jdk-sandbox: jdk/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java@8a448b5b9006 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	2	* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3353 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3353 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3353 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3353 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 3353 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package com.sun.crypto.provider;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.util.Arrays;
90ce3da70b43 Initial load duke parents: diff changeset	29
90ce3da70b43 Initial load duke parents: diff changeset	30	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	31	import java.security.spec.AlgorithmParameterSpec;
90ce3da70b43 Initial load duke parents: diff changeset	32
90ce3da70b43 Initial load duke parents: diff changeset	33	import javax.crypto.*;
90ce3da70b43 Initial load duke parents: diff changeset	34	import javax.crypto.spec.SecretKeySpec;
90ce3da70b43 Initial load duke parents: diff changeset	35
90ce3da70b43 Initial load duke parents: diff changeset	36	import sun.security.internal.spec.TlsPrfParameterSpec;
90ce3da70b43 Initial load duke parents: diff changeset	37
90ce3da70b43 Initial load duke parents: diff changeset	38	/**
90ce3da70b43 Initial load duke parents: diff changeset	39	* KeyGenerator implementation for the TLS PRF function.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	40	* <p>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	41	* This class duplicates the HMAC functionality (RFC 2104) with
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	42	* performance optimizations (e.g. XOR'ing keys with padding doesn't
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	43	* need to be redone for each HMAC operation).
2 90ce3da70b43 Initial load duke parents: diff changeset	44	*
90ce3da70b43 Initial load duke parents: diff changeset	45	* @author Andreas Sterbenz
90ce3da70b43 Initial load duke parents: diff changeset	46	* @since 1.6
90ce3da70b43 Initial load duke parents: diff changeset	47	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	48	abstract class TlsPrfGenerator extends KeyGeneratorSpi {
2 90ce3da70b43 Initial load duke parents: diff changeset	49
90ce3da70b43 Initial load duke parents: diff changeset	50	// magic constants and utility functions, also used by other files
90ce3da70b43 Initial load duke parents: diff changeset	51	// in this package
90ce3da70b43 Initial load duke parents: diff changeset	52
90ce3da70b43 Initial load duke parents: diff changeset	53	private final static byte[] B0 = new byte[0];
90ce3da70b43 Initial load duke parents: diff changeset	54
90ce3da70b43 Initial load duke parents: diff changeset	55	final static byte[] LABEL_MASTER_SECRET = // "master secret"
90ce3da70b43 Initial load duke parents: diff changeset	56	{ 109, 97, 115, 116, 101, 114, 32, 115, 101, 99, 114, 101, 116 };
90ce3da70b43 Initial load duke parents: diff changeset	57
90ce3da70b43 Initial load duke parents: diff changeset	58	final static byte[] LABEL_KEY_EXPANSION = // "key expansion"
90ce3da70b43 Initial load duke parents: diff changeset	59	{ 107, 101, 121, 32, 101, 120, 112, 97, 110, 115, 105, 111, 110 };
90ce3da70b43 Initial load duke parents: diff changeset	60
90ce3da70b43 Initial load duke parents: diff changeset	61	final static byte[] LABEL_CLIENT_WRITE_KEY = // "client write key"
90ce3da70b43 Initial load duke parents: diff changeset	62	{ 99, 108, 105, 101, 110, 116, 32, 119, 114, 105, 116, 101, 32,
90ce3da70b43 Initial load duke parents: diff changeset	63	107, 101, 121 };
90ce3da70b43 Initial load duke parents: diff changeset	64
90ce3da70b43 Initial load duke parents: diff changeset	65	final static byte[] LABEL_SERVER_WRITE_KEY = // "server write key"
90ce3da70b43 Initial load duke parents: diff changeset	66	{ 115, 101, 114, 118, 101, 114, 32, 119, 114, 105, 116, 101, 32,
90ce3da70b43 Initial load duke parents: diff changeset	67	107, 101, 121 };
90ce3da70b43 Initial load duke parents: diff changeset	68
90ce3da70b43 Initial load duke parents: diff changeset	69	final static byte[] LABEL_IV_BLOCK = // "IV block"
90ce3da70b43 Initial load duke parents: diff changeset	70	{ 73, 86, 32, 98, 108, 111, 99, 107 };
90ce3da70b43 Initial load duke parents: diff changeset	71
90ce3da70b43 Initial load duke parents: diff changeset	72	/*
90ce3da70b43 Initial load duke parents: diff changeset	73	* TLS HMAC "inner" and "outer" padding. This isn't a function
90ce3da70b43 Initial load duke parents: diff changeset	74	* of the digest algorithm.
