diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-08 07:36:07 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2013-11-08 07:36:07 +0400 |
commit | 308cc3f5e3525ef94bbf6ac5b522275f37577a68 (patch) | |
tree | 9df4705f6da33a84a90341824de8c21ea3ecc1f7 /core/src/main/java/org/bouncycastle/crypto/tls | |
parent | cc6a790cde64d893ea5087c80c7a4af619e18f28 (diff) |
Call sealHashAlgorithms() call after server_hello_done sent/received
Refactor some of the calls around the handshake hash
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls')
6 files changed, 27 insertions, 28 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java index e446a8eb..7e3936e4 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java @@ -136,7 +136,7 @@ public class DTLSClientProtocol */ securityParameters.verifyDataLength = 12; - handshake.notifyHelloComplete(); + handshake.getHandshakeHash().notifyPRFDetermined(); boolean resumedSession = state.selectedSessionID.length > 0 && state.tlsSession != null && Arrays.areEqual(state.selectedSessionID, state.tlsSession.getSessionID()); @@ -255,7 +255,7 @@ public class DTLSClientProtocol throw new TlsFatalAlert(AlertDescription.unexpected_message); } - // TODO Seal the handshake hash list of digests + handshake.getHandshakeHash().sealHashAlgorithms(); Vector clientSupplementalData = state.client.getClientSupplementalData(); if (clientSupplementalData != null) diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSReliableHandshake.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSReliableHandshake.java index 05f7ceff..bd9e1cb5 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSReliableHandshake.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSReliableHandshake.java @@ -15,7 +15,7 @@ class DTLSReliableHandshake private final DTLSRecordLayer recordLayer; - private TlsHandshakeHash hash = new DeferredHash(); + private TlsHandshakeHash handshakeHash; private Hashtable currentInboundFlight = new Hashtable(); private Hashtable previousInboundFlight = null; @@ -27,18 +27,18 @@ class DTLSReliableHandshake DTLSReliableHandshake(TlsContext context, DTLSRecordLayer transport) { this.recordLayer = transport; - this.hash.init(context); + this.handshakeHash = new DeferredHash(); + this.handshakeHash.init(context); } - void notifyHelloComplete() + TlsHandshakeHash getHandshakeHash() { - this.hash = this.hash.notifyPRFDetermined(); - this.hash.sealHashAlgorithms(); + return handshakeHash; } byte[] getCurrentHash() { - Digest copyOfHash = hash.fork(); + Digest copyOfHash = handshakeHash.fork(); byte[] result = new byte[copyOfHash.getDigestSize()]; copyOfHash.doFinal(result, 0); return result; @@ -292,7 +292,7 @@ class DTLSReliableHandshake void resetHandshakeMessagesDigest() { - hash.reset(); + handshakeHash.reset(); } /** @@ -340,8 +340,8 @@ class DTLSReliableHandshake TlsUtils.writeUint16(message.getSeq(), buf, 4); TlsUtils.writeUint24(0, buf, 6); TlsUtils.writeUint24(body.length, buf, 9); - hash.update(buf, 0, buf.length); - hash.update(body, 0, body.length); + handshakeHash.update(buf, 0, buf.length); + handshakeHash.update(body, 0, body.length); } return message; } diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index 55355926..ed48df6f 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -125,7 +125,7 @@ public class DTLSServerProtocol handshake.sendMessage(HandshakeType.server_hello, serverHelloBody); } - handshake.notifyHelloComplete(); + handshake.getHandshakeHash().notifyPRFDetermined(); Vector serverSupplementalData = state.server.getServerSupplementalData(); if (serverSupplementalData != null) @@ -192,7 +192,7 @@ public class DTLSServerProtocol handshake.sendMessage(HandshakeType.server_hello_done, TlsUtils.EMPTY_BYTES); - // TODO Seal the handshake hash list of digests + handshake.getHandshakeHash().sealHashAlgorithms(); clientMessage = handshake.receiveMessage(); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java b/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java index 9c283763..0f7336c9 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/RecordStream.java @@ -23,7 +23,7 @@ class RecordStream private ByteArrayOutputStream buffer = new ByteArrayOutputStream(); private TlsContext context = null; - private TlsHandshakeHash hash = null; + private TlsHandshakeHash handshakeHash = null; private ProtocolVersion readVersion = null, writeVersion = null; private boolean restrictReadVersion = true; @@ -46,8 +46,8 @@ class RecordStream void init(TlsContext context) { this.context = context; - this.hash = new DeferredHash(); - this.hash.init(context); + this.handshakeHash = new DeferredHash(); + this.handshakeHash.init(context); } int getPlaintextLimit() @@ -89,12 +89,6 @@ class RecordStream this.restrictReadVersion = enabled; } - void notifyHelloComplete() - { - this.hash = this.hash.notifyPRFDetermined(); - this.hash.sealHashAlgorithms(); - } - void setPendingConnectionState(TlsCompression tlsCompression, TlsCipher tlsCipher) { this.pendingCompression = tlsCompression; @@ -286,9 +280,14 @@ class RecordStream output.flush(); } + TlsHandshakeHash getHandshakeHash() + { + return handshakeHash; + } + void updateHandshakeData(byte[] message, int offset, int len) { - hash.update(message, offset, len); + handshakeHash.update(message, offset, len); } /** @@ -296,7 +295,7 @@ class RecordStream */ byte[] getCurrentHash(byte[] sender) { - Digest d = hash.fork(); + Digest d = handshakeHash.fork(); if (TlsUtils.isSSL(context)) { diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index 7245421e..5561ed0a 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -250,7 +250,7 @@ public class TlsClientProtocol */ this.securityParameters.verifyDataLength = 12; - this.recordStream.notifyHelloComplete(); + this.recordStream.getHandshakeHash().notifyPRFDetermined(); if (this.resumedSession) { @@ -322,7 +322,7 @@ public class TlsClientProtocol this.connection_state = CS_SERVER_HELLO_DONE; - // TODO Seal the handshake hash list of digests + this.recordStream.getHandshakeHash().sealHashAlgorithms(); Vector clientSupplementalData = tlsClient.getClientSupplementalData(); if (clientSupplementalData != null) diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index b3eebc23..194f1234 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -171,7 +171,7 @@ public class TlsServerProtocol sendServerHelloDoneMessage(); this.connection_state = CS_SERVER_HELLO_DONE; - // TODO Seal the handshake hash list of digests + this.recordStream.getHandshakeHash().sealHashAlgorithms(); break; } @@ -728,7 +728,7 @@ public class TlsServerProtocol message.writeToRecordStream(); - recordStream.notifyHelloComplete(); + this.recordStream.getHandshakeHash().notifyPRFDetermined(); } protected void sendServerHelloDoneMessage() |