jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java@68fa3d4026ea (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.CryptoPrimitive;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.InvalidAlgorithmParameterException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.InvalidKeyException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.security.Key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.security.KeyFactory;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.security.NoSuchAlgorithmException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.security.PrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.security.PublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.security.Signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import java.security.SignatureException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import java.security.interfaces.ECPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import java.security.spec.ECParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import java.security.spec.ECPoint;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import java.security.spec.ECPublicKeySpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import java.security.spec.InvalidKeySpecException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	import java.util.EnumSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	import sun.security.ssl.ECDHKeyExchange.ECDHECredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	* Pack of the ServerKeyExchange handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	final class ECDHServerKeyExchange {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	static final SSLConsumer ecdheHandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	new ECDHServerKeyExchangeConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	static final HandshakeProducer ecdheHandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	new ECDHServerKeyExchangeProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	* The ECDH ServerKeyExchange handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	class ECDHServerKeyExchangeMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	private static final byte CURVE_NAMED_CURVE = (byte)0x03;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	// id of the named curve
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	private final NamedGroup namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	// encoded public point
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	private final byte[] publicPoint;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	// signature bytes, or null if anonymous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	private final byte[] paramsSignature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	// public key object encapsulated in this message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	private final ECPublicKey publicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	private final boolean useExplicitSigAlgorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	// the signature algorithm used by this ServerKeyExchange message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	private final SignatureScheme signatureScheme;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	ECDHServerKeyExchangeMessage(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	HandshakeContext handshakeContext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	ServerHandshakeContext shc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	(ServerHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	ECDHEPossession ecdhePossession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	for (SSLPossession possession : shc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	if (possession instanceof ECDHEPossession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	ecdhePossession = (ECDHEPossession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	if (x509Possession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	} else if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	if (ecdhePossession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	if (ecdhePossession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	"No ECDHE credentials negotiated for server key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	publicKey = ecdhePossession.publicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	ECParameterSpec params = publicKey.getParams();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	ECPoint point = publicKey.getW();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	publicPoint = JsseJce.encodePoint(point, params.getCurve());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	this.namedGroup = NamedGroup.valueOf(params);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	if ((namedGroup == null) \|\| (namedGroup.oid == null) ) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	"Unnamed EC parameter spec: " + params);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	if (x509Possession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	// anonymous, no authentication, no signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	paramsSignature = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	signatureScheme = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	useExplicitSigAlgorithm = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	useExplicitSigAlgorithm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	shc.negotiatedProtocol.useTLS12PlusSpec();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	Signature signer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	signatureScheme = SignatureScheme.getPreferableAlgorithm(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	shc.peerRequestedSignatureSchemes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	x509Possession.popPrivateKey,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	if (signatureScheme == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	// Unlikely, the credentials generator should have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	// selected the preferable signature algorithm properly.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	"No preferred signature algorithm for " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	x509Possession.popPrivateKey.getAlgorithm() +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	" key");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	signer = signatureScheme.getSignature(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	} catch (NoSuchAlgorithmException \| InvalidKeyException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	InvalidAlgorithmParameterException nsae) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	"Unsupported signature algorithm: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	signatureScheme.name, nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	signatureScheme = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	signer = getSignature(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	x509Possession.popPrivateKey.getAlgorithm(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	} catch (NoSuchAlgorithmException \| InvalidKeyException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	"Unsupported signature algorithm: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	x509Possession.popPrivateKey.getAlgorithm(), e);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	byte[] signature = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	updateSignature(signer, shc.clientHelloRandom.randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	shc.serverHelloRandom.randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	namedGroup.id, publicPoint);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	signature = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	} catch (SignatureException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	"Failed to sign ecdhe parameters: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	x509Possession.popPrivateKey.getAlgorithm(), ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	paramsSignature = signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	ECDHServerKeyExchangeMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	ClientHandshakeContext chc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	(ClientHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	byte curveType = (byte)Record.getInt8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	if (curveType != CURVE_NAMED_CURVE) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	// Unlikely as only the named curves should be negotiated.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	"Unsupported ECCurveType: " + curveType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	int namedGroupId = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	this.namedGroup = NamedGroup.valueOf(namedGroupId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	if (namedGroup == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	"Unknown named group ID: " + namedGroupId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	if (!SupportedGroups.isSupported(namedGroup)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	"Unsupported named group: " + namedGroup);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	if (namedGroup.oid == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	"Unknown named EC curve: " + namedGroup);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	ECParameterSpec parameters =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	JsseJce.getECParameterSpec(namedGroup.oid);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	if (parameters == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	"No supported EC parameter: " + namedGroup);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	publicPoint = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	if (publicPoint.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	"Insufficient ECPoint data: " + namedGroup);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	ECPublicKey ecPublicKey = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	ECPoint point =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	JsseJce.decodePoint(publicPoint, parameters.getCurve());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	KeyFactory factory = JsseJce.getKeyFactory("EC");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	ecPublicKey = (ECPublicKey)factory.generatePublic(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	new ECPublicKeySpec(point, parameters));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	InvalidKeySpecException \| IOException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	"Invalid ECPoint: " + namedGroup, ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	publicKey = ecPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	for (SSLCredentials cd : chc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	if (x509Credentials == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	// anonymous, no authentication, no signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	if (m.