protected void refuseRenegotiation() throws IOException { /* * RFC 5746 4.5 SSLv3 clients that refuse renegotiation SHOULD use a fatal * handshake_failure alert. */ if (TlsUtils.isSSL(getContext())) { throw new TlsFatalAlert(AlertDescription.handshake_failure); } raiseAlertWarning(AlertDescription.no_renegotiation, "Renegotiation not supported"); }
public void processClientKeyExchange(InputStream input) throws IOException { byte[] encryptedPreMasterSecret; if (TlsUtils.isSSL(context)) { // TODO Do any SSLv3 clients actually include the length? encryptedPreMasterSecret = Streams.readAll(input); } else { encryptedPreMasterSecret = TlsUtils.readOpaque16(input); } this.premasterSecret = serverCredentials.decryptPreMasterSecret(encryptedPreMasterSecret); }
public void processClientKeyExchange(InputStream input) throws IOException { byte[] encryptedPreMasterSecret; if (TlsUtils.isSSL(context)) { // TODO Do any SSLv3 clients actually include the length? encryptedPreMasterSecret = Streams.readAll(input); } else { encryptedPreMasterSecret = TlsUtils.readOpaque16(input); } this.premasterSecret = serverCredentials.decryptPreMasterSecret(encryptedPreMasterSecret); }
static byte[] calculateVerifyData(TlsContext context, String asciiLabel, byte[] handshakeHash) { if (isSSL(context)) { return handshakeHash; } SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); int verify_data_length = securityParameters.getVerifyDataLength(); return PRF(context, master_secret, asciiLabel, handshakeHash, verify_data_length); }
static byte[] calculateVerifyData(TlsContext context, String asciiLabel, byte[] handshakeHash) { if (isSSL(context)) { return handshakeHash; } SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); int verify_data_length = securityParameters.getVerifyDataLength(); return PRF(context, master_secret, asciiLabel, handshakeHash, verify_data_length); }
/** * @see org.bouncycastle.crypto.Digest#doFinal(byte[], int) */ public int doFinal(byte[] output, int outOff) { if (context != null && TlsUtils.isSSL(context)) { ssl3Complete(md5, SSL3Mac.IPAD, SSL3Mac.OPAD, 48); ssl3Complete(sha1, SSL3Mac.IPAD, SSL3Mac.OPAD, 40); } int i1 = md5.doFinal(output, outOff); int i2 = sha1.doFinal(output, outOff + i1); return i1 + i2; }
/** * @see org.bouncycastle.crypto.Digest#doFinal(byte[], int) */ public int doFinal(byte[] output, int outOff) { if (context != null && TlsUtils.isSSL(context)) { ssl3Complete(md5, SSL3Mac.IPAD, SSL3Mac.OPAD, 48); ssl3Complete(sha1, SSL3Mac.IPAD, SSL3Mac.OPAD, 40); } int i1 = md5.doFinal(output, outOff); int i2 = sha1.doFinal(output, outOff + i1); return i1 + i2; }
/** * 'sender' only relevant to SSLv3 */ protected static byte[] getCurrentPRFHash(TlsContext context, TlsHandshakeHash handshakeHash, byte[] sslSender) { Digest d = handshakeHash.forkPRFHash(); if (sslSender != null && TlsUtils.isSSL(context)) { d.update(sslSender, 0, sslSender.length); } byte[] bs = new byte[d.getDigestSize()]; d.doFinal(bs, 0); return bs; }
protected void handleWarningMessage(short description) throws IOException { switch (description) { case AlertDescription.no_certificate: { /* * SSL 3.0 If the server has sent a certificate request Message, the client must send * either the certificate message or a no_certificate alert. */ if (TlsUtils.isSSL(getContext()) && certificateRequest != null) { notifyClientCertificate(Certificate.EMPTY_CHAIN); } break; } default: { super.handleWarningMessage(description); break; } } }
/** * 'sender' only relevant to SSLv3 */ protected static byte[] getCurrentPRFHash(TlsContext context, TlsHandshakeHash handshakeHash, byte[] sslSender) { Digest d = handshakeHash.forkPRFHash(); if (sslSender != null && TlsUtils.isSSL(context)) { d.update(sslSender, 0, sslSender.length); } byte[] bs = new byte[d.getDigestSize()]; d.doFinal(bs, 0); return bs; }
static byte[] calculateKeyBlock(TlsContext context, int size) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); byte[] seed = concat(securityParameters.getServerRandom(), securityParameters.getClientRandom()); if (isSSL(context)) { return calculateKeyBlock_SSL(master_secret, seed, size); } return PRF(context, master_secret, ExporterLabel.key_expansion, seed, size); }
