Table of Contents

Class BcTlsCrypto

Namespace
Org.BouncyCastle.Tls.Crypto.Impl.BC
Assembly
BouncyCastle.Cryptography.dll
public class BcTlsCrypto : AbstractTlsCrypto, TlsCrypto
Inheritance
BcTlsCrypto
Implements
Inherited Members

Constructors

BcTlsCrypto() 

public BcTlsCrypto()

BcTlsCrypto(SecureRandom) 

public BcTlsCrypto(SecureRandom entropySource)

Parameters

entropySource SecureRandom

Properties

SecureRandom

Return the primary (safest) SecureRandom for this crypto.

public override SecureRandom SecureRandom { get; }

Property Value

SecureRandom

a SecureRandom suitable for key generation.

Methods

CloneDigest(int, IDigest) 

public virtual IDigest CloneDigest(int cryptoHashAlgorithm, IDigest digest)

Parameters

cryptoHashAlgorithm int
digest IDigest

Returns

IDigest

CreateAeadCipher_Aes_Ccm() 

protected virtual CcmBlockCipher CreateAeadCipher_Aes_Ccm()

Returns

CcmBlockCipher

CreateAeadCipher_Aes_Gcm() 

protected virtual IAeadCipher CreateAeadCipher_Aes_Gcm()

Returns

IAeadCipher

CreateAeadCipher_Aria_Gcm() 

protected virtual IAeadCipher CreateAeadCipher_Aria_Gcm()

Returns

IAeadCipher

CreateAeadCipher_Camellia_Gcm() 

protected virtual IAeadCipher CreateAeadCipher_Camellia_Gcm()

Returns

IAeadCipher

CreateAeadCipher_SM4_Ccm() 

protected virtual CcmBlockCipher CreateAeadCipher_SM4_Ccm()

Returns

CcmBlockCipher

CreateAeadCipher_SM4_Gcm() 

protected virtual IAeadCipher CreateAeadCipher_SM4_Gcm()

Returns

IAeadCipher

CreateAesEngine() 

protected virtual IBlockCipher CreateAesEngine()

Returns

IBlockCipher

CreateAriaEngine() 

protected virtual IBlockCipher CreateAriaEngine()

Returns

IBlockCipher

CreateBlockCipher(int) 

protected virtual IBlockCipher CreateBlockCipher(int encryptionAlgorithm)

Parameters

encryptionAlgorithm int

Returns

IBlockCipher

CreateCamelliaEngine() 

protected virtual IBlockCipher CreateCamelliaEngine()

Returns

IBlockCipher

CreateCbcBlockCipher(IBlockCipher) 

protected virtual IBlockCipher CreateCbcBlockCipher(IBlockCipher blockCipher)

Parameters

blockCipher IBlockCipher

Returns

IBlockCipher

CreateCbcBlockCipher(int) 

protected virtual IBlockCipher CreateCbcBlockCipher(int encryptionAlgorithm)

Parameters

encryptionAlgorithm int

Returns

IBlockCipher

CreateCcmMode(IBlockCipher) 

protected virtual CcmBlockCipher CreateCcmMode(IBlockCipher engine)

Parameters

engine IBlockCipher

Returns

CcmBlockCipher

CreateCertificate(short, byte[])

Create a TlsCertificate from an ASN.1 binary encoding of a certificate.

public override TlsCertificate CreateCertificate(short type, byte[] encoding)

Parameters

type short

Certificate type as per IANA TLS Certificate Types registry.

encoding byte[]

DER/BER encoding of the certificate of interest.

Returns

TlsCertificate

a TlsCertificate.

Exceptions

IOException

if there is an issue on decoding or constructing the certificate.

CreateChaCha20Poly1305(TlsCryptoParameters) 

protected virtual TlsCipher CreateChaCha20Poly1305(TlsCryptoParameters cryptoParams)

Parameters

cryptoParams TlsCryptoParameters

Returns

TlsCipher

CreateCipher(TlsCryptoParameters, int, int)

Create a cipher for the specified encryption and MAC algorithms.

public override TlsCipher CreateCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm)

Parameters

cryptoParams TlsCryptoParameters

context specific parameters.

encryptionAlgorithm int

the encryption algorithm to be employed by the cipher.

macAlgorithm int

the MAC algorithm to be employed by the cipher.

