jdk-sandbox: src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java@946f7f2d321c (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	2	* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.IOException;
90ce3da70b43 Initial load duke parents: diff changeset	29	import java.math.BigInteger;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	30	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	31	import java.security.CryptoPrimitive;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	32	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	33	import java.security.KeyFactory;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	34	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	35	import java.util.EnumSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	36	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	37	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	38	import javax.crypto.interfaces.DHPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	39	import javax.crypto.spec.DHParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	40	import javax.crypto.spec.DHPublicKeySpec;
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 5506 diff changeset	41	import javax.net.ssl.SSLHandshakeException;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	42	import sun.security.ssl.DHKeyExchange.DHECredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	43	import sun.security.ssl.DHKeyExchange.DHEPossession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	44	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	45	import sun.security.util.HexDumpEncoder;
2 90ce3da70b43 Initial load duke parents: diff changeset	46
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	47	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	48	* Pack of the "ClientKeyExchange" handshake message.
2 90ce3da70b43 Initial load duke parents: diff changeset	49	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	50	final class DHClientKeyExchange {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	51	static final DHClientKeyExchangeConsumer dhHandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	52	new DHClientKeyExchangeConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	53	static final DHClientKeyExchangeProducer dhHandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	54	new DHClientKeyExchangeProducer();
2 90ce3da70b43 Initial load duke parents: diff changeset	55
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	56	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	57	* The DiffieHellman ClientKeyExchange handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	58	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	59	* If the client has sent a certificate which contains a suitable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	60	* DiffieHellman key (for fixed_dh client authentication), then the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	61	* client public value is implicit and does not need to be sent again.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	62	* In this case, the client key exchange message will be sent, but it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	63	* MUST be empty.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	64	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	65	* Currently, we don't support cipher suite that requires implicit public
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	66	* key of client.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	67	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	68	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	69	class DHClientKeyExchangeMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	70	private byte[] y; // 1 to 2^16 - 1 bytes
2 90ce3da70b43 Initial load duke parents: diff changeset	71
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	72	DHClientKeyExchangeMessage(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	73	HandshakeContext handshakeContext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	74	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	75	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	76	ClientHandshakeContext chc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	77	(ClientHandshakeContext)handshakeContext;
2 90ce3da70b43 Initial load duke parents: diff changeset	78
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	79	DHEPossession dhePossession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	80	for (SSLPossession possession : chc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	81	if (possession instanceof DHEPossession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	82	dhePossession = (DHEPossession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	83	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	84	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	85	}
2 90ce3da70b43 Initial load duke parents: diff changeset	86
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	87	if (dhePossession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	88	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	89	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	90	"No DHE credentials negotiated for client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	91	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	92
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	93	DHPublicKey publicKey = dhePossession.publicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	94	DHParameterSpec params = publicKey.getParams();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	95	this.y = Utilities.toByteArray(publicKey.getY());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	96	}
2 90ce3da70b43 Initial load duke parents: diff changeset	97
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	98	DHClientKeyExchangeMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	99	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	100	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	101	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	102	ServerHandshakeContext shc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	103	(ServerHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	104
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	105	if (m.remaining() < 3) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	106	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	107	"Invalid DH ClientKeyExchange message: insufficient data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	108	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	109
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	110	this.y = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	111
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	112	if (m.hasRemaining()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	113	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	114	"Invalid DH ClientKeyExchange message: unknown extra data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	115	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	116	}
2 90ce3da70b43 Initial load duke parents: diff changeset	117
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	118	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	119	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	120	return SSLHandshake.CLIENT_KEY_EXCHANGE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	121	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	122
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	123	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	124	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	125	return y.length + 2; // 2: length filed
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	126	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	128	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	129	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	130	hos.putBytes16(y);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	131	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	132
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	133	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	134	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	135	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	136	"\"DH ClientKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	137	" \"parameters\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	138	" \"dh_Yc\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	139	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	140	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	141	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	142	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	143	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	144
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	145	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	146	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	147	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	148	hexEncoder.encodeBuffer(y), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	149	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	150	return messageFormat.format(messageFields);
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 5506 diff changeset	151	}
2 90ce3da70b43 Initial load duke parents: diff changeset	152	}
90ce3da70b43 Initial load duke parents: diff changeset	153
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	154	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	155	* The DiffieHellman "ClientKeyExchange" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	156	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	157	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	158	class DHClientKeyExchangeProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	159	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	160	private DHClientKeyExchangeProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	161	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	162	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	163
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	164	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	165	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	166	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	167	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	168	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	169
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	170	DHECredentials dheCredentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	171	for (SSLCredentials cd : chc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	172	if (cd instanceof DHECredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	173	dheCredentials = (DHECredentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	174	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	175	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	176	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	177
