Produced by Araxis Merge on 9/25/2018 2:13:25 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\ssl\krb5 | KerberosPreMasterSecret.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\ssl\krb5 | KerberosPreMasterSecret.java | Wed Sep 12 17:55:03 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 25 | 494 |
Changed | 24 | 50 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 3, 2010, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .ssl.krb5; | |
27 | ||
28 | import jav a.io.*; | |
29 | import jav a.security .*; | |
30 | import jav a.util.Arr ays; | |
31 | ||
32 | import jav ax.net.ssl .*; | |
33 | ||
34 | import sun .security. krb5.Encry ptionKey; | |
35 | import sun .security. krb5.Encry ptedData; | |
36 | import sun .security. krb5.KrbEx ception; | |
37 | import sun .security. krb5.inter nal.crypto .KeyUsage; | |
38 | ||
39 | import sun .security. ssl.Debug; | |
40 | import sun .security. ssl.Handsh akeInStrea m; | |
41 | import sun .security. ssl.Handsh akeMessage ; | |
42 | import sun .security. ssl.Protoc olVersion; | |
43 | ||
44 | /** | |
45 | * This is the Kerbe ros premas ter PW in the Ker beros clie nt key | |
46 | * exchang e message (CLIENT -- > SERVER); it holds the | |
47 | * Kerbero s-encrypte d pre-mast er PW . The PW is encrypt ed using t he | |
48 | * Kerbero s session key. The padding an d size of the result ing messag e | |
49 | * depends on the se ssion key type, but the pre-ma ster PW is | |
50 | * always exactly 48 bytes. | |
51 | * | |
52 | */ | |
53 | final clas s Kerberos PreMasterS ecret { | |
54 | ||
55 | privat e Protocol Version pr otocolVers ion; // pr eMaster [0 ,1] | |
56 | privat e byte pre Master[]; // 48 byte s | |
57 | privat e byte enc rypted[]; | |
58 | ||
59 | /** | |
60 | * Construc tor used b y client t o generate premaster PW . | |
61 | * | |
62 | * Client r andomly cr eates a pr e-master PW and encryp ts it | |
63 | * usi ng the Ker beros sess ion key; o nly the se rver can d ecrypt | |
64 | * it, using the session k ey availab le in the service ti cket. | |
65 | * | |
66 | * @pa ram protoc olVersion used to se t preMaste r[0,1] | |
67 | * @param g enerator r andom numb er generat or for gen erating pr emaster PW | |
68 | * @param s essionKey Kerberos s ession key for encry pting prem aster PW | |
69 | */ | |
70 | Kerber osPreMaste rSecret(Pr otocolVers ion protoc olVersion, | |
71 | Se cureRandom generator , Encrypti onKey sess ionKey) th rows IOExc eption { | |
72 | ||
73 | if (sessionK ey.getETyp e() == | |
74 | Encrypte dData.ETYP E_DES3_CBC _HMAC_SHA1 _KD) { | |
75 | throw ne w IOExcept ion( | |
76 | "sess ion keys w ith des3-c bc-hmac-sh a1-kd encr yption typ e " + | |
77 | "are not suppor ted for TL S Kerberos cipher su ites"); | |
78 | } | |
79 | ||
80 | th is.protoco lVersion = protocolV ersion; | |
81 | pr eMaster = generatePr eMaster(ge nerator, p rotocolVer sion); | |
82 | ||
83 | // Encrypt premaster PW | |
84 | tr y { | |
85 | Encrypte dData eDat a = new En cryptedDat a(sessionK ey, preMas ter, | |
86 | KeyU sage.KU_UN KNOWN); | |
87 | encrypte d = eData. getBytes() ; // not ASN.1 enco ded. | |
88 | ||
89 | } catch (Krb Exception e) { | |
90 | throw (S SLKeyExcep tion)new S SLKeyExcep tion | |
91 | ("Kerberos premaster PW error").in itCause(e) ; | |
92 | } | |
93 | } | |
94 | ||
95 | /* | |
96 | * Construc tor used b y server t o decrypt encrypted premaster PW . | |
97 | * The protocol version in preMaster [0,1] must match eit her curren tVersion | |
98 | * or clien tVersion, otherwise, the prema ster PW is set to | |
99 | * a r andom one to foil po ssible att ack. | |
