jdk-sandbox: src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java@bafd8be2f970 (annotated)

56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	4	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	10	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	15	* accompanied this code).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	16	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	20	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	23	* questions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	24	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	25
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	26	package sun.security.ssl;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	27
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	28	import java.io.IOException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	29	import java.nio.ByteBuffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	30	import java.security.CryptoPrimitive;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	31	import java.security.GeneralSecurityException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	32	import java.text.MessageFormat;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	33	import java.util.Arrays;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	34	import java.util.Collections;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	35	import java.util.EnumSet;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	36	import java.util.LinkedList;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	37	import java.util.List;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	38	import java.util.Locale;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	39	import java.util.Map;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	40	import javax.net.ssl.SSLProtocolException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	41	import sun.security.ssl.DHKeyExchange.DHECredentials;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	42	import sun.security.ssl.DHKeyExchange.DHEPossession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	43	import sun.security.ssl.ECDHKeyExchange.ECDHECredentials;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	44	import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
56589 bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	45	import sun.security.ssl.XDHKeyExchange.XDHEPossession;
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	46	import sun.security.ssl.XDHKeyExchange.XDHECredentials;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	47	import sun.security.ssl.KeyShareExtension.CHKeyShareSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	48	import sun.security.ssl.SSLExtension.ExtensionConsumer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	49	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	50	import sun.security.ssl.SSLHandshake.HandshakeMessage;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	51	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	52	import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	53	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	54	import sun.security.util.HexDumpEncoder;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	55
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	56	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	57	* Pack of the "key_share" extensions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	58	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	59	final class KeyShareExtension {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	60	static final HandshakeProducer chNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	61	new CHKeyShareProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	62	static final ExtensionConsumer chOnLoadConcumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	63	new CHKeyShareConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	64	static final SSLStringize chStringize =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	65	new CHKeyShareStringize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	66
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	67	static final HandshakeProducer shNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	68	new SHKeyShareProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	69	static final ExtensionConsumer shOnLoadConcumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	70	new SHKeyShareConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	71	static final HandshakeAbsence shOnLoadAbsence =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	72	new SHKeyShareAbsence();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	73	static final SSLStringize shStringize =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	74	new SHKeyShareStringize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	75
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	76	static final HandshakeProducer hrrNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	77	new HRRKeyShareProducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	78	static final ExtensionConsumer hrrOnLoadConcumer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	79	new HRRKeyShareConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	80	static final HandshakeProducer hrrNetworkReproducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	81	new HRRKeyShareReproducer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	82	static final SSLStringize hrrStringize =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	83	new HRRKeyShareStringize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	84
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	85	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	86	* The key share entry used in "key_share" extensions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	87	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	88	private static final class KeyShareEntry {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	89	final int namedGroupId;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	90	final byte[] keyExchange;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	91
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	92	private KeyShareEntry(int namedGroupId, byte[] keyExchange) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	93	this.namedGroupId = namedGroupId;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	94	this.keyExchange = keyExchange;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	95	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	96
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	97	private byte[] getEncoded() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	98	byte[] buffer = new byte[keyExchange.length + 4];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	99	// 2: named group id
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	100	// +2: key exchange length
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	101	ByteBuffer m = ByteBuffer.wrap(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	102	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	103	Record.putInt16(m, namedGroupId);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	104	Record.putBytes16(m, keyExchange);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	105	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	106	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	107	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	108	"Unlikely IOException", ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	109	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	110	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	111
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	112	return buffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	113	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	114
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	115	private int getEncodedSize() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	116	return keyExchange.length + 4; // 2: named group id
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	117	// +2: key exchange length
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	118	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	119
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	120	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	121	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	122	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	123	"\n'{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	124	" \"named group\": {0}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	125	" \"key_exchange\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	126	"{1}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	127	" '}'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	128	"'}',", Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	129
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	130	HexDumpEncoder hexEncoder = new HexDumpEncoder();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	131	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	132	NamedGroup.nameOf(namedGroupId),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	133	Utilities.indent(hexEncoder.encode(keyExchange), " ")
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	134	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	135
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	136	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	137	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	138	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	139
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	140	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	141	* The "key_share" extension in a ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	142	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	143	static final class CHKeyShareSpec implements SSLExtensionSpec {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	144	final List<KeyShareEntry> clientShares;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	145
