jdk-sandbox: src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java@946f7f2d321c (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.Map;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import sun.security.ssl.KeyShareExtension.CHKeyShareSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import sun.security.ssl.SSLExtension.ExtensionConsumer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	* Pack of the "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	final class KeyShareExtension {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	static final HandshakeProducer chNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	new CHKeyShareProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	static final ExtensionConsumer chOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	new CHKeyShareConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	static final SSLStringizer chStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	new CHKeyShareStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	static final HandshakeProducer shNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	new SHKeyShareProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	static final ExtensionConsumer shOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	new SHKeyShareConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	static final HandshakeAbsence shOnLoadAbsence =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	new SHKeyShareAbsence();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	static final SSLStringizer shStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	new SHKeyShareStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	static final HandshakeProducer hrrNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	new HRRKeyShareProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	static final ExtensionConsumer hrrOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	new HRRKeyShareConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	static final HandshakeProducer hrrNetworkReproducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	new HRRKeyShareReproducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	static final SSLStringizer hrrStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	new HRRKeyShareStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	* The key share entry used in "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	private static final class KeyShareEntry {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	final int namedGroupId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	final byte[] keyExchange;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	private KeyShareEntry(int namedGroupId, byte[] keyExchange) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	this.namedGroupId = namedGroupId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	this.keyExchange = keyExchange;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	private byte[] getEncoded() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	byte[] buffer = new byte[keyExchange.length + 4];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	// 2: named group id
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	// +2: key exchange length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	ByteBuffer m = ByteBuffer.wrap(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	Record.putInt16(m, namedGroupId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	Record.putBytes16(m, keyExchange);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	"Unlikely IOException", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	return buffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	private int getEncodedSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	return keyExchange.length + 4; // 2: named group id
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	// +2: key exchange length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	"\n'{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	" \"named group\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	" \"key_exchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	"'}',", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	NamedGroup.nameOf(namedGroupId),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	Utilities.indent(hexEncoder.encode(keyExchange), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	* The "key_share" extension in a ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	static final class CHKeyShareSpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	final List<KeyShareEntry> clientShares;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	private CHKeyShareSpec(List<KeyShareEntry> clientShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	this.clientShares = clientShares;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	private CHKeyShareSpec(ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	// KeyShareEntry client_shares<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	// } KeyShareClientHello;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	if (buffer.remaining() < 2) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	"Invalid key_share extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	"insufficient data (length=" + buffer.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	int listLen = Record.getInt16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	if (listLen != buffer.remaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	"Invalid key_share extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	"incorrect list length (length=" + listLen + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	List<KeyShareEntry> keyShares = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	while (buffer.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	int namedGroupId = Record.getInt16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	byte[] keyExchange = Record.getBytes16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	if (keyExchange.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	"Invalid key_share extension: empty key_exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	keyShares.add(new KeyShareEntry(namedGroupId, keyExchange));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	this.clientShares = Collections.unmodifiableList(keyShares);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	"\"client_shares\": '['{0}\n']'", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	StringBuilder builder = new StringBuilder(512);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	for (KeyShareEntry entry : clientShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	builder.append(entry.toString());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	Utilities.indent(builder.toString())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	private static final class CHKeyShareStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	return (new CHKeyShareSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	* Network data producer of the extension in a ClientHello
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	class CHKeyShareProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	private CHKeyShareProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	if (!chc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	"Ignore unavailable key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	List<NamedGroup> namedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	if (chc.serverSelectedNamedGroup != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	// Response to HelloRetryRequest
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	namedGroups = Arrays.asList(chc.serverSelectedNamedGroup);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	namedGroups = chc.clientRequestedNamedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	if (namedGroups == null \|\| namedGroups.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	// No supported groups.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	"Ignore key_share extension, no supported groups");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	List<KeyShareEntry> keyShares = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	for (NamedGroup ng : namedGroups) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	"No key exchange for named group " + ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	SSLPossession[] poses = ke.createPossessions(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	for (SSLPossession pos : poses) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	chc.handshakePossessions.add(pos);
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	259	if (!(pos instanceof NamedGroupPossession)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	// May need more possesion types in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	keyShares.add(new KeyShareEntry(ng.id, pos.encode()));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	// One key share entry only. Too much key share entries makes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	// the ClientHello handshake message really big.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	if (!keyShares.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	int listLen = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	for (KeyShareEntry entry : keyShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	listLen += entry.getEncodedSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	byte[] extData = new byte[listLen + 2]; // 2: list length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	Record.putInt16(m, listLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	for (KeyShareEntry entry : keyShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	m.put(entry.getEncoded());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	chc.handshakeExtensions.put(SSLExtension.CH_KEY_SHARE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	new CHKeyShareSpec(keyShares));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	* Network data consumer of the extension in a ClientHello
