private static int getBlockSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); int keySize = cipherAlg.getKeySize(); MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); int secretSetSize = (2 * keySize) + (2 * macAlg.getKeySize()); if (!protocolVersion.usesExplicitIv()) { secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); } return secretSetSize; }
/** * CipherSuite filtering based on the key exchange method and on the * ephemeral property. This method is useful for establishing new workflows. * * @param cipherSuites * The CipherSuites that should be filtered */ public static void filterCipherSuites(List<CipherSuite> cipherSuites) { KeyExchangeAlgorithm algorithm = AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuites.get(0)); boolean ephemeral = cipherSuites.get(0).isEphemeral(); for (int i = cipherSuites.size() - 1; i > 0; i--) { CipherSuite cs = cipherSuites.get(i); if (AlgorithmResolver.getKeyExchangeAlgorithm(cs) != algorithm || cs.isEphemeral() != ephemeral) { cipherSuites.remove(i); } } }
public static MacAlgorithm getMacAlgorithm(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { MacAlgorithm result = null; if (getCipherType(cipherSuite) == CipherType.AEAD) { result = MacAlgorithm.AEAD; } else {
private static int getAeadSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); int keySize = cipherAlg.getKeySize(); // GCM in TLS uses 4 bytes long salt (generated in the handshake), // 8 bytes long nonce (changed for each new record), and 4 bytes long // sequence number used increased in the record int saltSize = RecordAEADCipher.GCM_IV_LENGTH - RecordAEADCipher.SEQUENCE_NUMBER_LENGTH; int secretSetSize = 2 * keySize + 2 * saltSize; return secretSetSize; }
private byte[] derivePsk(NewSessionTicketMessage message) { try { LOGGER.debug("Deriving PSK from current session"); HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser() .getSelectedCipherSuite()); DigestAlgorithm digestAlgo = AlgorithmResolver.getDigestAlgorithm(tlsContext.getChooser() .getSelectedProtocolVersion(), tlsContext.getChooser().getSelectedCipherSuite()); int macLength = Mac.getInstance(hkdfAlgortihm.getMacAlgorithm().getJavaName()).getMacLength(); byte[] resumptionMasterSecret = HKDFunction.deriveSecret(hkdfAlgortihm, digestAlgo.getJavaName(), tlsContext.getMasterSecret(), HKDFunction.RESUMPTION_MASTER_SECRET, tlsContext.getDigest() .getRawBytes()); LOGGER.debug("Derived ResumptionMasterSecret: " + ArrayConverter.bytesToHexString(resumptionMasterSecret)); byte[] psk = HKDFunction.expandLabel(hkdfAlgortihm, resumptionMasterSecret, HKDFunction.RESUMPTION, message .getTicket().getTicketNonce().getValue(), macLength); LOGGER.debug("Derived PSK: " + ArrayConverter.bytesToHexString(psk)); return psk; } catch (NoSuchAlgorithmException | CryptoException ex) { LOGGER.error("DigestAlgorithm for psk derivation unknown"); throw new WorkflowExecutionException(ex.toString()); } }
private static void deriveExportKeys(KeySet keySet, TlsContext context) throws CryptoException { ProtocolVersion protocolVersion = context.getChooser().getSelectedProtocolVersion(); CipherSuite cipherSuite = context.getChooser().getSelectedCipherSuite(); byte[] clientRandom = context.getChooser().getClientRandom(); byte[] serverRandom = context.getChooser().getServerRandom(); if (protocolVersion == ProtocolVersion.SSL3) { deriveSSL3ExportKeys(cipherSuite, keySet, clientRandom, serverRandom); return; } byte[] clientAndServerRandom = ArrayConverter.concatenate(clientRandom, serverRandom); PRFAlgorithm prfAlgorithm = AlgorithmResolver.getPRFAlgorithm(protocolVersion, cipherSuite); int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); keySet.setClientWriteKey(PseudoRandomFunction.compute(prfAlgorithm, keySet.getClientWriteKey(), PseudoRandomFunction.CLIENT_WRITE_KEY_LABEL, clientAndServerRandom, keySize)); keySet.setServerWriteKey(PseudoRandomFunction.compute(prfAlgorithm, keySet.getServerWriteKey(), PseudoRandomFunction.SERVER_WRITE_KEY_LABEL, clientAndServerRandom, keySize)); int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); byte[] emptySecret = {}; byte[] ivBlock = PseudoRandomFunction.compute(prfAlgorithm, emptySecret, PseudoRandomFunction.IV_BLOCK_LABEL, clientAndServerRandom, 2 * blockSize); keySet.setClientWriteIv(Arrays.copyOfRange(ivBlock, 0, blockSize)); keySet.setServerWriteIv(Arrays.copyOfRange(ivBlock, blockSize, 2 * blockSize)); }
private int getMacKeySize() { return AlgorithmResolver.getMacAlgorithm(version, suite).getKeySize(); }
CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); KeySet keySet = new KeySet(keySetType); HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(cipherSuite); keySet.setClientWriteKey(HKDFunction.expandLabel(hkdfAlgortihm, clientSecret, HKDFunction.KEY, new byte[] {}, cipherAlg.getKeySize()));
