Produced by Araxis Merge on 9/25/2018 2:13:02 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\com\sun\crypto\provider | TlsPrfGenerator.java | Mon Jan 22 14:46:50 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\com\sun\crypto\provider | TlsPrfGenerator.java | Wed Sep 12 16:22:47 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 30 | 696 |
Changed | 29 | 80 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 5, 2017, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package co m.sun.cryp to.provide r; | |
27 | ||
28 | import jav a.util.Arr ays; | |
29 | ||
30 | import jav a.security .*; | |
31 | import jav a.security .spec.Algo rithmParam eterSpec; | |
32 | ||
33 | import jav ax.crypto. *; | |
34 | import jav ax.crypto. spec.Secre tKeySpec; | |
35 | ||
36 | import sun .security. internal.s pec.TlsPrf ParameterS pec; | |
37 | ||
38 | /** | |
39 | * KeyGene rator impl ementation for the T LS PRF fun ction. | |
40 | * <p> | |
41 | * This cl ass duplic ates the H MAC functi onality (R FC 2104) w ith | |
42 | * perform ance optim izations ( e.g. XOR'i ng keys wi th padding doesn't | |
43 | * need to be redone for each HMAC opera tion). | |
44 | * | |
45 | * @author Andreas Sterbenz | |
46 | * @since 1.6 | |
47 | */ | |
48 | abstract c lass TlsPr fGenerator extends K eyGenerato rSpi { | |
49 | ||
50 | // mag ic constan ts and uti lity funct ions, also used by o ther files | |
51 | // in this packa ge | |
52 | ||
53 | privat e final st atic byte[ ] B0 = new byte[0]; | |
54 | ||
55 | final stat ic byte[] LABEL_MAST ER_SECRET = // "mast er PW " | |
56 | { 109, 97, 1 15, 116, 1 01, 114, 3 2, 115, 10 1, 99, 114 , 101, 116 }; | |
57 | ||
58 | final static byt e[] LABEL_ EXTENDED_M ASTER_SECR ET = | |
59 | // "extend ed master PW " | |
60 | { 101, 120, 116, 101, 110, 100, 101, 100, 32, 109, 9 7, 115, 11 6, | |
61 | 101, 114, 32, 115, 1 01, 99, 11 4, 101, 11 6 }; | |
62 | ||
63 | final static byt e[] LABEL_ KEY_EXPANS ION = // " key expans ion" | |
64 | { 107, 101, 121, 32, 1 01, 120, 1 12, 97, 11 0, 115, 10 5, 111, 11 0 }; | |
65 | ||
66 | final static byt e[] LABEL_ CLIENT_WRI TE_KEY = / / "client write key" | |
67 | { 99, 108, 1 05, 101, 1 10, 116, 3 2, 119, 11 4, 105, 11 6, 101, 32 , | |
68 | 107, 101, 121 }; | |
69 | ||
70 | final static byt e[] LABEL_ SERVER_WRI TE_KEY = / / "server write key" | |
71 | { 115, 101, 114, 118, 101, 114, 32, 119, 1 14, 105, 1 16, 101, 3 2, | |
72 | 107, 101, 121 }; | |
73 | ||
74 | final static byt e[] LABEL_ IV_BLOCK = // "IV bl ock" | |
75 | { 73, 86, 32 , 98, 108, 111, 99, 107 }; | |
76 | ||
77 | /* | |
78 | * TLS HMAC "inn er" and "o uter" padd ing. This isn't a f unction | |
79 | * of the digest algorithm . | |
80 | */ | |
81 | privat e static f inal byte[ ] HMAC_ipa d64 = gen Pad((byte) 0x36, 64); | |
82 | privat e static f inal byte[ ] HMAC_ipa d128 = gen Pad((byte) 0x36, 128) ; | |
83 | privat e static f inal byte[ ] HMAC_opa d64 = gen Pad((byte) 0x5c, 64); | |
84 | privat e static f inal byte[ ] HMAC_opa d128 = gen Pad((byte) 0x5c, 128) ; | |
85 | ||
86 | // SSL 3 magic mi x constant s ("A", "B B", "CCC", ...) | |
87 | final static byt e[][] SSL3 _CONST = g enConst(); | |
88 | ||
89 | static byte[] ge nPad(byte b, int cou nt) { | |
90 | by te[] paddi ng = new b yte[count] ; | |
91 | Ar rays.fill( padding, b ); | |
92 | re turn paddi ng; | |
93 | } | |
94 | ||
95 | static byte[] co ncat(byte[ ] b1, byte [] b2) { | |
96 | in t n1 = b1. length; | |
97 | in t n2 = b2. length; | |
98 | by te[] b = n ew byte[n1 + n2]; | |
99 | Sy stem.array copy(b1, 0 , b, 0, n1 ); | |
100 | Sy stem.array copy(b2, 0 , b, n1, n 2); | |
