if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(clientVersion)) case KeyExchangeAlgorithm.SRP_DSS: this.supportedSignatureAlgorithms = TlsUtils.getDefaultDSSSignatureAlgorithms(); break; case KeyExchangeAlgorithm.ECDHE_ECDSA: this.supportedSignatureAlgorithms = TlsUtils.getDefaultECDSASignatureAlgorithms(); break; case KeyExchangeAlgorithm.SRP_RSA: this.supportedSignatureAlgorithms = TlsUtils.getDefaultRSASignatureAlgorithms(); break;
static byte[] calculateKeyBlock(TlsContext context, int size) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); byte[] seed = concat(securityParameters.getServerRandom(), securityParameters.getClientRandom()); if (isSSL(context)) { return calculateKeyBlock_SSL(master_secret, seed, size); } return PRF(context, master_secret, ExporterLabel.key_expansion, seed, size); }
public static byte[] PRF(TlsContext context, byte[] secret, String asciiLabel, byte[] seed, int size) { ProtocolVersion version = context.getServerVersion(); if (version.isSSL()) { throw new IllegalStateException("No PRF available for SSLv3 session"); } byte[] label = Strings.toByteArray(asciiLabel); byte[] labelSeed = concat(label, seed); int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm(); if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy) { return PRF_legacy(secret, label, labelSeed, size); } Digest prfDigest = createPRFHash(prfAlgorithm); byte[] buf = new byte[size]; hmac_hash(prfDigest, secret, labelSeed, buf); return buf; }
public static byte[] readOpaque16(InputStream input) throws IOException { int length = readUint16(input); return readFully(length, input); }
static byte[] PRF_legacy(byte[] secret, byte[] label, byte[] labelSeed, int size) { int s_half = (secret.length + 1) / 2; byte[] s1 = new byte[s_half]; byte[] s2 = new byte[s_half]; System.arraycopy(secret, 0, s1, 0, s_half); System.arraycopy(secret, secret.length - s_half, s2, 0, s_half); byte[] b1 = new byte[size]; byte[] b2 = new byte[size]; hmac_hash(createHash(HashAlgorithm.md5), s1, labelSeed, b1); hmac_hash(createHash(HashAlgorithm.sha1), s2, labelSeed, b2); for (int i = 0; i < size; i++) { b1[i] ^= b2[i]; } return b1; }
public static byte[] PRF_legacy(byte[] secret, String asciiLabel, byte[] seed, int size) { byte[] label = Strings.toByteArray(asciiLabel); byte[] labelSeed = concat(label, seed); return PRF_legacy(secret, label, labelSeed, size); }
ProtocolVersion server_version = TlsUtils.readVersion(buf); reportServerVersion(state, server_version); securityParameters.serverRandom = TlsUtils.readFully(32, buf); state.selectedSessionID = TlsUtils.readOpaque8(buf); if (state.selectedSessionID.length > 32) state.selectedCipherSuite = TlsUtils.readUint16(buf); if (!Arrays.contains(state.offeredCipherSuites, state.selectedCipherSuite) || state.selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || CipherSuite.isSCSV(state.selectedCipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(state.selectedCipherSuite, server_version)) state.selectedCompressionMethod = TlsUtils.readUint8(buf); if (!Arrays.contains(state.offeredCompressionMethods, state.selectedCompressionMethod)) if (null == TlsUtils.getExtensionData(state.clientExtensions, extType)) if (serverSentEncryptThenMAC && !TlsUtils.isBlockCipherSuite(state.selectedCipherSuite)) state.allowCertificateStatus = TlsUtils.hasExpectedEmptyExtensionData(serverExtensions, TlsExtensionsUtils.EXT_status_request, AlertDescription.illegal_parameter); state.expectSessionTicket = TlsUtils.hasExpectedEmptyExtensionData(serverExtensions, TlsProtocol.EXT_SessionTicket, AlertDescription.illegal_parameter);
TlsUtils.writeVersion(state.serverContext.getServerVersion(), buf); TlsUtils.writeOpaque8(TlsUtils.EMPTY_BYTES, buf); || state.selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || CipherSuite.isSCSV(state.selectedCipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(state.selectedCipherSuite, server_version)) TlsUtils.writeUint16(state.selectedCipherSuite, buf); TlsUtils.writeUint8(state.selectedCompressionMethod, buf); byte[] renegExtData = TlsUtils.getExtensionData(state.serverExtensions, TlsProtocol.EXT_RenegotiationInfo); boolean noRenegExt = (null == renegExtData); state.allowCertificateStatus = TlsUtils.hasExpectedEmptyExtensionData(state.serverExtensions, TlsExtensionsUtils.EXT_status_request, AlertDescription.internal_error); state.expectSessionTicket = TlsUtils.hasExpectedEmptyExtensionData(state.serverExtensions, TlsProtocol.EXT_SessionTicket, AlertDescription.internal_error);
throws IOException int numTypes = TlsUtils.readUint8(input); short[] certificateTypes = new short[numTypes]; for (int i = 0; i < numTypes; ++i) certificateTypes[i] = TlsUtils.readUint8(input); if (TlsUtils.isTLSv12(context)) supportedSignatureAlgorithms = TlsUtils.parseSupportedSignatureAlgorithms(false, input); byte[] certAuthData = TlsUtils.readOpaque16(input); ByteArrayInputStream bis = new ByteArrayInputStream(certAuthData); while (bis.available() > 0) byte[] derEncoding = TlsUtils.readOpaque16(bis); ASN1Primitive asn1 = TlsUtils.readDERObject(derEncoding); certificateAuthorities.addElement(X500Name.getInstance(asn1));
