diff options
Diffstat (limited to 'crypto/src/tls')
| -rw-r--r-- | crypto/src/tls/TlsRsaUtilities.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/TlsCertificate.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/TlsEncryptor.cs (renamed from crypto/src/tls/crypto/impl/TlsEncryptor.cs) | 4 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/TlsSecret.cs | 5 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs | 6 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/AbstractTlsSecret.cs | 4 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs | 23 | ||||
| -rw-r--r-- | crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs | 13 |
8 files changed, 39 insertions, 28 deletions
diff --git a/crypto/src/tls/TlsRsaUtilities.cs b/crypto/src/tls/TlsRsaUtilities.cs index d520d3ea2..065279528 100644 --- a/crypto/src/tls/TlsRsaUtilities.cs +++ b/crypto/src/tls/TlsRsaUtilities.cs @@ -5,7 +5,7 @@ using Org.BouncyCastle.Tls.Crypto; namespace Org.BouncyCastle.Tls { - /// <summary>RSA Utility methods.</summary> + /// <summary>RSA utility methods.</summary> public abstract class TlsRsaUtilities { /// <summary>Generate a pre_master_secret and send it encrypted to the server.</summary> @@ -15,7 +15,9 @@ namespace Org.BouncyCastle.Tls { TlsSecret preMasterSecret = context.Crypto.GenerateRsaPreMasterSecret(context.RsaPreMasterSecretVersion); - byte[] encryptedPreMasterSecret = preMasterSecret.Encrypt(certificate); + TlsEncryptor encryptor = certificate.CreateEncryptor(TlsCertificateRole.RsaEncryption); + + byte[] encryptedPreMasterSecret = preMasterSecret.Encrypt(encryptor); TlsUtilities.WriteEncryptedPms(context, encryptedPreMasterSecret, output); return preMasterSecret; diff --git a/crypto/src/tls/crypto/TlsCertificate.cs b/crypto/src/tls/crypto/TlsCertificate.cs index 7bd8e0359..b9efe37b3 100644 --- a/crypto/src/tls/crypto/TlsCertificate.cs +++ b/crypto/src/tls/crypto/TlsCertificate.cs @@ -9,6 +9,12 @@ namespace Org.BouncyCastle.Tls.Crypto /// <summary>Interface providing the functional representation of a single X.509 certificate.</summary> public interface TlsCertificate { + /// <summary>Return an encryptor based on the public key in this certificate.</summary> + /// <param name="tlsCertificateRole"><see cref="TlsCertificateRole"/></param> + /// <returns>a <see cref="TlsEncryptor"/> based on this certificate's public key.</returns> + /// <exception cref="IOException"/> + TlsEncryptor CreateEncryptor(int tlsCertificateRole); + /// <param name="signatureAlgorithm"><see cref="SignatureAlgorithm"/></param> /// <exception cref="IOException"/> TlsVerifier CreateVerifier(short signatureAlgorithm); diff --git a/crypto/src/tls/crypto/impl/TlsEncryptor.cs b/crypto/src/tls/crypto/TlsEncryptor.cs index 6e4ef0c44..53f1973fd 100644 --- a/crypto/src/tls/crypto/impl/TlsEncryptor.cs +++ b/crypto/src/tls/crypto/TlsEncryptor.cs @@ -1,9 +1,9 @@ using System; using System.IO; -namespace Org.BouncyCastle.Tls.Crypto.Impl +namespace Org.BouncyCastle.Tls.Crypto { - /// <summary>Base interface for an encryptor based on a public key.</summary> + /// <summary>Base interface for an encryptor.</summary> public interface TlsEncryptor { /// <summary>Encrypt data from the passed in input array.</summary> diff --git a/crypto/src/tls/crypto/TlsSecret.cs b/crypto/src/tls/crypto/TlsSecret.cs index 9b092fc40..0499d37c3 100644 --- a/crypto/src/tls/crypto/TlsSecret.cs +++ b/crypto/src/tls/crypto/TlsSecret.cs @@ -23,11 +23,10 @@ namespace Org.BouncyCastle.Tls.Crypto void Destroy(); /// <summary>Return an encrypted copy of the data this secret is based on.</summary> - /// <param name="certificate">the certificate containing the public key to use for protecting the internal - /// data.</param> + /// <param name="encryptor">the encryptor to use for protecting the internal data.