/*
 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package sun.security.internal.spec;

import java.security.spec.AlgorithmParameterSpec;

import javax.crypto.SecretKey;

Parameters for SSL/TLS key material generation. This class is used to initialize KeyGenerator of the type "TlsKeyMaterial". The keys returned by such KeyGenerators will be instances of TlsKeyMaterialSpec.

Instances of this class are immutable.

Author: Andreas Sterbenz
Since: 1.6
Deprecated:Sun JDK internal use only --- WILL BE REMOVED in a future release.
/** * Parameters for SSL/TLS key material generation. * This class is used to initialize KeyGenerator of the type * "TlsKeyMaterial". The keys returned by such KeyGenerators will be * instances of {@link TlsKeyMaterialSpec}. * * <p>Instances of this class are immutable. * * @since 1.6 * @author Andreas Sterbenz * @deprecated Sun JDK internal use only --- WILL BE REMOVED in a future * release. */
@Deprecated public class TlsKeyMaterialParameterSpec implements AlgorithmParameterSpec { private final SecretKey masterSecret; private final int majorVersion, minorVersion; private final byte[] clientRandom, serverRandom; private final String cipherAlgorithm; private final int cipherKeyLength, ivLength, macKeyLength; private final int expandedCipherKeyLength; // == 0 for domestic ciphersuites private final String prfHashAlg; private final int prfHashLength; private final int prfBlockSize;
Constructs a new TlsKeyMaterialParameterSpec.
Params:
  • masterSecret – the master secret
  • majorVersion – the major number of the protocol version
  • minorVersion – the minor number of the protocol version
  • clientRandom – the client's random value
  • serverRandom – the server's random value
  • cipherAlgorithm – the algorithm name of the cipher keys to be generated
  • cipherKeyLength – if 0, no cipher keys will be generated; otherwise, the length in bytes of cipher keys to be generated for domestic cipher suites; for cipher suites defined as exportable, the number of key material bytes to be generated;
  • expandedCipherKeyLength – 0 for domestic cipher suites; for exportable cipher suites the length in bytes of the key to be generated.
  • ivLength – the length in bytes of the initialization vector to be generated, or 0 if no initialization vector is required
  • macKeyLength – the length in bytes of the MAC key to be generated
  • prfHashAlg – the name of the TLS PRF hash algorithm to use. Used only for TLS 1.2+. TLS1.1 and earlier use a fixed PRF.
  • prfHashLength – the output length of the TLS PRF hash algorithm. Used only for TLS 1.2+.
  • prfBlockSize – the input block size of the TLS PRF hash algorithm. Used only for TLS 1.2+.
Throws:
  • NullPointerException – if masterSecret, clientRandom, serverRandom, or cipherAlgorithm are null
  • IllegalArgumentException – if the algorithm of masterSecret is not TlsMasterSecret, or if majorVersion or minorVersion are negative or larger than 255; or if cipherKeyLength, expandedKeyLength, ivLength, or macKeyLength are negative
/** * Constructs a new TlsKeyMaterialParameterSpec. * * @param masterSecret the master secret * @param majorVersion the major number of the protocol version * @param minorVersion the minor number of the protocol version * @param clientRandom the client's random value * @param serverRandom the server's random value * @param cipherAlgorithm the algorithm name of the cipher keys to * be generated * @param cipherKeyLength if 0, no cipher keys will be generated; * otherwise, the length in bytes of cipher keys to be * generated for domestic cipher suites; for cipher suites defined as * exportable, the number of key material bytes to be generated; * @param expandedCipherKeyLength 0 for domestic cipher suites; for * exportable cipher suites the length in bytes of the key to be * generated. * @param ivLength the length in bytes of the initialization vector * to be generated, or 0 if no initialization vector is required * @param macKeyLength the length in bytes of the MAC key to be generated * @param prfHashAlg the name of the TLS PRF hash algorithm to use. * Used only for TLS 1.2+. TLS1.1 and earlier use a fixed PRF. * @param prfHashLength the output length of the TLS PRF hash algorithm. * Used only for TLS 1.2+. * @param prfBlockSize the input block size of the TLS PRF hash algorithm. * Used only for TLS 1.2+. * * @throws NullPointerException if masterSecret, clientRandom, * serverRandom, or cipherAlgorithm are null * @throws IllegalArgumentException if the algorithm of masterSecret is * not TlsMasterSecret, or if majorVersion or minorVersion are * negative or larger than 255; or if cipherKeyLength, expandedKeyLength, * ivLength, or macKeyLength are negative */
