jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ChangeCipherSpec.java@56aaa6cb3693 (annotated)

56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	4	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	10	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	15	* accompanied this code).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	16	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	20	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	23	* questions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	24	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	25
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	26	package sun.security.ssl;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	27
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	28	import java.io.IOException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	29	import java.nio.ByteBuffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	30	import java.security.GeneralSecurityException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	31	import java.security.InvalidKeyException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	32	import java.security.NoSuchAlgorithmException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	33	import javax.crypto.SecretKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	34	import javax.crypto.spec.IvParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	35	import javax.net.ssl.SSLException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	36	import sun.security.ssl.SSLCipher.SSLReadCipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	37	import sun.security.ssl.SSLCipher.SSLWriteCipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	38	import sun.security.ssl.SSLHandshake.HandshakeMessage;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	39	import sun.security.ssl.SSLTrafficKeyDerivation.LegacyTrafficKeyDerivation;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	40
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	41	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	42	* Pack of the ChangeCipherSpec message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	43	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	44	final class ChangeCipherSpec {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	45	static final SSLConsumer t10Consumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	46	new T10ChangeCipherSpecConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	47	static final HandshakeProducer t10Producer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	48	new T10ChangeCipherSpecProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	49	static final SSLConsumer t13Consumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	50	new T13ChangeCipherSpecConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	51
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	52	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	53	* The "ChangeCipherSpec" message producer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	54	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	55	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	56	class T10ChangeCipherSpecProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	57	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	58	private T10ChangeCipherSpecProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	59	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	60	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	61
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	62	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	63	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	64	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	65	HandshakeContext hc = (HandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	66	SSLKeyDerivation kd = hc.handshakeKeyDerivation;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	67
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	68	if (!(kd instanceof LegacyTrafficKeyDerivation)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	69	throw new UnsupportedOperationException("Not supported yet.");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	70	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	71	LegacyTrafficKeyDerivation tkd = (LegacyTrafficKeyDerivation)kd;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	72	CipherSuite ncs = hc.negotiatedCipherSuite;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	73	Authenticator writeAuthenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	74	if (ncs.bulkCipher.cipherType == CipherType.AEAD_CIPHER) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	75	writeAuthenticator =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	76	Authenticator.valueOf(hc.negotiatedProtocol);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	77	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	78	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	79	writeAuthenticator = Authenticator.valueOf(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	80	hc.negotiatedProtocol, ncs.macAlg,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	81	tkd.getTrafficKey(hc.sslConfig.isClientMode ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	82	"clientMacKey" : "serverMacKey"));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	83	} catch (NoSuchAlgorithmException \| InvalidKeyException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	84	// unlikely
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	85	throw new SSLException("Algorithm missing: ", e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	86	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	87	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	88
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	89	SecretKey writeKey =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	90	tkd.getTrafficKey(hc.sslConfig.isClientMode ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	91	"clientWriteKey" : "serverWriteKey");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	92	SecretKey writeIv =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	93	tkd.getTrafficKey(hc.sslConfig.isClientMode ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	94	"clientWriteIv" : "serverWriteIv");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	95	IvParameterSpec iv = (writeIv == null) ? null :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	96	new IvParameterSpec(writeIv.getEncoded());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	97	SSLWriteCipher writeCipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	98	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	99	writeCipher = ncs.bulkCipher.createWriteCipher(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	100	writeAuthenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	101	hc.negotiatedProtocol, writeKey, iv,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	102	hc.sslContext.getSecureRandom());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	103	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	104	// unlikely
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	105	throw new SSLException("Algorithm missing: ", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	106	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	107
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	108	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	109	SSLLogger.fine("Produced ChangeCipherSpec message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	110	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	111
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	112	hc.conContext.outputRecord.changeWriteCiphers(writeCipher, true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	113
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	114	// The handshake message has been delivered.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	115	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	116	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	117	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	118
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	119	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	120	* The "ChangeCipherSpec" message producer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	121	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	122	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	123	class T10ChangeCipherSpecConsumer implements SSLConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	124	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	125	private T10ChangeCipherSpecConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	126	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	127	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	128
