jdk-sandbox: src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java@9c3209ff7550 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.math.BigInteger;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.CryptoPrimitive;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.security.InvalidAlgorithmParameterException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.security.InvalidKeyException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.security.Key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.security.KeyFactory;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.security.NoSuchAlgorithmException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.security.PrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import java.security.PublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import java.security.Signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import java.security.SignatureException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import java.util.EnumSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	import javax.crypto.interfaces.DHPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	import javax.crypto.spec.DHParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import javax.crypto.spec.DHPublicKeySpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	import sun.security.ssl.DHKeyExchange.DHECredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	import sun.security.ssl.DHKeyExchange.DHEPossession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	import sun.security.util.KeyUtil;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	* Pack of the ServerKeyExchange handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	final class DHServerKeyExchange {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	static final SSLConsumer dhHandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	new DHServerKeyExchangeConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	static final HandshakeProducer dhHandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	new DHServerKeyExchangeProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	* The DiffieHellman ServerKeyExchange handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	class DHServerKeyExchangeMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	// public key encapsulated in this message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	private final byte[] p; // 1 to 2^16 - 1 bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	private final byte[] g; // 1 to 2^16 - 1 bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	private final byte[] y; // 1 to 2^16 - 1 bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	// the signature algorithm used by this ServerKeyExchange message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	private final boolean useExplicitSigAlgorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	private final SignatureScheme signatureScheme;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	// signature bytes, or null if anonymous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	private final byte[] paramsSignature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	DHServerKeyExchangeMessage(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	HandshakeContext handshakeContext) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	ServerHandshakeContext shc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	(ServerHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	DHEPossession dhePossession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	for (SSLPossession possession : shc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	if (possession instanceof DHEPossession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	dhePossession = (DHEPossession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	if (x509Possession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	} else if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	if (dhePossession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	if (dhePossession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	// unlikely
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	108	throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	"No DHE credentials negotiated for server key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	DHPublicKey publicKey = dhePossession.publicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	DHParameterSpec params = publicKey.getParams();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	this.p = Utilities.toByteArray(params.getP());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	this.g = Utilities.toByteArray(params.getG());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	this.y = Utilities.toByteArray(publicKey.getY());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	if (x509Possession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	// anonymous, no authentication, no signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	paramsSignature = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	signatureScheme = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	useExplicitSigAlgorithm = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	useExplicitSigAlgorithm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	shc.negotiatedProtocol.useTLS12PlusSpec();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	Signature signer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	signatureScheme = SignatureScheme.getPreferableAlgorithm(
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55353 diff changeset	128	shc.algorithmConstraints,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	shc.peerRequestedSignatureSchemes,
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	130	x509Possession,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	if (signatureScheme == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	// Unlikely, the credentials generator should have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	// selected the preferable signature algorithm properly.
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	135	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	"No preferred signature algorithm");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	signer = signatureScheme.getSignature(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	} catch (NoSuchAlgorithmException \| InvalidKeyException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	InvalidAlgorithmParameterException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	143	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	"Unsupported signature algorithm: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	signatureScheme.name, nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	signatureScheme = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	signer = getSignature(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	x509Possession.popPrivateKey.getAlgorithm(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	x509Possession.popPrivateKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	} catch (NoSuchAlgorithmException \| InvalidKeyException e) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	154	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	"Unsupported signature algorithm: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	x509Possession.popPrivateKey.getAlgorithm(), e);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	byte[] signature = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	updateSignature(signer, shc.clientHelloRandom.randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	shc.serverHelloRandom.randomBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	signature = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	} catch (SignatureException ex) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	166	throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	"Failed to sign dhe parameters: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	x509Possession.popPrivateKey.getAlgorithm(), ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	paramsSignature = signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	DHServerKeyExchangeMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	ClientHandshakeContext chc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	(ClientHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	this.p = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	this.g = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	this.y = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	KeyUtil.validate(new DHPublicKeySpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	new BigInteger(1, y),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	new BigInteger(1, p),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	new BigInteger(1, p)));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	} catch (InvalidKeyException ike) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	192	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	"Invalid DH ServerKeyExchange: invalid parameters", ike);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	for (SSLCredentials cd : chc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	if (x509Credentials == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	// anonymous, no authentication, no signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	if (m.hasRemaining()) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	207	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	"Invalid DH ServerKeyExchange: unknown extra data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	this.signatureScheme = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	this.paramsSignature = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	this.useExplicitSigAlgorithm = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	this.useExplicitSigAlgorithm =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	chc.negotiatedProtocol.useTLS12PlusSpec();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	int ssid = Record.getInt16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	signatureScheme = SignatureScheme.valueOf(ssid);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	if (signatureScheme == null) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	224	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	"Invalid signature algorithm (" + ssid +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	") used in DH ServerKeyExchange handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	if (!chc.localSupportedSignAlgs.contains(signatureScheme)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	230	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	"Unsupported signature algorithm (" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	signatureScheme.name +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	") used in DH ServerKeyExchange handshake message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	this.signatureScheme = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	// read and verify the signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	this.paramsSignature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	Signature