diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-07-13 23:11:07 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-07-13 23:11:07 +0700 |
| commit | 985b2b8c511fe7b6430161f04278a4c0c3c89754 (patch) | |
| tree | 842a9aefad5511592a315bb7ad5edc5b10675e7e | |
| parent | Some methods towards GMSSL support (diff) | |
| download | BouncyCastle.NET-ed25519-985b2b8c511fe7b6430161f04278a4c0c3c89754.tar.xz | |
Refactoring around TlsEncryptor
| -rw-r--r-- | crypto/BouncyCastle.Android.csproj | 2 | ||||
| -rw-r--r-- | crypto/BouncyCastle.csproj | 2 | ||||
| -rw-r--r-- | crypto/BouncyCastle.iOS.csproj | 2 | ||||
| -rw-r--r-- | crypto/crypto.csproj | 10 | ||||
| -rw-r--r-- | crypto/src/tls/TlsRsaUtilities.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/TlsCertificate.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/TlsEncryptor.cs (renamed from crypto/src/tls/crypto/impl/TlsEncryptor.cs) | 4 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/TlsSecret.cs | 5 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/AbstractTlsSecret.cs | 4 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs | 23 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs | 13 |
12 files changed, 47 insertions, 36 deletions
diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj index 575c753ea..f8d4fa890 100644 --- a/crypto/BouncyCastle.Android.csproj +++ b/crypto/BouncyCastle.Android.csproj @@ -1652,7 +1652,6 @@ <Compile Include="src\tls\crypto\impl\TlsAeadCipherImpl.cs" /> <Compile Include="src\tls\crypto\impl\TlsBlockCipher.cs" /> <Compile Include="src\tls\crypto\impl\TlsBlockCipherImpl.cs" /> - <Compile Include="src\tls\crypto\impl\TlsEncryptor.cs" /> <Compile Include="src\tls\crypto\impl\TlsImplUtilities.cs" /> <Compile Include="src\tls\crypto\impl\TlsNullCipher.cs" /> <Compile Include="src\tls\crypto\impl\TlsSuiteHmac.cs" /> @@ -1673,6 +1672,7 @@ <Compile Include="src\tls\crypto\TlsECConfig.cs" /> <Compile Include="src\tls\crypto\TlsECDomain.cs" /> <Compile Include="src\tls\crypto\TlsEncodeResult.cs" /> + <Compile Include="src\tls\crypto\TlsEncryptor.cs" /> <Compile Include="src\tls\crypto\TlsHash.cs" /> <Compile Include="src\tls\crypto\TlsHashSink.cs" /> <Compile Include="src\tls\crypto\TlsHmac.cs" /> diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj index f972a7694..90c686996 100644 --- a/crypto/BouncyCastle.csproj +++ b/crypto/BouncyCastle.csproj @@ -1646,7 +1646,6 @@ <Compile Include="src\tls\crypto\impl\TlsAeadCipherImpl.cs" /> <Compile Include="src\tls\crypto\impl\TlsBlockCipher.cs" /> <Compile Include="src\tls\crypto\impl\TlsBlockCipherImpl.cs" /> - <Compile Include="src\tls\crypto\impl\TlsEncryptor.cs" /> <Compile Include="src\tls\crypto\impl\TlsImplUtilities.cs" /> <Compile Include="src\tls\crypto\impl\TlsNullCipher.cs" /> <Compile Include="src\tls\crypto\impl\TlsSuiteHmac.cs" /> @@ -1667,6 +1666,7 @@ <Compile Include="src\tls\crypto\TlsECConfig.cs" /> <Compile Include="src\tls\crypto\TlsECDomain.cs" /> <Compile Include="src\tls\crypto\TlsEncodeResult.cs" /> + <Compile Include="src\tls\crypto\TlsEncryptor.cs" /> <Compile Include="src\tls\crypto\TlsHash.cs" /> <Compile Include="src\tls\crypto\TlsHashSink.cs" /> <Compile Include="src\tls\crypto\TlsHmac.cs" /> diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj index 682b74d5e..70e241004 100644 --- a/crypto/BouncyCastle.iOS.csproj +++ b/crypto/BouncyCastle.iOS.csproj @@ -1647,7 +1647,6 @@ <Compile Include="src\tls\crypto\impl\TlsAeadCipherImpl.cs" /> <Compile Include="src\tls\crypto\impl\TlsBlockCipher.cs" /> <Compile Include="src\tls\crypto\impl\TlsBlockCipherImpl.cs" /> - <Compile Include="src\tls\crypto\impl\TlsEncryptor.cs" /> <Compile Include="src\tls\crypto\impl\TlsImplUtilities.cs" /> <Compile Include="src\tls\crypto\impl\TlsNullCipher.cs" /> <Compile Include="src\tls\crypto\impl\TlsSuiteHmac.cs" /> @@ -1668,6 +1667,7 @@ <Compile Include="src\tls\crypto\TlsECConfig.cs" /> <Compile Include="src\tls\crypto\TlsECDomain.cs" /> <Compile Include="src\tls\crypto\TlsEncodeResult.cs" /> + <Compile Include="src\tls\crypto\TlsEncryptor.cs" /> <Compile Include="src\tls\crypto\TlsHash.cs" /> <Compile Include="src\tls\crypto\TlsHashSink.cs" /> <Compile Include="src\tls\crypto\TlsHmac.cs" /> diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index 97fcb3a5b..62d523e33 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -8119,11 +8119,6 @@ BuildAction = "Compile" /> <File - RelPath = "src\tls\crypto\impl\TlsEncryptor.cs" - SubType = "Code" - BuildAction = "Compile" - /> - <File RelPath = "src\tls\crypto\impl\TlsImplUtilities.cs" SubType = "Code" BuildAction = "Compile" @@ -8224,6 +8219,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\tls\crypto\TlsEncryptor.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\tls\crypto\TlsHash.cs" SubType = "Code" BuildAction = "Compile" diff --git a/crypto/src/tls/TlsRsaUtilities.cs b/crypto/src/tls/TlsRsaUtilities.cs index d520d3ea2..065279528 100644 --- a/crypto/src/tls/TlsRsaUtilities.cs +++ b/crypto/src/tls/TlsRsaUtilities.cs @@ -5,7 +5,7 @@ using Org.BouncyCastle.Tls.Crypto; namespace Org.BouncyCastle.Tls { - /// <summary>RSA Utility methods.</summary> + /// <summary>RSA utility methods.</summary> public abstract class TlsRsaUtilities { /// <summary>Generate a pre_master_secret and send it encrypted to the server.</summary> @@ -15,7 +15,9 @@ namespace Org.BouncyCastle.Tls { TlsSecret preMasterSecret = context.Crypto.GenerateRsaPreMasterSecret(context.RsaPreMasterSecretVersion); - byte[] encryptedPreMasterSecret = preMasterSecret.Encrypt(certificate); + TlsEncryptor encryptor = certificate.CreateEncryptor(TlsCertificateRole.RsaEncryption); + + byte[] encryptedPreMasterSecret = preMasterSecret.Encrypt(encryptor); TlsUtilities.WriteEncryptedPms(context, encryptedPreMasterSecret, output); return preMasterSecret; diff --git a/crypto/src/tls/crypto/TlsCertificate.cs b/crypto/src/tls/crypto/TlsCertificate.cs index 7bd8e0359..b9efe37b3 100644 --- a/crypto/src/tls/crypto/TlsCertificate.cs +++ b/crypto/src/tls/crypto/TlsCertificate.cs @@ -9,6 +9,12 @@ namespace Org.BouncyCastle.Tls.Crypto /// <summary>Interface providing the functional representation of a single X.509 certificate.</summary> public interface TlsCertificate { + /// <summary>Return an encryptor based on the public key in this certificate.</summary> + /// <param name="tlsCertificateRole"><see cref="TlsCertificateRole"/></param> + /// <returns>a <see cref="TlsEncryptor"/> based on this certificate's public key.</returns> + /// <exception cref="IOException"/> + TlsEncryptor CreateEncryptor(int tlsCertificateRole); + /// <param name="signatureAlgorithm"><see cref="SignatureAlgorithm"/></param> /// <exception cref="IOException"/> TlsVerifier CreateVerifier(short signatureAlgorithm); diff --git a/crypto/src/tls/crypto/impl/TlsEncryptor.cs b/crypto/src/tls/crypto/TlsEncryptor.cs index 6e4ef0c44..53f1973fd 100644 --- a/crypto/src/tls/crypto/impl/TlsEncryptor.cs +++ b/crypto/src/tls/crypto/TlsEncryptor.cs @@ -1,9 +1,9 @@ using System; using System.IO; -namespace Org.BouncyCastle.Tls.Crypto.Impl +namespace Org.BouncyCastle.Tls.Crypto { - /// <summary>Base interface for an encryptor based on a public key.</summary> + /// <summary>Base interface for an encryptor.</summary> public interface TlsEncryptor { /// <summary>Encrypt data from the passed in input array.</summary> diff --git a/crypto/src/tls/crypto/TlsSecret.cs b/crypto/src/tls/crypto/TlsSecret.cs index 9b092fc40..0499d37c3 100644 --- a/crypto/src/tls/crypto/TlsSecret.cs +++ b/crypto/src/tls/crypto/TlsSecret.cs @@ -23,11 +23,10 @@ namespace Org.BouncyCastle.Tls.Crypto void Destroy(); /// <summary>Return an encrypted copy of the data this secret is based on.