jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java@946f7f2d321c (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	2	* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.IOException;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	30	import java.security.GeneralSecurityException;
2 90ce3da70b43 Initial load duke parents: diff changeset	31	import java.security.PublicKey;
90ce3da70b43 Initial load duke parents: diff changeset	32	import java.security.interfaces.ECPublicKey;
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	33	import java.security.interfaces.XECPublicKey;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	34	import java.security.spec.AlgorithmParameterSpec;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	35	import java.security.spec.ECParameterSpec;
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	36	import java.security.spec.NamedParameterSpec;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	37	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	38	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	39	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	40	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	41	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	42	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	43	import sun.security.util.HexDumpEncoder;
2 90ce3da70b43 Initial load duke parents: diff changeset	44
90ce3da70b43 Initial load duke parents: diff changeset	45	/**
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	46	* Pack of the "ClientKeyExchange" handshake message.
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	47	*
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	48	* This file is used by both the ECDH/ECDHE/XDH code since much of the
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	49	* code is the same between the EC named groups (i.e.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	50	* x25519/x448/secp*r1), even though the APIs are very different (i.e.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	51	* ECPublicKey/XECPublicKey, KeyExchange.getInstance("EC"/"XDH"), etc.).
2 90ce3da70b43 Initial load duke parents: diff changeset	52	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	53	final class ECDHClientKeyExchange {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	54	static final SSLConsumer ecdhHandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	55	new ECDHClientKeyExchangeConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	56	static final HandshakeProducer ecdhHandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	57	new ECDHClientKeyExchangeProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	58
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	59	static final SSLConsumer ecdheHandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	60	new ECDHEClientKeyExchangeConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	61	static final HandshakeProducer ecdheHandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	62	new ECDHEClientKeyExchangeProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	63
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	64	/**
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	65	* The ECDH/ECDHE/XDH ClientKeyExchange handshake message.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	66	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	67	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	68	class ECDHClientKeyExchangeMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	69	private final byte[] encodedPoint;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	70
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	71	ECDHClientKeyExchangeMessage(HandshakeContext handshakeContext,
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	72	byte[] encodedPublicKey) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	73	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	74
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	75	this.encodedPoint = encodedPublicKey;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	76	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	77
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	78	ECDHClientKeyExchangeMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	79	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	80	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	81	if (m.remaining() != 0) { // explicit PublicValueEncoding
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	82	this.encodedPoint = Record.getBytes8(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	83	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	84	this.encodedPoint = new byte[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	85	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	86	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	87
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	88	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	89	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	90	return SSLHandshake.CLIENT_KEY_EXCHANGE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	91	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	92
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	93	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	94	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	95	if (encodedPoint == null \|\| encodedPoint.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	96	return 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	97	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	98	return 1 + encodedPoint.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	99	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	100	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	101
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	102	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	103	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	104	if (encodedPoint != null && encodedPoint.length != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	105	hos.putBytes8(encodedPoint);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	106	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	107	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	108
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	109	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	110	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	111	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	112	"\"ECDH ClientKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	113	" \"ecdh public\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	114	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	115	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	116	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	117	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	118	if (encodedPoint == null \|\| encodedPoint.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	119	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	120	" <implicit>"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	121	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	122	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	123	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	124	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	125	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	126	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	127	hexEncoder.encodeBuffer(encodedPoint), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	128	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	129	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	130	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	131	}
2 90ce3da70b43 Initial load duke parents: diff changeset	132	}
90ce3da70b43 Initial load duke parents: diff changeset	133
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	134	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	135	* The ECDH "ClientKeyExchange" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	136	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	137	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	138	class ECDHClientKeyExchangeProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	139	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	140	private ECDHClientKeyExchangeProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	141	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	142	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	143
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	144	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	145	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	146	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	147	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	148	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	149
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	150	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	151	for (SSLCredentials credential : chc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	152	if (credential instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	153	x509Credentials = (X509Credentials)credential;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	154	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	155	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	156	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	157
