From 1137dfe66b0bd1555a0f2e0c79de01d2e9e4efdd Mon Sep 17 00:00:00 2001 From: xuelei Date: Thu, 18 Apr 2013 22:23:56 -0700 Subject: [PATCH] 8006935: Need to take care of long secret keys in HMAC/PRF compuation Reviewed-by: valeriep --- .../sun/crypto/provider/TlsPrfGenerator.java | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java b/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java index 137ba255c..f09b7d875 100644 --- a/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java +++ b/src/share/classes/com/sun/crypto/provider/TlsPrfGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -241,14 +241,29 @@ abstract class TlsPrfGenerator extends KeyGeneratorSpi { int off = secret.length >> 1; int seclen = off + (secret.length & 1); + byte[] secKey = secret; + int keyLen = seclen; byte[] output = new byte[outputLength]; // P_MD5(S1, label + seed) - expand(md5, 16, secret, 0, seclen, labelBytes, seed, output, + // If we have a long secret, digest it first. + if (seclen > 64) { // 64: block size of HMAC-MD5 + md5.update(secret, 0, seclen); + secKey = md5.digest(); + keyLen = secKey.length; + } + expand(md5, 16, secKey, 0, keyLen, labelBytes, seed, output, HMAC_ipad64.clone(), HMAC_opad64.clone()); // P_SHA-1(S2, label + seed) - expand(sha, 20, secret, off, seclen, labelBytes, seed, output, + // If we have a long secret, digest it first. + if (seclen > 64) { // 64: block size of HMAC-SHA1 + sha.update(secret, off, seclen); + secKey = sha.digest(); + keyLen = secKey.length; + off = 0; + } + expand(sha, 20, secKey, off, keyLen, labelBytes, seed, output, HMAC_ipad64.clone(), HMAC_opad64.clone()); return output; -- GitLab