summaryrefslogtreecommitdiffstats
path: root/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
diff options
context:
space:
mode:
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java')
-rw-r--r--bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java85
1 files changed, 70 insertions, 15 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
index 82b37d9..7f70c64 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java
@@ -4,6 +4,7 @@ import java.io.IOException;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.Mac;
import org.bouncycastle.crypto.StreamCipher;
import org.bouncycastle.crypto.digests.MD5Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
@@ -15,24 +16,37 @@ import org.bouncycastle.crypto.engines.CamelliaEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RC4Engine;
import org.bouncycastle.crypto.engines.SEEDEngine;
+import org.bouncycastle.crypto.engines.Salsa20Engine;
+import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.modes.AEADBlockCipher;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CCMBlockCipher;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
public class DefaultTlsCipherFactory
extends AbstractTlsCipherFactory
{
-
public TlsCipher createCipher(TlsContext context, int encryptionAlgorithm, int macAlgorithm)
throws IOException
{
-
switch (encryptionAlgorithm)
{
case EncryptionAlgorithm._3DES_EDE_CBC:
return createDESedeCipher(context, macAlgorithm);
case EncryptionAlgorithm.AES_128_CBC:
return createAESCipher(context, 16, macAlgorithm);
+ case EncryptionAlgorithm.AES_128_CCM:
+ // NOTE: Ignores macAlgorithm
+ return createCipher_AES_CCM(context, 16, 16);
+ case EncryptionAlgorithm.AES_128_CCM_8:
+ // NOTE: Ignores macAlgorithm
+ return createCipher_AES_CCM(context, 16, 8);
+ case EncryptionAlgorithm.AES_256_CCM:
+ // NOTE: Ignores macAlgorithm
+ return createCipher_AES_CCM(context, 32, 16);
+ case EncryptionAlgorithm.AES_256_CCM_8:
+ // NOTE: Ignores macAlgorithm
+ return createCipher_AES_CCM(context, 32, 8);
case EncryptionAlgorithm.AES_128_GCM:
// NOTE: Ignores macAlgorithm
return createCipher_AES_GCM(context, 16, 16);
@@ -45,10 +59,14 @@ public class DefaultTlsCipherFactory
return createCamelliaCipher(context, 16, macAlgorithm);
case EncryptionAlgorithm.CAMELLIA_256_CBC:
return createCamelliaCipher(context, 32, macAlgorithm);
+ case EncryptionAlgorithm.ESTREAM_SALSA20:
+ return createSalsa20Cipher(context, 12, 32, macAlgorithm);
case EncryptionAlgorithm.NULL:
return createNullCipher(context, macAlgorithm);
case EncryptionAlgorithm.RC4_128:
return createRC4Cipher(context, 16, macAlgorithm);
+ case EncryptionAlgorithm.SALSA20:
+ return createSalsa20Cipher(context, 20, 32, macAlgorithm);
case EncryptionAlgorithm.SEED_CBC:
return createSEEDCipher(context, macAlgorithm);
default:
@@ -63,6 +81,13 @@ public class DefaultTlsCipherFactory
createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize);
}
+ protected TlsAEADCipher createCipher_AES_CCM(TlsContext context, int cipherKeySize, int macSize)
+ throws IOException
+ {
+ return new TlsAEADCipher(context, createAEADBlockCipher_AES_CCM(),
+ createAEADBlockCipher_AES_CCM(), cipherKeySize, macSize);
+ }
+
protected TlsAEADCipher createCipher_AES_GCM(TlsContext context, int cipherKeySize, int macSize)
throws IOException
{
@@ -70,8 +95,7 @@ public class DefaultTlsCipherFactory
createAEADBlockCipher_AES_GCM(), cipherKeySize, macSize);
}
- protected TlsBlockCipher createCamelliaCipher(TlsContext context, int cipherKeySize,
- int macAlgorithm)
+ protected TlsBlockCipher createCamelliaCipher(TlsContext context, int cipherKeySize, int macAlgorithm)
throws IOException
{
return new TlsBlockCipher(context, createCamelliaBlockCipher(),
@@ -79,6 +103,13 @@ public class DefaultTlsCipherFactory
createHMACDigest(macAlgorithm), cipherKeySize);
}
+ protected TlsBlockCipher createDESedeCipher(TlsContext context, int macAlgorithm)
+ throws IOException
+ {
+ return new TlsBlockCipher(context, createDESedeBlockCipher(), createDESedeBlockCipher(),
+ createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), 24);
+ }
+
protected TlsNullCipher createNullCipher(TlsContext context, int macAlgorithm)
throws IOException
{
@@ -86,19 +117,22 @@ public class DefaultTlsCipherFactory
createHMACDigest(macAlgorithm));
}
- protected TlsStreamCipher createRC4Cipher(TlsContext context, int cipherKeySize,
- int macAlgorithm)
+ protected TlsStreamCipher createRC4Cipher(TlsContext context, int cipherKeySize, int macAlgorithm)
throws IOException
{
return new TlsStreamCipher(context, createRC4StreamCipher(), createRC4StreamCipher(),
createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize);
}
- protected TlsBlockCipher createDESedeCipher(TlsContext context, int macAlgorithm)
+ protected TlsStreamCipher createSalsa20Cipher(TlsContext context, int rounds, int cipherKeySize, int macAlgorithm)
throws IOException
{
- return new TlsBlockCipher(context, createDESedeBlockCipher(), createDESedeBlockCipher(),
- createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), 24);
+ /*
+ * TODO To be able to support UMAC96, we need to give the TlsStreamCipher a Mac instead of
+ * assuming HMAC and passing a digest.
+ */
+ return new TlsStreamCipher(context, createSalsa20StreamCipher(rounds), createSalsa20StreamCipher(rounds),
+ createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize);
}
protected TlsBlockCipher createSEEDCipher(TlsContext context, int macAlgorithm)
@@ -108,14 +142,14 @@ public class DefaultTlsCipherFactory
createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), 16);
}
- protected StreamCipher createRC4StreamCipher()
+ protected BlockCipher createAESBlockCipher()
{
- return new RC4Engine();
+ return new CBCBlockCipher(new AESFastEngine());
}
- protected BlockCipher createAESBlockCipher()
+ protected AEADBlockCipher createAEADBlockCipher_AES_CCM()
{
- return new CBCBlockCipher(new AESFastEngine());
+ return new CCMBlockCipher(new AESFastEngine());
}
protected AEADBlockCipher createAEADBlockCipher_AES_GCM()
@@ -134,13 +168,22 @@ public class DefaultTlsCipherFactory
return new CBCBlockCipher(new DESedeEngine());
}
+ protected StreamCipher createRC4StreamCipher()
+ {
+ return new RC4Engine();
+ }
+
+ protected StreamCipher createSalsa20StreamCipher(int rounds)
+ {
+ return new Salsa20Engine(rounds);
+ }
+
protected BlockCipher createSEEDBlockCipher()
{
return new CBCBlockCipher(new SEEDEngine());
}
- protected Digest createHMACDigest(int macAlgorithm)
- throws IOException
+ protected Digest createHMACDigest(int macAlgorithm) throws IOException
{
switch (macAlgorithm)
{
@@ -160,4 +203,16 @@ public class DefaultTlsCipherFactory
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}
+
+ protected Mac createMac(int macAlgorithm) throws IOException
+ {
+ switch (macAlgorithm)
+ {
+ // TODO Need an implementation of UMAC
+// case MACAlgorithm.umac96:
+// return
+ default:
+ return new HMac(createHMACDigest(macAlgorithm));
+ }
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 04:22:59 +0000