Example 16 with HexDumpEncoder
use of sun.misc.HexDumpEncoder in project jdk8u_jdk by JetBrains.
the class Handshaker method calculateConnectionKeys.
/*
* Calculate the keys needed for this connection, once the session's
* master secret has been calculated. Uses the master key and nonces;
* the amount of keying material generated is a function of the cipher
* suite that's been negotiated.
*
* This gets called both on the "full handshake" (where we exchanged
* a premaster secret and started a new session) as well as on the
* "fast handshake" (where we just resumed a pre-existing session).
*/
void calculateConnectionKeys(SecretKey masterKey) {
/*
* For both the read and write sides of the protocol, we use the
* master to generate MAC secrets and cipher keying material. Block
* ciphers need initialization vectors, which we also generate.
*
* First we figure out how much keying material is needed.
*/
int hashSize = cipherSuite.macAlg.size;
boolean is_exportable = cipherSuite.exportable;
BulkCipher cipher = cipherSuite.cipher;
int expandedKeySize = is_exportable ? cipher.expandedKeySize : 0;
// Which algs/params do we need to use?
String keyMaterialAlg;
PRF prf;
if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
keyMaterialAlg = "SunTls12KeyMaterial";
prf = cipherSuite.prfAlg;
} else {
keyMaterialAlg = "SunTlsKeyMaterial";
prf = P_NONE;
}
String prfHashAlg = prf.getPRFHashAlg();
int prfHashLength = prf.getPRFHashLength();
int prfBlockSize = prf.getPRFBlockSize();
// TLS v1.1 or later uses an explicit IV in CBC cipher suites to
// protect against the CBC attacks. AEAD/GCM cipher suites in TLS
// v1.2 or later use a fixed IV as the implicit part of the partially
// implicit nonce technique described in RFC 5116.
int ivSize = cipher.ivSize;
if (cipher.cipherType == AEAD_CIPHER) {
ivSize = cipher.fixedIvSize;
} else if (protocolVersion.v >= ProtocolVersion.TLS11.v && cipher.cipherType == BLOCK_CIPHER) {
ivSize = 0;
}
TlsKeyMaterialParameterSpec spec = new TlsKeyMaterialParameterSpec(masterKey, protocolVersion.major, protocolVersion.minor, clnt_random.random_bytes, svr_random.random_bytes, cipher.algorithm, cipher.keySize, expandedKeySize, ivSize, hashSize, prfHashAlg, prfHashLength, prfBlockSize);
try {
KeyGenerator kg = JsseJce.getKeyGenerator(keyMaterialAlg);
kg.init(spec);
TlsKeyMaterialSpec keySpec = (TlsKeyMaterialSpec) kg.generateKey();
// Return null if cipher keys are not supposed to be generated.
clntWriteKey = keySpec.getClientCipherKey();
svrWriteKey = keySpec.getServerCipherKey();
// Return null if IVs are not supposed to be generated.
clntWriteIV = keySpec.getClientIv();
svrWriteIV = keySpec.getServerIv();
// Return null if MAC keys are not supposed to be generated.
clntMacSecret = keySpec.getClientMacKey();
svrMacSecret = keySpec.getServerMacKey();
} catch (GeneralSecurityException e) {
throw new ProviderException(e);
}
// Mark a flag that allows outside entities (like SSLSocket/SSLEngine)
// determine if a ChangeCipherSpec message could be processed.
