jdk-sandbox: src/java.base/share/classes/sun/security/ssl/RSAServerKeyExchange.java@a929ad0569ee (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.math.BigInteger;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.CryptoPrimitive;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.security.InvalidKeyException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.security.KeyFactory;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.security.NoSuchAlgorithmException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.security.Signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.security.SignatureException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.security.interfaces.RSAPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import java.security.spec.RSAPublicKeySpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import java.util.EnumSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import sun.security.ssl.RSAKeyExchange.EphemeralRSACredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import sun.security.ssl.RSAKeyExchange.EphemeralRSAPossession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	import sun.security.ssl.X509Authentication.X509Credentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	* Pack of the ServerKeyExchange handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	final class RSAServerKeyExchange {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	static final SSLConsumer rsaHandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	new RSAServerKeyExchangeConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	static final HandshakeProducer rsaHandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	new RSAServerKeyExchangeProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	* The ephemeral RSA ServerKeyExchange handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	* Used for RSA_EXPORT, SSL 3.0 and TLS 1.0 only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	class RSAServerKeyExchangeMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	// public key encapsulated in this message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	private final byte[] modulus; // 1 to 2^16 - 1 bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	private final byte[] exponent; // 1 to 2^16 - 1 bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	// signature bytes, none-null as no anonymous RSA key exchange.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	private final byte[] paramsSignature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	private RSAServerKeyExchangeMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	X509Possession x509Possession,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	EphemeralRSAPossession rsaPossession) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	// This happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	ServerHandshakeContext shc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	(ServerHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	RSAPublicKey publicKey = rsaPossession.popPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	RSAPublicKeySpec spec = JsseJce.getRSAPublicKeySpec(publicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	this.modulus = Utilities.toByteArray(spec.getModulus());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	this.exponent = Utilities.toByteArray(spec.getPublicExponent());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	byte[] signature = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	Signature signer = RSASignature.getInstance();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	signer.initSign(x509Possession.popPrivateKey,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	shc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	updateSignature(signer,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	shc.clientHelloRandom.randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	shc.serverHelloRandom.randomBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	signature = signer.sign();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	InvalidKeyException \| SignatureException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	"Failed to sign ephemeral RSA parameters", ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	this.paramsSignature = signature;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	RSAServerKeyExchangeMessage(HandshakeContext handshakeContext,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	super(handshakeContext);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	// This happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	ClientHandshakeContext chc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	(ClientHandshakeContext)handshakeContext;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	this.modulus = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	this.exponent = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	this.paramsSignature = Record.getBytes16(m);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	X509Credentials x509Credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	for (SSLCredentials cd : chc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	if (cd instanceof X509Credentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	x509Credentials = (X509Credentials)cd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	if (x509Credentials == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	"No RSA credentials negotiated for server key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	Signature signer = RSASignature.getInstance();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	signer.initVerify(x509Credentials.popPublicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	updateSignature(signer,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	chc.clientHelloRandom.randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	chc.serverHelloRandom.randomBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	if (!signer.verify(paramsSignature)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	"Invalid signature of RSA ServerKeyExchange message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	} catch (NoSuchAlgorithmException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	InvalidKeyException \| SignatureException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	"Failed to sign ephemeral RSA parameters", ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	return SSLHandshake.SERVER_KEY_EXCHANGE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	return 6 + modulus.length + exponent.length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	+ paramsSignature.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	hos.putBytes16(modulus);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	hos.putBytes16(exponent);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	hos.putBytes16(paramsSignature);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	"\"RSA ServerKeyExchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	" \"parameters\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	" \"rsa_modulus\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	" \"rsa_exponent\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	" \"digital signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	" \"signature\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	"{2}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	" '}',\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	hexEncoder.encodeBuffer(modulus), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	hexEncoder.encodeBuffer(exponent), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	hexEncoder.encodeBuffer(paramsSignature), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	* Hash the nonces and the ephemeral RSA public key.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	private void updateSignature(Signature signature,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	byte[] clntNonce, byte[] svrNonce) throws SignatureException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	signature.update(clntNonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	signature.update(svrNonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	signature.update((byte)(modulus.length >> 8));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	signature.update((byte)(modulus.length & 0x0ff));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	signature.update(modulus);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	signature.update((byte)(exponent.length >> 8));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	signature.update((byte)(exponent.length & 0x0ff));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	signature.update(exponent);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	* The RSA "ServerKeyExchange" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	class RSAServerKeyExchangeProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	private RSAServerKeyExchangeProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	EphemeralRSAPossession rsaPossession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	X509Possession x509Possession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	for (SSLPossession possession : shc.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	if (possession instanceof EphemeralRSAPossession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	rsaPossession = (EphemeralRSAPossession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	if (x509Possession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	} else if (possession instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	x509Possession = (X509Possession)possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	if (rsaPossession != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	if (rsaPossession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	// The X.509 certificate itself should be used for RSA_EXPORT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	// key exchange. The ServerKeyExchange handshake message is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	// not needed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	} else if (x509Possession == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	"No RSA certificate negotiated for server key exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	} else if (!"RSA".equals(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	x509Possession.popPrivateKey.getAlgorithm())) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	"No X.509 possession can be used for " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	"ephemeral RSA ServerKeyExchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	RSAServerKeyExchangeMessage skem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	new RSAServerKeyExchangeMessage(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	shc, x509Possession, rsaPossession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	"Produced RSA ServerKeyExchange handshake message", skem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	skem.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	* The RSA "ServerKeyExchange" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	class RSAServerKeyExchangeConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	private RSAServerKeyExchangeConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	// The consuming happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	RSAServerKeyExchangeMessage skem =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297	new RSAServerKeyExchangeMessage(chc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	"Consuming RSA ServerKeyExchange handshake message", skem);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	// check constraints of RSA PublicKey
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	RSAPublicKey publicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	KeyFactory kf = JsseJce.getKeyFactory("RSA");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	RSAPublicKeySpec spec = new RSAPublicKeySpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	new BigInteger(1, skem.modulus),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	new BigInteger(1, skem.exponent));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	publicKey = (RSAPublicKey)kf.generatePublic(spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	chc.conContext.fatal(Alert.INSUFFICIENT_SECURITY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	"Could not generate RSAPublicKey", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	return; // make the compiler happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	if (!chc.algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	chc.conContext.fatal(Alert.INSUFFICIENT_SECURITY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	"RSA ServerKeyExchange does not comply to " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	"algorithm constraints");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	chc.handshakeCredentials.add(new EphemeralRSACredentials(publicKey));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	// Need no new handshake message producers here.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340

author	xuelei
	Thu, 13 Sep 2018 17:11:04 -0700
changeset 51733	a929ad0569ee
parent 50768	68fa3d4026ea
child 53064	103ed9569fc8
permissions	-rw-r--r--