static byte[] calculateKeyBlock(TlsContext context, int size) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); byte[] seed = concat(securityParameters.getServerRandom(), securityParameters.getClientRandom()); if (isSSL(context)) { return calculateKeyBlock_SSL(master_secret, seed, size); } return PRF(context, master_secret, ExporterLabel.key_expansion, seed, size); }
protected void cleanupHandshake() { if (this.expected_verify_data != null) { Arrays.fill(this.expected_verify_data, (byte)0); this.expected_verify_data = null; } this.securityParameters.clear(); this.peerCertificate = null; this.offeredCipherSuites = null; this.offeredCompressionMethods = null; this.clientExtensions = null; this.serverExtensions = null; this.resumedSession = false; this.receivedChangeCipherSpec = false; this.secure_renegotiation = false; this.allowCertificateStatus = false; this.expectSessionTicket = false; }
static byte[] calculateMasterSecret(TlsContext context, byte[] pre_master_secret) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] seed; if (securityParameters.isExtendedMasterSecret()) { seed = securityParameters.getSessionHash(); } else { seed = concat(securityParameters.getClientRandom(), securityParameters.getServerRandom()); } if (isSSL(context)) { return calculateMasterSecret_SSL(pre_master_secret, seed); } String asciiLabel = securityParameters.isExtendedMasterSecret() ? ExporterLabel.extended_master_secret : ExporterLabel.master_secret; return PRF(context, pre_master_secret, asciiLabel, seed, 48); }
static byte[] calculateVerifyData(TlsContext context, String asciiLabel, byte[] handshakeHash) { if (isSSL(context)) { return handshakeHash; } SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); int verify_data_length = securityParameters.getVerifyDataLength(); return PRF(context, master_secret, asciiLabel, handshakeHash, verify_data_length); }
.setCipherSuite(this.securityParameters.getCipherSuite()) .setCompressionAlgorithm(this.securityParameters.getCompressionAlgorithm()) .setExtendedMasterSecret(securityParameters.isExtendedMasterSecret()) .setMasterSecret(this.securityParameters.getMasterSecret()) .setPeerCertificate(this.peerCertificate) .setPSKIdentity(this.securityParameters.getPSKIdentity()) .setSRPIdentity(this.securityParameters.getSRPIdentity())
if (!sp.isExtendedMasterSecret()) byte[] cr = sp.getClientRandom(), sr = sp.getServerRandom(); return TlsUtils.PRF(this, sp.getMasterSecret(), asciiLabel, seed, length);
static byte[] calculateMasterSecret(TlsContext context, byte[] pre_master_secret) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] seed; if (securityParameters.extendedMasterSecret) { seed = securityParameters.getSessionHash(); } else { seed = concat(securityParameters.getClientRandom(), securityParameters.getServerRandom()); } if (isSSL(context)) { return calculateMasterSecret_SSL(pre_master_secret, seed); } String asciiLabel = securityParameters.extendedMasterSecret ? ExporterLabel.extended_master_secret : ExporterLabel.master_secret; return PRF(context, pre_master_secret, asciiLabel, seed, 48); }
/** * Receives a TLS handshake in the role of server * * @param tlsServer * @throws IOException If handshake was not successful. */ public void accept(TlsServer tlsServer) throws IOException { if (tlsServer == null) { throw new IllegalArgumentException("'tlsServer' cannot be null"); } if (this.tlsServer != null) { throw new IllegalStateException("'accept' can only be called once"); } this.tlsServer = tlsServer; this.securityParameters = new SecurityParameters(); this.securityParameters.entity = ConnectionEnd.server; this.tlsServerContext = new TlsServerContextImpl(secureRandom, securityParameters); this.securityParameters.serverRandom = createRandomBlock(tlsServer.shouldUseGMTUnixTime(), tlsServerContext.getNonceRandomGenerator()); this.tlsServer.init(tlsServerContext); this.recordStream.init(tlsServerContext); this.recordStream.setRestrictReadVersion(false); completeHandshake(); }
SecurityParameters securityParameters = new SecurityParameters(); securityParameters.entity = ConnectionEnd.server; securityParameters.clear();
byte[] cr = sp.getClientRandom(), sr = sp.getServerRandom();
buf.write(securityParameters.getServerRandom()); if (securityParameters.isExtendedMasterSecret()) securityParameters.getCipherSuite());
if (securityParameters.getCipherSuite() != state.sessionParameters.getCipherSuite() || securityParameters.getCompressionAlgorithm() != state.sessionParameters.getCompressionAlgorithm()) if (signatureAndHashAlgorithm == null) hash = securityParameters.getSessionHash();
if (!securityParameters.isExtendedMasterSecret() && (state.resumedSession || state.client.requiresExtendedMasterSecret())) if (serverSentEncryptThenMAC && !TlsUtils.isBlockCipherSuite(securityParameters.getCipherSuite())) securityParameters.getCipherSuite());
buf.write(securityParameters.getClientRandom());
hash = context.getSecurityParameters().getSessionHash();
this.securityParameters.getCipherSuite()); if (signatureAndHashAlgorithm == null) hash = securityParameters.getSessionHash();
public static byte[] PRF(TlsContext context, byte[] secret, String asciiLabel, byte[] seed, int size) { ProtocolVersion version = context.getServerVersion(); if (version.isSSL()) { throw new IllegalStateException("No PRF available for SSLv3 session"); } byte[] label = Strings.toByteArray(asciiLabel); byte[] labelSeed = concat(label, seed); int prfAlgorithm = context.getSecurityParameters().getPrfAlgorithm(); if (prfAlgorithm == PRFAlgorithm.tls_prf_legacy) { return PRF_legacy(secret, label, labelSeed, size); } Digest prfDigest = createPRFHash(prfAlgorithm); byte[] buf = new byte[size]; hmac_hash(prfDigest, secret, labelSeed, buf); return buf; }
if (tlsContext.getSecurityParameters().getMasterSecret() == null && tlsContext.getResumableSession() != null) {
buf.write(securityParameters.getServerRandom());
securityParameters.prfAlgorithm = getPRFAlgorithm(getContext(), securityParameters.getCipherSuite());