public static boolean containsECCCipherSuites(int[] cipherSuites) { for (int i = 0; i < cipherSuites.length; ++i) { if (isECCCipherSuite(cipherSuites[i])) { return true; } } return false; }
public static boolean containsECCCipherSuites(int[] cipherSuites) { for (int i = 0; i < cipherSuites.length; ++i) { if (isECCCipherSuite(cipherSuites[i])) { return true; } } return false; }
public void processServerExtensions(Hashtable serverExtensions) throws IOException { /* * TlsProtocol implementation validates that any server extensions received correspond to * client extensions sent. By default, we don't send any, and this method is not called. */ if (serverExtensions != null) { /* * RFC 5246 7.4.1.4.1. Servers MUST NOT send this extension. */ checkForUnexpectedServerExtension(serverExtensions, TlsUtils.EXT_signature_algorithms); checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_elliptic_curves); if (TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) { this.serverECPointFormats = TlsECCUtils.getSupportedPointFormatsExtension(serverExtensions); } else { checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_ec_point_formats); } } }
@Override public int getSelectedCipherSuite() throws IOException { /* * TODO RFC 5246 7.4.3. In order to negotiate correctly, the server MUST check any candidate cipher suites against the * "signature_algorithms" extension before selecting them. This is somewhat inelegant but is a compromise designed to * minimize changes to the original cipher suite design. */ /* * RFC 4429 5.1. A server that receives a ClientHello containing one or both of these extensions MUST use the client's * enumerated capabilities to guide its selection of an appropriate cipher suite. One of the proposed ECC cipher suites * must be negotiated only if the server can successfully complete the handshake while using the curves and point * formats supported by the client [...]. */ boolean eccCipherSuitesEnabled = supportsClientECCCapabilities(this.namedCurves, this.clientECPointFormats); int[] cipherSuites = getCipherSuites(); for (int i = 0; i < cipherSuites.length; ++i) { int cipherSuite = cipherSuites[i]; if (Arrays.contains(this.offeredCipherSuites, cipherSuite) && (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite)) && org.bouncycastle.crypto.tls.TlsUtils.isValidCipherSuiteForVersion(cipherSuite, serverVersion)) { return this.selectedCipherSuite = cipherSuite; } } throw new TlsFatalAlert(AlertDescription.handshake_failure); }
@Override public int getSelectedCipherSuite() throws IOException { /* * TODO RFC 5246 7.4.3. In order to negotiate correctly, the server MUST check any candidate cipher suites against the * "signature_algorithms" extension before selecting them. This is somewhat inelegant but is a compromise designed to * minimize changes to the original cipher suite design. */ /* * RFC 4429 5.1. A server that receives a ClientHello containing one or both of these extensions MUST use the client's * enumerated capabilities to guide its selection of an appropriate cipher suite. One of the proposed ECC cipher suites * must be negotiated only if the server can successfully complete the handshake while using the curves and point * formats supported by the client [...]. */ boolean eccCipherSuitesEnabled = supportsClientECCCapabilities(this.namedCurves, this.clientECPointFormats); int[] cipherSuites = getCipherSuites(); for (int i = 0; i < cipherSuites.length; ++i) { int cipherSuite = cipherSuites[i]; if (Arrays.contains(this.offeredCipherSuites, cipherSuite) && (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite)) && org.bouncycastle.crypto.tls.TlsUtils.isValidCipherSuiteForVersion(cipherSuite, serverVersion)) { return this.selectedCipherSuite = cipherSuite; } } throw new TlsFatalAlert(AlertDescription.handshake_failure); }
public void processServerExtensions(Hashtable serverExtensions) throws IOException { /* * TlsProtocol implementation validates that any server extensions received correspond to * client extensions sent. By default, we don't send any, and this method is not called. */ if (serverExtensions != null) { /* * RFC 5246 7.4.1.4.1. Servers MUST NOT send this extension. */ checkForUnexpectedServerExtension(serverExtensions, TlsUtils.EXT_signature_algorithms); checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_elliptic_curves); if (TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite)) { this.serverECPointFormats = TlsECCUtils.getSupportedPointFormatsExtension(serverExtensions); } else { checkForUnexpectedServerExtension(serverExtensions, TlsECCUtils.EXT_ec_point_formats); } /* * RFC 7685 3. The server MUST NOT echo the extension. */ checkForUnexpectedServerExtension(serverExtensions, TlsExtensionsUtils.EXT_padding); } }
public int getSelectedCipherSuite() throws IOException { /* * TODO RFC 5246 7.4.3. In order to negotiate correctly, the server MUST check any candidate * cipher suites against the "signature_algorithms" extension before selecting them. This is * somewhat inelegant but is a compromise designed to minimize changes to the original * cipher suite design. */ /* * RFC 4429 5.1. A server that receives a ClientHello containing one or both of these * extensions MUST use the client's enumerated capabilities to guide its selection of an * appropriate cipher suite. One of the proposed ECC cipher suites must be negotiated only * if the server can successfully complete the handshake while using the curves and point * formats supported by the client [...]. */ boolean eccCipherSuitesEnabled = supportsClientECCCapabilities(this.namedCurves, this.clientECPointFormats); int[] cipherSuites = getCipherSuites(); for (int i = 0; i < cipherSuites.length; ++i) { int cipherSuite = cipherSuites[i]; if (Arrays.contains(this.offeredCipherSuites, cipherSuite) && (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite)) && TlsUtils.isValidCipherSuiteForVersion(cipherSuite, serverVersion)) { return this.selectedCipherSuite = cipherSuite; } } throw new TlsFatalAlert(AlertDescription.handshake_failure); }
&& (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite)) && TlsUtils.isValidCipherSuiteForVersion(cipherSuite, serverVersion) && TlsUtils.isValidCipherSuiteForSignatureAlgorithms(cipherSuite, sigAlgs))
if (this.clientECPointFormats != null && TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite))
if (this.clientECPointFormats != null && TlsECCUtils.isECCCipherSuite(this.selectedCipherSuite))
if (TlsECCUtils.isECCCipherSuite(selectedCipherSuite))