Returns

TlsCipher

a TlsCipher implementing the encryption and MAC algorithms.

Remarks

See enumeration classes EncryptionAlgorithm, MacAlgorithm for appropriate argument values.

Exceptions

IOException

CreateCipher_Aes_Ccm(TlsCryptoParameters, int, int) 

protected virtual TlsAeadCipher CreateCipher_Aes_Ccm(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)

Parameters

cryptoParams TlsCryptoParameters
cipherKeySize int
macSize int

Returns

TlsAeadCipher

CreateCipher_Aes_Gcm(TlsCryptoParameters, int, int) 

protected virtual TlsAeadCipher CreateCipher_Aes_Gcm(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)

Parameters

cryptoParams TlsCryptoParameters
cipherKeySize int
macSize int

Returns

TlsAeadCipher

CreateCipher_Aria_Gcm(TlsCryptoParameters, int, int) 

protected virtual TlsAeadCipher CreateCipher_Aria_Gcm(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)

Parameters

cryptoParams TlsCryptoParameters
cipherKeySize int
macSize int

Returns

TlsAeadCipher

CreateCipher_Camellia_Gcm(TlsCryptoParameters, int, int) 

protected virtual TlsAeadCipher CreateCipher_Camellia_Gcm(TlsCryptoParameters cryptoParams, int cipherKeySize, int macSize)

Parameters

cryptoParams TlsCryptoParameters
cipherKeySize int
macSize int

Returns

TlsAeadCipher

CreateCipher_Cbc(TlsCryptoParameters, int, int, int) 

protected virtual TlsCipher CreateCipher_Cbc(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int cipherKeySize, int macAlgorithm)

Parameters

cryptoParams TlsCryptoParameters
encryptionAlgorithm int
cipherKeySize int
macAlgorithm int

Returns

TlsCipher

CreateCipher_SM4_Ccm(TlsCryptoParameters) 

protected virtual TlsAeadCipher CreateCipher_SM4_Ccm(TlsCryptoParameters cryptoParams)

Parameters

cryptoParams TlsCryptoParameters

Returns

TlsAeadCipher

CreateCipher_SM4_Gcm(TlsCryptoParameters) 

protected virtual TlsAeadCipher CreateCipher_SM4_Gcm(TlsCryptoParameters cryptoParams)

Parameters

cryptoParams TlsCryptoParameters

Returns

TlsAeadCipher

CreateDHDomain(TlsDHConfig)

Create a domain object supporting the domain parameters described in dhConfig.

public override TlsDHDomain CreateDHDomain(TlsDHConfig dhConfig)

Parameters

dhConfig TlsDHConfig

the config describing the DH parameters to use.

Returns

TlsDHDomain

a TlsDHDomain supporting the parameters in dhConfig.

CreateDesEdeEngine() 

protected virtual IBlockCipher CreateDesEdeEngine()

Returns

IBlockCipher

CreateDigest(int) 

public virtual IDigest CreateDigest(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

Returns

IDigest

CreateECDomain(TlsECConfig)

Create a domain object supporting the domain parameters described in ecConfig.

public override TlsECDomain CreateECDomain(TlsECConfig ecConfig)

Parameters

ecConfig TlsECConfig

the config describing the EC parameters to use.

Returns

TlsECDomain

a TlsECDomain supporting the parameters in ecConfig.

CreateGcmMode(IBlockCipher) 

protected virtual IAeadCipher CreateGcmMode(IBlockCipher engine)

Parameters

engine IBlockCipher

Returns

IAeadCipher

CreateHash(int)

Create a suitable hash for the hash algorithm identifier passed in.

public override TlsHash CreateHash(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm the hash needs to implement.

Returns

TlsHash

a TlsHash.

Remarks

See enumeration class CryptoHashAlgorithm for appropriate argument values.

CreateHmac(int)

Create a suitable HMAC for the MAC algorithm identifier passed in.

public override TlsHmac CreateHmac(int macAlgorithm)

Parameters

macAlgorithm int

the MAC algorithm the HMAC needs to match.

