jdk-sandbox: src/java.base/share/classes/sun/security/ssl/CertificateVerify.java@56aaa6cb3693 (annotated)

56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	4	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	10	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	15	* accompanied this code).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	16	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	20	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	23	* questions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	24	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	25
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	26	package sun.security.ssl;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	27
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	28	import java.io.IOException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	29	import java.nio.ByteBuffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	30	import java.security.*;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	31	import java.text.MessageFormat;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	32	import java.util.Arrays;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	33	import java.util.Locale;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	34	import sun.security.ssl.SSLHandshake.HandshakeMessage;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	35	import sun.security.ssl.X509Authentication.X509Credentials;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	36	import sun.security.ssl.X509Authentication.X509Possession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	37	import sun.security.util.HexDumpEncoder;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	38
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	39	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	40	* Pack of the CertificateVerify handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	41	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	42	final class CertificateVerify {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	43	static final SSLConsumer s30HandshakeConsumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	44	new S30CertificateVerifyConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	45	static final HandshakeProducer s30HandshakeProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	46	new S30CertificateVerifyProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	47
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	48	static final SSLConsumer t10HandshakeConsumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	49	new T10CertificateVerifyConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	50	static final HandshakeProducer t10HandshakeProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	51	new T10CertificateVerifyProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	52
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	53	static final SSLConsumer t12HandshakeConsumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	54	new T12CertificateVerifyConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	55	static final HandshakeProducer t12HandshakeProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	56	new T12CertificateVerifyProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	57
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	58	static final SSLConsumer t13HandshakeConsumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	59	new T13CertificateVerifyConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	60	static final HandshakeProducer t13HandshakeProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	61	new T13CertificateVerifyProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	62
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	63	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	64	* The CertificateVerify handshake message (SSL 3.0).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	65	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	66	static final class S30CertificateVerifyMessage extends HandshakeMessage {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	67	// signature bytes
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	68	private final byte[] signature;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	69
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	70	S30CertificateVerifyMessage(HandshakeContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	71	X509Possession x509Possession) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	72	super(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	73
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	74	// This happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	75	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	76	byte[] temproary = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	77	String algorithm = x509Possession.popPrivateKey.getAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	78	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	79	Signature signer = getSignature(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	80	signer.initSign(x509Possession.popPrivateKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	81	byte[] hashes = chc.handshakeHash.digest(algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	82	chc.handshakeSession.getMasterSecret());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	83	signer.update(hashes);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	84	temproary = signer.sign();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	85	} catch (NoSuchAlgorithmException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	86	chc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	87	"Unsupported signature algorithm (" + algorithm +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	88	") used in CertificateVerify handshake message", nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	89	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	90	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	91	"Cannot produce CertificateVerify signature", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	92	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	93
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	94	this.signature = temproary;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	95	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	96
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	97	S30CertificateVerifyMessage(HandshakeContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	98	ByteBuffer m) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	99	super(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	100
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	101	// This happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	102	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	103
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	104	// digitally-signed struct {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	105	// select(SignatureAlgorithm) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	106	// case anonymous: struct { };
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	107	// case rsa:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	108	// opaque md5_hash[16];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	109	// opaque sha_hash[20];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	110	// case dsa:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	111	// opaque sha_hash[20];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	112	// };
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	113	// } Signature;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	114	if (m.remaining() < 2) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	115	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	116	"Invalid CertificateVerify message: no sufficient data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	117	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	118
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	119	// read and verify the signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	120	this.signature = Record.getBytes16(m);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	121	X509Credentials x509Credentials = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	122	for (SSLCredentials cd : shc.handshakeCredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	123	if (cd instanceof X509Credentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	124	x509Credentials = (X509Credentials)cd;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	125	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	126	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	127	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	128
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	129	if (x509Credentials == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	130	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	131	"No X509 credentials negotiated for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	132	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	133
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	134	String algorithm = x509Credentials.popPublicKey.getAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	135	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	136	Signature signer = getSignature(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	137	signer.initVerify(x509Credentials.popPublicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	138	byte[] hashes = shc.handshakeHash.digest(algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	139	shc.handshakeSession.getMasterSecret());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	140	signer.update(hashes);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	141	if (!signer.verify(signature)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	142	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	143	"Invalid CertificateVerify message: invalid signature");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	144	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	145	} catch (NoSuchAlgorithmException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	146	shc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	147	"Unsupported signature algorithm (" + algorithm +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	148	") used in CertificateVerify handshake message", nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	149	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	150	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	151	"Cannot verify CertificateVerify signature", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	152	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	153	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	154
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	155	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	156	public SSLHandshake handshakeType() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	157	return SSLHandshake.CERTIFICATE_VERIFY;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	158	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	159
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	160	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	161	public int messageLength() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	162	return 2 + signature.length; // 2: length of signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	163	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	164
