jdk-sandbox: jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java@48712ca501c1 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
28565 48712ca501c1 8044860: Vectors and fixed length fields should be verified for allowed sizes. jnimeh parents: 27957 diff changeset	2	* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 4236 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.*;
90ce3da70b43 Initial load duke parents: diff changeset	29	import java.math.BigInteger;
90ce3da70b43 Initial load duke parents: diff changeset	30	import java.security.*;
90ce3da70b43 Initial load duke parents: diff changeset	31	import java.security.interfaces.*;
90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.spec.*;
90ce3da70b43 Initial load duke parents: diff changeset	33	import java.security.cert.*;
90ce3da70b43 Initial load duke parents: diff changeset	34	import java.security.cert.Certificate;
90ce3da70b43 Initial load duke parents: diff changeset	35	import java.util.*;
90ce3da70b43 Initial load duke parents: diff changeset	36	import java.util.concurrent.ConcurrentHashMap;
90ce3da70b43 Initial load duke parents: diff changeset	37
90ce3da70b43 Initial load duke parents: diff changeset	38	import java.lang.reflect.*;
90ce3da70b43 Initial load duke parents: diff changeset	39
90ce3da70b43 Initial load duke parents: diff changeset	40	import javax.security.auth.x500.X500Principal;
90ce3da70b43 Initial load duke parents: diff changeset	41
90ce3da70b43 Initial load duke parents: diff changeset	42	import javax.crypto.KeyGenerator;
90ce3da70b43 Initial load duke parents: diff changeset	43	import javax.crypto.SecretKey;
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	44	import javax.crypto.spec.DHPublicKeySpec;
2 90ce3da70b43 Initial load duke parents: diff changeset	45
90ce3da70b43 Initial load duke parents: diff changeset	46	import javax.net.ssl.*;
90ce3da70b43 Initial load duke parents: diff changeset	47
90ce3da70b43 Initial load duke parents: diff changeset	48	import sun.security.internal.spec.TlsPrfParameterSpec;
90ce3da70b43 Initial load duke parents: diff changeset	49	import sun.security.ssl.CipherSuite.*;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	50	import static sun.security.ssl.CipherSuite.PRF.*;
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	51	import sun.security.util.KeyUtil;
2 90ce3da70b43 Initial load duke parents: diff changeset	52
90ce3da70b43 Initial load duke parents: diff changeset	53	/**
90ce3da70b43 Initial load duke parents: diff changeset	54	* Many data structures are involved in the handshake messages. These
90ce3da70b43 Initial load duke parents: diff changeset	55	* classes are used as structures, with public data members. They are
90ce3da70b43 Initial load duke parents: diff changeset	56	* not visible outside the SSL package.
90ce3da70b43 Initial load duke parents: diff changeset	57	*
90ce3da70b43 Initial load duke parents: diff changeset	58	* Handshake messages all have a common header format, and they are all
90ce3da70b43 Initial load duke parents: diff changeset	59	* encoded in a "handshake data" SSL record substream. The base class
90ce3da70b43 Initial load duke parents: diff changeset	60	* here (HandshakeMessage) provides a common framework and records the
90ce3da70b43 Initial load duke parents: diff changeset	61	* SSL record type of the particular handshake message.
90ce3da70b43 Initial load duke parents: diff changeset	62	*
90ce3da70b43 Initial load duke parents: diff changeset	63	* This file contains subclasses for all the basic handshake messages.
90ce3da70b43 Initial load duke parents: diff changeset	64	* All handshake messages know how to encode and decode themselves on
90ce3da70b43 Initial load duke parents: diff changeset	65	* SSL streams; this facilitates using the same code on SSL client and
90ce3da70b43 Initial load duke parents: diff changeset	66	* server sides, although they don't send and receive the same messages.
90ce3da70b43 Initial load duke parents: diff changeset	67	*
90ce3da70b43 Initial load duke parents: diff changeset	68	* Messages also know how to print themselves, which is quite handy
90ce3da70b43 Initial load duke parents: diff changeset	69	* for debugging. They always identify their type, and can optionally
90ce3da70b43 Initial load duke parents: diff changeset	70	* dump all of their content.
90ce3da70b43 Initial load duke parents: diff changeset	71	*
90ce3da70b43 Initial load duke parents: diff changeset	72	* @author David Brownell
90ce3da70b43 Initial load duke parents: diff changeset	73	*/
4236 02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 2 diff changeset	74	public abstract class HandshakeMessage {
2 90ce3da70b43 Initial load duke parents: diff changeset	75
90ce3da70b43 Initial load duke parents: diff changeset	76	HandshakeMessage() { }
90ce3da70b43 Initial load duke parents: diff changeset	77
90ce3da70b43 Initial load duke parents: diff changeset	78	// enum HandshakeType:
90ce3da70b43 Initial load duke parents: diff changeset	79	static final byte ht_hello_request = 0;
90ce3da70b43 Initial load duke parents: diff changeset	80	static final byte ht_client_hello = 1;
90ce3da70b43 Initial load duke parents: diff changeset	81	static final byte ht_server_hello = 2;
90ce3da70b43 Initial load duke parents: diff changeset	82
90ce3da70b43 Initial load duke parents: diff changeset	83	static final byte ht_certificate = 11;
90ce3da70b43 Initial load duke parents: diff changeset	84	static final byte ht_server_key_exchange = 12;
90ce3da70b43 Initial load duke parents: diff changeset	85	static final byte ht_certificate_request = 13;
90ce3da70b43 Initial load duke parents: diff changeset	86	static final byte ht_server_hello_done = 14;
90ce3da70b43 Initial load duke parents: diff changeset	87	static final byte ht_certificate_verify = 15;
90ce3da70b43 Initial load duke parents: diff changeset	88	static final byte ht_client_key_exchange = 16;
90ce3da70b43 Initial load duke parents: diff changeset	89
90ce3da70b43 Initial load duke parents: diff changeset	90	static final byte ht_finished = 20;
90ce3da70b43 Initial load duke parents: diff changeset	91
90ce3da70b43 Initial load duke parents: diff changeset	92	/* Class and subclass dynamic debugging support */
4236 02f52c723b79 6894643: Separate out dependency on Kerberos vinnie parents: 2 diff changeset	93	public static final Debug debug = Debug.getInstance("ssl");
2 90ce3da70b43 Initial load duke parents: diff changeset	94
90ce3da70b43 Initial load duke parents: diff changeset	95	/**
90ce3da70b43 Initial load duke parents: diff changeset	96	* Utility method to convert a BigInteger to a byte array in unsigned
90ce3da70b43 Initial load duke parents: diff changeset	97	* format as needed in the handshake messages. BigInteger uses
90ce3da70b43 Initial load duke parents: diff changeset	98	* 2's complement format, i.e. it prepends an extra zero if the MSB
90ce3da70b43 Initial load duke parents: diff changeset	99	* is set. We remove that.
90ce3da70b43 Initial load duke parents: diff changeset	100	*/
90ce3da70b43 Initial load duke parents: diff changeset	101	static byte[] toByteArray(BigInteger bi) {
90ce3da70b43 Initial load duke parents: diff changeset	102	byte[] b = bi.toByteArray();
90ce3da70b43 Initial load duke parents: diff changeset	103	if ((b.length > 1) && (b[0] == 0)) {
90ce3da70b43 Initial load duke parents: diff changeset	104	int n = b.length - 1;
90ce3da70b43 Initial load duke parents: diff changeset	105	byte[] newarray = new byte[n];
90ce3da70b43 Initial load duke parents: diff changeset	106	System.arraycopy(b, 1, newarray, 0, n);
90ce3da70b43 Initial load duke parents: diff changeset	107	b = newarray;
90ce3da70b43 Initial load duke parents: diff changeset	108	}
90ce3da70b43 Initial load duke parents: diff changeset	109	return b;
90ce3da70b43 Initial load duke parents: diff changeset	110	}
90ce3da70b43 Initial load duke parents: diff changeset	111
90ce3da70b43 Initial load duke parents: diff changeset	112	/*
90ce3da70b43 Initial load duke parents: diff changeset	113	* SSL 3.0 MAC padding constants.
90ce3da70b43 Initial load duke parents: diff changeset	114	* Also used by CertificateVerify and Finished during the handshake.
90ce3da70b43 Initial load duke parents: diff changeset	115	*/
90ce3da70b43 Initial load duke parents: diff changeset	116	static final byte[] MD5_pad1 = genPad(0x36, 48);
90ce3da70b43 Initial load duke parents: diff changeset	117	static final byte[] MD5_pad2 = genPad(0x5c, 48);
90ce3da70b43 Initial load duke parents: diff changeset	118
90ce3da70b43 Initial load duke parents: diff changeset	119	static final byte[] SHA_pad1 = genPad(0x36, 40);
90ce3da70b43 Initial load duke parents: diff changeset	120	static final byte[] SHA_pad2 = genPad(0x5c, 40);
90ce3da70b43 Initial load duke parents: diff changeset	121
90ce3da70b43 Initial load duke parents: diff changeset	122	private static byte[] genPad(int b, int count) {
90ce3da70b43 Initial load duke parents: diff changeset	123	byte[] padding = new byte[count];
90ce3da70b43 Initial load duke parents: diff changeset	124	Arrays.fill(padding, (byte)b);
90ce3da70b43 Initial load duke parents: diff changeset	125	return padding;
90ce3da70b43 Initial load duke parents: diff changeset	126	}
90ce3da70b43 Initial load duke parents: diff changeset	127
90ce3da70b43 Initial load duke parents: diff changeset	128	/*
90ce3da70b43 Initial load duke parents: diff changeset	129	* Write a handshake message on the (handshake) output stream.
90ce3da70b43 Initial load duke parents: diff changeset	130	* This is just a four byte header followed by the data.
90ce3da70b43 Initial load duke parents: diff changeset	131	*
90ce3da70b43 Initial load duke parents: diff changeset	132	* NOTE that huge messages -- notably, ones with huge cert
90ce3da70b43 Initial load duke parents: diff changeset	133	* chains -- are handled correctly.
90ce3da70b43 Initial load duke parents: diff changeset	134	*/
90ce3da70b43 Initial load duke parents: diff changeset	135	final void write(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	136	int len = messageLength();
14004 611031f93e76 7200295: CertificateRequest message is wrapping when using large numbers of Certs xuelei parents: 10336 diff changeset	137	if (len >= Record.OVERFLOW_OF_INT24) {
2 90ce3da70b43 Initial load duke parents: diff changeset	138	throw new SSLException("Handshake message too big"
90ce3da70b43 Initial load duke parents: diff changeset	139	+ ", type = " + messageType() + ", len = " + len);
90ce3da70b43 Initial load duke parents: diff changeset	140	}
90ce3da70b43 Initial load duke parents: diff changeset	141	s.write(messageType());
90ce3da70b43 Initial load duke parents: diff changeset	142	s.putInt24(len);
90ce3da70b43 Initial load duke parents: diff changeset	143	send(s);
90ce3da70b43 Initial load duke parents: diff changeset	144	}
90ce3da70b43 Initial load duke parents: diff changeset	145
90ce3da70b43 Initial load duke parents: diff changeset	146	/*
90ce3da70b43 Initial load duke parents: diff changeset	147	* Subclasses implement these methods so those kinds of
90ce3da70b43 Initial load duke parents: diff changeset	148	* messages can be emitted. Base class delegates to subclass.
90ce3da70b43 Initial load duke parents: diff changeset	149	*/
90ce3da70b43 Initial load duke parents: diff changeset	150	abstract int messageType();
90ce3da70b43 Initial load duke parents: diff changeset	151	abstract int messageLength();
90ce3da70b43 Initial load duke parents: diff changeset	152	abstract void send(HandshakeOutStream s) throws IOException;
90ce3da70b43 Initial load duke parents: diff changeset	153
90ce3da70b43 Initial load duke parents: diff changeset	154	/*
90ce3da70b43 Initial load duke parents: diff changeset	155	* Write a descriptive message on the output stream; for debugging.
90ce3da70b43 Initial load duke parents: diff changeset	156	*/
90ce3da70b43 Initial load duke parents: diff changeset	157	abstract void print(PrintStream p) throws IOException;
90ce3da70b43 Initial load duke parents: diff changeset	158
90ce3da70b43 Initial load duke parents: diff changeset	159	//
90ce3da70b43 Initial load duke parents: diff changeset	160	// NOTE: the rest of these classes are nested within this one, and are
90ce3da70b43 Initial load duke parents: diff changeset	161	// imported by other classes in this package. There are a few other
90ce3da70b43 Initial load duke parents: diff changeset	162	// handshake message classes, not neatly nested here because of current
90ce3da70b43 Initial load duke parents: diff changeset	163	// licensing requirement for native (RSA) methods. They belong here,
90ce3da70b43 Initial load duke parents: diff changeset	164	// but those native methods complicate things a lot!
90ce3da70b43 Initial load duke parents: diff changeset	165	//
90ce3da70b43 Initial load duke parents: diff changeset	166
90ce3da70b43 Initial load duke parents: diff changeset	167
90ce3da70b43 Initial load duke parents: diff changeset	168	/*
90ce3da70b43 Initial load duke parents: diff changeset	169	* HelloRequest ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	170	*
90ce3da70b43 Initial load duke parents: diff changeset	171	* Server can ask the client to initiate a new handshake, e.g. to change
90ce3da70b43 Initial load duke parents: diff changeset	172	* session parameters after a connection has been (re)established.
90ce3da70b43 Initial load duke parents: diff changeset	173	*/
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	174	static final class HelloRequest extends HandshakeMessage {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	175	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	176	int messageType() { return ht_hello_request; }
90ce3da70b43 Initial load duke parents: diff changeset	177
90ce3da70b43 Initial load duke parents: diff changeset	178	HelloRequest() { }
90ce3da70b43 Initial load duke parents: diff changeset	179
90ce3da70b43 Initial load duke parents: diff changeset	180	HelloRequest(HandshakeInStream in) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	181	{
90ce3da70b43 Initial load duke parents: diff changeset	182	// nothing in this message
90ce3da70b43 Initial load duke parents: diff changeset	183	}
90ce3da70b43 Initial load duke parents: diff changeset	184
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	185	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	186	int messageLength() { return 0; }
90ce3da70b43 Initial load duke parents: diff changeset	187
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	188	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	189	void send(HandshakeOutStream out) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	190	{
90ce3da70b43 Initial load duke parents: diff changeset	191	// nothing in this messaage
90ce3da70b43 Initial load duke parents: diff changeset	192	}
90ce3da70b43 Initial load duke parents: diff changeset	193
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	194	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	195	void print(PrintStream out) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	196	{
90ce3da70b43 Initial load duke parents: diff changeset	197	out.println("*** HelloRequest (empty)");
90ce3da70b43 Initial load duke parents: diff changeset	198	}
90ce3da70b43 Initial load duke parents: diff changeset	199
90ce3da70b43 Initial load duke parents: diff changeset	200	}
90ce3da70b43 Initial load duke parents: diff changeset	201
90ce3da70b43 Initial load duke parents: diff changeset	202
90ce3da70b43 Initial load duke parents: diff changeset	203	/*
90ce3da70b43 Initial load duke parents: diff changeset	204	* ClientHello ... CLIENT --> SERVER
90ce3da70b43 Initial load duke parents: diff changeset	205	*
90ce3da70b43 Initial load duke parents: diff changeset	206	* Client initiates handshake by telling server what it wants, and what it
90ce3da70b43 Initial load duke parents: diff changeset	207	* can support (prioritized by what's first in the ciphe suite list).
90ce3da70b43 Initial load duke parents: diff changeset	208	*
90ce3da70b43 Initial load duke parents: diff changeset	209	* By RFC2246:7.4.1.2 it's explicitly anticipated that this message
90ce3da70b43 Initial load duke parents: diff changeset	210	* will have more data added at the end ... e.g. what CAs the client trusts.
90ce3da70b43 Initial load duke parents: diff changeset	211	* Until we know how to parse it, we will just read what we know
90ce3da70b43 Initial load duke parents: diff changeset	212	* about, and let our caller handle the jumps over unknown data.