</param> /// <returns>an encrypted copy of this secret's internal data.</returns> /// <exception cref="IOException"/> - byte[] Encrypt(TlsCertificate certificate); + byte[] Encrypt(TlsEncryptor encryptor); /// <summary>Return the internal data from this secret.</summary> /// <remarks> diff --git a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs index f0b2b03f6..0a634fffe 100644 --- a/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs +++ b/crypto/src/tls/crypto/impl/AbstractTlsCrypto.cs @@ -80,11 +80,5 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl public abstract TlsSrp6VerifierGenerator CreateSrp6VerifierGenerator(TlsSrpConfig srpConfig); public abstract TlsSecret HkdfInit(int cryptoHashAlgorithm); - - /// <summary>Return an encryptor based on the public key in certificate.</summary> - /// <param name="certificate">the certificate carrying the public key.</param> - /// <returns>a <see cref="TlsEncryptor"/> based on the certificate's public key.</returns> - /// <exception cref="IOException"/> - public abstract TlsEncryptor CreateEncryptor(TlsCertificate certificate); } } diff --git a/crypto/src/tls/crypto/impl/AbstractTlsSecret.cs b/crypto/src/tls/crypto/impl/AbstractTlsSecret.cs index 634b86732..e8298193f 100644 --- a/crypto/src/tls/crypto/impl/AbstractTlsSecret.cs +++ b/crypto/src/tls/crypto/impl/AbstractTlsSecret.cs @@ -42,13 +42,13 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl } /// <exception cref="IOException"/> - public virtual byte[] Encrypt(TlsCertificate certificate) + public virtual byte[] Encrypt(TlsEncryptor encryptor) { lock (this) { CheckAlive(); - return Crypto.CreateEncryptor(certificate).Encrypt(m_data, 0, m_data.Length); + return encryptor.Encrypt(m_data, 0, m_data.Length); } } diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs index e1243087d..2f331a166 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsCertificate.cs @@ -59,6 +59,29 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC } /// <exception cref="IOException"/> + public virtual TlsEncryptor CreateEncryptor(int tlsCertificateRole) + { + ValidateKeyUsage(KeyUsage.KeyEncipherment); + + switch (tlsCertificateRole) + { + case TlsCertificateRole.RsaEncryption: + { + this.m_pubKeyRsa = GetPubKeyRsa(); + return new BcTlsRsaEncryptor(m_crypto, m_pubKeyRsa); + } + // TODO[gmssl] + //case TlsCertificateRole.Sm2Encryption: + //{ + // this.m_pubKeyEC = GetPubKeyEC(); + // return new BcTlsSM2Encryptor(m_crypto, m_pubKeyEC); + //} + } + + throw new TlsFatalAlert(AlertDescription.certificate_unknown); + } + + /// <exception cref="IOException"/> public virtual TlsVerifier CreateVerifier(short signatureAlgorithm) { switch (signatureAlgorithm) diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs index aa9985ed9..69e353bae 100644 --- a/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs +++ b/crypto/src/tls/crypto/impl/bc/BcTlsCrypto.cs @@ -1,11 +1,8 @@ using System; -using System.IO; -using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Agreement.Srp; using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Encodings; using Org.BouncyCastle.Crypto.Engines; using Org.BouncyCastle.Crypto.Macs; using Org.BouncyCastle.Crypto.Modes; @@ -140,16 +137,6 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC } } - public override TlsEncryptor CreateEncryptor(TlsCertificate certificate) - { - BcTlsCertificate bcCert = BcTlsCertificate.Convert(this, certificate); - bcCert.ValidateKeyUsage(KeyUsage.KeyEncipherment); - - RsaKeyParameters pubKeyRsa = bcCert.GetPubKeyRsa(); - - return new BcTlsRsaEncryptor(this, pubKeyRsa); - } - public override TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial) { IDigest digest = CreateDigest(CryptoHashAlgorithm.sha256); |