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	178	if (dheCredentials == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	179	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	180	"No DHE credentials negotiated for client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	181	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	182
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	183
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	184	DHEPossession dhePossession = new DHEPossession(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	185	dheCredentials, chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	186	chc.handshakePossessions.add(dhePossession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	187	DHClientKeyExchangeMessage ckem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	188	new DHClientKeyExchangeMessage(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	189	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	190	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	191	"Produced DH ClientKeyExchange handshake message", ckem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	192	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	193
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	194	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	195	ckem.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	196	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	197
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	198	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	199	SSLKeyExchange ke = SSLKeyExchange.valueOf(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	200	chc.negotiatedCipherSuite.keyExchange,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	201	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	202	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	203	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	204	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	205	"Not supported key exchange type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	206	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	207	SSLKeyDerivation masterKD = ke.createKeyDerivation(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	208	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	209	masterKD.deriveKey("MasterSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	210	chc.handshakeSession.setMasterSecret(masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	211
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	212	SSLTrafficKeyDerivation kd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	213	SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	214	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	215	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	216	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	217	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	218	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	219	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	220	chc.handshakeKeyDerivation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	221	kd.createKeyDerivation(chc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	222	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	223	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	224
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	225	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	226	return null;
2 90ce3da70b43 Initial load duke parents: diff changeset	227	}
90ce3da70b43 Initial load duke parents: diff changeset	228	}
90ce3da70b43 Initial load duke parents: diff changeset	229
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	230	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	231	* The DiffieHellman "ClientKeyExchange" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	232	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	233	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	234	class DHClientKeyExchangeConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	235	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	236	private DHClientKeyExchangeConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	237	// blank
16080 0e6266b88242 7192392: Better validation of client keys xuelei parents: 5506 diff changeset	238	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	239
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	240	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	241	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	242	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	243	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	244	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	245
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	246	DHEPossession dhePossession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	247	for (SSLPossession possession : shc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	248	if (possession instanceof DHEPossession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	249	dhePossession = (DHEPossession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	250	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	251	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	252	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	253
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	254	if (dhePossession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	255	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	256	throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	257	"No expected DHE possessions for client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	258	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	259
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	260	SSLKeyExchange ke = SSLKeyExchange.valueOf(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	261	shc.negotiatedCipherSuite.keyExchange,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	262	shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	263	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	264	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	265	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	266	"Not supported key exchange type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	267	}
2 90ce3da70b43 Initial load duke parents: diff changeset	268
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	269	DHClientKeyExchangeMessage ckem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	270	new DHClientKeyExchangeMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	271	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	272	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	273	"Consuming DH ClientKeyExchange handshake message", ckem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	274	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	275
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	276	// create the credentials
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	277	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	278	DHParameterSpec params = dhePossession.publicKey.getParams();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	279	DHPublicKeySpec spec = new DHPublicKeySpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	280	new BigInteger(1, ckem.y),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	281	params.getP(), params.getG());
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	282	KeyFactory kf = KeyFactory.getInstance("DiffieHellman");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	283	DHPublicKey peerPublicKey =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	284	(DHPublicKey)kf.generatePublic(spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	285
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	286	// check constraints of peer DHPublicKey
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	287	if (!shc.algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	288	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	289	peerPublicKey)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	290	throw new SSLHandshakeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	291	"DHPublicKey does not comply to algorithm constraints");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	292	}
2 90ce3da70b43 Initial load duke parents: diff changeset	293
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	294	NamedGroup namedGroup = NamedGroup.valueOf(params);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	295	shc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	296	new DHECredentials(peerPublicKey, namedGroup));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	297	} catch (GeneralSecurityException \| java.io.IOException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	298	throw (SSLHandshakeException)(new SSLHandshakeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	299	"Could not generate DHPublicKey").initCause(e));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	300	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	301
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	302	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	303	SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	304	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	305	masterKD.deriveKey("MasterSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	306	shc.handshakeSession.setMasterSecret(masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	307
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	308	SSLTrafficKeyDerivation kd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	309	SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	310	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	311	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	312	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	313	"Not supported key derivation: " + shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	314	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	315	shc.handshakeKeyDerivation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	316	kd.createKeyDerivation(shc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	317	}
2 90ce3da70b43 Initial load duke parents: diff changeset	318	}
90ce3da70b43 Initial load duke parents: diff changeset	319	}
90ce3da70b43 Initial load duke parents: diff changeset	320	}

author	wetmore
	Wed, 12 Jun 2019 18:58:00 -0700
changeset 55353	946f7f2d321c
parent 53734	cb1642ccc732
permissions	-rw-r--r--