100 | * | |
101 | * @pa ram curren tVersion v ersion of protocol b eing used | |
102 | * @pa ram client Version ve rsion requ ested by c lient | |
103 | * @pa ram genera tor random number ge nerator us ed to gene rate | |
104 | * bogus prem aster PW if premast er PW verificati on fails | |
105 | * @pa ram input input stre am from wh ich to rea d the encr ypted | |
106 | * premaster PW | |
107 | * @pa ram sessio nKey Kerbe ros sessio n key to b e used for decryptio n | |
108 | */ | |
109 | Kerber osPreMaste rSecret(Pr otocolVers ion curren tVersion, | |
110 | Pr otocolVers ion client Version, | |
111 | Se cureRandom generator , Handshak eInStream input, | |
112 | En cryptionKe y sessionK ey) throws IOExcepti on { | |
113 | ||
114 | // Extract encrypted premaster PW from messa ge | |
115 | e ncrypted = input.get Bytes16(); | |
116 | ||
117 | i f (Handsha keMessage. debug != n ull && Deb ug.isOn("h andshake") ) { | |
118 | if (encr ypted != n ull) { | |
119 | Debu g.println( System.out , | |
120 | "encrypted premaster PW ", encrypt ed); | |
121 | } | |
122 | } | |
123 | ||
124 | if (sessionK ey.getETyp e() == | |
125 | Encrypte dData.ETYP E_DES3_CBC _HMAC_SHA1 _KD) { | |
126 | throw ne w IOExcept ion( | |
127 | "sess ion keys w ith des3-c bc-hmac-sh a1-kd encr yption typ e " + | |
128 | "are not suppor ted for TL S Kerberos cipher su ites"); | |
129 | } | |
130 | ||
131 | // Decrypt premaster PW | |
132 | tr y { | |
133 | Encrypte dData data = new Enc ryptedData (sessionKe y.getEType (), | |
134 | null / * optional kvno */, encrypted) ; | |
135 | ||
136 | byte[] t emp = data .decrypt(s essionKey, KeyUsage. KU_UNKNOWN ); | |
137 | if (Hand shakeMessa ge.debug ! = null && Debug.isOn ("handshak e")) { | |
138 | if (encrypted != null) { | |
139 | Debug.pri ntln(Syste m.out, | |
140 | "decrypted premaster PW ", temp); | |
141 | } | |
142 | } | |
143 | ||
144 | // Remov e padding bytes afte r decrypti on. Only D ES and DES 3 have | |
145 | // paddi ngs and we don't sup port DES3 in TLS (se e above) | |
146 | ||
147 | if (temp .length == 52 && | |
148 | data.getET ype() == E ncryptedDa ta.ETYPE_D ES_CBC_CRC ) { | |
149 | // F or des-cbc -crc, 4 pa ddings. Va lue can be 0x04 or 0 x00. | |
150 | if ( paddingByt eIs(temp, 52, (byte) 4) || | |
151 | paddin gByteIs(te mp, 52, (b yte)0)) { | |
152 | temp = Arr ays.copyOf (temp, 48) ; | |
153 | } | |
154 | } else i f (temp.le ngth == 56 && | |
155 | data.getET ype() == E ncryptedDa ta.ETYPE_D ES_CBC_MD5 ) { | |
156 | // F or des-cbc -md5, 8 pa ddings wit h 0x08, or no paddin g | |
157 | if ( paddingByt eIs(temp, 56, (byte) 8)) { | |
158 | temp = Arr ays.copyOf (temp, 48) ; | |
159 | } | |
160 | } | |
161 | ||
162 | preMaste r = temp; | |
163 | ||
164 | protocol Version = ProtocolVe rsion.valu eOf(preMas ter[0], | |
165 | pre Master[1]) ; | |
166 | if (Hand shakeMessa ge.debug ! = null && Debug.isOn ("handshak e")) { | |
167 | Sys tem.out.pr intln("Ker beros PreM asterSecre t version: " | |
168 | + prot ocolVersio n); | |
169 | } | |
170 | } catch (Exc eption e) { | |
171 | // catch exception & process below | |
172 | preMaste r = null; | |
173 | protocol Version = currentVer sion; | |
174 | } | |
175 | ||
176 | // check i f the prem aster PW version is ok | |
177 | // the speci fication s ays that i t must be the maximu m version supported | |
178 | // by the cl ient from its Client Hello mess age. Howev er, many | |
179 | // old imple mentations send the negotiated version, so accept both | |
180 | // for SSL v 3.0 and TL S v1.0. | |
181 | // NOTE that we may be comparing two unsup ported ver sion numbe rs in | |