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	146	private CHKeyShareSpec(List<KeyShareEntry> clientShares) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	147	this.clientShares = clientShares;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	148	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	149
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	150	private CHKeyShareSpec(ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	151	// struct {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	152	// KeyShareEntry client_shares<0..2^16-1>;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	153	// } KeyShareClientHello;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	154	if (buffer.remaining() < 2) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	155	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	156	"Invalid key_share extension: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	157	"insufficient data (length=" + buffer.remaining() + ")");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	158	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	159
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	160	int listLen = Record.getInt16(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	161	if (listLen != buffer.remaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	162	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	163	"Invalid key_share extension: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	164	"incorrect list length (length=" + listLen + ")");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	165	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	166
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	167	List<KeyShareEntry> keyShares = new LinkedList<>();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	168	while (buffer.hasRemaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	169	int namedGroupId = Record.getInt16(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	170	byte[] keyExchange = Record.getBytes16(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	171	if (keyExchange.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	172	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	173	"Invalid key_share extension: empty key_exchange");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	174	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	175
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	176	keyShares.add(new KeyShareEntry(namedGroupId, keyExchange));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	177	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	178
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	179	this.clientShares = Collections.unmodifiableList(keyShares);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	180	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	181
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	182	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	183	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	184	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	185	"\"client_shares\": '['{0}\n']'", Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	186
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	187	StringBuilder builder = new StringBuilder(512);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	188	for (KeyShareEntry entry : clientShares) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	189	builder.append(entry.toString());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	190	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	191
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	192	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	193	Utilities.indent(builder.toString())
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	194	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	195
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	196	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	197	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	198	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	199
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	200	private static final class CHKeyShareStringize implements SSLStringize {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	201	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	202	public String toString(ByteBuffer buffer) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	203	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	204	return (new CHKeyShareSpec(buffer)).toString();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	205	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	206	// For debug logging only, so please swallow exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	207	return ioe.getMessage();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	208	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	209	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	210	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	211
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	212	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	213	* Network data producer of the extension in a ClientHello
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	214	* handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	215	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	216	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	217	class CHKeyShareProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	218	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	219	private CHKeyShareProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	220	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	221	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	222
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	223	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	224	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	225	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	226	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	227	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	228
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	229	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	230	if (!chc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	231	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	232	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	233	"Ignore unavailable key_share extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	234	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	235	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	236	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	237
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	238	List<NamedGroup> namedGroups;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	239	if (chc.serverSelectedNamedGroup != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	240	// Response to HelloRetryRequest
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	241	namedGroups = Arrays.asList(chc.serverSelectedNamedGroup);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	242	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	243	namedGroups = chc.clientRequestedNamedGroups;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	244	if (namedGroups == null \|\| namedGroups.isEmpty()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	245	// No supported groups.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	246	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	247	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	248	"Ignore key_share extension, no supported groups");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	249	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	250	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	251	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	252	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	253
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	254	List<KeyShareEntry> keyShares = new LinkedList<>();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	255	for (NamedGroup ng : namedGroups) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	256	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	257	if (ke == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	258	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	259	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	260	"No key exchange for named group " + ng.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	261	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	262	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	263	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	264
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	265	SSLPossession[] poses = ke.createPossessions(chc);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	266	for (SSLPossession pos : poses) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	267	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	268	chc.handshakePossessions.add(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	269	if (!(pos instanceof ECDHEPossession) &&
56589 bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	270	!(pos instanceof DHEPossession) &&
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	271	!(pos instanceof XDHEPossession)) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	272	// May need more possesion types in the future.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	273	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	274	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	275
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	276	keyShares.add(new KeyShareEntry(ng.id, pos.encode()));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	277	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	278
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	279	// One key share entry only. Too much key share entries makes
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	280	// the ClientHello handshake message really big.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	281	if (!keyShares.isEmpty()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	282	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	283	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	284	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	285
