Class KeyUtil
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) static byte[]
checkTlsPreMasterSecretKey
(int clientVersion, int serverVersion, SecureRandom random, byte[] encoded, boolean isFailOver) Check the format of TLS PreMasterSecret.
-
Constructor Details
-
KeyUtil
KeyUtil()
-
-
Method Details
-
checkTlsPreMasterSecretKey
static byte[] checkTlsPreMasterSecretKey(int clientVersion, int serverVersion, SecureRandom random, byte[] encoded, boolean isFailOver) Check the format of TLS PreMasterSecret.To avoid vulnerabilities described by section 7.4.7.1, RFC 5246, treating incorrectly formatted message blocks and/or mismatched version numbers in a manner indistinguishable from correctly formatted RSA blocks. RFC 5246 describes the approach as : 1. Generate a string R of 48 random bytes 2. Decrypt the message to recover the plaintext M 3. If the PKCS#1 padding is not correct, or the length of message M is not exactly 48 bytes: pre_master_secret = R else If ClientHello.client_version <= TLS 1.0, and version number check is explicitly disabled: premaster secret = M else If M[0..1] != ClientHello.client_version: premaster secret = R else: premaster secret = M Note that #2 should have completed before the call to this method.
- Parameters:
clientVersion
- the version of the TLS protocol by which the client wishes to communicate during this sessionserverVersion
- the negotiated version of the TLS protocol which contains the lower of that suggested by the client in the client hello and the highest supported by the server.encoded
- the encoded key in its "RAW" encoding formatisFailOver
- whether or not the previous decryption of the encrypted PreMasterSecret message run into problem- Returns:
- the polished PreMasterSecret key in its "RAW" encoding format
-