1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
using System;
using System.IO;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
namespace Org.BouncyCastle.Tls.Crypto
{
/// <summary>Service and object creation interface for the primitive types and services that are associated with
/// cryptography in the API.</summary>
public interface TlsCrypto
{
/// <summary>Return true if this TlsCrypto can perform raw signatures and verifications for all supported
/// algorithms.</summary>
/// <returns>true if this instance can perform raw signatures and verifications for all supported algorithms,
/// false otherwise.</returns>
bool HasAllRawSignatureAlgorithms();
/// <summary>Return true if this TlsCrypto can support DH key agreement.</summary>
/// <returns>true if this instance can support DH key agreement, false otherwise.</returns>
bool HasDHAgreement();
/// <summary>Return true if this TlsCrypto can support ECDH key agreement.</summary>
/// <returns>true if this instance can support ECDH key agreement, false otherwise.</returns>
bool HasECDHAgreement();
/// <summary>Return true if this TlsCrypto can support the passed in block/stream encryption algorithm.
/// </summary>
/// <param name="encryptionAlgorithm">the algorithm of interest.</param>
/// <returns>true if encryptionAlgorithm is supported, false otherwise.</returns>
bool HasEncryptionAlgorithm(int encryptionAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in hash algorithm.</summary>
/// <param name="cryptoHashAlgorithm">the algorithm of interest.</param>
/// <returns>true if cryptoHashAlgorithm is supported, false otherwise.</returns>
bool HasCryptoHashAlgorithm(int cryptoHashAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in
/// combination with EVERY hash algorithm).</summary>
/// <param name="cryptoSignatureAlgorithm">the algorithm of interest.</param>
/// <returns>true if cryptoSignatureAlgorithm is supported, false otherwise.</returns>
bool HasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in MAC algorithm.</summary>
/// <param name="macAlgorithm">the algorithm of interest.</param>
/// <returns>true if macAlgorithm is supported, false otherwise.</returns>
bool HasMacAlgorithm(int macAlgorithm);
/// <summary>Return true if this TlsCrypto supports the passed in <see cref="NamedGroup">named group</see>
/// value.</summary>
/// <returns>true if this instance supports the passed in <see cref="NamedGroup">named group</see> value.
/// </returns>
bool HasNamedGroup(int namedGroup);
/// <summary>Return true if this TlsCrypto can support RSA encryption/decryption.</summary>
/// <returns>true if this instance can support RSA encryption/decryption, false otherwise.</returns>
bool HasRsaEncryption();
/// <summary>Return true if this TlsCrypto can support the passed in signature algorithm (not necessarily in
/// combination with EVERY hash algorithm).</summary>
/// <returns>true if signatureAlgorithm is supported, false otherwise.</returns>
bool HasSignatureAlgorithm(short signatureAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in signature algorithm.</summary>
/// <param name="sigAndHashAlgorithm">the algorithm of interest.</param>
/// <returns>true if sigAndHashAlgorithm is supported, false otherwise.</returns>
bool HasSignatureAndHashAlgorithm(SignatureAndHashAlgorithm sigAndHashAlgorithm);
/// <summary>Return true if this TlsCrypto can support the passed in signature scheme.</summary>
/// <param name="signatureScheme">the scheme of interest.</param>
/// <returns>true if signatureScheme is supported, false otherwise.</returns>
bool HasSignatureScheme(int signatureScheme);
/// <summary>Return true if this TlsCrypto can support SRP authentication.</summary>
/// <returns>true if this instance can support SRP authentication, false otherwise.</returns>
bool HasSrpAuthentication();
/// <summary>Create a TlsSecret object based on provided data.</summary>
/// <param name="data">the data to base the TlsSecret on.</param>
/// <returns>a TlsSecret based on the provided data.</returns>
TlsSecret CreateSecret(byte[] data);
/// <summary>Create a TlsSecret object containing a randomly-generated RSA PreMasterSecret</summary>
/// <param name="clientVersion">the client version to place in the first 2 bytes</param>
/// <returns>a TlsSecret containing the PreMasterSecret.</returns>
TlsSecret GenerateRsaPreMasterSecret(ProtocolVersion clientVersion);
/// <summary>Return the primary (safest) SecureRandom for this crypto.</summary>
/// <returns>a SecureRandom suitable for key generation.</returns>
SecureRandom SecureRandom { get; }
/// <summary>Create a TlsCertificate from an ASN.1 binary encoding of an X.509 certificate.</summary>
/// <param name="encoding">DER/BER encoding of the certificate of interest.</param>
/// <returns>a TlsCertificate.</returns>
/// <exception cref="IOException">if there is an issue on decoding or constructing the certificate.</exception>
TlsCertificate CreateCertificate(byte[] encoding);
/// <summary>Create a cipher for the specified encryption and MAC algorithms.</summary>
/// <remarks>
/// See enumeration classes <see cref="EncryptionAlgorithm"/>, <see cref="MacAlgorithm"/> for appropriate
/// argument values.