90ce3da70b43 Initial load duke parents: diff changeset	213	*/
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	214	static final class ClientHello extends HandshakeMessage {
2 90ce3da70b43 Initial load duke parents: diff changeset	215
90ce3da70b43 Initial load duke parents: diff changeset	216	ProtocolVersion protocolVersion;
90ce3da70b43 Initial load duke parents: diff changeset	217	RandomCookie clnt_random;
90ce3da70b43 Initial load duke parents: diff changeset	218	SessionId sessionId;
90ce3da70b43 Initial load duke parents: diff changeset	219	private CipherSuiteList cipherSuites;
90ce3da70b43 Initial load duke parents: diff changeset	220	byte[] compression_methods;
90ce3da70b43 Initial load duke parents: diff changeset	221
90ce3da70b43 Initial load duke parents: diff changeset	222	HelloExtensions extensions = new HelloExtensions();
90ce3da70b43 Initial load duke parents: diff changeset	223
90ce3da70b43 Initial load duke parents: diff changeset	224	private final static byte[] NULL_COMPRESSION = new byte[] {0};
90ce3da70b43 Initial load duke parents: diff changeset	225
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	226	ClientHello(SecureRandom generator, ProtocolVersion protocolVersion,
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	227	SessionId sessionId, CipherSuiteList cipherSuites) {
2 90ce3da70b43 Initial load duke parents: diff changeset	228
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	229	this.protocolVersion = protocolVersion;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	230	this.sessionId = sessionId;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	231	this.cipherSuites = cipherSuites;
2 90ce3da70b43 Initial load duke parents: diff changeset	232
90ce3da70b43 Initial load duke parents: diff changeset	233	if (cipherSuites.containsEC()) {
90ce3da70b43 Initial load duke parents: diff changeset	234	extensions.add(SupportedEllipticCurvesExtension.DEFAULT);
90ce3da70b43 Initial load duke parents: diff changeset	235	extensions.add(SupportedEllipticPointFormatsExtension.DEFAULT);
90ce3da70b43 Initial load duke parents: diff changeset	236	}
90ce3da70b43 Initial load duke parents: diff changeset	237
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	238	clnt_random = new RandomCookie(generator);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	239	compression_methods = NULL_COMPRESSION;
2 90ce3da70b43 Initial load duke parents: diff changeset	240	}
90ce3da70b43 Initial load duke parents: diff changeset	241
90ce3da70b43 Initial load duke parents: diff changeset	242	ClientHello(HandshakeInStream s, int messageLength) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	243	protocolVersion = ProtocolVersion.valueOf(s.getInt8(), s.getInt8());
90ce3da70b43 Initial load duke parents: diff changeset	244	clnt_random = new RandomCookie(s);
90ce3da70b43 Initial load duke parents: diff changeset	245	sessionId = new SessionId(s.getBytes8());
28565 48712ca501c1 8044860: Vectors and fixed length fields should be verified for allowed sizes. jnimeh parents: 27957 diff changeset	246	sessionId.checkLength(protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	247	cipherSuites = new CipherSuiteList(s);
90ce3da70b43 Initial load duke parents: diff changeset	248	compression_methods = s.getBytes8();
90ce3da70b43 Initial load duke parents: diff changeset	249	if (messageLength() != messageLength) {
90ce3da70b43 Initial load duke parents: diff changeset	250	extensions = new HelloExtensions(s);
90ce3da70b43 Initial load duke parents: diff changeset	251	}
90ce3da70b43 Initial load duke parents: diff changeset	252	}
90ce3da70b43 Initial load duke parents: diff changeset	253
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	254	CipherSuiteList getCipherSuites() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	255	return cipherSuites;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	256	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	257
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	258	// add renegotiation_info extension
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	259	void addRenegotiationInfoExtension(byte[] clientVerifyData) {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	260	HelloExtension renegotiationInfo = new RenegotiationInfoExtension(
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	261	clientVerifyData, new byte[0]);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	262	extensions.add(renegotiationInfo);
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	263	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	264
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	265	// add server_name extension
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 14004 diff changeset	266	void addSNIExtension(List<SNIServerName> serverNames) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	267	try {
14194 971f46db533d 7068321: Support TLS Server Name Indication (SNI) Extension in JSSE Server xuelei parents: 14004 diff changeset	268	extensions.add(new ServerNameExtension(serverNames));
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	269	} catch (IOException ioe) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	270	// ignore the exception and return
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	271	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	272	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	273
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	274	// add signature_algorithm extension
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	275	void addSignatureAlgorithmsExtension(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	276	Collection<SignatureAndHashAlgorithm> algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	277	HelloExtension signatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	278	new SignatureAlgorithmsExtension(algorithms);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	279	extensions.add(signatureAlgorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	280	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	281
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	282	@Override
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	283	int messageType() { return ht_client_hello; }
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	284
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	285	@Override
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	286	int messageLength() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	287	/*
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	288	* Add fixed size parts of each field...
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	289	* version + random + session + cipher + compress
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	290	*/
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	291	return (2 + 32 + 1 + 2 + 1
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	292	+ sessionId.length() /* ... + variable parts */
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	293	+ (cipherSuites.size() * 2)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	294	+ compression_methods.length)
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	295	+ extensions.length();
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	296	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	297
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	298	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	299	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	300	s.putInt8(protocolVersion.major);
90ce3da70b43 Initial load duke parents: diff changeset	301	s.putInt8(protocolVersion.minor);
90ce3da70b43 Initial load duke parents: diff changeset	302	clnt_random.send(s);
90ce3da70b43 Initial load duke parents: diff changeset	303	s.putBytes8(sessionId.getId());
90ce3da70b43 Initial load duke parents: diff changeset	304	cipherSuites.send(s);
90ce3da70b43 Initial load duke parents: diff changeset	305	s.putBytes8(compression_methods);
90ce3da70b43 Initial load duke parents: diff changeset	306	extensions.send(s);
90ce3da70b43 Initial load duke parents: diff changeset	307	}
90ce3da70b43 Initial load duke parents: diff changeset	308
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	309	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	310	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	311	s.println("*** ClientHello, " + protocolVersion);
90ce3da70b43 Initial load duke parents: diff changeset	312
90ce3da70b43 Initial load duke parents: diff changeset	313	if (debug != null && Debug.isOn("verbose")) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	314	s.print("RandomCookie: ");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	315	clnt_random.print(s);
2 90ce3da70b43 Initial load duke parents: diff changeset	316
90ce3da70b43 Initial load duke parents: diff changeset	317	s.print("Session ID: ");
90ce3da70b43 Initial load duke parents: diff changeset	318	s.println(sessionId);
90ce3da70b43 Initial load duke parents: diff changeset	319
90ce3da70b43 Initial load duke parents: diff changeset	320	s.println("Cipher Suites: " + cipherSuites);
90ce3da70b43 Initial load duke parents: diff changeset	321
90ce3da70b43 Initial load duke parents: diff changeset	322	Debug.println(s, "Compression Methods", compression_methods);
90ce3da70b43 Initial load duke parents: diff changeset	323	extensions.print(s);
90ce3da70b43 Initial load duke parents: diff changeset	324	s.println("***");
90ce3da70b43 Initial load duke parents: diff changeset	325	}
90ce3da70b43 Initial load duke parents: diff changeset	326	}
90ce3da70b43 Initial load duke parents: diff changeset	327	}
90ce3da70b43 Initial load duke parents: diff changeset	328
90ce3da70b43 Initial load duke parents: diff changeset	329	/*
90ce3da70b43 Initial load duke parents: diff changeset	330	* ServerHello ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	331	*
90ce3da70b43 Initial load duke parents: diff changeset	332	* Server chooses protocol options from among those it supports and the
90ce3da70b43 Initial load duke parents: diff changeset	333	* client supports. Then it sends the basic session descriptive parameters
90ce3da70b43 Initial load duke parents: diff changeset	334	* back to the client.
90ce3da70b43 Initial load duke parents: diff changeset	335	*/
90ce3da70b43 Initial load duke parents: diff changeset	336	static final
90ce3da70b43 Initial load duke parents: diff changeset	337	class ServerHello extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	338	{
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	339	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	340	int messageType() { return ht_server_hello; }
90ce3da70b43 Initial load duke parents: diff changeset	341
90ce3da70b43 Initial load duke parents: diff changeset	342	ProtocolVersion protocolVersion;
90ce3da70b43 Initial load duke parents: diff changeset	343	RandomCookie svr_random;
90ce3da70b43 Initial load duke parents: diff changeset	344	SessionId sessionId;
90ce3da70b43 Initial load duke parents: diff changeset	345	CipherSuite cipherSuite;
90ce3da70b43 Initial load duke parents: diff changeset	346	byte compression_method;
90ce3da70b43 Initial load duke parents: diff changeset	347	HelloExtensions extensions = new HelloExtensions();
90ce3da70b43 Initial load duke parents: diff changeset	348
90ce3da70b43 Initial load duke parents: diff changeset	349	ServerHello() {
90ce3da70b43 Initial load duke parents: diff changeset	350	// empty
90ce3da70b43 Initial load duke parents: diff changeset	351	}
90ce3da70b43 Initial load duke parents: diff changeset	352
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	353	ServerHello(HandshakeInStream input, int messageLength)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	354	throws IOException {
2 90ce3da70b43 Initial load duke parents: diff changeset	355	protocolVersion = ProtocolVersion.valueOf(input.getInt8(),
90ce3da70b43 Initial load duke parents: diff changeset	356	input.getInt8());
90ce3da70b43 Initial load duke parents: diff changeset	357	svr_random = new RandomCookie(input);
90ce3da70b43 Initial load duke parents: diff changeset	358	sessionId = new SessionId(input.getBytes8());
28565 48712ca501c1 8044860: Vectors and fixed length fields should be verified for allowed sizes. jnimeh parents: 27957 diff changeset	359	sessionId.checkLength(protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	360	cipherSuite = CipherSuite.valueOf(input.getInt8(), input.getInt8());
90ce3da70b43 Initial load duke parents: diff changeset	361	compression_method = (byte)input.getInt8();
90ce3da70b43 Initial load duke parents: diff changeset	362	if (messageLength() != messageLength) {
90ce3da70b43 Initial load duke parents: diff changeset	363	extensions = new HelloExtensions(input);
90ce3da70b43 Initial load duke parents: diff changeset	364	}
90ce3da70b43 Initial load duke parents: diff changeset	365	}
90ce3da70b43 Initial load duke parents: diff changeset	366
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	367	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	368	int messageLength()
90ce3da70b43 Initial load duke parents: diff changeset	369	{
90ce3da70b43 Initial load duke parents: diff changeset	370	// almost fixed size, except session ID and extensions:
90ce3da70b43 Initial load duke parents: diff changeset	371	// major + minor = 2
90ce3da70b43 Initial load duke parents: diff changeset	372	// random = 32
90ce3da70b43 Initial load duke parents: diff changeset	373	// session ID len field = 1
90ce3da70b43 Initial load duke parents: diff changeset	374	// cipher suite + compression = 3
90ce3da70b43 Initial load duke parents: diff changeset	375	// extensions: if present, 2 + length of extensions
90ce3da70b43 Initial load duke parents: diff changeset	376	return 38 + sessionId.length() + extensions.length();
90ce3da70b43 Initial load duke parents: diff changeset	377	}
90ce3da70b43 Initial load duke parents: diff changeset	378
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	379	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	380	void send(HandshakeOutStream s) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	381	{
90ce3da70b43 Initial load duke parents: diff changeset	382	s.putInt8(protocolVersion.major);
90ce3da70b43 Initial load duke parents: diff changeset	383	s.putInt8(protocolVersion.minor);
90ce3da70b43 Initial load duke parents: diff changeset	384	svr_random.send(s);
90ce3da70b43 Initial load duke parents: diff changeset	385	s.putBytes8(sessionId.getId());
90ce3da70b43 Initial load duke parents: diff changeset	386	s.putInt8(cipherSuite.id >> 8);
90ce3da70b43 Initial load duke parents: diff changeset	387	s.putInt8(cipherSuite.id & 0xff);
90ce3da70b43 Initial load duke parents: diff changeset	388	s.putInt8(compression_method);
90ce3da70b43 Initial load duke parents: diff changeset	389	extensions.send(s);
90ce3da70b43 Initial load duke parents: diff changeset	390	}
90ce3da70b43 Initial load duke parents: diff changeset	391
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	392	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	393	void print(PrintStream s) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	394	{
90ce3da70b43 Initial load duke parents: diff changeset	395	s.println("*** ServerHello, " + protocolVersion);
90ce3da70b43 Initial load duke parents: diff changeset	396
90ce3da70b43 Initial load duke parents: diff changeset	397	if (debug != null && Debug.isOn("verbose")) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	398	s.print("RandomCookie: ");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	399	svr_random.print(s);
2 90ce3da70b43 Initial load duke parents: diff changeset	400
90ce3da70b43 Initial load duke parents: diff changeset	401	s.print("Session ID: ");
90ce3da70b43 Initial load duke parents: diff changeset	402	s.println(sessionId);
90ce3da70b43 Initial load duke parents: diff changeset	403
90ce3da70b43 Initial load duke parents: diff changeset	404	s.println("Cipher Suite: " + cipherSuite);
90ce3da70b43 Initial load duke parents: diff changeset	405	s.println("Compression Method: " + compression_method);
90ce3da70b43 Initial load duke parents: diff changeset	406	extensions.print(s);
90ce3da70b43 Initial load duke parents: diff changeset	407	s.println("***");
90ce3da70b43 Initial load duke parents: diff changeset	408	}
90ce3da70b43 Initial load duke parents: diff changeset	409	}
90ce3da70b43 Initial load duke parents: diff changeset	410	}
90ce3da70b43 Initial load duke parents: diff changeset	411
90ce3da70b43 Initial load duke parents: diff changeset	412
90ce3da70b43 Initial load duke parents: diff changeset	413	/*
90ce3da70b43 Initial load duke parents: diff changeset	414	* CertificateMsg ... send by both CLIENT and SERVER
90ce3da70b43 Initial load duke parents: diff changeset	415	*
90ce3da70b43 Initial load duke parents: diff changeset	416	* Each end of a connection may need to pass its certificate chain to
90ce3da70b43 Initial load duke parents: diff changeset	417	* the other end. Such chains are intended to validate an identity with
90ce3da70b43 Initial load duke parents: diff changeset	418	* reference to some certifying authority. Examples include companies
90ce3da70b43 Initial load duke parents: diff changeset	419	* like Verisign, or financial institutions. There's some control over
90ce3da70b43 Initial load duke parents: diff changeset	420	* the certifying authorities which are sent.
90ce3da70b43 Initial load duke parents: diff changeset	421	*
90ce3da70b43 Initial load duke parents: diff changeset	422	* NOTE: that these messages might be huge, taking many handshake records.
90ce3da70b43 Initial load duke parents: diff changeset	423	* Up to 2^48 bytes of certificate may be sent, in records of at most 2^14
90ce3da70b43 Initial load duke parents: diff changeset	424	* bytes each ... up to 2^32 records sent on the output stream.
90ce3da70b43 Initial load duke parents: diff changeset	425	*/
90ce3da70b43 Initial load duke parents: diff changeset	426	static final
90ce3da70b43 Initial load duke parents: diff changeset	427	class CertificateMsg extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	428	{
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	429	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	430	int messageType() { return ht_certificate; }
90ce3da70b43 Initial load duke parents: diff changeset	431
90ce3da70b43 Initial load duke parents: diff changeset	432	private X509Certificate[] chain;
90ce3da70b43 Initial load duke parents: diff changeset	433
90ce3da70b43 Initial load duke parents: diff changeset	434	private List<byte[]> encodedChain;
90ce3da70b43 Initial load duke parents: diff changeset	435
90ce3da70b43 Initial load duke parents: diff changeset	436	private int messageLength;
90ce3da70b43 Initial load duke parents: diff changeset	437
90ce3da70b43 Initial load duke parents: diff changeset	438	CertificateMsg(X509Certificate[] certs) {
90ce3da70b43 Initial load duke parents: diff changeset	439	chain = certs;
90ce3da70b43 Initial load duke parents: diff changeset	440	}
90ce3da70b43 Initial load duke parents: diff changeset	441
90ce3da70b43 Initial load duke parents: diff changeset	442	CertificateMsg(HandshakeInStream input) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	443	int chainLen = input.getInt24();
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	444	List<Certificate> v = new ArrayList<>(4);
2 90ce3da70b43 Initial load duke parents: diff changeset	445
90ce3da70b43 Initial load duke parents: diff changeset	446	CertificateFactory cf = null;
90ce3da70b43 Initial load duke parents: diff changeset	447	while (chainLen > 0) {
90ce3da70b43 Initial load duke parents: diff changeset	448	byte[] cert = input.getBytes24();
90ce3da70b43 Initial load duke parents: diff changeset	449	chainLen -= (3 + cert.length);
90ce3da70b43 Initial load duke parents: diff changeset	450	try {
90ce3da70b43 Initial load duke parents: diff changeset	451	if (cf == null) {
90ce3da70b43 Initial load duke parents: diff changeset	452	cf = CertificateFactory.getInstance("X.509");
90ce3da70b43 Initial load duke parents: diff changeset	453	}
90ce3da70b43 Initial load duke parents: diff changeset	454	v.add(cf.generateCertificate(new ByteArrayInputStream(cert)));
90ce3da70b43 Initial load duke parents: diff changeset	455	} catch (CertificateException e) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	456	throw (SSLProtocolException)new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	457	e.getMessage()).initCause(e);
2 90ce3da70b43 Initial load duke parents: diff changeset	458	}
90ce3da70b43 Initial load duke parents: diff changeset	459	}
90ce3da70b43 Initial load duke parents: diff changeset	460
90ce3da70b43 Initial load duke parents: diff changeset	461	chain = v.toArray(new X509Certificate[v.size()]);
90ce3da70b43 Initial load duke parents: diff changeset	462	}
90ce3da70b43 Initial load duke parents: diff changeset	463
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	464	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	465	int messageLength() {
90ce3da70b43 Initial load duke parents: diff changeset	466	if (encodedChain == null) {
90ce3da70b43 Initial load duke parents: diff changeset	467	messageLength = 3;
90ce3da70b43 Initial load duke parents: diff changeset	468	encodedChain = new ArrayList<byte[]>(chain.length);
90ce3da70b43 Initial load duke parents: diff changeset	469	try {
90ce3da70b43 Initial load duke parents: diff changeset	470	for (X509Certificate cert : chain) {
90ce3da70b43 Initial load duke parents: diff changeset	471	byte[] b = cert.getEncoded();
90ce3da70b43 Initial load duke parents: diff changeset	472	encodedChain.add(b);
90ce3da70b43 Initial load duke parents: diff changeset	473	messageLength += b.length + 3;
90ce3da70b43 Initial load duke parents: diff changeset	474	}
90ce3da70b43 Initial load duke parents: diff changeset	475	} catch (CertificateEncodingException e) {
90ce3da70b43 Initial load duke parents: diff changeset	476	encodedChain = null;
90ce3da70b43 Initial load duke parents: diff changeset	477	throw new RuntimeException("Could not encode certificates", e);
90ce3da70b43 Initial load duke parents: diff changeset	478	}
90ce3da70b43 Initial load duke parents: diff changeset	479	}
90ce3da70b43 Initial load duke parents: diff changeset	480	return messageLength;
90ce3da70b43 Initial load duke parents: diff changeset	481	}
90ce3da70b43 Initial load duke parents: diff changeset	482
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	483	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	484	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	485	s.putInt24(messageLength() - 3);
90ce3da70b43 Initial load duke parents: diff changeset	486	for (byte[] b : encodedChain) {
90ce3da70b43 Initial load duke parents: diff changeset	487	s.putBytes24(b);
90ce3da70b43 Initial load duke parents: diff changeset	488	}
90ce3da70b43 Initial load duke parents: diff changeset	489	}
90ce3da70b43 Initial load duke parents: diff changeset	490
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	491	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	492	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	493	s.println("*** Certificate chain");
90ce3da70b43 Initial load duke parents: diff changeset	494
90ce3da70b43 Initial load duke parents: diff changeset	495	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	496	for (int i = 0; i < chain.length; i++)
90ce3da70b43 Initial load duke parents: diff changeset	497	s.println("chain [" + i + "] = " + chain[i]);
90ce3da70b43 Initial load duke parents: diff changeset	498	s.println("***");
90ce3da70b43 Initial load duke parents: diff changeset	499	}
90ce3da70b43 Initial load duke parents: diff changeset	500	}
90ce3da70b43 Initial load duke parents: diff changeset	501
90ce3da70b43 Initial load duke parents: diff changeset	502	X509Certificate[] getCertificateChain() {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	503	return chain.clone();
2 90ce3da70b43 Initial load duke parents: diff changeset	504	}
90ce3da70b43 Initial load duke parents: diff changeset	505	}
90ce3da70b43 Initial load duke parents: diff changeset	506
90ce3da70b43 Initial load duke parents: diff changeset	507	/*
90ce3da70b43 Initial load duke parents: diff changeset	508	* ServerKeyExchange ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	509	*
90ce3da70b43 Initial load duke parents: diff changeset	510	* The cipher suite selected, when combined with the certificate exchanged,
90ce3da70b43 Initial load duke parents: diff changeset	511	* implies one of several different kinds of key exchange. Most current
90ce3da70b43 Initial load duke parents: diff changeset	512	* cipher suites require the server to send more than its certificate.