90ce3da70b43 Initial load duke parents: diff changeset	75	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	76	private static final byte[] HMAC_ipad64 = genPad((byte)0x36, 64);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	77	private static final byte[] HMAC_ipad128 = genPad((byte)0x36, 128);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	78	private static final byte[] HMAC_opad64 = genPad((byte)0x5c, 64);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	79	private static final byte[] HMAC_opad128 = genPad((byte)0x5c, 128);
2 90ce3da70b43 Initial load duke parents: diff changeset	80
90ce3da70b43 Initial load duke parents: diff changeset	81	// SSL3 magic mix constants ("A", "BB", "CCC", ...)
90ce3da70b43 Initial load duke parents: diff changeset	82	final static byte[][] SSL3_CONST = genConst();
90ce3da70b43 Initial load duke parents: diff changeset	83
90ce3da70b43 Initial load duke parents: diff changeset	84	static byte[] genPad(byte b, int count) {
90ce3da70b43 Initial load duke parents: diff changeset	85	byte[] padding = new byte[count];
90ce3da70b43 Initial load duke parents: diff changeset	86	Arrays.fill(padding, b);
90ce3da70b43 Initial load duke parents: diff changeset	87	return padding;
90ce3da70b43 Initial load duke parents: diff changeset	88	}
90ce3da70b43 Initial load duke parents: diff changeset	89
90ce3da70b43 Initial load duke parents: diff changeset	90	static byte[] concat(byte[] b1, byte[] b2) {
90ce3da70b43 Initial load duke parents: diff changeset	91	int n1 = b1.length;
90ce3da70b43 Initial load duke parents: diff changeset	92	int n2 = b2.length;
90ce3da70b43 Initial load duke parents: diff changeset	93	byte[] b = new byte[n1 + n2];
90ce3da70b43 Initial load duke parents: diff changeset	94	System.arraycopy(b1, 0, b, 0, n1);
90ce3da70b43 Initial load duke parents: diff changeset	95	System.arraycopy(b2, 0, b, n1, n2);
90ce3da70b43 Initial load duke parents: diff changeset	96	return b;
90ce3da70b43 Initial load duke parents: diff changeset	97	}
90ce3da70b43 Initial load duke parents: diff changeset	98
90ce3da70b43 Initial load duke parents: diff changeset	99	private static byte[][] genConst() {
90ce3da70b43 Initial load duke parents: diff changeset	100	int n = 10;
90ce3da70b43 Initial load duke parents: diff changeset	101	byte[][] arr = new byte[n][];
90ce3da70b43 Initial load duke parents: diff changeset	102	for (int i = 0; i < n; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	103	byte[] b = new byte[i + 1];
90ce3da70b43 Initial load duke parents: diff changeset	104	Arrays.fill(b, (byte)('A' + i));
90ce3da70b43 Initial load duke parents: diff changeset	105	arr[i] = b;
90ce3da70b43 Initial load duke parents: diff changeset	106	}
90ce3da70b43 Initial load duke parents: diff changeset	107	return arr;
90ce3da70b43 Initial load duke parents: diff changeset	108	}
90ce3da70b43 Initial load duke parents: diff changeset	109
90ce3da70b43 Initial load duke parents: diff changeset	110	// PRF implementation
90ce3da70b43 Initial load duke parents: diff changeset	111
90ce3da70b43 Initial load duke parents: diff changeset	112	private final static String MSG = "TlsPrfGenerator must be "
90ce3da70b43 Initial load duke parents: diff changeset	113	+ "initialized using a TlsPrfParameterSpec";
