Class KeyUtil
- java.lang.Object
-
- es.gob.jmulticard.jse.provider.rsacipher.KeyUtil
-
final class KeyUtil extends java.lang.Object
Utilidad para claves RSA.
-
-
Constructor Summary
Constructors Constructor Description KeyUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description (package private) static byte[]
checkTlsPreMasterSecretKey(int clientVersion, int serverVersion, java.security.SecureRandom random, byte[] encoded, boolean isFailOver)
Check the format of TLS PreMasterSecret.
-
-
-
Method Detail
-
checkTlsPreMasterSecretKey
static byte[] checkTlsPreMasterSecretKey(int clientVersion, int serverVersion, java.security.SecureRandom random, byte[] encoded, boolean isFailOver)
Check the format of TLS PreMasterSecret.To avoid vulnerabilities described by section 7.4.7.1, RFC 5246, treating incorrectly formatted message blocks and/or mismatched version numbers in a manner indistinguishable from correctly formatted RSA blocks. RFC 5246 describes the approach as : 1. Generate a string R of 48 random bytes 2. Decrypt the message to recover the plaintext M 3. If the PKCS#1 padding is not correct, or the length of message M is not exactly 48 bytes: pre_master_secret = R else If ClientHello.client_version <= TLS 1.0, and version number check is explicitly disabled: premaster secret = M else If M[0..1] != ClientHello.client_version: premaster secret = R else: premaster secret = M Note that #2 should have completed before the call to this method.
- Parameters:
clientVersion
- the version of the TLS protocol by which the client wishes to communicate during this sessionserverVersion
- the negotiated version of the TLS protocol which contains the lower of that suggested by the client in the client hello and the highest supported by the server.encoded
- the encoded key in its "RAW" encoding formatisFailOver
- whether or not the previous decryption of the encrypted PreMasterSecret message run into problem- Returns:
- the polished PreMasterSecret key in its "RAW" encoding format
-
-