90ce3da70b43 Initial load duke parents: diff changeset	513	*
90ce3da70b43 Initial load duke parents: diff changeset	514	* The primary exceptions are when a server sends an encryption-capable
90ce3da70b43 Initial load duke parents: diff changeset	515	* RSA public key in its cert, to be used with RSA (or RSA_export) key
90ce3da70b43 Initial load duke parents: diff changeset	516	* exchange; and when a server sends its Diffie-Hellman cert. Those kinds
90ce3da70b43 Initial load duke parents: diff changeset	517	* of key exchange do not require a ServerKeyExchange message.
90ce3da70b43 Initial load duke parents: diff changeset	518	*
90ce3da70b43 Initial load duke parents: diff changeset	519	* Key exchange can be viewed as having three modes, which are explicit
90ce3da70b43 Initial load duke parents: diff changeset	520	* for the Diffie-Hellman flavors and poorly specified for RSA ones:
90ce3da70b43 Initial load duke parents: diff changeset	521	*
90ce3da70b43 Initial load duke parents: diff changeset	522	* - "Ephemeral" keys. Here, a "temporary" key is allocated by the
90ce3da70b43 Initial load duke parents: diff changeset	523	* server, and signed. Diffie-Hellman keys signed using RSA or
90ce3da70b43 Initial load duke parents: diff changeset	524	* DSS are ephemeral (DHE flavor). RSA keys get used to do the same
90ce3da70b43 Initial load duke parents: diff changeset	525	* thing, to cut the key size down to 512 bits (export restrictions)
90ce3da70b43 Initial load duke parents: diff changeset	526	* or for signing-only RSA certificates.
90ce3da70b43 Initial load duke parents: diff changeset	527	*
90ce3da70b43 Initial load duke parents: diff changeset	528	* - Anonymity. Here no server certificate is sent, only the public
90ce3da70b43 Initial load duke parents: diff changeset	529	* key of the server. This case is subject to man-in-the-middle
90ce3da70b43 Initial load duke parents: diff changeset	530	* attacks. This can be done with Diffie-Hellman keys (DH_anon) or
90ce3da70b43 Initial load duke parents: diff changeset	531	* with RSA keys, but is only used in SSLv3 for DH_anon.
90ce3da70b43 Initial load duke parents: diff changeset	532	*
90ce3da70b43 Initial load duke parents: diff changeset	533	* - "Normal" case. Here a server certificate is sent, and the public
90ce3da70b43 Initial load duke parents: diff changeset	534	* key there is used directly in exchanging the premaster secret.
90ce3da70b43 Initial load duke parents: diff changeset	535	* For example, Diffie-Hellman "DH" flavor, and any RSA flavor with
90ce3da70b43 Initial load duke parents: diff changeset	536	* only 512 bit keys.
90ce3da70b43 Initial load duke parents: diff changeset	537	*
90ce3da70b43 Initial load duke parents: diff changeset	538	* If a server certificate is sent, there is no anonymity. However,
90ce3da70b43 Initial load duke parents: diff changeset	539	* when a certificate is sent, ephemeral keys may still be used to
90ce3da70b43 Initial load duke parents: diff changeset	540	* exchange the premaster secret. That's how RSA_EXPORT often works,
90ce3da70b43 Initial load duke parents: diff changeset	541	* as well as how the DHE_* flavors work.
90ce3da70b43 Initial load duke parents: diff changeset	542	*/
90ce3da70b43 Initial load duke parents: diff changeset	543	static abstract class ServerKeyExchange extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	544	{
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	545	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	546	int messageType() { return ht_server_key_exchange; }
90ce3da70b43 Initial load duke parents: diff changeset	547	}
90ce3da70b43 Initial load duke parents: diff changeset	548
90ce3da70b43 Initial load duke parents: diff changeset	549
90ce3da70b43 Initial load duke parents: diff changeset	550	/*
90ce3da70b43 Initial load duke parents: diff changeset	551	* Using RSA for Key Exchange: exchange a session key that's not as big
90ce3da70b43 Initial load duke parents: diff changeset	552	* as the signing-only key. Used for export applications, since exported
90ce3da70b43 Initial load duke parents: diff changeset	553	* RSA encryption keys can't be bigger than 512 bytes.
90ce3da70b43 Initial load duke parents: diff changeset	554	*
90ce3da70b43 Initial load duke parents: diff changeset	555	* This is never used when keys are 512 bits or smaller, and isn't used
90ce3da70b43 Initial load duke parents: diff changeset	556	* on "US Domestic" ciphers in any case.
90ce3da70b43 Initial load duke parents: diff changeset	557	*/
90ce3da70b43 Initial load duke parents: diff changeset	558	static final
90ce3da70b43 Initial load duke parents: diff changeset	559	class RSA_ServerKeyExchange extends ServerKeyExchange
90ce3da70b43 Initial load duke parents: diff changeset	560	{
90ce3da70b43 Initial load duke parents: diff changeset	561	private byte rsa_modulus[]; // 1 to 2^16 - 1 bytes
90ce3da70b43 Initial load duke parents: diff changeset	562	private byte rsa_exponent[]; // 1 to 2^16 - 1 bytes
90ce3da70b43 Initial load duke parents: diff changeset	563
90ce3da70b43 Initial load duke parents: diff changeset	564	private Signature signature;
90ce3da70b43 Initial load duke parents: diff changeset	565	private byte[] signatureBytes;
90ce3da70b43 Initial load duke parents: diff changeset	566
90ce3da70b43 Initial load duke parents: diff changeset	567	/*
90ce3da70b43 Initial load duke parents: diff changeset	568	* Hash the nonces and the ephemeral RSA public key.
90ce3da70b43 Initial load duke parents: diff changeset	569	*/
90ce3da70b43 Initial load duke parents: diff changeset	570	private void updateSignature(byte clntNonce[], byte svrNonce[])
90ce3da70b43 Initial load duke parents: diff changeset	571	throws SignatureException {
90ce3da70b43 Initial load duke parents: diff changeset	572	int tmp;
90ce3da70b43 Initial load duke parents: diff changeset	573
90ce3da70b43 Initial load duke parents: diff changeset	574	signature.update(clntNonce);
90ce3da70b43 Initial load duke parents: diff changeset	575	signature.update(svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	576
90ce3da70b43 Initial load duke parents: diff changeset	577	tmp = rsa_modulus.length;
90ce3da70b43 Initial load duke parents: diff changeset	578	signature.update((byte)(tmp >> 8));
90ce3da70b43 Initial load duke parents: diff changeset	579	signature.update((byte)(tmp & 0x0ff));
90ce3da70b43 Initial load duke parents: diff changeset	580	signature.update(rsa_modulus);
90ce3da70b43 Initial load duke parents: diff changeset	581
90ce3da70b43 Initial load duke parents: diff changeset	582	tmp = rsa_exponent.length;
90ce3da70b43 Initial load duke parents: diff changeset	583	signature.update((byte)(tmp >> 8));
90ce3da70b43 Initial load duke parents: diff changeset	584	signature.update((byte)(tmp & 0x0ff));
90ce3da70b43 Initial load duke parents: diff changeset	585	signature.update(rsa_exponent);
90ce3da70b43 Initial load duke parents: diff changeset	586	}
90ce3da70b43 Initial load duke parents: diff changeset	587
90ce3da70b43 Initial load duke parents: diff changeset	588
90ce3da70b43 Initial load duke parents: diff changeset	589	/*
90ce3da70b43 Initial load duke parents: diff changeset	590	* Construct an RSA server key exchange message, using data
90ce3da70b43 Initial load duke parents: diff changeset	591	* known _only_ to the server.
90ce3da70b43 Initial load duke parents: diff changeset	592	*
90ce3da70b43 Initial load duke parents: diff changeset	593	* The client knows the public key corresponding to this private
90ce3da70b43 Initial load duke parents: diff changeset	594	* key, from the Certificate message sent previously. To comply
90ce3da70b43 Initial load duke parents: diff changeset	595	* with US export regulations we use short RSA keys ... either
90ce3da70b43 Initial load duke parents: diff changeset	596	* long term ones in the server's X509 cert, or else ephemeral
90ce3da70b43 Initial load duke parents: diff changeset	597	* ones sent using this message.
90ce3da70b43 Initial load duke parents: diff changeset	598	*/
90ce3da70b43 Initial load duke parents: diff changeset	599	RSA_ServerKeyExchange(PublicKey ephemeralKey, PrivateKey privateKey,
90ce3da70b43 Initial load duke parents: diff changeset	600	RandomCookie clntNonce, RandomCookie svrNonce, SecureRandom sr)
90ce3da70b43 Initial load duke parents: diff changeset	601	throws GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	602	RSAPublicKeySpec rsaKey = JsseJce.getRSAPublicKeySpec(ephemeralKey);
90ce3da70b43 Initial load duke parents: diff changeset	603	rsa_modulus = toByteArray(rsaKey.getModulus());
90ce3da70b43 Initial load duke parents: diff changeset	604	rsa_exponent = toByteArray(rsaKey.getPublicExponent());
90ce3da70b43 Initial load duke parents: diff changeset	605	signature = RSASignature.getInstance();
90ce3da70b43 Initial load duke parents: diff changeset	606	signature.initSign(privateKey, sr);
90ce3da70b43 Initial load duke parents: diff changeset	607	updateSignature(clntNonce.random_bytes, svrNonce.random_bytes);
90ce3da70b43 Initial load duke parents: diff changeset	608	signatureBytes = signature.sign();
90ce3da70b43 Initial load duke parents: diff changeset	609	}
90ce3da70b43 Initial load duke parents: diff changeset	610
90ce3da70b43 Initial load duke parents: diff changeset	611
90ce3da70b43 Initial load duke parents: diff changeset	612	/*
90ce3da70b43 Initial load duke parents: diff changeset	613	* Parse an RSA server key exchange message, using data known
90ce3da70b43 Initial load duke parents: diff changeset	614	* to the client (and, in some situations, eavesdroppers).
90ce3da70b43 Initial load duke parents: diff changeset	615	*/
90ce3da70b43 Initial load duke parents: diff changeset	616	RSA_ServerKeyExchange(HandshakeInStream input)
90ce3da70b43 Initial load duke parents: diff changeset	617	throws IOException, NoSuchAlgorithmException {
90ce3da70b43 Initial load duke parents: diff changeset	618	signature = RSASignature.getInstance();
90ce3da70b43 Initial load duke parents: diff changeset	619	rsa_modulus = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	620	rsa_exponent = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	621	signatureBytes = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	622	}
90ce3da70b43 Initial load duke parents: diff changeset	623
90ce3da70b43 Initial load duke parents: diff changeset	624	/*
90ce3da70b43 Initial load duke parents: diff changeset	625	* Get the ephemeral RSA public key that will be used in this
90ce3da70b43 Initial load duke parents: diff changeset	626	* SSL connection.
90ce3da70b43 Initial load duke parents: diff changeset	627	*/
90ce3da70b43 Initial load duke parents: diff changeset	628	PublicKey getPublicKey() {
90ce3da70b43 Initial load duke parents: diff changeset	629	try {
90ce3da70b43 Initial load duke parents: diff changeset	630	KeyFactory kfac = JsseJce.getKeyFactory("RSA");
90ce3da70b43 Initial load duke parents: diff changeset	631	// modulus and exponent are always positive
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	632	RSAPublicKeySpec kspec = new RSAPublicKeySpec(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	633	new BigInteger(1, rsa_modulus),
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	634	new BigInteger(1, rsa_exponent));
2 90ce3da70b43 Initial load duke parents: diff changeset	635	return kfac.generatePublic(kspec);
90ce3da70b43 Initial load duke parents: diff changeset	636	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	637	throw new RuntimeException(e);
90ce3da70b43 Initial load duke parents: diff changeset	638	}
90ce3da70b43 Initial load duke parents: diff changeset	639	}
90ce3da70b43 Initial load duke parents: diff changeset	640
90ce3da70b43 Initial load duke parents: diff changeset	641	/*
90ce3da70b43 Initial load duke parents: diff changeset	642	* Verify the signed temporary key using the hashes computed
90ce3da70b43 Initial load duke parents: diff changeset	643	* from it and the two nonces. This is called by clients
90ce3da70b43 Initial load duke parents: diff changeset	644	* with "exportable" RSA flavors.
90ce3da70b43 Initial load duke parents: diff changeset	645	*/
90ce3da70b43 Initial load duke parents: diff changeset	646	boolean verify(PublicKey certifiedKey, RandomCookie clntNonce,
90ce3da70b43 Initial load duke parents: diff changeset	647	RandomCookie svrNonce) throws GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	648	signature.initVerify(certifiedKey);
90ce3da70b43 Initial load duke parents: diff changeset	649	updateSignature(clntNonce.random_bytes, svrNonce.random_bytes);
90ce3da70b43 Initial load duke parents: diff changeset	650	return signature.verify(signatureBytes);
90ce3da70b43 Initial load duke parents: diff changeset	651	}
90ce3da70b43 Initial load duke parents: diff changeset	652
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	653	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	654	int messageLength() {
90ce3da70b43 Initial load duke parents: diff changeset	655	return 6 + rsa_modulus.length + rsa_exponent.length
90ce3da70b43 Initial load duke parents: diff changeset	656	+ signatureBytes.length;
90ce3da70b43 Initial load duke parents: diff changeset	657	}
90ce3da70b43 Initial load duke parents: diff changeset	658
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	659	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	660	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	661	s.putBytes16(rsa_modulus);
90ce3da70b43 Initial load duke parents: diff changeset	662	s.putBytes16(rsa_exponent);
90ce3da70b43 Initial load duke parents: diff changeset	663	s.putBytes16(signatureBytes);
90ce3da70b43 Initial load duke parents: diff changeset	664	}
90ce3da70b43 Initial load duke parents: diff changeset	665
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	666	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	667	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	668	s.println("*** RSA ServerKeyExchange");
90ce3da70b43 Initial load duke parents: diff changeset	669
90ce3da70b43 Initial load duke parents: diff changeset	670	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	671	Debug.println(s, "RSA Modulus", rsa_modulus);
90ce3da70b43 Initial load duke parents: diff changeset	672	Debug.println(s, "RSA Public Exponent", rsa_exponent);
90ce3da70b43 Initial load duke parents: diff changeset	673	}
90ce3da70b43 Initial load duke parents: diff changeset	674	}
90ce3da70b43 Initial load duke parents: diff changeset	675	}
90ce3da70b43 Initial load duke parents: diff changeset	676
90ce3da70b43 Initial load duke parents: diff changeset	677
90ce3da70b43 Initial load duke parents: diff changeset	678	/*
90ce3da70b43 Initial load duke parents: diff changeset	679	* Using Diffie-Hellman algorithm for key exchange. All we really need to
90ce3da70b43 Initial load duke parents: diff changeset	680	* do is securely get Diffie-Hellman keys (using the same P, G parameters)
90ce3da70b43 Initial load duke parents: diff changeset	681	* to our peer, then we automatically have a shared secret without need
90ce3da70b43 Initial load duke parents: diff changeset	682	* to exchange any more data. (D-H only solutions, such as SKIP, could
90ce3da70b43 Initial load duke parents: diff changeset	683	* eliminate key exchange negotiations and get faster connection setup.