sessKeysCalculated = true;
//
if (debug != null && Debug.isOn("keygen")) {
synchronized (System.out) {
HexDumpEncoder dump = new HexDumpEncoder();
System.out.println("CONNECTION KEYGEN:");
// Inputs:
System.out.println("Client Nonce:");
printHex(dump, clnt_random.random_bytes);
System.out.println("Server Nonce:");
printHex(dump, svr_random.random_bytes);
System.out.println("Master Secret:");
printHex(dump, masterKey.getEncoded());
// Outputs:
if (clntMacSecret != null) {
System.out.println("Client MAC write Secret:");
printHex(dump, clntMacSecret.getEncoded());
System.out.println("Server MAC write Secret:");
printHex(dump, svrMacSecret.getEncoded());
} else {
System.out.println("... no MAC keys used for this cipher");
}
if (clntWriteKey != null) {
System.out.println("Client write key:");
printHex(dump, clntWriteKey.getEncoded());
System.out.println("Server write key:");
printHex(dump, svrWriteKey.getEncoded());
} else {
System.out.println("... no encryption keys used");
}
if (clntWriteIV != null) {
System.out.println("Client write IV:");
printHex(dump, clntWriteIV.getIV());
System.out.println("Server write IV:");
printHex(dump, svrWriteIV.getIV());
} else {
if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
System.out.println("... no IV derived for this protocol");
} else {
System.out.println("... no IV used for this cipher");
}
}
System.out.flush();
}
}
}
Also used :
PRF(sun.security.ssl.CipherSuite.PRF)
HexDumpEncoder(sun.misc.HexDumpEncoder)
Example 17 with HexDumpEncoder
use of sun.misc.HexDumpEncoder in project jdk8u_jdk by JetBrains.
the class CipherBox method encrypt.
/*
* Encrypts a ByteBuffer block of data, returning the size of the
* resulting block.
*
* The byte buffers position and limit initially define the amount
* to encrypt. On return, the position and limit are
* set to last position padded/encrypted. The limit may have changed
* because of the added padding bytes.
*/
int encrypt(ByteBuffer bb, int outLimit) {
int len = bb.remaining();
if (cipher == null) {
bb.position(bb.limit());
return len;
}
int pos = bb.position();
int blockSize = cipher.getBlockSize();
if (cipherType == BLOCK_CIPHER) {
// addPadding adjusts pos/limit
len = addPadding(bb, blockSize);
bb.position(pos);
}
if (debug != null && Debug.isOn("plaintext")) {
try {
HexDumpEncoder hd = new HexDumpEncoder();
System.out.println("Padded plaintext before ENCRYPTION: len = " + len);
hd.encodeBuffer(bb.duplicate(), System.out);
} catch (IOException e) {
}
}
/*
* Encrypt "in-place". This does not add its own padding.
*/
ByteBuffer dup = bb.duplicate();
if (cipherType == AEAD_CIPHER) {
try {
int outputSize = cipher.getOutputSize(dup.remaining());
if (outputSize > bb.remaining()) {
// reserved space for the authentication tag.
if (outLimit < pos + outputSize) {
// unlikely to happen
throw new ShortBufferException("need more space in output buffer");
}
bb.limit(pos + outputSize);
}
int newLen = cipher.doFinal(dup, bb);
if (newLen != outputSize) {
throw new RuntimeException("Cipher buffering error in JCE provider " + cipher.getProvider().getName());
}
return newLen;
} catch (IllegalBlockSizeException | BadPaddingException | ShortBufferException ibse) {
// unlikely to happen
throw new RuntimeException("Cipher error in AEAD mode in JCE provider " + cipher.getProvider().getName(), ibse);
}
} else {
int newLen;
try {
newLen = cipher.update(dup, bb);
} catch (ShortBufferException sbe) {
// unlikely to happen
throw new RuntimeException("Cipher buffering error " + "in JCE provider " + cipher.getProvider().getName());
}
if (bb.position() != dup.position()) {
throw new RuntimeException("bytebuffer padding error");
}
if (newLen != len) {
// catch BouncyCastle buffering error
throw new RuntimeException("Cipher buffering error " + "in JCE provider " + cipher.getProvider().getName());
}
return newLen;
}
}
Also used :
HexDumpEncoder(sun.misc.HexDumpEncoder)
IOException(java.io.IOException)
Example 18 with HexDumpEncoder
use of sun.misc.HexDumpEncoder in project jdk8u_jdk by JetBrains.
the class CipherBox method encrypt.
/*
* Encrypts a block of data, returning the size of the
* resulting block.