Returns

TlsHmac

a TlsHmac.

Remarks

See enumeration class MacAlgorithm for appropriate argument values.

CreateHmacForHash(int)

Create a suitable HMAC using the hash algorithm identifier passed in.

public override TlsHmac CreateHmacForHash(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm the HMAC should use.

Returns

TlsHmac

a TlsHmac.

Remarks

See enumeration class CryptoHashAlgorithm for appropriate argument values.

CreateHmac_Ssl(int) 

protected virtual TlsHmac CreateHmac_Ssl(int macAlgorithm)

Parameters

macAlgorithm int

Returns

TlsHmac

CreateKemDomain(TlsKemConfig)

Create a domain object supporting the domain parameters described in kemConfig.

public override TlsKemDomain CreateKemDomain(TlsKemConfig kemConfig)

Parameters

kemConfig TlsKemConfig

the config describing the KEM parameters to use.

Returns

TlsKemDomain

a TlsKemDomain supporting the parameters in kemConfig.

CreateMac(TlsCryptoParameters, int) 

protected virtual TlsHmac CreateMac(TlsCryptoParameters cryptoParams, int macAlgorithm)

Parameters

cryptoParams TlsCryptoParameters
macAlgorithm int

Returns

TlsHmac

CreateNonceGenerator(byte[])

Create a nonce generator.

public override TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial)

Parameters

additionalSeedMaterial byte[]

context-specific seed material

Returns

TlsNonceGenerator

a TlsNonceGenerator.

Remarks

Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from this TlsCrypto's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.

CreateNonceGenerator(ReadOnlySpan<byte>) 

public override TlsNonceGenerator CreateNonceGenerator(ReadOnlySpan<byte> additionalSeedMaterial)

Parameters

additionalSeedMaterial ReadOnlySpan<byte>

Returns

TlsNonceGenerator

CreateNullCipher(TlsCryptoParameters, int) 

protected virtual TlsNullCipher CreateNullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm)

Parameters

cryptoParams TlsCryptoParameters
macAlgorithm int

Returns

TlsNullCipher

CreateSM4Engine() 

protected virtual IBlockCipher CreateSM4Engine()

Returns

IBlockCipher

CreateSecret(byte[])

Create a TlsSecret object based on provided data.

public override TlsSecret CreateSecret(byte[] data)

Parameters

data byte[]

the data to base the TlsSecret on.

Returns

TlsSecret

a TlsSecret based on the provided data.

CreateSeedEngine() 

protected virtual IBlockCipher CreateSeedEngine()

Returns

IBlockCipher

CreateSrp6Client(TlsSrpConfig)

Create an SRP-6 client.

public override TlsSrp6Client CreateSrp6Client(TlsSrpConfig srpConfig)

Parameters

srpConfig TlsSrpConfig

client config.

Returns

TlsSrp6Client

an initialised SRP6 client object.

CreateSrp6Server(TlsSrpConfig, BigInteger)

Create an SRP-6 server.

public override TlsSrp6Server CreateSrp6Server(TlsSrpConfig srpConfig, BigInteger srpVerifier)

Parameters

srpConfig TlsSrpConfig

server config.

srpVerifier BigInteger

the SRP6 verifier value.

Returns

TlsSrp6Server

an initialised SRP6 server object.

CreateSrp6VerifierGenerator(TlsSrpConfig)

Create an SRP-6 verifier generator.

public override TlsSrp6VerifierGenerator CreateSrp6VerifierGenerator(TlsSrpConfig srpConfig)

Parameters

srpConfig TlsSrpConfig

generator config.

Returns

TlsSrp6VerifierGenerator

an initialized SRP6 verifier generator.

GenerateRsaPreMasterSecret(ProtocolVersion)

Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret

public override TlsSecret GenerateRsaPreMasterSecret(ProtocolVersion version)

Parameters

version ProtocolVersion

Returns

TlsSecret

a TlsSecret containing the PreMasterSecret.