90ce3da70b43 Initial load duke parents: diff changeset	684	* But they still need a signature algorithm like DSS/DSA to support the
90ce3da70b43 Initial load duke parents: diff changeset	685	* trusted distribution of keys without relying on unscalable physical
90ce3da70b43 Initial load duke parents: diff changeset	686	* key distribution systems.)
90ce3da70b43 Initial load duke parents: diff changeset	687	*
90ce3da70b43 Initial load duke parents: diff changeset	688	* This class supports several DH-based key exchange algorithms, though
90ce3da70b43 Initial load duke parents: diff changeset	689	* perhaps eventually each deserves its own class. Notably, this has
90ce3da70b43 Initial load duke parents: diff changeset	690	* basic support for DH_anon and its DHE_DSS and DHE_RSA signed variants.
90ce3da70b43 Initial load duke parents: diff changeset	691	*/
90ce3da70b43 Initial load duke parents: diff changeset	692	static final
90ce3da70b43 Initial load duke parents: diff changeset	693	class DH_ServerKeyExchange extends ServerKeyExchange
90ce3da70b43 Initial load duke parents: diff changeset	694	{
90ce3da70b43 Initial load duke parents: diff changeset	695	// Fix message encoding, see 4348279
90ce3da70b43 Initial load duke parents: diff changeset	696	private final static boolean dhKeyExchangeFix =
90ce3da70b43 Initial load duke parents: diff changeset	697	Debug.getBooleanProperty("com.sun.net.ssl.dhKeyExchangeFix", true);
90ce3da70b43 Initial load duke parents: diff changeset	698
90ce3da70b43 Initial load duke parents: diff changeset	699	private byte dh_p []; // 1 to 2^16 - 1 bytes
90ce3da70b43 Initial load duke parents: diff changeset	700	private byte dh_g []; // 1 to 2^16 - 1 bytes
90ce3da70b43 Initial load duke parents: diff changeset	701	private byte dh_Ys []; // 1 to 2^16 - 1 bytes
90ce3da70b43 Initial load duke parents: diff changeset	702
90ce3da70b43 Initial load duke parents: diff changeset	703	private byte signature [];
90ce3da70b43 Initial load duke parents: diff changeset	704
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	705	// protocol version being established using this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	706	ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	707
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	708	// the preferable signature algorithm used by this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	709	private SignatureAndHashAlgorithm preferableSignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	710
2 90ce3da70b43 Initial load duke parents: diff changeset	711	/*
90ce3da70b43 Initial load duke parents: diff changeset	712	* Construct from initialized DH key object, for DH_anon
90ce3da70b43 Initial load duke parents: diff changeset	713	* key exchange.
90ce3da70b43 Initial load duke parents: diff changeset	714	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	715	DH_ServerKeyExchange(DHCrypt obj, ProtocolVersion protocolVersion) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	716	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	717	this.preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	718
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	719	// The DH key has been validated in the constructor of DHCrypt.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	720	setValues(obj);
2 90ce3da70b43 Initial load duke parents: diff changeset	721	signature = null;
90ce3da70b43 Initial load duke parents: diff changeset	722	}
90ce3da70b43 Initial load duke parents: diff changeset	723
90ce3da70b43 Initial load duke parents: diff changeset	724	/*
90ce3da70b43 Initial load duke parents: diff changeset	725	* Construct from initialized DH key object and the key associated
90ce3da70b43 Initial load duke parents: diff changeset	726	* with the cert chain which was sent ... for DHE_DSS and DHE_RSA
90ce3da70b43 Initial load duke parents: diff changeset	727	* key exchange. (Constructor called by server.)
90ce3da70b43 Initial load duke parents: diff changeset	728	*/
90ce3da70b43 Initial load duke parents: diff changeset	729	DH_ServerKeyExchange(DHCrypt obj, PrivateKey key, byte clntNonce[],
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	730	byte svrNonce[], SecureRandom sr,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	731	SignatureAndHashAlgorithm signAlgorithm,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	732	ProtocolVersion protocolVersion) throws GeneralSecurityException {
2 90ce3da70b43 Initial load duke parents: diff changeset	733
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	734	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	735
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	736	// The DH key has been validated in the constructor of DHCrypt.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	737	setValues(obj);
2 90ce3da70b43 Initial load duke parents: diff changeset	738
90ce3da70b43 Initial load duke parents: diff changeset	739	Signature sig;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	740	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	741	this.preferableSignatureAlgorithm = signAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	742	sig = JsseJce.getSignature(signAlgorithm.getAlgorithmName());
2 90ce3da70b43 Initial load duke parents: diff changeset	743	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	744	this.preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	745	if (key.getAlgorithm().equals("DSA")) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	746	sig = JsseJce.getSignature(JsseJce.SIGNATURE_DSA);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	747	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	748	sig = RSASignature.getInstance();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	749	}
2 90ce3da70b43 Initial load duke parents: diff changeset	750	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	751
2 90ce3da70b43 Initial load duke parents: diff changeset	752	sig.initSign(key, sr);
90ce3da70b43 Initial load duke parents: diff changeset	753	updateSignature(sig, clntNonce, svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	754	signature = sig.sign();
90ce3da70b43 Initial load duke parents: diff changeset	755	}
90ce3da70b43 Initial load duke parents: diff changeset	756
90ce3da70b43 Initial load duke parents: diff changeset	757	/*
90ce3da70b43 Initial load duke parents: diff changeset	758	* Construct a DH_ServerKeyExchange message from an input
90ce3da70b43 Initial load duke parents: diff changeset	759	* stream, as if sent from server to client for use with
90ce3da70b43 Initial load duke parents: diff changeset	760	* DH_anon key exchange
90ce3da70b43 Initial load duke parents: diff changeset	761	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	762	DH_ServerKeyExchange(HandshakeInStream input,
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	763	ProtocolVersion protocolVersion)
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	764	throws IOException, GeneralSecurityException {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	765
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	766	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	767	this.preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	768
2 90ce3da70b43 Initial load duke parents: diff changeset	769	dh_p = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	770	dh_g = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	771	dh_Ys = input.getBytes16();
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	772	KeyUtil.validate(new DHPublicKeySpec(new BigInteger(1, dh_Ys),
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	773	new BigInteger(1, dh_p),
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	774	new BigInteger(1, dh_g)));
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	775
2 90ce3da70b43 Initial load duke parents: diff changeset	776	signature = null;
90ce3da70b43 Initial load duke parents: diff changeset	777	}
90ce3da70b43 Initial load duke parents: diff changeset	778
90ce3da70b43 Initial load duke parents: diff changeset	779	/*
90ce3da70b43 Initial load duke parents: diff changeset	780	* Construct a DH_ServerKeyExchange message from an input stream
90ce3da70b43 Initial load duke parents: diff changeset	781	* and a certificate, as if sent from server to client for use with
90ce3da70b43 Initial load duke parents: diff changeset	782	* DHE_DSS or DHE_RSA key exchange. (Called by client.)
90ce3da70b43 Initial load duke parents: diff changeset	783	*/
90ce3da70b43 Initial load duke parents: diff changeset	784	DH_ServerKeyExchange(HandshakeInStream input, PublicKey publicKey,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	785	byte clntNonce[], byte svrNonce[], int messageSize,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	786	Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	787	ProtocolVersion protocolVersion)
2 90ce3da70b43 Initial load duke parents: diff changeset	788	throws IOException, GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	789
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	790	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	791
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	792	// read params: ServerDHParams
2 90ce3da70b43 Initial load duke parents: diff changeset	793	dh_p = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	794	dh_g = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	795	dh_Ys = input.getBytes16();
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	796	KeyUtil.validate(new DHPublicKeySpec(new BigInteger(1, dh_Ys),
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	797	new BigInteger(1, dh_p),
0e6266b88242 7192392: Better validation of client keys xuelei parents: 10336 diff changeset	798	new BigInteger(1, dh_g)));
2 90ce3da70b43 Initial load duke parents: diff changeset	799
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	800	// read the signature and hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	801	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	802	int hash = input.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	803	int signature = input.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	804
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	805	preferableSignatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	806	SignatureAndHashAlgorithm.valueOf(hash, signature, 0);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	807
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	808	// Is it a local supported signature algorithm?
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	809	if (!localSupportedSignAlgs.contains(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	810	preferableSignatureAlgorithm)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	811	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	812	"Unsupported SignatureAndHashAlgorithm in " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	813	"ServerKeyExchange message");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	814	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	815	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	816	this.preferableSignatureAlgorithm = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	817	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	818
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	819	// read the signature
2 90ce3da70b43 Initial load duke parents: diff changeset	820	byte signature[];
90ce3da70b43 Initial load duke parents: diff changeset	821	if (dhKeyExchangeFix) {
90ce3da70b43 Initial load duke parents: diff changeset	822	signature = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	823	} else {
90ce3da70b43 Initial load duke parents: diff changeset	824	messageSize -= (dh_p.length + 2);
90ce3da70b43 Initial load duke parents: diff changeset	825	messageSize -= (dh_g.length + 2);
90ce3da70b43 Initial load duke parents: diff changeset	826	messageSize -= (dh_Ys.length + 2);
90ce3da70b43 Initial load duke parents: diff changeset	827
90ce3da70b43 Initial load duke parents: diff changeset	828	signature = new byte[messageSize];
90ce3da70b43 Initial load duke parents: diff changeset	829	input.read(signature);
90ce3da70b43 Initial load duke parents: diff changeset	830	}
90ce3da70b43 Initial load duke parents: diff changeset	831
90ce3da70b43 Initial load duke parents: diff changeset	832	Signature sig;
90ce3da70b43 Initial load duke parents: diff changeset	833	String algorithm = publicKey.getAlgorithm();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	834	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	835	sig = JsseJce.getSignature(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	836	preferableSignatureAlgorithm.getAlgorithmName());
2 90ce3da70b43 Initial load duke parents: diff changeset	837	} else {
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	838	switch (algorithm) {
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	839	case "DSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	840	sig = JsseJce.getSignature(JsseJce.SIGNATURE_DSA);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	841	break;
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	842	case "RSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	843	sig = RSASignature.getInstance();
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	844	break;
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	845	default:
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	846	throw new SSLKeyException("neither an RSA or a DSA key");
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	847	}
2 90ce3da70b43 Initial load duke parents: diff changeset	848	}
90ce3da70b43 Initial load duke parents: diff changeset	849
90ce3da70b43 Initial load duke parents: diff changeset	850	sig.initVerify(publicKey);
90ce3da70b43 Initial load duke parents: diff changeset	851	updateSignature(sig, clntNonce, svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	852
90ce3da70b43 Initial load duke parents: diff changeset	853	if (sig.verify(signature) == false ) {
90ce3da70b43 Initial load duke parents: diff changeset	854	throw new SSLKeyException("Server D-H key verification failed");
90ce3da70b43 Initial load duke parents: diff changeset	855	}
90ce3da70b43 Initial load duke parents: diff changeset	856	}
90ce3da70b43 Initial load duke parents: diff changeset	857
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	858	/* Return the Diffie-Hellman modulus */
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	859	BigInteger getModulus() {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	860	return new BigInteger(1, dh_p);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	861	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	862
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	863	/* Return the Diffie-Hellman base/generator */
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	864	BigInteger getBase() {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	865	return new BigInteger(1, dh_g);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	866	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	867
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	868	/* Return the server's Diffie-Hellman public key */
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	869	BigInteger getServerPublicKey() {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	870	return new BigInteger(1, dh_Ys);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	871	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	872
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	873	/*
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	874	* Update sig with nonces and Diffie-Hellman public key.
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	875	*/
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	876	private void updateSignature(Signature sig, byte clntNonce[],
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	877	byte svrNonce[]) throws SignatureException {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	878	int tmp;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	879
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	880	sig.update(clntNonce);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	881	sig.update(svrNonce);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	882
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	883	tmp = dh_p.length;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	884	sig.update((byte)(tmp >> 8));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	885	sig.update((byte)(tmp & 0x0ff));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	886	sig.update(dh_p);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	887
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	888	tmp = dh_g.length;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	889	sig.update((byte)(tmp >> 8));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	890	sig.update((byte)(tmp & 0x0ff));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	891	sig.update(dh_g);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	892
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	893	tmp = dh_Ys.length;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	894	sig.update((byte)(tmp >> 8));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	895	sig.update((byte)(tmp & 0x0ff));
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	896	sig.update(dh_Ys);
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	897	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	898
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	899	private void setValues(DHCrypt obj) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	900	dh_p = toByteArray(obj.getModulus());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	901	dh_g = toByteArray(obj.getBase());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	902	dh_Ys = toByteArray(obj.getPublicKey());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	903	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	904
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	905	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	906	int messageLength() {
90ce3da70b43 Initial load duke parents: diff changeset	907	int temp = 6; // overhead for p, g, y(s) values.
90ce3da70b43 Initial load duke parents: diff changeset	908
90ce3da70b43 Initial load duke parents: diff changeset	909	temp += dh_p.length;
90ce3da70b43 Initial load duke parents: diff changeset	910	temp += dh_g.length;
90ce3da70b43 Initial load duke parents: diff changeset	911	temp += dh_Ys.length;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	912
2 90ce3da70b43 Initial load duke parents: diff changeset	913	if (signature != null) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	914	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	915	temp += SignatureAndHashAlgorithm.sizeInRecord();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	916	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	917
2 90ce3da70b43 Initial load duke parents: diff changeset	918	temp += signature.length;
90ce3da70b43 Initial load duke parents: diff changeset	919	if (dhKeyExchangeFix) {
90ce3da70b43 Initial load duke parents: diff changeset	920	temp += 2;
90ce3da70b43 Initial load duke parents: diff changeset	921	}
90ce3da70b43 Initial load duke parents: diff changeset	922	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	923
2 90ce3da70b43 Initial load duke parents: diff changeset	924	return temp;
90ce3da70b43 Initial load duke parents: diff changeset	925	}
90ce3da70b43 Initial load duke parents: diff changeset	926
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	927	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	928	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	929	s.putBytes16(dh_p);
90ce3da70b43 Initial load duke parents: diff changeset	930	s.putBytes16(dh_g);
90ce3da70b43 Initial load duke parents: diff changeset	931	s.putBytes16(dh_Ys);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	932
2 90ce3da70b43 Initial load duke parents: diff changeset	933	if (signature != null) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	934	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	935	s.putInt8(preferableSignatureAlgorithm.getHashValue());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	936	s.putInt8(preferableSignatureAlgorithm.getSignatureValue());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	937	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	938
2 90ce3da70b43 Initial load duke parents: diff changeset	939	if (dhKeyExchangeFix) {
90ce3da70b43 Initial load duke parents: diff changeset	940	s.putBytes16(signature);
90ce3da70b43 Initial load duke parents: diff changeset	941	} else {
90ce3da70b43 Initial load duke parents: diff changeset	942	s.write(signature);
90ce3da70b43 Initial load duke parents: diff changeset	943	}
90ce3da70b43 Initial load duke parents: diff changeset	944	}
90ce3da70b43 Initial load duke parents: diff changeset	945	}
90ce3da70b43 Initial load duke parents: diff changeset	946
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	947	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	948	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	949	s.println("*** Diffie-Hellman ServerKeyExchange");
90ce3da70b43 Initial load duke parents: diff changeset	950
90ce3da70b43 Initial load duke parents: diff changeset	951	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	952	Debug.println(s, "DH Modulus", dh_p);
90ce3da70b43 Initial load duke parents: diff changeset	953	Debug.println(s, "DH Base", dh_g);
90ce3da70b43 Initial load duke parents: diff changeset	954	Debug.println(s, "Server DH Public Key", dh_Ys);
90ce3da70b43 Initial load duke parents: diff changeset	955
90ce3da70b43 Initial load duke parents: diff changeset	956	if (signature == null) {
90ce3da70b43 Initial load duke parents: diff changeset	957	s.println("Anonymous");
90ce3da70b43 Initial load duke parents: diff changeset	958	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	959	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	960	s.println("Signature Algorithm " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	961	preferableSignatureAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	962	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	963
2 90ce3da70b43 Initial load duke parents: diff changeset	964	s.println("Signed with a DSA or RSA public key");
90ce3da70b43 Initial load duke parents: diff changeset	965	}
90ce3da70b43 Initial load duke parents: diff changeset	966	}
90ce3da70b43 Initial load duke parents: diff changeset	967	}
90ce3da70b43 Initial load duke parents: diff changeset	968	}
90ce3da70b43 Initial load duke parents: diff changeset	969
90ce3da70b43 Initial load duke parents: diff changeset	970	/*
90ce3da70b43 Initial load duke parents: diff changeset	971	* ECDH server key exchange message. Sent by the server for ECDHE and ECDH_anon
90ce3da70b43 Initial load duke parents: diff changeset	972	* ciphersuites to communicate its ephemeral public key (including the
90ce3da70b43 Initial load duke parents: diff changeset	973	* EC domain parameters).