public TlsKeyMaterialParameterSpec(SecretKey masterSecret, int majorVersion, int minorVersion, byte[] clientRandom, byte[] serverRandom, String cipherAlgorithm, int cipherKeyLength, int expandedCipherKeyLength, int ivLength, int macKeyLength, String prfHashAlg, int prfHashLength, int prfBlockSize) { if (masterSecret.getAlgorithm().equals("TlsMasterSecret") == false) { throw new IllegalArgumentException("Not a TLS master secret"); } if (cipherAlgorithm == null) { throw new NullPointerException(); } this.masterSecret = masterSecret; this.majorVersion = TlsMasterSecretParameterSpec.checkVersion(majorVersion); this.minorVersion = TlsMasterSecretParameterSpec.checkVersion(minorVersion); this.clientRandom = clientRandom.clone(); this.serverRandom = serverRandom.clone(); this.cipherAlgorithm = cipherAlgorithm; this.cipherKeyLength = checkSign(cipherKeyLength); this.expandedCipherKeyLength = checkSign(expandedCipherKeyLength); this.ivLength = checkSign(ivLength); this.macKeyLength = checkSign(macKeyLength); this.prfHashAlg = prfHashAlg; this.prfHashLength = prfHashLength; this.prfBlockSize = prfBlockSize; } private static int checkSign(int k) { if (k < 0) { throw new IllegalArgumentException("Value must not be negative"); } return k; }
Returns the master secret.
Returns:the master secret.
/** * Returns the master secret. * * @return the master secret. */
public SecretKey getMasterSecret() { return masterSecret; }
Returns the major version number.
Returns:the major version number.
/** * Returns the major version number. * * @return the major version number. */
public int getMajorVersion() { return majorVersion; }
Returns the minor version number.
Returns:the minor version number.
/** * Returns the minor version number. * * @return the minor version number. */
public int getMinorVersion() { return minorVersion; }
Returns a copy of the client's random value.
Returns:a copy of the client's random value.
/** * Returns a copy of the client's random value. * * @return a copy of the client's random value. */
public byte[] getClientRandom() { return clientRandom.clone(); }
Returns a copy of the server's random value.
Returns:a copy of the server's random value.
/** * Returns a copy of the server's random value. * * @return a copy of the server's random value. */
public byte[] getServerRandom() { return serverRandom.clone(); }
Returns the cipher algorithm.
Returns:the cipher algorithm.
/** * Returns the cipher algorithm. * * @return the cipher algorithm. */
public String getCipherAlgorithm() { return cipherAlgorithm; }
Returns the length in bytes of the encryption key to be generated.
Returns:the length in bytes of the encryption key to be generated.
/** * Returns the length in bytes of the encryption key to be generated. * * @return the length in bytes of the encryption key to be generated. */
public int getCipherKeyLength() { return cipherKeyLength; }
Returns the length in bytes of the expanded encryption key to be generated. Returns zero if the expanded encryption key is not supposed to be generated.
Returns:the length in bytes of the expanded encryption key to be generated.
/** * Returns the length in bytes of the expanded encryption key to be * generated. Returns zero if the expanded encryption key is not * supposed to be generated. * * @return the length in bytes of the expanded encryption key to be * generated. */
public int getExpandedCipherKeyLength() { // TLS v1.1 disables the exportable weak cipher suites. if (majorVersion >= 0x03 && minorVersion >= 0x02) { return 0; } return expandedCipherKeyLength; }
Returns the length in bytes of the initialization vector to be generated. Returns zero if the initialization vector is not supposed to be generated.
Returns:the length in bytes of the initialization vector to be generated.
/** * Returns the length in bytes of the initialization vector to be * generated. Returns zero if the initialization vector is not * supposed to be generated. * * @return the length in bytes of the initialization vector to be * generated. */
public int getIvLength() { // TLS v1.1 or later uses an explicit IV to protect against // the CBC attacks. if (majorVersion >= 0x03 && minorVersion >= 0x02) { return 0; } return ivLength; }
Returns the length in bytes of the MAC key to be generated.
Returns:the length in bytes of the MAC key to be generated.
/** * Returns the length in bytes of the MAC key to be generated. * * @return the length in bytes of the MAC key to be generated. */
public int getMacKeyLength() { return macKeyLength; }
Obtains the PRF hash algorithm to use in the PRF calculation.
Returns:the hash algorithm.
/** * Obtains the PRF hash algorithm to use in the PRF calculation. * * @return the hash algorithm. */
public String getPRFHashAlg() { return prfHashAlg; }
Obtains the length of the PRF hash algorithm.
Returns:the hash algorithm length.
/** * Obtains the length of the PRF hash algorithm. * * @return the hash algorithm length. */
public int getPRFHashLength() { return prfHashLength; }
Obtains the block size of the PRF hash algorithm.
Returns:the hash algorithm block size
/** * Obtains the block size of the PRF hash algorithm. * * @return the hash algorithm block size */
public int getPRFBlockSize() { return prfBlockSize; } }