Class AbstractTlsCrypto

Namespace

Org.BouncyCastle.Tls.Crypto.Impl

Assembly

BouncyCastle.Cryptography.dll

Base class for a TlsCrypto implementation that provides some needed methods from elsewhere in the impl package.

public abstract class AbstractTlsCrypto : TlsCrypto

Inheritance

object

AbstractTlsCrypto

Implements

TlsCrypto

Derived

BcTlsCrypto

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Properties

SecureRandom

Return the primary (safest) SecureRandom for this crypto.

public abstract SecureRandom SecureRandom { get; }

Property Value

SecureRandom

a SecureRandom suitable for key generation.

Methods

AdoptSecret(TlsSecret)

Adopt the passed in secret, creating a new copy of it.

public virtual TlsSecret AdoptSecret(TlsSecret secret)

Parameters

secret TlsSecret

the secret to make a copy of.

Returns

TlsSecret

a TlsSecret based on the original secret.

CreateCertificate(byte[])

Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.

public virtual TlsCertificate CreateCertificate(byte[] encoding)

Parameters

encoding byte[]

DER/BER encoding of the certificate of interest.

Returns

TlsCertificate

a TlsCertificate.

Exceptions

IOException

if there is an issue on decoding or constructing the certificate.

CreateCertificate(short, byte[])

Create a TlsCertificate from an ASN.1 binary encoding of a certificate.

public abstract TlsCertificate CreateCertificate(short type, byte[] encoding)

Parameters

type short

Certificate type as per IANA TLS Certificate Types registry.

encoding byte[]

DER/BER encoding of the certificate of interest.

Returns

TlsCertificate

a TlsCertificate.

Exceptions

IOException

if there is an issue on decoding or constructing the certificate.

CreateCipher(TlsCryptoParameters, int, int)

Create a cipher for the specified encryption and MAC algorithms.

public abstract TlsCipher CreateCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm)

Parameters

cryptoParams TlsCryptoParameters

context specific parameters.

encryptionAlgorithm int

the encryption algorithm to be employed by the cipher.

macAlgorithm int

the MAC algorithm to be employed by the cipher.

Returns

TlsCipher

a TlsCipher implementing the encryption and MAC algorithms.

Remarks

See enumeration classes EncryptionAlgorithm, MacAlgorithm for appropriate argument values.

Exceptions

IOException

CreateDHDomain(TlsDHConfig)

Create a domain object supporting the domain parameters described in dhConfig.

public abstract TlsDHDomain CreateDHDomain(TlsDHConfig dhConfig)

Parameters

dhConfig TlsDHConfig

the config describing the DH parameters to use.

Returns

TlsDHDomain

a TlsDHDomain supporting the parameters in dhConfig.

CreateECDomain(TlsECConfig)

Create a domain object supporting the domain parameters described in ecConfig.

public abstract TlsECDomain CreateECDomain(TlsECConfig ecConfig)

Parameters

ecConfig TlsECConfig

the config describing the EC parameters to use.

Returns

TlsECDomain

a TlsECDomain supporting the parameters in ecConfig.

CreateHash(int)

Create a suitable hash for the hash algorithm identifier passed in.

public abstract TlsHash CreateHash(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm the hash needs to implement.

Returns

TlsHash

a TlsHash.

Remarks

See enumeration class CryptoHashAlgorithm for appropriate argument values.

CreateHmac(int)

Create a suitable HMAC for the MAC algorithm identifier passed in.

public abstract TlsHmac CreateHmac(int macAlgorithm)

Parameters

macAlgorithm int

the MAC algorithm the HMAC needs to match.

Returns

TlsHmac

a TlsHmac.

Remarks

See enumeration class MacAlgorithm for appropriate argument values.

CreateHmacForHash(int)

Create a suitable HMAC using the hash algorithm identifier passed in.

public abstract TlsHmac CreateHmacForHash(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm the HMAC should use.

Returns

TlsHmac

a TlsHmac.

Remarks

See enumeration class CryptoHashAlgorithm for appropriate argument values.

CreateKemDomain(TlsKemConfig)

Create a domain object supporting the domain parameters described in kemConfig.

public abstract TlsKemDomain CreateKemDomain(TlsKemConfig kemConfig)

Parameters

kemConfig TlsKemConfig

the config describing the KEM parameters to use.

Returns

TlsKemDomain

a TlsKemDomain supporting the parameters in kemConfig.

CreateNonceGenerator(byte[])

Create a nonce generator.

public abstract TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial)

Parameters

additionalSeedMaterial byte[]

context-specific seed material

Returns

TlsNonceGenerator

a TlsNonceGenerator.

Remarks

Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from this TlsCrypto's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.

CreateNonceGenerator(ReadOnlySpan<byte>)

public abstract TlsNonceGenerator CreateNonceGenerator(ReadOnlySpan<byte> additionalSeedMaterial)

Parameters

additionalSeedMaterial ReadOnlySpan<byte>

Returns

TlsNonceGenerator

CreateSecret(byte[])

Create a TlsSecret object based on provided data.

public abstract TlsSecret CreateSecret(byte[] data)

Parameters

data byte[]

the data to base the TlsSecret on.

Returns

TlsSecret

a TlsSecret based on the provided data.

CreateSrp6Client(TlsSrpConfig)

Create an SRP-6 client.

public abstract TlsSrp6Client CreateSrp6Client(TlsSrpConfig srpConfig)

Parameters

srpConfig TlsSrpConfig

client config.