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	165	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	166	public void send(HandshakeOutStream hos) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	167	hos.putBytes16(signature);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	168	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	169
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	170	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	171	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	172	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	173	"\"CertificateVerify\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	174	" \"signature\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	175	"{0}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	176	" '}'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	177	"'}'",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	178	Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	179
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	180	HexDumpEncoder hexEncoder = new HexDumpEncoder();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	181	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	182	Utilities.indent(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	183	hexEncoder.encodeBuffer(signature), " ")
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	184	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	185
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	186	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	187	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	188
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	189	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	190	* Get the Signature object appropriate for verification using the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	191	* given signature algorithm.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	192	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	193	private static Signature getSignature(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	194	String algorithm) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	195	switch (algorithm) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	196	case "RSA":
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	197	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	198	case "DSA":
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	199	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	200	case "EC":
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	201	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	202	default:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	203	throw new SignatureException("Unrecognized algorithm: "
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	204	+ algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	205	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	206	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	207	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	208
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	209	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	210	* The "CertificateVerify" handshake message producer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	211	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	212	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	213	class S30CertificateVerifyProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	214	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	215	private S30CertificateVerifyProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	216	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	217	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	218
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	219	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	220	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	221	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	222	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	223	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	224
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	225	X509Possession x509Possession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	226	for (SSLPossession possession : chc.handshakePossessions) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	227	if (possession instanceof X509Possession) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	228	x509Possession = (X509Possession)possession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	229	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	230	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	231	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	232
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	233	if (x509Possession == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	234	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	235	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	236	"No X.509 credentials negotiated for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	237	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	238
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	239	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	240	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	241
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	242	S30CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	243	new S30CertificateVerifyMessage(chc, x509Possession);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	244	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	245	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	246	"Produced CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	247	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	248
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	249	// Output the handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	250	cvm.write(chc.handshakeOutput);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	251	chc.handshakeOutput.flush();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	252
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	253	// The handshake message has been delivered.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	254	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	255	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	256	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	257
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	258	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	259	* The "CertificateVerify" handshake message consumer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	260	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	261	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	262	class S30CertificateVerifyConsumer implements SSLConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	263	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	264	private S30CertificateVerifyConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	265	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	266	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	267
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	268	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	269	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	270	ByteBuffer message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	271	// The consuming happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	272	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	273	S30CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	274	new S30CertificateVerifyMessage(shc, message);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	275	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	276	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	277	"Consuming CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	278	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	279
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	280	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	281	// update
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	282	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	283	// Need no additional validation.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	284
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	285	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	286	// produce
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	287	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	288	// Need no new handshake message producers here.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	289	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	290	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	291
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	292	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	293	* The CertificateVerify handshake message (TLS 1.0/1.1).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	294	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	295	static final class T10CertificateVerifyMessage extends HandshakeMessage {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	296	// signature bytes
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	297	private final byte[] signature;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	298
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	299	T10CertificateVerifyMessage(HandshakeContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	300	X509Possession x509Possession) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	301	super(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	302
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	303	// This happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	304	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	305	byte[] temproary = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	306	String algorithm = x509Possession.popPrivateKey.getAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	307	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	308	Signature signer = getSignature(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	309	signer.initSign(x509Possession.popPrivateKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	310	byte[] hashes = chc.handshakeHash.digest(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	311	signer.update(hashes);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	312	temproary = signer.sign();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	313	} catch (NoSuchAlgorithmException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	314	chc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	315	"Unsupported signature algorithm (" + algorithm +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	316	") used in CertificateVerify handshake message", nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	317	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	318	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	319	"Cannot produce CertificateVerify signature", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	320	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	321
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	322	this.signature = temproary;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	323	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	324
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	325	T10CertificateVerifyMessage(HandshakeContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	326	ByteBuffer m) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	327	super(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	328
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	329	// This happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	330	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	331