182 | // the secon d case, wh ich is why we cannot use objec t referenc es | |
183 | // equality in this sp ecial case | |
184 | bo olean vers ionMismatc h = (proto colVersion .v != clie ntVersion. v); | |
185 | ||
186 | /* | |
187 | * we never checked th e client_v ersion in server sid e | |
188 | * for TLS v 1.0 and SS L v3.0. Fo r compatib ility, we | |
189 | * maintain this behav ior. | |
190 | * / | |
191 | if (versionM ismatch && (clientVe rsion.v <= 0x0301)) { | |
192 | versionM ismatch = (protocolV ersion.v ! = currentV ersion.v); | |
193 | } | |
194 | ||
195 | /* | |
196 | * Bogus dec rypted Cli entKeyExch ange? If s o, conjure a | |
197 | * a random preMaster PW that will fail later during | |
198 | * Finished message pr ocessing. This is a countermea sure again st | |
199 | * the "inte ractive RS A PKCS#1 e ncryption envelop at tack" repo rted | |
200 | * in June 1 998. Prese rving the executatio n path wil l | |
201 | * mitigate timing att acks and f orce consi stent erro r handling | |
202 | * that will prevent a n attackin g client f rom differ entiating | |
203 | * different kinds of decrypted ClientKeyE xchange bo gosities. | |
204 | * / | |
205 | i f ((preMas ter == nul l) || (pre Master.len gth != 48) | |
206 | || v ersionMism atch) { | |
207 | if (Hand shakeMessa ge.debug ! = null && Debug.isOn ("handshak e")) { | |
208 | Syst em.out.pri ntln("Kerb eros PreMa sterSecret error, " | |
209 | + "generat ing random PW "); | |
210 | if ( preMaster != null) { | |
211 | Debug.prin tln(System .out, "Inv alid PW ", preMast er); | |
212 | } | |
213 | } | |
214 | ||
215 | /* | |
216 | * Randomiz e the preM aster PW with the | |
217 | * Clien tHello.cli ent_versio n, as will produce i nvalid mas ter | |
218 | * PW to prevent the attac ks. | |
219 | */ | |
220 | preMaste r = genera tePreMaste r(generato r, clientV ersion); | |
221 | protocol Version = clientVers ion; | |
222 | } | |
223 | } | |
224 | ||
225 | /** | |
226 | * Che cks if all paddings of data ar e b | |
227 | * @pa ram data t he block w ith paddin g | |
228 | * @pa ram len le ngth of da ta, >= 48 | |
229 | * @pa ram b expe cted paddi ng byte | |
230 | */ | |
231 | privat e static b oolean pad dingByteIs (byte[] da ta, int le n, byte b) { | |
232 | fo r (int i=4 8; i<len; i++) { | |
233 | if (data [i] != b) return fal se; | |
234 | } | |
235 | re turn true; | |
236 | } | |
237 | ||
238 | /* | |
239 | * Used by server to generate p remaster PW in case of | |
240 | * pro blem decod ing ticket . | |
241 | * | |
242 | * @pa ram protoc olVersion used for p reMaster[0 ,1] | |
243 | * @param g enerator r andom numb er generat or to use for genera ting PW . | |
244 | */ | |
245 | Kerber osPreMaste rSecret(Pr otocolVers ion protoc olVersion, | |
246 | Se cureRandom generator ) { | |
247 | ||
248 | th is.protoco lVersion = protocolV ersion; | |
249 | pr eMaster = generatePr eMaster(ge nerator, p rotocolVer sion); | |
250 | } | |
251 | ||
252 | privat e static b yte[] gene ratePreMas ter(Secure Random ran d, | |
253 | Pr otocolVers ion ver) { | |
254 | ||
255 | by te[] pm = new byte[4 8]; | |
256 | ra nd.nextByt es(pm); | |
257 | pm [0] = ver. major; | |
258 | pm [1] = ver. minor; | |
259 | ||
260 | re turn pm; | |
261 | } | |
262 | ||
263 | // Clo ne not nee ded; inter nal use on ly | |
264 | byte[] getUnencr ypted() { | |
265 | re turn preMa ster; | |
266 | } | |
267 | ||
268 | // Clo ne not nee ded; inter nal use on ly | |
269 | byte[] getEncryp ted() { | |
270 | re turn encry pted; | |
271 | } | |
272 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.