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	129	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	130	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	131	ByteBuffer message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	132	TransportContext tc = (TransportContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	133
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	134	// This comsumer can be used only once.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	135	tc.consumers.remove(ContentType.CHANGE_CIPHER_SPEC.id);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	136
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	137	// parse
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	138	if (message.remaining() != 1 \|\| message.get() != 1) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	139	tc.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	140	"Malformed or unexpected ChangeCipherSpec message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	141	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	142	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	143	SSLLogger.fine("Consuming ChangeCipherSpec message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	144	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	145
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	146	// validate
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	147	if (tc.handshakeContext == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	148	tc.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	149	"Unexpected ChangeCipherSpec message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	150	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	151
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	152
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	153	HandshakeContext hc = tc.handshakeContext;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	154
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	155	if (hc.handshakeKeyDerivation == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	156	tc.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	157	"Unexpected ChangeCipherSpec message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	158	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	159
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	160	SSLKeyDerivation kd = hc.handshakeKeyDerivation;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	161	if (kd instanceof LegacyTrafficKeyDerivation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	162	LegacyTrafficKeyDerivation tkd = (LegacyTrafficKeyDerivation)kd;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	163	CipherSuite ncs = hc.negotiatedCipherSuite;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	164	Authenticator readAuthenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	165	if (ncs.bulkCipher.cipherType == CipherType.AEAD_CIPHER) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	166	readAuthenticator =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	167	Authenticator.valueOf(hc.negotiatedProtocol);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	168	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	169	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	170	readAuthenticator = Authenticator.valueOf(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	171	hc.negotiatedProtocol, ncs.macAlg,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	172	tkd.getTrafficKey(hc.sslConfig.isClientMode ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	173	"serverMacKey" : "clientMacKey"));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	174	} catch (NoSuchAlgorithmException \| InvalidKeyException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	175	// unlikely
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	176	throw new SSLException("Algorithm missing: ", e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	177	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	178	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	179
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	180	SecretKey readKey =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	181	tkd.getTrafficKey(hc.sslConfig.isClientMode ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	182	"serverWriteKey" : "clientWriteKey");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	183	SecretKey readIv =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	184	tkd.getTrafficKey(hc.sslConfig.isClientMode ?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	185	"serverWriteIv" : "clientWriteIv");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	186	IvParameterSpec iv = (readIv == null) ? null :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	187	new IvParameterSpec(readIv.getEncoded());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	188	SSLReadCipher readCipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	189	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	190	readCipher = ncs.bulkCipher.createReadCipher(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	191	readAuthenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	192	hc.negotiatedProtocol, readKey, iv,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	193	hc.sslContext.getSecureRandom());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	194	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	195	// unlikely
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	196	throw new SSLException("Algorithm missing: ", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	197	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	198	tc.inputRecord.changeReadCiphers(readCipher);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	199	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	200	throw new UnsupportedOperationException("Not supported yet.");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	201	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	202	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	203	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	204
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	205	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	206	class T13ChangeCipherSpecConsumer implements SSLConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	207	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	208	private T13ChangeCipherSpecConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	209	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	210	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	211
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	212	// An implementation may receive an unencrypted record of type
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	213	// change_cipher_spec consisting of the single byte value 0x01
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	214	// at any time after the first ClientHello message has been
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	215	// sent or received and before the peer's Finished message has
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	216	// been received and MUST simply drop it without further
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	217	// processing.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	218	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	219	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	220	ByteBuffer message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	221	TransportContext tc = (TransportContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	222
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	223	// This comsumer can be used only once.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	224	tc.consumers.remove(ContentType.CHANGE_CIPHER_SPEC.id);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	225
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	226	// parse
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	227	if (message.remaining() != 1 \|\| message.get() != 1) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	228	tc.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	229	"Malformed or unexpected ChangeCipherSpec message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	230	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	231	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	232	SSLLogger.fine("Consuming ChangeCipherSpec message");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	233	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	234
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	235	// no further processing
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	236	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	237	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	238	}

author	wetmore
	Fri, 11 May 2018 15:53:12 -0700
branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
child 56674	d2ba9e6f1cac
permissions	-rw-r--r--