56 (byte)0x47, (byte)0x52, (byte)0x44, (byte)0x01 |
56 (byte)0x47, (byte)0x52, (byte)0x44, (byte)0x01 |
57 }; |
57 }; |
58 |
58 |
59 private static final byte[] t11Protection = new byte[] { |
59 private static final byte[] t11Protection = new byte[] { |
60 (byte)0x44, (byte)0x4F, (byte)0x57, (byte)0x4E, |
60 (byte)0x44, (byte)0x4F, (byte)0x57, (byte)0x4E, |
61 (byte)0x47, (byte)0x52, (byte)0x44, (byte)0x01 |
61 (byte)0x47, (byte)0x52, (byte)0x44, (byte)0x00 |
62 }; |
62 }; |
63 |
63 |
64 static final RandomCookie hrrRandom = new RandomCookie(hrrRandomBytes); |
64 static final RandomCookie hrrRandom = new RandomCookie(hrrRandomBytes); |
65 |
65 |
66 RandomCookie(SecureRandom generator) { |
66 RandomCookie(SecureRandom generator) { |
67 generator.nextBytes(randomBytes); |
67 generator.nextBytes(randomBytes); |
|
68 } |
|
69 |
|
70 // Used for server random generation with version downgrade protection. |
|
71 RandomCookie(HandshakeContext context) { |
|
72 SecureRandom generator = context.sslContext.getSecureRandom(); |
|
73 generator.nextBytes(randomBytes); |
|
74 |
|
75 // TLS 1.3 has a downgrade protection mechanism embedded in the |
|
76 // server's random value. TLS 1.3 servers which negotiate TLS 1.2 |
|
77 // or below in response to a ClientHello MUST set the last eight |
|
78 // bytes of their Random value specially. |
|
79 byte[] protection = null; |
|
80 if (context.maximumActiveProtocol.useTLS13PlusSpec()) { |
|
81 if (!context.negotiatedProtocol.useTLS13PlusSpec()) { |
|
82 if (context.negotiatedProtocol.useTLS12PlusSpec()) { |
|
83 protection = t12Protection; |
|
84 } else { |
|
85 protection = t11Protection; |
|
86 } |
|
87 } |
|
88 } else if (context.maximumActiveProtocol.useTLS12PlusSpec()) { |
|
89 if (!context.negotiatedProtocol.useTLS12PlusSpec()) { |
|
90 protection = t11Protection; |
|
91 } |
|
92 } |
|
93 |
|
94 if (protection != null) { |
|
95 System.arraycopy(protection, 0, randomBytes, |
|
96 randomBytes.length - protection.length, protection.length); |
|
97 } |
68 } |
98 } |
69 |
99 |
70 RandomCookie(ByteBuffer m) throws IOException { |
100 RandomCookie(ByteBuffer m) throws IOException { |
71 m.get(randomBytes); |
101 m.get(randomBytes); |
72 } |
102 } |
82 |
112 |
83 boolean isHelloRetryRequest() { |
113 boolean isHelloRetryRequest() { |
84 return Arrays.equals(hrrRandomBytes, randomBytes); |
114 return Arrays.equals(hrrRandomBytes, randomBytes); |
85 } |
115 } |
86 |
116 |
87 boolean isT12Downgrade() { |
117 // Used for client random validation of version downgrade protection. |
88 return Arrays.equals(hrrRandomBytes, 24, 31, t12Protection, 0, 7); |
118 boolean isVersionDowngrade(HandshakeContext context) { |
|
119 if (context.maximumActiveProtocol.useTLS13PlusSpec()) { |
|
120 if (!context.negotiatedProtocol.useTLS13PlusSpec()) { |
|
121 return isT12Downgrade() || isT11Downgrade(); |
|
122 } |
|
123 } else if (context.maximumActiveProtocol.useTLS12PlusSpec()) { |
|
124 if (!context.negotiatedProtocol.useTLS12PlusSpec()) { |
|
125 return isT11Downgrade(); |
|
126 } |
|
127 } |
|
128 |
|
129 return false; |
89 } |
130 } |
90 |
131 |
91 boolean isT11Downgrade() { |
132 private boolean isT12Downgrade() { |
92 return Arrays.equals(hrrRandomBytes, 24, 31, t11Protection, 0, 7); |
133 return Arrays.equals(randomBytes, 24, 31, t12Protection, 0, 7); |
|
134 } |
|
135 |
|
136 private boolean isT11Downgrade() { |
|
137 return Arrays.equals(randomBytes, 24, 31, t11Protection, 0, 7); |
93 } |
138 } |
94 } |
139 } |