Skip to content

Commit c57ed22

Browse files
author
Bradford Wetmore
committed
8274528: Add comment to explain an HKDF optimization in SSLSecretDerivation
Reviewed-by: jnimeh
1 parent 9180d9a commit c57ed22

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

src/java.base/share/classes/sun/security/ssl/SSLSecretDerivation.java

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
2+
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
33
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
44
*
55
* This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,15 @@
3434
import sun.security.ssl.CipherSuite.HashAlg;
3535

3636
final class SSLSecretDerivation implements SSLKeyDerivation {
37+
38+
/*
39+
* Performance optimization:
40+
*
41+
* Derive-Secret(Secret, Label, Messages) =
42+
* HKDF-Expand-Label(..., Transcript-Hash(""), ...);
43+
*
44+
* Hardcode tha Transcript-Hash("") result and skip a digest operation.
45+
*/
3746
private static final byte[] sha256EmptyDigest = new byte[] {
3847
(byte)0xE3, (byte)0xB0, (byte)0xC4, (byte)0x42,
3948
(byte)0x98, (byte)0xFC, (byte)0x1C, (byte)0x14,
@@ -45,6 +54,7 @@ final class SSLSecretDerivation implements SSLKeyDerivation {
4554
(byte)0x78, (byte)0x52, (byte)0xB8, (byte)0x55
4655
};
4756

57+
// See above.
4858
private static final byte[] sha384EmptyDigest = new byte[] {
4959
(byte)0x38, (byte)0xB0, (byte)0x60, (byte)0xA7,
5060
(byte)0x51, (byte)0xAC, (byte)0x96, (byte)0x38,
@@ -68,7 +78,6 @@ final class SSLSecretDerivation implements SSLKeyDerivation {
6878
HandshakeContext context, SecretKey secret) {
6979
this.secret = secret;
7080
this.hashAlg = context.negotiatedCipherSuite.hashAlg;
71-
String hkdfAlg = "HKDF-Expand/Hmac" + hashAlg.name.replace("-", "");
7281
context.handshakeHash.update();
7382
this.transcriptHash = context.handshakeHash.digest();
7483
}
@@ -141,7 +150,7 @@ private enum SecretSchedule {
141150

142151
private final byte[] label;
143152

144-
private SecretSchedule(String label) {
153+
SecretSchedule(String label) {
145154
this.label = ("tls13 " + label).getBytes();
146155
}
147156
}

0 commit comments

Comments
 (0)