returns:
      true if sigAndHashAlgorithm is supported, false otherwise.

    • hasSignatureScheme

      boolean hasSignatureScheme(int signatureScheme)
      Return true if this TlsCrypto can support the passed in signature scheme.
      Parameters:
      signatureScheme - the scheme of interest.
      Returns:
      true if signatureScheme is supported, false otherwise.

    • hasSRPAuthentication

      boolean hasSRPAuthentication()
      Return true if this TlsCrypto can support SRP authentication.
      Returns:
      true if this instance can support SRP authentication, false otherwise.

    • createSecret

      TlsSecret createSecret(byte[] data)
      Create a TlsSecret object based on provided data.
      Parameters:
      data - the data to base the TlsSecret on.
      Returns:
      a TlsSecret based on the provided data.

    • generateRSAPreMasterSecret

      TlsSecret generateRSAPreMasterSecret(ProtocolVersion clientVersion)
      Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret
      Parameters:
      clientVersion - the client version to place in the first 2 bytes
      Returns:
      a TlsSecret containing the PreMasterSecret.

    • getSecureRandom

      SecureRandom getSecureRandom()
      Return the primary (safest) SecureRandom for this crypto.
      Returns:
      a SecureRandom suitable for key generation.

    • createCertificate

      TlsCertificate createCertificate(byte[] encoding) throws IOException
      Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.
      Parameters:
      encoding - DER/BER encoding of the certificate of interest.
      Returns:
      a TlsCertificate.
      Throws:
      IOException - if there is an issue on decoding or constructing the certificate.

    • createCertificate

      TlsCertificate createCertificate(short type, byte[] encoding) throws IOException
      Create a TlsCertificate from a ASN.1 binary encoding of a certificate.
      Parameters:
      type - Certificate type as per IANA TLS Certificate Types registry
      encoding - DER/BER encoding of the certificate of interest.
      Returns:
      a TlsCertificate.
      Throws:
      IOException - if there is an issue on decoding or constructing the certificate.

    • createCipher

      TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) throws IOException
      Create a cipher for the specified encryption and MAC algorithms.

      See enumeration classes EncryptionAlgorithm, MACAlgorithm for appropriate argument values.

      Parameters:
      cryptoParams - context specific parameters.
      encryptionAlgorithm - the encryption algorithm to be employed by the cipher.
      macAlgorithm - the MAC algorithm to be employed by the cipher.
      Returns:
      a TlsCipher implementing the encryption and MAC algorithms.
      Throws:
      IOException

    • createDHDomain

      TlsDHDomain createDHDomain(TlsDHConfig dhConfig)
      Create a domain object supporting the domain parameters described in dhConfig.
      Parameters:
      dhConfig - the config describing the DH parameters to use.
      Returns:
      a TlsDHDomain supporting the parameters in dhConfig.

    • createECDomain

      TlsECDomain createECDomain(TlsECConfig ecConfig)
      Create a domain object supporting the domain parameters described in ecConfig.
      Parameters:
      ecConfig - the config describing the EC parameters to use.
      Returns:
      a TlsECDomain supporting the parameters in ecConfig.

    • createKemDomain

      TlsKemDomain createKemDomain(TlsKemConfig kemConfig)
      Create a domain object supporting the domain parameters described in kemConfig.
      Parameters:
      kemConfig - the config describing the KEM parameters to use.
      Returns:
      a TlsKemDomain supporting the parameters in kemConfig.

    • adoptSecret

      TlsSecret adoptSecret(TlsSecret secret)
      Adopt the passed in secret, creating a new copy of it.
      Parameters:
      secret - the secret to make a copy of.
      Returns:
      a TlsSecret based on the original secret.

    • createHash

      TlsHash createHash(int cryptoHashAlgorithm)
      Create a suitable hash for the hash algorithm identifier passed in.

      See enumeration class CryptoHashAlgorithm for appropriate argument values.

      Parameters:
      cryptoHashAlgorithm - the hash algorithm the hash needs to implement.
      Returns:
      a TlsHash.

    • createHMAC

      TlsHMAC createHMAC(int macAlgorithm)
      Create a suitable HMAC for the MAC algorithm identifier passed in.

      See enumeration class MACAlgorithm for appropriate argument values.

      Parameters:
      macAlgorithm - the MAC algorithm the HMAC needs to match.
      Returns:
      a TlsHMAC.

    • createHMACForHash

      TlsHMAC createHMACForHash(int cryptoHashAlgorithm)
      Create a suitable HMAC using the hash algorithm identifier passed in.

      See enumeration class CryptoHashAlgorithm for appropriate argument values.

      Parameters:
      cryptoHashAlgorithm - the hash algorithm the HMAC should use.
      Returns:
      a TlsHMAC.

    • createNonceGenerator

      TlsNonceGenerator createNonceGenerator(byte[] additionalSeedMaterial)
      Create a nonce generator. Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from this TlsCrypto's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.
      Parameters:
      additionalSeedMaterial - context-specific seed material
      Returns:
      a TlsNonceGenerator

    • createSRP6Client

      TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)
      Create an SRP-6 client.
      Parameters:
      srpConfig - client config.
      Returns:
      an initialised SRP6 client object.

    • createSRP6Server

      TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig, BigInteger srpVerifier)
      Create an SRP-6 server.
      Parameters:
      srpConfig - server config.
      srpVerifier - the SRP6 verifier value.
      Returns:
      an initialised SRP6 server object.

    • createSRP6VerifierGenerator

      TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
      Create an SRP-6 verifier generator.
      Parameters:
      srpConfig - generator config.
      Returns:
      an initialized SRP6 verifier generator.

    • hkdfInit

      TlsSecret hkdfInit(int cryptoHashAlgorithm)
      Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.
      Parameters:
      cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.