public void generateClientKeyExchange(OutputStream output) throws IOException { BigInteger A = srpClient.generateClientCredentials(srpSalt, identity, password); TlsSRPUtils.writeSRPParameter(A, output); context.getSecurityParameters().srpIdentity = Arrays.clone(identity); }
public void generateClientKeyExchange(OutputStream output) throws IOException { BigInteger A = srpClient.generateClientCredentials(srpSalt, identity, password); TlsSRPUtils.writeSRPParameter(A, output); context.getSecurityParameters().srpIdentity = Arrays.clone(identity); }
static byte[] calculateVerifyData(TlsContext context, String asciiLabel, byte[] handshakeHash) { if (isSSL(context)) { return handshakeHash; } SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); int verify_data_length = securityParameters.getVerifyDataLength(); return PRF(context, master_secret, asciiLabel, handshakeHash, verify_data_length); }
static byte[] calculateVerifyData(TlsContext context, String asciiLabel, byte[] handshakeHash) { if (isSSL(context)) { return handshakeHash; } SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); int verify_data_length = securityParameters.getVerifyDataLength(); return PRF(context, master_secret, asciiLabel, handshakeHash, verify_data_length); }
protected static void establishMasterSecret(TlsContext context, TlsKeyExchange keyExchange) throws IOException { byte[] pre_master_secret = keyExchange.generatePremasterSecret(); try { context.getSecurityParameters().masterSecret = TlsUtils.calculateMasterSecret(context, pre_master_secret); } finally { // TODO Is there a way to ensure the data is really overwritten? /* * RFC 2246 8.1. The pre_master_secret should be deleted from memory once the * master_secret has been computed. */ if (pre_master_secret != null) { Arrays.fill(pre_master_secret, (byte)0); } } }
public void processClientKeyExchange(InputStream input) throws IOException { /* * RFC 5054 2.5.4: The server MUST abort the handshake with an "illegal_parameter" alert if * A % N = 0. */ try { this.srpPeerCredentials = SRP6Util.validatePublicValue(srpGroup.getN(), TlsSRPUtils.readSRPParameter(input)); } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter, e); } context.getSecurityParameters().srpIdentity = Arrays.clone(identity); }
public void processClientKeyExchange(InputStream input) throws IOException { /* * RFC 5054 2.5.4: The server MUST abort the handshake with an "illegal_parameter" alert if * A % N = 0. */ try { this.srpPeerCredentials = SRP6Util.validatePublicValue(srpGroup.getN(), TlsSRPUtils.readSRPParameter(input)); } catch (CryptoException e) { throw new TlsFatalAlert(AlertDescription.illegal_parameter, e); } context.getSecurityParameters().srpIdentity = Arrays.clone(identity); }
public static byte[] PRF(TlsContext context, byte[] secret, String asciiLabel, byte[] seed, int size) { ProtocolVersion version = context.getServerVersion(); if (version.isSSL()) { throw new IllegalStateException("No PRF available for SSLv3 session"); } byte[] label = Strings.toByteArray(asciiLabel); byte[] labelSeed = concat(label, seed); int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm(); if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy) { return PRF_legacy(secret, label, labelSeed, size); } Digest prfDigest = createPRFHash(prfAlgorithm); byte[] buf = new byte[size]; hmac_hash(prfDigest, secret, labelSeed, buf); return buf; }
protected void ssl3Complete(Digest d, byte[] ipad, byte[] opad, int padLength) { byte[] master_secret = context.getSecurityParameters().masterSecret; d.update(master_secret, 0, master_secret.length); d.update(ipad, 0, padLength); byte[] tmp = new byte[d.getDigestSize()]; d.doFinal(tmp, 0); d.update(master_secret, 0, master_secret.length); d.update(opad, 0, padLength); d.update(tmp, 0, tmp.length); } }
static byte[] calculateKeyBlock(TlsContext context, int size) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); byte[] seed = concat(securityParameters.getServerRandom(), securityParameters.getClientRandom()); if (isSSL(context)) { return calculateKeyBlock_SSL(master_secret, seed, size); } return PRF(context, master_secret, ExporterLabel.key_expansion, seed, size); }
protected void ssl3Complete(Digest d, byte[] ipad, byte[] opad, int padLength) { byte[] master_secret = context.getSecurityParameters().masterSecret; d.update(master_secret, 0, master_secret.length); d.update(ipad, 0, padLength); byte[] tmp = new byte[d.getDigestSize()]; d.doFinal(tmp, 0); d.update(master_secret, 0, master_secret.length); d.update(opad, 0, padLength); d.update(tmp, 0, tmp.length); } }
static byte[] calculateKeyBlock(TlsContext context, int size) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); byte[] seed = concat(securityParameters.getServerRandom(), securityParameters.getClientRandom()); if (isSSL(context)) { return calculateKeyBlock_SSL(master_secret, seed, size); } return PRF(context, master_secret, ExporterLabel.key_expansion, seed, size); }
