| /* |
| * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package com.sun.crypto.provider; |
| |
| import java.security.*; |
| import java.security.spec.AlgorithmParameterSpec; |
| |
| import javax.crypto.*; |
| |
| import sun.security.internal.interfaces.TlsMasterSecret; |
| import sun.security.internal.spec.TlsMasterSecretParameterSpec; |
| |
| import static com.sun.crypto.provider.TlsPrfGenerator.*; |
| |
| /** |
| * KeyGenerator implementation for the SSL/TLS master secret derivation. |
| * |
| * @author Andreas Sterbenz |
| * @since 1.6 |
| */ |
| public final class TlsMasterSecretGenerator extends KeyGeneratorSpi { |
| |
| private final static String MSG = "TlsMasterSecretGenerator must be " |
| + "initialized using a TlsMasterSecretParameterSpec"; |
| |
| private TlsMasterSecretParameterSpec spec; |
| |
| private int protocolVersion; |
| |
| public TlsMasterSecretGenerator() { |
| } |
| |
| protected void engineInit(SecureRandom random) { |
| throw new InvalidParameterException(MSG); |
| } |
| |
| protected void engineInit(AlgorithmParameterSpec params, |
| SecureRandom random) throws InvalidAlgorithmParameterException { |
| if (params instanceof TlsMasterSecretParameterSpec == false) { |
| throw new InvalidAlgorithmParameterException(MSG); |
| } |
| this.spec = (TlsMasterSecretParameterSpec)params; |
| if ("RAW".equals(spec.getPremasterSecret().getFormat()) == false) { |
| throw new InvalidAlgorithmParameterException( |
| "Key format must be RAW"); |
| } |
| protocolVersion = (spec.getMajorVersion() << 8) |
| | spec.getMinorVersion(); |
| if ((protocolVersion < 0x0300) || (protocolVersion > 0x0303)) { |
| throw new InvalidAlgorithmParameterException( |
| "Only SSL 3.0, TLS 1.0/1.1/1.2 supported"); |
| } |
| } |
| |
| protected void engineInit(int keysize, SecureRandom random) { |
| throw new InvalidParameterException(MSG); |
| } |
| |
| protected SecretKey engineGenerateKey() { |
| if (spec == null) { |
| throw new IllegalStateException( |
| "TlsMasterSecretGenerator must be initialized"); |
| } |
| SecretKey premasterKey = spec.getPremasterSecret(); |
| byte[] premaster = premasterKey.getEncoded(); |
| |
| int premasterMajor, premasterMinor; |
| if (premasterKey.getAlgorithm().equals("TlsRsaPremasterSecret")) { |
| // RSA |
| premasterMajor = premaster[0] & 0xff; |
| premasterMinor = premaster[1] & 0xff; |
| } else { |
| // DH, KRB5, others |
| premasterMajor = -1; |
| premasterMinor = -1; |
| } |
| |
| try { |
| byte[] master; |
| byte[] clientRandom = spec.getClientRandom(); |
| byte[] serverRandom = spec.getServerRandom(); |
| |
| if (protocolVersion >= 0x0301) { |
| byte[] seed = concat(clientRandom, serverRandom); |
| master = ((protocolVersion >= 0x0303) ? |
| doTLS12PRF(premaster, LABEL_MASTER_SECRET, seed, 48, |
| spec.getPRFHashAlg(), spec.getPRFHashLength(), |
| spec.getPRFBlockSize()) : |
| doTLS10PRF(premaster, LABEL_MASTER_SECRET, seed, 48)); |
| } else { |
| master = new byte[48]; |
| MessageDigest md5 = MessageDigest.getInstance("MD5"); |
| MessageDigest sha = MessageDigest.getInstance("SHA"); |
| |
| byte[] tmp = new byte[20]; |
| for (int i = 0; i < 3; i++) { |
| sha.update(SSL3_CONST[i]); |
| sha.update(premaster); |
| sha.update(clientRandom); |
| sha.update(serverRandom); |
| sha.digest(tmp, 0, 20); |
| |
| md5.update(premaster); |
| md5.update(tmp); |
| md5.digest(master, i << 4, 16); |
| } |
| |
| } |
| |
| return new TlsMasterSecretKey(master, premasterMajor, |
| premasterMinor); |
| } catch (NoSuchAlgorithmException e) { |
| throw new ProviderException(e); |
| } catch (DigestException e) { |
| throw new ProviderException(e); |
| } |
| } |
| |
| private static final class TlsMasterSecretKey implements TlsMasterSecret { |
| private static final long serialVersionUID = 1019571680375368880L; |
| |
| private byte[] key; |
| private final int majorVersion, minorVersion; |
| |
| TlsMasterSecretKey(byte[] key, int majorVersion, int minorVersion) { |
| this.key = key; |
| this.majorVersion = majorVersion; |
| this.minorVersion = minorVersion; |
| } |
| |
| public int getMajorVersion() { |
| return majorVersion; |
| } |
| |
| public int getMinorVersion() { |
| return minorVersion; |
| } |
| |
| public String getAlgorithm() { |
| return "TlsMasterSecret"; |
| } |
| |
| public String getFormat() { |
| return "RAW"; |
| } |
| |
| public byte[] getEncoded() { |
| return key.clone(); |
| } |
| |
| } |
| |
| } |