public class JcaTlsCrypto extends AbstractTlsCrypto
This class provides default implementations for everything. If you need to customise it, extend the class and override the appropriate methods.
Modifier | Constructor and Description |
---|---|
protected |
JcaTlsCrypto(org.bouncycastle.jcajce.util.JcaJceHelper helper,
java.security.SecureRandom entropySource,
java.security.SecureRandom nonceEntropySource)
Base constructor.
|
Modifier and Type | Method and Description |
---|---|
protected TlsAEADCipherImpl |
createAEADCipher(java.lang.String cipherName,
java.lang.String algorithm,
int keySize,
boolean isEncrypting)
If you want to create your own versions of the AEAD ciphers required, override this method.
|
protected TlsBlockCipherImpl |
createBlockCipher(java.lang.String cipherName,
java.lang.String algorithm,
int keySize,
boolean isEncrypting)
If you want to create your own versions of the block ciphers required, override this method.
|
protected TlsBlockCipherImpl |
createBlockCipherWithCBCImplicitIV(java.lang.String cipherName,
java.lang.String algorithm,
int keySize,
boolean isEncrypting)
If you want to create your own versions of the block ciphers for < TLS 1.1, override this method.
|
TlsCertificate |
createCertificate(byte[] encoding)
Create a TlsCertificate from a ASN.1 binary encoding of an X.509 certificate.
|
protected TlsCipher |
createCipher(TlsCryptoParameters cryptoParams,
int encryptionAlgorithm,
int macAlgorithm)
Create a cipher for the specified encryption and MAC algorithms.
|
TlsDHDomain |
createDHDomain(TlsDHConfig dhConfig)
Create an domain object supporting the domain parameters described in dhConfig.
|
TlsECDomain |
createECDomain(TlsECConfig ecConfig)
Create an domain object supporting the domain parameters described in ecConfig.
|
TlsEncryptor |
createEncryptor(TlsCertificate certificate)
Return an encryptor based on the public key in certificate.
|
TlsHash |
createHash(short algorithm)
Create a suitable hash for the hash algorithm identifier passed in.
|
TlsHash |
createHash(SignatureAndHashAlgorithm signatureAndHashAlgorithm)
Create a suitable hash for the signature algorithm identifier passed in.
|
protected TlsHash |
createHash(java.lang.String digestName)
If you want to create your own versions of Hash functions, override this method.
|
TlsHMAC |
createHMAC(int macAlgorithm)
Create a suitable HMAC for the MAC algorithm identifier passed in.
|
protected TlsHMAC |
createHMAC(java.lang.String hmacName)
If you want to create your own versions of HMACs, override this method.
|
protected TlsMAC |
createMAC(java.lang.String macName)
If you want to create your own versions of MACs, override this method.
|
byte[] |
createNonce(int size)
Create a nonce byte[] string.
|
protected TlsNullCipher |
createNullCipher(TlsCryptoParameters cryptoParams,
int macAlgorithm)
To disable the null cipher suite, override this method with one that throws an IOException.
|
TlsSecret |
createSecret(byte[] data)
Create a TlsSecret object based provided data.
|
TlsSRP6Client |
createSRP6Client(TlsSRPConfig srpConfig)
Create an SRP-6 client.
|
TlsSRP6Server |
createSRP6Server(TlsSRPConfig srpConfig,
java.math.BigInteger srpVerifier)
Create an SRP-6 server.
|
TlsSRP6VerifierGenerator |
createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
Create an SRP-6 verifier generator.
|
protected TlsStreamCipherImpl |
createStreamCipher(java.lang.String cipherName,
java.lang.String algorithm,
int keySize,
boolean isEncrypting)
If you want to create your own versions of stream ciphers, override this method.
|
TlsSecret |
generateRSAPreMasterSecret(ProtocolVersion version)
Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret
|
java.security.SecureRandom |
getSecureRandom()
Return the primary (safest) SecureRandom for this crypto.
