Пример #1
0
  public byte[] encodePlaintext(short type, byte[] plaintext, int offset, int len) {
    int blocksize = encryptCipher.getBlockSize();
    int padding_length = blocksize - 1 - ((len + writeMac.getSize()) % blocksize);

    boolean isTls =
        context.getServerVersion().getFullVersion() >= ProtocolVersion.TLSv10.getFullVersion();

    if (isTls) {
      // Add a random number of extra blocks worth of padding
      int maxExtraPadBlocks = (255 - padding_length) / blocksize;
      int actualExtraPadBlocks = chooseExtraPadBlocks(context.getSecureRandom(), maxExtraPadBlocks);
      padding_length += actualExtraPadBlocks * blocksize;
    }

    int totalsize = len + writeMac.getSize() + padding_length + 1;
    byte[] outbuf = new byte[totalsize];
    System.arraycopy(plaintext, offset, outbuf, 0, len);
    byte[] mac = writeMac.calculateMac(type, plaintext, offset, len);
    System.arraycopy(mac, 0, outbuf, len, mac.length);
    int paddoffset = len + mac.length;
    for (int i = 0; i <= padding_length; i++) {
      outbuf[i + paddoffset] = (byte) padding_length;
    }
    for (int i = 0; i < totalsize; i += blocksize) {
      encryptCipher.processBlock(outbuf, i, outbuf, i);
    }
    return outbuf;
  }
Пример #2
0
 protected AsymmetricCipherKeyPair generateECKeyPair(ECDomainParameters ecParams) {
   ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
   ECKeyGenerationParameters keyGenerationParameters =
       new ECKeyGenerationParameters(ecParams, context.getSecureRandom());
   keyPairGenerator.init(keyGenerationParameters);
   return keyPairGenerator.generateKeyPair();
 }
Пример #3
0
  public void generateClientKeyExchange(OutputStream os) throws IOException {
    /*
     * Choose a PremasterSecret and send it encrypted to the server
     */
    premasterSecret = new byte[48];
    context.getSecureRandom().nextBytes(premasterSecret);
    TlsUtils.writeVersion(premasterSecret, 0);

    PKCS1Encoding encoding = new PKCS1Encoding(new RSABlindedEngine());
    encoding.init(
        true, new ParametersWithRandom(this.rsaServerPublicKey, context.getSecureRandom()));

    try {
      byte[] keData = encoding.processBlock(premasterSecret, 0, premasterSecret.length);
      TlsUtils.writeUint24(keData.length + 2, os);
      TlsUtils.writeOpaque16(keData, os);
    } catch (InvalidCipherTextException e) {
      /*
       * This should never happen, only during decryption.
       */
      throw new TlsFatalAlert(AlertDescription.internal_error);
    }
  }
Пример #4
0
  public TlsBlockCipher(
      TlsClientContext context,
      BlockCipher encryptCipher,
      BlockCipher decryptCipher,
      Digest writeDigest,
      Digest readDigest,
      int cipherKeySize) {
    this.context = context;

    this.randomData = new byte[256];
    context.getSecureRandom().nextBytes(randomData);

    this.encryptCipher = encryptCipher;
    this.decryptCipher = decryptCipher;

    int key_block_size =
        (2 * cipherKeySize)
            + writeDigest.getDigestSize()
            + readDigest.getDigestSize()
            + encryptCipher.getBlockSize()
            + decryptCipher.getBlockSize();

    byte[] key_block = TlsUtils.calculateKeyBlock(context, key_block_size);

    int offset = 0;

    // Init MACs
    writeMac = new TlsMac(context, writeDigest, key_block, offset, writeDigest.getDigestSize());
    offset += writeDigest.getDigestSize();
    readMac = new TlsMac(context, readDigest, key_block, offset, readDigest.getDigestSize());
    offset += readDigest.getDigestSize();

    // Init Ciphers
    this.initCipher(
        true, encryptCipher, key_block, cipherKeySize, offset, offset + (cipherKeySize * 2));
    offset += cipherKeySize;
    this.initCipher(
        false,
        decryptCipher,
        key_block,
        cipherKeySize,
        offset,
        offset + cipherKeySize + encryptCipher.getBlockSize());
  }
Пример #5
0
  protected int checkPaddingConstantTime(byte[] buf, int off, int len, int blockSize, int macSize) {
    int end = off + len;
    byte lastByte = buf[end - 1];
    int padlen = lastByte & 0xff;
    int totalPad = padlen + 1;

    int dummyIndex = 0;
    byte padDiff = 0;

    boolean isTls =
        context.getServerVersion().getFullVersion() >= ProtocolVersion.TLSv10.getFullVersion();

    if ((!isTls && totalPad > blockSize) || (macSize + totalPad > len)) {
      totalPad = 0;
    } else {
      int padPos = end - totalPad;
      do {
        padDiff |= (buf[padPos++] ^ lastByte);
      } while (padPos < end);

      dummyIndex = totalPad;

      if (padDiff != 0) {
        totalPad = 0;
      }
    }

    // Run some extra dummy checks so the number of checks is always constant
    {
      byte[] dummyPad = randomData;
      while (dummyIndex < 256) {
        padDiff |= (dummyPad[dummyIndex++] ^ lastByte);
      }
      // Ensure the above loop is not eliminated
      dummyPad[0] ^= padDiff;
    }

    return totalPad;
  }
 protected AsymmetricCipherKeyPair generateDHKeyPair(DHParameters dhParams) {
   DHBasicKeyPairGenerator dhGen = new DHBasicKeyPairGenerator();
   dhGen.init(new DHKeyGenerationParameters(context.getSecureRandom(), dhParams));
   return dhGen.generateKeyPair();
 }