diff options
-rw-r--r-- | crypto/src/tls/crypto/TlsCrypto.cs | 23 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs | 8 | ||||
-rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs | 72 | ||||
-rw-r--r-- | crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs | 3 |
4 files changed, 65 insertions, 41 deletions
diff --git a/crypto/src/tls/crypto/TlsCrypto.cs b/crypto/src/tls/crypto/TlsCrypto.cs index bd003aefa..4dab6bc57 100644 --- a/crypto/src/tls/crypto/TlsCrypto.cs +++ b/crypto/src/tls/crypto/TlsCrypto.cs @@ -16,6 +16,17 @@ namespace Org.BouncyCastle.Tls.Crypto /// false otherwise.</returns> bool HasAllRawSignatureAlgorithms(); + /// <summary>Return true if this TlsCrypto can support the passed in hash algorithm.</summary> + /// <param name="cryptoHashAlgorithm">the algorithm of interest.</param> + /// <returns>true if cryptoHashAlgorithm is supported, false otherwise.</returns> + bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm); + + /// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in + /// combination with EVERY hash algorithm).</summary> + /// <param name="cryptoSignatureAlgorithm">the algorithm of interest.</param> + /// <returns>true if cryptoSignatureAlgorithm is supported, false otherwise.</returns> + bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm); + /// <summary>Return true if this TlsCrypto can support DH key agreement.</summary> /// <returns>true if this instance can support DH key agreement, false otherwise.</returns> bool HasDHAgreement(); @@ -30,16 +41,10 @@ namespace Org.BouncyCastle.Tls.Crypto /// <returns>true if encryptionAlgorithm is supported, false otherwise.</returns> bool HasEncryptionAlgorithm(int encryptionAlgorithm); - /// <summary>Return true if this TlsCrypto can support the passed in hash algorithm.</summary> + /// <summary>Return true if this TlsCrypto can support HKDF with the passed in hash algorithm.</summary> /// <param name="cryptoHashAlgorithm">the algorithm of interest.</param> - /// <returns>true if cryptoHashAlgorithm is supported, false otherwise.</returns> - bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm); - - /// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in - /// combination with EVERY hash algorithm).</summary> - /// <param name="cryptoSignatureAlgorithm">the algorithm of interest.</param> - /// <returns>true if cryptoSignatureAlgorithm is supported, false otherwise.</returns> - bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm); + /// <returns>true if HKDF is supported with cryptoHashAlgorithm, false otherwise.</returns> + bool HasHkdfAlgorithm(int cryptoHashAlgorithm); /// <summary>Return true if this TlsCrypto can support the passed in MAC algorithm.</summary> /// <param name="macAlgorithm">the algorithm of interest.</param> diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs index 0a634fffe..39d86c241 100644 --- a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs +++ b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs @@ -14,15 +14,17 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl { public abstract bool HasAllRawSignatureAlgorithms(); + public abstract bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm); + + public abstract bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm); + public abstract bool HasDHAgreement(); public abstract bool HasECDHAgreement(); public abstract bool HasEncryptionAlgorithm(int encryptionAlgorithm); - public abstract bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm); - - public abstract bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm); + public abstract bool HasHkdfAlgorithm(int cryptoHashAlgorithm); public abstract bool HasMacAlgorithm(int macAlgorithm); diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs index 59a3a25ed..a56835105 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs @@ -155,35 +155,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC public override bool HasAllRawSignatureAlgorithms() { // TODO[RFC 8422] Revisit the need to buffer the handshake for "Intrinsic" hash signatures - return !HasSignatureAlgorithm(SignatureAlgorithm.ed25519) - && !HasSignatureAlgorithm(SignatureAlgorithm.ed448); - } - - public override bool HasDHAgreement() - { - return true; - } - - public override bool HasECDHAgreement() - { - return true; - } - - public override bool HasEncryptionAlgorithm(int encryptionAlgorithm) - { - switch (encryptionAlgorithm) - { - case EncryptionAlgorithm.DES40_CBC: - case EncryptionAlgorithm.DES_CBC: - case EncryptionAlgorithm.IDEA_CBC: - case EncryptionAlgorithm.RC2_CBC_40: - case EncryptionAlgorithm.RC4_128: - case EncryptionAlgorithm.RC4_40: - return false; - - default: - return true; - } + return false; } public override bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm) @@ -233,6 +205,48 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC } } + public override bool HasDHAgreement() + { + return true; + } + + public override bool HasECDHAgreement() + { + return true; + } + + public override bool HasEncryptionAlgorithm(int encryptionAlgorithm) + { + switch (encryptionAlgorithm) + { + case EncryptionAlgorithm.DES40_CBC: + case EncryptionAlgorithm.DES_CBC: + case EncryptionAlgorithm.IDEA_CBC: + case EncryptionAlgorithm.RC2_CBC_40: + case EncryptionAlgorithm.RC4_128: + case EncryptionAlgorithm.RC4_40: + return false; + + default: + return true; + } + } + + public override bool HasHkdfAlgorithm(int cryptoHashAlgorithm) + { + switch (cryptoHashAlgorithm) + { + case CryptoHashAlgorithm.sha256: + case CryptoHashAlgorithm.sha384: + case CryptoHashAlgorithm.sha512: + case CryptoHashAlgorithm.sm3: + return true; + + default: + return false; + } + } + public override bool HasMacAlgorithm(int macAlgorithm) { switch (macAlgorithm) diff --git a/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs b/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs index a274cc5ba..ddbe4c6b8 100644 --- a/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs +++ b/crypto/test/src/tls/crypto/test/BcTlsCryptoTest.cs @@ -408,6 +408,9 @@ namespace Org.BouncyCastle.Tls.Crypto.Tests for (int i = 0; i < hashes.Length; ++i) { int hash = hashes[i]; + if (!m_crypto.HasHkdfAlgorithm(hash)) + continue; + int hashLen = TlsCryptoUtilities.GetHashOutputSize(hash); TlsSecret zeros = m_crypto.HkdfInit(hash); |