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	332	// digitally-signed struct {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	333	// select(SignatureAlgorithm) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	334	// case anonymous: struct { };
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	335	// case rsa:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	336	// opaque md5_hash[16];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	337	// opaque sha_hash[20];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	338	// case dsa:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	339	// opaque sha_hash[20];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	340	// };
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	341	// } Signature;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	342	if (m.remaining() < 2) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	343	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	344	"Invalid CertificateVerify message: no sufficient data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	345	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	346
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	347	// read and verify the signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	348	this.signature = Record.getBytes16(m);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	349	X509Credentials x509Credentials = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	350	for (SSLCredentials cd : shc.handshakeCredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	351	if (cd instanceof X509Credentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	352	x509Credentials = (X509Credentials)cd;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	353	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	354	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	355	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	356
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	357	if (x509Credentials == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	358	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	359	"No X509 credentials negotiated for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	360	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	361
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	362	String algorithm = x509Credentials.popPublicKey.getAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	363	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	364	Signature signer = getSignature(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	365	signer.initVerify(x509Credentials.popPublicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	366	byte[] hashes = shc.handshakeHash.digest(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	367	signer.update(hashes);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	368	if (!signer.verify(signature)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	369	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	370	"Invalid CertificateVerify message: invalid signature");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	371	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	372	} catch (NoSuchAlgorithmException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	373	shc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	374	"Unsupported signature algorithm (" + algorithm +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	375	") used in CertificateVerify handshake message", nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	376	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	377	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	378	"Cannot verify CertificateVerify signature", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	379	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	380	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	381
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	382	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	383	public SSLHandshake handshakeType() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	384	return SSLHandshake.CERTIFICATE_VERIFY;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	385	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	386
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	387	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	388	public int messageLength() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	389	return 2 + signature.length; // 2: length of signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	390	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	391
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	392	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	393	public void send(HandshakeOutStream hos) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	394	hos.putBytes16(signature);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	395	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	396
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	397	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	398	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	399	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	400	"\"CertificateVerify\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	401	" \"signature\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	402	"{0}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	403	" '}'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	404	"'}'",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	405	Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	406
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	407	HexDumpEncoder hexEncoder = new HexDumpEncoder();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	408	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	409	Utilities.indent(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	410	hexEncoder.encodeBuffer(signature), " ")
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	411	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	412
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	413	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	414	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	415
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	416	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	417	* Get the Signature object appropriate for verification using the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	418	* given signature algorithm.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	419	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	420	private static Signature getSignature(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	421	String algorithm) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	422	switch (algorithm) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	423	case "RSA":
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	424	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWRSA);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	425	case "DSA":
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	426	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWDSA);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	427	case "EC":
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	428	return JsseJce.getSignature(JsseJce.SIGNATURE_RAWECDSA);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	429	default:
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	430	throw new SignatureException("Unrecognized algorithm: "
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	431	+ algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	432	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	433	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	434	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	435
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	436	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	437	* The "CertificateVerify" handshake message producer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	438	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	439	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	440	class T10CertificateVerifyProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	441	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	442	private T10CertificateVerifyProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	443	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	444	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	445
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	446	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	447	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	448	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	449	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	450	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	451	X509Possession x509Possession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	452	for (SSLPossession possession : chc.handshakePossessions) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	453	if (possession instanceof X509Possession) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	454	x509Possession = (X509Possession)possession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	455	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	456	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	457	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	458
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	459	if (x509Possession == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	460	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	461	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	462	"No X.509 credentials negotiated for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	463	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	464
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	465	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	466	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	467
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	468	T10CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	469	new T10CertificateVerifyMessage(chc, x509Possession);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	470	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	471	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	472	"Produced CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	473	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	474
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	475	// Output the handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	476	cvm.write(chc.handshakeOutput);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	477	chc.handshakeOutput.flush();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	478
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	479	// The handshake message has been delivered.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	480	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	481	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	482	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	483
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	484	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	485	* The "CertificateVerify" handshake message consumer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	486	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	487	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	488	class T10CertificateVerifyConsumer implements SSLConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	489	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	490	private T10CertificateVerifyConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	491	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	492	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	493