90ce3da70b43 Initial load duke parents: diff changeset	114
90ce3da70b43 Initial load duke parents: diff changeset	115	private TlsPrfParameterSpec spec;
90ce3da70b43 Initial load duke parents: diff changeset	116
90ce3da70b43 Initial load duke parents: diff changeset	117	public TlsPrfGenerator() {
90ce3da70b43 Initial load duke parents: diff changeset	118	}
90ce3da70b43 Initial load duke parents: diff changeset	119
90ce3da70b43 Initial load duke parents: diff changeset	120	protected void engineInit(SecureRandom random) {
90ce3da70b43 Initial load duke parents: diff changeset	121	throw new InvalidParameterException(MSG);
90ce3da70b43 Initial load duke parents: diff changeset	122	}
90ce3da70b43 Initial load duke parents: diff changeset	123
90ce3da70b43 Initial load duke parents: diff changeset	124	protected void engineInit(AlgorithmParameterSpec params,
90ce3da70b43 Initial load duke parents: diff changeset	125	SecureRandom random) throws InvalidAlgorithmParameterException {
90ce3da70b43 Initial load duke parents: diff changeset	126	if (params instanceof TlsPrfParameterSpec == false) {
90ce3da70b43 Initial load duke parents: diff changeset	127	throw new InvalidAlgorithmParameterException(MSG);
90ce3da70b43 Initial load duke parents: diff changeset	128	}
90ce3da70b43 Initial load duke parents: diff changeset	129	this.spec = (TlsPrfParameterSpec)params;
90ce3da70b43 Initial load duke parents: diff changeset	130	SecretKey key = spec.getSecret();
90ce3da70b43 Initial load duke parents: diff changeset	131	if ((key != null) && ("RAW".equals(key.getFormat()) == false)) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	132	throw new InvalidAlgorithmParameterException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	133	"Key encoding format must be RAW");
2 90ce3da70b43 Initial load duke parents: diff changeset	134	}
90ce3da70b43 Initial load duke parents: diff changeset	135	}
90ce3da70b43 Initial load duke parents: diff changeset	136
90ce3da70b43 Initial load duke parents: diff changeset	137	protected void engineInit(int keysize, SecureRandom random) {
90ce3da70b43 Initial load duke parents: diff changeset	138	throw new InvalidParameterException(MSG);
90ce3da70b43 Initial load duke parents: diff changeset	139	}
90ce3da70b43 Initial load duke parents: diff changeset	140
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	141	SecretKey engineGenerateKey0(boolean tls12) {
2 90ce3da70b43 Initial load duke parents: diff changeset	142	if (spec == null) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	143	throw new IllegalStateException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	144	"TlsPrfGenerator must be initialized");
2 90ce3da70b43 Initial load duke parents: diff changeset	145	}
90ce3da70b43 Initial load duke parents: diff changeset	146	SecretKey key = spec.getSecret();
90ce3da70b43 Initial load duke parents: diff changeset	147	byte[] secret = (key == null) ? null : key.getEncoded();
90ce3da70b43 Initial load duke parents: diff changeset	148	try {
90ce3da70b43 Initial load duke parents: diff changeset	149	byte[] labelBytes = spec.getLabel().getBytes("UTF8");
90ce3da70b43 Initial load duke parents: diff changeset	150	int n = spec.getOutputLength();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	151	byte[] prfBytes = (tls12 ?
