public static boolean isTLSv11(TlsContext context) { return isTLSv11(context.getServerVersion()); }
public static boolean isTLSv12(TlsContext context) { return isTLSv12(context.getServerVersion()); }
public static boolean isSSL(TlsContext context) { return context.getServerVersion().isSSL(); }
public static boolean isSSL(TlsContext context) { return context.getServerVersion().isSSL(); }
public static boolean isTLSv11(TlsContext context) { return ProtocolVersion.TLSv11.isEqualOrEarlierVersionOf(context.getServerVersion().getEquivalentTLSVersion()); }
public static boolean isTLSv12(TlsContext context) { return ProtocolVersion.TLSv12.isEqualOrEarlierVersionOf(context.getServerVersion().getEquivalentTLSVersion()); }
protected byte[] getAdditionalData(long seqNo, short type, int len) throws IOException { /* * additional_data = seq_num + TLSCompressed.type + TLSCompressed.version + * TLSCompressed.length */ byte[] additional_data = new byte[13]; TlsUtils.writeUint64(seqNo, additional_data, 0); TlsUtils.writeUint8(type, additional_data, 8); TlsUtils.writeVersion(context.getServerVersion(), additional_data, 9); TlsUtils.writeUint16(len, additional_data, 11); return additional_data; } }
protected byte[] getAdditionalData(long seqNo, short type, int len) throws IOException { /* * additional_data = seq_num + TLSCompressed.type + TLSCompressed.version + * TLSCompressed.length */ byte[] additional_data = new byte[13]; TlsUtils.writeUint64(seqNo, additional_data, 0); TlsUtils.writeUint8(type, additional_data, 8); TlsUtils.writeVersion(context.getServerVersion(), additional_data, 9); TlsUtils.writeUint16(len, additional_data, 11); return additional_data; } }
protected byte[] getAdditionalData(long seqNo, short type, int len) throws IOException { /* * additional_data = seq_num + TLSCompressed.type + TLSCompressed.version + * TLSCompressed.length */ byte[] additional_data = new byte[13]; TlsUtils.writeUint64(seqNo, additional_data, 0); TlsUtils.writeUint8(type, additional_data, 8); TlsUtils.writeVersion(context.getServerVersion(), additional_data, 9); TlsUtils.writeUint16(len, additional_data, 11); return additional_data; } }
protected byte[] getAdditionalData(long seqNo, short type, int len) throws IOException { /* * additional_data = seq_num + TLSCompressed.type + TLSCompressed.version + * TLSCompressed.length */ byte[] additional_data = new byte[13]; TlsUtils.writeUint64(seqNo, additional_data, 0); TlsUtils.writeUint8(type, additional_data, 8); TlsUtils.writeVersion(context.getServerVersion(), additional_data, 9); TlsUtils.writeUint16(len, additional_data, 11); return additional_data; } }
public static byte[] PRF(TlsContext context, byte[] secret, String asciiLabel, byte[] seed, int size) { ProtocolVersion version = context.getServerVersion(); if (version.isSSL()) { throw new IllegalStateException("No PRF available for SSLv3 session"); } byte[] label = Strings.toByteArray(asciiLabel); byte[] labelSeed = concat(label, seed); int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm(); if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy) { return PRF_legacy(secret, label, labelSeed, size); } Digest prfDigest = createPRFHash(prfAlgorithm); byte[] buf = new byte[size]; hmac_hash(prfDigest, secret, labelSeed, buf); return buf; }
public static byte[] PRF(TlsContext context, byte[] secret, String asciiLabel, byte[] seed, int size) { ProtocolVersion version = context.getServerVersion(); if (version.isSSL()) { throw new IllegalStateException("No PRF available for SSLv3 session"); } byte[] label = Strings.toByteArray(asciiLabel); byte[] labelSeed = concat(label, seed); int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm(); if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy) { return PRF_legacy(secret, label, labelSeed, size); } Digest prfDigest = createPRFHash(prfAlgorithm); byte[] buf = new byte[size]; hmac_hash(prfDigest, secret, labelSeed, buf); return buf; }