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	private static final class CHKeyShareConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	private CHKeyShareConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	if (shc.handshakeExtensions.containsKey(SSLExtension.CH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	"The key_share extension has been loaded");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	if (!shc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	"Ignore unavailable key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	// Parse the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	CHKeyShareSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	spec = new CHKeyShareSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	} catch (IOException ioe) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	331	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	List<SSLCredentials> credentials = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	for (KeyShareEntry entry : spec.clientShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	NamedGroup ng = NamedGroup.valueOf(entry.namedGroupId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	if (ng == null \|\| !SupportedGroups.isActivatable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	shc.sslConfig.algorithmConstraints, ng)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	"Ignore unsupported named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	NamedGroup.nameOf(entry.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	347	try {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	348	SSLCredentials kaCred =
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	349	ng.decodeCredentials(entry.keyExchange,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	350	shc.algorithmConstraints,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	351	s -> SSLLogger.warning(s));
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	352	if (kaCred != null) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	353	credentials.add(kaCred);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	}
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	355	} catch (GeneralSecurityException ex) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	356	SSLLogger.warning(
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	357	"Cannot decode named group: " +
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	358	NamedGroup.nameOf(entry.namedGroupId));
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	if (!credentials.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	shc.handshakeCredentials.addAll(credentials);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	// New handshake credentials are required from the client side.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	shc.handshakeProducers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	SSLHandshake.HELLO_RETRY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	SSLHandshake.HELLO_RETRY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	shc.handshakeExtensions.put(SSLExtension.CH_KEY_SHARE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	* The key share entry used in ServerHello "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	static final class SHKeyShareSpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	final KeyShareEntry serverShare;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	SHKeyShareSpec(KeyShareEntry serverShare) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	this.serverShare = serverShare;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	private SHKeyShareSpec(ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	// KeyShareEntry server_share;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	// } KeyShareServerHello;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	if (buffer.remaining() < 5) { // 5: minimal server_share
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	"Invalid key_share extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	"insufficient data (length=" + buffer.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	int namedGroupId = Record.getInt16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	byte[] keyExchange = Record.getBytes16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	if (buffer.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	"Invalid key_share extension: unknown extra data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	this.serverShare = new KeyShareEntry(namedGroupId, keyExchange);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	"\"server_share\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	" \"named group\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	" \"key_exchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	"'}',", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	NamedGroup.nameOf(serverShare.namedGroupId),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	hexEncoder.encode(serverShare.keyExchange), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	private static final class SHKeyShareStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	return (new SHKeyShareSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	* Network data producer of the extension in a ServerHello
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	private static final class SHKeyShareProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	private SHKeyShareProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	// In response to key_share request only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	CHKeyShareSpec kss =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	(CHKeyShareSpec)shc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	SSLExtension.CH_KEY_SHARE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	if (kss == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461	// Unlikely, no key_share extension requested.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	"Ignore, no client key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	if (!shc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	"Ignore, no available server key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	// use requested key share entries
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	if ((shc.handshakeCredentials == null) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	shc.handshakeCredentials.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	// Unlikely, HelloRetryRequest should be used ealier.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	"No available client key share entries");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	KeyShareEntry keyShare = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	for (SSLCredentials cd : shc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	NamedGroup ng = null;
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	492	if (cd instanceof NamedGroupCredentials) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	493	NamedGroupCredentials creds = (NamedGroupCredentials)cd;
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	494	ng = creds.getNamedGroup();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	if (ng == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	"No key exchange for named group " + ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	SSLPossession[] poses = ke.createPossessions(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	for (SSLPossession pos : poses) {
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	512	if (!(pos instanceof NamedGroupPossession)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	// May need more possesion types in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	shc.handshakeKeyExchange = ke;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	shc.handshakePossessions.add(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	keyShare = new KeyShareEntry(ng.id, pos.encode());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	if (keyShare != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	for (Map.Entry<Byte, HandshakeProducer> me :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	ke.getHandshakeProducers(shc)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	shc.handshakeProducers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	me.getKey(), me.getValue());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	531	// We have got one! Don't forget to break.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	if (keyShare == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	// Unlikely, HelloRetryRequest should be used instead ealier.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	"No available server key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	byte[] extData = keyShare.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	SHKeyShareSpec spec = new SHKeyShareSpec(keyShare);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	shc.handshakeExtensions.put(SSLExtension.SH_KEY_SHARE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	* Network data consumer of the extension in a ServerHello
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	private static final class SHKeyShareConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	private SHKeyShareConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	// Happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	if (chc.clientRequestedNamedGroups == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	chc.clientRequestedNamedGroups.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	// No supported groups.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	573	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	"Unexpected key_share extension in ServerHello");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	if (!chc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	579	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	"Unsupported key_share extension in ServerHello");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	// Parse the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	SHKeyShareSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	spec = new SHKeyShareSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	} catch (IOException ioe) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	588	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	KeyShareEntry keyShare = spec.serverShare;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	NamedGroup ng = NamedGroup.valueOf(keyShare.namedGroupId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	if (ng == null \|\| !SupportedGroups.isActivatable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	chc.sslConfig.algorithmConstraints, ng)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	595	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	"Unsupported named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	NamedGroup.nameOf(keyShare.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601	if (ke == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	602	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	"No key exchange for named group " + ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	SSLCredentials credentials = null;
