diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java | 70 |
1 files changed, 3 insertions, 67 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java index 24eec53..8970968 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/tls/TlsRSAKeyExchange.java @@ -40,7 +40,6 @@ public class TlsRSAKeyExchange public void processServerCredentials(TlsCredentials serverCredentials) throws IOException { - if (!(serverCredentials instanceof TlsEncryptionCredentials)) { throw new TlsFatalAlert(AlertDescription.internal_error); @@ -54,7 +53,6 @@ public class TlsRSAKeyExchange public void processServerCertificate(Certificate serverCertificate) throws IOException { - if (serverCertificate.isEmpty()) { throw new TlsFatalAlert(AlertDescription.bad_certificate); @@ -115,15 +113,14 @@ public class TlsRSAKeyExchange public void generateClientKeyExchange(OutputStream output) throws IOException { - this.premasterSecret = TlsRSAUtils.generateEncryptedPreMasterSecret(context, this.rsaServerPublicKey, output); + this.premasterSecret = TlsRSAUtils.generateEncryptedPreMasterSecret(context, rsaServerPublicKey, output); } public void processClientKeyExchange(InputStream input) throws IOException { - byte[] encryptedPreMasterSecret; - if (context.getServerVersion().isSSL()) + if (TlsUtils.isSSL(context)) { // TODO Do any SSLv3 clients actually include the length? encryptedPreMasterSecret = Streams.readAll(input); @@ -133,68 +130,7 @@ public class TlsRSAKeyExchange encryptedPreMasterSecret = TlsUtils.readOpaque16(input); } - ProtocolVersion clientVersion = context.getClientVersion(); - - /* - * RFC 5246 7.4.7.1. - */ - { - // TODO Provide as configuration option? - boolean versionNumberCheckDisabled = false; - - /* - * See notes regarding Bleichenbacher/Klima attack. The code here implements the first - * construction proposed there, which is RECOMMENDED. - */ - byte[] R = new byte[48]; - this.context.getSecureRandom().nextBytes(R); - - byte[] M = TlsUtils.EMPTY_BYTES; - try - { - M = serverCredentials.decryptPreMasterSecret(encryptedPreMasterSecret); - } - catch (Exception e) - { - /* - * In any case, a TLS server MUST NOT generate an alert if processing an - * RSA-encrypted premaster secret message fails, or the version number is not as - * expected. Instead, it MUST continue the handshake with a randomly generated - * premaster secret. - */ - } - - if (M.length != 48) - { - TlsUtils.writeVersion(clientVersion, R, 0); - this.premasterSecret = R; - } - else - { - /* - * If ClientHello.client_version is TLS 1.1 or higher, server implementations MUST - * check the version number [..]. - */ - if (versionNumberCheckDisabled && clientVersion.isEqualOrEarlierVersionOf(ProtocolVersion.TLSv10)) - { - /* - * If the version number is TLS 1.0 or earlier, server implementations SHOULD - * check the version number, but MAY have a configuration option to disable the - * check. - */ - } - else - { - /* - * Note that explicitly constructing the pre_master_secret with the - * ClientHello.client_version produces an invalid master_secret if the client - * has sent the wrong version in the original pre_master_secret. - */ - TlsUtils.writeVersion(clientVersion, M, 0); - } - this.premasterSecret = M; - } - } + this.premasterSecret = TlsRSAUtils.safeDecryptPreMasterSecret(context, serverCredentials, encryptedPreMasterSecret); } public byte[] generatePremasterSecret() |