public static byte[] PRF(TlsContext context, byte[] secret, String asciiLabel, byte[] seed, int size) { ProtocolVersion version = context.getServerVersion(); if (version.isSSL()) { throw new IllegalStateException("No PRF available for SSLv3 session"); } byte[] label = Strings.toByteArray(asciiLabel); byte[] labelSeed = concat(label, seed); int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm(); if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy) { return PRF_legacy(secret, label, labelSeed, size); } Digest prfDigest = createPRFHash(prfAlgorithm); byte[] buf = new byte[size]; hmac_hash(prfDigest, secret, labelSeed, buf); return buf; }
public TlsHandshakeHash notifyPRFDetermined() { int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm(); if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy) { CombinedHash legacyHash = new CombinedHash(); legacyHash.init(context); buf.updateDigest(legacyHash); return legacyHash.notifyPRFDetermined(); } this.prfHashAlgorithm = Shorts.valueOf(TlsUtils.getHashAlgorithmForPRFAlgorithm(prfAlgorithm)); checkTrackingHash(prfHashAlgorithm); return this; }
public TlsHandshakeHash notifyPRFDetermined() { int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm(); if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy) { CombinedHash legacyHash = new CombinedHash(); legacyHash.init(context); buf.updateDigest(legacyHash); return legacyHash.notifyPRFDetermined(); } this.prfHashAlgorithm = Shorts.valueOf(TlsUtils.getHashAlgorithmForPRFAlgorithm(prfAlgorithm)); checkTrackingHash(prfHashAlgorithm); return this; }
static byte[] calculateMasterSecret(TlsContext context, byte[] pre_master_secret) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] seed; if (securityParameters.isExtendedMasterSecret()) { seed = securityParameters.getSessionHash(); } else { seed = concat(securityParameters.getClientRandom(), securityParameters.getServerRandom()); } if (isSSL(context)) { return calculateMasterSecret_SSL(pre_master_secret, seed); } String asciiLabel = securityParameters.isExtendedMasterSecret() ? ExporterLabel.extended_master_secret : ExporterLabel.master_secret; return PRF(context, pre_master_secret, asciiLabel, seed, 48); }
public void processServerKeyExchange(InputStream input) throws IOException { SecurityParameters securityParameters = context.getSecurityParameters(); SignerInputBuffer buf = new SignerInputBuffer(); InputStream teeIn = new TeeInputStream(input, buf); this.dhParameters = TlsDHUtils.receiveDHParameters(dhVerifier, teeIn); this.dhAgreePublicKey = new DHPublicKeyParameters(TlsDHUtils.readDHParameter(teeIn), dhParameters); DigitallySigned signed_params = parseSignature(input); Signer signer = initVerifyer(tlsSigner, signed_params.getAlgorithm(), securityParameters); buf.updateSigner(signer); if (!signer.verifySignature(signed_params.getSignature())) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } }
public void processServerKeyExchange(InputStream input) throws IOException { SecurityParameters securityParameters = context.getSecurityParameters(); SignerInputBuffer buf = new SignerInputBuffer(); InputStream teeIn = new TeeInputStream(input, buf); ECDomainParameters curve_params = TlsECCUtils.readECParameters(namedCurves, clientECPointFormats, teeIn); byte[] point = TlsUtils.readOpaque8(teeIn); DigitallySigned signed_params = DigitallySigned.parse(context, input); Signer signer = initVerifyer(tlsSigner, signed_params.getAlgorithm(), securityParameters); buf.updateSigner(signer); if (!signer.verifySignature(signed_params.getSignature())) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey( clientECPointFormats, curve_params, point)); }
public void processServerKeyExchange(InputStream input) throws IOException { SecurityParameters securityParameters = context.getSecurityParameters(); SignerInputBuffer buf = new SignerInputBuffer(); InputStream teeIn = new TeeInputStream(input, buf); ServerDHParams dhParams = ServerDHParams.parse(teeIn); DigitallySigned signed_params = DigitallySigned.parse(context, input); Signer signer = initVerifyer(tlsSigner, signed_params.getAlgorithm(), securityParameters); buf.updateSigner(signer); if (!signer.verifySignature(signed_params.getSignature())) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } this.dhAgreePublicKey = TlsDHUtils.validateDHPublicKey(dhParams.getPublicKey()); this.dhParameters = dhAgreePublicKey.getParameters(); }
public void processServerKeyExchange(InputStream input) throws IOException { SecurityParameters securityParameters = context.getSecurityParameters(); SignerInputBuffer buf = new SignerInputBuffer(); InputStream teeIn = new TeeInputStream(input, buf); ECDomainParameters curve_params = TlsECCUtils.readECParameters(namedCurves, clientECPointFormats, teeIn); byte[] point = TlsUtils.readOpaque8(teeIn); DigitallySigned signed_params = parseSignature(input); Signer signer = initVerifyer(tlsSigner, signed_params.getAlgorithm(), securityParameters); buf.updateSigner(signer); if (!signer.verifySignature(signed_params.getSignature())) { throw new TlsFatalAlert(AlertDescription.decrypt_error); } this.ecAgreePublicKey = TlsECCUtils.validateECPublicKey(TlsECCUtils.deserializeECPublicKey( clientECPointFormats, curve_params, point)); }