90ce3da70b43 Initial load duke parents: diff changeset	974	*
90ce3da70b43 Initial load duke parents: diff changeset	975	* We support named curves only, no explicitly encoded curves.
90ce3da70b43 Initial load duke parents: diff changeset	976	*/
90ce3da70b43 Initial load duke parents: diff changeset	977	static final
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	978	class ECDH_ServerKeyExchange extends ServerKeyExchange {
2 90ce3da70b43 Initial load duke parents: diff changeset	979
90ce3da70b43 Initial load duke parents: diff changeset	980	// constants for ECCurveType
90ce3da70b43 Initial load duke parents: diff changeset	981	private final static int CURVE_EXPLICIT_PRIME = 1;
90ce3da70b43 Initial load duke parents: diff changeset	982	private final static int CURVE_EXPLICIT_CHAR2 = 2;
90ce3da70b43 Initial load duke parents: diff changeset	983	private final static int CURVE_NAMED_CURVE = 3;
90ce3da70b43 Initial load duke parents: diff changeset	984
90ce3da70b43 Initial load duke parents: diff changeset	985	// id of the curve we are using
90ce3da70b43 Initial load duke parents: diff changeset	986	private int curveId;
90ce3da70b43 Initial load duke parents: diff changeset	987	// encoded public point
90ce3da70b43 Initial load duke parents: diff changeset	988	private byte[] pointBytes;
90ce3da70b43 Initial load duke parents: diff changeset	989
90ce3da70b43 Initial load duke parents: diff changeset	990	// signature bytes (or null if anonymous)
90ce3da70b43 Initial load duke parents: diff changeset	991	private byte[] signatureBytes;
90ce3da70b43 Initial load duke parents: diff changeset	992
90ce3da70b43 Initial load duke parents: diff changeset	993	// public key object encapsulated in this message
90ce3da70b43 Initial load duke parents: diff changeset	994	private ECPublicKey publicKey;
90ce3da70b43 Initial load duke parents: diff changeset	995
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	996	// protocol version being established using this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	997	ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	998
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	999	// the preferable signature algorithm used by this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1000	private SignatureAndHashAlgorithm preferableSignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1001
2 90ce3da70b43 Initial load duke parents: diff changeset	1002	ECDH_ServerKeyExchange(ECDHCrypt obj, PrivateKey privateKey,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1003	byte[] clntNonce, byte[] svrNonce, SecureRandom sr,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1004	SignatureAndHashAlgorithm signAlgorithm,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1005	ProtocolVersion protocolVersion) throws GeneralSecurityException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1006
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1007	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1008
2 90ce3da70b43 Initial load duke parents: diff changeset	1009	publicKey = (ECPublicKey)obj.getPublicKey();
90ce3da70b43 Initial load duke parents: diff changeset	1010	ECParameterSpec params = publicKey.getParams();
90ce3da70b43 Initial load duke parents: diff changeset	1011	ECPoint point = publicKey.getW();
90ce3da70b43 Initial load duke parents: diff changeset	1012	pointBytes = JsseJce.encodePoint(point, params.getCurve());
90ce3da70b43 Initial load duke parents: diff changeset	1013	curveId = SupportedEllipticCurvesExtension.getCurveIndex(params);
90ce3da70b43 Initial load duke parents: diff changeset	1014
90ce3da70b43 Initial load duke parents: diff changeset	1015	if (privateKey == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1016	// ECDH_anon
90ce3da70b43 Initial load duke parents: diff changeset	1017	return;
90ce3da70b43 Initial load duke parents: diff changeset	1018	}
90ce3da70b43 Initial load duke parents: diff changeset	1019
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1020	Signature sig;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1021	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1022	this.preferableSignatureAlgorithm = signAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1023	sig = JsseJce.getSignature(signAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1024	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1025	sig = getSignature(privateKey.getAlgorithm());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1026	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1027	sig.initSign(privateKey); // where is the SecureRandom?
2 90ce3da70b43 Initial load duke parents: diff changeset	1028
90ce3da70b43 Initial load duke parents: diff changeset	1029	updateSignature(sig, clntNonce, svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1030	signatureBytes = sig.sign();
90ce3da70b43 Initial load duke parents: diff changeset	1031	}
90ce3da70b43 Initial load duke parents: diff changeset	1032
90ce3da70b43 Initial load duke parents: diff changeset	1033	/*
90ce3da70b43 Initial load duke parents: diff changeset	1034	* Parse an ECDH server key exchange message.
90ce3da70b43 Initial load duke parents: diff changeset	1035	*/
90ce3da70b43 Initial load duke parents: diff changeset	1036	ECDH_ServerKeyExchange(HandshakeInStream input, PublicKey signingKey,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1037	byte[] clntNonce, byte[] svrNonce,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1038	Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1039	ProtocolVersion protocolVersion)
2 90ce3da70b43 Initial load duke parents: diff changeset	1040	throws IOException, GeneralSecurityException {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1041
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1042	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1043
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1044	// read params: ServerECDHParams
2 90ce3da70b43 Initial load duke parents: diff changeset	1045	int curveType = input.getInt8();
90ce3da70b43 Initial load duke parents: diff changeset	1046	ECParameterSpec parameters;
90ce3da70b43 Initial load duke parents: diff changeset	1047	// These parsing errors should never occur as we negotiated
90ce3da70b43 Initial load duke parents: diff changeset	1048	// the supported curves during the exchange of the Hello messages.
90ce3da70b43 Initial load duke parents: diff changeset	1049	if (curveType == CURVE_NAMED_CURVE) {
90ce3da70b43 Initial load duke parents: diff changeset	1050	curveId = input.getInt16();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1051	if (SupportedEllipticCurvesExtension.isSupported(curveId)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1052	== false) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1053	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1054	"Unsupported curveId: " + curveId);
2 90ce3da70b43 Initial load duke parents: diff changeset	1055	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1056	String curveOid =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1057	SupportedEllipticCurvesExtension.getCurveOid(curveId);
2 90ce3da70b43 Initial load duke parents: diff changeset	1058	if (curveOid == null) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1059	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1060	"Unknown named curve: " + curveId);
2 90ce3da70b43 Initial load duke parents: diff changeset	1061	}
90ce3da70b43 Initial load duke parents: diff changeset	1062	parameters = JsseJce.getECParameterSpec(curveOid);
90ce3da70b43 Initial load duke parents: diff changeset	1063	if (parameters == null) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1064	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1065	"Unsupported curve: " + curveOid);
2 90ce3da70b43 Initial load duke parents: diff changeset	1066	}
90ce3da70b43 Initial load duke parents: diff changeset	1067	} else {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1068	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1069	"Unsupported ECCurveType: " + curveType);
2 90ce3da70b43 Initial load duke parents: diff changeset	1070	}
90ce3da70b43 Initial load duke parents: diff changeset	1071	pointBytes = input.getBytes8();
90ce3da70b43 Initial load duke parents: diff changeset	1072
90ce3da70b43 Initial load duke parents: diff changeset	1073	ECPoint point = JsseJce.decodePoint(pointBytes, parameters.getCurve());
90ce3da70b43 Initial load duke parents: diff changeset	1074	KeyFactory factory = JsseJce.getKeyFactory("EC");
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1075	publicKey = (ECPublicKey)factory.generatePublic(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1076	new ECPublicKeySpec(point, parameters));
2 90ce3da70b43 Initial load duke parents: diff changeset	1077
90ce3da70b43 Initial load duke parents: diff changeset	1078	if (signingKey == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1079	// ECDH_anon
90ce3da70b43 Initial load duke parents: diff changeset	1080	return;
90ce3da70b43 Initial load duke parents: diff changeset	1081	}
90ce3da70b43 Initial load duke parents: diff changeset	1082
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1083	// read the signature and hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1084	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1085	int hash = input.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1086	int signature = input.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1087
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1088	preferableSignatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1089	SignatureAndHashAlgorithm.valueOf(hash, signature, 0);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1090
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1091	// Is it a local supported signature algorithm?
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1092	if (!localSupportedSignAlgs.contains(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1093	preferableSignatureAlgorithm)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1094	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1095	"Unsupported SignatureAndHashAlgorithm in " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1096	"ServerKeyExchange message");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1097	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1098	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1099
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1100	// read the signature
2 90ce3da70b43 Initial load duke parents: diff changeset	1101	signatureBytes = input.getBytes16();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1102
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1103	// verify the signature
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1104	Signature sig;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1105	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1106	sig = JsseJce.getSignature(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1107	preferableSignatureAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1108	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1109	sig = getSignature(signingKey.getAlgorithm());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1110	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1111	sig.initVerify(signingKey);
90ce3da70b43 Initial load duke parents: diff changeset	1112
90ce3da70b43 Initial load duke parents: diff changeset	1113	updateSignature(sig, clntNonce, svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1114
90ce3da70b43 Initial load duke parents: diff changeset	1115	if (sig.verify(signatureBytes) == false ) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1116	throw new SSLKeyException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1117	"Invalid signature on ECDH server key exchange message");
2 90ce3da70b43 Initial load duke parents: diff changeset	1118	}
90ce3da70b43 Initial load duke parents: diff changeset	1119	}
90ce3da70b43 Initial load duke parents: diff changeset	1120
90ce3da70b43 Initial load duke parents: diff changeset	1121	/*
90ce3da70b43 Initial load duke parents: diff changeset	1122	* Get the ephemeral EC public key encapsulated in this message.
90ce3da70b43 Initial load duke parents: diff changeset	1123	*/
90ce3da70b43 Initial load duke parents: diff changeset	1124	ECPublicKey getPublicKey() {
90ce3da70b43 Initial load duke parents: diff changeset	1125	return publicKey;
90ce3da70b43 Initial load duke parents: diff changeset	1126	}
90ce3da70b43 Initial load duke parents: diff changeset	1127
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1128	private static Signature getSignature(String keyAlgorithm)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1129	throws NoSuchAlgorithmException {
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1130	switch (keyAlgorithm) {
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1131	case "EC":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1132	return JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1133	case "RSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1134	return RSASignature.getInstance();
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1135	default:
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1136	throw new NoSuchAlgorithmException("neither an RSA or a EC key");
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1137	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1138	}
90ce3da70b43 Initial load duke parents: diff changeset	1139
90ce3da70b43 Initial load duke parents: diff changeset	1140	private void updateSignature(Signature sig, byte clntNonce[],
90ce3da70b43 Initial load duke parents: diff changeset	1141	byte svrNonce[]) throws SignatureException {
90ce3da70b43 Initial load duke parents: diff changeset	1142	sig.update(clntNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1143	sig.update(svrNonce);
90ce3da70b43 Initial load duke parents: diff changeset	1144
90ce3da70b43 Initial load duke parents: diff changeset	1145	sig.update((byte)CURVE_NAMED_CURVE);
90ce3da70b43 Initial load duke parents: diff changeset	1146	sig.update((byte)(curveId >> 8));
90ce3da70b43 Initial load duke parents: diff changeset	1147	sig.update((byte)curveId);
90ce3da70b43 Initial load duke parents: diff changeset	1148	sig.update((byte)pointBytes.length);
90ce3da70b43 Initial load duke parents: diff changeset	1149	sig.update(pointBytes);
90ce3da70b43 Initial load duke parents: diff changeset	1150	}
90ce3da70b43 Initial load duke parents: diff changeset	1151
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1152	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1153	int messageLength() {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1154	int sigLen = 0;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1155	if (signatureBytes != null) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1156	sigLen = 2 + signatureBytes.length;
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1157	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1158	sigLen += SignatureAndHashAlgorithm.sizeInRecord();
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1159	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1160	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1161
2 90ce3da70b43 Initial load duke parents: diff changeset	1162	return 4 + pointBytes.length + sigLen;
90ce3da70b43 Initial load duke parents: diff changeset	1163	}
90ce3da70b43 Initial load duke parents: diff changeset	1164
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1165	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1166	void send(HandshakeOutStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1167	s.putInt8(CURVE_NAMED_CURVE);
90ce3da70b43 Initial load duke parents: diff changeset	1168	s.putInt16(curveId);
90ce3da70b43 Initial load duke parents: diff changeset	1169	s.putBytes8(pointBytes);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1170
2 90ce3da70b43 Initial load duke parents: diff changeset	1171	if (signatureBytes != null) {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1172	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1173	s.putInt8(preferableSignatureAlgorithm.getHashValue());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1174	s.putInt8(preferableSignatureAlgorithm.getSignatureValue());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1175	}
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1176
2 90ce3da70b43 Initial load duke parents: diff changeset	1177	s.putBytes16(signatureBytes);
90ce3da70b43 Initial load duke parents: diff changeset	1178	}
90ce3da70b43 Initial load duke parents: diff changeset	1179	}
90ce3da70b43 Initial load duke parents: diff changeset	1180
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1181	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1182	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1183	s.println("*** ECDH ServerKeyExchange");
90ce3da70b43 Initial load duke parents: diff changeset	1184
90ce3da70b43 Initial load duke parents: diff changeset	1185	if (debug != null && Debug.isOn("verbose")) {
8991 7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1186	if (signatureBytes == null) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1187	s.println("Anonymous");
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1188	} else {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1189	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1190	s.println("Signature Algorithm " +
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1191	preferableSignatureAlgorithm.getAlgorithmName());
7df5283fd3b8 7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 xuelei parents: 7990 diff changeset	1192	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1193	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1194
2 90ce3da70b43 Initial load duke parents: diff changeset	1195	s.println("Server key: " + publicKey);
90ce3da70b43 Initial load duke parents: diff changeset	1196	}
90ce3da70b43 Initial load duke parents: diff changeset	1197	}
90ce3da70b43 Initial load duke parents: diff changeset	1198	}
90ce3da70b43 Initial load duke parents: diff changeset	1199
90ce3da70b43 Initial load duke parents: diff changeset	1200	static final class DistinguishedName {
90ce3da70b43 Initial load duke parents: diff changeset	1201
90ce3da70b43 Initial load duke parents: diff changeset	1202	/*
90ce3da70b43 Initial load duke parents: diff changeset	1203	* DER encoded distinguished name.
90ce3da70b43 Initial load duke parents: diff changeset	1204	* TLS requires that its not longer than 65535 bytes.
90ce3da70b43 Initial load duke parents: diff changeset	1205	*/
90ce3da70b43 Initial load duke parents: diff changeset	1206	byte name[];
90ce3da70b43 Initial load duke parents: diff changeset	1207
90ce3da70b43 Initial load duke parents: diff changeset	1208	DistinguishedName(HandshakeInStream input) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1209	name = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1210	}
90ce3da70b43 Initial load duke parents: diff changeset	1211
90ce3da70b43 Initial load duke parents: diff changeset	1212	DistinguishedName(X500Principal dn) {
90ce3da70b43 Initial load duke parents: diff changeset	1213	name = dn.getEncoded();
90ce3da70b43 Initial load duke parents: diff changeset	1214	}
90ce3da70b43 Initial load duke parents: diff changeset	1215
90ce3da70b43 Initial load duke parents: diff changeset	1216	X500Principal getX500Principal() throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1217	try {
90ce3da70b43 Initial load duke parents: diff changeset	1218	return new X500Principal(name);
90ce3da70b43 Initial load duke parents: diff changeset	1219	} catch (IllegalArgumentException e) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1220	throw (SSLProtocolException)new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1221	e.getMessage()).initCause(e);
2 90ce3da70b43 Initial load duke parents: diff changeset	1222	}
90ce3da70b43 Initial load duke parents: diff changeset	1223	}
90ce3da70b43 Initial load duke parents: diff changeset	1224
90ce3da70b43 Initial load duke parents: diff changeset	1225	int length() {
90ce3da70b43 Initial load duke parents: diff changeset	1226	return 2 + name.length;
90ce3da70b43 Initial load duke parents: diff changeset	1227	}
90ce3da70b43 Initial load duke parents: diff changeset	1228
90ce3da70b43 Initial load duke parents: diff changeset	1229	void send(HandshakeOutStream output) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1230	output.putBytes16(name);
90ce3da70b43 Initial load duke parents: diff changeset	1231	}
90ce3da70b43 Initial load duke parents: diff changeset	1232
90ce3da70b43 Initial load duke parents: diff changeset	1233	void print(PrintStream output) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1234	X500Principal principal = new X500Principal(name);
90ce3da70b43 Initial load duke parents: diff changeset	1235	output.println("<" + principal.toString() + ">");
90ce3da70b43 Initial load duke parents: diff changeset	1236	}
90ce3da70b43 Initial load duke parents: diff changeset	1237	}
90ce3da70b43 Initial load duke parents: diff changeset	1238
90ce3da70b43 Initial load duke parents: diff changeset	1239	/*
90ce3da70b43 Initial load duke parents: diff changeset	1240	* CertificateRequest ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	1241	*
90ce3da70b43 Initial load duke parents: diff changeset	1242	* Authenticated servers may ask clients to authenticate themselves
90ce3da70b43 Initial load duke parents: diff changeset	1243	* in turn, using this message.