|
boolean |
hasAllRawSignatureAlgorithms()
Return true if this TlsCrypto can perform raw signatures and verifications for all supported algorithms.
|
boolean |
hasDHAgreement()
Return true if this TlsCrypto can support DH key agreement.
|
boolean |
hasECDHAgreement()
Return true if this TlsCrypto can support ECDH key agreement.
|
boolean |
hasEncryptionAlgorithm(int encryptionAlgorithm)
Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
|
boolean |
hasHashAlgorithm(short hashAlgorithm)
Return true if this TlsCrypto can support the passed in hash algorithm.
|
boolean |
hasMacAlgorithm(int macAlgorithm)
Return true if this TlsCrypto can support the passed in MAC algorithm.
|
boolean |
hasNamedCurve(int curveID)
Return true if this TlsCrypto supports the passed in curveID.
|
boolean |
hasRSAEncryption()
Return true if this TlsCrypto can support RSA encryption/decryption.
|
boolean |
hasSignatureAlgorithm(int signatureAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm
(not necessarily in combination with EVERY hash algorithm).
|
boolean |
hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
Return true if this TlsCrypto can support the passed in signature algorithm.
|
boolean |
hasSRPAuthentication()
Return true if this TlsCrypto can support SRP authentication.
|
adoptSecret
protected JcaTlsCrypto(org.bouncycastle.jcajce.util.JcaJceHelper helper, java.security.SecureRandom entropySource, java.security.SecureRandom nonceEntropySource)
helper
- a JCA/JCE helper configured for the class's default provider.entropySource
- primary entropy source, used for key generation.nonceEntropySource
- secondary entropy source, used for nonce and IV generation.public byte[] createNonce(int size)
TlsCrypto
size
- the length, in bytes, of the nonce to generate.public java.security.SecureRandom getSecureRandom()
TlsCrypto
public TlsCertificate createCertificate(byte[] encoding) throws java.io.IOException
TlsCrypto
encoding
- DER/BER encoding of the certificate of interest.java.io.IOException
- if there is an issue on decoding or constructing the certificate.protected TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm) throws java.io.IOException
AbstractTlsCrypto
See enumeration classes EncryptionAlgorithm
, MACAlgorithm
for appropriate argument values.
createCipher
in class AbstractTlsCrypto
cryptoParams
- context specific parameters.encryptionAlgorithm
- the encryption algorithm to be employed by the cipher.macAlgorithm
- the MAC algorithm to be employed by the cipher.TlsCipher
implementing the encryption and MAC algorithm.java.io.IOException
public final TlsHMAC createHMAC(int macAlgorithm) throws java.io.IOException
TlsCrypto
See enumeration class MACAlgorithm
for appropriate argument values.
macAlgorithm
- the MAC algorithm the HMAC needs to match.java.io.IOException
public TlsSRP6Client createSRP6Client(TlsSRPConfig srpConfig)
TlsCrypto
srpConfig
- client config.public TlsSRP6Server createSRP6Server(TlsSRPConfig srpConfig, java.math.BigInteger srpVerifier)
TlsCrypto
srpConfig
- server config.srpVerifier
- the SRP6 verifier value.public TlsSRP6VerifierGenerator createSRP6VerifierGenerator(TlsSRPConfig srpConfig)
TlsCrypto
srpConfig
- generator config.public boolean hasAllRawSignatureAlgorithms()
TlsCrypto
public boolean hasDHAgreement()
TlsCrypto
public boolean hasECDHAgreement()
TlsCrypto
public boolean hasEncryptionAlgorithm(int encryptionAlgorithm)
TlsCrypto
encryptionAlgorithm
- the algorithm of interest.public boolean hasHashAlgorithm(short hashAlgorithm)
TlsCrypto
hashAlgorithm
- the algorithm of interest.public boolean hasMacAlgorithm(int macAlgorithm)
TlsCrypto
macAlgorithm
- the algorithm of interest.public boolean hasNamedCurve(int curveID)
TlsCrypto
public boolean hasRSAEncryption()
TlsCrypto
public boolean hasSignatureAlgorithm(int signatureAlgorithm)
TlsCrypto
signatureAlgorithm