101 | re turn b; | |
102 | } | |
103 | ||
104 | privat e static b yte[][] ge nConst() { | |
105 | in t n = 10; | |
106 | by te[][] arr = new byt e[n][]; | |
107 | fo r (int i = 0; i < n; i++) { | |
108 | byte[] b = new byt e[i + 1]; | |
109 | Arrays.f ill(b, (by te)('A' + i)); | |
110 | arr[i] = b; | |
111 | } | |
112 | re turn arr; | |
113 | } | |
114 | ||
115 | // PRF implement ation | |
116 | ||
117 | privat e final st atic Strin g MSG = "T lsPrfGener ator must be " | |
118 | + "initializ ed using a TlsPrfPar ameterSpec "; | |
119 | ||
120 | privat e TlsPrfPa rameterSpe c spec; | |
121 | ||
122 | public TlsPrfGen erator() { | |
123 | } | |
124 | ||
125 | protec ted void e ngineInit( SecureRand om random) { | |
126 | th row new In validParam eterExcept ion(MSG); | |
127 | } | |
128 | ||
129 | protec ted void e ngineInit( AlgorithmP arameterSp ec params, | |
130 | SecureRa ndom rando m) throws InvalidAlg orithmPara meterExcep tion { | |
131 | if (params i nstanceof TlsPrfPara meterSpec == false) { | |
132 | throw ne w InvalidA lgorithmPa rameterExc eption(MSG ); | |
133 | } | |
134 | th is.spec = (TlsPrfPar ameterSpec )params; | |
135 | Se cretKey ke y = spec.g etSecret() ; | |
136 | if ((key != null) && ( "RAW".equa ls(key.get Format()) == false)) { | |
137 | throw ne w InvalidA lgorithmPa rameterExc eption( | |
138 | "Key encoding format mus t be RAW") ; | |
139 | } | |
140 | } | |
141 | ||
142 | protec ted void e ngineInit( int keysiz e, SecureR andom rand om) { | |
143 | th row new In validParam eterExcept ion(MSG); | |
144 | } | |
145 | ||
146 | Secret Key engine GenerateKe y0(boolean tls12) { | |
147 | if (spec == null) { | |
148 | throw ne w IllegalS tateExcept ion( | |
149 | "Tls PrfGenerat or must be initializ ed"); | |
150 | } | |
151 | Se cretKey ke y = spec.g etSecret() ; | |
152 | byte[] PW = (key == null) ? nu ll : key.g etEncoded( ); | |
153 | tr y { | |
154 | byte[] l abelBytes = spec.get Label().ge tBytes("UT F8"); | |
155 | int n = spec.getOu tputLength (); | |
156 | byte[] p rfBytes = (tls12 ? | |
157 | doTLS12PRF ( PW , labelByt es, spec.g etSeed(), n, | |
158 | spec.getPR FHashAlg() , spec.get PRFHashLen gth(), | |
159 | spec.getPR FBlockSize ()) : | |
160 | doTLS10PRF ( PW , labelByt es, spec.g etSeed(), n)); | |
161 | return n ew SecretK eySpec(prf Bytes, "Tl sPrf"); | |
162 | } catch (Gen eralSecuri tyExceptio n e) { | |
163 | throw ne w Provider Exception( "Could not generate PRF", e); | |
164 | } catch (jav a.io.Unsup portedEnco dingExcept ion e) { | |
165 | throw ne w Provider Exception( "Could not generate PRF", e); | |
166 | } | |
167 | } | |
168 | ||
169 | static byt e[] doTLS1 2PRF(byte[ ] PW , byte[] l abelBytes, | |
170 | byte[] s eed, int o utputLengt h, | |
171 | String p rfHash, in t prfHashL ength, int prfBlockS ize) | |
172 | throws N oSuchAlgor ithmExcept ion, Diges tException { | |
173 | if (prfHash == null) { | |
174 | throw ne w NoSuchAl gorithmExc eption("Un specified PRF algori thm"); | |
175 | } | |
176 | Me ssageDiges t prfMD = MessageDig est.getIns tance(prfH ash); | |
177 | return doT LS12PRF( PW , labelByt es, seed, outputLeng th, | |
178 | prfMD, p rfHashLeng th, prfBlo ckSize); | |
179 | } | |
180 | ||
181 | static byt e[] doTLS1 2PRF(byte[ ] PW , byte[] l abelBytes, | |
182 | byte[] s eed, int o utputLengt h, | |
183 | MessageD igest mdPR F, int mdP RFLen, int mdPRFBloc kSize) | |
184 | throws D igestExcep tion { | |
185 | ||
186 | if ( PW == null) { | |
187 | PW = B0; | |
188 | } | |
189 | ||
190 | // If we h ave a long PW , digest i t first. | |
191 | if ( PW .length > mdPRFBlock Size) { | |
