diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-04-04 11:54:57 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-04-04 11:54:57 +0400 |
commit | 8d1167fac5920abc218a6bfa9f1ebc263462f8b3 (patch) | |
tree | fae818f9daee09a3ea3cfb93406ec027b2185085 /core/src/main/java/org/bouncycastle/crypto/tls | |
parent | 9c9a768735900610a339318bf38267c908fe8dd5 (diff) |
Use the TLS 1.0 PRF for the random block
Remove redundant Mac.init calls
Diffstat (limited to 'core/src/main/java/org/bouncycastle/crypto/tls')
7 files changed, 31 insertions, 19 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java index fb058e79..75b3b58d 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSClientProtocol.java @@ -32,7 +32,8 @@ public class DTLSClientProtocol SecurityParameters securityParameters = new SecurityParameters(); securityParameters.entity = ConnectionEnd.client; - securityParameters.clientRandom = TlsProtocol.createRandomBlock(client.shouldUseGMTUnixTime(), secureRandom); + securityParameters.clientRandom = TlsProtocol.createRandomBlock(client.shouldUseGMTUnixTime(), secureRandom, + ExporterLabel.client_random); ClientHandshakeState state = new ClientHandshakeState(); state.client = client; diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java index d6d6a8d9..c78cb95c 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java @@ -46,7 +46,8 @@ public class DTLSServerProtocol SecurityParameters securityParameters = new SecurityParameters(); securityParameters.entity = ConnectionEnd.server; - securityParameters.serverRandom = TlsProtocol.createRandomBlock(server.shouldUseGMTUnixTime(), secureRandom); + securityParameters.serverRandom = TlsProtocol.createRandomBlock(server.shouldUseGMTUnixTime(), secureRandom, + ExporterLabel.server_random); ServerHandshakeState state = new ServerHandshakeState(); state.server = server; diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/ExporterLabel.java b/core/src/main/java/org/bouncycastle/crypto/tls/ExporterLabel.java index 902720ac..851bffc6 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/ExporterLabel.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/ExporterLabel.java @@ -6,6 +6,12 @@ package org.bouncycastle.crypto.tls; public class ExporterLabel { /* + * BC-specific + */ + static final String client_random = "client random"; + static final String server_random = "server random"; + + /* * RFC 5246 */ public static final String client_finished = "client finished"; diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java index a51b788f..ed23230b 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClientProtocol.java @@ -74,7 +74,8 @@ public class TlsClientProtocol this.securityParameters = new SecurityParameters(); this.securityParameters.entity = ConnectionEnd.client; - this.securityParameters.clientRandom = createRandomBlock(tlsClient.shouldUseGMTUnixTime(), secureRandom); + this.securityParameters.clientRandom = createRandomBlock(tlsClient.shouldUseGMTUnixTime(), secureRandom, + ExporterLabel.client_random); this.tlsClientContext = new TlsClientContextImpl(secureRandom, securityParameters); this.tlsClient.init(tlsClientContext); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java index 6f09a0ff..088b753e 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsProtocol.java @@ -824,23 +824,19 @@ public abstract class TlsProtocol } } - protected static byte[] createRandomBlock(boolean useGMTUnixTime, SecureRandom random) + protected static byte[] createRandomBlock(boolean useGMTUnixTime, SecureRandom random, String asciiLabel) { /* - * We hash the SecureRandom output here to guard against RNGs where the raw output could be - * used to recover the internal state. + * We use the TLS 1.0 PRF on the SecureRandom output, to guard against RNGs where the raw + * output could be used to recover the internal state. */ - byte[] result = new byte[32]; - Digest d = TlsUtils.createHash(HashAlgorithm.sha256); + byte[] secret = new byte[32]; + random.nextBytes(secret); - TlsUtils.writeUint64(Times.nanoTime(), result, 0); - Strings.toByteArray("BouncyCastle TlsProtocol", result, 8); - d.update(result, 0, 32); + byte[] seed = new byte[8]; + TlsUtils.writeUint64(Times.nanoTime(), seed, 0); - random.nextBytes(result); - d.update(result, 0, 32); - - d.doFinal(result, 0); + byte[] result = TlsUtils.PRF_legacy(secret, asciiLabel, seed, 32); if (useGMTUnixTime) { diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java index c09e8050..44b4998c 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServerProtocol.java @@ -52,7 +52,8 @@ public class TlsServerProtocol this.securityParameters = new SecurityParameters(); this.securityParameters.entity = ConnectionEnd.server; - this.securityParameters.serverRandom = createRandomBlock(tlsServer.shouldUseGMTUnixTime(), secureRandom); + this.securityParameters.serverRandom = createRandomBlock(tlsServer.shouldUseGMTUnixTime(), secureRandom, + ExporterLabel.server_random); this.tlsServerContext = new TlsServerContextImpl(secureRandom, securityParameters); this.tlsServer.init(tlsServerContext); diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java index 9f5c4f32..c6cd5300 100644 --- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java +++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java @@ -850,6 +850,14 @@ public class TlsUtils return buf; } + public static byte[] PRF_legacy(byte[] secret, String asciiLabel, byte[] seed, int size) + { + byte[] label = Strings.toByteArray(asciiLabel); + byte[] labelSeed = concat(label, seed); + + return PRF_legacy(secret, label, labelSeed, size); + } + static byte[] PRF_legacy(byte[] secret, byte[] label, byte[] labelSeed, int size) { int s_half = (secret.length + 1) / 2; @@ -880,7 +888,7 @@ public class TlsUtils static void hmac_hash(Digest digest, byte[] secret, byte[] seed, byte[] out) { HMac mac = new HMac(digest); - KeyParameter param = new KeyParameter(secret); + mac.init(new KeyParameter(secret)); byte[] a = seed; int size = digest.getDigestSize(); int iterations = (out.length + size - 1) / size; @@ -888,11 +896,9 @@ public class TlsUtils byte[] buf2 = new byte[mac.getMacSize()]; for (int i = 0; i < iterations; i++) { - mac.init(param); mac.update(a, 0, a.length); mac.doFinal(buf, 0); a = buf; - mac.init(param); mac.update(a, 0, a.length); mac.update(seed, 0, seed.length); mac.doFinal(buf2, 0); |