public TlsProtocol(InputStream input, OutputStream output, SecureRandom secureRandom) { this.blocking = true; this.recordStream = new RecordStream(this, input, output); this.secureRandom = secureRandom; }
byte[] decodeAndVerify(short type, InputStream input, int len) throws IOException checkLength(len, ciphertextLimit, AlertDescription.record_overflow); checkLength(decoded.length, compressedLimit, AlertDescription.record_overflow); decoded = getBufferContents(); checkLength(decoded.length, plaintextLimit, AlertDescription.decompression_failure);
protected void flush() throws IOException { recordStream.flush(); }
protected void writeHandshakeMessage(byte[] buf, int off, int len) throws IOException { if (len < 4) { throw new TlsFatalAlert(AlertDescription.internal_error); } short type = TlsUtils.readUint8(buf, off); if (type != HandshakeType.hello_request) { recordStream.getHandshakeHashUpdater().write(buf, off, len); } int total = 0; do { // Fragment data according to the current fragment limit. int toWrite = Math.min(len - total, recordStream.getPlaintextLimit()); safeWriteRecord(ContentType.handshake, buf, off + total, toWrite); total += toWrite; } while (total < len); }
recordStream.setPlaintextLimit(plainTextLimit); this.recordStream.notifyHelloComplete(); this.recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); this.recordStream.getHandshakeHash().sealHashAlgorithms(); this.connection_state = CS_CLIENT_KEY_EXCHANGE; TlsHandshakeHash prepareFinishHash = recordStream.prepareToFinish(); this.securityParameters.sessionHash = getCurrentPRFHash(getContext(), prepareFinishHash, null); recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); TlsUtils.trackHashAlgorithms(this.recordStream.getHandshakeHash(), this.certificateRequest.getSupportedSignatureAlgorithms());
checkType(type, AlertDescription.internal_error); checkLength(plaintextLength, plaintextLimit, AlertDescription.internal_error); updateHandshakeData(plaintext, plaintextOffset, plaintextLength); byte[] compressed = getBufferContents(); checkLength(compressed.length, plaintextLength + 1024, AlertDescription.internal_error); checkLength(ciphertext.length, ciphertextLimit, AlertDescription.internal_error);
checkType(type, AlertDescription.internal_error); checkLength(plaintextLength, plaintextLimit, AlertDescription.internal_error); byte[] compressed = getBufferContents(); checkLength(compressed.length, plaintextLength + 1024, AlertDescription.internal_error); checkLength(ciphertext.length, ciphertextLimit, AlertDescription.internal_error);
checkType(type, AlertDescription.unexpected_message); checkLength(length, ciphertextLimit, AlertDescription.record_overflow); byte[] plaintext = decodeAndVerify(type, input, length); handler.processRecord(type, plaintext, 0, plaintext.length); return true;
checkType(type, AlertDescription.unexpected_message); byte[] plaintext = decodeAndVerify(type, input, length); handler.processRecord(type, plaintext, 0, plaintext.length); return true;
if (!server_version.equals(this.recordStream.getReadVersion())) this.recordStream.setWriteVersion(server_version); getContextAdmin().setServerVersion(server_version); this.tlsClient.notifyServerVersion(server_version);
checkType(type, AlertDescription.unexpected_message); checkLength(length, ciphertextLimit, AlertDescription.record_overflow);
this.connection_state = CS_SERVER_HELLO; recordStream.notifyHelloComplete(); TlsUtils.trackHashAlgorithms(this.recordStream.getHandshakeHash(), this.certificateRequest.getSupportedSignatureAlgorithms()); this.connection_state = CS_SERVER_HELLO_DONE; this.recordStream.getHandshakeHash().sealHashAlgorithms();
protected byte[] createVerifyData(boolean isServer) { TlsContext context = getContext(); String asciiLabel = isServer ? ExporterLabel.server_finished : ExporterLabel.client_finished; byte[] sslSender = isServer ? TlsUtils.SSL_SERVER : TlsUtils.SSL_CLIENT; byte[] hash = getCurrentPRFHash(context, recordStream.getHandshakeHash(), sslSender); return TlsUtils.calculateVerifyData(context, asciiLabel, hash); }
protected void writeHandshakeMessage(byte[] buf, int off, int len) throws IOException { while (len > 0) { // Fragment data according to the current fragment limit. int toWrite = Math.min(len, recordStream.getPlaintextLimit()); safeWriteRecord(ContentType.handshake, buf, off, toWrite); off += toWrite; len -= toWrite; } }
this.recordStream.finaliseHandshake();
this.connection_state = CS_SERVER_HELLO; this.recordStream.notifyHelloComplete(); this.recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); this.recordStream.getHandshakeHash().sealHashAlgorithms(); TlsHandshakeHash prepareFinishHash = recordStream.prepareToFinish(); this.securityParameters.sessionHash = getCurrentPRFHash(getContext(), prepareFinishHash, null); recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); TlsUtils.trackHashAlgorithms(this.recordStream.getHandshakeHash(), this.certificateRequest.getSupportedSignatureAlgorithms());
if (!server_version.equals(this.recordStream.getReadVersion())) this.recordStream.setWriteVersion(server_version); getContextAdmin().setServerVersion(server_version); this.tlsClient.notifyServerVersion(server_version);
protected byte[] createVerifyData(boolean isServer) { TlsContext context = getContext(); String asciiLabel = isServer ? ExporterLabel.server_finished : ExporterLabel.client_finished; byte[] sslSender = isServer ? TlsUtils.SSL_SERVER : TlsUtils.SSL_CLIENT; byte[] hash = getCurrentPRFHash(context, recordStream.getHandshakeHash(), sslSender); return TlsUtils.calculateVerifyData(context, asciiLabel, hash); }
int toWrite = Math.min(len, recordStream.getPlaintextLimit()); safeWriteRecord(ContentType.application_data, buf, offset, toWrite); offset += toWrite;
this.handshakeQueue.shrink(); this.recordStream.finaliseHandshake();