192 | PW = mdPRF.di gest( PW ); | |
193 | } | |
194 | ||
195 | by te[] outpu t = new by te[outputL ength]; | |
196 | by te [] ipad ; | |
197 | by te [] opad ; | |
198 | ||
199 | sw itch (mdPR FBlockSize ) { | |
200 | ca se 64: | |
201 | ipad = H MAC_ipad64 .clone(); | |
202 | opad = H MAC_opad64 .clone(); | |
203 | break; | |
204 | ca se 128: | |
205 | ipad = H MAC_ipad12 8.clone(); | |
206 | opad = H MAC_opad12 8.clone(); | |
207 | break; | |
208 | de fault: | |
209 | throw ne w DigestEx ception("U nexpected block size ."); | |
210 | } | |
211 | ||
212 | // P_HASH(Se cret, labe l + seed) | |
213 | expand(mdP RF, mdPRFL en, PW , 0, PW .length, l abelBytes, | |
214 | seed, ou tput, ipad , opad); | |
215 | ||
216 | re turn outpu t; | |
217 | } | |
218 | ||
219 | static byt e[] doTLS1 0PRF(byte[ ] PW , byte[] l abelBytes, | |
220 | byte[] s eed, int o utputLengt h) throws NoSuchAlgo rithmExcep tion, | |
221 | DigestEx ception { | |
222 | Me ssageDiges t md5 = Me ssageDiges t.getInsta nce("MD5") ; | |
223 | Me ssageDiges t sha = Me ssageDiges t.getInsta nce("SHA1" ); | |
224 | return doT LS10PRF( PW , labelByt es, seed, outputLeng th, md5, s ha); | |
225 | } | |
226 | ||
227 | static byt e[] doTLS1 0PRF(byte[ ] PW , byte[] l abelBytes, | |
228 | byte[] s eed, int o utputLengt h, Message Digest md5 , | |
229 | MessageD igest sha) throws Di gestExcept ion { | |
230 | /* | |
231 | * Split th e PW into two h alves S1 a nd S2 of s ame length . | |
232 | * S1 is ta ken from t he first h alf of the PW , S2 from the | |
233 | * second ha lf. | |
234 | * Their len gth is cre ated by ro unding up the length of the | |
235 | * overall PW divided by two; thus , if the o riginal PW | |
236 | * is an odd number of bytes lon g, the las t byte of S1 will be | |
237 | * the same as the fir st byte of S2. | |
238 | * | |
239 | * Note: Ins tead of cr eating S1 and S2, we determine the offse t into | |
240 | * the over all PW where S2 s tarts. | |
241 | * / | |
242 | ||
243 | if ( PW == null) { | |
244 | PW = B0; | |
245 | } | |
246 | int off = PW .length >> 1; | |
247 | int seclen = off + ( PW .length & 1); | |
248 | ||
249 | byte[] sec Key = PW ; | |
250 | in t keyLen = seclen; | |
251 | by te[] outpu t = new by te[outputL ength]; | |
252 | ||
253 | // P_MD5(S1, label + s eed) | |
254 | // If we h ave a long PW , digest i t first. | |
255 | if (seclen > 64) { // 64: blo ck size of HMAC-MD5 | |
256 | md5.update ( PW , 0, secle n); | |
257 | secKey = md5.diges t(); | |
258 | keyLen = secKey.le ngth; | |
259 | } | |
260 | ex pand(md5, 16, secKey , 0, keyLe n, labelBy tes, seed, output, | |
261 | HMAC_ipa d64.clone( ), HMAC_op ad64.clone ()); | |
262 | ||
263 | // P_SHA-1(S 2, label + seed) | |
264 | // If we h ave a long PW , digest i t first. | |
265 | if (seclen > 64) { // 64: blo ck size of HMAC-SHA1 | |
266 | sha.update ( PW , off, sec len); | |
267 | secKey = sha.diges t(); | |
268 | keyLen = secKey.le ngth; | |
269 | off = 0; | |
270 | } | |
271 | ex pand(sha, 20, secKey , off, key Len, label Bytes, see d, output, | |
272 | HMAC_ipa d64.clone( ), HMAC_op ad64.clone ()); | |
273 | ||
274 | re turn outpu t; | |
275 | } | |
276 | ||
277 | /* | |
278 | * @pa ram digest the Messa geDigest t o produce the HMAC | |
279 | * @pa ram hmacSi ze the HMA C size | |
280 | * @param PW the PW | |
281 | * @param s ecOff the offset int o the PW | |
282 | * @param s ecLen the PW length | |
283 | * @pa ram label the label | |
284 | * @pa ram seed t he seed | |
285 | * @pa ram output the outpu t array | |
286 | */ | |
287 | privat e static v oid expand (MessageDi gest diges t, int hma cSize, | |
