private static int getAeadSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); int keySize = cipherAlg.getKeySize(); // GCM in TLS uses 4 bytes long salt (generated in the handshake), // 8 bytes long nonce (changed for each new record), and 4 bytes long // sequence number used increased in the record int saltSize = RecordAEADCipher.GCM_IV_LENGTH - RecordAEADCipher.SEQUENCE_NUMBER_LENGTH; int secretSetSize = 2 * keySize + 2 * saltSize; return secretSetSize; }
private int getIVSize() { return AlgorithmResolver.getCipher(suite).getNonceBytesFromHandshake(); }
private int getKeySize() { if (suite.isExportSymmetricCipher()) { return CipherSuite.EXPORT_SYMMETRIC_KEY_SIZE_BYTES; } else { return AlgorithmResolver.getCipher(suite).getKeySize(); } }
/** * * @param suite * @param version * @return */ @Override public List<Record> getRecords(CipherSuite suite, ProtocolVersion version) { int blockSize = AlgorithmResolver.getCipher(suite).getBlocksize(); int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); List<Record> recordList = new LinkedList<>(); recordList.addAll(createRecordsWithModifiedMac()); recordList.addAll(createRecordsWithModifiedPadding()); recordList.addAll(createRecordsWithPlainData(blockSize, macSize)); return recordList; }
private static int getStreamSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); int secretSetSize = (2 * cipherAlg.getKeySize()) + (2 * macAlg.getKeySize()); if (cipherSuite.isSteamCipherWithIV()) { secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); } return secretSetSize; }
private static int getBlockSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); int keySize = cipherAlg.getKeySize(); MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); int secretSetSize = (2 * keySize) + (2 * macAlg.getKeySize()); if (!protocolVersion.usesExplicitIv()) { secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); } return secretSetSize; }
private static void deriveSSL3ExportKeys(CipherSuite cipherSuite, KeySet keySet, byte[] clientRandom, byte[] serverRandom) { int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); keySet.setClientWriteKey(MD5firstNBytes(keySize, keySet.getClientWriteKey(), clientRandom, serverRandom)); keySet.setServerWriteKey(MD5firstNBytes(keySize, keySet.getServerWriteKey(), serverRandom, clientRandom)); int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); keySet.setClientWriteIv(MD5firstNBytes(blockSize, clientRandom, serverRandom)); keySet.setServerWriteIv(MD5firstNBytes(blockSize, serverRandom, clientRandom)); }
@Override public byte[] getEncryptionIV() { if (useExplicitIv) { CipherAlgorithm cipherAlgorithm = AlgorithmResolver.getCipher(cipherSuite); byte[] iv = new byte[cipherAlgorithm.getNonceBytesFromHandshake()]; context.getRandom().nextBytes(iv); return iv; } else { byte[] tempIv = encryptCipher.getIv(); if (tempIv == null) { ConnectionEndType localConEndType = context.getConnection().getLocalConnectionEndType(); return getKeySet().getWriteIv(localConEndType); } else { return tempIv; } } }
private List<Record> getPlainRecords(CipherSuite suite, ProtocolVersion version) { List<Record> recordList = new LinkedList<>(); int blockSize = AlgorithmResolver.getCipher(suite).getBlocksize(); for (int paddingLength = 0; paddingLength < 256; paddingLength++) { int messageSize = blockSize - (paddingLength % blockSize); byte[] message = new byte[messageSize]; byte[][] paddings = getModifiedPaddings(paddingLength); for (byte[] padding : paddings) { Record r = new Record(); r.prepareComputations(); byte[] plain = ArrayConverter.concatenate(message, padding); ModifiableByteArray modPlain = new ModifiableByteArray(); modPlain.setModification(new ByteArrayExplicitValueModification(plain)); r.getComputations().setPlainRecordBytes(modPlain); recordList.add(r); } } return recordList; }
private List<Record> getPlainRecords(CipherSuite suite, ProtocolVersion version) { List<Record> recordList = new LinkedList<>(); int blockSize = AlgorithmResolver.getCipher(suite).getBlocksize(); for (int paddingLength = 0; paddingLength < 256; paddingLength++) { int messageSize = blockSize - (paddingLength % blockSize); byte[] message = new byte[messageSize]; byte[][] paddings = getModifiedPaddings(paddingLength); for (byte[] padding : paddings) { Record r = new Record(); r.prepareComputations(); byte[] plain = ArrayConverter.concatenate(message, padding); ModifiableByteArray modPlain = new ModifiableByteArray(); modPlain.setModification(new ByteArrayExplicitValueModification(plain)); r.getComputations().setPlainRecordBytes(modPlain); recordList.add(r); } } return recordList; }