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	"Invalid DH ServerKeyExchange: unknown extra data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	this.signatureScheme = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	this.paramsSignature = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	this.useExplicitSigAlgorithm = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	this.useExplicitSigAlgorithm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	chc.negotiatedProtocol.useTLS12PlusSpec();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	int ssid = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	signatureScheme = SignatureScheme.valueOf(ssid);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	if (signatureScheme == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	"Invalid signature algorithm (" + ssid +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	") used in ECDH ServerKeyExchange handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	if (!chc.localSupportedSignAlgs.contains(signatureScheme)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	") used in ECDH ServerKeyExchange handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	signatureScheme = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	paramsSignature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	Signature signer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	signer = signatureScheme.getSignature(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	} catch (NoSuchAlgorithmException \| InvalidKeyException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	InvalidAlgorithmParameterException nsae) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	"Unsupported signature algorithm: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	signatureScheme.name, nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	return; // make the compiler happe
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	signer = getSignature(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	x509Credentials.popPublicKey.getAlgorithm(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	} catch (NoSuchAlgorithmException \| InvalidKeyException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	"Unsupported signature algorithm: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	x509Credentials.popPublicKey.getAlgorithm(), e);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	return; // make the compiler happe
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	updateSignature(signer,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	chc.clientHelloRandom.randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	chc.serverHelloRandom.randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	namedGroup.id, publicPoint);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	if (!signer.verify(paramsSignature)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	"Invalid ECDH ServerKeyExchange signature");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	} catch (SignatureException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	"Cannot verify ECDH ServerKeyExchange signature", ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	return SSLHandshake.SERVER_KEY_EXCHANGE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	int sigLen = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	if (paramsSignature != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	sigLen = 2 + paramsSignature.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	sigLen += SignatureScheme.sizeInRecord();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	return 4 + publicPoint.length + sigLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	hos.putInt8(CURVE_NAMED_CURVE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	hos.putInt16(namedGroup.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	hos.putBytes8(publicPoint);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	if (paramsSignature != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	hos.putInt16(signatureScheme.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	hos.putBytes16(paramsSignature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	"\"ECDH ServerKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	" \"parameters\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	" \"named group\": \"{0}\"\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	" \"ecdh public\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	" \"digital signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	" \"signature algorithm\": \"{2}\"\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	"{3}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	namedGroup.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	hexEncoder.encodeBuffer(publicPoint), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	signatureScheme.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	hexEncoder.encodeBuffer(paramsSignature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	} else if (paramsSignature != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	"\"ECDH ServerKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	" \"parameters\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	" \"named group\": \"{0}\"\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	" \"ecdh public\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	"{2}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	namedGroup.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	hexEncoder.encodeBuffer(publicPoint), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	hexEncoder.encodeBuffer(paramsSignature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	} else { // anonymous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	"\"ECDH ServerKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	" \"parameters\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	" \"named group\": \"{0}\"\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	" \"ecdh public\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	namedGroup.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	hexEncoder.encodeBuffer(publicPoint), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	private static Signature getSignature(String keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	Key key) throws NoSuchAlgorithmException, InvalidKeyException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	Signature signer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	switch (keyAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	case "EC":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	signer = JsseJce.getSignature(JsseJce.SIGNATURE_ECDSA);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	case "RSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	signer = RSASignature.getInstance();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	throw new NoSuchAlgorithmException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	"neither an RSA or a EC key : " + keyAlgorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	if (signer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	if (key instanceof PublicKey) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	signer.initVerify((PublicKey)(key));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	signer.initSign((PrivateKey)key);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	return signer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	private static void updateSignature(Signature sig,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	byte[] clntNonce, byte[] svrNonce, int namedGroupId,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	byte[] publicPoint) throws SignatureException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	sig.update(clntNonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	sig.update(svrNonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	sig.update(CURVE_NAMED_CURVE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	sig.update((byte)((namedGroupId >> 8) & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	sig.update((byte)(namedGroupId & 0xFF));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	sig.update((byte)publicPoint.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	sig.update(publicPoint);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	* The ECDH "ServerKeyExchange" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	class ECDHServerKeyExchangeProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	private ECDHServerKeyExchangeProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	ECDHServerKeyExchangeMessage skem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	new ECDHServerKeyExchangeMessage(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	"Produced ECDH ServerKeyExchange handshake message", skem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	skem.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	* The ECDH "ServerKeyExchange" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	class ECDHServerKeyExchangeConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	private ECDHServerKeyExchangeConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	// The consuming happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	ECDHServerKeyExchangeMessage skem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	new ECDHServerKeyExchangeMessage(chc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	"Consuming ECDH ServerKeyExchange handshake message", skem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	// check constraints of EC PublicKey
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	if (!chc.algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	skem.publicKey)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	chc.conContext.fatal(Alert.INSUFFICIENT_SECURITY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	"ECDH ServerKeyExchange does not comply " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	"to algorithm constraints");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	chc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	new ECDHECredentials(skem.publicKey, skem.namedGroup));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
child 53064	103ed9569fc8
permissions	-rw-r--r--