HasAnyStreamVerifiers(IList<SignatureAndHashAlgorithm>)

Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.

public override bool HasAnyStreamVerifiers(IList<SignatureAndHashAlgorithm> signatureAndHashAlgorithms)

Parameters

signatureAndHashAlgorithms IList<SignatureAndHashAlgorithm>

A list of SignatureAndHashAlgorithm values.

Returns

bool

true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

Remarks

This method is only relevant to handshakes negotiating (D)TLS 1.2.

HasAnyStreamVerifiersLegacy(short[])

Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.

public override bool HasAnyStreamVerifiersLegacy(short[] clientCertificateTypes)

Parameters

clientCertificateTypes short[]

An array of ClientCertificateType values.

Returns

bool

true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

Remarks

This method is only relevant to handshakes negotiating (D)TLS versions older than 1.2.

HasCryptoHashAlgorithm(int)

Return true if this TlsCrypto can support the passed in hash algorithm.

public override bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the algorithm of interest.

Returns

bool

true if cryptoHashAlgorithm is supported, false otherwise.

HasCryptoSignatureAlgorithm(int)

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

public override bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)

Parameters

cryptoSignatureAlgorithm int

the algorithm of interest.

Returns

bool

true if cryptoSignatureAlgorithm is supported, false otherwise.

HasDHAgreement()

Return true if this TlsCrypto can support DH key agreement.

public override bool HasDHAgreement()

Returns

bool

true if this instance can support DH key agreement, false otherwise.

HasECDHAgreement()

Return true if this TlsCrypto can support ECDH key agreement.

public override bool HasECDHAgreement()

Returns

bool

true if this instance can support ECDH key agreement, false otherwise.

HasEncryptionAlgorithm(int)

Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.

public override bool HasEncryptionAlgorithm(int encryptionAlgorithm)

Parameters

encryptionAlgorithm int

the algorithm of interest.

Returns

bool

true if encryptionAlgorithm is supported, false otherwise.

HasHkdfAlgorithm(int)

Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.

public override bool HasHkdfAlgorithm(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the algorithm of interest.

Returns

bool

true if HKDF is supported with cryptoHashAlgorithm, false otherwise.

HasKemAgreement()

Return true if this TlsCrypto can support KEM key agreement.

public override bool HasKemAgreement()

Returns

bool

true if this instance can support KEM key agreement, false otherwise.

HasMacAlgorithm(int)

Return true if this TlsCrypto can support the passed in MAC algorithm.

public override bool HasMacAlgorithm(int macAlgorithm)

Parameters

macAlgorithm int

the algorithm of interest.

Returns

bool

true if macAlgorithm is supported, false otherwise.

HasNamedGroup(int)

Return true if this TlsCrypto supports the passed in named group value.

public override bool HasNamedGroup(int namedGroup)

Parameters

namedGroup int

Returns

bool

true if this instance supports the passed in named group value.

HasRsaEncryption()

Return true if this TlsCrypto can support RSA encryption/decryption.

public override bool HasRsaEncryption()

Returns

bool

true if this instance can support RSA encryption/decryption, false otherwise.

HasSignatureAlgorithm(short)

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

public override bool HasSignatureAlgorithm(short signatureAlgorithm)

Parameters

signatureAlgorithm short

Returns

bool

true if signatureAlgorithm is supported, false otherwise.

HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm)

Return true if this TlsCrypto can support the passed in signature algorithm.

public override bool HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)

Parameters

sigAndHashAlgorithm SignatureAndHashAlgorithm

the algorithm of interest.

Returns

bool

true if sigAndHashAlgorithm is supported, false otherwise.

HasSignatureScheme(int)

Return true if this TlsCrypto can support the passed in signature scheme.

public override bool HasSignatureScheme(int signatureScheme)

Parameters

signatureScheme int

the scheme of interest.

Returns

bool

true if signatureScheme is supported, false otherwise.

HasSrpAuthentication()

Return true if this TlsCrypto can support SRP authentication.

public override bool HasSrpAuthentication()

Returns

bool

true if this instance can support SRP authentication, false otherwise.

HkdfInit(int)

Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.

public override TlsSecret HkdfInit(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

Returns

TlsSecret