</summary> - /// <param name="certificate">the certificate containing the public key to use for protecting the internal - /// data.</param> + /// <param name="encryptor">the encryptor to use for protecting the internal data.</param> /// <returns>an encrypted copy of this secret's internal data.</returns> /// <exception cref="IOException"/> - byte[] Encrypt(TlsCertificate certificate); + byte[] Encrypt(TlsEncryptor encryptor); /// <summary>Return the internal data from this secret.</summary> /// <remarks> diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs index f0b2b03f6..0a634fffe 100644 --- a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs +++ b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs @@ -80,11 +80,5 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl public abstract TlsSrp6VerifierGenerator CreateSrp6VerifierGenerator(TlsSrpConfig srpConfig); public abstract TlsSecret HkdfInit(int cryptoHashAlgorithm); - - /// <summary>Return an encryptor based on the public key in certificate.</summary> - /// <param name="certificate">the certificate carrying the public key.</param> - /// <returns>a <see cref="TlsEncryptor"/> based on the certificate's public key.</returns> - /// <exception cref="IOException"/> - public abstract TlsEncryptor CreateEncryptor(TlsCertificate certificate); } } diff --git a/crypto/src/tls/crypto/impl/AbstractTlsSecret.cs b/crypto/src/tls/crypto/impl/AbstractTlsSecret.cs index 634b86732..e8298193f 100644 --- a/crypto/src/tls/crypto/impl/AbstractTlsSecret.cs +++ b/crypto/src/tls/crypto/impl/AbstractTlsSecret.cs @@ -42,13 +42,13 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } /// <exception cref="IOException"/> - public virtual byte[] Encrypt(TlsCertificate certificate) + public virtual byte[] Encrypt(TlsEncryptor encryptor) { lock (this) { CheckAlive(); - return Crypto.CreateEncryptor(certificate).Encrypt(m_data, 0, m_data.Length); + return encryptor.Encrypt(m_data, 0, m_data.Length); } } diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs index e1243087d..2f331a166 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs @@ -59,6 +59,29 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC } /// <exception cref="IOException"/> + public virtual TlsEncryptor CreateEncryptor(int tlsCertificateRole) + { + ValidateKeyUsage(KeyUsage.KeyEncipherment); + + switch (tlsCertificateRole) + { + case TlsCertificateRole.RsaEncryption: + { + this.m_pubKeyRsa = GetPubKeyRsa(); + return new BcTlsRsaEncryptor(m_crypto, m_pubKeyRsa); + } + // TODO[gmssl] + //case TlsCertificateRole.Sm2Encryption: + //{ + // this.m_pubKeyEC = GetPubKeyEC(); + // return new BcTlsSM2Encryptor(m_crypto, m_pubKeyEC); + //} + } + + throw new TlsFatalAlert(AlertDescription.certificate_unknown); + } + + /// <exception cref="IOException"/> public virtual TlsVerifier CreateVerifier(short signatureAlgorithm) { switch (signatureAlgorithm) diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs index aa9985ed9..69e353bae 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs @@ -1,11 +1,8 @@ using System; -using System.IO; -using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Agreement.Srp; using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Encodings; using Org.BouncyCastle.Crypto.Engines; using Org.BouncyCastle.Crypto.Macs; using Org.BouncyCastle.Crypto.Modes; @@ -140,16 +137,6 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC } } - public override TlsEncryptor CreateEncryptor(TlsCertificate certificate) - { - BcTlsCertificate bcCert = BcTlsCertificate.Convert(this, certificate); - bcCert.ValidateKeyUsage(KeyUsage.KeyEncipherment); - - RsaKeyParameters pubKeyRsa = bcCert.GetPubKeyRsa(); - - return new BcTlsRsaEncryptor(this, pubKeyRsa); - } - public override TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial) { IDigest digest = CreateDigest(CryptoHashAlgorithm.sha256); |