DefaultTlsECConfigVerifier.java example

Explorer
bc-java-master
package org.bouncycastle.tls;

import org.bouncycastle.tls.crypto.TlsECConfig;
import org.bouncycastle.util.Arrays;

public class DefaultTlsECConfigVerifier
    implements TlsECConfigVerifier
{
    protected int minimumCurveBits;
    protected int[] namedCurves;

    public DefaultTlsECConfigVerifier(int minimumCurveBits, int[] namedCurves)
    {
        this.minimumCurveBits = minimumCurveBits;
        this.namedCurves = Arrays.clone(namedCurves);
    }

    public boolean accept(TlsECConfig ecConfig)
    {
        // NOTE: Any value of ecConfig.pointCompression is acceptable

        int namedCurve = ecConfig.getNamedCurve();

        if (NamedCurve.getCurveBits(namedCurve) < minimumCurveBits)
        {
            return false;
        }

        if (namedCurves != null && !Arrays.contains(namedCurves, namedCurve))
        {
            /*
             * RFC 4492 4. [...] servers MUST NOT negotiate the use of an ECC cipher suite unless
             * they can complete the handshake while respecting the choice of curves and compression
             * techniques specified by the client.
             */
            return false;
        }

        return true;
    }
}