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	494	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	495	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	496	ByteBuffer message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	497	// The consuming happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	498	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	499	T10CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	500	new T10CertificateVerifyMessage(shc, message);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	501	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	502	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	503	"Consuming CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	504	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	505
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	506	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	507	// update
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	508	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	509	// Need no additional validation.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	510
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	511	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	512	// produce
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	513	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	514	// Need no new handshake message producers here. }
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	515	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	516	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	517
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	518	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	519	* The CertificateVerify handshake message (TLS 1.2).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	520	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	521	static final class T12CertificateVerifyMessage extends HandshakeMessage {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	522	// the signature algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	523	private final SignatureScheme signatureScheme;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	524
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	525	// signature bytes
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	526	private final byte[] signature;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	527
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	528	T12CertificateVerifyMessage(HandshakeContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	529	X509Possession x509Possession) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	530	super(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	531
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	532	// This happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	533	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	534	this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	535	chc.peerRequestedSignatureSchemes,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	536	x509Possession.popPrivateKey,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	537	chc.negotiatedProtocol);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	538	if (signatureScheme == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	539	// Unlikely, the credentials generator should have
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	540	// selected the preferable signature algorithm properly.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	541	chc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	542	"No preferred signature algorithm for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	543	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	544
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	545	byte[] temproary = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	546	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	547	Signature signer = signatureScheme.getSignature();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	548	signer.initSign(x509Possession.popPrivateKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	549	signer.update(chc.handshakeHash.archived());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	550	temproary = signer.sign();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	551	} catch (NoSuchAlgorithmException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	552	InvalidAlgorithmParameterException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	553	chc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	554	"Unsupported signature algorithm (" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	555	signatureScheme.name +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	556	") used in CertificateVerify handshake message", nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	557	} catch (InvalidKeyException \| SignatureException ikse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	558	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	559	"Cannot produce CertificateVerify signature", ikse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	560	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	561
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	562	this.signature = temproary;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	563	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	564
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	565	T12CertificateVerifyMessage(HandshakeContext handshakeContext,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	566	ByteBuffer m) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	567	super(handshakeContext);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	568
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	569	// This happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	570	ServerHandshakeContext shc =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	571	(ServerHandshakeContext)handshakeContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	572
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	573	// struct {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	574	// SignatureAndHashAlgorithm algorithm;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	575	// opaque signature<0..2^16-1>;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	576	// } DigitallySigned;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	577	if (m.remaining() < 4) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	578	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	579	"Invalid CertificateVerify message: no sufficient data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	580	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	581
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	582	// SignatureAndHashAlgorithm algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	583	int ssid = Record.getInt16(m);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	584	this.signatureScheme = SignatureScheme.valueOf(ssid);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	585	if (signatureScheme == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	586	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	587	"Invalid signature algorithm (" + ssid +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	588	") used in CertificateVerify handshake message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	589	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	590
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	591	if (!shc.localSupportedSignAlgs.contains(signatureScheme)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	592	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	593	"Unsupported signature algorithm (" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	594	signatureScheme.name +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	595	") used in CertificateVerify handshake message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	596	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	597
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	598	// read and verify the signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	599	X509Credentials x509Credentials = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	600	for (SSLCredentials cd : shc.handshakeCredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	601	if (cd instanceof X509Credentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	602	x509Credentials = (X509Credentials)cd;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	603	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	604	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	605	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	606
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	607	if (x509Credentials == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	608	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	609	"No X509 credentials negotiated for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	610	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	611
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	612	// opaque signature<0..2^16-1>;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	613	this.signature = Record.getBytes16(m);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	614	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	615	Signature signer = signatureScheme.getSignature();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	616	signer.initVerify(x509Credentials.popPublicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	617	signer.update(shc.handshakeHash.archived());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	618	if (!signer.verify(signature)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	619	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	620	"Invalid CertificateVerify signature");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	621	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	622	} catch (NoSuchAlgorithmException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	623	InvalidAlgorithmParameterException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	624	shc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	625	"Unsupported signature algorithm (" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	626	signatureScheme.name +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	627	") used in CertificateVerify handshake message", nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	628	} catch (InvalidKeyException \| SignatureException ikse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	629	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	630	"Cannot verify CertificateVerify signature", ikse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	631	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	632	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	633
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	634	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	635	public SSLHandshake handshakeType() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	636	return SSLHandshake.CERTIFICATE_VERIFY;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	637	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	638
