diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-06-21 09:31:40 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-06-21 09:31:40 +0400 |
commit | 4d7c9082fb44cf6001684653516de376bab989cf (patch) | |
tree | aa64c602d0dc6da4e04d46c7d29f7d21f4b14d25 /core/src/main/java/org/bouncycastle/crypto/tls | |
parent | a7cb987c48c55f4b7a6636da307350cc8a215988 (diff) |
Whitespace
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls')
3 files changed, 42 insertions, 45 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java b/core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java index ea7bea76..6eaa75e3 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.java @@ -9,8 +9,7 @@ import org.bouncycastle.crypto.params.AsymmetricKeyParameter; import org.bouncycastle.crypto.params.ParametersWithRandom; import org.bouncycastle.crypto.params.RSAKeyParameters; -public class DefaultTlsEncryptionCredentials - extends AbstractTlsEncryptionCredentials +public class DefaultTlsEncryptionCredentials extends AbstractTlsEncryptionCredentials { protected TlsContext context; protected Certificate certificate; @@ -58,7 +57,6 @@ public class DefaultTlsEncryptionCredentials public byte[] decryptPreMasterSecret(byte[] encryptedPreMasterSecret, byte[] fallback) throws IOException { - PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine(), fallback); encoding.init(false, new ParametersWithRandom(this.privateKey, context.getSecureRandom())); @@ -69,9 +67,9 @@ public class DefaultTlsEncryptionCredentials } catch (InvalidCipherTextException e) { - /* - * This should never happen, the decryption should always succeed, or return a random value. - */ + /* + * This should never happen, the decryption should always succeed, or return a random value. + */ throw new TlsFatalAlert(AlertDescription.illegal_parameter); } } diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsEncryptionCredentials.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsEncryptionCredentials.java index 292d4dbb..27b8e232 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsEncryptionCredentials.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsEncryptionCredentials.java @@ -2,8 +2,7 @@ package org.bouncycastle.crypto.tls; import java.io.IOException; -public interface TlsEncryptionCredentials - extends TlsCredentials +public interface TlsEncryptionCredentials extends TlsCredentials { byte[] decryptPreMasterSecret(byte[] encryptedPreMasterSecret, byte[] fallback) throws IOException; diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsRSAUtils.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsRSAUtils.java index 0a464593..1d680f01 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsRSAUtils.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsRSAUtils.java @@ -65,14 +65,14 @@ public class TlsRSAUtils * decryptPreMasterSecret, so we con't need to do something here. */ byte[] M = TlsUtils.EMPTY_BYTES; - - - /* - * Generate 48 random bytes we can use as a Pre-Master-Secret, if the - * PKCS1 padding check should fail. - */ + + + /* + * Generate 48 random bytes we can use as a Pre-Master-Secret, if the + * PKCS1 padding check should fail. + */ byte[] fallback = new byte[48]; - context.getSecureRandom().nextBytes(fallback); + context.getSecureRandom().nextBytes(fallback); try { @@ -83,7 +83,7 @@ public class TlsRSAUtils /* * This should never happen since the decryption should never throw an exception * and return a random value instead. - * + * * In any case, a TLS server MUST NOT generate an alert if processing an * RSA-encrypted premaster secret message fails, or the version number is not as * expected. Instead, it MUST continue the handshake with a randomly generated @@ -92,38 +92,38 @@ public class TlsRSAUtils } /* -- * If ClientHello.client_version is TLS 1.1 or higher, server implementations MUST -- * check the version number [..]. - */ + * If ClientHello.client_version is TLS 1.1 or higher, server implementations MUST + * check the version number [..]. + */ if (versionNumberCheckDisabled && clientVersion.isEqualOrEarlierVersionOf(ProtocolVersion.TLSv10)) { - /* - * If the version number is TLS 1.0 or earlier, server - * implementations SHOULD check the version number, but MAY have a - * configuration option to disable the check. - * - * So there is nothing to do here. - */ + /* + * If the version number is TLS 1.0 or earlier, server + * implementations SHOULD check the version number, but MAY have a + * configuration option to disable the check. + * + * So there is nothing to do here. + */ } else { - /* - * OK, we need to compare the version number in the decrypted - * Pre-Master-Secret with the clientVersion received during the - * handshake. If they don't match, we replace the decrypted - * Pre-Master-Secret with a random one. - */ - int correct = (clientVersion.getMajorVersion() ^ (M[0]&0xff)) | (clientVersion.getMinorVersion() ^ (M[1]&0xff)); - correct |= correct>>1; - correct |= correct>>2; - correct |= correct>>4; - int mask = ~((correct & 1) - 1); - - /* - * mask will be all bits set to 0xff if the version number differed. - */ - - for (int i = 0; i < 48; i++) { - M[i] = (byte)((M[i]&(~mask))|(fallback[i]&mask)); - } + /* + * OK, we need to compare the version number in the decrypted + * Pre-Master-Secret with the clientVersion received during the + * handshake. If they don't match, we replace the decrypted + * Pre-Master-Secret with a random one. + */ + int correct = (clientVersion.getMajorVersion() ^ (M[0]&0xff)) | (clientVersion.getMinorVersion() ^ (M[1]&0xff)); + correct |= correct>>1; + correct |= correct>>2; + correct |= correct>>4; + int mask = ~((correct & 1) - 1); + + /* + * mask will be all bits set to 0xff if the version number differed. + */ + + for (int i = 0; i < 48; i++) { + M[i] = (byte)((M[i]&(~mask))|(fallback[i]&mask)); + } } return M; } |