diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java | 85 |
1 files changed, 70 insertions, 15 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java index 82b37d9..7f70c64 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.java @@ -4,6 +4,7 @@ import java.io.IOException; import org.bouncycastle.crypto.BlockCipher; import org.bouncycastle.crypto.Digest; +import org.bouncycastle.crypto.Mac; import org.bouncycastle.crypto.StreamCipher; import org.bouncycastle.crypto.digests.MD5Digest; import org.bouncycastle.crypto.digests.SHA1Digest; @@ -15,24 +16,37 @@ import org.bouncycastle.crypto.engines.CamelliaEngine; import org.bouncycastle.crypto.engines.DESedeEngine; import org.bouncycastle.crypto.engines.RC4Engine; import org.bouncycastle.crypto.engines.SEEDEngine; +import org.bouncycastle.crypto.engines.Salsa20Engine; +import org.bouncycastle.crypto.macs.HMac; import org.bouncycastle.crypto.modes.AEADBlockCipher; import org.bouncycastle.crypto.modes.CBCBlockCipher; +import org.bouncycastle.crypto.modes.CCMBlockCipher; import org.bouncycastle.crypto.modes.GCMBlockCipher; public class DefaultTlsCipherFactory extends AbstractTlsCipherFactory { - public TlsCipher createCipher(TlsContext context, int encryptionAlgorithm, int macAlgorithm) throws IOException { - switch (encryptionAlgorithm) { case EncryptionAlgorithm._3DES_EDE_CBC: return createDESedeCipher(context, macAlgorithm); case EncryptionAlgorithm.AES_128_CBC: return createAESCipher(context, 16, macAlgorithm); + case EncryptionAlgorithm.AES_128_CCM: + // NOTE: Ignores macAlgorithm + return createCipher_AES_CCM(context, 16, 16); + case EncryptionAlgorithm.AES_128_CCM_8: + // NOTE: Ignores macAlgorithm + return createCipher_AES_CCM(context, 16, 8); + case EncryptionAlgorithm.AES_256_CCM: + // NOTE: Ignores macAlgorithm + return createCipher_AES_CCM(context, 32, 16); + case EncryptionAlgorithm.AES_256_CCM_8: + // NOTE: Ignores macAlgorithm + return createCipher_AES_CCM(context, 32, 8); case EncryptionAlgorithm.AES_128_GCM: // NOTE: Ignores macAlgorithm return createCipher_AES_GCM(context, 16, 16); @@ -45,10 +59,14 @@ public class DefaultTlsCipherFactory return createCamelliaCipher(context, 16, macAlgorithm); case EncryptionAlgorithm.CAMELLIA_256_CBC: return createCamelliaCipher(context, 32, macAlgorithm); + case EncryptionAlgorithm.ESTREAM_SALSA20: + return createSalsa20Cipher(context, 12, 32, macAlgorithm); case EncryptionAlgorithm.NULL: return createNullCipher(context, macAlgorithm); case EncryptionAlgorithm.RC4_128: return createRC4Cipher(context, 16, macAlgorithm); + case EncryptionAlgorithm.SALSA20: + return createSalsa20Cipher(context, 20, 32, macAlgorithm); case EncryptionAlgorithm.SEED_CBC: return createSEEDCipher(context, macAlgorithm); default: @@ -63,6 +81,13 @@ public class DefaultTlsCipherFactory createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize); } + protected TlsAEADCipher createCipher_AES_CCM(TlsContext context, int cipherKeySize, int macSize) + throws IOException + { + return new TlsAEADCipher(context, createAEADBlockCipher_AES_CCM(), + createAEADBlockCipher_AES_CCM(), cipherKeySize, macSize); + } + protected TlsAEADCipher createCipher_AES_GCM(TlsContext context, int cipherKeySize, int macSize) throws IOException { @@ -70,8 +95,7 @@ public class DefaultTlsCipherFactory createAEADBlockCipher_AES_GCM(), cipherKeySize, macSize); } - protected TlsBlockCipher createCamelliaCipher(TlsContext context, int cipherKeySize, - int macAlgorithm) + protected TlsBlockCipher createCamelliaCipher(TlsContext context, int cipherKeySize, int macAlgorithm) throws IOException { return new TlsBlockCipher(context, createCamelliaBlockCipher(), @@ -79,6 +103,13 @@ public class DefaultTlsCipherFactory createHMACDigest(macAlgorithm), cipherKeySize); } + protected TlsBlockCipher createDESedeCipher(TlsContext context, int macAlgorithm) + throws IOException + { + return new TlsBlockCipher(context, createDESedeBlockCipher(), createDESedeBlockCipher(), + createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), 24); + } + protected TlsNullCipher createNullCipher(TlsContext context, int macAlgorithm) throws IOException { @@ -86,19 +117,22 @@ public class DefaultTlsCipherFactory createHMACDigest(macAlgorithm)); } - protected TlsStreamCipher createRC4Cipher(TlsContext context, int cipherKeySize, - int macAlgorithm) + protected TlsStreamCipher createRC4Cipher(TlsContext context, int cipherKeySize, int macAlgorithm) throws IOException { return new TlsStreamCipher(context, createRC4StreamCipher(), createRC4StreamCipher(), createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize); } - protected TlsBlockCipher createDESedeCipher(TlsContext context, int macAlgorithm) + protected TlsStreamCipher createSalsa20Cipher(TlsContext context, int rounds, int cipherKeySize, int macAlgorithm) throws IOException { - return new TlsBlockCipher(context, createDESedeBlockCipher(), createDESedeBlockCipher(), - createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), 24); + /* + * TODO To be able to support UMAC96, we need to give the TlsStreamCipher a Mac instead of + * assuming HMAC and passing a digest. + */ + return new TlsStreamCipher(context, createSalsa20StreamCipher(rounds), createSalsa20StreamCipher(rounds), + createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), cipherKeySize); } protected TlsBlockCipher createSEEDCipher(TlsContext context, int macAlgorithm) @@ -108,14 +142,14 @@ public class DefaultTlsCipherFactory createHMACDigest(macAlgorithm), createHMACDigest(macAlgorithm), 16); } - protected StreamCipher createRC4StreamCipher() + protected BlockCipher createAESBlockCipher() { - return new RC4Engine(); + return new CBCBlockCipher(new AESFastEngine()); } - protected BlockCipher createAESBlockCipher() + protected AEADBlockCipher createAEADBlockCipher_AES_CCM() { - return new CBCBlockCipher(new AESFastEngine()); + return new CCMBlockCipher(new AESFastEngine()); } protected AEADBlockCipher createAEADBlockCipher_AES_GCM() @@ -134,13 +168,22 @@ public class DefaultTlsCipherFactory return new CBCBlockCipher(new DESedeEngine()); } + protected StreamCipher createRC4StreamCipher() + { + return new RC4Engine(); + } + + protected StreamCipher createSalsa20StreamCipher(int rounds) + { + return new Salsa20Engine(rounds); + } + protected BlockCipher createSEEDBlockCipher() { return new CBCBlockCipher(new SEEDEngine()); } - protected Digest createHMACDigest(int macAlgorithm) - throws IOException + protected Digest createHMACDigest(int macAlgorithm) throws IOException { switch (macAlgorithm) { @@ -160,4 +203,16 @@ public class DefaultTlsCipherFactory throw new TlsFatalAlert(AlertDescription.internal_error); } } + + protected Mac createMac(int macAlgorithm) throws IOException + { + switch (macAlgorithm) + { + // TODO Need an implementation of UMAC +// case MACAlgorithm.umac96: +// return + default: + return new HMac(createHMACDigest(macAlgorithm)); + } + } } |