jdk-sandbox: src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java@68fa3d4026ea (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2	* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	30	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	31	import java.security.PrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	32	import java.security.PublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	33	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	34	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	35	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	36	import sun.security.ssl.RSAKeyExchange.EphemeralRSACredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	37	import sun.security.ssl.RSAKeyExchange.EphemeralRSAPossession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	38	import sun.security.ssl.RSAKeyExchange.RSAPremasterSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	39	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	40	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	41	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	42	import sun.security.util.HexDumpEncoder;
2 90ce3da70b43 Initial load duke parents: diff changeset	43
90ce3da70b43 Initial load duke parents: diff changeset	44	/**
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	45	* Pack of the "ClientKeyExchange" handshake message.
2 90ce3da70b43 Initial load duke parents: diff changeset	46	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	47	final class RSAClientKeyExchange {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	48	static final SSLConsumer rsaHandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	49	new RSAClientKeyExchangeConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	50	static final HandshakeProducer rsaHandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	51	new RSAClientKeyExchangeProducer();
2 90ce3da70b43 Initial load duke parents: diff changeset	52
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	53	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	54	* The RSA ClientKeyExchange handshake message.
2 90ce3da70b43 Initial load duke parents: diff changeset	55	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	56	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	57	class RSAClientKeyExchangeMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	58	final int protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	59	final boolean useTLS10PlusSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	60	final byte[] encrypted;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	61
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	62	RSAClientKeyExchangeMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	63	RSAPremasterSecret premaster,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	64	PublicKey publicKey) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	65	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	66	this.protocolVersion = context.clientHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	67	this.encrypted = premaster.getEncoded(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	68	publicKey, context.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	69	this.useTLS10PlusSpec = ProtocolVersion.useTLS10PlusSpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	70	protocolVersion, context.sslContext.isDTLS());
2 90ce3da70b43 Initial load duke parents: diff changeset	71	}
90ce3da70b43 Initial load duke parents: diff changeset	72
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	73	RSAClientKeyExchangeMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	74	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	75	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	76
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	77	if (m.remaining() < 2) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	78	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	79	"Invalid RSA ClientKeyExchange message: insufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	80	}
2 90ce3da70b43 Initial load duke parents: diff changeset	81
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	82	this.protocolVersion = context.clientHelloVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	83	this.useTLS10PlusSpec = ProtocolVersion.useTLS10PlusSpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	84	protocolVersion, context.sslContext.isDTLS());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	85	if (useTLS10PlusSpec) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	86	this.encrypted = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	87	} else { // SSL 3.0
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	88	this.encrypted = new byte[m.remaining()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	89	m.get(encrypted);
38741 b29b75c25015 8158111: Make handling of 3rd party providers more stable igerasim parents: 36952 diff changeset	90	}
b29b75c25015 8158111: Make handling of 3rd party providers more stable igerasim parents: 36952 diff changeset	91	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	92
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	93	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	94	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	95	return SSLHandshake.CLIENT_KEY_EXCHANGE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	96	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	97
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	98	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	99	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	100	if (useTLS10PlusSpec) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	101	return encrypted.length + 2;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	102	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	103	return encrypted.length;
38741 b29b75c25015 8158111: Make handling of 3rd party providers more stable igerasim parents: 36952 diff changeset	104	}
b29b75c25015 8158111: Make handling of 3rd party providers more stable igerasim parents: 36952 diff changeset	105	}
b29b75c25015 8158111: Make handling of 3rd party providers more stable igerasim parents: 36952 diff changeset	106
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	107	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	108	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	109	if (useTLS10PlusSpec) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	110	hos.putBytes16(encrypted);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	111	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	112	hos.write(encrypted);
2 90ce3da70b43 Initial load duke parents: diff changeset	113	}
90ce3da70b43 Initial load duke parents: diff changeset	114	}
90ce3da70b43 Initial load duke parents: diff changeset	115
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	116	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	117	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	118	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	119	"\"RSA ClientKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	120	" \"client_version\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	121	" \"encncrypted\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	122	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	123	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	124	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	125	Locale.ENGLISH);
38741 b29b75c25015 8158111: Make handling of 3rd party providers more stable igerasim parents: 36952 diff changeset	126
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	127	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	128	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	129	ProtocolVersion.nameOf(protocolVersion),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	130	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	131	hexEncoder.encodeBuffer(encrypted), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	132	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	133	return messageFormat.format(messageFields);
22309 1990211a42e5 8023069: Enhance TLS connections xuelei parents: 16100 diff changeset	134	}
2 90ce3da70b43 Initial load duke parents: diff changeset	135	}
90ce3da70b43 Initial load duke parents: diff changeset	136
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	137	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	138	* The RSA "ClientKeyExchange" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	139	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	140	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	141	class RSAClientKeyExchangeProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	142	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	143	private RSAClientKeyExchangeProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	144	// blank
35279 5afd2941dfb7 8081297: SSL Problem with Tomcat igerasim parents: 30904 diff changeset	145	}
5afd2941dfb7 8081297: SSL Problem with Tomcat igerasim parents: 30904 diff changeset	146
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	147	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	148	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	149	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	150	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	151	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	152
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	153	EphemeralRSACredentials rsaCredentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	154	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	155	for (SSLCredentials credential : chc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	156	if (credential instanceof EphemeralRSACredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	157	rsaCredentials = (EphemeralRSACredentials)credential;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	158	if (x509Credentials != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	159	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	160	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	161	} else if (credential instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	162	x509Credentials = (X509Credentials)credential;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	163	if (rsaCredentials != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	164	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	165	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	166	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	167	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	168
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	169	if (rsaCredentials == null && x509Credentials == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	170	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	171	"No RSA credentials negotiated for client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	172	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	173