public static EncryptionCipher getEncryptionCipher(CipherSuite cipherSuite, ConnectionEndType connectionEndType, KeySet keySet) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); if (cipherAlg == CipherAlgorithm.GOST_28147_CNT) { return new GOST28147Cipher(GOSTUtils.getGostSpec(cipherSuite), keySet.getWriteKey(connectionEndType), keySet.getWriteIv(connectionEndType)); } else if (cipherAlg.getJavaName() != null) { return new JavaCipher(cipherAlg, keySet.getWriteKey(connectionEndType)); } else if (cipherAlg == CipherAlgorithm.NULL) { return new NullCipher(); } else { LOGGER.warn("Cipher:" + cipherAlg + " is not supported - Using NullCipher!"); return new NullCipher(); } }
public static DecryptionCipher getDecryptionCipher(CipherSuite cipherSuite, ConnectionEndType connectionEndType, KeySet keySet) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); if (cipherAlg == CipherAlgorithm.GOST_28147_CNT) { return new GOST28147Cipher(GOSTUtils.getGostSpec(cipherSuite), keySet.getReadKey(connectionEndType), keySet.getReadIv(connectionEndType)); } else if (cipherAlg.getJavaName() != null) { return new JavaCipher(cipherAlg, keySet.getReadKey(connectionEndType)); } else if (cipherAlg == CipherAlgorithm.NULL) { return new NullCipher(); } else { LOGGER.warn("Cipher:" + cipherAlg + " is not supported - Using NullCipher!"); return new NullCipher(); } }
private List<Record> getPaddingFlippedRecords(CipherSuite suite, ProtocolVersion version) { List<Record> recordList = new LinkedList<>(); int blockSize = AlgorithmResolver.getCipher(suite).getBlocksize(); int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); for (int paddingLength = 0; paddingLength < 256; paddingLength++) { int messageSize = blockSize - ((paddingLength + macSize) % blockSize); byte[] message = new byte[messageSize]; byte[][] paddings = getModifiedPaddings(paddingLength); for (byte[] padding : paddings) { Record r = new Record(); r.prepareComputations(); ModifiableByteArray modPadding = new ModifiableByteArray(); modPadding.setModification(new ByteArrayExplicitValueModification(padding)); r.getComputations().setPadding(modPadding); ModifiableByteArray modMessage = new ModifiableByteArray(); modMessage.setModification(new ByteArrayExplicitValueModification(message)); r.setCleanProtocolMessageBytes(message); recordList.add(r); } } return recordList; }
private static void deriveExportKeys(KeySet keySet, TlsContext context) throws CryptoException { ProtocolVersion protocolVersion = context.getChooser().getSelectedProtocolVersion(); CipherSuite cipherSuite = context.getChooser().getSelectedCipherSuite(); byte[] clientRandom = context.getChooser().getClientRandom(); byte[] serverRandom = context.getChooser().getServerRandom(); if (protocolVersion == ProtocolVersion.SSL3) { deriveSSL3ExportKeys(cipherSuite, keySet, clientRandom, serverRandom); return; } byte[] clientAndServerRandom = ArrayConverter.concatenate(clientRandom, serverRandom); PRFAlgorithm prfAlgorithm = AlgorithmResolver.getPRFAlgorithm(protocolVersion, cipherSuite); int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); keySet.setClientWriteKey(PseudoRandomFunction.compute(prfAlgorithm, keySet.getClientWriteKey(), PseudoRandomFunction.CLIENT_WRITE_KEY_LABEL, clientAndServerRandom, keySize)); keySet.setServerWriteKey(PseudoRandomFunction.compute(prfAlgorithm, keySet.getServerWriteKey(), PseudoRandomFunction.SERVER_WRITE_KEY_LABEL, clientAndServerRandom, keySize)); int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); byte[] emptySecret = {}; byte[] ivBlock = PseudoRandomFunction.compute(prfAlgorithm, emptySecret, PseudoRandomFunction.IV_BLOCK_LABEL, clientAndServerRandom, 2 * blockSize); keySet.setClientWriteIv(Arrays.copyOfRange(ivBlock, 0, blockSize)); keySet.setServerWriteIv(Arrays.copyOfRange(ivBlock, blockSize, 2 * blockSize)); }
private List<Record> getPaddingFlippedRecords(CipherSuite suite, ProtocolVersion version) { List<Record> recordList = new LinkedList<>(); int blockSize = AlgorithmResolver.getCipher(suite).getBlocksize(); int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); for (int paddingLength = 0; paddingLength < 256; paddingLength++) { int messageSize = blockSize - ((paddingLength + macSize) % blockSize); byte[] message = new byte[messageSize]; byte[][] paddings = getModifiedPaddings(paddingLength); for (byte[] padding : paddings) { Record r = new Record(); r.prepareComputations(); ModifiableByteArray modPadding = new ModifiableByteArray(); modPadding.setModification(new ByteArrayExplicitValueModification(padding)); r.getComputations().setPadding(modPadding); ModifiableByteArray modMessage = new ModifiableByteArray(); modMessage.setModification(new ByteArrayExplicitValueModification(message)); r.setCleanProtocolMessageBytes(message); recordList.add(r); } } return recordList; }
CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); KeySet keySet = new KeySet(keySetType); HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(cipherSuite);
if (context.getChooser().getSelectedProtocolVersion().isTLS13()) { int length = AlgorithmResolver.getCipher(cipherSuite).getBlocksize() - (record.getCleanProtocolMessageBytes().getValue().length % AlgorithmResolver.getCipher( cipherSuite).getBlocksize()) + recordCipher.getTagSize(); record.setLength(length);