static byte[] calculateKeyBlock(TlsContext context, int size) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] master_secret = securityParameters.getMasterSecret(); byte[] seed = concat(securityParameters.getServerRandom(), securityParameters.getClientRandom()); if (isSSL(context)) { return calculateKeyBlock_SSL(master_secret, seed, size); } return PRF(context, master_secret, ExporterLabel.key_expansion, seed, size); }
if (TlsUtils.isSSL(getContext()) && this.certificateRequest != null)
public byte[] calculateMacConstantTime(long seqNo, short type, byte[] message, int offset, int length, int fullLength, byte[] dummyData) { /* * Actual MAC only calculated on 'length' bytes... */ byte[] result = calculateMac(seqNo, type, message, offset, length); /* * ...but ensure a constant number of complete digest blocks are processed (as many as would * be needed for 'fullLength' bytes of input). */ int headerLength = TlsUtils.isSSL(context) ? 11 : 13; // How many extra full blocks do we need to calculate? int extra = getDigestBlockCount(headerLength + fullLength) - getDigestBlockCount(headerLength + length); while (--extra >= 0) { mac.update(dummyData, 0, digestBlockSize); } // One more byte in case the implementation is "lazy" about processing blocks mac.update(dummyData[0]); mac.reset(); return result; }
public byte[] calculateMacConstantTime(long seqNo, short type, byte[] message, int offset, int length, int fullLength, byte[] dummyData) { /* * Actual MAC only calculated on 'length' bytes... */ byte[] result = calculateMac(seqNo, type, message, offset, length); /* * ...but ensure a constant number of complete digest blocks are processed (as many as would * be needed for 'fullLength' bytes of input). */ int headerLength = TlsUtils.isSSL(context) ? 11 : 13; // How many extra full blocks do we need to calculate? int extra = getDigestBlockCount(headerLength + fullLength) - getDigestBlockCount(headerLength + length); while (--extra >= 0) { mac.update(dummyData, 0, digestBlockSize); } // One more byte in case the implementation is "lazy" about processing blocks mac.update(dummyData[0]); mac.reset(); return result; }
static byte[] calculateMasterSecret(TlsContext context, byte[] pre_master_secret) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] seed; if (securityParameters.extendedMasterSecret) { seed = securityParameters.getSessionHash(); } else { seed = concat(securityParameters.getClientRandom(), securityParameters.getServerRandom()); } if (isSSL(context)) { return calculateMasterSecret_SSL(pre_master_secret, seed); } String asciiLabel = securityParameters.extendedMasterSecret ? ExporterLabel.extended_master_secret : ExporterLabel.master_secret; return PRF(context, pre_master_secret, asciiLabel, seed, 48); }
protected void receiveClientKeyExchangeMessage(ByteArrayInputStream buf) throws IOException { keyExchange.processClientKeyExchange(buf); assertEmpty(buf); if (TlsUtils.isSSL(getContext())) { establishMasterSecret(getContext(), keyExchange); } this.prepareFinishHash = recordStream.prepareToFinish(); this.securityParameters.sessionHash = getCurrentPRFHash(getContext(), prepareFinishHash, null); if (!TlsUtils.isSSL(getContext())) { establishMasterSecret(getContext(), keyExchange); } recordStream.setPendingConnectionState(getPeer().getCompression(), getPeer().getCipher()); }
if (TlsUtils.isSSL(context))
static byte[] calculateMasterSecret(TlsContext context, byte[] pre_master_secret) { SecurityParameters securityParameters = context.getSecurityParameters(); byte[] seed; if (securityParameters.isExtendedMasterSecret()) { seed = securityParameters.getSessionHash(); } else { seed = concat(securityParameters.getClientRandom(), securityParameters.getServerRandom()); } if (isSSL(context)) { return calculateMasterSecret_SSL(pre_master_secret, seed); } String asciiLabel = securityParameters.isExtendedMasterSecret() ? ExporterLabel.extended_master_secret : ExporterLabel.master_secret; return PRF(context, pre_master_secret, asciiLabel, seed, 48); }
if (TlsUtils.isSSL(context))