Skip to content

Commit 2241bf8

Browse files
wangweijwangweij
committed
materials
1 parent b55c035 commit 2241bf8

File tree

1 file changed

+79
-62
lines changed

1 file changed

+79
-62
lines changed

src/java.base/share/classes/com/sun/crypto/provider/TlsKeyMaterialGenerator.java

Lines changed: 79 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ private SecretKey engineGenerateKey0(byte[] masterSecret) throws GeneralSecurity
119119
int keyBlockLen = macLength + keyLength
120120
+ (isExportable ? 0 : ivLength);
121121
keyBlockLen <<= 1;
122-
byte[] keyBlock = new byte[keyBlockLen];
122+
byte[] keyBlock;
123123

124124
// These may be used again later for exportable suite calculations.
125125
MessageDigest md5 = null;
@@ -182,6 +182,8 @@ private SecretKey engineGenerateKey0(byte[] masterSecret) throws GeneralSecurity
182182
System.arraycopy(keyBlock, ofs, tmp, 0, macLength);
183183
ofs += macLength;
184184
serverMacKey = new SecretKeySpec(tmp, "Mac");
185+
186+
Arrays.fill(tmp, (byte)0);
185187
}
186188

187189
if (keyLength == 0) { // SSL_RSA_WITH_NULL_* ciphersuites
@@ -199,82 +201,97 @@ private SecretKey engineGenerateKey0(byte[] masterSecret) throws GeneralSecurity
199201
System.arraycopy(keyBlock, ofs, serverKeyBytes, 0, keyLength);
200202
ofs += keyLength;
201203

202-
if (isExportable == false) {
203-
// cipher keys
204-
clientCipherKey = new SecretKeySpec(clientKeyBytes, alg);
205-
serverCipherKey = new SecretKeySpec(serverKeyBytes, alg);
206-
207-
// IV keys if needed.
208-
if (ivLength != 0) {
209-
byte[] tmp = new byte[ivLength];
210-
211-
System.arraycopy(keyBlock, ofs, tmp, 0, ivLength);
212-
ofs += ivLength;
213-
clientIv = new IvParameterSpec(tmp);
214-
215-
System.arraycopy(keyBlock, ofs, tmp, 0, ivLength);
216-
ofs += ivLength;
217-
serverIv = new IvParameterSpec(tmp);
218-
}
219-
} else {
220-
// if exportable suites, calculate the alternate
221-
// cipher key expansion and IV generation
222-
if (protocolVersion >= 0x0302) {
223-
// TLS 1.1+
224-
throw new RuntimeException(
225-
"Internal Error: TLS 1.1+ should not be negotiating" +
226-
"exportable ciphersuites");
227-
} else if (protocolVersion == 0x0301) {
228-
// TLS 1.0
229-
byte[] seed = concat(clientRandom, serverRandom);
230-
231-
byte[] tmp = doTLS10PRF(clientKeyBytes,
232-
LABEL_CLIENT_WRITE_KEY, seed, expandedKeyLength, md5, sha);
233-
clientCipherKey = new SecretKeySpec(tmp, alg);
234-
235-
tmp = doTLS10PRF(serverKeyBytes, LABEL_SERVER_WRITE_KEY, seed,
236-
expandedKeyLength, md5, sha);
237-
serverCipherKey = new SecretKeySpec(tmp, alg);
204+
try {
205+
if (isExportable == false) {
206+
// cipher keys
207+
clientCipherKey = new SecretKeySpec(clientKeyBytes, alg);
208+
serverCipherKey = new SecretKeySpec(serverKeyBytes, alg);
238209

