Path: blob/master/src/java.base/share/classes/sun/security/internal/spec/TlsKeyMaterialParameterSpec.java
41161 views
/*1* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.internal.spec;2627import java.security.spec.AlgorithmParameterSpec;2829import javax.crypto.SecretKey;3031/**32* Parameters for SSL/TLS key material generation.33* This class is used to initialize KeyGenerator of the type34* "TlsKeyMaterial". The keys returned by such KeyGenerators will be35* instances of {@link TlsKeyMaterialSpec}.36*37* <p>Instances of this class are immutable.38*39* @since 1.640* @author Andreas Sterbenz41* @deprecated Sun JDK internal use only --- WILL BE REMOVED in a future42* release.43*/44@Deprecated45public class TlsKeyMaterialParameterSpec implements AlgorithmParameterSpec {4647private final SecretKey masterSecret;48private final int majorVersion, minorVersion;49private final byte[] clientRandom, serverRandom;50private final String cipherAlgorithm;51private final int cipherKeyLength, ivLength, macKeyLength;52private final int expandedCipherKeyLength; // == 0 for domestic ciphersuites53private final String prfHashAlg;54private final int prfHashLength;55private final int prfBlockSize;5657/**58* Constructs a new TlsKeyMaterialParameterSpec.59*60* @param masterSecret the master secret61* @param majorVersion the major number of the protocol version62* @param minorVersion the minor number of the protocol version63* @param clientRandom the client's random value64* @param serverRandom the server's random value65* @param cipherAlgorithm the algorithm name of the cipher keys to66* be generated67* @param cipherKeyLength if 0, no cipher keys will be generated;68* otherwise, the length in bytes of cipher keys to be69* generated for domestic cipher suites; for cipher suites defined as70* exportable, the number of key material bytes to be generated;71* @param expandedCipherKeyLength 0 for domestic cipher suites; for72* exportable cipher suites the length in bytes of the key to be73* generated.74* @param ivLength the length in bytes of the initialization vector75* to be generated, or 0 if no initialization vector is required76* @param macKeyLength the length in bytes of the MAC key to be generated77* @param prfHashAlg the name of the TLS PRF hash algorithm to use.78* Used only for TLS 1.2+. TLS1.1 and earlier use a fixed PRF.79* @param prfHashLength the output length of the TLS PRF hash algorithm.80* Used only for TLS 1.2+.81* @param prfBlockSize the input block size of the TLS PRF hash algorithm.82* Used only for TLS 1.2+.83*84* @throws NullPointerException if masterSecret, clientRandom,85* serverRandom, or cipherAlgorithm are null86* @throws IllegalArgumentException if the algorithm of masterSecret is87* not TlsMasterSecret, or if majorVersion or minorVersion are88* negative or larger than 255; or if cipherKeyLength, expandedKeyLength,89* ivLength, or macKeyLength are negative90*/91public TlsKeyMaterialParameterSpec(SecretKey masterSecret,92int majorVersion, int minorVersion, byte[] clientRandom,93byte[] serverRandom, String cipherAlgorithm, int cipherKeyLength,94int expandedCipherKeyLength, int ivLength, int macKeyLength,95String prfHashAlg, int prfHashLength, int prfBlockSize) {96if (masterSecret.getAlgorithm().equals("TlsMasterSecret") == false) {97throw new IllegalArgumentException("Not a TLS master secret");98}99if (cipherAlgorithm == null) {100throw new NullPointerException();101}102this.masterSecret = masterSecret;103this.majorVersion =104TlsMasterSecretParameterSpec.checkVersion(majorVersion);105this.minorVersion =106TlsMasterSecretParameterSpec.checkVersion(minorVersion);107this.clientRandom = clientRandom.clone();108this.serverRandom = serverRandom.clone();109this.cipherAlgorithm = cipherAlgorithm;110this.cipherKeyLength = checkSign(cipherKeyLength);111this.expandedCipherKeyLength = checkSign(expandedCipherKeyLength);112this.ivLength = checkSign(ivLength);113this.macKeyLength = checkSign(macKeyLength);114this.prfHashAlg = prfHashAlg;115this.prfHashLength = prfHashLength;116this.prfBlockSize = prfBlockSize;117}118119private static int checkSign(int k) {120if (k < 0) {121throw new IllegalArgumentException("Value must not be negative");122}123return k;124}125126/**127* Returns the master secret.128*129* @return the master secret.130*/131public SecretKey getMasterSecret() {132return masterSecret;133}134135/**136* Returns the major version number.137*138* @return the major version number.139*/140public int getMajorVersion() {141return majorVersion;142}143144/**145* Returns the minor version number.146*147* @return the minor version number.148*/149public int getMinorVersion() {150return minorVersion;151}152153/**154* Returns a copy of the client's random value.155*156* @return a copy of the client's random value.157*/158public byte[] getClientRandom() {159return clientRandom.clone();160}161162/**163* Returns a copy of the server's random value.164*165* @return a copy of the server's random value.166*/167public byte[] getServerRandom() {168return serverRandom.clone();169}170171/**172* Returns the cipher algorithm.173*174* @return the cipher algorithm.175*/176public String getCipherAlgorithm() {177return cipherAlgorithm;178}179180/**181* Returns the length in bytes of the encryption key to be generated.182*183* @return the length in bytes of the encryption key to be generated.184*/185public int getCipherKeyLength() {186return cipherKeyLength;187}188189/**190* Returns the length in bytes of the expanded encryption key to be191* generated. Returns zero if the expanded encryption key is not192* supposed to be generated.193*194* @return the length in bytes of the expanded encryption key to be195* generated.196*/197public int getExpandedCipherKeyLength() {198// TLS v1.1 disables the exportable weak cipher suites.199if (majorVersion >= 0x03 && minorVersion >= 0x02) {200return 0;201}202return expandedCipherKeyLength;203}204205/**206* Returns the length in bytes of the initialization vector to be207* generated. Returns zero if the initialization vector is not208* supposed to be generated.209*210* @return the length in bytes of the initialization vector to be211* generated.212*/213public int getIvLength() {214return ivLength;215}216217/**218* Returns the length in bytes of the MAC key to be generated.219*220* @return the length in bytes of the MAC key to be generated.221*/222public int getMacKeyLength() {223return macKeyLength;224}225226/**227* Obtains the PRF hash algorithm to use in the PRF calculation.228*229* @return the hash algorithm.230*/231public String getPRFHashAlg() {232return prfHashAlg;233}234235/**236* Obtains the length of the PRF hash algorithm.237*238* @return the hash algorithm length.239*/240public int getPRFHashLength() {241return prfHashLength;242}243244/**245* Obtains the block size of the PRF hash algorithm.246*247* @return the hash algorithm block size248*/249public int getPRFBlockSize() {250return prfBlockSize;251}252}253254255