int macSize = writeMac.getSize(); ProtocolVersion version = context.getServerVersion();
int macSize = writeMac.getSize(); ProtocolVersion version = context.getServerVersion();
protected void sendCertificateMessage(Certificate certificate) throws IOException { if (certificate == null) { certificate = Certificate.EMPTY_CHAIN; } if (certificate.isEmpty()) { TlsContext context = getContext(); if (!context.isServer()) { ProtocolVersion serverVersion = getContext().getServerVersion(); if (serverVersion.isSSL()) { String errorMessage = serverVersion.toString() + " client didn't provide credentials"; raiseAlertWarning(AlertDescription.no_certificate, errorMessage); return; } } } HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate); certificate.encode(message); message.writeToRecordStream(); }
protected void sendCertificateMessage(Certificate certificate) throws IOException { if (certificate == null) { certificate = Certificate.EMPTY_CHAIN; } if (certificate.isEmpty()) { TlsContext context = getContext(); if (!context.isServer()) { ProtocolVersion serverVersion = getContext().getServerVersion(); if (serverVersion.isSSL()) { String errorMessage = serverVersion.toString() + " client didn't provide credentials"; raiseWarning(AlertDescription.no_certificate, errorMessage); return; } } } HandshakeMessage message = new HandshakeMessage(HandshakeType.certificate); certificate.encode(message); message.writeToRecordStream(); }
/** * Calculate the MAC for some given data. * * @param type The message type of the message. * @param message A byte-buffer containing the message. * @param offset The number of bytes to skip, before the message starts. * @param length The length of the message. * @return A new byte-buffer containing the MAC value. */ public byte[] calculateMac(long seqNo, short type, byte[] message, int offset, int length) { ProtocolVersion serverVersion = context.getServerVersion(); boolean isSSL = serverVersion.isSSL(); byte[] macHeader = new byte[isSSL ? 11 : 13]; TlsUtils.writeUint64(seqNo, macHeader, 0); TlsUtils.writeUint8(type, macHeader, 8); if (!isSSL) { TlsUtils.writeVersion(serverVersion, macHeader, 9); } TlsUtils.writeUint16(length, macHeader, macHeader.length - 2); mac.update(macHeader, 0, macHeader.length); mac.update(message, offset, length); byte[] result = new byte[mac.getMacSize()]; mac.doFinal(result, 0); return truncate(result); }
/** * Calculate the MAC for some given data. * * @param type The message type of the message. * @param message A byte-buffer containing the message. * @param offset The number of bytes to skip, before the message starts. * @param length The length of the message. * @return A new byte-buffer containing the MAC value. */ public byte[] calculateMac(long seqNo, short type, byte[] message, int offset, int length) { ProtocolVersion serverVersion = context.getServerVersion(); boolean isSSL = serverVersion.isSSL(); byte[] macHeader = new byte[isSSL ? 11 : 13]; TlsUtils.writeUint64(seqNo, macHeader, 0); TlsUtils.writeUint8(type, macHeader, 8); if (!isSSL) { TlsUtils.writeVersion(serverVersion, macHeader, 9); } TlsUtils.writeUint16(length, macHeader, macHeader.length - 2); mac.update(macHeader, 0, macHeader.length); mac.update(message, offset, length); byte[] result = new byte[mac.getMacSize()]; mac.doFinal(result, 0); return truncate(result); }
|| selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || CipherSuite.isSCSV(selectedCipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(selectedCipherSuite, getContext().getServerVersion()))
|| selectedCipherSuite == CipherSuite.TLS_NULL_WITH_NULL_NULL || CipherSuite.isSCSV(selectedCipherSuite) || !TlsUtils.isValidCipherSuiteForVersion(selectedCipherSuite, getContext().getServerVersion()))