Returns

TlsSrp6Client

an initialised SRP6 client object.

CreateSrp6Server(TlsSrpConfig, BigInteger)

Create an SRP-6 server.

public abstract TlsSrp6Server CreateSrp6Server(TlsSrpConfig srpConfig, BigInteger srpVerifier)

Parameters

srpConfig TlsSrpConfig

server config.

srpVerifier BigInteger

the SRP6 verifier value.

Returns

TlsSrp6Server

an initialised SRP6 server object.

CreateSrp6VerifierGenerator(TlsSrpConfig)

Create an SRP-6 verifier generator.

public abstract TlsSrp6VerifierGenerator CreateSrp6VerifierGenerator(TlsSrpConfig srpConfig)

Parameters

srpConfig TlsSrpConfig

generator config.

Returns

TlsSrp6VerifierGenerator

an initialized SRP6 verifier generator.

GenerateRsaPreMasterSecret(ProtocolVersion)

Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret

public abstract TlsSecret GenerateRsaPreMasterSecret(ProtocolVersion clientVersion)

Parameters

clientVersion ProtocolVersion

the client version to place in the first 2 bytes

Returns

TlsSecret

a TlsSecret containing the PreMasterSecret.

HasAnyStreamVerifiers(IList<SignatureAndHashAlgorithm>)

Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.

public abstract bool HasAnyStreamVerifiers(IList<SignatureAndHashAlgorithm> signatureAndHashAlgorithms)

Parameters

signatureAndHashAlgorithms IList<SignatureAndHashAlgorithm>

A list of SignatureAndHashAlgorithm values.

Returns

bool

true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

Remarks

This method is only relevant to handshakes negotiating (D)TLS 1.2.

HasAnyStreamVerifiersLegacy(short[])

Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.

public abstract bool HasAnyStreamVerifiersLegacy(short[] clientCertificateTypes)

Parameters

clientCertificateTypes short[]

An array of ClientCertificateType values.

Returns

bool

true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

Remarks

This method is only relevant to handshakes negotiating (D)TLS versions older than 1.2.

HasCryptoHashAlgorithm(int)

Return true if this TlsCrypto can support the passed in hash algorithm.

public abstract bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the algorithm of interest.

Returns

bool

true if cryptoHashAlgorithm is supported, false otherwise.

HasCryptoSignatureAlgorithm(int)

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

public abstract bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)

Parameters

cryptoSignatureAlgorithm int

the algorithm of interest.

Returns

bool

true if cryptoSignatureAlgorithm is supported, false otherwise.

HasDHAgreement()

Return true if this TlsCrypto can support DH key agreement.

public abstract bool HasDHAgreement()

Returns

bool

true if this instance can support DH key agreement, false otherwise.

HasECDHAgreement()

Return true if this TlsCrypto can support ECDH key agreement.

public abstract bool HasECDHAgreement()

Returns

bool

true if this instance can support ECDH key agreement, false otherwise.

HasEncryptionAlgorithm(int)

Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.

public abstract bool HasEncryptionAlgorithm(int encryptionAlgorithm)

Parameters

encryptionAlgorithm int

the algorithm of interest.

Returns

bool

true if encryptionAlgorithm is supported, false otherwise.

HasHkdfAlgorithm(int)

Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.

public abstract bool HasHkdfAlgorithm(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the algorithm of interest.

Returns

bool

true if HKDF is supported with cryptoHashAlgorithm, false otherwise.

HasKemAgreement()

Return true if this TlsCrypto can support KEM key agreement.

public abstract bool HasKemAgreement()

Returns

bool

true if this instance can support KEM key agreement, false otherwise.

HasMacAlgorithm(int)

Return true if this TlsCrypto can support the passed in MAC algorithm.

public abstract bool HasMacAlgorithm(int macAlgorithm)

Parameters

macAlgorithm int

the algorithm of interest.

Returns

bool

true if macAlgorithm is supported, false otherwise.

HasNamedGroup(int)

Return true if this TlsCrypto supports the passed in named group value.

public abstract bool HasNamedGroup(int namedGroup)

Parameters

namedGroup int

Returns

bool

true if this instance supports the passed in named group value.

HasRsaEncryption()

Return true if this TlsCrypto can support RSA encryption/decryption.

public abstract bool HasRsaEncryption()

Returns

bool

true if this instance can support RSA encryption/decryption, false otherwise.

HasSignatureAlgorithm(short)

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

public abstract bool HasSignatureAlgorithm(short signatureAlgorithm)

Parameters

signatureAlgorithm short

Returns

bool

true if signatureAlgorithm is supported, false otherwise.

HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm)

Return true if this TlsCrypto can support the passed in signature algorithm.

public abstract bool HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)

Parameters

sigAndHashAlgorithm SignatureAndHashAlgorithm

the algorithm of interest.

Returns

bool

true if sigAndHashAlgorithm is supported, false otherwise.

HasSignatureScheme(int)

Return true if this TlsCrypto can support the passed in signature scheme.

public abstract bool HasSignatureScheme(int signatureScheme)

Parameters

signatureScheme int

the scheme of interest.

Returns

bool

true if signatureScheme is supported, false otherwise.

HasSrpAuthentication()

Return true if this TlsCrypto can support SRP authentication.

public abstract bool HasSrpAuthentication()

Returns

bool

true if this instance can support SRP authentication, false otherwise.

HkdfInit(int)

Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.

public abstract TlsSecret HkdfInit(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

Returns

TlsSecret