org.openjsse.sun.security.ssl.SSLMasterKeyDerivation Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of openjsse Show documentation
Show all versions of openjsse Show documentation
OpenJSSE delivers a TLS 1.3 JSSE provider for Java SE 8
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package org.openjsse.sun.security.ssl;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.openjsse.sun.security.internal.spec.TlsMasterSecretParameterSpec;
import org.openjsse.sun.security.ssl.CipherSuite.HashAlg;
import static org.openjsse.sun.security.ssl.CipherSuite.HashAlg.H_NONE;
enum SSLMasterKeyDerivation implements SSLKeyDerivationGenerator {
SSL30 ("kdf_ssl30"),
TLS10 ("kdf_tls10"),
TLS12 ("kdf_tls12");
final String name;
private SSLMasterKeyDerivation(String name) {
this.name = name;
}
static SSLMasterKeyDerivation valueOf(ProtocolVersion protocolVersion) {
switch (protocolVersion) {
case SSL30:
return SSLMasterKeyDerivation.SSL30;
case TLS10:
case TLS11:
case DTLS10:
return SSLMasterKeyDerivation.TLS10;
case TLS12:
case DTLS12:
return SSLMasterKeyDerivation.TLS12;
default:
return null;
}
}
@Override
public SSLKeyDerivation createKeyDerivation(HandshakeContext context,
SecretKey secretKey) throws IOException {
return new LegacyMasterKeyDerivation(context, secretKey);
}
// Note, we may use different key derivation implementation in the future.
private static final
class LegacyMasterKeyDerivation implements SSLKeyDerivation {
final HandshakeContext context;
final SecretKey preMasterSecret;
LegacyMasterKeyDerivation(
HandshakeContext context, SecretKey preMasterSecret) {
this.context = context;
this.preMasterSecret = preMasterSecret;
}
@Override
@SuppressWarnings("deprecation")
public SecretKey deriveKey(String algorithm,
AlgorithmParameterSpec params) throws IOException {
CipherSuite cipherSuite = context.negotiatedCipherSuite;
ProtocolVersion protocolVersion = context.negotiatedProtocol;
// What algs/params do we need to use?
String masterAlg;
HashAlg hashAlg;
byte majorVersion = protocolVersion.major;
byte minorVersion = protocolVersion.minor;
if (protocolVersion.isDTLS) {
// Use TLS version number for DTLS key calculation
if (protocolVersion.id == ProtocolVersion.DTLS10.id) {
majorVersion = ProtocolVersion.TLS11.major;
minorVersion = ProtocolVersion.TLS11.minor;
masterAlg = "SunTlsMasterSecret";
hashAlg = H_NONE;
} else { // DTLS 1.2
majorVersion = ProtocolVersion.TLS12.major;
minorVersion = ProtocolVersion.TLS12.minor;
masterAlg = "SunTls12MasterSecret";
hashAlg = cipherSuite.hashAlg;
}
} else {
if (protocolVersion.id >= ProtocolVersion.TLS12.id) {
masterAlg = "SunTls12MasterSecret";
hashAlg = cipherSuite.hashAlg;
} else {
masterAlg = "SunTlsMasterSecret";
hashAlg = H_NONE;
}
}
TlsMasterSecretParameterSpec spec;
if (context.handshakeSession.useExtendedMasterSecret) {
// reset to use the extended master secret algorithm
masterAlg = "SunTlsExtendedMasterSecret";
// For the session hash, use the handshake messages up to and
// including the ClientKeyExchange message.
context.handshakeHash.utilize();
byte[] sessionHash = context.handshakeHash.digest();
spec = new TlsMasterSecretParameterSpec(
preMasterSecret,
(majorVersion & 0xFF), (minorVersion & 0xFF),
sessionHash,
hashAlg.name, hashAlg.hashLength, hashAlg.blockSize);
} else {
spec = new TlsMasterSecretParameterSpec(
preMasterSecret,
(majorVersion & 0xFF), (minorVersion & 0xFF),
context.clientHelloRandom.randomBytes,
context.serverHelloRandom.randomBytes,
hashAlg.name, hashAlg.hashLength, hashAlg.blockSize);
}
try {
KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
kg.init(spec);
return kg.generateKey();
} catch (InvalidAlgorithmParameterException |
NoSuchAlgorithmException iae) {
// unlikely to happen, otherwise, must be a provider exception
//
// For RSA premaster secrets, do not signal a protocol error
// due to the Bleichenbacher attack. See comments further down.
if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
SSLLogger.fine("RSA master secret generation error.", iae);
}
throw new ProviderException(iae);
}
}
}
}