Skip to content

Commit

Permalink
TKSS-810: Remove key generator TlsRsaPremasterSecret
Browse files Browse the repository at this point in the history
  • Loading branch information
@johnshajiang
johnshajiang committed Jul 4, 2024
1 parent 3a01fec commit 6f223c4
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 12 deletions.
3 changes: 2 additions & 1 deletion kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,8 @@ private static void putEntries(Provider provider) {
provider.put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial",
"SunTlsKeyMaterial");

provider.put("KeyGenerator.TlsRsaPremasterSecret",
provider.put("KeyGenerator.SunTlsRsaPremasterSecret",
"com.tencent.kona.sun.security.provider.TlsRsaPremasterSecretGenerator");
provider.put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", "SunTlsRsaPremasterSecret");
}
}
2 changes: 1 addition & 1 deletion kona-ssl/src/main/java/com/tencent/kona/ssl/SSLInsts.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ public static SSLContext getSSLContext(String protocol)
= new HashSet<>(Arrays.asList(
"SunTlsPrf", "SunTls12Prf",
"SunTlsMasterSecret", "SunTlsKeyMaterial",
"TlcpSM2PremasterSecret"));
"SunTlsRsaPremasterSecret", "SunTls12RsaPremasterSecret"));

public static KeyGenerator getKeyGenerator(String protocol)
throws NoSuchAlgorithmException {
Expand Down
18 changes: 8 additions & 10 deletions kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SM2KeyExchange.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,8 @@ byte[] getEncoded(PublicKey publicKey,
@SuppressWarnings("deprecation")
static SM2PremasterSecret createPremasterSecret(
ClientHandshakeContext chc) throws GeneralSecurityException {
String algorithm = "TlsRsaPremasterSecret";
String algorithm = chc.negotiatedProtocol.useTLS12PlusSpec() ?
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret";
KeyGenerator kg = SSLInsts.getKeyGenerator(algorithm);
TlsRsaPremasterSecretParameterSpec spec =
new TlsRsaPremasterSecretParameterSpec(
Expand All @@ -105,7 +106,7 @@ static SM2PremasterSecret decode(ServerHandshakeContext shc,
throws GeneralSecurityException {

byte[] encoded = null;
boolean needFailover = false;
boolean needFailover;
Cipher cipher = CryptoInsts.getCipher("SM2");
try {
// Try UNWRAP_MODE mode firstly.
Expand All @@ -117,8 +118,8 @@ static SM2PremasterSecret decode(ServerHandshakeContext shc,

// The provider selection can be delayed, please don't call
// any Cipher method before the call to Cipher.init().
// String providerName = cipher.getProvider().getName();
// needFailover = !KeyUtil.isOracleJCEProvider(providerName);
String providerName = cipher.getProvider().getName();
needFailover = !KeyUtil.isOracleJCEProvider(providerName);
} catch (InvalidKeyException | UnsupportedOperationException iue) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
SSLLogger.warning("The Cipher provider "
Expand Down Expand Up @@ -153,7 +154,7 @@ static SM2PremasterSecret decode(ServerHandshakeContext shc,
} else {
// the cipher should have been initialized
preMaster = (SecretKey)cipher.unwrap(encrypted,
"TlcpSM2PremasterSecret", Cipher.SECRET_KEY);
"TlsRsaPremasterSecret", Cipher.SECRET_KEY);
}

return new SM2PremasterSecret(preMaster);
Expand Down Expand Up @@ -195,11 +196,8 @@ private static SecretKey generatePremasterSecret(
}

try {
String s = clientVersion == ProtocolVersion.TLCP11.id
? "Tlcp11PremasterSecret"
: ((clientVersion >= ProtocolVersion.TLS12.id)
? "SunTls12RsaPremasterSecret"
: "SunTlsRsaPremasterSecret");
String s = ((clientVersion >= ProtocolVersion.TLS12.id) ?
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
KeyGenerator kg = CryptoInsts.getKeyGenerator(s);
kg.init(new TlsRsaPremasterSecretParameterSpec(
clientVersion, serverVersion, encodedSecret),
Expand Down

0 comments on commit 6f223c4

Please sign in to comment.