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	639	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	640	public int messageLength() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	641	return 4 + signature.length; // 2: signature algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	642	// +2: length of signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	643	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	644
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	645	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	646	public void send(HandshakeOutStream hos) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	647	hos.putInt16(signatureScheme.id);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	648	hos.putBytes16(signature);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	649	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	650
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	651	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	652	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	653	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	654	"\"CertificateVerify\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	655	" \"signature algorithm\": {0}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	656	" \"signature\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	657	"{1}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	658	" '}'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	659	"'}'",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	660	Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	661
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	662	HexDumpEncoder hexEncoder = new HexDumpEncoder();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	663	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	664	signatureScheme.name,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	665	Utilities.indent(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	666	hexEncoder.encodeBuffer(signature), " ")
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	667	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	668
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	669	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	670	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	671	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	672
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	673	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	674	* The "CertificateVerify" handshake message producer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	675	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	676	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	677	class T12CertificateVerifyProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	678	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	679	private T12CertificateVerifyProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	680	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	681	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	682
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	683	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	684	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	685	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	686	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	687	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	688
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	689	X509Possession x509Possession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	690	for (SSLPossession possession : chc.handshakePossessions) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	691	if (possession instanceof X509Possession) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	692	x509Possession = (X509Possession)possession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	693	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	694	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	695	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	696
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	697	if (x509Possession == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	698	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	699	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	700	"No X.509 credentials negotiated for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	701	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	702
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	703	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	704	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	705
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	706	T12CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	707	new T12CertificateVerifyMessage(chc, x509Possession);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	708	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	709	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	710	"Produced CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	711	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	712
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	713	// Output the handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	714	cvm.write(chc.handshakeOutput);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	715	chc.handshakeOutput.flush();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	716
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	717	// The handshake message has been delivered.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	718	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	719	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	720	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	721
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	722	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	723	* The "CertificateVerify" handshake message consumer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	724	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	725	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	726	class T12CertificateVerifyConsumer implements SSLConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	727	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	728	private T12CertificateVerifyConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	729	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	730	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	731
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	732	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	733	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	734	ByteBuffer message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	735	// The consuming happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	736	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	737	T12CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	738	new T12CertificateVerifyMessage(shc, message);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	739	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	740	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	741	"Consuming CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	742	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	743
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	744	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	745	// update
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	746	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	747	// Need no additional validation.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	748
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	749	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	750	// produce
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	751	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	752	// Need no new handshake message producers here.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	753	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	754	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	755
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	756	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	757	* The CertificateVerify handshake message (TLS 1.3).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	758	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	759	static final class T13CertificateVerifyMessage extends HandshakeMessage {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	760	private static final byte[] serverSignHead = new byte[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	761	// repeated 0x20 for 64 times
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	762	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	763	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	764	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	765	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	766	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	767	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	768	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	769	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	770	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	771	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	772	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	773	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	774	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	775	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	776	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	777	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	778
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	779	// "TLS 1.3, server CertificateVerify" + 0x00
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	780	(byte)0x54, (byte)0x4c, (byte)0x53, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	781	(byte)0x31, (byte)0x2e, (byte)0x33, (byte)0x2c,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	782	(byte)0x20, (byte)0x73, (byte)0x65, (byte)0x72,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	783	(byte)0x76, (byte)0x65, (byte)0x72, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	784	(byte)0x43, (byte)0x65, (byte)0x72, (byte)0x74,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	785	(byte)0x69, (byte)0x66, (byte)0x69, (byte)0x63,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	786	(byte)0x61, (byte)0x74, (byte)0x65, (byte)0x56,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	787	(byte)0x65, (byte)0x72, (byte)0x69, (byte)0x66,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	788	(byte)0x79, (byte)0x00
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	789	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	790
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	791	private static final byte[] clientSignHead = new byte[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	792	// repeated 0x20 for 64 times
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	793	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	794	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	795	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	796	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	797	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	798	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	799	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	800	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	801	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	802	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	803	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	804	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	805	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	806	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	807	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	808	(byte)0x20, (byte)0x20, (byte)0x20, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	809