private void adjustPRF(ServerHelloMessage message) { Chooser chooser = tlsContext.getChooser(); if (!chooser.getSelectedProtocolVersion().isSSL()) { tlsContext.setPrfAlgorithm(AlgorithmResolver.getPRFAlgorithm(chooser.getSelectedProtocolVersion(), chooser.getSelectedCipherSuite())); } }
private void prepareBinderValue() { try { HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(pskBinder.getBinderCipherConfig()); int macLen = Mac.getInstance(hkdfAlgortihm.getMacAlgorithm().getJavaName()).getMacLength(); pskBinder.setBinderEntry(new byte[macLen]); pskBinder.setBinderEntryLength(pskBinder.getBinderEntry().getValue().length); } catch (NoSuchAlgorithmException ex) { LOGGER.warn(ex); } }
MessageDigest hash1; MessageDigest hash2 = null; DigestAlgorithm algorithm = AlgorithmResolver.getDigestAlgorithm(version, suite); if (null == algorithm) { hash1 = MessageDigest.getInstance(algorithm.getJavaName());
public RecordCipher(TlsContext context, KeySet keySet) { this.keySet = keySet; this.context = context; this.cipherSuite = context.getChooser().getSelectedCipherSuite(); this.version = context.getChooser().getSelectedProtocolVersion(); this.bulkCipherAlg = AlgorithmResolver.getBulkCipherAlgorithm(context.getChooser().getSelectedCipherSuite()); }
private int getIVSize() { return AlgorithmResolver.getCipher(suite).getNonceBytesFromHandshake(); }
private void adjustEarlyTrafficSecret() throws CryptoException { HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser() .getEarlyDataCipherSuite()); DigestAlgorithm digestAlgo = AlgorithmResolver.getDigestAlgorithm(ProtocolVersion.TLS13, tlsContext .getChooser().getEarlyDataCipherSuite()); byte[] earlySecret = HKDFunction.extract(hkdfAlgortihm, new byte[0], tlsContext.getChooser().getEarlyDataPsk()); tlsContext.setEarlySecret(earlySecret); byte[] earlyTrafficSecret = HKDFunction.deriveSecret(hkdfAlgortihm, digestAlgo.getJavaName(), tlsContext .getChooser().getEarlySecret(), HKDFunction.CLIENT_EARLY_TRAFFIC_SECRET, tlsContext.getDigest() .getRawBytes()); tlsContext.setClientEarlyTrafficSecret(earlyTrafficSecret); LOGGER.debug("EarlyTrafficSecret: " + ArrayConverter.bytesToHexString(earlyTrafficSecret)); }
private List<Record> getMacFlippedRecords(CipherSuite suite, ProtocolVersion version) { List<Record> recordList = new LinkedList<>(); int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); List<ByteArrayXorModification> allBitFlipModifications = getAllBitFlipModifications(macSize); for (ByteArrayXorModification modification : allBitFlipModifications) { Record r = new Record(); r.prepareComputations(); ModifiableByteArray modMac = new ModifiableByteArray(); modMac.setModification(modification); r.getComputations().setMac(modMac); recordList.add(r); } return recordList; }
public static byte[] calculateEKM(Chooser chooser, int length) throws CryptoException { byte[] masterSecret = chooser.getMasterSecret(); String label = TokenBindingLabel.TOKEN_LABEL; byte[] clientServerRandom = ArrayConverter.concatenate(chooser.getClientRandom(), chooser.getServerRandom()); PRFAlgorithm algorithm = AlgorithmResolver.getPRFAlgorithm(chooser.getSelectedProtocolVersion(), chooser.getSelectedCipherSuite()); return PseudoRandomFunction.compute(algorithm, masterSecret, label, clientServerRandom, length); }
private byte[] computeVerifyData() throws CryptoException { if (chooser.getSelectedProtocolVersion().isTLS13()) { try { HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(chooser.getSelectedCipherSuite()); Mac mac = Mac.getInstance(hkdfAlgortihm.getMacAlgorithm().getJavaName()); byte[] finishedKey;
private void prepareUkm() throws NoSuchAlgorithmException { DigestAlgorithm digestAlgorithm = AlgorithmResolver.getDigestAlgorithm(chooser.getSelectedProtocolVersion(), chooser.getSelectedCipherSuite()); MessageDigest digest = MessageDigest.getInstance(digestAlgorithm.getJavaName()); byte[] hash = digest.digest(msg.getComputations().getClientServerRandom().getValue()); byte[] ukm = new byte[8]; System.arraycopy(hash, 0, ukm, 0, ukm.length); msg.getComputations().setUkm(ukm); LOGGER.debug("UKM: " + ArrayConverter.bytesToHexString(msg.getComputations().getUkm())); }
public void addClientKeyExchangeMessage(List<ProtocolMessage> messages) { CipherSuite cs = config.getDefaultSelectedCipherSuite(); ClientKeyExchangeMessage message = createClientKeyExchangeMessage(AlgorithmResolver.getKeyExchangeAlgorithm(cs)); messages.add(message); }
private static int getStreamSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); int secretSetSize = (2 * cipherAlg.getKeySize()) + (2 * macAlg.getKeySize()); if (cipherSuite.isSteamCipherWithIV()) { secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); } return secretSetSize; }