/// </remarks>
/// <param name="cryptoParams">context specific parameters.</param>
/// <param name="encryptionAlgorithm">the encryption algorithm to be employed by the cipher.</param>
/// <param name="macAlgorithm">the MAC algorithm to be employed by the cipher.</param>
/// <returns>a <see cref="TlsCipher"/> implementing the encryption and MAC algorithms.</returns>
/// <exception cref="IOException"/>
TlsCipher CreateCipher(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm);
/// <summary>Create a domain object supporting the domain parameters described in dhConfig.</summary>
/// <param name="dhConfig">the config describing the DH parameters to use.</param>
/// <returns>a TlsDHDomain supporting the parameters in dhConfig.</returns>
TlsDHDomain CreateDHDomain(TlsDHConfig dhConfig);
/// <summary>Create a domain object supporting the domain parameters described in ecConfig.</summary>
/// <param name="ecConfig">the config describing the EC parameters to use.</param>
/// <returns>a TlsECDomain supporting the parameters in ecConfig.</returns>
TlsECDomain CreateECDomain(TlsECConfig ecConfig);
/// <summary>Adopt the passed in secret, creating a new copy of it.</summary>
/// <param name="secret">the secret to make a copy of.</param>
/// <returns>a TlsSecret based on the original secret.</returns>
TlsSecret AdoptSecret(TlsSecret secret);
/// <summary>Create a suitable hash for the hash algorithm identifier passed in.</summary>
/// <remarks>
/// See enumeration class <see cref="CryptoHashAlgorithm"/> for appropriate argument values.
/// </remarks>
/// <param name="cryptoHashAlgorithm">the hash algorithm the hash needs to implement.</param>
/// <returns>a <see cref="TlsHash"/>.</returns>
TlsHash CreateHash(int cryptoHashAlgorithm);
/// <summary>Create a suitable HMAC for the MAC algorithm identifier passed in.</summary>
/// <remarks>
/// See enumeration class <see cref="MacAlgorithm"/> for appropriate argument values.
/// </remarks>
/// <param name="macAlgorithm">the MAC algorithm the HMAC needs to match.</param>
/// <returns>a <see cref="TlsHmac"/>.</returns>
TlsHmac CreateHmac(int macAlgorithm);
/// <summary>Create a suitable HMAC using the hash algorithm identifier passed in.</summary>
/// <remarks>
/// See enumeration class <see cref="CryptoHashAlgorithm"/> for appropriate argument values.
/// </remarks>
/// <param name="cryptoHashAlgorithm">the hash algorithm the HMAC should use.</param>
/// <returns>a <see cref="TlsHmac"/>.</returns>
TlsHmac CreateHmacForHash(int cryptoHashAlgorithm);
/// <summary>Create a nonce generator.</summary>
/// <remarks>
/// Each call should construct a new generator, and the generator should be returned from this call only after
/// automatically seeding from this <see cref="TlsCrypto"/>'s entropy source, and from the provided additional
/// seed material. The output of each returned generator must be completely independent of the others.
/// </remarks>
/// <param name="additionalSeedMaterial">context-specific seed material</param>
/// <returns>a <see cref="TlsNonceGenerator"/>.</returns>
TlsNonceGenerator CreateNonceGenerator(byte[] additionalSeedMaterial);
/// <summary>Create an SRP-6 client.</summary>
/// <param name="srpConfig">client config.</param>
/// <returns>an initialised SRP6 client object.</returns>
TlsSrp6Client CreateSrp6Client(TlsSrpConfig srpConfig);
/// <summary>Create an SRP-6 server.</summary>
/// <param name="srpConfig">server config.</param>
/// <param name="srpVerifier">the SRP6 verifier value.</param>
/// <returns>an initialised SRP6 server object.</returns>
TlsSrp6Server CreateSrp6Server(TlsSrpConfig srpConfig, BigInteger srpVerifier);
/// <summary>Create an SRP-6 verifier generator.</summary>
/// <param name="srpConfig">generator config.</param>
/// <returns>an initialized SRP6 verifier generator.</returns>
TlsSrp6VerifierGenerator CreateSrp6VerifierGenerator(TlsSrpConfig srpConfig);
/// <summary>Setup an initial "secret" for a chain of HKDF calls (RFC 5869), containing a string of HashLen
/// zeroes.</summary>
/// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See
/// <see cref="CryptoHashAlgorithm"/> for values.</param>
TlsSecret HkdfInit(int cryptoHashAlgorithm);
}
}
|
