Add HasHkdfAlgorithm method and use in test

4 files changed, 65 insertions, 41 deletions

diff --git a/crypto/src/tls/crypto/TlsCrypto.cs b/crypto/src/tls/crypto/TlsCrypto.cs
index bd003aefa..4dab6bc57 100644
--- a/crypto/src/tls/crypto/TlsCrypto.cs
+++ b/crypto/src/tls/crypto/TlsCrypto.cs
@@ -16,6 +16,17 @@ namespace Org.BouncyCastle.Tls.Crypto
         /// false otherwise.</returns>
         bool HasAllRawSignatureAlgorithms();
 
+        /// <summary>Return true if this TlsCrypto can support the passed in hash algorithm.</summary>
+        /// <param name="cryptoHashAlgorithm">the algorithm of interest.</param>
+        /// <returns>true if cryptoHashAlgorithm is supported, false otherwise.</returns>
+        bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm);
+
+        /// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in
+        /// combination with EVERY hash algorithm).</summary>
+        /// <param name="cryptoSignatureAlgorithm">the algorithm of interest.</param>
+        /// <returns>true if cryptoSignatureAlgorithm is supported, false otherwise.</returns>
+        bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm);
+
         /// <summary>Return true if this TlsCrypto can support DH key agreement.</summary>
         /// <returns>true if this instance can support DH key agreement, false otherwise.</returns>
         bool HasDHAgreement();
@@ -30,16 +41,10 @@ namespace Org.BouncyCastle.Tls.Crypto
         /// <returns>true if encryptionAlgorithm is supported, false otherwise.</returns>
         bool HasEncryptionAlgorithm(int encryptionAlgorithm);
 
-        /// <summary>Return true if this TlsCrypto can support the passed in hash algorithm.</summary>
+        /// <summary>Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.</summary>
         /// <param name="cryptoHashAlgorithm">the algorithm of interest.</param>
-        /// <returns>true if cryptoHashAlgorithm is supported, false otherwise.</returns>
-        bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm);
-
-        /// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in
-        /// combination with EVERY hash algorithm).</summary>
-        /// <param name="cryptoSignatureAlgorithm">the algorithm of interest.</param>
-        /// <returns>true if cryptoSignatureAlgorithm is supported, false otherwise.</returns>
-        bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm);
+        /// <returns>true if HKDF is supported with cryptoHashAlgorithm, false otherwise.</returns>
+        bool HasHkdfAlgorithm(int cryptoHashAlgorithm);
 
         /// <summary>Return true if this TlsCrypto can support the passed in MAC algorithm.</summary>
         /// <param name="macAlgorithm">the algorithm of interest.</param>
diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs
index 0a634fffe..39d86c241 100644
--- a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs
+++ b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs
@@ -14,15 +14,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl
     {
         public abstract bool HasAllRawSignatureAlgorithms();
 
+        public abstract bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm);
+
+        public abstract bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm);
+
         public abstract bool HasDHAgreement();
 
         public abstract bool HasECDHAgreement();
 
         public abstract bool HasEncryptionAlgorithm(int encryptionAlgorithm);
 
-        public abstract bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm);
-
-        public abstract bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm);
+        public abstract bool HasHkdfAlgorithm(int cryptoHashAlgorithm);
 
         public abstract bool HasMacAlgorithm(int macAlgorithm);
 
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
index 59a3a25ed..a56835105 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs
@@ -155,35 +155,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
         public override bool HasAllRawSignatureAlgorithms()
         {
             // TODO[RFC 8422] Revisit the need to buffer the handshake for "Intrinsic" hash signatures
-            return !HasSignatureAlgorithm(SignatureAlgorithm.ed25519)
-                && !HasSignatureAlgorithm(SignatureAlgorithm.ed448);
-        }
-
-        public override bool HasDHAgreement()
-        {
-            return true;
-        }
-
-        public override bool HasECDHAgreement()
-        {
-            return true;
-        }
-
-        public override bool HasEncryptionAlgorithm(int encryptionAlgorithm)
-        {
-            switch (encryptionAlgorithm)
-            {
-            case EncryptionAlgorithm.DES40_CBC:
-            case EncryptionAlgorithm.DES_CBC:
-            case EncryptionAlgorithm.IDEA_CBC:
-            case EncryptionAlgorithm.RC2_CBC_40:
-            case EncryptionAlgorithm.RC4_128:
-            case EncryptionAlgorithm.RC4_40:
-                return false;
-
-            default:
-                return true;
-            }
+            return false;
         }
 
         public override bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm)
@@ -233,6 +205,48 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
             }
         }
 
+        public override bool HasDHAgreement()
+        {
+            return true;
+        }
+
+        public override bool HasECDHAgreement()
+        {
+            return true;
+        }
+
+        public override bool HasEncryptionAlgorithm(int encryptionAlgorithm)
+        {
+            switch (encryptionAlgorithm)
+            {
+            case EncryptionAlgorithm.DES40_CBC:
+            case EncryptionAlgorithm.DES_CBC:
+            case EncryptionAlgorithm.IDEA_CBC:
+            case EncryptionAlgorithm.RC2_CBC_40:
+            case EncryptionAlgorithm.RC4_128:
+            case EncryptionAlgorithm.RC4_40:
+                return false;
+
+            default:
+                return true;
+            }
+        }
+
+        public override bool HasHkdfAlgorithm(int cryptoHashAlgorithm)
+        {
+            switch (cryptoHashAlgorithm)
+            {
+            case CryptoHashAlgorithm.sha256:
+            case CryptoHashAlgorithm.sha384:
+            case CryptoHashAlgorithm.sha512:
+            case CryptoHashAlgorithm.sm3:
+                return true;
+
+            default:
+                return false;
+            }
+        }
+
         public override bool HasMacAlgorithm(int macAlgorithm)
         {
             switch (macAlgorithm)
diff --git a/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs b/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs
index a274cc5ba..ddbe4c6b8 100644
--- a/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs
+++ b/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs
@@ -408,6 +408,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Tests
             for (int i = 0; i < hashes.Length; ++i)
             {
                 int hash = hashes[i];
+                if (!m_crypto.HasHkdfAlgorithm(hash))
+                    continue;
+
                 int hashLen = TlsCryptoUtilities.GetHashOutputSize(hash);
                 TlsSecret zeros = m_crypto.HkdfInit(hash);