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	152	doTLS12PRF(secret, labelBytes, spec.getSeed(), n,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	153	spec.getPRFHashAlg(), spec.getPRFHashLength(),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	154	spec.getPRFBlockSize()) :
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	155	doTLS10PRF(secret, labelBytes, spec.getSeed(), n));
2 90ce3da70b43 Initial load duke parents: diff changeset	156	return new SecretKeySpec(prfBytes, "TlsPrf");
90ce3da70b43 Initial load duke parents: diff changeset	157	} catch (GeneralSecurityException e) {
90ce3da70b43 Initial load duke parents: diff changeset	158	throw new ProviderException("Could not generate PRF", e);
90ce3da70b43 Initial load duke parents: diff changeset	159	} catch (java.io.UnsupportedEncodingException e) {
90ce3da70b43 Initial load duke parents: diff changeset	160	throw new ProviderException("Could not generate PRF", e);
90ce3da70b43 Initial load duke parents: diff changeset	161	}
90ce3da70b43 Initial load duke parents: diff changeset	162	}
90ce3da70b43 Initial load duke parents: diff changeset	163
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	164	static byte[] doTLS12PRF(byte[] secret, byte[] labelBytes,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	165	byte[] seed, int outputLength,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	166	String prfHash, int prfHashLength, int prfBlockSize)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	167	throws NoSuchAlgorithmException, DigestException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	168	if (prfHash == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	169	throw new NoSuchAlgorithmException("Unspecified PRF algorithm");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	170	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	171	MessageDigest prfMD = MessageDigest.getInstance(prfHash);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	172	return doTLS12PRF(secret, labelBytes, seed, outputLength,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	173	prfMD, prfHashLength, prfBlockSize);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	174	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	175
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	176	static byte[] doTLS12PRF(byte[] secret, byte[] labelBytes,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	177	byte[] seed, int outputLength,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	178	MessageDigest mdPRF, int mdPRFLen, int mdPRFBlockSize)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	179	throws DigestException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	180
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	181	if (secret == null) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	182	secret = B0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	183	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	184
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	185	// If we have a long secret, digest it first.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	186	if (secret.length > mdPRFBlockSize) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	187	secret = mdPRF.digest(secret);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	188	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	189
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	190	byte[] output = new byte[outputLength];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	191	byte [] ipad;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	192	byte [] opad;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	193
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	194	switch (mdPRFBlockSize) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	195	case 64:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	196	ipad = HMAC_ipad64.clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	197	opad = HMAC_opad64.clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	198	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	199	case 128:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	200	ipad = HMAC_ipad128.clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	201	opad = HMAC_opad128.clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	202	break;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	203	default:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	204	throw new DigestException("Unexpected block size.");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	205	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	206
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	207	// P_HASH(Secret, label + seed)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	208	expand(mdPRF, mdPRFLen, secret, 0, secret.length, labelBytes,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	209	seed, output, ipad, opad);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	210
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	211	return output;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	212	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	213
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	214	static byte[] doTLS10PRF(byte[] secret, byte[] labelBytes,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	215	byte[] seed, int outputLength) throws NoSuchAlgorithmException,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	216	DigestException {
2 90ce3da70b43 Initial load duke parents: diff changeset	217	MessageDigest md5 = MessageDigest.getInstance("MD5");
90ce3da70b43 Initial load duke parents: diff changeset	218	MessageDigest sha = MessageDigest.getInstance("SHA1");
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	219	return doTLS10PRF(secret, labelBytes, seed, outputLength, md5, sha);
2 90ce3da70b43 Initial load duke parents: diff changeset	220	}
90ce3da70b43 Initial load duke parents: diff changeset	221
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	222	static byte[] doTLS10PRF(byte[] secret, byte[] labelBytes,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	223	byte[] seed, int outputLength, MessageDigest md5,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	224	MessageDigest sha) throws DigestException {
2 90ce3da70b43 Initial load duke parents: diff changeset	225	/*
90ce3da70b43 Initial load duke parents: diff changeset	226	* Split the secret into two halves S1 and S2 of same length.