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	174	PublicKey publicKey = (rsaCredentials != null) ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	175	rsaCredentials.popPublicKey : x509Credentials.popPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	176	if (!publicKey.getAlgorithm().equals("RSA")) { // unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	177	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	178	"Not RSA public key for client key exchange");
35279 5afd2941dfb7 8081297: SSL Problem with Tomcat igerasim parents: 30904 diff changeset	179	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	180
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	181	RSAPremasterSecret premaster;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	182	RSAClientKeyExchangeMessage ckem;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	183	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	184	premaster = RSAPremasterSecret.createPremasterSecret(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	185	chc.handshakePossessions.add(premaster);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	186	ckem = new RSAClientKeyExchangeMessage(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	187	chc, premaster, publicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	188	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	189	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	190	"Cannot generate RSA premaster secret", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	191
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	192	return null; // make the compiler happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	193	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	194	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	195	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	196	"Produced RSA ClientKeyExchange handshake message", ckem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	197	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	198
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	199	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	200	ckem.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	201	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	202
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	203	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	204	SSLKeyExchange ke = SSLKeyExchange.valueOf(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	205	chc.negotiatedCipherSuite.keyExchange,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	206	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	207	if (ke == null) { // unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	208	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	209	"Not supported key exchange type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	210	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	211	SSLKeyDerivation masterKD = ke.createKeyDerivation(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	212	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	213	masterKD.deriveKey("MasterSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	214
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	215	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	216	chc.handshakeSession.setMasterSecret(masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	217	SSLTrafficKeyDerivation kd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	218	SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	219	if (kd == null) { // unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	220	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	221	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	222	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	223	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	224	chc.handshakeKeyDerivation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	225	kd.createKeyDerivation(chc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	226	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	227	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	228
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	229	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	230	return null;
35279 5afd2941dfb7 8081297: SSL Problem with Tomcat igerasim parents: 30904 diff changeset	231	}
5afd2941dfb7 8081297: SSL Problem with Tomcat igerasim parents: 30904 diff changeset	232	}
5afd2941dfb7 8081297: SSL Problem with Tomcat igerasim parents: 30904 diff changeset	233
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	234	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	235	* The RSA "ClientKeyExchange" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	236	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	237	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	238	class RSAClientKeyExchangeConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	239	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	240	private RSAClientKeyExchangeConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	241	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	242	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	243
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	244	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	245	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	246	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	247	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	248	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	249
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	250	EphemeralRSAPossession rsaPossession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	251	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	252	for (SSLPossession possession : shc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	253	if (possession instanceof EphemeralRSAPossession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	254	rsaPossession = (EphemeralRSAPossession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	255	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	256	} else if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	257	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	258	if (rsaPossession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	259	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	260	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	261	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	262	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	263
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	264	if (rsaPossession == null && x509Possession == null) { // unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	265	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	266	"No RSA possessions negotiated for client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	267	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	268
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	269	PrivateKey privateKey = (rsaPossession != null) ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	270	rsaPossession.popPrivateKey : x509Possession.popPrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	271	if (!privateKey.getAlgorithm().equals("RSA")) { // unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	272	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	273	"Not RSA private key for client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	274	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	275
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	276	RSAClientKeyExchangeMessage ckem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	277	new RSAClientKeyExchangeMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	278	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	279	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	280	"Consuming RSA ClientKeyExchange handshake message", ckem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	281	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	282
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	283	// create the credentials
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	284	RSAPremasterSecret premaster;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	285	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	286	premaster =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	287	RSAPremasterSecret.decode(shc, privateKey, ckem.encrypted);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	288	shc.handshakeCredentials.add(premaster);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	289	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	290	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	291	"Cannot decode RSA premaster secret", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	292	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	293
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	294	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	295	SSLKeyExchange ke = SSLKeyExchange.valueOf(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	296	shc.negotiatedCipherSuite.keyExchange,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	297	shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	298	if (ke == null) { // unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	299	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	300	"Not supported key exchange type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	301	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	302	SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	303	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	304	masterKD.deriveKey("MasterSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	305
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	306	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	307	shc.handshakeSession.setMasterSecret(masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	308	SSLTrafficKeyDerivation kd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	309	SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	310	if (kd == null) { // unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	311	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	312	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	313	shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	314	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	315	shc.handshakeKeyDerivation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	316	kd.createKeyDerivation(shc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	317	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	318	}
2 90ce3da70b43 Initial load duke parents: diff changeset	319	}
90ce3da70b43 Initial load duke parents: diff changeset	320	}
90ce3da70b43 Initial load duke parents: diff changeset	321	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
child 53064	103ed9569fc8
permissions	-rw-r--r--