1 package org.bouncycastle.tls; 2 3 import java.util.Vector; 4 5 import org.bouncycastle.tls.crypto.TlsSecret; 6 7 /** 8 * Carrier class for general security parameters. 9 */ 10 public class SecurityParameters 11 { 12 int entity = -1; 13 boolean secureRenegotiation = false; 14 int cipherSuite = CipherSuite.TLS_NULL_WITH_NULL_NULL; 15 final short compressionAlgorithm = CompressionMethod._null; 16 short maxFragmentLength = -1; 17 int prfAlgorithm = -1; 18 short prfHashAlgorithm = -1; 19 int prfHashLength = -1; 20 int verifyDataLength = -1; 21 TlsSecret baseKeyClient = null; 22 TlsSecret baseKeyServer = null; 23 TlsSecret earlyExporterMasterSecret = null; 24 TlsSecret earlySecret = null; 25 TlsSecret exporterMasterSecret = null; 26 TlsSecret handshakeSecret = null; 27 TlsSecret masterSecret = null; 28 TlsSecret sharedSecret = null; 29 TlsSecret trafficSecretClient = null; 30 TlsSecret trafficSecretServer = null; 31 byte[] clientRandom = null; 32 byte[] serverRandom = null; 33 byte[] sessionHash = null; 34 byte[] sessionID = null; 35 byte[] psk = null; 36 byte[] pskIdentity = null; 37 byte[] srpIdentity = null; 38 byte[] tlsServerEndPoint = null; 39 byte[] tlsUnique = null; 40 boolean encryptThenMAC = false; 41 boolean extendedMasterSecret = false; 42 boolean extendedPadding = false; 43 boolean truncatedHMac = false; 44 ProtocolName applicationProtocol = null; 45 boolean applicationProtocolSet = false; 46 short[] clientCertTypes = null; 47 Vector clientServerNames = null; 48 Vector clientSigAlgs = null; 49 Vector clientSigAlgsCert = null; 50 int[] clientSupportedGroups = null; 51 Vector serverSigAlgs = null; 52 Vector serverSigAlgsCert = null; 53 int[] serverSupportedGroups = null; 54 int keyExchangeAlgorithm = -1; 55 Certificate localCertificate = null; 56 Certificate peerCertificate = null; 57 ProtocolVersion negotiatedVersion = null; 58 int statusRequestVersion = 0; 59 60 // TODO[tls-ops] Investigate whether we can handle verify data using TlsSecret 61 byte[] localVerifyData = null; 62 byte[] peerVerifyData = null; 63 clear()64 void clear() 65 { 66 this.sessionHash = null; 67 this.sessionID = null; 68 this.clientCertTypes = null; 69 this.clientServerNames = null; 70 this.clientSigAlgs = null; 71 this.clientSigAlgsCert = null; 72 this.clientSupportedGroups = null; 73 this.serverSigAlgs = null; 74 this.serverSigAlgsCert = null; 75 this.serverSupportedGroups = null; 76 this.statusRequestVersion = 0; 77 78 this.baseKeyClient = clearSecret(baseKeyClient); 79 this.baseKeyServer = clearSecret(baseKeyServer); 80 this.earlyExporterMasterSecret = clearSecret(earlyExporterMasterSecret); 81 this.earlySecret = clearSecret(earlySecret); 82 this.exporterMasterSecret = clearSecret(exporterMasterSecret); 83 this.handshakeSecret = clearSecret(handshakeSecret); 84 this.masterSecret = clearSecret(masterSecret); 85 this.sharedSecret = clearSecret(sharedSecret); 86 } 87 88 /** 89 * @return {@link ConnectionEnd} 90 */ getEntity()91 public int getEntity() 92 { 93 return entity; 94 } 95 96 /** 97 * @deprecated Always false. 98 */ isRenegotiating()99 public boolean isRenegotiating() 100 { 101 return false; 102 } 103 isSecureRenegotiation()104 public boolean isSecureRenegotiation() 105 { 106 return secureRenegotiation; 107 } 108 109 /** 110 * @return {@link CipherSuite} 111 */ getCipherSuite()112 public int getCipherSuite() 113 { 114 return cipherSuite; 115 } 116 getClientCertTypes()117 public short[] getClientCertTypes() 118 { 119 return clientCertTypes; 120 } 121 getClientServerNames()122 public Vector getClientServerNames() 123 { 124 return clientServerNames; 125 } 126 getClientSigAlgs()127 public Vector getClientSigAlgs() 128 { 129 return clientSigAlgs; 130 } 131 getClientSigAlgsCert()132 public Vector getClientSigAlgsCert() 133 { 134 return clientSigAlgsCert; 135 } 136 getClientSupportedGroups()137 public int[] getClientSupportedGroups() 138 { 139 return clientSupportedGroups; 140 } 141 getServerSigAlgs()142 public Vector getServerSigAlgs() 143 { 144 return serverSigAlgs; 145 } 146 getServerSigAlgsCert()147 public Vector getServerSigAlgsCert() 148 { 149 return serverSigAlgsCert; 150 } 151 getServerSupportedGroups()152 public int[] getServerSupportedGroups() 153 { 154 return serverSupportedGroups; 155 } 156 157 /** 158 * @return {@link CompressionMethod} 159 */ getCompressionAlgorithm()160 public short getCompressionAlgorithm() 161 { 162 return compressionAlgorithm; 163 } 164 165 /** 166 * @return {@link MaxFragmentLength}, or -1 if none 167 */ getMaxFragmentLength()168 public short getMaxFragmentLength() 169 { 170 return maxFragmentLength; 171 } 172 173 /** 174 * @deprecated Use {@link #getPRFAlgorithm()} instead. 