90ce3da70b43 Initial load duke parents: diff changeset	227	* S1 is taken from the first half of the secret, S2 from the
90ce3da70b43 Initial load duke parents: diff changeset	228	* second half.
90ce3da70b43 Initial load duke parents: diff changeset	229	* Their length is created by rounding up the length of the
90ce3da70b43 Initial load duke parents: diff changeset	230	* overall secret divided by two; thus, if the original secret
90ce3da70b43 Initial load duke parents: diff changeset	231	* is an odd number of bytes long, the last byte of S1 will be
90ce3da70b43 Initial load duke parents: diff changeset	232	* the same as the first byte of S2.
90ce3da70b43 Initial load duke parents: diff changeset	233	*
90ce3da70b43 Initial load duke parents: diff changeset	234	* Note: Instead of creating S1 and S2, we determine the offset into
90ce3da70b43 Initial load duke parents: diff changeset	235	* the overall secret where S2 starts.
90ce3da70b43 Initial load duke parents: diff changeset	236	*/
90ce3da70b43 Initial load duke parents: diff changeset	237
90ce3da70b43 Initial load duke parents: diff changeset	238	if (secret == null) {
90ce3da70b43 Initial load duke parents: diff changeset	239	secret = B0;
90ce3da70b43 Initial load duke parents: diff changeset	240	}
90ce3da70b43 Initial load duke parents: diff changeset	241	int off = secret.length >> 1;
90ce3da70b43 Initial load duke parents: diff changeset	242	int seclen = off + (secret.length & 1);
90ce3da70b43 Initial load duke parents: diff changeset	243
90ce3da70b43 Initial load duke parents: diff changeset	244	byte[] output = new byte[outputLength];
90ce3da70b43 Initial load duke parents: diff changeset	245
90ce3da70b43 Initial load duke parents: diff changeset	246	// P_MD5(S1, label + seed)
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	247	expand(md5, 16, secret, 0, seclen, labelBytes, seed, output,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	248	HMAC_ipad64.clone(), HMAC_opad64.clone());
2 90ce3da70b43 Initial load duke parents: diff changeset	249
90ce3da70b43 Initial load duke parents: diff changeset	250	// P_SHA-1(S2, label + seed)
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	251	expand(sha, 20, secret, off, seclen, labelBytes, seed, output,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	252	HMAC_ipad64.clone(), HMAC_opad64.clone());
2 90ce3da70b43 Initial load duke parents: diff changeset	253
90ce3da70b43 Initial load duke parents: diff changeset	254	return output;
90ce3da70b43 Initial load duke parents: diff changeset	255	}
90ce3da70b43 Initial load duke parents: diff changeset	256
90ce3da70b43 Initial load duke parents: diff changeset	257	/*
90ce3da70b43 Initial load duke parents: diff changeset	258	* @param digest the MessageDigest to produce the HMAC
90ce3da70b43 Initial load duke parents: diff changeset	259	* @param hmacSize the HMAC size
90ce3da70b43 Initial load duke parents: diff changeset	260	* @param secret the secret
90ce3da70b43 Initial load duke parents: diff changeset	261	* @param secOff the offset into the secret
90ce3da70b43 Initial load duke parents: diff changeset	262	* @param secLen the secret length
90ce3da70b43 Initial load duke parents: diff changeset	263	* @param label the label
90ce3da70b43 Initial load duke parents: diff changeset	264	* @param seed the seed
90ce3da70b43 Initial load duke parents: diff changeset	265	* @param output the output array
90ce3da70b43 Initial load duke parents: diff changeset	266	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	267	private static void expand(MessageDigest digest, int hmacSize,
2 90ce3da70b43 Initial load duke parents: diff changeset	268	byte[] secret, int secOff, int secLen, byte[] label, byte[] seed,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	269	byte[] output, byte[] pad1, byte[] pad2) throws DigestException {
2 90ce3da70b43 Initial load duke parents: diff changeset	270	/*
90ce3da70b43 Initial load duke parents: diff changeset	271	* modify the padding used, by XORing the key into our copy of that
90ce3da70b43 Initial load duke parents: diff changeset	272	* padding. That's to avoid doing that for each HMAC computation.
