diff options
Diffstat (limited to 'core/src/main/java/org')
9 files changed, 49 insertions, 45 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java b/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java index 763f2641..92a701d7 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/AbstractTlsServer.java @@ -4,6 +4,8 @@ import java.io.IOException; import java.util.Hashtable; import java.util.Vector; +import org.bouncycastle.util.Arrays; + public abstract class AbstractTlsServer extends AbstractTlsPeer implements TlsServer @@ -194,7 +196,7 @@ public abstract class AbstractTlsServer for (int i = 0; i < cipherSuites.length; ++i) { int cipherSuite = cipherSuites[i]; - if (TlsProtocol.arrayContains(this.offeredCipherSuites, cipherSuite) + if (Arrays.contains(this.offeredCipherSuites, cipherSuite) && (eccCipherSuitesEnabled || !TlsECCUtils.isECCCipherSuite(cipherSuite))) { return this.selectedCipherSuite = cipherSuite; @@ -209,7 +211,7 @@ public abstract class AbstractTlsServer short[] compressionMethods = getCompressionMethods(); for (int i = 0; i < compressionMethods.length; ++i) { - if (TlsProtocol.arrayContains(offeredCompressionMethods, compressionMethods[i])) + if (Arrays.contains(offeredCompressionMethods, compressionMethods[i])) { return this.selectedCompressionMethod = compressionMethods[i]; } diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java index 325db550..53498325 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java @@ -428,7 +428,7 @@ public class DTLSClientProtocol byte[] renegExtData = TlsUtils.getExtensionData(state.clientExtensions, TlsProtocol.EXT_RenegotiationInfo); boolean noRenegExt = (null == renegExtData); - boolean noSCSV = !TlsProtocol.arrayContains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); + boolean noSCSV = !Arrays.contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); if (noRenegExt && noSCSV) { @@ -598,7 +598,7 @@ public class DTLSClientProtocol state.client.notifySessionID(state.selectedSessionID); state.selectedCipherSuite = TlsUtils.readUint16(buf); - if (!TlsProtocol.arrayContains(state.offeredCipherSuites, state.selectedCipherSuite) + if (!Arrays.contains(state.offeredCipherSuites, state.selectedCipherSuite) || state.selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || state.selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { @@ -610,7 +610,7 @@ public class DTLSClientProtocol state.client.notifySelectedCipherSuite(state.selectedCipherSuite); state.selectedCompressionMethod = TlsUtils.readUint8(buf); - if (!TlsProtocol.arrayContains(state.offeredCompressionMethods, state.selectedCompressionMethod)) + if (!Arrays.contains(state.offeredCompressionMethods, state.selectedCompressionMethod)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 257804d7..fbb3336f 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -338,7 +338,7 @@ public class DTLSServerProtocol TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, buf); state.selectedCipherSuite = state.server.getSelectedCipherSuite(); - if (!TlsProtocol.arrayContains(state.offeredCipherSuites, state.selectedCipherSuite) + if (!Arrays.contains(state.offeredCipherSuites, state.selectedCipherSuite) || state.selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || state.selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { @@ -348,7 +348,7 @@ public class DTLSServerProtocol validateSelectedCipherSuite(state.selectedCipherSuite, AlertDescription.internal_error); state.selectedCompressionMethod = state.server.getSelectedCompressionMethod(); - if (!TlsProtocol.arrayContains(state.offeredCompressionMethods, state.selectedCompressionMethod)) + if (!Arrays.contains(state.offeredCompressionMethods, state.selectedCompressionMethod)) { throw new TlsFatalAlert(AlertDescription.internal_error); } @@ -569,7 +569,7 @@ public class DTLSServerProtocol * TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. If it does, set the secure_renegotiation flag * to TRUE. */ - if (TlsProtocol.arrayContains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) + if (Arrays.contains(state.offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { state.secure_renegotiation = true; } diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index 2cea7584..9c8973e8 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -606,7 +606,7 @@ public class TlsClientProtocol * ones. */ int selectedCipherSuite = TlsUtils.readUint16(buf); - if (!arrayContains(this.offeredCipherSuites, selectedCipherSuite) + if (!Arrays.contains(this.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { @@ -620,7 +620,7 @@ public class TlsClientProtocol * offered ones. */ short selectedCompressionMethod = TlsUtils.readUint8(buf); - if (!arrayContains(this.offeredCompressionMethods, selectedCompressionMethod)) + if (!Arrays.contains(this.offeredCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(AlertDescription.illegal_parameter); } @@ -804,8 +804,8 @@ public class TlsClientProtocol if (session_id.length > 0 && this.sessionParameters != null) { - if (!arrayContains(this.offeredCipherSuites, sessionParameters.getCipherSuite()) - || !arrayContains(this.offeredCompressionMethods, sessionParameters.getCompressionAlgorithm())) + if (!Arrays.contains(this.offeredCipherSuites, sessionParameters.getCipherSuite()) + || !Arrays.contains(this.offeredCompressionMethods, sessionParameters.getCompressionAlgorithm())) { session_id = TlsUtils.EMPTY_BYTES; } @@ -831,7 +831,7 @@ public class TlsClientProtocol