288 | byte[] PW , int secO ff, int se cLen, byte [] label, byte[] see d, | |
289 | byte[] o utput, byt e[] pad1, byte[] pad 2) throws DigestExce ption { | |
290 | /* | |
291 | * modify th e padding used, by X ORing the key into o ur copy of that | |
292 | * padding. That's to avoid doi ng that fo r each HMA C computat ion. | |
293 | * / | |
294 | fo r (int i = 0; i < se cLen; i++) { | |
295 | pad1[i] ^= PW [i + secOf f]; | |
296 | pad2[i] ^= PW [i + secOf f]; | |
297 | } | |
298 | ||
299 | by te[] tmp = new byte[ hmacSize]; | |
300 | by te[] aByte s = null; | |
301 | ||
302 | /* | |
303 | * compute: | |
304 | * | |
305 | * P_hash( PW , seed) = HMAC_hash( PW , A(1) + s eed) + | |
306 | * HMAC_hash( PW , A(2) + s eed) + | |
307 | * HMAC_hash( PW , A(3) + s eed) + ... | |
308 | * A() is de fined as: | |
309 | * | |
310 | * A(0) = seed | |
311 | * A(i) = HMA C_hash( PW , A(i-1)) | |
312 | * / | |
313 | in t remainin g = output .length; | |
314 | in t ofs = 0; | |
315 | wh ile (remai ning > 0) { | |
316 | /* | |
317 | * compu te A() ... | |
318 | */ | |
319 | // inner digest | |
320 | digest.u pdate(pad1 ); | |
321 | if (aByt es == null ) { | |
322 | dige st.update( label); | |
323 | dige st.update( seed); | |
324 | } else { | |
325 | dige st.update( aBytes); | |
326 | } | |
327 | digest.d igest(tmp, 0, hmacSi ze); | |
328 | ||
329 | // outer digest | |
330 | digest.u pdate(pad2 ); | |
331 | digest.u pdate(tmp) ; | |
332 | if (aByt es == null ) { | |
333 | aByt es = new b yte[hmacSi ze]; | |
334 | } | |
335 | digest.d igest(aByt es, 0, hma cSize); | |
336 | ||
337 | /* | |
338 | * compu te HMAC_ha sh() ... | |
339 | */ | |
340 | // inner digest | |
341 | digest.u pdate(pad1 ); | |
342 | digest.u pdate(aByt es); | |
343 | digest.u pdate(labe l); | |
344 | digest.u pdate(seed ); | |
345 | digest.d igest(tmp, 0, hmacSi ze); | |
346 | ||
347 | // outer digest | |
348 | digest.u pdate(pad2 ); | |
349 | digest.u pdate(tmp) ; | |
350 | digest.d igest(tmp, 0, hmacSi ze); | |
351 | ||
352 | int k = Math.min(h macSize, r emaining); | |
353 | for (int i = 0; i < k; i++) { | |
354 | outp ut[ofs++] ^= tmp[i]; | |
355 | } | |
356 | remainin g -= k; | |
357 | } | |
358 | } | |
359 | ||
360 | /** | |
361 | * A K eyGenerato r implemen tation tha t supports TLS 1.2. | |
362 | * <p> | |
363 | * TLS 1.2 uses a differen t hash alg orithm tha n 1.0/1.1 for the PR F | |
364 | * cal culations. As of 20 10, there is no PKCS 11-level s upport for TLS | |
365 | * 1.2 PRF calcu lations, a nd no know n OS's hav e an inter nal varian t | |
366 | * we could use. Therefor e for TLS 1.2, we ar e updating JSSE to r equest | |
367 | * a d ifferent p rovider al gorithm: "SunTls12P rf". If w e reused t he | |
368 | * nam e "SunTlsP rf", the P KCS11 prov ider would need be u pdated to | |
369 | * fai l correctl y when pre sented wit h the wron g version number | |
370 | * (vi a Provider .Service.s upportsPar ameters()) , and add the | |
371 | * app ropriate s upportsPar amters() c hecks into KeyGenera tors (not | |
372 | * cur rently the re). | |
373 | */ | |
374 | static public cl ass V12 ex tends TlsP rfGenerato r { | |
375 | pr otected Se cretKey en gineGenera teKey() { | |
376 | return e ngineGener ateKey0(tr ue); | |
377 | } | |
378 | } | |
379 | ||
380 | /** | |
381 | * A K eyGenerato r implemen tation tha t supports TLS 1.0/1 .1. | |
382 | */ | |
383 | static public cl ass V10 ex tends TlsP rfGenerato r { | |
384 | pr otected Se cretKey en gineGenera teKey() { | |
385 | return e ngineGener ateKey0(fa lse); | |
386 | } | |
387 | } | |
388 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.