90ce3da70b43 Initial load duke parents: diff changeset	273	*/
90ce3da70b43 Initial load duke parents: diff changeset	274	for (int i = 0; i < secLen; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	275	pad1[i] ^= secret[i + secOff];
90ce3da70b43 Initial load duke parents: diff changeset	276	pad2[i] ^= secret[i + secOff];
90ce3da70b43 Initial load duke parents: diff changeset	277	}
90ce3da70b43 Initial load duke parents: diff changeset	278
90ce3da70b43 Initial load duke parents: diff changeset	279	byte[] tmp = new byte[hmacSize];
90ce3da70b43 Initial load duke parents: diff changeset	280	byte[] aBytes = null;
90ce3da70b43 Initial load duke parents: diff changeset	281
90ce3da70b43 Initial load duke parents: diff changeset	282	/*
90ce3da70b43 Initial load duke parents: diff changeset	283	* compute:
90ce3da70b43 Initial load duke parents: diff changeset	284	*
90ce3da70b43 Initial load duke parents: diff changeset	285	* P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
90ce3da70b43 Initial load duke parents: diff changeset	286	* HMAC_hash(secret, A(2) + seed) +
90ce3da70b43 Initial load duke parents: diff changeset	287	* HMAC_hash(secret, A(3) + seed) + ...
90ce3da70b43 Initial load duke parents: diff changeset	288	* A() is defined as:
90ce3da70b43 Initial load duke parents: diff changeset	289	*
90ce3da70b43 Initial load duke parents: diff changeset	290	* A(0) = seed
90ce3da70b43 Initial load duke parents: diff changeset	291	* A(i) = HMAC_hash(secret, A(i-1))
90ce3da70b43 Initial load duke parents: diff changeset	292	*/
90ce3da70b43 Initial load duke parents: diff changeset	293	int remaining = output.length;
90ce3da70b43 Initial load duke parents: diff changeset	294	int ofs = 0;
90ce3da70b43 Initial load duke parents: diff changeset	295	while (remaining > 0) {
90ce3da70b43 Initial load duke parents: diff changeset	296	/*
90ce3da70b43 Initial load duke parents: diff changeset	297	* compute A() ...
90ce3da70b43 Initial load duke parents: diff changeset	298	*/
90ce3da70b43 Initial load duke parents: diff changeset	299	// inner digest
90ce3da70b43 Initial load duke parents: diff changeset	300	digest.update(pad1);
90ce3da70b43 Initial load duke parents: diff changeset	301	if (aBytes == null) {
90ce3da70b43 Initial load duke parents: diff changeset	302	digest.update(label);
90ce3da70b43 Initial load duke parents: diff changeset	303	digest.update(seed);
90ce3da70b43 Initial load duke parents: diff changeset	304	} else {
90ce3da70b43 Initial load duke parents: diff changeset	305	digest.update(aBytes);
90ce3da70b43 Initial load duke parents: diff changeset	306	}
90ce3da70b43 Initial load duke parents: diff changeset	307	digest.digest(tmp, 0, hmacSize);
90ce3da70b43 Initial load duke parents: diff changeset	308
90ce3da70b43 Initial load duke parents: diff changeset	309	// outer digest
90ce3da70b43 Initial load duke parents: diff changeset	310	digest.update(pad2);
90ce3da70b43 Initial load duke parents: diff changeset	311	digest.update(tmp);
90ce3da70b43 Initial load duke parents: diff changeset	312	if (aBytes == null) {
90ce3da70b43 Initial load duke parents: diff changeset	313	aBytes = new byte[hmacSize];
90ce3da70b43 Initial load duke parents: diff changeset	314	}
90ce3da70b43 Initial load duke parents: diff changeset	315	digest.digest(aBytes, 0, hmacSize);
90ce3da70b43 Initial load duke parents: diff changeset	316
90ce3da70b43 Initial load duke parents: diff changeset	317	/*
90ce3da70b43 Initial load duke parents: diff changeset	318	* compute HMAC_hash() ...