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1244	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1245	* Prior to TLS 1.2, the structure of the message is defined as:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1246	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1247	* ClientCertificateType certificate_types<1..2^8-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1248	* DistinguishedName certificate_authorities<0..2^16-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1249	* } CertificateRequest;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1250	*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1251	* In TLS 1.2, the structure is changed to:
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1252	* struct {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1253	* ClientCertificateType certificate_types<1..2^8-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1254	* SignatureAndHashAlgorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1255	* supported_signature_algorithms<2^16-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1256	* DistinguishedName certificate_authorities<0..2^16-1>;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1257	* } CertificateRequest;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1258	*
2 90ce3da70b43 Initial load duke parents: diff changeset	1259	*/
90ce3da70b43 Initial load duke parents: diff changeset	1260	static final
90ce3da70b43 Initial load duke parents: diff changeset	1261	class CertificateRequest extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	1262	{
90ce3da70b43 Initial load duke parents: diff changeset	1263	// enum ClientCertificateType
90ce3da70b43 Initial load duke parents: diff changeset	1264	static final int cct_rsa_sign = 1;
90ce3da70b43 Initial load duke parents: diff changeset	1265	static final int cct_dss_sign = 2;
90ce3da70b43 Initial load duke parents: diff changeset	1266	static final int cct_rsa_fixed_dh = 3;
90ce3da70b43 Initial load duke parents: diff changeset	1267	static final int cct_dss_fixed_dh = 4;
90ce3da70b43 Initial load duke parents: diff changeset	1268
90ce3da70b43 Initial load duke parents: diff changeset	1269	// The existance of these two values is a bug in the SSL specification.
90ce3da70b43 Initial load duke parents: diff changeset	1270	// They are never used in the protocol.
90ce3da70b43 Initial load duke parents: diff changeset	1271	static final int cct_rsa_ephemeral_dh = 5;
90ce3da70b43 Initial load duke parents: diff changeset	1272	static final int cct_dss_ephemeral_dh = 6;
90ce3da70b43 Initial load duke parents: diff changeset	1273
90ce3da70b43 Initial load duke parents: diff changeset	1274	// From RFC 4492 (ECC)
90ce3da70b43 Initial load duke parents: diff changeset	1275	static final int cct_ecdsa_sign = 64;
90ce3da70b43 Initial load duke parents: diff changeset	1276	static final int cct_rsa_fixed_ecdh = 65;
90ce3da70b43 Initial load duke parents: diff changeset	1277	static final int cct_ecdsa_fixed_ecdh = 66;
90ce3da70b43 Initial load duke parents: diff changeset	1278
90ce3da70b43 Initial load duke parents: diff changeset	1279	private final static byte[] TYPES_NO_ECC = { cct_rsa_sign, cct_dss_sign };
90ce3da70b43 Initial load duke parents: diff changeset	1280	private final static byte[] TYPES_ECC =
90ce3da70b43 Initial load duke parents: diff changeset	1281	{ cct_rsa_sign, cct_dss_sign, cct_ecdsa_sign };
90ce3da70b43 Initial load duke parents: diff changeset	1282
90ce3da70b43 Initial load duke parents: diff changeset	1283	byte types []; // 1 to 255 types
90ce3da70b43 Initial load duke parents: diff changeset	1284	DistinguishedName authorities []; // 3 to 2^16 - 1
90ce3da70b43 Initial load duke parents: diff changeset	1285	// ... "3" because that's the smallest DER-encoded X500 DN
90ce3da70b43 Initial load duke parents: diff changeset	1286
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1287	// protocol version being established using this CertificateRequest message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1288	ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1289
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1290	// supported_signature_algorithms for TLS 1.2 or later
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1291	private Collection<SignatureAndHashAlgorithm> algorithms;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1292
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1293	// length of supported_signature_algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1294	private int algorithmsLen;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1295
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1296	CertificateRequest(X509Certificate ca[], KeyExchange keyExchange,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1297	Collection<SignatureAndHashAlgorithm> signAlgs,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1298	ProtocolVersion protocolVersion) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1299
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1300	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1301
2 90ce3da70b43 Initial load duke parents: diff changeset	1302	// always use X500Principal
90ce3da70b43 Initial load duke parents: diff changeset	1303	authorities = new DistinguishedName[ca.length];
90ce3da70b43 Initial load duke parents: diff changeset	1304	for (int i = 0; i < ca.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	1305	X500Principal x500Principal = ca[i].getSubjectX500Principal();
90ce3da70b43 Initial load duke parents: diff changeset	1306	authorities[i] = new DistinguishedName(x500Principal);
90ce3da70b43 Initial load duke parents: diff changeset	1307	}
90ce3da70b43 Initial load duke parents: diff changeset	1308	// we support RSA, DSS, and ECDSA client authentication and they
90ce3da70b43 Initial load duke parents: diff changeset	1309	// can be used with all ciphersuites. If this changes, the code
90ce3da70b43 Initial load duke parents: diff changeset	1310	// needs to be adapted to take keyExchange into account.
90ce3da70b43 Initial load duke parents: diff changeset	1311	// We only request ECDSA client auth if we have ECC crypto available.
90ce3da70b43 Initial load duke parents: diff changeset	1312	this.types = JsseJce.isEcAvailable() ? TYPES_ECC : TYPES_NO_ECC;
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1313
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1314	// Use supported_signature_algorithms for TLS 1.2 or later.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1315	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1316	if (signAlgs == null \|\| signAlgs.isEmpty()) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1317	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1318	"No supported signature algorithms");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1319	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1320
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1321	algorithms = new ArrayList<SignatureAndHashAlgorithm>(signAlgs);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1322	algorithmsLen =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1323	SignatureAndHashAlgorithm.sizeInRecord() * algorithms.size();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1324	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1325	algorithms = new ArrayList<SignatureAndHashAlgorithm>();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1326	algorithmsLen = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1327	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1328	}
90ce3da70b43 Initial load duke parents: diff changeset	1329
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1330	CertificateRequest(HandshakeInStream input,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1331	ProtocolVersion protocolVersion) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1332
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1333	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1334
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1335	// Read the certificate_types.
2 90ce3da70b43 Initial load duke parents: diff changeset	1336	types = input.getBytes8();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1337
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1338	// Read the supported_signature_algorithms for TLS 1.2 or later.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1339	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1340	algorithmsLen = input.getInt16();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1341	if (algorithmsLen < 2) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1342	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1343	"Invalid supported_signature_algorithms field");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1344	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1345
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1346	algorithms = new ArrayList<SignatureAndHashAlgorithm>();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1347	int remains = algorithmsLen;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1348	int sequence = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1349	while (remains > 1) { // needs at least two bytes
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1350	int hash = input.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1351	int signature = input.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1352
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1353	SignatureAndHashAlgorithm algorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1354	SignatureAndHashAlgorithm.valueOf(hash, signature,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1355	++sequence);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1356	algorithms.add(algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1357	remains -= 2; // one byte for hash, one byte for signature
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1358	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1359
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1360	if (remains != 0) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1361	throw new SSLProtocolException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1362	"Invalid supported_signature_algorithms field");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1363	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1364	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1365	algorithms = new ArrayList<SignatureAndHashAlgorithm>();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1366	algorithmsLen = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1367	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1368
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1369	// read the certificate_authorities
2 90ce3da70b43 Initial load duke parents: diff changeset	1370	int len = input.getInt16();
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	1371	ArrayList<DistinguishedName> v = new ArrayList<>();
2 90ce3da70b43 Initial load duke parents: diff changeset	1372	while (len >= 3) {
90ce3da70b43 Initial load duke parents: diff changeset	1373	DistinguishedName dn = new DistinguishedName(input);
90ce3da70b43 Initial load duke parents: diff changeset	1374	v.add(dn);
90ce3da70b43 Initial load duke parents: diff changeset	1375	len -= dn.length();
90ce3da70b43 Initial load duke parents: diff changeset	1376	}
90ce3da70b43 Initial load duke parents: diff changeset	1377
90ce3da70b43 Initial load duke parents: diff changeset	1378	if (len != 0) {
90ce3da70b43 Initial load duke parents: diff changeset	1379	throw new SSLProtocolException("Bad CertificateRequest DN length");
90ce3da70b43 Initial load duke parents: diff changeset	1380	}
90ce3da70b43 Initial load duke parents: diff changeset	1381
90ce3da70b43 Initial load duke parents: diff changeset	1382	authorities = v.toArray(new DistinguishedName[v.size()]);
90ce3da70b43 Initial load duke parents: diff changeset	1383	}
90ce3da70b43 Initial load duke parents: diff changeset	1384
90ce3da70b43 Initial load duke parents: diff changeset	1385	X500Principal[] getAuthorities() throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1386	X500Principal[] ret = new X500Principal[authorities.length];
90ce3da70b43 Initial load duke parents: diff changeset	1387	for (int i = 0; i < authorities.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	1388	ret[i] = authorities[i].getX500Principal();
90ce3da70b43 Initial load duke parents: diff changeset	1389	}
90ce3da70b43 Initial load duke parents: diff changeset	1390	return ret;
90ce3da70b43 Initial load duke parents: diff changeset	1391	}
90ce3da70b43 Initial load duke parents: diff changeset	1392
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1393	Collection<SignatureAndHashAlgorithm> getSignAlgorithms() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1394	return algorithms;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1395	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1396
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1397	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1398	int messageType() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1399	return ht_certificate_request;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1400	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1401
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1402	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1403	int messageLength() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1404	int len = 1 + types.length + 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1405
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1406	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1407	len += algorithmsLen + 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1408	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1409
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1410	for (int i = 0; i < authorities.length; i++) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1411	len += authorities[i].length();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1412	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1413
2 90ce3da70b43 Initial load duke parents: diff changeset	1414	return len;
90ce3da70b43 Initial load duke parents: diff changeset	1415	}
90ce3da70b43 Initial load duke parents: diff changeset	1416
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1417	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1418	void send(HandshakeOutStream output) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1419	// put certificate_types
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1420	output.putBytes8(types);
2 90ce3da70b43 Initial load duke parents: diff changeset	1421
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1422	// put supported_signature_algorithms
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1423	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1424	output.putInt16(algorithmsLen);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1425	for (SignatureAndHashAlgorithm algorithm : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1426	output.putInt8(algorithm.getHashValue()); // hash
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1427	output.putInt8(algorithm.getSignatureValue()); // signature
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1428	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1429	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1430
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1431	// put certificate_authorities
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1432	int len = 0;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1433	for (int i = 0; i < authorities.length; i++) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1434	len += authorities[i].length();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1435	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1436
90ce3da70b43 Initial load duke parents: diff changeset	1437	output.putInt16(len);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1438	for (int i = 0; i < authorities.length; i++) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1439	authorities[i].send(output);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1440	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1441	}
90ce3da70b43 Initial load duke parents: diff changeset	1442
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1443	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1444	void print(PrintStream s) throws IOException {
2 90ce3da70b43 Initial load duke parents: diff changeset	1445	s.println("*** CertificateRequest");
90ce3da70b43 Initial load duke parents: diff changeset	1446
90ce3da70b43 Initial load duke parents: diff changeset	1447	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	1448	s.print("Cert Types: ");
90ce3da70b43 Initial load duke parents: diff changeset	1449	for (int i = 0; i < types.length; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	1450	switch (types[i]) {
90ce3da70b43 Initial load duke parents: diff changeset	1451	case cct_rsa_sign:
90ce3da70b43 Initial load duke parents: diff changeset	1452	s.print("RSA"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1453	case cct_dss_sign:
90ce3da70b43 Initial load duke parents: diff changeset	1454	s.print("DSS"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1455	case cct_rsa_fixed_dh:
90ce3da70b43 Initial load duke parents: diff changeset	1456	s.print("Fixed DH (RSA sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1457	case cct_dss_fixed_dh:
90ce3da70b43 Initial load duke parents: diff changeset	1458	s.print("Fixed DH (DSS sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1459	case cct_rsa_ephemeral_dh:
90ce3da70b43 Initial load duke parents: diff changeset	1460	s.print("Ephemeral DH (RSA sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1461	case cct_dss_ephemeral_dh:
90ce3da70b43 Initial load duke parents: diff changeset	1462	s.print("Ephemeral DH (DSS sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1463	case cct_ecdsa_sign:
90ce3da70b43 Initial load duke parents: diff changeset	1464	s.print("ECDSA"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1465	case cct_rsa_fixed_ecdh:
90ce3da70b43 Initial load duke parents: diff changeset	1466	s.print("Fixed ECDH (RSA sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1467	case cct_ecdsa_fixed_ecdh:
90ce3da70b43 Initial load duke parents: diff changeset	1468	s.print("Fixed ECDH (ECDSA sig)"); break;
90ce3da70b43 Initial load duke parents: diff changeset	1469	default:
90ce3da70b43 Initial load duke parents: diff changeset	1470	s.print("Type-" + (types[i] & 0xff)); break;
90ce3da70b43 Initial load duke parents: diff changeset	1471	}
90ce3da70b43 Initial load duke parents: diff changeset	1472	if (i != types.length - 1) {
90ce3da70b43 Initial load duke parents: diff changeset	1473	s.print(", ");
90ce3da70b43 Initial load duke parents: diff changeset	1474	}
90ce3da70b43 Initial load duke parents: diff changeset	1475	}
90ce3da70b43 Initial load duke parents: diff changeset	1476	s.println();
90ce3da70b43 Initial load duke parents: diff changeset	1477
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1478	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
24969 afa6934dd8e8 8041679: Replace uses of StringBuffer with StringBuilder within core library classes psandoz parents: 16100 diff changeset	1479	StringBuilder sb = new StringBuilder();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1480	boolean opened = false;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1481	for (SignatureAndHashAlgorithm signAlg : algorithms) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1482	if (opened) {
27957 24b4e6082f19 8055723: Replace concat String to append in StringBuilder parameters (dev) weijun parents: 27804 diff changeset	1483	sb.append(", ").append(signAlg.getAlgorithmName());
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1484	} else {
24969 afa6934dd8e8 8041679: Replace uses of StringBuffer with StringBuilder within core library classes psandoz parents: 16100 diff changeset	1485	sb.append(signAlg.getAlgorithmName());
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1486	opened = true;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1487	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1488	}
24969 afa6934dd8e8 8041679: Replace uses of StringBuffer with StringBuilder within core library classes psandoz parents: 16100 diff changeset	1489	s.println("Supported Signature Algorithms: " + sb);
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1490	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1491
2 90ce3da70b43 Initial load duke parents: diff changeset	1492	s.println("Cert Authorities:");
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1493	if (authorities.length == 0) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1494	s.println("<Empty>");
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1495	} else {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1496	for (int i = 0; i < authorities.length; i++) {
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1497	authorities[i].print(s);
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1498	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 6856 diff changeset	1499	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1500	}
90ce3da70b43 Initial load duke parents: diff changeset	1501	}
90ce3da70b43 Initial load duke parents: diff changeset	1502	}
90ce3da70b43 Initial load duke parents: diff changeset	1503
90ce3da70b43 Initial load duke parents: diff changeset	1504
90ce3da70b43 Initial load duke parents: diff changeset	1505	/*
90ce3da70b43 Initial load duke parents: diff changeset	1506	* ServerHelloDone ... SERVER --> CLIENT
90ce3da70b43 Initial load duke parents: diff changeset	1507	*
90ce3da70b43 Initial load duke parents: diff changeset	1508	* When server's done sending its messages in response to the client's
90ce3da70b43 Initial load duke parents: diff changeset	1509	* "hello" (e.g. its own hello, certificate, key exchange message, perhaps
90ce3da70b43 Initial load duke parents: diff changeset	1510	* client certificate request) it sends this message to flag that it's
90ce3da70b43 Initial load duke parents: diff changeset	1511	* done that part of the handshake.
90ce3da70b43 Initial load duke parents: diff changeset	1512	*/
90ce3da70b43 Initial load duke parents: diff changeset	1513	static final
90ce3da70b43 Initial load duke parents: diff changeset	1514	class ServerHelloDone extends HandshakeMessage
90ce3da70b43 Initial load duke parents: diff changeset	1515	{
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1516	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1517	int messageType() { return ht_server_hello_done; }
90ce3da70b43 Initial load duke parents: diff changeset	1518
90ce3da70b43 Initial load duke parents: diff changeset	1519	ServerHelloDone() { }
90ce3da70b43 Initial load duke parents: diff changeset	1520
90ce3da70b43 Initial load duke parents: diff changeset	1521	ServerHelloDone(HandshakeInStream input)
90ce3da70b43 Initial load duke parents: diff changeset	1522	{
90ce3da70b43 Initial load duke parents: diff changeset	1523	// nothing to do
90ce3da70b43 Initial load duke parents: diff changeset	1524	}
90ce3da70b43 Initial load duke parents: diff changeset	1525
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1526	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1527	int messageLength()
90ce3da70b43 Initial load duke parents: diff changeset	1528	{
90ce3da70b43 Initial load duke parents: diff changeset	1529	return 0;
90ce3da70b43 Initial load duke parents: diff changeset	1530	}
90ce3da70b43 Initial load duke parents: diff changeset	1531
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1532	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1533	void send(HandshakeOutStream s) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	1534	{
90ce3da70b43 Initial load duke parents: diff changeset	1535	// nothing to send
90ce3da70b43 Initial load duke parents: diff changeset	1536	}
90ce3da70b43 Initial load duke parents: diff changeset	1537
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1538	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1539	void print(PrintStream s) throws IOException
90ce3da70b43 Initial load duke parents: diff changeset	1540	{
90ce3da70b43 Initial load duke parents: diff changeset	1541	s.println("*** ServerHelloDone");
90ce3da70b43 Initial load duke parents: diff changeset	1542	}
90ce3da70b43 Initial load duke parents: diff changeset	1543	}
90ce3da70b43 Initial load duke parents: diff changeset	1544
90ce3da70b43 Initial load duke parents: diff changeset	1545
90ce3da70b43 Initial load duke parents: diff changeset	1546	/*
90ce3da70b43 Initial load duke parents: diff changeset	1547	* CertificateVerify ... CLIENT --> SERVER
90ce3da70b43 Initial load duke parents: diff changeset	1548	*
90ce3da70b43 Initial load duke parents: diff changeset	1549	* Sent after client sends signature-capable certificates (e.g. not
90ce3da70b43 Initial load duke parents: diff changeset	1550	* Diffie-Hellman) to verify.