byte[] renegExtData = TlsUtils.getExtensionData(clientExtensions, EXT_RenegotiationInfo); boolean noRenegExt = (null == renegExtData); - boolean noSCSV = !TlsProtocol.arrayContains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); + boolean noSCSV = !Arrays.contains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV); if (noRenegExt && noSCSV) { diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java index dbc25884..3e7ef39d 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECCUtils.java @@ -20,6 +20,7 @@ import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECFieldElement; import org.bouncycastle.math.ec.ECPoint; +import org.bouncycastle.util.Arrays; import org.bouncycastle.util.BigIntegers; import org.bouncycastle.util.Integers; @@ -73,7 +74,7 @@ public class TlsECCUtils { ecPointFormats = new short[] { ECPointFormat.uncompressed }; } - else if (!TlsProtocol.arrayContains(ecPointFormats, ECPointFormat.uncompressed)) + else if (!Arrays.contains(ecPointFormats, ECPointFormat.uncompressed)) { /* * RFC 4492 5.1. If the Supported Point Formats Extension is indeed sent, it MUST @@ -132,7 +133,7 @@ public class TlsECCUtils TlsProtocol.assertEmpty(buf); - if (!TlsProtocol.arrayContains(ecPointFormats, ECPointFormat.uncompressed)) + if (!Arrays.contains(ecPointFormats, ECPointFormat.uncompressed)) { /* * RFC 4492 5.1. If the Supported Point Formats Extension is indeed sent, it MUST @@ -524,7 +525,7 @@ public class TlsECCUtils private static void checkNamedCurve(int[] namedCurves, int namedCurve) throws IOException { - if (namedCurves != null && !TlsProtocol.arrayContains(namedCurves, namedCurve)) + if (namedCurves != null && !Arrays.contains(namedCurves, namedCurve)) { /* * RFC 4492 4. [...] servers MUST NOT negotiate the use of an ECC cipher suite diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java index 7e696d29..49bf4fb1 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.java @@ -10,6 +10,7 @@ import org.bouncycastle.crypto.Signer; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.util.Arrays; import org.bouncycastle.util.io.TeeInputStream; /** @@ -74,11 +75,11 @@ public class TlsECDHEKeyExchange /* * If no named curves are suitable, check if the client supports explicit curves. */ - if (TlsProtocol.arrayContains(namedCurves, NamedCurve.arbitrary_explicit_prime_curves)) + if (Arrays.contains(namedCurves, NamedCurve.arbitrary_explicit_prime_curves)) { curve_params = TlsECCUtils.getParametersForNamedCurve(NamedCurve.secp256r1); } - else if (TlsProtocol.arrayContains(namedCurves, NamedCurve.arbitrary_explicit_char2_curves)) + else if (Arrays.contains(namedCurves, NamedCurve.arbitrary_explicit_char2_curves)) { curve_params = TlsECCUtils.getParametersForNamedCurve(NamedCurve.sect283r1); } diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java index 0c6675ac..2c3b0941 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java @@ -807,30 +807,6 @@ public abstract class TlsProtocol return maxFragmentLength; } - protected static boolean arrayContains(short[] a, short n) - { - for (int i = 0; i < a.length; ++i) - { - if (a[i] == n) - { - return true; - } - } - return false; - } - - protected static boolean arrayContains(int[] a, int n) - { - for (int i = 0; i < a.length; ++i) - { - if (a[i] == n) - { - return true; - } - } - return false; - } - /** * Make sure the InputStream 'buf' now empty. Fail otherwise. * diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index b2c392c8..056d22aa 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -525,7 +525,7 @@ public class TlsServerProtocol * TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. If it does, set the secure_renegotiation flag * to TRUE. */ - if (arrayContains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) + if (Arrays.contains(offeredCipherSuites, CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) { this.secure_renegotiation = true; } @@ -639,7 +639,7 @@ public class TlsServerProtocol TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, message); int selectedCipherSuite = tlsServer.getSelectedCipherSuite(); - if (!arrayContains(this.offeredCipherSuites, selectedCipherSuite) + if (!Arrays.contains(this.offeredCipherSuites, selectedCipherSuite) || selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || selectedCipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { @@ -648,7 +648,7 @@ public class TlsServerProtocol securityParameters.cipherSuite = selectedCipherSuite; short selectedCompressionMethod = tlsServer.getSelectedCompressionMethod(); - if (!arrayContains(this.offeredCompressionMethods, selectedCompressionMethod)) + if (!Arrays.contains(this.offeredCompressionMethods, selectedCompressionMethod)) { throw new TlsFatalAlert(AlertDescription.internal_error); } diff --git a/core/src/main/java/org/bouncycastle/util/Arrays.java b/core/src/main/java/org/bouncycastle/util/Arrays.java index ad5fc4f5..3f7677ca 100644 --- a/core/src/main/java/org/bouncycastle/util/Arrays.java +++ b/core/src/main/java/org/bouncycastle/util/Arrays.java @@ -231,6 +231,30 @@ public final class Arrays return true; } + public static boolean contains(short[] a, short n) + { + for (int i = 0; i < a.length; ++i) + { + if (a[i] == n) + { + return true; + } + } + return false; + } + + public static boolean contains(int[] a, int n) + { + for (int i = 0; i < a.length; ++i) + { + if (a[i] == n) + { + return true; + } + } + return false; + } + public static void fill( byte[] array, byte value) |