175 */ getPrfAlgorithm()176 public int getPrfAlgorithm() 177 { 178 return prfAlgorithm; 179 } 180 181 /** 182 * @return {@link PRFAlgorithm} 183 */ getPRFAlgorithm()184 public int getPRFAlgorithm() 185 { 186 return prfAlgorithm; 187 } 188 189 /** 190 * @return {@link HashAlgorithm} for the current {@link PRFAlgorithm} 191 */ getPRFHashAlgorithm()192 public short getPRFHashAlgorithm() 193 { 194 return prfHashAlgorithm; 195 } 196 getPRFHashLength()197 public int getPRFHashLength() 198 { 199 return prfHashLength; 200 } 201 getVerifyDataLength()202 public int getVerifyDataLength() 203 { 204 return verifyDataLength; 205 } 206 getBaseKeyClient()207 public TlsSecret getBaseKeyClient() 208 { 209 return baseKeyClient; 210 } 211 getBaseKeyServer()212 public TlsSecret getBaseKeyServer() 213 { 214 return baseKeyServer; 215 } 216 getEarlyExporterMasterSecret()217 public TlsSecret getEarlyExporterMasterSecret() 218 { 219 return earlyExporterMasterSecret; 220 } 221 getEarlySecret()222 public TlsSecret getEarlySecret() 223 { 224 return earlySecret; 225 } 226 getExporterMasterSecret()227 public TlsSecret getExporterMasterSecret() 228 { 229 return exporterMasterSecret; 230 } 231 getHandshakeSecret()232 public TlsSecret getHandshakeSecret() 233 { 234 return handshakeSecret; 235 } 236 getMasterSecret()237 public TlsSecret getMasterSecret() 238 { 239 return masterSecret; 240 } 241 getSharedSecret()242 public TlsSecret getSharedSecret() 243 { 244 return sharedSecret; 245 } 246 getTrafficSecretClient()247 public TlsSecret getTrafficSecretClient() 248 { 249 return trafficSecretClient; 250 } 251 getTrafficSecretServer()252 public TlsSecret getTrafficSecretServer() 253 { 254 return trafficSecretServer; 255 } 256 getClientRandom()257 public byte[] getClientRandom() 258 { 259 return clientRandom; 260 } 261 getServerRandom()262 public byte[] getServerRandom() 263 { 264 return serverRandom; 265 } 266 getSessionHash()267 public byte[] getSessionHash() 268 { 269 return sessionHash; 270 } 271 getSessionID()272 public byte[] getSessionID() 273 { 274 return sessionID; 275 } 276 getPSK()277 public byte[] getPSK() 278 { 279 return psk; 280 } 281 getPSKIdentity()282 public byte[] getPSKIdentity() 283 { 284 return pskIdentity; 285 } 286 getSRPIdentity()287 public byte[] getSRPIdentity() 288 { 289 return srpIdentity; 290 } 291 getTLSServerEndPoint()292 public byte[] getTLSServerEndPoint() 293 { 294 return tlsServerEndPoint; 295 } 296 getTLSUnique()297 public byte[] getTLSUnique() 298 { 299 return tlsUnique; 300 } 301 isEncryptThenMAC()302 public boolean isEncryptThenMAC() 303 { 304 return encryptThenMAC; 305 } 306 isExtendedMasterSecret()307 public boolean isExtendedMasterSecret() 308 { 309 return extendedMasterSecret; 310 } 311 isExtendedPadding()312 public boolean isExtendedPadding() 313 { 314 return extendedPadding; 315 } 316 isTruncatedHMac()317 public boolean isTruncatedHMac() 318 { 319 return truncatedHMac; 320 } 321 getApplicationProtocol()322 public ProtocolName getApplicationProtocol() 323 { 324 return applicationProtocol; 325 } 326 isApplicationProtocolSet()327 public boolean isApplicationProtocolSet() 328 { 329 return applicationProtocolSet; 330 } 331 getLocalVerifyData()332 public byte[] getLocalVerifyData() 333 { 334 return localVerifyData; 335 } 336 getPeerVerifyData()337 public byte[] getPeerVerifyData() 338 { 339 return peerVerifyData; 340 } 341 getKeyExchangeAlgorithm()342 public int getKeyExchangeAlgorithm() 343 { 344 return keyExchangeAlgorithm; 345 } 346 getLocalCertificate()347 public Certificate getLocalCertificate() 348 { 349 return localCertificate; 350 } 351 getPeerCertificate()352 public Certificate getPeerCertificate() 353 { 354 return peerCertificate; 355 } 356 getNegotiatedVersion()357 public ProtocolVersion getNegotiatedVersion() 358 { 359 return negotiatedVersion; 360 } 361 getStatusRequestVersion()362 public int getStatusRequestVersion() 363 { 364 return statusRequestVersion; 365 } 366 clearSecret(TlsSecret secret)367 private static TlsSecret clearSecret(TlsSecret secret) 368 { 369 if (null != secret) 370 { 371 secret.destroy(); 372 } 373 return null; 374 } 375 } 376