- the algorithm of interest.public boolean hasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)
TlsCrypto
sigAndHashAlgorithm
- the algorithm of interest.public boolean hasSRPAuthentication()
TlsCrypto
public TlsSecret createSecret(byte[] data)
TlsCrypto
data
- the data to base the TlsSecret on.public TlsSecret generateRSAPreMasterSecret(ProtocolVersion version)
TlsCrypto
version
- the client version to place in the first 2 bytespublic TlsHash createHash(short algorithm)
TlsCrypto
algorithm
- the hash algorithm the hash needs to implement.public TlsHash createHash(SignatureAndHashAlgorithm signatureAndHashAlgorithm)
TlsCrypto
signatureAndHashAlgorithm
- the signature algorithm the hash needs to match.public TlsDHDomain createDHDomain(TlsDHConfig dhConfig)
TlsCrypto
dhConfig
- the config describing the DH parameters to use.public TlsECDomain createECDomain(TlsECConfig ecConfig)
TlsCrypto
ecConfig
- the config describing the EC parameters to use.public TlsEncryptor createEncryptor(TlsCertificate certificate) throws java.io.IOException
AbstractTlsCrypto
createEncryptor
in class AbstractTlsCrypto
certificate
- the certificate carrying the public key.java.io.IOException
protected TlsAEADCipherImpl createAEADCipher(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) throws java.security.GeneralSecurityException
cipherName
- the full name of the cipher (algorithm/mode/padding)algorithm
- the base algorithm namekeySize
- keySize (in bytes) for the cipher key.isEncrypting
- true if the cipher is for encryption, false otherwise.java.security.GeneralSecurityException
- in case of failure.protected TlsBlockCipherImpl createBlockCipher(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) throws java.security.GeneralSecurityException
cipherName
- the full name of the cipher (algorithm/mode/padding)algorithm
- the base algorithm namekeySize
- keySize (in bytes) for the cipher key.isEncrypting
- true if the cipher is for encryption, false otherwise.java.security.GeneralSecurityException
- in case of failure.protected TlsBlockCipherImpl createBlockCipherWithCBCImplicitIV(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) throws java.security.GeneralSecurityException
cipherName
- the full name of the cipher (algorithm/mode/padding)algorithm
- the base algorithm namekeySize
- keySize (in bytes) for the cipher key.isEncrypting
- true if the cipher is for encryption, false otherwise.java.security.GeneralSecurityException
- in case of failure.protected TlsStreamCipherImpl createStreamCipher(java.lang.String cipherName, java.lang.String algorithm, int keySize, boolean isEncrypting) throws java.security.GeneralSecurityException
cipherName
- the full name of the cipher (algorithm/mode/padding)algorithm
- the base algorithm namekeySize
- keySize (in bytes) for the cipher key.isEncrypting
- true if the cipher is for encryption, false otherwise.java.security.GeneralSecurityException
- in case of failure.protected TlsHMAC createHMAC(java.lang.String hmacName) throws java.security.GeneralSecurityException
hmacName
- the name of the HMAC required.java.security.GeneralSecurityException
- in case of failure.protected TlsMAC createMAC(java.lang.String macName) throws java.security.GeneralSecurityException
macName
- the name of the MAC required.java.security.GeneralSecurityException
- in case of failure.protected TlsHash createHash(java.lang.String digestName) throws java.security.GeneralSecurityException
digestName
- the name of the Hash function required.java.security.GeneralSecurityException
- in case of failure.protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm) throws java.io.IOException, java.security.GeneralSecurityException
macAlgorithm
- the name of the algorithm supporting the MAC.java.io.IOException
- in case of failure.java.security.GeneralSecurityException
- in case of a specific failure in the JCA/JCE layer.