Table of Contents

Interface TlsCrypto

Namespace
Org.BouncyCastle.Tls.Crypto
Assembly
BouncyCastle.Cryptography.dll

Service and object creation interface for the primitive types and services that are associated with cryptography in the API.

public interface TlsCrypto

Properties

SecureRandom

Return the primary (safest) SecureRandom for this crypto.

SecureRandom SecureRandom { get; }

Property Value

SecureRandom

a SecureRandom suitable for key generation.

Methods

AdoptSecret(TlsSecret)

Adopt the passed in secret, creating a new copy of it.

TlsSecret AdoptSecret(TlsSecret secret)

Parameters

secret TlsSecret

the secret to make a copy of.

Returns

TlsSecret

a TlsSecret based on the original secret.

CreateCertificate(byte[])

Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.

TlsCertificate CreateCertificate(byte[] encoding)

Parameters

encoding byte[]

DER/BER encoding of the certificate of interest.

Returns

TlsCertificate

a TlsCertificate.

Exceptions

IOException

if there is an issue on decoding or constructing the certificate.

CreateCertificate(short, byte[])

Create a TlsCertificate from an ASN.1 binary encoding of a certificate.

TlsCertificate CreateCertificate(short type, byte[] encoding)

Parameters

type short

Certificate type as per IANA TLS Certificate Types registry.

encoding byte[]

DER/BER encoding of the certificate of interest.

Returns

TlsCertificate

a TlsCertificate.

Exceptions

IOException

if there is an issue on decoding or constructing the certificate.

CreateCipher(TlsCryptoParameters, int, int)

Create a cipher for the specified encryption and MAC algorithms.

TlsCipher CreateCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm)

Parameters

cryptoParams TlsCryptoParameters

context specific parameters.

encryptionAlgorithm int

the encryption algorithm to be employed by the cipher.

macAlgorithm int

the MAC algorithm to be employed by the cipher.

Returns

TlsCipher

a TlsCipher implementing the encryption and MAC algorithms.

Remarks

See enumeration classes EncryptionAlgorithm, MacAlgorithm for appropriate argument values.

Exceptions

IOException

CreateDHDomain(TlsDHConfig)

Create a domain object supporting the domain parameters described in dhConfig.

TlsDHDomain CreateDHDomain(TlsDHConfig dhConfig)

Parameters

dhConfig TlsDHConfig

the config describing the DH parameters to use.

Returns

TlsDHDomain

a TlsDHDomain supporting the parameters in dhConfig.

CreateECDomain(TlsECConfig)

Create a domain object supporting the domain parameters described in ecConfig.

TlsECDomain CreateECDomain(TlsECConfig ecConfig)

Parameters

ecConfig TlsECConfig

the config describing the EC parameters to use.

Returns

TlsECDomain

a TlsECDomain supporting the parameters in ecConfig.

CreateHash(int)

Create a suitable hash for the hash algorithm identifier passed in.

TlsHash CreateHash(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm the hash needs to implement.

Returns

TlsHash

a TlsHash.

Remarks

See enumeration class CryptoHashAlgorithm for appropriate argument values.

CreateHmac(int)

Create a suitable HMAC for the MAC algorithm identifier passed in.

TlsHmac CreateHmac(int macAlgorithm)

Parameters

macAlgorithm int

the MAC algorithm the HMAC needs to match.

Returns

TlsHmac

a TlsHmac.

Remarks

See enumeration class MacAlgorithm for appropriate argument values.

CreateHmacForHash(int)

Create a suitable HMAC using the hash algorithm identifier passed in.

TlsHmac CreateHmacForHash(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm the HMAC should use.

Returns

TlsHmac

a TlsHmac.

Remarks

See enumeration class CryptoHashAlgorithm for appropriate argument values.

CreateKemDomain(TlsKemConfig)

Create a domain object supporting the domain parameters described in kemConfig.

TlsKemDomain CreateKemDomain(TlsKemConfig kemConfig)

Parameters

kemConfig TlsKemConfig

the config describing the KEM parameters to use.

Returns

TlsKemDomain

a TlsKemDomain supporting the parameters in kemConfig.

CreateNonceGenerator(byte[])

Create a nonce generator.

TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial)

Parameters

additionalSeedMaterial byte[]

context-specific seed material

Returns

TlsNonceGenerator

a TlsNonceGenerator.

Remarks

Each call should construct a new generator, and the generator should be returned from this call only after automatically seeding from this TlsCrypto's entropy source, and from the provided additional seed material. The output of each returned generator must be completely independent of the others.

CreateNonceGenerator(ReadOnlySpan<byte>) 

TlsNonceGenerator CreateNonceGenerator(ReadOnlySpan<byte> additionalSeedMaterial)

Parameters

additionalSeedMaterial ReadOnlySpan<byte>

Returns

TlsNonceGenerator

CreateSecret(byte[])

Create a TlsSecret object based on provided data.

TlsSecret CreateSecret(byte[] data)

Parameters

data byte[]

the data to base the TlsSecret on.

Returns

TlsSecret

a TlsSecret based on the provided data.

CreateSrp6Client(TlsSrpConfig)

Create an SRP-6 client.

TlsSrp6Client CreateSrp6Client(TlsSrpConfig srpConfig)

Parameters

srpConfig TlsSrpConfig

client config.

Returns

TlsSrp6Client

an initialised SRP6 client object.