90ce3da70b43 Initial load duke parents: diff changeset	319	*/
90ce3da70b43 Initial load duke parents: diff changeset	320	// inner digest
90ce3da70b43 Initial load duke parents: diff changeset	321	digest.update(pad1);
90ce3da70b43 Initial load duke parents: diff changeset	322	digest.update(aBytes);
90ce3da70b43 Initial load duke parents: diff changeset	323	digest.update(label);
90ce3da70b43 Initial load duke parents: diff changeset	324	digest.update(seed);
90ce3da70b43 Initial load duke parents: diff changeset	325	digest.digest(tmp, 0, hmacSize);
90ce3da70b43 Initial load duke parents: diff changeset	326
90ce3da70b43 Initial load duke parents: diff changeset	327	// outer digest
90ce3da70b43 Initial load duke parents: diff changeset	328	digest.update(pad2);
90ce3da70b43 Initial load duke parents: diff changeset	329	digest.update(tmp);
90ce3da70b43 Initial load duke parents: diff changeset	330	digest.digest(tmp, 0, hmacSize);
90ce3da70b43 Initial load duke parents: diff changeset	331
90ce3da70b43 Initial load duke parents: diff changeset	332	int k = Math.min(hmacSize, remaining);
90ce3da70b43 Initial load duke parents: diff changeset	333	for (int i = 0; i < k; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	334	output[ofs++] ^= tmp[i];
90ce3da70b43 Initial load duke parents: diff changeset	335	}
90ce3da70b43 Initial load duke parents: diff changeset	336	remaining -= k;
90ce3da70b43 Initial load duke parents: diff changeset	337	}
90ce3da70b43 Initial load duke parents: diff changeset	338	}
90ce3da70b43 Initial load duke parents: diff changeset	339
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	340	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	341	* A KeyGenerator implementation that supports TLS 1.2.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	342	* <p>
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	343	* TLS 1.2 uses a different hash algorithm than 1.0/1.1 for the PRF
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	344	* calculations. As of 2010, there is no PKCS11-level support for TLS
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	345	* 1.2 PRF calculations, and no known OS's have an internal variant
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	346	* we could use. Therefore for TLS 1.2, we are updating JSSE to request
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	347	* a different provider algorithm: "SunTls12Prf". If we reused the
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	348	* name "SunTlsPrf", the PKCS11 provider would need be updated to
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	349	* fail correctly when presented with the wrong version number
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	350	* (via Provider.Service.supportsParameters()), and add the
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	351	* appropriate supportsParamters() checks into KeyGenerators (not
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	352	* currently there).
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	353	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	354	static public class V12 extends TlsPrfGenerator {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	355	protected SecretKey engineGenerateKey() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	356	return engineGenerateKey0(true);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	357	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	358	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	359
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	360	/**
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	361	* A KeyGenerator implementation that supports TLS 1.0/1.1.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	362	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	363	static public class V10 extends TlsPrfGenerator {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	364	protected SecretKey engineGenerateKey() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	365	return engineGenerateKey0(false);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	366	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 5506 diff changeset	367	}
2 90ce3da70b43 Initial load duke parents: diff changeset	368	}

author	valeriep
	Tue, 08 May 2012 17:57:48 -0700
changeset 12685	8a448b5b9006
parent 7043	5e2d1edeb2c7
child 17160	2dfc3fe28a65
permissions	-rw-r--r--