*/
int encrypt(byte[] buf, int offset, int len) {
if (cipher == null) {
return len;
}
try {
int blockSize = cipher.getBlockSize();
if (cipherType == BLOCK_CIPHER) {
len = addPadding(buf, offset, len, blockSize);
}
if (debug != null && Debug.isOn("plaintext")) {
try {
HexDumpEncoder hd = new HexDumpEncoder();
System.out.println("Padded plaintext before ENCRYPTION: len = " + len);
hd.encodeBuffer(new ByteArrayInputStream(buf, offset, len), System.out);
} catch (IOException e) {
}
}
if (cipherType == AEAD_CIPHER) {
try {
return cipher.doFinal(buf, offset, len, buf, offset);
} catch (IllegalBlockSizeException | BadPaddingException ibe) {
// unlikely to happen
throw new RuntimeException("Cipher error in AEAD mode in JCE provider " + cipher.getProvider().getName(), ibe);
}
} else {
int newLen = cipher.update(buf, offset, len, buf, offset);
if (newLen != len) {
// catch BouncyCastle buffering error
throw new RuntimeException("Cipher buffering error " + "in JCE provider " + cipher.getProvider().getName());
}
return newLen;
}
} catch (ShortBufferException e) {
// unlikely to happen, we should have enough buffer space here
throw new ArrayIndexOutOfBoundsException(e.toString());
}
}
Also used :
HexDumpEncoder(sun.misc.HexDumpEncoder)
ByteArrayInputStream(java.io.ByteArrayInputStream)
IOException(java.io.IOException)
Example 19 with HexDumpEncoder
use of sun.misc.HexDumpEncoder in project jdk8u_jdk by JetBrains.
the class InputRecord method hashInternal.
/*
* Need a helper function so we can hash the V2 hello correctly
*/
private void hashInternal(byte[] databuf, int offset, int len) {
if (debug != null && Debug.isOn("data")) {
try {
HexDumpEncoder hd = new HexDumpEncoder();
System.out.println("[read] MD5 and SHA1 hashes: len = " + len);
hd.encodeBuffer(new ByteArrayInputStream(databuf, offset, len), System.out);
} catch (IOException e) {
}
}
handshakeHash.update(databuf, offset, len);
}
Also used :
HexDumpEncoder(sun.misc.HexDumpEncoder)
Example 20 with HexDumpEncoder
use of sun.misc.HexDumpEncoder in project jdk8u_jdk by JetBrains.
the class OutputRecord method hashInternal.
/*
* Need a helper function so we can hash the V2 hello correctly
*/
private void hashInternal(byte[] buf, int offset, int len) {
if (debug != null && Debug.isOn("data")) {
try {
HexDumpEncoder hd = new HexDumpEncoder();
System.out.println("[write] MD5 and SHA1 hashes: len = " + len);
hd.encodeBuffer(new ByteArrayInputStream(buf, lastHashed, len), System.out);
} catch (IOException e) {
}
}
handshakeHash.update(buf, lastHashed, len);
lastHashed = count;
}
Also used :
HexDumpEncoder(sun.misc.HexDumpEncoder)
Aggregations
HexDumpEncoder (sun.misc.HexDumpEncoder)51
IOException (java.io.IOException)15
ByteArrayInputStream (java.io.ByteArrayInputStream)6
CRLException (java.security.cert.CRLException)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CertificateException (java.security.cert.CertificateException)3
NamingException (javax.naming.NamingException)3
InvocationTargetException (java.lang.reflect.InvocationTargetException)2
InvalidKeyException (java.security.InvalidKeyException)2
NoSuchProviderException (java.security.NoSuchProviderException)2
SignatureException (java.security.SignatureException)2
X509CRLEntry (java.security.cert.X509CRLEntry)2
PRF (sun.security.ssl.CipherSuite.PRF)2
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Constructor (java.lang.reflect.Constructor)1
ByteBuffer (java.nio.ByteBuffer)1
AccessControlContext (java.security.AccessControlContext)1
GeneralSecurityException (java.security.GeneralSecurityException)1
PrivilegedActionException (java.security.PrivilegedActionException)1
