private byte[] getObfuscatedTicketAge(byte[] ticketAgeAdd, String ticketAge) { DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"); LocalDateTime ticketDate = LocalDateTime.parse(ticketAge, dateTimeFormatter); BigInteger difference = BigInteger.valueOf(Duration.between(ticketDate, LocalDateTime.now()).toMillis()); BigInteger addValue = BigInteger.valueOf(ArrayConverter.bytesToLong(ticketAgeAdd)); BigInteger mod = BigInteger.valueOf(2).pow(32); difference = difference.add(addValue); difference = difference.mod(mod); byte[] obfTicketAge = ArrayConverter.longToBytes(difference.longValue(), ExtensionByteLength.TICKET_AGE_LENGTH); LOGGER.debug("Calculated ObfuscatedTicketAge: " + ArrayConverter.bytesToHexString(obfTicketAge)); return obfTicketAge; }
private void writeLifetimeHint(NewSessionTicketMessage msg) { appendBytes(ArrayConverter.longToBytes(msg.getTicketLifetimeHint().getValue(), HandshakeByteLength.NEWSESSIONTICKET_LIFETIMEHINT_LENGTH)); LOGGER.debug("LifetimeHint: " + ArrayConverter.bytesToHexString(ArrayConverter.longToBytes(msg.getTicketLifetimeHint().getValue(), HandshakeByteLength.NEWSESSIONTICKET_LIFETIMEHINT_LENGTH))); }
@Override public byte[] getDecryptionIV() { byte[] nonce = ArrayConverter.longToBytes(context.getReadSequenceNumber(), SEQUENCE_NUMBER_LENGTH); return ArrayConverter.concatenate(getKeySet().getReadIv(context.getConnection().getLocalConnectionEndType()), nonce); } }
@Override public byte[] getEncryptionIV() { byte[] nonce = ArrayConverter.longToBytes(context.getWriteSequenceNumber(), SEQUENCE_NUMBER_LENGTH); return ArrayConverter.concatenate(getKeySet().getWriteIv(context.getConnection().getLocalConnectionEndType()), nonce); }
private EncryptionResult encryptTLS12(EncryptionRequest request) throws CryptoException { byte[] nonce = ArrayConverter.longToBytes(context.getWriteSequenceNumber(), RecordByteLength.SEQUENCE_NUMBER); byte[] iv = ArrayConverter.concatenate( getKeySet().getWriteIv(context.getConnection().getLocalConnectionEndType()), nonce); LOGGER.debug("Encrypting GCM with the following IV: {}", ArrayConverter.bytesToHexString(iv)); LOGGER.debug("Encrypting GCM with the following AAD: {}", ArrayConverter.bytesToHexString(request.getAdditionalAuthenticatedData())); byte[] ciphertext = encryptCipher.encrypt(iv, GCM_TAG_LENGTH * 8, request.getAdditionalAuthenticatedData(), request.getPlainText()); return new EncryptionResult(iv, ArrayConverter.concatenate(nonce, ciphertext), false); }
private byte[] decryptTLS13(DecryptionRequest decryptionRequest) throws CryptoException { LOGGER.debug("Decrypting using SQN:" + context.getReadSequenceNumber()); byte[] sequenceNumberByte = ArrayConverter.longToBytes(context.getReadSequenceNumber(), RecordByteLength.SEQUENCE_NUMBER); byte[] nonce = ArrayConverter.concatenate(new byte[GCM_IV_LENGTH - RecordByteLength.SEQUENCE_NUMBER], sequenceNumberByte); byte[] decryptIV = prepareAeadParameters(nonce, getDecryptionIV()); LOGGER.debug("Decrypting GCM with the following IV: {}", ArrayConverter.bytesToHexString(decryptIV)); LOGGER.debug("Decrypting the following GCM ciphertext: {}", ArrayConverter.bytesToHexString(decryptionRequest.getCipherText())); if (version == ProtocolVersion.TLS13 || version == ProtocolVersion.TLS13_DRAFT25 || version == ProtocolVersion.TLS13_DRAFT26 || version == ProtocolVersion.TLS13_DRAFT27 || version == ProtocolVersion.TLS13_DRAFT28) { return decryptCipher.decrypt(decryptIV, GCM_TAG_LENGTH * 8, decryptionRequest.getAdditionalAuthenticatedData(), decryptionRequest.getCipherText()); } else { return decryptCipher.decrypt(decryptIV, GCM_TAG_LENGTH * 8, decryptionRequest.getCipherText()); } }
private EncryptionResult encryptTLS13(EncryptionRequest request) throws CryptoException { byte[] sequenceNumberByte = ArrayConverter.longToBytes(context.getWriteSequenceNumber(), RecordByteLength.SEQUENCE_NUMBER); byte[] nonce = ArrayConverter.concatenate(new byte[GCM_IV_LENGTH - RecordByteLength.SEQUENCE_NUMBER], sequenceNumberByte); byte[] encryptIV = prepareAeadParameters(nonce, getEncryptionIV()); LOGGER.debug("Encrypting GCM with the following IV: {}", ArrayConverter.bytesToHexString(encryptIV)); byte[] cipherText; if (version == ProtocolVersion.TLS13 || version == ProtocolVersion.TLS13_DRAFT25 || version == ProtocolVersion.TLS13_DRAFT26 || version == ProtocolVersion.TLS13_DRAFT27 || version == ProtocolVersion.TLS13_DRAFT28) { cipherText = encryptCipher.encrypt(encryptIV, GCM_TAG_LENGTH * 8, request.getAdditionalAuthenticatedData(), request.getPlainText()); } else { cipherText = encryptCipher.encrypt(encryptIV, GCM_TAG_LENGTH * 8, request.getPlainText()); } return new EncryptionResult(encryptIV, cipherText, false); }