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	810	// "TLS 1.3, client CertificateVerify" + 0x00
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	811	(byte)0x54, (byte)0x4c, (byte)0x53, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	812	(byte)0x31, (byte)0x2e, (byte)0x33, (byte)0x2c,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	813	(byte)0x20, (byte)0x63, (byte)0x6c, (byte)0x69,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	814	(byte)0x65, (byte)0x6e, (byte)0x74, (byte)0x20,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	815	(byte)0x43, (byte)0x65, (byte)0x72, (byte)0x74,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	816	(byte)0x69, (byte)0x66, (byte)0x69, (byte)0x63,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	817	(byte)0x61, (byte)0x74, (byte)0x65, (byte)0x56,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	818	(byte)0x65, (byte)0x72, (byte)0x69, (byte)0x66,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	819	(byte)0x79, (byte)0x00
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	820	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	821
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	822
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	823	// the signature algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	824	private final SignatureScheme signatureScheme;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	825
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	826	// signature bytes
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	827	private final byte[] signature;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	828
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	829	T13CertificateVerifyMessage(HandshakeContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	830	X509Possession x509Possession) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	831	super(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	832
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	833	this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	834	context.peerRequestedSignatureSchemes,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	835	x509Possession.popPrivateKey,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	836	context.negotiatedProtocol);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	837	if (signatureScheme == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	838	// Unlikely, the credentials generator should have
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	839	// selected the preferable signature algorithm properly.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	840	context.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	841	"No preferred signature algorithm for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	842	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	843
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	844	byte[] hashValue = context.handshakeHash.digest();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	845	byte[] contentCovered;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	846	if (context.sslConfig.isClientMode) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	847	contentCovered = Arrays.copyOf(clientSignHead,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	848	clientSignHead.length + hashValue.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	849	System.arraycopy(hashValue, 0, contentCovered,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	850	clientSignHead.length, hashValue.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	851	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	852	contentCovered = Arrays.copyOf(serverSignHead,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	853	serverSignHead.length + hashValue.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	854	System.arraycopy(hashValue, 0, contentCovered,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	855	serverSignHead.length, hashValue.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	856	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	857
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	858	byte[] temproary = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	859	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	860	Signature signer = signatureScheme.getSignature();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	861	signer.initSign(x509Possession.popPrivateKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	862	signer.update(contentCovered);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	863	temproary = signer.sign();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	864	} catch (NoSuchAlgorithmException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	865	InvalidAlgorithmParameterException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	866	context.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	867	"Unsupported signature algorithm (" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	868	signatureScheme.name +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	869	") used in CertificateVerify handshake message", nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	870	} catch (InvalidKeyException \| SignatureException ikse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	871	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	872	"Cannot produce CertificateVerify signature", ikse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	873	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	874
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	875	this.signature = temproary;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	876	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	877
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	878	T13CertificateVerifyMessage(HandshakeContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	879	ByteBuffer m) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	880	super(context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	881
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	882	// struct {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	883	// SignatureAndHashAlgorithm algorithm;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	884	// opaque signature<0..2^16-1>;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	885	// } DigitallySigned;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	886	if (m.remaining() < 4) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	887	context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	888	"Invalid CertificateVerify message: no sufficient data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	889	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	890
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	891	// SignatureAndHashAlgorithm algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	892	int ssid = Record.getInt16(m);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	893	this.signatureScheme = SignatureScheme.valueOf(ssid);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	894	if (signatureScheme == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	895	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	896	"Invalid signature algorithm (" + ssid +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	897	") used in CertificateVerify handshake message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	898	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	899
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	900	if (!context.localSupportedSignAlgs.contains(signatureScheme)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	901	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	902	"Unsupported signature algorithm (" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	903	signatureScheme.name +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	904	") used in CertificateVerify handshake message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	905	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	906
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	907	// read and verify the signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	908	X509Credentials x509Credentials = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	909	for (SSLCredentials cd : context.handshakeCredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	910	if (cd instanceof X509Credentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	911	x509Credentials = (X509Credentials)cd;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	912	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	913	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	914	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	915
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	916	if (x509Credentials == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	917	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	918	"No X509 credentials negotiated for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	919	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	920
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	921	// opaque signature<0..2^16-1>;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	922	this.signature = Record.getBytes16(m);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	923
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	924	byte[] hashValue = context.handshakeHash.digest();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	925	byte[] contentCovered;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	926	if (context.sslConfig.isClientMode) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	927	contentCovered = Arrays.copyOf(serverSignHead,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	928	serverSignHead.length + hashValue.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	929	System.arraycopy(hashValue, 0, contentCovered,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	930	serverSignHead.length, hashValue.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	931	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	932	contentCovered = Arrays.copyOf(clientSignHead,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	933	clientSignHead.length + hashValue.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	934	System.arraycopy(hashValue, 0, contentCovered,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	935	clientSignHead.length, hashValue.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	936	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	937
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	938	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	939	Signature signer = signatureScheme.getSignature();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	940	signer.initVerify(x509Credentials.popPublicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	941	signer.update(contentCovered);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	942	if (!signer.verify(signature)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	943	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	944	"Invalid CertificateVerify signature");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	945	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	946	} catch (NoSuchAlgorithmException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	947	InvalidAlgorithmParameterException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	948	context.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	949	"Unsupported signature algorithm (" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	950	signatureScheme.name +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	951	") used in CertificateVerify handshake message", nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	952	} catch (InvalidKeyException \| SignatureException ikse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	953	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	954	"Cannot verify CertificateVerify signature", ikse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	955	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	956	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	957
