iaik.security.ssl
Class TruncatedHMAC

java.lang.Object
  extended by iaik.security.ssl.Extension
      extended by iaik.security.ssl.TruncatedHMAC
All Implemented Interfaces:
java.lang.Cloneable

public class TruncatedHMAC
extends Extension
implements java.lang.Cloneable

This class implements the truncated_hmac TLS extension.

In constrained environments client and server may agree on using a truncated HMAC where only the first 80 bits of the output of the hash function are recognized. If the client wants to use truncated HMACS he sends an empty truncated_hmac extension within his extended ClientHello message. If the server confirms on using truncated hmacs he responds with an -- also empty -- truncated_hmac extension in his extended ServerHello message.

Since the "extension_data" field of the truncated_hmac extension is always empty, you only must put an (empty) TruncatedHMAC object into your client/server ExtensionList to tell your iSaSiLk SSLClientContext/SSLServerContext that truncated hmacs maybe used (e.g, on the client side):

 // create TruncatedHMAC
 TruncatedHMAC truncatedHMAC = new TruncatedHMAC();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(truncatedHMAC);
 ...
 // set extensions for the SSLClientContext configuration:
 SSLClientContext clientContext = new SSLClientContext();
 // extensions are only defined for TLS
 clientContext.setAllowedProtocolVersions(SSLContext.VERSION_TLS10, SSLContext.VERSION_TLS12); 
 ...
 clientContext.setExtensions(extensions);
 ...
 
If you set the critical flag of a client-side TruncatedHMAC to true (client-side default), the handshake will be aborted if the server does not respond with a truncated_hmac extension.

On the server side the proceeding is quite the same:

 // create TruncatedHMAC
 TruncatedHMAC truncatedHMAC = new TruncatedHMAC();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(truncatedHMAC);
 ...
 // set extensions for the SSLServerContext configuration:
 SSLServerContext serverContext = new SSLServerContext();
 ...
 serverContext.setExtensions(extensions);
 ...
 
If you set the critical flag of a server-side truncated_hmac extension to true, the handshake will be aborted if the client does not send a truncated_hmac extension within the extended ClientHello message.

Version:
File Revision 9
See Also:
Extension, ExtensionList

Field Summary
static ExtensionType TYPE
          The type (4) of the truncated_hmac extension.
 
Constructor Summary
TruncatedHMAC()
          Creates a new TruncatedHMAC extension object.
 
Method Summary
 java.lang.Object clone()
          Returns a clone of this TruncatedHMAC extension object.
 java.lang.String toString()
          Gets a String representation of this TruncatedHMAC.
 
Methods inherited from class iaik.security.ssl.Extension
getExtensionType, getName, getType, setCritical
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

TYPE

public static final ExtensionType TYPE
The type (4) of the truncated_hmac extension.

Constructor Detail

TruncatedHMAC

public TruncatedHMAC()
Creates a new TruncatedHMAC extension object.
This constructor may be used on client or server side to enable truncated_hmac extension support for the SSLClientContext/SSLServerContext configuration:

Client-side:

 // create TruncatedHMAC
 TruncatedHMAC truncatedHMAC = new TruncatedHMAC();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(truncatedHMAC);
 ...
 // set extensions for the SSLClientContext configuration:
 SSLClientContext clientContext = new SSLClientContext();
 ...
 clientContext.setExtensions(extensions);
 ...
 
If you set the critical flag of a client-side extension to true (client-side default), the handshake will be aborted if the server does not respond with a truncated_hmac extension.

Server-side:

 // create TruncatedHMAC
 TruncatedHMAC truncatedHMAC = new TruncatedHMAC();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(truncatedHMAC);
 ...
 // set extensions for the SSLServerContext configuration:
 SSLServerContext serverContext = new SSLServerContext();
 ...
 serverContext.setExtensions(extensions);
 ...
 
If you set the critical flag of this extension to true, the handshake will be aborted if the client does not send a truncated_hmac extension within the extended ClientHello message.

If the client has sent a truncated_hmac extension, the server will respond with a truncated_hmac extension if he also wants (is configured to) use truncated hmacs.

Method Detail

clone

public java.lang.Object clone()
Returns a clone of this TruncatedHMAC extension object.

Overrides:
clone in class Extension
Returns:
a clone of this TruncatedHMAC

toString

public java.lang.String toString()
Gets a String representation of this TruncatedHMAC.

Specified by:
toString in class Extension
Returns:
"empty", since a truncated_hmac extension does not have a contents

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

iSaSiLk 5.104, (c) 2002 IAIK, (c) 2003 - 2015 SIC