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	158	if (x509Credentials == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	159	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	160	"No server certificate for ECDH client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	161	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	162
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	163	PublicKey publicKey = x509Credentials.popPublicKey;
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	164
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	165	NamedGroup namedGroup = null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	166	String algorithm = publicKey.getAlgorithm();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	167
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	168	// Determine which NamedGroup we'll be using, then use
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	169	// the creator functions.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	170	if (algorithm.equals("EC")) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	171	ECParameterSpec params = ((ECPublicKey)publicKey).getParams();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	172	namedGroup = NamedGroup.valueOf(params);
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	173	} else if (algorithm.equals("XDH")) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	174	AlgorithmParameterSpec params =
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	175	((XECPublicKey)publicKey).getParams();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	176	if (params instanceof NamedParameterSpec) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	177	String name = ((NamedParameterSpec)params).getName();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	178	namedGroup = NamedGroup.nameOf(name);
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	179	}
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	180	} else {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	181	throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	182	"Not EC/XDH server certificate for " +
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	183	"ECDH client key exchange");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	184	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	185
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	186	if (namedGroup == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	187	throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	188	"Unsupported EC/XDH server cert for " +
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	189	"ECDH client key exchange");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	190	}
2 90ce3da70b43 Initial load duke parents: diff changeset	191
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	192	SSLPossession sslPossession = namedGroup.createPossession(
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	193	chc.sslContext.getSecureRandom());
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	194
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	195	chc.handshakePossessions.add(sslPossession);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	196	ECDHClientKeyExchangeMessage cke =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	197	new ECDHClientKeyExchangeMessage(
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	198	chc, sslPossession.encode());
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	199	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	200	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	201	"Produced ECDH ClientKeyExchange handshake message", cke);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	202	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	203
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	204	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	205	cke.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	206	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	207
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	208	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	209	SSLKeyExchange ke = SSLKeyExchange.valueOf(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	210	chc.negotiatedCipherSuite.keyExchange,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	211	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	212	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	213	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	214	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	215	"Not supported key exchange type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	216	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	217	SSLKeyDerivation masterKD = ke.createKeyDerivation(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	218	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	219	masterKD.deriveKey("MasterSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	220	chc.handshakeSession.setMasterSecret(masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	221
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	222	SSLTrafficKeyDerivation kd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	223	SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	224	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	225	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	226	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	227	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	228	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	229	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	230	chc.handshakeKeyDerivation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	231	kd.createKeyDerivation(chc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	232	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	233	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	234
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	235	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	236	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	237	}
2 90ce3da70b43 Initial load duke parents: diff changeset	238	}
90ce3da70b43 Initial load duke parents: diff changeset	239
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	240	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	241	* The ECDH "ClientKeyExchange" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	242	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	243	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	244	class ECDHClientKeyExchangeConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	245	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	246	private ECDHClientKeyExchangeConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	247	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	248	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	249
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	250	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	251	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	252	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	253	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	254	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	255
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	256	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	257	for (SSLPossession possession : shc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	258	if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	259	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	260	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	261	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	262	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	263
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	264	if (x509Possession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	265	// unlikely, have been checked during cipher suite negotiation.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	266	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	267	"No expected EC server cert for ECDH client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	268	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	269
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	270	// Determine which NamedGroup we'll be using, then use
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	271	// the creator functions.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	272	NamedGroup namedGroup = null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	273
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	274	// Iteratively determine the X509Possession type's ParameterSpec.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	275	ECParameterSpec ecParams = x509Possession.getECParameterSpec();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	276	NamedParameterSpec namedParams = null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	277	if (ecParams != null) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	278	namedGroup = NamedGroup.valueOf(ecParams);
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	279	}
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	280
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	281	// Wasn't EC, try XEC.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	282	if (ecParams == null) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	283	namedParams = x509Possession.getXECParameterSpec();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	284	namedGroup = NamedGroup.nameOf(namedParams.getName());
