2551N/A * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This is the Kerberos premaster secret in the Kerberos client key 0N/A * exchange message (CLIENT --> SERVER); it holds the 0N/A * Kerberos-encrypted pre-master secret. The secret is encrypted using the 0N/A * Kerberos session key. The padding and size of the resulting message 0N/A * depends on the session key type, but the pre-master secret is 0N/A * always exactly 48 bytes. 0N/A * Constructor used by client to generate premaster secret. 0N/A * Client randomly creates a pre-master secret and encrypts it 0N/A * using the Kerberos session key; only the server can decrypt 0N/A * it, using the session key available in the service ticket. 0N/A * @param protocolVersion used to set preMaster[0,1] 0N/A * @param generator random number generator for generating premaster secret 0N/A * @param sessionKey Kerberos session key for encrypting premaster secret 0N/A "session keys with des3-cbc-hmac-sha1-kd encryption type " +
0N/A "are not supported for TLS Kerberos cipher suites");
0N/A // Encrypt premaster secret 0N/A * Constructor used by server to decrypt encrypted premaster secret. 0N/A * The protocol version in preMaster[0,1] must match either currentVersion 0N/A * or clientVersion, otherwise, the premaster secret is set to 0N/A * a random one to foil possible attack. 0N/A * @param currentVersion version of protocol being used 0N/A * @param clientVersion version requested by client 0N/A * @param generator random number generator used to generate 0N/A * bogus premaster secret if premaster secret verification fails 0N/A * @param input input stream from which to read the encrypted 0N/A * @param sessionKey Kerberos session key to be used for decryption 0N/A // Extract encrypted premaster secret from message 0N/A "session keys with des3-cbc-hmac-sha1-kd encryption type " +
0N/A "are not supported for TLS Kerberos cipher suites");
2551N/A // Decrypt premaster secret 0N/A "decrypted premaster secret",
temp);
2551N/A // Remove padding bytes after decryption. Only DES and DES3 have 2551N/A // paddings and we don't support DES3 in TLS (see above) 2551N/A // For des-cbc-crc, 4 paddings. Value can be 0x04 or 0x00. 2551N/A // For des-cbc-md5, 8 paddings with 0x08, or no padding 0N/A // catch exception & process below 0N/A // check if the premaster secret version is ok 0N/A // the specification says that it must be the maximum version supported 0N/A // by the client from its ClientHello message. However, many 2998N/A // old implementations send the negotiated version, so accept both 2998N/A // for SSL v3.0 and TLS v1.0. 0N/A // NOTE that we may be comparing two unsupported version numbers in 0N/A // the second case, which is why we cannot use object references 0N/A // equality in this special case 2998N/A * we never checked the client_version in server side 2998N/A * for TLS v1.0 and SSL v3.0. For compatibility, we 0N/A * Bogus decrypted ClientKeyExchange? If so, conjure a 0N/A * a random preMaster secret that will fail later during 0N/A * Finished message processing. This is a countermeasure against 0N/A * the "interactive RSA PKCS#1 encryption envelop attack" reported 0N/A * in June 1998. Preserving the executation path will 0N/A * mitigate timing attacks and force consistent error handling 0N/A * that will prevent an attacking client from differentiating 0N/A * different kinds of decrypted ClientKeyExchange bogosities. 0N/A +
"generating random secret");
2998N/A * Randomize the preMaster secret with the 2998N/A * ClientHello.client_version, as will produce invalid master 2998N/A * secret to prevent the attacks. 2551N/A * Checks if all paddings of data are b 2551N/A * @param data the block with padding 2551N/A * @param len length of data, >= 48 2551N/A * @param b expected padding byte 0N/A * Used by server to generate premaster secret in case of 0N/A * problem decoding ticket. 0N/A * @param protocolVersion used for preMaster[0,1] 0N/A * @param generator random number generator to use for generating secret. 0N/A byte[]
pm =
new byte[
48];
1870N/A // Clone not needed; internal use only 1870N/A // Clone not needed; internal use only