iSaSiLk 6.1, (c) 2002 IAIK, (c) 2003 - 2015 SICpublic class TruncatedHMAC extends Extension implements java.lang.Cloneable
In constrained environments client and server may agree on using a truncated HMAC where only the first 80 bits of the output of the hash function are recognized. If the client wants to use truncated HMACS he sends an empty truncated_hmac extension within his extended ClientHello message. If the server confirms on using truncated hmacs he responds with an -- also empty -- truncated_hmac extension in his extended ServerHello message.
Since the "extension_data" field of the truncated_hmac
extension is always empty, you only must put an (empty)
TruncatedHMAC object into your client/server
ExtensionList to tell your iSaSiLk
SSLClientContext/SSLServerContext
that truncated hmacs maybe used (e.g, on the client side):
// create TruncatedHMAC TruncatedHMAC truncatedHMAC = new TruncatedHMAC(); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(truncatedHMAC); ... // set extensions for the SSLClientContext configuration: SSLClientContext clientContext = new SSLClientContext(); // extensions are only defined for TLS clientContext.setAllowedProtocolVersions(SSLContext.VERSION_TLS10, SSLContext.VERSION_TLS12); ... clientContext.setExtensions(extensions); ...If you set the
criticalTruncatedHMAC to true
(client-side default), the handshake will be aborted if the server does
not respond with a truncated_hmac extension.
On the server side the proceeding is quite the same:
// create TruncatedHMAC TruncatedHMAC truncatedHMAC = new TruncatedHMAC(); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(truncatedHMAC); ... // set extensions for the SSLServerContext configuration: SSLServerContext serverContext = new SSLServerContext(); ... serverContext.setExtensions(extensions); ...If you set the
criticaltrue, the
handshake will be aborted if the client does not send a truncated_hmac
extension within the extended ClientHello message.Extension,
ExtensionList| Modifier and Type | Field and Description |
|---|---|
static ExtensionType |
TYPE
The type (4) of the truncated_hmac extension.
|
| Constructor and Description |
|---|
TruncatedHMAC()
Creates a new TruncatedHMAC extension object.
|
| Modifier and Type | Method and Description |
|---|---|
java.lang.Object |
clone()
Returns a clone of this TruncatedHMAC extension object.
|
java.lang.String |
toString()
Gets a String representation of this TruncatedHMAC.
|
getAllowedProtocolVersions, getExtensionType, getName, getType, setCriticalpublic static final ExtensionType TYPE
public TruncatedHMAC()
truncated_hmac extension support for
the SSLClientContext/SSLServerContext
configuration:
Client-side:
// create TruncatedHMAC TruncatedHMAC truncatedHMAC = new TruncatedHMAC(); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(truncatedHMAC); ... // set extensions for the SSLClientContext configuration: SSLClientContext clientContext = new SSLClientContext(); ... clientContext.setExtensions(extensions); ...If you set the
criticaltrue (client-side default),
the handshake will be aborted if the server does not respond with a
truncated_hmac extension.
Server-side:
// create TruncatedHMAC TruncatedHMAC truncatedHMAC = new TruncatedHMAC(); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(truncatedHMAC); ... // set extensions for the SSLServerContext configuration: SSLServerContext serverContext = new SSLServerContext(); ... serverContext.setExtensions(extensions); ...If you set the
criticaltrue, the handshake will be aborted
if the client does not send a truncated_hmac extension within the
extended ClientHello message.
If the client has sent a truncated_hmac extension, the server will respond with a truncated_hmac extension if he also wants (is configured to) use truncated hmacs.