210+
// IV keys if needed.
239211
if (ivLength != 0) {
240-
tmp = new byte[ivLength];
241-
byte[] block = doTLS10PRF(null, LABEL_IV_BLOCK, seed,
242-
ivLength << 1, md5, sha);
243-
System.arraycopy(block, 0, tmp, 0, ivLength);
212+
byte[] tmp = new byte[ivLength];
213+
214+
System.arraycopy(keyBlock, ofs, tmp, 0, ivLength);
215+
ofs += ivLength;
244216
clientIv = new IvParameterSpec(tmp);
245-
System.arraycopy(block, ivLength, tmp, 0, ivLength);
217+
218+
System.arraycopy(keyBlock, ofs, tmp, 0, ivLength);
219+
ofs += ivLength;
246220
serverIv = new IvParameterSpec(tmp);
247221
}
248222
} else {
249-
// SSLv3
250-
byte[] tmp = new byte[expandedKeyLength];
251-
252-
md5.update(clientKeyBytes);
253-
md5.update(clientRandom);
254-
md5.update(serverRandom);
255-
System.arraycopy(md5.digest(), 0, tmp, 0, expandedKeyLength);
256-
clientCipherKey = new SecretKeySpec(tmp, alg);
257-
258-
md5.update(serverKeyBytes);
259-
md5.update(serverRandom);
260-
md5.update(clientRandom);
261-
System.arraycopy(md5.digest(), 0, tmp, 0, expandedKeyLength);
262-
serverCipherKey = new SecretKeySpec(tmp, alg);
223+
// if exportable suites, calculate the alternate
224+
// cipher key expansion and IV generation
225+
if (protocolVersion >= 0x0302) {
226+
// TLS 1.1+
227+
throw new RuntimeException(
228+
"Internal Error: TLS 1.1+ should not be negotiating" +
229+
"exportable ciphersuites");
230+
} else if (protocolVersion == 0x0301) {
231+
// TLS 1.0
232+
byte[] seed = concat(clientRandom, serverRandom);
233+
234+
byte[] tmp = doTLS10PRF(clientKeyBytes,
235+
LABEL_CLIENT_WRITE_KEY, seed, expandedKeyLength, md5, sha);
236+
clientCipherKey = new SecretKeySpec(tmp, alg);
237+
Arrays.fill(tmp, (byte) 0);
238+
239+
tmp = doTLS10PRF(serverKeyBytes, LABEL_SERVER_WRITE_KEY, seed,
240+
expandedKeyLength, md5, sha);
241+
serverCipherKey = new SecretKeySpec(tmp, alg);
242+
Arrays.fill(tmp, (byte) 0);
263243

264-
if (ivLength != 0) {
265-
tmp = new byte[ivLength];
244+
if (ivLength != 0) {
245+
tmp = new byte[ivLength];
246+
byte[] block = doTLS10PRF(null, LABEL_IV_BLOCK, seed,
247+
ivLength << 1, md5, sha);
248+
System.arraycopy(block, 0, tmp, 0, ivLength);
249+
clientIv = new IvParameterSpec(tmp);
250+
System.arraycopy(block, ivLength, tmp, 0, ivLength);
251+
serverIv = new IvParameterSpec(tmp);
252+
}
253+
} else {
254+
// SSLv3
255+
byte[] tmp = new byte[expandedKeyLength];
256+
byte[] digest;
266257

258+
md5.update(clientKeyBytes);
267259
md5.update(clientRandom);
268260
md5.update(serverRandom);
269-
System.arraycopy(md5.digest(), 0, tmp, 0, ivLength);
270-
clientIv = new IvParameterSpec(tmp);
261+
digest = md5.digest();
262+
System.arraycopy(digest, 0, tmp, 0, expandedKeyLength);
263+
clientCipherKey = new SecretKeySpec(tmp, alg);
264+
Arrays.fill(digest, (byte) 0);
271265

266+
md5.update(serverKeyBytes);
272267
md5.update(serverRandom);
273268
md5.update(clientRandom);
274-
System.arraycopy(md5.digest(), 0, tmp, 0, ivLength);
275-
serverIv = new IvParameterSpec(tmp);
269+
digest = md5.digest();
270+
System.arraycopy(digest, 0, tmp, 0, expandedKeyLength);
271+
serverCipherKey = new SecretKeySpec(tmp, alg);
272+
Arrays.fill(digest, (byte) 0);
273+
274+
Arrays.fill(tmp, (byte) 0);
275+
276+
if (ivLength != 0) {
277+
tmp = new byte[ivLength];
278+
279+
md5.update(clientRandom);
280+
md5.update(serverRandom);
281+
System.arraycopy(md5.digest(), 0, tmp, 0, ivLength);
282+
clientIv = new IvParameterSpec(tmp);
283+
284+
md5.update(serverRandom);
285+
md5.update(clientRandom);
286+
System.arraycopy(md5.digest(), 0, tmp, 0, ivLength);
287+
serverIv = new IvParameterSpec(tmp);
288+
}
276289
}
277290
}
291+
} finally {
292+
Arrays.fill(serverKeyBytes, (byte) 0);
293+
Arrays.fill(clientKeyBytes, (byte) 0);
294+
Arrays.fill(keyBlock, (byte) 0);
278295
}
279296

280297
return new TlsKeyMaterialSpec(clientMacKey, serverMacKey,

0 commit comments

Comments
 (0)