90ce3da70b43 Initial load duke parents: diff changeset	1551	*/
90ce3da70b43 Initial load duke parents: diff changeset	1552	static final class CertificateVerify extends HandshakeMessage {
90ce3da70b43 Initial load duke parents: diff changeset	1553
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1554	// the signature bytes
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1555	private byte[] signature;
2 90ce3da70b43 Initial load duke parents: diff changeset	1556
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1557	// protocol version being established using this ServerKeyExchange message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1558	ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1559
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1560	// the preferable signature algorithm used by this CertificateVerify message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1561	private SignatureAndHashAlgorithm preferableSignatureAlgorithm = null;
2 90ce3da70b43 Initial load duke parents: diff changeset	1562
90ce3da70b43 Initial load duke parents: diff changeset	1563	/*
90ce3da70b43 Initial load duke parents: diff changeset	1564	* Create an RSA or DSA signed certificate verify message.
90ce3da70b43 Initial load duke parents: diff changeset	1565	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1566	CertificateVerify(ProtocolVersion protocolVersion,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1567	HandshakeHash handshakeHash, PrivateKey privateKey,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1568	SecretKey masterSecret, SecureRandom sr,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1569	SignatureAndHashAlgorithm signAlgorithm)
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1570	throws GeneralSecurityException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1571
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1572	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1573
2 90ce3da70b43 Initial load duke parents: diff changeset	1574	String algorithm = privateKey.getAlgorithm();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1575	Signature sig = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1576	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1577	this.preferableSignatureAlgorithm = signAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1578	sig = JsseJce.getSignature(signAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1579	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1580	sig = getSignature(protocolVersion, algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1581	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1582	sig.initSign(privateKey, sr);
90ce3da70b43 Initial load duke parents: diff changeset	1583	updateSignature(sig, protocolVersion, handshakeHash, algorithm,
90ce3da70b43 Initial load duke parents: diff changeset	1584	masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	1585	signature = sig.sign();
90ce3da70b43 Initial load duke parents: diff changeset	1586	}
90ce3da70b43 Initial load duke parents: diff changeset	1587
90ce3da70b43 Initial load duke parents: diff changeset	1588	//
90ce3da70b43 Initial load duke parents: diff changeset	1589	// Unmarshal the signed data from the input stream.
90ce3da70b43 Initial load duke parents: diff changeset	1590	//
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1591	CertificateVerify(HandshakeInStream input,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1592	Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1593	ProtocolVersion protocolVersion) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1594
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1595	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1596
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1597	// read the signature and hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1598	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1599	int hashAlg = input.getInt8(); // hash algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1600	int signAlg = input.getInt8(); // signature algorithm
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1601
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1602	preferableSignatureAlgorithm =
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1603	SignatureAndHashAlgorithm.valueOf(hashAlg, signAlg, 0);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1604
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1605	// Is it a local supported signature algorithm?
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1606	if (!localSupportedSignAlgs.contains(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1607	preferableSignatureAlgorithm)) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1608	throw new SSLHandshakeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1609	"Unsupported SignatureAndHashAlgorithm in " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1610	"ServerKeyExchange message");
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1611	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1612	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1613
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1614	// read the signature
2 90ce3da70b43 Initial load duke parents: diff changeset	1615	signature = input.getBytes16();
90ce3da70b43 Initial load duke parents: diff changeset	1616	}
90ce3da70b43 Initial load duke parents: diff changeset	1617
90ce3da70b43 Initial load duke parents: diff changeset	1618	/*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1619	* Get the preferable signature algorithm used by this message
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1620	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1621	SignatureAndHashAlgorithm getPreferableSignatureAlgorithm() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1622	return preferableSignatureAlgorithm;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1623	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1624
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1625	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	1626	* Verify a certificate verify message. Return the result of verification,
90ce3da70b43 Initial load duke parents: diff changeset	1627	* if there is a problem throw a GeneralSecurityException.
90ce3da70b43 Initial load duke parents: diff changeset	1628	*/
90ce3da70b43 Initial load duke parents: diff changeset	1629	boolean verify(ProtocolVersion protocolVersion,
90ce3da70b43 Initial load duke parents: diff changeset	1630	HandshakeHash handshakeHash, PublicKey publicKey,
90ce3da70b43 Initial load duke parents: diff changeset	1631	SecretKey masterSecret) throws GeneralSecurityException {
90ce3da70b43 Initial load duke parents: diff changeset	1632	String algorithm = publicKey.getAlgorithm();
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1633	Signature sig = null;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1634	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1635	sig = JsseJce.getSignature(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1636	preferableSignatureAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1637	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1638	sig = getSignature(protocolVersion, algorithm);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1639	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1640	sig.initVerify(publicKey);
90ce3da70b43 Initial load duke parents: diff changeset	1641	updateSignature(sig, protocolVersion, handshakeHash, algorithm,
90ce3da70b43 Initial load duke parents: diff changeset	1642	masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	1643	return sig.verify(signature);
90ce3da70b43 Initial load duke parents: diff changeset	1644	}
90ce3da70b43 Initial load duke parents: diff changeset	1645
90ce3da70b43 Initial load duke parents: diff changeset	1646	/*
90ce3da70b43 Initial load duke parents: diff changeset	1647	* Get the Signature object appropriate for verification using the
90ce3da70b43 Initial load duke parents: diff changeset	1648	* given signature algorithm and protocol version.
90ce3da70b43 Initial load duke parents: diff changeset	1649	*/
90ce3da70b43 Initial load duke parents: diff changeset	1650	private static Signature getSignature(ProtocolVersion protocolVersion,
90ce3da70b43 Initial load duke parents: diff changeset	1651	String algorithm) throws GeneralSecurityException {
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1652	switch (algorithm) {
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1653	case "RSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1654	return RSASignature.getInternalInstance();
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1655	case "DSA":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1656	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1657	case "EC":
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1658	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1659	default:
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1660	throw new SignatureException("Unrecognized algorithm: "
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1661	+ algorithm);
0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1662	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1663	}
90ce3da70b43 Initial load duke parents: diff changeset	1664
90ce3da70b43 Initial load duke parents: diff changeset	1665	/*
90ce3da70b43 Initial load duke parents: diff changeset	1666	* Update the Signature with the data appropriate for the given
90ce3da70b43 Initial load duke parents: diff changeset	1667	* signature algorithm and protocol version so that the object is
90ce3da70b43 Initial load duke parents: diff changeset	1668	* ready for signing or verifying.
90ce3da70b43 Initial load duke parents: diff changeset	1669	*/
90ce3da70b43 Initial load duke parents: diff changeset	1670	private static void updateSignature(Signature sig,
90ce3da70b43 Initial load duke parents: diff changeset	1671	ProtocolVersion protocolVersion,
90ce3da70b43 Initial load duke parents: diff changeset	1672	HandshakeHash handshakeHash, String algorithm, SecretKey masterKey)
90ce3da70b43 Initial load duke parents: diff changeset	1673	throws SignatureException {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1674
2 90ce3da70b43 Initial load duke parents: diff changeset	1675	if (algorithm.equals("RSA")) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1676	if (protocolVersion.v < ProtocolVersion.TLS12.v) { // TLS1.1-
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1677	MessageDigest md5Clone = handshakeHash.getMD5Clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1678	MessageDigest shaClone = handshakeHash.getSHAClone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1679
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1680	if (protocolVersion.v < ProtocolVersion.TLS10.v) { // SSLv3
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1681	updateDigest(md5Clone, MD5_pad1, MD5_pad2, masterKey);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1682	updateDigest(shaClone, SHA_pad1, SHA_pad2, masterKey);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1683	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1684
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1685	// The signature must be an instance of RSASignature, need
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1686	// to use these hashes directly.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1687	RSASignature.setHashes(sig, md5Clone, shaClone);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1688	} else { // TLS1.2+
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1689	sig.update(handshakeHash.getAllHandshakeMessages());
2 90ce3da70b43 Initial load duke parents: diff changeset	1690	}
90ce3da70b43 Initial load duke parents: diff changeset	1691	} else { // DSA, ECDSA
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1692	if (protocolVersion.v < ProtocolVersion.TLS12.v) { // TLS1.1-
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1693	MessageDigest shaClone = handshakeHash.getSHAClone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1694
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1695	if (protocolVersion.v < ProtocolVersion.TLS10.v) { // SSLv3
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1696	updateDigest(shaClone, SHA_pad1, SHA_pad2, masterKey);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1697	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1698
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1699	sig.update(shaClone.digest());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1700	} else { // TLS1.2+
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1701	sig.update(handshakeHash.getAllHandshakeMessages());
2 90ce3da70b43 Initial load duke parents: diff changeset	1702	}
90ce3da70b43 Initial load duke parents: diff changeset	1703	}
90ce3da70b43 Initial load duke parents: diff changeset	1704	}
90ce3da70b43 Initial load duke parents: diff changeset	1705
90ce3da70b43 Initial load duke parents: diff changeset	1706	/*
90ce3da70b43 Initial load duke parents: diff changeset	1707	* Update the MessageDigest for SSLv3 certificate verify or finished
90ce3da70b43 Initial load duke parents: diff changeset	1708	* message calculation. The digest must already have been updated with
90ce3da70b43 Initial load duke parents: diff changeset	1709	* all preceding handshake messages.
90ce3da70b43 Initial load duke parents: diff changeset	1710	* Used by the Finished class as well.
90ce3da70b43 Initial load duke parents: diff changeset	1711	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1712	private static void updateDigest(MessageDigest md,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1713	byte[] pad1, byte[] pad2,
2 90ce3da70b43 Initial load duke parents: diff changeset	1714	SecretKey masterSecret) {
90ce3da70b43 Initial load duke parents: diff changeset	1715	// Digest the key bytes if available.
90ce3da70b43 Initial load duke parents: diff changeset	1716	// Otherwise (sensitive key), try digesting the key directly.
90ce3da70b43 Initial load duke parents: diff changeset	1717	// That is currently only implemented in SunPKCS11 using a private
90ce3da70b43 Initial load duke parents: diff changeset	1718	// reflection API, so we avoid that if possible.
90ce3da70b43 Initial load duke parents: diff changeset	1719	byte[] keyBytes = "RAW".equals(masterSecret.getFormat())
90ce3da70b43 Initial load duke parents: diff changeset	1720	? masterSecret.getEncoded() : null;
90ce3da70b43 Initial load duke parents: diff changeset	1721	if (keyBytes != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1722	md.update(keyBytes);
90ce3da70b43 Initial load duke parents: diff changeset	1723	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1724	digestKey(md, masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	1725	}
90ce3da70b43 Initial load duke parents: diff changeset	1726	md.update(pad1);
90ce3da70b43 Initial load duke parents: diff changeset	1727	byte[] temp = md.digest();
90ce3da70b43 Initial load duke parents: diff changeset	1728
90ce3da70b43 Initial load duke parents: diff changeset	1729	if (keyBytes != null) {
90ce3da70b43 Initial load duke parents: diff changeset	1730	md.update(keyBytes);
90ce3da70b43 Initial load duke parents: diff changeset	1731	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1732	digestKey(md, masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	1733	}
90ce3da70b43 Initial load duke parents: diff changeset	1734	md.update(pad2);
90ce3da70b43 Initial load duke parents: diff changeset	1735	md.update(temp);
90ce3da70b43 Initial load duke parents: diff changeset	1736	}
90ce3da70b43 Initial load duke parents: diff changeset	1737
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1738	private final static Class<?> delegate;
2 90ce3da70b43 Initial load duke parents: diff changeset	1739	private final static Field spiField;
90ce3da70b43 Initial load duke parents: diff changeset	1740
90ce3da70b43 Initial load duke parents: diff changeset	1741	static {
90ce3da70b43 Initial load duke parents: diff changeset	1742	try {
90ce3da70b43 Initial load duke parents: diff changeset	1743	delegate = Class.forName("java.security.MessageDigest$Delegate");
90ce3da70b43 Initial load duke parents: diff changeset	1744	spiField = delegate.getDeclaredField("digestSpi");
90ce3da70b43 Initial load duke parents: diff changeset	1745	} catch (Exception e) {
90ce3da70b43 Initial load duke parents: diff changeset	1746	throw new RuntimeException("Reflection failed", e);
90ce3da70b43 Initial load duke parents: diff changeset	1747	}
90ce3da70b43 Initial load duke parents: diff changeset	1748	makeAccessible(spiField);
90ce3da70b43 Initial load duke parents: diff changeset	1749	}
90ce3da70b43 Initial load duke parents: diff changeset	1750
90ce3da70b43 Initial load duke parents: diff changeset	1751	private static void makeAccessible(final AccessibleObject o) {
90ce3da70b43 Initial load duke parents: diff changeset	1752	AccessController.doPrivileged(new PrivilegedAction<Object>() {
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 14194 diff changeset	1753	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1754	public Object run() {
90ce3da70b43 Initial load duke parents: diff changeset	1755	o.setAccessible(true);
90ce3da70b43 Initial load duke parents: diff changeset	1756	return null;
90ce3da70b43 Initial load duke parents: diff changeset	1757	}
90ce3da70b43 Initial load duke parents: diff changeset	1758	});
90ce3da70b43 Initial load duke parents: diff changeset	1759	}
90ce3da70b43 Initial load duke parents: diff changeset	1760
90ce3da70b43 Initial load duke parents: diff changeset	1761	// ConcurrentHashMap does not allow null values, use this marker object
90ce3da70b43 Initial load duke parents: diff changeset	1762	private final static Object NULL_OBJECT = new Object();
90ce3da70b43 Initial load duke parents: diff changeset	1763
90ce3da70b43 Initial load duke parents: diff changeset	1764	// cache Method objects per Spi class
90ce3da70b43 Initial load duke parents: diff changeset	1765	// Note that this will prevent the Spi classes from being GC'd. We assume
90ce3da70b43 Initial load duke parents: diff changeset	1766	// that is not a problem.
10336 0bb1999251f8 7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror jjg parents: 8991 diff changeset	1767	private final static Map<Class<?>,Object> methodCache =
7990 57019dc81b66 7012003: diamond conversion for ssl smarks parents: 7043 diff changeset	1768	new ConcurrentHashMap<>();
2 90ce3da70b43 Initial load duke parents: diff changeset	1769
90ce3da70b43 Initial load duke parents: diff changeset	1770	private static void digestKey(MessageDigest md, SecretKey key) {
90ce3da70b43 Initial load duke parents: diff changeset	1771	try {
90ce3da70b43 Initial load duke parents: diff changeset	1772	// Verify that md is implemented via MessageDigestSpi, not
90ce3da70b43 Initial load duke parents: diff changeset	1773	// via JDK 1.1 style MessageDigest subclassing.
90ce3da70b43 Initial load duke parents: diff changeset	1774	if (md.getClass() != delegate) {
90ce3da70b43 Initial load duke parents: diff changeset	1775	throw new Exception("Digest is not a MessageDigestSpi");
90ce3da70b43 Initial load duke parents: diff changeset	1776	}
90ce3da70b43 Initial load duke parents: diff changeset	1777	MessageDigestSpi spi = (MessageDigestSpi)spiField.get(md);
90ce3da70b43 Initial load duke parents: diff changeset	1778	Class<?> clazz = spi.getClass();
90ce3da70b43 Initial load duke parents: diff changeset	1779	Object r = methodCache.get(clazz);
90ce3da70b43 Initial load duke parents: diff changeset	1780	if (r == null) {
90ce3da70b43 Initial load duke parents: diff changeset	1781	try {
90ce3da70b43 Initial load duke parents: diff changeset	1782	r = clazz.getDeclaredMethod("implUpdate", SecretKey.class);
90ce3da70b43 Initial load duke parents: diff changeset	1783	makeAccessible((Method)r);
90ce3da70b43 Initial load duke parents: diff changeset	1784	} catch (NoSuchMethodException e) {
90ce3da70b43 Initial load duke parents: diff changeset	1785	r = NULL_OBJECT;
90ce3da70b43 Initial load duke parents: diff changeset	1786	}
90ce3da70b43 Initial load duke parents: diff changeset	1787	methodCache.put(clazz, r);
90ce3da70b43 Initial load duke parents: diff changeset	1788	}
90ce3da70b43 Initial load duke parents: diff changeset	1789	if (r == NULL_OBJECT) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1790	throw new Exception(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1791	"Digest does not support implUpdate(SecretKey)");
2 90ce3da70b43 Initial load duke parents: diff changeset	1792	}
90ce3da70b43 Initial load duke parents: diff changeset	1793	Method update = (Method)r;
90ce3da70b43 Initial load duke parents: diff changeset	1794	update.invoke(spi, key);
90ce3da70b43 Initial load duke parents: diff changeset	1795	} catch (Exception e) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1796	throw new RuntimeException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1797	"Could not obtain encoded key and "
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1798	+ "MessageDigest cannot digest key", e);
2 90ce3da70b43 Initial load duke parents: diff changeset	1799	}
90ce3da70b43 Initial load duke parents: diff changeset	1800	}
90ce3da70b43 Initial load duke parents: diff changeset	1801
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1802	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1803	int messageType() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1804	return ht_certificate_verify;
2 90ce3da70b43 Initial load duke parents: diff changeset	1805	}
90ce3da70b43 Initial load duke parents: diff changeset	1806
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1807	@Override
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1808	int messageLength() {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1809	int temp = 2;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1810
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1811	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1812	temp += SignatureAndHashAlgorithm.sizeInRecord();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1813	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1814
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1815	return temp + signature.length;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1816	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1817
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1818	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1819	void send(HandshakeOutStream s) throws IOException {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1820	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1821	s.putInt8(preferableSignatureAlgorithm.getHashValue());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1822	s.putInt8(preferableSignatureAlgorithm.getSignatureValue());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1823	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1824
2 90ce3da70b43 Initial load duke parents: diff changeset	1825	s.putBytes16(signature);
90ce3da70b43 Initial load duke parents: diff changeset	1826	}
90ce3da70b43 Initial load duke parents: diff changeset	1827
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1828	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	1829	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	1830	s.println("*** CertificateVerify");
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1831
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1832	if (debug != null && Debug.isOn("verbose")) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1833	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1834	s.println("Signature Algorithm " +
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1835	preferableSignatureAlgorithm.getAlgorithmName());
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1836	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1837	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1838	}
90ce3da70b43 Initial load duke parents: diff changeset	1839	}
90ce3da70b43 Initial load duke parents: diff changeset	1840
90ce3da70b43 Initial load duke parents: diff changeset	1841
90ce3da70b43 Initial load duke parents: diff changeset	1842	/*
90ce3da70b43 Initial load duke parents: diff changeset	1843	* FINISHED ... sent by both CLIENT and SERVER
90ce3da70b43 Initial load duke parents: diff changeset	1844	*
90ce3da70b43 Initial load duke parents: diff changeset	1845	* This is the FINISHED message as defined in the SSL and TLS protocols.