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	607	try {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	608	SSLCredentials kaCred = ng.decodeCredentials(
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	609	keyShare.keyExchange, chc.algorithmConstraints,
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	610	s -> chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, s));
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	611	if (kaCred != null) {
946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	612	credentials = kaCred;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	}
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	614	} catch (GeneralSecurityException ex) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	615	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 53064 diff changeset	616	"Cannot decode named group: " +
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	NamedGroup.nameOf(keyShare.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	if (credentials == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	621	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	"Unsupported named group: " + ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	chc.handshakeKeyExchange = ke;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	chc.handshakeCredentials.add(credentials);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	chc.handshakeExtensions.put(SSLExtension.SH_KEY_SHARE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	* The absence processing if the extension is not present in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	* the ServerHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	private static final class SHKeyShareAbsence implements HandshakeAbsence {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	public void absent(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	// Cannot use the previous requested key shares any more.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	"No key_share extension in ServerHello, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	"cleanup the key shares if necessary");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	chc.handshakePossessions.clear();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	* The key share entry used in HelloRetryRequest "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	static final class HRRKeyShareSpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	final int selectedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	HRRKeyShareSpec(NamedGroup serverGroup) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	this.selectedGroup = serverGroup.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	private HRRKeyShareSpec(ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	// NamedGroup selected_group;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	// } KeyShareHelloRetryRequest;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	if (buffer.remaining() != 2) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	"Invalid key_share extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	"improper data (length=" + buffer.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	this.selectedGroup = Record.getInt16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	"\"selected group\": '['{0}']'", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	NamedGroup.nameOf(selectedGroup)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	private static final class HRRKeyShareStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	return (new HRRKeyShareSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	* Network data producer of the extension in a HelloRetryRequest
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	class HRRKeyShareProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707	private HRRKeyShareProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	ServerHandshakeContext shc = (ServerHandshakeContext) context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	719	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720	"Unsupported key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	721	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	723	if (shc.clientRequestedNamedGroups == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	724	shc.clientRequestedNamedGroups.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	// No supported groups.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	726	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	"Unexpected key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730	NamedGroup selectedGroup = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	for (NamedGroup ng : shc.clientRequestedNamedGroups) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732	if (SupportedGroups.isActivatable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	shc.sslConfig.algorithmConstraints, ng)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	"HelloRetryRequest selected named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740	selectedGroup = ng;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	if (selectedGroup == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	746	throw shc.conContext.fatal(
53056 9041178a0b69 8214339: SSLSocketImpl erroneously wraps SocketException xuelei parents: 50768 diff changeset	747	Alert.UNEXPECTED_MESSAGE, "No common named group");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750	byte[] extdata = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	(byte)((selectedGroup.id >> 8) & 0xFF),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	(byte)(selectedGroup.id & 0xFF)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756	shc.serverSelectedNamedGroup = selectedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	shc.handshakeExtensions.put(SSLExtension.HRR_KEY_SHARE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758	new HRRKeyShareSpec(selectedGroup));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	return extdata;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765	* Network data producer of the extension for stateless
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	* HelloRetryRequest reconstruction.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	class HRRKeyShareReproducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	private HRRKeyShareReproducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	ServerHandshakeContext shc = (ServerHandshakeContext) context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	783	throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784	"Unsupported key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	CHKeyShareSpec spec = (CHKeyShareSpec)shc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788	SSLExtension.CH_KEY_SHARE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789	if (spec != null && spec.clientShares != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790	spec.clientShares.size() == 1) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	int namedGroupId = spec.clientShares.get(0).namedGroupId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	byte[] extdata = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	(byte)((namedGroupId >> 8) & 0xFF),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	(byte)(namedGroupId & 0xFF)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	return extdata;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	* Network data consumer of the extension in a HelloRetryRequest
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	class HRRKeyShareConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	private HRRKeyShareConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823	if (!chc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	824	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	"Unsupported key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	if (chc.clientRequestedNamedGroups == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829	chc.clientRequestedNamedGroups.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830	// No supported groups.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	831	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	"Unexpected key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835	// Parse the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	HRRKeyShareSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	spec = new HRRKeyShareSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	} catch (IOException ioe) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	840	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843	NamedGroup serverGroup = NamedGroup.valueOf(spec.selectedGroup);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	if (serverGroup == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	845	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	"Unsupported HelloRetryRequest selected group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	NamedGroup.nameOf(spec.selectedGroup));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	if (!chc.clientRequestedNamedGroups.contains(serverGroup)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 53056 diff changeset	851	throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	"Unexpected HelloRetryRequest selected group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	serverGroup.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	// When sending the new ClientHello, the client MUST replace the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	// original "key_share" extension with one containing only a new
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	// KeyShareEntry for the group indicated in the selected_group
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861	// field of the triggering HelloRetryRequest.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	chc.serverSelectedNamedGroup = serverGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	chc.handshakeExtensions.put(SSLExtension.HRR_KEY_SHARE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867	}

author	wetmore
	Wed, 12 Jun 2019 18:58:00 -0700
changeset 55353	946f7f2d321c
parent 53064	103ed9569fc8
permissions	-rw-r--r--