MessageDigest hash1; MessageDigest hash2 = null; DigestAlgorithm algorithm = AlgorithmResolver.getDigestAlgorithm(version, suite); if (null == algorithm) { hash1 = MessageDigest.getInstance(algorithm.getJavaName());
private void prepareUkm() throws NoSuchAlgorithmException { DigestAlgorithm digestAlgorithm = AlgorithmResolver.getDigestAlgorithm(chooser.getSelectedProtocolVersion(), chooser.getSelectedCipherSuite()); MessageDigest digest = MessageDigest.getInstance(digestAlgorithm.getJavaName()); byte[] hash = digest.digest(msg.getComputations().getClientServerRandom().getValue()); byte[] ukm = new byte[8]; System.arraycopy(hash, 0, ukm, 0, ukm.length); msg.getComputations().setUkm(ukm); LOGGER.debug("UKM: " + ArrayConverter.bytesToHexString(msg.getComputations().getUkm())); }
HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(pskSets.get(x).getCipherSuite()); Mac mac = Mac.getInstance(hkdfAlgortihm.getMacAlgorithm().getJavaName()); DigestAlgorithm digestAlgo = AlgorithmResolver.getDigestAlgorithm(ProtocolVersion.TLS13, pskSets.get(x) .getCipherSuite());
private byte[] derivePsk(NewSessionTicketMessage message) { try { LOGGER.debug("Deriving PSK from current session"); HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser() .getSelectedCipherSuite()); DigestAlgorithm digestAlgo = AlgorithmResolver.getDigestAlgorithm(tlsContext.getChooser() .getSelectedProtocolVersion(), tlsContext.getChooser().getSelectedCipherSuite()); int macLength = Mac.getInstance(hkdfAlgortihm.getMacAlgorithm().getJavaName()).getMacLength(); byte[] resumptionMasterSecret = HKDFunction.deriveSecret(hkdfAlgortihm, digestAlgo.getJavaName(), tlsContext.getMasterSecret(), HKDFunction.RESUMPTION_MASTER_SECRET, tlsContext.getDigest() .getRawBytes()); LOGGER.debug("Derived ResumptionMasterSecret: " + ArrayConverter.bytesToHexString(resumptionMasterSecret)); byte[] psk = HKDFunction.expandLabel(hkdfAlgortihm, resumptionMasterSecret, HKDFunction.RESUMPTION, message .getTicket().getTicketNonce().getValue(), macLength); LOGGER.debug("Derived PSK: " + ArrayConverter.bytesToHexString(psk)); return psk; } catch (NoSuchAlgorithmException | CryptoException ex) { LOGGER.error("DigestAlgorithm for psk derivation unknown"); throw new WorkflowExecutionException(ex.toString()); } }
private void adjustEarlyTrafficSecret() throws CryptoException { HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser() .getEarlyDataCipherSuite()); DigestAlgorithm digestAlgo = AlgorithmResolver.getDigestAlgorithm(ProtocolVersion.TLS13, tlsContext .getChooser().getEarlyDataCipherSuite()); byte[] earlySecret = HKDFunction.extract(hkdfAlgortihm, new byte[0], tlsContext.getChooser().getEarlyDataPsk()); tlsContext.setEarlySecret(earlySecret); byte[] earlyTrafficSecret = HKDFunction.deriveSecret(hkdfAlgortihm, digestAlgo.getJavaName(), tlsContext .getChooser().getEarlySecret(), HKDFunction.CLIENT_EARLY_TRAFFIC_SECRET, tlsContext.getDigest() .getRawBytes()); tlsContext.setClientEarlyTrafficSecret(earlyTrafficSecret); LOGGER.debug("EarlyTrafficSecret: " + ArrayConverter.bytesToHexString(earlyTrafficSecret)); }
private void adjustApplicationTrafficSecrets() { HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser() .getSelectedCipherSuite()); DigestAlgorithm digestAlgo = AlgorithmResolver.getDigestAlgorithm(tlsContext.getChooser() .getSelectedProtocolVersion(), tlsContext.getChooser().getSelectedCipherSuite()); try { int macLength = Mac.getInstance(hkdfAlgortihm.getMacAlgorithm().getJavaName()).getMacLength(); byte[] saltMasterSecret = HKDFunction.deriveSecret(hkdfAlgortihm, digestAlgo.getJavaName(), tlsContext .getChooser().getHandshakeSecret(), HKDFunction.DERIVED, ArrayConverter.hexStringToByteArray("")); byte[] masterSecret = HKDFunction.extract(hkdfAlgortihm, saltMasterSecret, new byte[macLength]); byte[] clientApplicationTrafficSecret = HKDFunction.deriveSecret(hkdfAlgortihm, digestAlgo.getJavaName(), masterSecret, HKDFunction.CLIENT_APPLICATION_TRAFFIC_SECRET, tlsContext.getDigest().getRawBytes()); tlsContext.setClientApplicationTrafficSecret(clientApplicationTrafficSecret); LOGGER.debug("Set clientApplicationTrafficSecret in Context to " + ArrayConverter.bytesToHexString(clientApplicationTrafficSecret)); byte[] serverApplicationTrafficSecret = HKDFunction.deriveSecret(hkdfAlgortihm, digestAlgo.getJavaName(), masterSecret, HKDFunction.SERVER_APPLICATION_TRAFFIC_SECRET, tlsContext.getDigest().getRawBytes()); tlsContext.setServerApplicationTrafficSecret(serverApplicationTrafficSecret); LOGGER.debug("Set serverApplicationTrafficSecret in Context to " + ArrayConverter.bytesToHexString(serverApplicationTrafficSecret)); tlsContext.setMasterSecret(masterSecret); LOGGER.debug("Set masterSecret in Context to " + ArrayConverter.bytesToHexString(masterSecret)); } catch (NoSuchAlgorithmException | CryptoException ex) { throw new AdjustmentException(ex); } }
private void adjustHandshakeTrafficSecrets() { HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser() .getSelectedCipherSuite()); DigestAlgorithm digestAlgo = AlgorithmResolver.getDigestAlgorithm(tlsContext.getChooser() .getSelectedProtocolVersion(), tlsContext.getChooser().getSelectedCipherSuite());