CreateSrp6Server(TlsSrpConfig, BigInteger)

Create an SRP-6 server.

TlsSrp6Server CreateSrp6Server(TlsSrpConfig srpConfig, BigInteger srpVerifier)

Parameters

srpConfig TlsSrpConfig

server config.

srpVerifier BigInteger

the SRP6 verifier value.

Returns

TlsSrp6Server

an initialised SRP6 server object.

CreateSrp6VerifierGenerator(TlsSrpConfig)

Create an SRP-6 verifier generator.

TlsSrp6VerifierGenerator CreateSrp6VerifierGenerator(TlsSrpConfig srpConfig)

Parameters

srpConfig TlsSrpConfig

generator config.

Returns

TlsSrp6VerifierGenerator

an initialized SRP6 verifier generator.

GenerateRsaPreMasterSecret(ProtocolVersion)

Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret

TlsSecret GenerateRsaPreMasterSecret(ProtocolVersion clientVersion)

Parameters

clientVersion ProtocolVersion

the client version to place in the first 2 bytes

Returns

TlsSecret

a TlsSecret containing the PreMasterSecret.

HasAnyStreamVerifiers(IList<SignatureAndHashAlgorithm>)

Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.

bool HasAnyStreamVerifiers(IList<SignatureAndHashAlgorithm> signatureAndHashAlgorithms)

Parameters

signatureAndHashAlgorithms IList<SignatureAndHashAlgorithm>

A list of SignatureAndHashAlgorithm values.

Returns

bool

true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

Remarks

This method is only relevant to handshakes negotiating (D)TLS 1.2.

HasAnyStreamVerifiersLegacy(short[])

Return true if this TlsCrypto would use a stream verifier for any of the passed in algorithms.

bool HasAnyStreamVerifiersLegacy(short[] clientCertificateTypes)

Parameters

clientCertificateTypes short[]

An array of ClientCertificateType values.

Returns

bool

true if this instance would use a stream verifier for any of the passed in algorithms, otherwise false.

Remarks

This method is only relevant to handshakes negotiating (D)TLS versions older than 1.2.

HasCryptoHashAlgorithm(int)

Return true if this TlsCrypto can support the passed in hash algorithm.

bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the algorithm of interest.

Returns

bool

true if cryptoHashAlgorithm is supported, false otherwise.

HasCryptoSignatureAlgorithm(int)

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)

Parameters

cryptoSignatureAlgorithm int

the algorithm of interest.

Returns

bool

true if cryptoSignatureAlgorithm is supported, false otherwise.

HasDHAgreement()

Return true if this TlsCrypto can support DH key agreement.

bool HasDHAgreement()

Returns

bool

true if this instance can support DH key agreement, false otherwise.

HasECDHAgreement()

Return true if this TlsCrypto can support ECDH key agreement.

bool HasECDHAgreement()

Returns

bool

true if this instance can support ECDH key agreement, false otherwise.

HasEncryptionAlgorithm(int)

Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.

bool HasEncryptionAlgorithm(int encryptionAlgorithm)

Parameters

encryptionAlgorithm int

the algorithm of interest.

Returns

bool

true if encryptionAlgorithm is supported, false otherwise.

HasHkdfAlgorithm(int)

Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.

bool HasHkdfAlgorithm(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the algorithm of interest.

Returns

bool

true if HKDF is supported with cryptoHashAlgorithm, false otherwise.

HasKemAgreement()

Return true if this TlsCrypto can support KEM key agreement.

bool HasKemAgreement()

Returns

bool

true if this instance can support KEM key agreement, false otherwise.

HasMacAlgorithm(int)

Return true if this TlsCrypto can support the passed in MAC algorithm.

bool HasMacAlgorithm(int macAlgorithm)

Parameters

macAlgorithm int

the algorithm of interest.

Returns

bool

true if macAlgorithm is supported, false otherwise.

HasNamedGroup(int)

Return true if this TlsCrypto supports the passed in named group value.

bool HasNamedGroup(int namedGroup)

Parameters

namedGroup int

Returns

bool

true if this instance supports the passed in named group value.

HasRsaEncryption()

Return true if this TlsCrypto can support RSA encryption/decryption.

bool HasRsaEncryption()

Returns

bool

true if this instance can support RSA encryption/decryption, false otherwise.

HasSignatureAlgorithm(short)

Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in combination with EVERY hash algorithm).

bool HasSignatureAlgorithm(short signatureAlgorithm)

Parameters

signatureAlgorithm short

Returns

bool

true if signatureAlgorithm is supported, false otherwise.

HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm)

Return true if this TlsCrypto can support the passed in signature algorithm.

bool HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm)

Parameters

sigAndHashAlgorithm SignatureAndHashAlgorithm

the algorithm of interest.

Returns

bool

true if sigAndHashAlgorithm is supported, false otherwise.

HasSignatureScheme(int)

Return true if this TlsCrypto can support the passed in signature scheme.

bool HasSignatureScheme(int signatureScheme)

Parameters

signatureScheme int

the scheme of interest.

Returns

bool

true if signatureScheme is supported, false otherwise.

HasSrpAuthentication()

Return true if this TlsCrypto can support SRP authentication.

bool HasSrpAuthentication()

Returns

bool

true if this instance can support SRP authentication, false otherwise.

HkdfInit(int)

Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen zeroes.

TlsSecret HkdfInit(int cryptoHashAlgorithm)

Parameters

cryptoHashAlgorithm int

the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

Returns

TlsSecret