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	958	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	959	public SSLHandshake handshakeType() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	960	return SSLHandshake.CERTIFICATE_VERIFY;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	961	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	962
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	963	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	964	public int messageLength() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	965	return 4 + signature.length; // 2: signature algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	966	// +2: length of signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	967	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	968
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	969	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	970	public void send(HandshakeOutStream hos) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	971	hos.putInt16(signatureScheme.id);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	972	hos.putBytes16(signature);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	973	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	974
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	975	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	976	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	977	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	978	"\"CertificateVerify\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	979	" \"signature algorithm\": {0}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	980	" \"signature\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	981	"{1}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	982	" '}'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	983	"'}'",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	984	Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	985
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	986	HexDumpEncoder hexEncoder = new HexDumpEncoder();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	987	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	988	signatureScheme.name,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	989	Utilities.indent(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	990	hexEncoder.encodeBuffer(signature), " ")
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	991	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	992
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	993	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	994	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	995	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	996
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	997	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	998	* The "CertificateVerify" handshake message producer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	999	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1000	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1001	class T13CertificateVerifyProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1002	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1003	private T13CertificateVerifyProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1004	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1005	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1006
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1007	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1008	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1009	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1010	// The producing happens in handshake context only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1011	HandshakeContext hc = (HandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1012
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1013	X509Possession x509Possession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1014	for (SSLPossession possession : hc.handshakePossessions) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1015	if (possession instanceof X509Possession) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1016	x509Possession = (X509Possession)possession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1017	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1018	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1019	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1020
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1021	if (x509Possession == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1022	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1023	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1024	"No X.509 credentials negotiated for CertificateVerify");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1025	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1026
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1027	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1028	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1029
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1030	if (hc.sslConfig.isClientMode) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1031	return onProduceCertificateVerify(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1032	(ClientHandshakeContext)context, x509Possession);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1033	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1034	return onProduceCertificateVerify(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1035	(ServerHandshakeContext)context, x509Possession);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1036	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1037	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1038
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1039	private byte[] onProduceCertificateVerify(ServerHandshakeContext shc,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1040	X509Possession x509Possession) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1041	T13CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1042	new T13CertificateVerifyMessage(shc, x509Possession);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1043	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1044	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1045	"Produced server CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1046	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1047
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1048	// Output the handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1049	cvm.write(shc.handshakeOutput);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1050	shc.handshakeOutput.flush();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1051
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1052	// The handshake message has been delivered.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1053	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1054	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1055
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1056	private byte[] onProduceCertificateVerify(ClientHandshakeContext chc,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1057	X509Possession x509Possession) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1058	T13CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1059	new T13CertificateVerifyMessage(chc, x509Possession);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1060	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1061	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1062	"Produced client CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1063	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1064
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1065	// Output the handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1066	cvm.write(chc.handshakeOutput);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1067	chc.handshakeOutput.flush();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1068
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1069	// The handshake message has been delivered.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1070	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1071	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1072	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1073
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1074	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1075	* The "CertificateVerify" handshake message consumer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1076	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1077	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1078	class T13CertificateVerifyConsumer implements SSLConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1079	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1080	private T13CertificateVerifyConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1081	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1082	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1083
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1084	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1085	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1086	ByteBuffer message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1087	// The producing happens in handshake context only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1088	HandshakeContext hc = (HandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1089	T13CertificateVerifyMessage cvm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1090	new T13CertificateVerifyMessage(hc, message);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1091	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1092	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1093	"Consuming CertificateVerify handshake message", cvm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1094	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1095
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1096	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1097	// update
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1098	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1099	// Need no additional validation.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1100
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1101	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1102	// produce
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1103	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1104	// Need no new handshake message producers here.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1105	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1106	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1107	}

author	wetmore
	Fri, 11 May 2018 15:53:12 -0700
branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
child 56658	fe938437f7ba
permissions	-rw-r--r--