public class JcaTlsCrypto extends AbstractTlsCrypto
This class provides default implementations for everything. If you need to customise it, extend the class and override the appropriate methods.
Modifier | Constructor and Description |
---|---|
protected |
JcaTlsCrypto(org.bouncycastle.jcajce.util.JcaJceHelper helper,
java.security.SecureRandom entropySource,
java.security.SecureRandom nonceEntropySource)
Base constructor.
|
Modifier and Type | Method and Description |
---|---|
byte[] |
calculateKeyAgreement(java.lang.String agreementAlgorithm,
java.security.PrivateKey privateKey,
java.security.PublicKey publicKey,
java.lang.String secretAlgorithm) |
protected TlsAEADCipherImpl |
createAEADCipher(java.lang.String cipherName,
java.lang.String algorithm,
int keySize,
boolean isEncrypting)
If you want to create your own versions of the AEAD ciphers required, override this method.
|
protected TlsBlockCipherImpl |
createBlockCipher(java.lang.String cipherName,
java.lang.String algorithm,
int keySize,
boolean isEncrypting)
If you want to create your own versions of the block ciphers required, override this method.
|
protected TlsBlockCipherImpl |
createBlockCipherWithCBCImplicitIV(java.lang.String cipherName,
java.lang.String algorithm,
int keySize,
boolean isEncrypting)
If you want to create your own versions of the block ciphers for < TLS 1.1, override this method.
|
TlsCertificate |
createCertificate(byte[] encoding)
Create a TlsCertificate from a ASN.1 binary encoding of an X.509 certificate.
|
protected TlsCipher |
createCipher(TlsCryptoParameters cryptoParams,
int encryptionAlgorithm,
int macAlgorithm)
Create a cipher for the specified encryption and MAC algorithms.
|
TlsDHDomain |
createDHDomain(TlsDHConfig dhConfig)
Create an domain object supporting the domain parameters described in dhConfig.
|
TlsECDomain |
createECDomain(TlsECConfig ecConfig)
Create an domain object supporting the domain parameters described in ecConfig.
|
TlsEncryptor |
createEncryptor(TlsCertificate certificate)
Return an encryptor based on the public key in certificate.
|
TlsHash |
createHash(short algorithm)
Create a suitable hash for the hash algorithm identifier passed in.
|
protected TlsHash |
createHash(java.lang.String digestName)
If you want to create your own versions of Hash functions, override this method.
|
TlsHMAC |
createHMAC(int macAlgorithm)
Create a suitable HMAC for the MAC algorithm identifier passed in.
|
protected TlsHMAC |
createHMAC(java.lang.String hmacName)
If you want to create your own versions of HMACs, override this method.
|
TlsNonceGenerator |
createNonceGenerator(byte[] additionalSeedMaterial)
Create a nonce generator.
|
protected TlsNullCipher |
createNullCipher(TlsCryptoParameters cryptoParams,
int macAlgorithm)
To disable the null cipher suite, override this method with one that throws an IOException.
|
TlsSecret |
createSecret(byte[] data)
Create a TlsSecret object based provided data.
|
TlsSRP6Client |
createSRP6Client(TlsSRPConfig srpConfig)
Create an SRP-6 client.
|
TlsSRP6Server |
createSRP6Server(TlsSRPConfig srpConfig,
java.math.BigInteger srpVerifier)
Create an SRP-6 server.
|
TlsSRP6VerifierGenerator |
createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
Create an SRP-6 verifier generator.
|
TlsSecret |
generateRSAPreMasterSecret(ProtocolVersion version)
Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret
|
org.bouncycastle.jcajce.util.JcaJceHelper |
getHelper() |
java.security.SecureRandom |
getSecureRandom()
Return the primary (safest) SecureRandom for this crypto.
|
boolean |
hasAllRawSignatureAlgorithms()
Return true if this TlsCrypto can perform raw signatures and verifications for all supported algorithms.
|
boolean |
hasDHAgreement()
Return true if this TlsCrypto can support DH key agreement.
|
boolean |
hasECDHAgreement()
Return true if this TlsCrypto can support ECDH key agreement.
|
boolean |
hasEncryptionAlgorithm(int encryptionAlgorithm)
Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
|
boolean |
hasHashAlgorithm(short hashAlgorithm)
Return true if this TlsCrypto can support the passed in hash algorithm.
|
boolean |
hasMacAlgorithm(int macAlgorithm)
Return true if this TlsCrypto can support the passed in MAC algorithm.
|
boolean |
hasNamedGroup(int namedGroup)
Return true if this TlsCrypto supports the passed in
named group value. |
boolean |
hasRSAEncryption()
Return true if this TlsCrypto can support RSA encryption/decryption.
|
boolean |
hasSignatureAlgorithm(short signatureAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm
(not necessarily in combination with EVERY hash algorithm).
|
boolean |
hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm.
|
boolean |
hasSRPAuthentication()
Return true if this TlsCrypto can support SRP authentication.