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	285	}
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	286
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	287	// Can't figure this out, bail.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	288	if ((ecParams == null) && (namedParams == null)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	289	// unlikely, have been checked during cipher suite negotiation.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	290	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	291	"Not EC/XDH server cert for ECDH client key exchange");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	292	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	293
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	294	// unlikely, have been checked during cipher suite negotiation.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	295	if (namedGroup == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	296	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	297	"Unknown named group in server cert for " +
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	298	"ECDH client key exchange");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	299	}
2 90ce3da70b43 Initial load duke parents: diff changeset	300
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	301	SSLKeyExchange ke = SSLKeyExchange.valueOf(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	302	shc.negotiatedCipherSuite.keyExchange,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	303	shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	304	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	305	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	306	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	307	"Not supported key exchange type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	308	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	309
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	310	// parse either handshake message containing either EC/XEC.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	311	ECDHClientKeyExchangeMessage cke =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	312	new ECDHClientKeyExchangeMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	313	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	314	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	315	"Consuming ECDH ClientKeyExchange handshake message", cke);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	316	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	317
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	318	// create the credentials
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	319	try {
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	320	NamedGroup ng = namedGroup; // "effectively final" the lambda
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	321	// AlgorithmConstraints are checked internally.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	322	SSLCredentials sslCredentials = namedGroup.decodeCredentials(
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	323	cke.encodedPoint, shc.algorithmConstraints,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	324	s -> shc.conContext.fatal(Alert.INSUFFICIENT_SECURITY,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	325	"ClientKeyExchange " + ng + ": " + s));
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	326
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	327	shc.handshakeCredentials.add(sslCredentials);
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	328	} catch (GeneralSecurityException e) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	329	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	330	"Cannot decode ECDH PublicKey: " + namedGroup);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	331	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	332
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	333	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	334	SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	335	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	336	masterKD.deriveKey("MasterSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	337	shc.handshakeSession.setMasterSecret(masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	338
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	339	SSLTrafficKeyDerivation kd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	340	SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	341	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	342	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	343	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	344	"Not supported key derivation: " + shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	345	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	346	shc.handshakeKeyDerivation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	347	kd.createKeyDerivation(shc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	348	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	349	}
2 90ce3da70b43 Initial load duke parents: diff changeset	350	}
90ce3da70b43 Initial load duke parents: diff changeset	351
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	352	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	353	* The ECDHE "ClientKeyExchange" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	354	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	355	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	356	class ECDHEClientKeyExchangeProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	357	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	358	private ECDHEClientKeyExchangeProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	359	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	360	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	361
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	362	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	363	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	364	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	365	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	366	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	367
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	368	SSLCredentials sslCredentials = null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	369	NamedGroup ng = null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	370	PublicKey publicKey = null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	371
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	372	// Find a good EC/XEC credential to use, determine the
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	373	// NamedGroup to use for creating Possessions/Credentials/Keys.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	374	for (SSLCredentials cd : chc.handshakeCredentials) {
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	375	if (cd instanceof NamedGroupCredentials) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	376	NamedGroupCredentials creds = (NamedGroupCredentials)cd;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	377	ng = creds.getNamedGroup();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	378	publicKey = creds.getPublicKey();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	379	sslCredentials = cd;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	380	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	381	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	382	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	383
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	384	if (sslCredentials == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	385	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	386	"No ECDHE credentials negotiated for client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	387	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	388
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	389	SSLPossession sslPossession = ng.createPossession(
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	390	chc.sslContext.getSecureRandom());
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	391
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	392	chc.handshakePossessions.add(sslPossession);
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	393
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	394	// Write the EC/XEC message.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	395	ECDHClientKeyExchangeMessage cke =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	396	new ECDHClientKeyExchangeMessage(
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	397	chc, sslPossession.encode());
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	398
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	399	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	400	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	401	"Produced ECDHE ClientKeyExchange handshake message", cke);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	402	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	403
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	404	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	405	cke.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	406	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	407
