| /* |
| * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package sun.security.internal.spec; |
| |
| import java.security.spec.AlgorithmParameterSpec; |
| |
| import javax.crypto.SecretKey; |
| |
| /** |
| * Parameters for SSL/TLS key material generation. |
| * This class is used to initialize KeyGenerator of the type |
| * "TlsKeyMaterial". The keys returned by such KeyGenerators will be |
| * instances of {@link TlsKeyMaterialSpec}. |
| * |
| * <p>Instances of this class are immutable. |
| * |
| * @since 1.6 |
| * @author Andreas Sterbenz |
| * @deprecated Sun JDK internal use only --- WILL BE REMOVED in a future |
| * release. |
| */ |
| @Deprecated |
| public class TlsKeyMaterialParameterSpec implements AlgorithmParameterSpec { |
| |
| private final SecretKey masterSecret; |
| private final int majorVersion, minorVersion; |
| private final byte[] clientRandom, serverRandom; |
| private final String cipherAlgorithm; |
| private final int cipherKeyLength, ivLength, macKeyLength; |
| private final int expandedCipherKeyLength; // == 0 for domestic ciphersuites |
| private final String prfHashAlg; |
| private final int prfHashLength; |
| private final int prfBlockSize; |
| |
| /** |
| * Constructs a new TlsKeyMaterialParameterSpec. |
| * |
| * @param masterSecret the master secret |
| * @param majorVersion the major number of the protocol version |
| * @param minorVersion the minor number of the protocol version |
| * @param clientRandom the client's random value |
| * @param serverRandom the server's random value |
| * @param cipherAlgorithm the algorithm name of the cipher keys to |
| * be generated |
| * @param cipherKeyLength if 0, no cipher keys will be generated; |
| * otherwise, the length in bytes of cipher keys to be |
| * generated for domestic cipher suites; for cipher suites defined as |
| * exportable, the number of key material bytes to be generated; |
| * @param expandedCipherKeyLength 0 for domestic cipher suites; for |
| * exportable cipher suites the length in bytes of the key to be |
| * generated. |
| * @param ivLength the length in bytes of the initialization vector |
| * to be generated, or 0 if no initialization vector is required |
| * @param macKeyLength the length in bytes of the MAC key to be generated |
| * @param prfHashAlg the name of the TLS PRF hash algorithm to use. |
| * Used only for TLS 1.2+. TLS1.1 and earlier use a fixed PRF. |
| * @param prfHashLength the output length of the TLS PRF hash algorithm. |
| * Used only for TLS 1.2+. |
| * @param prfBlockSize the input block size of the TLS PRF hash algorithm. |
| * Used only for TLS 1.2+. |
| * |
| * @throws NullPointerException if masterSecret, clientRandom, |
| * serverRandom, or cipherAlgorithm are null |
| * @throws IllegalArgumentException if the algorithm of masterSecret is |
| * not TlsMasterSecret, or if majorVersion or minorVersion are |
| * negative or larger than 255; or if cipherKeyLength, expandedKeyLength, |
| * ivLength, or macKeyLength are negative |
| */ |
| public TlsKeyMaterialParameterSpec(SecretKey masterSecret, |
| int majorVersion, int minorVersion, byte[] clientRandom, |
| byte[] serverRandom, String cipherAlgorithm, int cipherKeyLength, |
| int expandedCipherKeyLength, int ivLength, int macKeyLength, |
| String prfHashAlg, int prfHashLength, int prfBlockSize) { |
| if (masterSecret.getAlgorithm().equals("TlsMasterSecret") == false) { |
| throw new IllegalArgumentException("Not a TLS master secret"); |
| } |
| if (cipherAlgorithm == null) { |
| throw new NullPointerException(); |
| } |
| this.masterSecret = masterSecret; |
| this.majorVersion = |
| TlsMasterSecretParameterSpec.checkVersion(majorVersion); |
| this.minorVersion = |
| TlsMasterSecretParameterSpec.checkVersion(minorVersion); |
