private static int getAeadSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); int keySize = cipherAlg.getKeySize(); // GCM in TLS uses 4 bytes long salt (generated in the handshake), // 8 bytes long nonce (changed for each new record), and 4 bytes long // sequence number used increased in the record int saltSize = RecordAEADCipher.GCM_IV_LENGTH - RecordAEADCipher.SEQUENCE_NUMBER_LENGTH; int secretSetSize = 2 * keySize + 2 * saltSize; return secretSetSize; }
private int getKeySize() { if (suite.isExportSymmetricCipher()) { return CipherSuite.EXPORT_SYMMETRIC_KEY_SIZE_BYTES; } else { return AlgorithmResolver.getCipher(suite).getKeySize(); } }
public static byte[] encrypt(CipherAlgorithm cipherAlgorithm, byte[] plaintextUnpadded, byte[] key, byte[] iv) throws CryptoException { byte[] result = new byte[0]; try { byte[] plaintext = addPadding(plaintextUnpadded, cipherAlgorithm.getKeySize()); Cipher cipher = Cipher.getInstance(cipherAlgorithm.getJavaName()); BulkCipherAlgorithm bulkcipher = BulkCipherAlgorithm.getBulkCipherAlgorithm(cipherAlgorithm); SecretKeySpec secretkey = new SecretKeySpec(key, bulkcipher.getJavaName()); IvParameterSpec ivspec = new IvParameterSpec(iv); cipher.init(Cipher.ENCRYPT_MODE, secretkey, ivspec); result = cipher.doFinal(plaintext); } catch (InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | NoSuchPaddingException | NoSuchAlgorithmException ex) { throw new CryptoException("Error while StatePlaintext Encryption. See Debug-Log for more Information.", ex); } return result; }
private static int getStreamSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); int secretSetSize = (2 * cipherAlg.getKeySize()) + (2 * macAlg.getKeySize()); if (cipherSuite.isSteamCipherWithIV()) { secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); } return secretSetSize; }
private static int getBlockSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) { CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); int keySize = cipherAlg.getKeySize(); MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); int secretSetSize = (2 * keySize) + (2 * macAlg.getKeySize()); if (!protocolVersion.usesExplicitIv()) { secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); } return secretSetSize; }
private static void deriveSSL3ExportKeys(CipherSuite cipherSuite, KeySet keySet, byte[] clientRandom, byte[] serverRandom) { int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); keySet.setClientWriteKey(MD5firstNBytes(keySize, keySet.getClientWriteKey(), clientRandom, serverRandom)); keySet.setServerWriteKey(MD5firstNBytes(keySize, keySet.getServerWriteKey(), serverRandom, clientRandom)); int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); keySet.setClientWriteIv(MD5firstNBytes(blockSize, clientRandom, serverRandom)); keySet.setServerWriteIv(MD5firstNBytes(blockSize, serverRandom, clientRandom)); }
HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(cipherSuite); keySet.setClientWriteKey(HKDFunction.expandLabel(hkdfAlgortihm, clientSecret, HKDFunction.KEY, new byte[] {}, cipherAlg.getKeySize())); LOGGER.debug("Client write key: {}", ArrayConverter.bytesToHexString(keySet.getClientWriteKey())); keySet.setServerWriteKey(HKDFunction.expandLabel(hkdfAlgortihm, serverSecret, HKDFunction.KEY, new byte[] {}, cipherAlg.getKeySize())); LOGGER.debug("Server write key: {}", ArrayConverter.bytesToHexString(keySet.getServerWriteKey())); keySet.setClientWriteIv(HKDFunction.expandLabel(hkdfAlgortihm, clientSecret, HKDFunction.IV, new byte[] {},
private static void deriveExportKeys(KeySet keySet, TlsContext context) throws CryptoException { ProtocolVersion protocolVersion = context.getChooser().getSelectedProtocolVersion(); CipherSuite cipherSuite = context.getChooser().getSelectedCipherSuite(); byte[] clientRandom = context.getChooser().getClientRandom(); byte[] serverRandom = context.getChooser().getServerRandom(); if (protocolVersion == ProtocolVersion.SSL3) { deriveSSL3ExportKeys(cipherSuite, keySet, clientRandom, serverRandom); return; } byte[] clientAndServerRandom = ArrayConverter.concatenate(clientRandom, serverRandom); PRFAlgorithm prfAlgorithm = AlgorithmResolver.getPRFAlgorithm(protocolVersion, cipherSuite); int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); keySet.setClientWriteKey(PseudoRandomFunction.compute(prfAlgorithm, keySet.getClientWriteKey(), PseudoRandomFunction.CLIENT_WRITE_KEY_LABEL, clientAndServerRandom, keySize)); keySet.setServerWriteKey(PseudoRandomFunction.compute(prfAlgorithm, keySet.getServerWriteKey(), PseudoRandomFunction.SERVER_WRITE_KEY_LABEL, clientAndServerRandom, keySize)); int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); byte[] emptySecret = {}; byte[] ivBlock = PseudoRandomFunction.compute(prfAlgorithm, emptySecret, PseudoRandomFunction.IV_BLOCK_LABEL, clientAndServerRandom, 2 * blockSize); keySet.setClientWriteIv(Arrays.copyOfRange(ivBlock, 0, blockSize)); keySet.setServerWriteIv(Arrays.copyOfRange(ivBlock, blockSize, 2 * blockSize)); }