90ce3da70b43 Initial load duke parents: diff changeset	1846	* Both protocols define this handshake message slightly differently.
90ce3da70b43 Initial load duke parents: diff changeset	1847	* This class supports both formats.
90ce3da70b43 Initial load duke parents: diff changeset	1848	*
90ce3da70b43 Initial load duke parents: diff changeset	1849	* When handshaking is finished, each side sends a "change_cipher_spec"
90ce3da70b43 Initial load duke parents: diff changeset	1850	* record, then immediately sends a "finished" handshake message prepared
90ce3da70b43 Initial load duke parents: diff changeset	1851	* according to the newly adopted cipher spec.
90ce3da70b43 Initial load duke parents: diff changeset	1852	*
90ce3da70b43 Initial load duke parents: diff changeset	1853	* NOTE that until this is sent, no application data may be passed, unless
90ce3da70b43 Initial load duke parents: diff changeset	1854	* some non-default cipher suite has already been set up on this connection
90ce3da70b43 Initial load duke parents: diff changeset	1855	* connection (e.g. a previous handshake arranged one).
90ce3da70b43 Initial load duke parents: diff changeset	1856	*/
90ce3da70b43 Initial load duke parents: diff changeset	1857	static final class Finished extends HandshakeMessage {
90ce3da70b43 Initial load duke parents: diff changeset	1858
90ce3da70b43 Initial load duke parents: diff changeset	1859	// constant for a Finished message sent by the client
90ce3da70b43 Initial load duke parents: diff changeset	1860	final static int CLIENT = 1;
90ce3da70b43 Initial load duke parents: diff changeset	1861
90ce3da70b43 Initial load duke parents: diff changeset	1862	// constant for a Finished message sent by the server
90ce3da70b43 Initial load duke parents: diff changeset	1863	final static int SERVER = 2;
90ce3da70b43 Initial load duke parents: diff changeset	1864
90ce3da70b43 Initial load duke parents: diff changeset	1865	// enum Sender: "CLNT" and "SRVR"
90ce3da70b43 Initial load duke parents: diff changeset	1866	private static final byte[] SSL_CLIENT = { 0x43, 0x4C, 0x4E, 0x54 };
90ce3da70b43 Initial load duke parents: diff changeset	1867	private static final byte[] SSL_SERVER = { 0x53, 0x52, 0x56, 0x52 };
90ce3da70b43 Initial load duke parents: diff changeset	1868
90ce3da70b43 Initial load duke parents: diff changeset	1869	/*
90ce3da70b43 Initial load duke parents: diff changeset	1870	* Contents of the finished message ("checksum"). For TLS, it
90ce3da70b43 Initial load duke parents: diff changeset	1871	* is 12 bytes long, for SSLv3 36 bytes.
90ce3da70b43 Initial load duke parents: diff changeset	1872	*/
90ce3da70b43 Initial load duke parents: diff changeset	1873	private byte[] verifyData;
90ce3da70b43 Initial load duke parents: diff changeset	1874
90ce3da70b43 Initial load duke parents: diff changeset	1875	/*
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1876	* Current cipher suite we are negotiating. TLS 1.2 has
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1877	* ciphersuite-defined PRF algorithms.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1878	*/
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1879	private ProtocolVersion protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1880	private CipherSuite cipherSuite;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1881
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1882	/*
2 90ce3da70b43 Initial load duke parents: diff changeset	1883	* Create a finished message to send to the remote peer.
90ce3da70b43 Initial load duke parents: diff changeset	1884	*/
90ce3da70b43 Initial load duke parents: diff changeset	1885	Finished(ProtocolVersion protocolVersion, HandshakeHash handshakeHash,
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1886	int sender, SecretKey master, CipherSuite cipherSuite) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1887	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1888	this.cipherSuite = cipherSuite;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1889	verifyData = getFinished(handshakeHash, sender, master);
2 90ce3da70b43 Initial load duke parents: diff changeset	1890	}
90ce3da70b43 Initial load duke parents: diff changeset	1891
90ce3da70b43 Initial load duke parents: diff changeset	1892	/*
90ce3da70b43 Initial load duke parents: diff changeset	1893	* Constructor that reads FINISHED message from stream.
90ce3da70b43 Initial load duke parents: diff changeset	1894	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1895	Finished(ProtocolVersion protocolVersion, HandshakeInStream input,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1896	CipherSuite cipherSuite) throws IOException {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1897	this.protocolVersion = protocolVersion;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1898	this.cipherSuite = cipherSuite;
2 90ce3da70b43 Initial load duke parents: diff changeset	1899	int msgLen = (protocolVersion.v >= ProtocolVersion.TLS10.v) ? 12 : 36;
90ce3da70b43 Initial load duke parents: diff changeset	1900	verifyData = new byte[msgLen];
90ce3da70b43 Initial load duke parents: diff changeset	1901	input.read(verifyData);
90ce3da70b43 Initial load duke parents: diff changeset	1902	}
90ce3da70b43 Initial load duke parents: diff changeset	1903
90ce3da70b43 Initial load duke parents: diff changeset	1904	/*
90ce3da70b43 Initial load duke parents: diff changeset	1905	* Verify that the hashes here are what would have been produced
90ce3da70b43 Initial load duke parents: diff changeset	1906	* according to a given set of inputs. This is used to ensure that
90ce3da70b43 Initial load duke parents: diff changeset	1907	* both client and server are fully in sync, and that the handshake
90ce3da70b43 Initial load duke parents: diff changeset	1908	* computations have been successful.
90ce3da70b43 Initial load duke parents: diff changeset	1909	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1910	boolean verify(HandshakeHash handshakeHash, int sender, SecretKey master) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1911	byte[] myFinished = getFinished(handshakeHash, sender, master);
2 90ce3da70b43 Initial load duke parents: diff changeset	1912	return Arrays.equals(myFinished, verifyData);
90ce3da70b43 Initial load duke parents: diff changeset	1913	}
90ce3da70b43 Initial load duke parents: diff changeset	1914
90ce3da70b43 Initial load duke parents: diff changeset	1915	/*
90ce3da70b43 Initial load duke parents: diff changeset	1916	* Perform the actual finished message calculation.
90ce3da70b43 Initial load duke parents: diff changeset	1917	*/
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1918	private byte[] getFinished(HandshakeHash handshakeHash,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1919	int sender, SecretKey masterKey) {
2 90ce3da70b43 Initial load duke parents: diff changeset	1920	byte[] sslLabel;
90ce3da70b43 Initial load duke parents: diff changeset	1921	String tlsLabel;
90ce3da70b43 Initial load duke parents: diff changeset	1922	if (sender == CLIENT) {
90ce3da70b43 Initial load duke parents: diff changeset	1923	sslLabel = SSL_CLIENT;
90ce3da70b43 Initial load duke parents: diff changeset	1924	tlsLabel = "client finished";
90ce3da70b43 Initial load duke parents: diff changeset	1925	} else if (sender == SERVER) {
90ce3da70b43 Initial load duke parents: diff changeset	1926	sslLabel = SSL_SERVER;
90ce3da70b43 Initial load duke parents: diff changeset	1927	tlsLabel = "server finished";
90ce3da70b43 Initial load duke parents: diff changeset	1928	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1929	throw new RuntimeException("Invalid sender: " + sender);
90ce3da70b43 Initial load duke parents: diff changeset	1930	}
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1931
2 90ce3da70b43 Initial load duke parents: diff changeset	1932	if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1933	// TLS 1.0+
2 90ce3da70b43 Initial load duke parents: diff changeset	1934	try {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1935	byte [] seed;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1936	String prfAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1937	PRF prf;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1938
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1939	// Get the KeyGenerator alg and calculate the seed.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1940	if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1941	// TLS 1.2
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1942	seed = handshakeHash.getFinishedHash();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1943
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1944	prfAlg = "SunTls12Prf";
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1945	prf = cipherSuite.prfAlg;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1946	} else {
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1947	// TLS 1.0/1.1
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1948	MessageDigest md5Clone = handshakeHash.getMD5Clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1949	MessageDigest shaClone = handshakeHash.getSHAClone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1950	seed = new byte[36];
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1951	md5Clone.digest(seed, 0, 16);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1952	shaClone.digest(seed, 16, 20);
2 90ce3da70b43 Initial load duke parents: diff changeset	1953
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1954	prfAlg = "SunTlsPrf";
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1955	prf = P_NONE;
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1956	}
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1957
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1958	String prfHashAlg = prf.getPRFHashAlg();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1959	int prfHashLength = prf.getPRFHashLength();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1960	int prfBlockSize = prf.getPRFBlockSize();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1961
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1962	/*
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1963	* RFC 5246/7.4.9 says that finished messages can
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1964	* be ciphersuite-specific in both length/PRF hash
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1965	* algorithm. If we ever run across a different
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1966	* length, this call will need to be updated.
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1967	*/
27804 4659e70271c4 8066617: Suppress deprecation warnings in java.base module darcy parents: 25859 diff changeset	1968	@SuppressWarnings("deprecation")
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1969	TlsPrfParameterSpec spec = new TlsPrfParameterSpec(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1970	masterKey, tlsLabel, seed, 12,
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1971	prfHashAlg, prfHashLength, prfBlockSize);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1972
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1973	KeyGenerator kg = JsseJce.getKeyGenerator(prfAlg);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1974	kg.init(spec);
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1975	SecretKey prfKey = kg.generateKey();
2 90ce3da70b43 Initial load duke parents: diff changeset	1976	if ("RAW".equals(prfKey.getFormat()) == false) {
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1977	throw new ProviderException(
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1978	"Invalid PRF output, format must be RAW");
2 90ce3da70b43 Initial load duke parents: diff changeset	1979	}
90ce3da70b43 Initial load duke parents: diff changeset	1980	byte[] finished = prfKey.getEncoded();
90ce3da70b43 Initial load duke parents: diff changeset	1981	return finished;
90ce3da70b43 Initial load duke parents: diff changeset	1982	} catch (GeneralSecurityException e) {
90ce3da70b43 Initial load duke parents: diff changeset	1983	throw new RuntimeException("PRF failed", e);
90ce3da70b43 Initial load duke parents: diff changeset	1984	}
90ce3da70b43 Initial load duke parents: diff changeset	1985	} else {
90ce3da70b43 Initial load duke parents: diff changeset	1986	// SSLv3
7043 5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1987	MessageDigest md5Clone = handshakeHash.getMD5Clone();
5e2d1edeb2c7 6916074: Add support for TLS 1.2 xuelei parents: 7039 diff changeset	1988	MessageDigest shaClone = handshakeHash.getSHAClone();
2 90ce3da70b43 Initial load duke parents: diff changeset	1989	updateDigest(md5Clone, sslLabel, MD5_pad1, MD5_pad2, masterKey);
90ce3da70b43 Initial load duke parents: diff changeset	1990	updateDigest(shaClone, sslLabel, SHA_pad1, SHA_pad2, masterKey);
90ce3da70b43 Initial load duke parents: diff changeset	1991	byte[] finished = new byte[36];
90ce3da70b43 Initial load duke parents: diff changeset	1992	try {
90ce3da70b43 Initial load duke parents: diff changeset	1993	md5Clone.digest(finished, 0, 16);
90ce3da70b43 Initial load duke parents: diff changeset	1994	shaClone.digest(finished, 16, 20);
90ce3da70b43 Initial load duke parents: diff changeset	1995	} catch (DigestException e) {
90ce3da70b43 Initial load duke parents: diff changeset	1996	// cannot occur
90ce3da70b43 Initial load duke parents: diff changeset	1997	throw new RuntimeException("Digest failed", e);
90ce3da70b43 Initial load duke parents: diff changeset	1998	}
90ce3da70b43 Initial load duke parents: diff changeset	1999	return finished;
90ce3da70b43 Initial load duke parents: diff changeset	2000	}
90ce3da70b43 Initial load duke parents: diff changeset	2001	}
90ce3da70b43 Initial load duke parents: diff changeset	2002
90ce3da70b43 Initial load duke parents: diff changeset	2003	/*
90ce3da70b43 Initial load duke parents: diff changeset	2004	* Update the MessageDigest for SSLv3 finished message calculation.
90ce3da70b43 Initial load duke parents: diff changeset	2005	* The digest must already have been updated with all preceding handshake
90ce3da70b43 Initial load duke parents: diff changeset	2006	* messages. This operation is almost identical to the certificate verify
90ce3da70b43 Initial load duke parents: diff changeset	2007	* hash, reuse that code.
90ce3da70b43 Initial load duke parents: diff changeset	2008	*/
90ce3da70b43 Initial load duke parents: diff changeset	2009	private static void updateDigest(MessageDigest md, byte[] sender,
90ce3da70b43 Initial load duke parents: diff changeset	2010	byte[] pad1, byte[] pad2, SecretKey masterSecret) {
90ce3da70b43 Initial load duke parents: diff changeset	2011	md.update(sender);
90ce3da70b43 Initial load duke parents: diff changeset	2012	CertificateVerify.updateDigest(md, pad1, pad2, masterSecret);
90ce3da70b43 Initial load duke parents: diff changeset	2013	}
90ce3da70b43 Initial load duke parents: diff changeset	2014
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2015	// get the verify_data of the finished message
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2016	byte[] getVerifyData() {
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2017	return verifyData;
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2018	}
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2019
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2020	@Override
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2021	int messageType() { return ht_finished; }
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2022
533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2023	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2024	int messageLength() {
90ce3da70b43 Initial load duke parents: diff changeset	2025	return verifyData.length;
90ce3da70b43 Initial load duke parents: diff changeset	2026	}
90ce3da70b43 Initial load duke parents: diff changeset	2027
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2028	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2029	void send(HandshakeOutStream out) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	2030	out.write(verifyData);
90ce3da70b43 Initial load duke parents: diff changeset	2031	}
90ce3da70b43 Initial load duke parents: diff changeset	2032
6856 533f4ad71f88 6914943: Implement final TLS renegotiation fix xuelei parents: 5506 diff changeset	2033	@Override
2 90ce3da70b43 Initial load duke parents: diff changeset	2034	void print(PrintStream s) throws IOException {
90ce3da70b43 Initial load duke parents: diff changeset	2035	s.println("*** Finished");
90ce3da70b43 Initial load duke parents: diff changeset	2036	if (debug != null && Debug.isOn("verbose")) {
90ce3da70b43 Initial load duke parents: diff changeset	2037	Debug.println(s, "verify_data", verifyData);
90ce3da70b43 Initial load duke parents: diff changeset	2038	s.println("***");
90ce3da70b43 Initial load duke parents: diff changeset	2039	}
90ce3da70b43 Initial load duke parents: diff changeset	2040	}
90ce3da70b43 Initial load duke parents: diff changeset	2041	}
90ce3da70b43 Initial load duke parents: diff changeset	2042
90ce3da70b43 Initial load duke parents: diff changeset	2043	//
90ce3da70b43 Initial load duke parents: diff changeset	2044	// END of nested classes
90ce3da70b43 Initial load duke parents: diff changeset	2045	//
90ce3da70b43 Initial load duke parents: diff changeset	2046
90ce3da70b43 Initial load duke parents: diff changeset	2047	}

author	jnimeh
	Thu, 22 Jan 2015 20:19:42 -0800
changeset 28565	48712ca501c1
parent 27957	24b4e6082f19
child 29264	5172066a2da6
permissions	-rw-r--r--