|
protected boolean |
isCurveSupported(java.lang.String curveName) |
adoptSecret
protected JcaTlsCrypto(org.bouncycastle.jcajce.util.JcaJceHelper helper, java.security.SecureRandom entropySource, java.security.SecureRandom nonceEntropySource)
helper
- a JCA/JCE helper configured for the class's default provider.entropySource
- primary entropy source, used for key generation.nonceEntropySource
- secondary entropy source, used for nonce and IV generation.public TlsNonceGenerator createNonceGenerator(byte[] additionalSeedMaterial)
TlsCrypto
TlsCrypto
's entropy source, and from the provided additional seed material. The
output of each returned generator must be completely independent of the others.additionalSeedMaterial
- context-specific seed materialTlsNonceGenerator
public java.security.SecureRandom getSecureRandom()
TlsCrypto
public byte[] calculateKeyAgreement(java.lang.String agreementAlgorithm, java.security.PrivateKey privateKey, java.security.PublicKey publicKey, java.lang.String secretAlgorithm) throws java.security.GeneralSecurityException
java.security.GeneralSecurityException
public TlsCertificate createCertificate(byte[] encoding) throws java.io.IOException
TlsCrypto
encoding
- DER/BER encoding of the certificate of interest.java.io.IOException
- if there is an issue on decoding or constructing the certificate.protected TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) throws java.io.IOException
AbstractTlsCrypto
See enumeration classes EncryptionAlgorithm
, MACAlgorithm
for appropriate argument values.
createCipher
in class AbstractTlsCrypto
cryptoParams
- context specific parameters.encryptionAlgorithm
- the encryption algorithm to be employed by the cipher.macAlgorithm
- the MAC algorithm to be employed by the cipher.TlsCipher
implementing the encryption and MAC algorithm.java.io.IOException
public TlsHMAC createHMAC(int macAlgorithm)
TlsCrypto
See enumeration class MACAlgorithm
for appropriate argument values.
macAlgorithm
- the MAC algorithm the HMAC needs to match.TlsHMAC
.public TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)
TlsCrypto
srpConfig
- client config.public TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier)
TlsCrypto
srpConfig
- server config.srpVerifier
- the SRP6 verifier value.public TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
TlsCrypto
srpConfig
- generator config.public boolean hasAllRawSignatureAlgorithms()
TlsCrypto
public boolean hasDHAgreement()
TlsCrypto
public boolean hasECDHAgreement()
TlsCrypto
public boolean hasEncryptionAlgorithm(int encryptionAlgorithm)
TlsCrypto
encryptionAlgorithm
- the algorithm of interest.public boolean hasHashAlgorithm(short hashAlgorithm)
TlsCrypto
hashAlgorithm
- the algorithm of interest.public boolean hasMacAlgorithm(int macAlgorithm)
TlsCrypto
macAlgorithm
- the algorithm of interest.public boolean hasNamedGroup(int namedGroup)
TlsCrypto
named group
value.named group
value.public boolean hasRSAEncryption()
TlsCrypto
public boolean hasSignatureAlgorithm(short signatureAlgorithm)
TlsCrypto
signatureAlgorithm
- the algorithm of interest.public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
TlsCrypto
sigAndHashAlgorithm
- the algorithm of interest.public boolean hasSRPAuthentication()
TlsCrypto
public TlsSecret createSecret(byte[] data)
TlsCrypto
data
- the data to base the TlsSecret on.public TlsSecret generateRSAPreMasterSecret(ProtocolVersion version)
TlsCrypto
version
- the client version to place in the first 2 bytespublic TlsHash createHash(short algorithm)
TlsCrypto
See enumeration class HashAlgorithm
for appropriate argument values.
algorithm
- the hash algorithm the hash needs to implement.TlsHash
.public TlsDHDomain createDHDomain(TlsDHConfig dhConfig)
TlsCrypto
dhConfig
- the config describing the DH parameters to use.public TlsECDomain createECDomain(TlsECConfig ecConfig)
TlsCrypto
ecConfig
- the config describing the EC parameters to use.public TlsEncryptor createEncryptor(TlsCertificate certificate) throws java.io.IOException
AbstractTlsCrypto
createEncryptor
in class AbstractTlsCrypto
certificate
- the certificate carrying the public key.java.io.IOException
protected TlsAEADCipherImpl createAEADCipher(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) throws java.security.GeneralSecurityException
cipherName
- the full name of the cipher (algorithm/mode/padding)algorithm
- the base algorithm namekeySize
- keySize (in bytes) for the cipher key.isEncrypting
- true if the cipher is for encryption, false otherwise.java.security.GeneralSecurityException
- in case of failure.protected TlsBlockCipherImpl createBlockCipher(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) throws java.security.GeneralSecurityException
cipherName
- the full name of the cipher (algorithm/mode/padding)algorithm
- the base algorithm namekeySize
- keySize (in bytes) for the cipher key.isEncrypting
- true if the cipher is for encryption, false otherwise.java.security.GeneralSecurityException
- in case of failure.protected TlsBlockCipherImpl createBlockCipherWithCBCImplicitIV(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) throws java.security.GeneralSecurityException
cipherName
- the full name of the cipher (algorithm/mode/padding)algorithm
- the base algorithm namekeySize
- keySize (in bytes) for the cipher key.isEncrypting
- true if the cipher is for encryption, false otherwise.java.security.GeneralSecurityException
- in case of failure.protected TlsHMAC createHMAC(java.lang.String hmacName)
hmacName
- the name of the HMAC required.protected TlsHash createHash(java.lang.String digestName) throws java.security.GeneralSecurityException
digestName
- the name of the Hash function required.java.security.GeneralSecurityException
- in case of failure.protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws java.io.IOException, java.security.GeneralSecurityException
macAlgorithm
- the name of the algorithm supporting the MAC.java.io.IOException
- in case of failure.java.security.GeneralSecurityException
- in case of a specific failure in the JCA/JCE layer.protected boolean isCurveSupported(java.lang.String curveName)
public org.bouncycastle.jcajce.util.JcaJceHelper getHelper()