| this.clientRandom = clientRandom.clone(); |
| this.serverRandom = serverRandom.clone(); |
| this.cipherAlgorithm = cipherAlgorithm; |
| this.cipherKeyLength = checkSign(cipherKeyLength); |
| this.expandedCipherKeyLength = checkSign(expandedCipherKeyLength); |
| this.ivLength = checkSign(ivLength); |
| this.macKeyLength = checkSign(macKeyLength); |
| this.prfHashAlg = prfHashAlg; |
| this.prfHashLength = prfHashLength; |
| this.prfBlockSize = prfBlockSize; |
| } |
| |
| private static int checkSign(int k) { |
| if (k < 0) { |
| throw new IllegalArgumentException("Value must not be negative"); |
| } |
| return k; |
| } |
| |
| /** |
| * Returns the master secret. |
| * |
| * @return the master secret. |
| */ |
| public SecretKey getMasterSecret() { |
| return masterSecret; |
| } |
| |
| /** |
| * Returns the major version number. |
| * |
| * @return the major version number. |
| */ |
| public int getMajorVersion() { |
| return majorVersion; |
| } |
| |
| /** |
| * Returns the minor version number. |
| * |
| * @return the minor version number. |
| */ |
| public int getMinorVersion() { |
| return minorVersion; |
| } |
| |
| /** |
| * Returns a copy of the client's random value. |
| * |
| * @return a copy of the client's random value. |
| */ |
| public byte[] getClientRandom() { |
| return clientRandom.clone(); |
| } |
| |
| /** |
| * Returns a copy of the server's random value. |
| * |
| * @return a copy of the server's random value. |
| */ |
| public byte[] getServerRandom() { |
| return serverRandom.clone(); |
| } |
| |
| /** |
| * Returns the cipher algorithm. |
| * |
| * @return the cipher algorithm. |
| */ |
| public String getCipherAlgorithm() { |
| return cipherAlgorithm; |
| } |
| |
| /** |
| * Returns the length in bytes of the encryption key to be generated. |
| * |
| * @return the length in bytes of the encryption key to be generated. |
| */ |
| public int getCipherKeyLength() { |
| return cipherKeyLength; |
| } |
| |
| /** |
| * Returns the length in bytes of the expanded encryption key to be |
| * generated. Returns zero if the expanded encryption key is not |
| * supposed to be generated. |
| * |
| * @return the length in bytes of the expanded encryption key to be |
| * generated. |
| */ |
| public int getExpandedCipherKeyLength() { |
| // TLS v1.1 disables the exportable weak cipher suites. |
| if (majorVersion >= 0x03 && minorVersion >= 0x02) { |
| return 0; |
| } |
| return expandedCipherKeyLength; |
| } |
| |
| /** |
| * Returns the length in bytes of the initialization vector to be |
| * generated. Returns zero if the initialization vector is not |
| * supposed to be generated. |
| * |
| * @return the length in bytes of the initialization vector to be |
| * generated. |
| */ |
| public int getIvLength() { |
| // TLS v1.1 or later uses an explicit IV to protect against |
| // the CBC attacks. |
| if (majorVersion >= 0x03 && minorVersion >= 0x02) { |
| return 0; |
| } |
| |
| return ivLength; |
| } |
| |
| /** |
| * Returns the length in bytes of the MAC key to be generated. |
| * |
| * @return the length in bytes of the MAC key to be generated. |
| */ |
| public int getMacKeyLength() { |
| return macKeyLength; |
| } |
| |
| /** |
| * Obtains the PRF hash algorithm to use in the PRF calculation. |
| * |
| * @return the hash algorithm. |
| */ |
| public String getPRFHashAlg() { |
| return prfHashAlg; |
| } |
| |
| /** |
| * Obtains the length of the PRF hash algorithm. |
| * |
| * @return the hash algorithm length. |
| */ |
| public int getPRFHashLength() { |
| return prfHashLength; |
| } |
| |
| /** |
| * Obtains the block size of the PRF hash algorithm. |
| * |
| * @return the hash algorithm block size |
| */ |
| public int getPRFBlockSize() { |
| return prfBlockSize; |
| } |
| } |