signer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	signer = signatureScheme.getSignature(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	} catch (NoSuchAlgorithmException \| InvalidKeyException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	InvalidAlgorithmParameterException nsae) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	248	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	"Unsupported signature algorithm: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	signatureScheme.name, nsae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	signer = getSignature(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	x509Credentials.popPublicKey.getAlgorithm(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	} catch (NoSuchAlgorithmException \| InvalidKeyException e) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	258	throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	"Unsupported signature algorithm: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	x509Credentials.popPublicKey.getAlgorithm(), e);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	updateSignature(signer,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	chc.clientHelloRandom.randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	chc.serverHelloRandom.randomBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	if (!signer.verify(paramsSignature)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	270	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	"Invalid signature on DH ServerKeyExchange message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	} catch (SignatureException ex) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	274	throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	"Cannot verify DH ServerKeyExchange signature", ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	return SSLHandshake.SERVER_KEY_EXCHANGE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	int sigLen = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	if (paramsSignature != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	sigLen = 2 + paramsSignature.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	sigLen += SignatureScheme.sizeInRecord();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	return 6 + p.length + g.length + y.length + sigLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	// 6: overhead for p, g, y values
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	hos.putBytes16(p);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	hos.putBytes16(g);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	hos.putBytes16(y);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	if (paramsSignature != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	hos.putInt16(signatureScheme.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	hos.putBytes16(paramsSignature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	if (paramsSignature == null) { // anonymous
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	"\"DH ServerKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	" \"parameters\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	" \"dh_p\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	" \"dh_g\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	" \"dh_Ys\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	"{2}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	hexEncoder.encodeBuffer(p), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	hexEncoder.encodeBuffer(g), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	hexEncoder.encodeBuffer(y), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	if (useExplicitSigAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	"\"DH ServerKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	" \"parameters\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	" \"dh_p\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	" \"dh_g\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	" \"dh_Ys\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	"{2}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	" \"digital signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	" \"signature algorithm\": \"{3}\"\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	"{4}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	hexEncoder.encodeBuffer(p), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	hexEncoder.encodeBuffer(g), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	hexEncoder.encodeBuffer(y), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	signatureScheme.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	hexEncoder.encodeBuffer(paramsSignature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	"\"DH ServerKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	" \"parameters\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	" \"dh_p\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	" \"dh_g\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	" \"dh_Ys\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	"{2}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	"{3}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	hexEncoder.encodeBuffer(p), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	hexEncoder.encodeBuffer(g), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	hexEncoder.encodeBuffer(y), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	hexEncoder.encodeBuffer(paramsSignature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	private static Signature getSignature(String keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	Key key) throws NoSuchAlgorithmException, InvalidKeyException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	Signature signer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	switch (keyAlgorithm) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	case "DSA":
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	423	signer = Signature.getInstance(JsseJce.SIGNATURE_DSA);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	case "RSA":
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	signer = RSASignature.getInstance();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	throw new NoSuchAlgorithmException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	"neither an RSA or a DSA key : " + keyAlgorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	if (signer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	if (key instanceof PublicKey) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	signer.initVerify((PublicKey)(key));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	signer.initSign((PrivateKey)key);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	return signer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	* Update sig with nonces and Diffie-Hellman public key.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	private void updateSignature(Signature sig, byte[] clntNonce,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	byte[] svrNonce) throws SignatureException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	int tmp;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	sig.update(clntNonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	sig.update(svrNonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	sig.update((byte)(p.length >> 8));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	sig.update((byte)(p.length & 0x0ff));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	sig.update(p);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	sig.update((byte)(g.length >> 8));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	sig.update((byte)(g.length & 0x0ff));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	sig.update(g);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	sig.update((byte)(y.length >> 8));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	sig.update((byte)(y.length & 0x0ff));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	sig.update(y);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	* The DiffieHellman "ServerKeyExchange" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	static final class DHServerKeyExchangeProducer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	private DHServerKeyExchangeProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	DHServerKeyExchangeMessage skem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	new DHServerKeyExchangeMessage(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487	"Produced DH ServerKeyExchange handshake message", skem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	skem.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	* The DiffieHellman "ServerKeyExchange" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	static final class DHServerKeyExchangeConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	private DHServerKeyExchangeConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	// The consuming happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	DHServerKeyExchangeMessage skem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	new DHServerKeyExchangeMessage(chc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	"Consuming DH ServerKeyExchange handshake message", skem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	// check constraints of EC PublicKey
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	DHPublicKey publicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	try {
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 53064 diff changeset	527	KeyFactory kf = KeyFactory.getInstance("DiffieHellman");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	DHPublicKeySpec spec = new DHPublicKeySpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	new BigInteger(1, skem.y),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	new BigInteger(1, skem.p),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	new BigInteger(1, skem.g));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	publicKey = (DHPublicKey)kf.generatePublic(spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	} catch (GeneralSecurityException gse) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	534	throw chc.conContext.fatal(Alert.INSUFFICIENT_SECURITY,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	"Could not generate DHPublicKey", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	if (!chc.algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
53064 103ed9569fc8 8215443: The use of TransportContext.fatal() leads to bad coding style xuelei parents: 50768 diff changeset	540	throw chc.conContext.fatal(Alert.INSUFFICIENT_SECURITY,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	"DH ServerKeyExchange does not comply to " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	"algorithm constraints");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	NamedGroup namedGroup = NamedGroup.valueOf(publicKey.getParams());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	chc.handshakeCredentials.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	new DHECredentials(publicKey, namedGroup));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559

author	chegar
	Thu, 17 Oct 2019 20:54:25 +0100
branch	datagramsocketimpl-branch
changeset 58679	9c3209ff7550
parent 58678	9cf78a70fa4f
parent 57718	a93b7b28f644
permissions	-rw-r--r--