int length = TlsUtils.readUint16(input); if (length > 0) byte[] data = TlsUtils.readFully(length, input); ByteArrayInputStream buf = new ByteArrayInputStream(data); do byte[] derEncoding = TlsUtils.readOpaque16(buf); ResponderID responderID = ResponderID.getInstance(TlsUtils.readDERObject(derEncoding)); responderIDList.addElement(responderID); int length = TlsUtils.readUint16(input); if (length > 0) byte[] derEncoding = TlsUtils.readFully(length, input); requestExtensions = Extensions.getInstance(TlsUtils.readDERObject(derEncoding));
private static byte[] exportKeyingMaterial(TlsContext context, String asciiLabel, byte[] context_value, int length, byte[] masterSecret ) if (context_value != null && !TlsUtils.isValidUint16(context_value.length)) if (context_value != null) TlsUtils.writeUint16(context_value.length, seed, seedPos); seedPos += 2; System.arraycopy(context_value, 0, seed, seedPos, context_value.length); return TlsUtils.PRF(context, masterSecret, asciiLabel, seed, length);
throws IOException int totalLength = TlsUtils.readUint24(input); if (totalLength == 0) byte[] certListData = TlsUtils.readFully(totalLength, input); while (buf.available() > 0) byte[] berEncoding = TlsUtils.readOpaque24(buf); ASN1Primitive asn1Cert = TlsUtils.readASN1Object(berEncoding); certificate_list.addElement(org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Cert));
throws IOException int totalLength = TlsUtils.readUint24(input); if (totalLength == 0) byte[] certListData = TlsUtils.readFully(totalLength, input); while (buf.available() > 0) byte[] derEncoding = TlsUtils.readOpaque24(buf); ASN1Primitive asn1Cert = TlsUtils.readDERObject(derEncoding); certificate_list.addElement(org.bouncycastle.asn1.x509.Certificate.getInstance(asn1Cert));
static byte[] calculateMasterSecret(TlsContext context, byte[] pre_master_secret) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] seed; if (securityParameters.extendedMasterSecret) { seed = securityParameters.getSessionHash(); } else { seed = concat(securityParameters.getClientRandom(), securityParameters.getServerRandom()); } if (isSSL(context)) { return calculateMasterSecret_SSL(pre_master_secret, seed); } String asciiLabel = securityParameters.extendedMasterSecret ? ExporterLabel.extended_master_secret : ExporterLabel.master_secret; return PRF(context, pre_master_secret, asciiLabel, seed, 48); }
throws IOException short type = TlsUtils.readUint8(input); if (!CertChainType.isValid(type)) int totalLength = TlsUtils.readUint16(input); if (totalLength < 1) byte[] urlAndHashListData = TlsUtils.readFully(totalLength, input);
void checkRecordHeader(byte[] recordHeader) throws IOException short type = TlsUtils.readUint8(recordHeader, TLS_HEADER_TYPE_OFFSET); int version = TlsUtils.readVersionRaw(recordHeader, TLS_HEADER_VERSION_OFFSET); if ((version & 0xffffff00) != 0x0300) ProtocolVersion version = TlsUtils.readVersion(recordHeader, TLS_HEADER_VERSION_OFFSET); if (readVersion == null) int length = TlsUtils.readUint16(recordHeader, TLS_HEADER_LENGTH_OFFSET);
protected static Vector readSupplementalDataMessage(ByteArrayInputStream input) throws IOException { byte[] supp_data = TlsUtils.readOpaque24(input); assertEmpty(input); ByteArrayInputStream buf = new ByteArrayInputStream(supp_data); Vector supplementalData = new Vector(); while (buf.available() > 0) { int supp_data_type = TlsUtils.readUint16(buf); byte[] data = TlsUtils.readOpaque16(buf); supplementalData.addElement(new SupplementalDataEntry(supp_data_type, data)); } return supplementalData; }
public static UseSRTPData readUseSRTPExtension(byte[] extensionData) throws IOException { if (extensionData == null) { throw new IllegalArgumentException("'extensionData' cannot be null"); } ByteArrayInputStream buf = new ByteArrayInputStream(extensionData); // SRTPProtectionProfiles int length = TlsUtils.readUint16(buf); if (length < 2 || (length & 1) != 0) { throw new TlsFatalAlert(AlertDescription.decode_error); } int[] protectionProfiles = TlsUtils.readUint16Array(length / 2, buf); // srtp_mki byte[] mki = TlsUtils.readOpaque8(buf); TlsProtocol.assertEmpty(buf); return new UseSRTPData(protectionProfiles, mki); } }
/** * Parse a {@link CertificateStatus} from an {@link InputStream}. * * @param input * the {@link InputStream} to parse from. * @return a {@link CertificateStatus} object. * @throws IOException */ public static CertificateStatus parse(InputStream input) throws IOException { short status_type = TlsUtils.readUint8(input); Object response; switch (status_type) { case CertificateStatusType.ocsp: { byte[] derEncoding = TlsUtils.readOpaque24(input); response = OCSPResponse.getInstance(TlsUtils.readDERObject(derEncoding)); break; } default: throw new TlsFatalAlert(AlertDescription.decode_error); } return new CertificateStatus(status_type, response); }
if (TlsUtils.isSignatureAlgorithmsExtensionAllowed(clientVersion)) this.supportedSignatureAlgorithms = TlsUtils.getDefaultSupportedSignatureAlgorithms(); TlsUtils.addSignatureAlgorithmsExtension(clientExtensions, supportedSignatureAlgorithms);