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	408	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	409	SSLKeyExchange ke = SSLKeyExchange.valueOf(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	410	chc.negotiatedCipherSuite.keyExchange,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	411	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	412	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	413	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	414	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	415	"Not supported key exchange type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	416	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	417	SSLKeyDerivation masterKD = ke.createKeyDerivation(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	418	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	419	masterKD.deriveKey("MasterSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	420	chc.handshakeSession.setMasterSecret(masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	421
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	422	SSLTrafficKeyDerivation kd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	423	SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	424	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	425	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	426	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	427	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	428	chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	429	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	430	chc.handshakeKeyDerivation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	431	kd.createKeyDerivation(chc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	432	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	433	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	434
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	435	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	436	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	437	}
2 90ce3da70b43 Initial load duke parents: diff changeset	438	}
90ce3da70b43 Initial load duke parents: diff changeset	439
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	440	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	441	* The ECDHE "ClientKeyExchange" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	442	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	443	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	444	class ECDHEClientKeyExchangeConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	445	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	446	private ECDHEClientKeyExchangeConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	447	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	448	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	449
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	450	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	451	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	452	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	453	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	454	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	455
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	456	SSLPossession sslPossession = null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	457	NamedGroup namedGroup = null;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	458
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	459	// Find a good EC/XEC credential to use, determine the
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	460	// NamedGroup to use for creating Possessions/Credentials/Keys.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	461	for (SSLPossession possession : shc.handshakePossessions) {
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	462	if (possession instanceof NamedGroupPossession) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	463	NamedGroupPossession poss =
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	464	(NamedGroupPossession)possession;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	465	namedGroup = poss.getNamedGroup();
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	466	sslPossession = poss;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	467	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	468	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	469	}
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	470
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	471	if (sslPossession == null) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	472	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	473	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	474	"No expected ECDHE possessions for client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	475	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	476
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	477	if (namedGroup == null) {
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	478	// unlikely, have been checked during cipher suite negotiation
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	479	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	480	"Unsupported EC server cert for ECDHE client key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	481	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	482
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	483	SSLKeyExchange ke = SSLKeyExchange.valueOf(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	484	shc.negotiatedCipherSuite.keyExchange,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	485	shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	486	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	487	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	488	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	489	"Not supported key exchange type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	490	}
2 90ce3da70b43 Initial load duke parents: diff changeset	491
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	492	// parse the EC/XEC handshake message
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	493	ECDHClientKeyExchangeMessage cke =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	494	new ECDHClientKeyExchangeMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	495	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	496	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	497	"Consuming ECDHE ClientKeyExchange handshake message", cke);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	498	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	499
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	500	// create the credentials
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	501	try {
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	502	NamedGroup ng = namedGroup; // "effectively final" the lambda
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	503	// AlgorithmConstraints are checked internally.
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	504	SSLCredentials sslCredentials = namedGroup.decodeCredentials(
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	505	cke.encodedPoint, shc.algorithmConstraints,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	506	s -> shc.conContext.fatal(Alert.INSUFFICIENT_SECURITY,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	507	"ClientKeyExchange " + ng + ": " + s));
2 90ce3da70b43 Initial load duke parents: diff changeset	508
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	509	shc.handshakeCredentials.add(sslCredentials);
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	510	} catch (GeneralSecurityException e) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	511	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54417 diff changeset	512	"Cannot decode named group: " + namedGroup);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	513	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	514
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	515	// update the states
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	516	SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	517	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	518	masterKD.deriveKey("MasterSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	519	shc.handshakeSession.setMasterSecret(masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	520
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	521	SSLTrafficKeyDerivation kd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	522	SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	523	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	524	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	525	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	526	"Not supported key derivation: " + shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	527	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	528	shc.handshakeKeyDerivation =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	529	kd.createKeyDerivation(shc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	530	}
2 90ce3da70b43 Initial load duke parents: diff changeset	531	}
90ce3da70b43 Initial load duke parents: diff changeset	532	}
90ce3da70b43 Initial load duke parents: diff changeset	533	}

author	wetmore
	Wed, 12 Jun 2019 18:58:00 -0700
changeset 55353	946f7f2d321c
parent 54417	f87041131515
permissions	-rw-r--r--