1105 // Nonces are dumped with connection keygen, no
1106 // benefit to doing it twice
1107 }
1108
1109 // What algs/params do we need to use?
1110 String masterAlg;
1111 PRF prf;
1112
1113 if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
1114 masterAlg = "SunTls12MasterSecret";
1115 prf = cipherSuite.prfAlg;
1116 } else {
1117 masterAlg = "SunTlsMasterSecret";
1118 prf = P_NONE;
1119 }
1120
1121 String prfHashAlg = prf.getPRFHashAlg();
1122 int prfHashLength = prf.getPRFHashLength();
1123 int prfBlockSize = prf.getPRFBlockSize();
1124
1125 TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
1126 preMasterSecret, protocolVersion.major, protocolVersion.minor,
1127 clnt_random.random_bytes, svr_random.random_bytes,
1128 prfHashAlg, prfHashLength, prfBlockSize);
1129
1130 try {
1131 KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
1132 kg.init(spec);
1133 return kg.generateKey();
1134 } catch (InvalidAlgorithmParameterException |
1135 NoSuchAlgorithmException iae) {
1136 // unlikely to happen, otherwise, must be a provider exception
1137 //
1138 // For RSA premaster secrets, do not signal a protocol error
1139 // due to the Bleichenbacher attack. See comments further down.
1140 if (debug != null && Debug.isOn("handshake")) {
1141 System.out.println("RSA master secret generation error:");
1142 iae.printStackTrace(System.out);
1143 }
1144 throw new ProviderException(iae);
1145
1146 }
1147 }
1148
1149 /*
1150 * Calculate the keys needed for this connection, once the session's
1151 * master secret has been calculated. Uses the master key and nonces;
1152 * the amount of keying material generated is a function of the cipher
1153 * suite that's been negotiated.
1154 *
1155 * This gets called both on the "full handshake" (where we exchanged
1156 * a premaster secret and started a new session) as well as on the
1157 * "fast handshake" (where we just resumed a pre-existing session).
1158 */
1159 void calculateConnectionKeys(SecretKey masterKey) {
1160 /*
1161 * For both the read and write sides of the protocol, we use the
1162 * master to generate MAC secrets and cipher keying material. Block
1163 * ciphers need initialization vectors, which we also generate.
1164 *
1165 * First we figure out how much keying material is needed.
1166 */
1167 int hashSize = cipherSuite.macAlg.size;
1168 boolean is_exportable = cipherSuite.exportable;
1169 BulkCipher cipher = cipherSuite.cipher;
1170 int expandedKeySize = is_exportable ? cipher.expandedKeySize : 0;
1171
1172 // Which algs/params do we need to use?
1173 String keyMaterialAlg;
1174 PRF prf;
1175
1176 if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
1177 keyMaterialAlg = "SunTls12KeyMaterial";
1178 prf = cipherSuite.prfAlg;
|
1105 // Nonces are dumped with connection keygen, no
1106 // benefit to doing it twice
1107 }
1108
1109 // What algs/params do we need to use?
1110 String masterAlg;
1111 PRF prf;
1112
1113 if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
1114 masterAlg = "SunTls12MasterSecret";
1115 prf = cipherSuite.prfAlg;
1116 } else {
1117 masterAlg = "SunTlsMasterSecret";
1118 prf = P_NONE;
1119 }
1120
1121 String prfHashAlg = prf.getPRFHashAlg();
1122 int prfHashLength = prf.getPRFHashLength();
1123 int prfBlockSize = prf.getPRFBlockSize();
1124
1125 @SuppressWarnings("deprecation")
1126 TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
1127 preMasterSecret, protocolVersion.major, protocolVersion.minor,
1128 clnt_random.random_bytes, svr_random.random_bytes,
1129 prfHashAlg, prfHashLength, prfBlockSize);
1130
1131 try {
1132 KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
1133 kg.init(spec);
1134 return kg.generateKey();
1135 } catch (InvalidAlgorithmParameterException |
1136 NoSuchAlgorithmException iae) {
1137 // unlikely to happen, otherwise, must be a provider exception
1138 //
1139 // For RSA premaster secrets, do not signal a protocol error
1140 // due to the Bleichenbacher attack. See comments further down.
1141 if (debug != null && Debug.isOn("handshake")) {
1142 System.out.println("RSA master secret generation error:");
1143 iae.printStackTrace(System.out);
1144 }
1145 throw new ProviderException(iae);
1146
1147 }
1148 }
1149
1150 /*
1151 * Calculate the keys needed for this connection, once the session's
1152 * master secret has been calculated. Uses the master key and nonces;
1153 * the amount of keying material generated is a function of the cipher
1154 * suite that's been negotiated.
1155 *
1156 * This gets called both on the "full handshake" (where we exchanged
1157 * a premaster secret and started a new session) as well as on the
1158 * "fast handshake" (where we just resumed a pre-existing session).
1159 */
1160 @SuppressWarnings("deprecation")
1161 void calculateConnectionKeys(SecretKey masterKey) {
1162 /*
1163 * For both the read and write sides of the protocol, we use the
1164 * master to generate MAC secrets and cipher keying material. Block
1165 * ciphers need initialization vectors, which we also generate.
1166 *
1167 * First we figure out how much keying material is needed.
1168 */
1169 int hashSize = cipherSuite.macAlg.size;
1170 boolean is_exportable = cipherSuite.exportable;
1171 BulkCipher cipher = cipherSuite.cipher;
1172 int expandedKeySize = is_exportable ? cipher.expandedKeySize : 0;
1173
1174 // Which algs/params do we need to use?
1175 String keyMaterialAlg;
1176 PRF prf;
1177
1178 if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
1179 keyMaterialAlg = "SunTls12KeyMaterial";
1180 prf = cipherSuite.prfAlg;
|