diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-04-21 20:46:29 +0700 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-04-21 20:46:29 +0700 |
commit | 8ccb6119a3bf1e1dcf57a3439c94f59d14d61774 (patch) | |
tree | d56ae79542a526b14a06b7df661a1ef9f70f8619 /crypto/src | |
parent | Refactoring (diff) | |
download | BouncyCastle.NET-ed25519-8ccb6119a3bf1e1dcf57a3439c94f59d14d61774.tar.xz |
Add HasHkdfAlgorithm method and use in test
Diffstat (limited to 'crypto/src')
-rw-r--r-- | crypto/src/tls/crypto/TlsCrypto.cs | 23 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs | 8 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs | 72 |
3 files changed, 62 insertions, 41 deletions
diff --git a/crypto/src/tls/crypto/TlsCrypto.cs b/crypto/src/tls/crypto/TlsCrypto.cs index bd003aefa..4dab6bc57 100644 --- a/crypto/src/tls/crypto/TlsCrypto.cs +++ b/crypto/src/tls/crypto/TlsCrypto.cs @@ -16,6 +16,17 @@ namespace Org.BouncyCastle.Tls.Crypto /// false otherwise.</returns> bool HasAllRawSignatureAlgorithms(); + /// <summary>Return true if this TlsCrypto can support the passed in hash algorithm.</summary> + /// <param name="cryptoHashAlgorithm">the algorithm of interest.</param> + /// <returns>true if cryptoHashAlgorithm is supported, false otherwise.</returns> + bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm); + + /// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in + /// combination with EVERY hash algorithm).</summary> + /// <param name="cryptoSignatureAlgorithm">the algorithm of interest.</param> + /// <returns>true if cryptoSignatureAlgorithm is supported, false otherwise.</returns> + bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm); + /// <summary>Return true if this TlsCrypto can support DH key agreement.</summary> /// <returns>true if this instance can support DH key agreement, false otherwise.</returns> bool HasDHAgreement(); @@ -30,16 +41,10 @@ namespace Org.BouncyCastle.Tls.Crypto /// <returns>true if encryptionAlgorithm is supported, false otherwise.</returns> bool HasEncryptionAlgorithm(int encryptionAlgorithm); - /// <summary>Return true if this TlsCrypto can support the passed in hash algorithm.</summary> + /// <summary>Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.</summary> /// <param name="cryptoHashAlgorithm">the algorithm of interest.</param> - /// <returns>true if cryptoHashAlgorithm is supported, false otherwise.</returns> - bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm); - - /// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in - /// combination with EVERY hash algorithm).</summary> - /// <param name="cryptoSignatureAlgorithm">the algorithm of interest.</param> - /// <returns>true if cryptoSignatureAlgorithm is supported, false otherwise.</returns> - bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm); + /// <returns>true if HKDF is supported with cryptoHashAlgorithm, false otherwise.</returns> + bool HasHkdfAlgorithm(int cryptoHashAlgorithm); /// <summary>Return true if this TlsCrypto can support the passed in MAC algorithm.</summary> /// <param name="macAlgorithm">the algorithm of interest.</param> diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs index 0a634fffe..39d86c241 100644 --- a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs +++ b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs @@ -14,15 +14,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl { public abstract bool HasAllRawSignatureAlgorithms(); + public abstract bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm); + + public abstract bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm); + public abstract bool HasDHAgreement(); public abstract bool HasECDHAgreement(); public abstract bool HasEncryptionAlgorithm(int encryptionAlgorithm); - public abstract bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm); - - public abstract bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm); + public abstract bool HasHkdfAlgorithm(int cryptoHashAlgorithm); public abstract bool HasMacAlgorithm(int macAlgorithm); diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs index 59a3a25ed..a56835105 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs @@ -155,35 +155,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC public override bool HasAllRawSignatureAlgorithms() { // TODO[RFC 8422] Revisit the need to buffer the handshake for "Intrinsic" hash signatures - return !HasSignatureAlgorithm(SignatureAlgorithm.ed25519) - && !HasSignatureAlgorithm(SignatureAlgorithm.ed448); - } - - public override bool HasDHAgreement() - { - return true; - } - - public override bool HasECDHAgreement() - { - return true; - } - - public override bool HasEncryptionAlgorithm(int encryptionAlgorithm) - { - switch (encryptionAlgorithm) - { - case EncryptionAlgorithm.DES40_CBC: - case EncryptionAlgorithm.DES_CBC: - case EncryptionAlgorithm.IDEA_CBC: - case EncryptionAlgorithm.RC2_CBC_40: - case EncryptionAlgorithm.RC4_128: - case EncryptionAlgorithm.RC4_40: - return false; - - default: - return true; - } + return false; } public override bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm) @@ -233,6 +205,48 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC } } + public override bool HasDHAgreement() + { + return true; + } + + public override bool HasECDHAgreement() + { + return true; + } + + public override bool HasEncryptionAlgorithm(int encryptionAlgorithm) + { + switch (encryptionAlgorithm) + { + case EncryptionAlgorithm.DES40_CBC: + case EncryptionAlgorithm.DES_CBC: + case EncryptionAlgorithm.IDEA_CBC: + case EncryptionAlgorithm.RC2_CBC_40: + case EncryptionAlgorithm.RC4_128: + case EncryptionAlgorithm.RC4_40: + return false; + + default: + return true; + } + } + + public override bool HasHkdfAlgorithm(int cryptoHashAlgorithm) + { + switch (cryptoHashAlgorithm) + { + case CryptoHashAlgorithm.sha256: + case CryptoHashAlgorithm.sha384: + case CryptoHashAlgorithm.sha512: + case CryptoHashAlgorithm.sm3: + return true; + + default: + return false; + } + } + public override bool HasMacAlgorithm(int macAlgorithm) { switch (macAlgorithm) |