1 /* 2 * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.sun.crypto.provider; 27 28 import java.security.*; 29 import java.security.spec.AlgorithmParameterSpec; 30 31 import javax.crypto.*; 32 33 import sun.security.internal.interfaces.TlsMasterSecret; 34 import sun.security.internal.spec.TlsMasterSecretParameterSpec; 35 36 import static com.sun.crypto.provider.TlsPrfGenerator.*; 37 38 /** 39 * KeyGenerator implementation for the SSL/TLS master secret derivation. 40 * 41 * @author Andreas Sterbenz 42 * @since 1.6 43 */ 44 public final class TlsMasterSecretGenerator extends KeyGeneratorSpi { 45 46 private final static String MSG = "TlsMasterSecretGenerator must be " 47 + "initialized using a TlsMasterSecretParameterSpec"; 48 49 @SuppressWarnings("deprecation") 50 private TlsMasterSecretParameterSpec spec; 51 52 private int protocolVersion; 53 54 public TlsMasterSecretGenerator() { 55 } 56 57 protected void engineInit(SecureRandom random) { 58 throw new InvalidParameterException(MSG); 59 } 60 61 @SuppressWarnings("deprecation") 62 protected void engineInit(AlgorithmParameterSpec params, 63 SecureRandom random) throws InvalidAlgorithmParameterException { 64 if (params instanceof TlsMasterSecretParameterSpec == false) { 65 throw new InvalidAlgorithmParameterException(MSG); 66 } 67 this.spec = (TlsMasterSecretParameterSpec)params; 68 if ("RAW".equals(spec.getPremasterSecret().getFormat()) == false) { 69 throw new InvalidAlgorithmParameterException( 70 "Key format must be RAW"); 71 } 72 protocolVersion = (spec.getMajorVersion() << 8) 73 | spec.getMinorVersion(); 74 if ((protocolVersion < 0x0300) || (protocolVersion > 0x0303)) { 75 throw new InvalidAlgorithmParameterException( 76 "Only SSL 3.0, TLS 1.0/1.1/1.2 supported"); 77 } 78 } 79 80 protected void engineInit(int keysize, SecureRandom random) { 81 throw new InvalidParameterException(MSG); 82 } 83 84 protected SecretKey engineGenerateKey() { 85 if (spec == null) { 86 throw new IllegalStateException( 87 "TlsMasterSecretGenerator must be initialized"); 88 } 89 SecretKey premasterKey = spec.getPremasterSecret(); 90 byte[] premaster = premasterKey.getEncoded(); 91 92 int premasterMajor, premasterMinor; 93 if (premasterKey.getAlgorithm().equals("TlsRsaPremasterSecret")) { 94 // RSA 95 premasterMajor = premaster[0] & 0xff; 96 premasterMinor = premaster[1] & 0xff; 97 } else { 98 // DH, KRB5, others 99 premasterMajor = -1; 100 premasterMinor = -1; 101 } 102 103 try { 104 byte[] master; 105 byte[] clientRandom = spec.getClientRandom(); 106 byte[] serverRandom = spec.getServerRandom(); 107 108 if (protocolVersion >= 0x0301) { 109 byte[] seed = concat(clientRandom, serverRandom); 110 master = ((protocolVersion >= 0x0303) ? 111 doTLS12PRF(premaster, LABEL_MASTER_SECRET, seed, 48, 112 spec.getPRFHashAlg(), spec.getPRFHashLength(), 113 spec.getPRFBlockSize()) : 114 doTLS10PRF(premaster, LABEL_MASTER_SECRET, seed, 48)); 115 } else { 116 master = new byte[48]; 117 MessageDigest md5 = MessageDigest.getInstance("MD5"); 118 MessageDigest sha = MessageDigest.getInstance("SHA"); 119 120 byte[] tmp = new byte[20]; 121 for (int i = 0; i < 3; i++) { 122 sha.update(SSL3_CONST[i]); 123 sha.update(premaster); 124 sha.update(clientRandom); 125 sha.update(serverRandom); 126 sha.digest(tmp, 0, 20); 127 128 md5.update(premaster); 129 md5.update(tmp); 130 md5.digest(master, i << 4, 16); 131 } 132 133 } 134 135 return new TlsMasterSecretKey(master, premasterMajor, 136 premasterMinor); 137 } catch (NoSuchAlgorithmException e) { 138 throw new ProviderException(e); 139 } catch (DigestException e) { 140 throw new ProviderException(e); 141 } 142 } 143 144 @SuppressWarnings("deprecation") 145 private static final class TlsMasterSecretKey implements TlsMasterSecret { 146 private static final long serialVersionUID = 1019571680375368880L; 147 148 private byte[] key; 149 private final int majorVersion, minorVersion; 150 151 TlsMasterSecretKey(byte[] key, int majorVersion, int minorVersion) { 152 this.key = key; 153 this.majorVersion = majorVersion; 154 this.minorVersion = minorVersion; 155 } 156 157 public int getMajorVersion() { 158 return majorVersion; 159 } 160 161 public int getMinorVersion() { 162 return minorVersion; 163 } 164 165 public String getAlgorithm() { 166 return "TlsMasterSecret"; 167 } 168 169 public String getFormat() { 170 return "RAW"; 171 } 172 173 public byte[] getEncoded() { 174 return key.clone(); 175 } 176 177 } 178 179 }