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	286	int listLen = 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	287	for (KeyShareEntry entry : keyShares) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	288	listLen += entry.getEncodedSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	289	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	290	byte[] extData = new byte[listLen + 2]; // 2: list length
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	291	ByteBuffer m = ByteBuffer.wrap(extData);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	292	Record.putInt16(m, listLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	293	for (KeyShareEntry entry : keyShares) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	294	m.put(entry.getEncoded());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	295	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	296
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	297	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	298	chc.handshakeExtensions.put(SSLExtension.CH_KEY_SHARE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	299	new CHKeyShareSpec(keyShares));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	300
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	301	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	302	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	303	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	304
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	305	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	306	* Network data consumer of the extension in a ClientHello
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	307	* handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	308	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	309	private static final class CHKeyShareConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	310	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	311	private CHKeyShareConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	312	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	313	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	314
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	315	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	316	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	317	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	318	// The comsuming happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	319	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	320
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	321	if (shc.handshakeExtensions.containsKey(SSLExtension.CH_KEY_SHARE)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	322	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	323	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	324	"The key_share extension has been loaded");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	325	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	326	return;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	327	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	328
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	329	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	330	if (!shc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	331	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	332	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	333	"Ignore unavailable key_share extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	334	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	335	return; // ignore the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	336	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	337
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	338	// Parse the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	339	CHKeyShareSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	340	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	341	spec = new CHKeyShareSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	342	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	343	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	344	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	345	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	346
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	347	List<SSLCredentials> credentials = new LinkedList<>();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	348	for (KeyShareEntry entry : spec.clientShares) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	349	NamedGroup ng = NamedGroup.valueOf(entry.namedGroupId);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	350	if (ng != null && !SupportedGroups.isActivatable(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	351	shc.sslConfig.algorithmConstraints, ng)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	352	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	353	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	354	"Ignore unsupported named group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	355	NamedGroup.nameOf(entry.namedGroupId));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	356	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	357	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	358	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	359
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	360	if (ng.type == NamedGroupType.NAMED_GROUP_ECDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	361	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	362	ECDHECredentials ecdhec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	363	ECDHECredentials.valueOf(ng, entry.keyExchange);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	364	if (ecdhec != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	365	if (!shc.algorithmConstraints.permits(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	366	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	367	ecdhec.popPublicKey)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	368	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	369	"ECDHE key share entry does not " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	370	"comply to algorithm constraints");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	371	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	372	credentials.add(ecdhec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	373	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	374	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	375	} catch (IOException \| GeneralSecurityException ex) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	376	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	377	"Cannot decode named group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	378	NamedGroup.nameOf(entry.namedGroupId));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	379	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	380	} else if (ng.type == NamedGroupType.NAMED_GROUP_FFDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	381	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	382	DHECredentials dhec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	383	DHECredentials.valueOf(ng, entry.keyExchange);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	384	if (dhec != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	385	if (!shc.algorithmConstraints.permits(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	386	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	387	dhec.popPublicKey)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	388	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	389	"DHE key share entry does not " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	390	"comply to algorithm constraints");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	391	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	392	credentials.add(dhec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	393	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	394	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	395	} catch (IOException \| GeneralSecurityException ex) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	396	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	397	"Cannot decode named group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	398	NamedGroup.nameOf(entry.namedGroupId));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	399	}
56589 bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	400	} else if (ng.type == NamedGroupType.NAMED_GROUP_XDH) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	401	try {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	402	XDHECredentials xdhec =
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	403	XDHECredentials.valueOf(ng, entry.keyExchange);
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	404	if (xdhec != null) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	405	if (!shc.algorithmConstraints.permits(
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	406	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	407	xdhec.popPublicKey)) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	408	SSLLogger.warning(
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	409	"XDHE key share entry does not " +
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	410	"comply to algorithm constraints");
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	411	} else {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	412	credentials.add(xdhec);
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	413	}
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	414	}
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	415	} catch (IOException \| GeneralSecurityException ex) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	416	SSLLogger.warning(
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	417	"Cannot decode named group: " +
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	418	NamedGroup.nameOf(entry.namedGroupId));
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	419	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	420	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	421	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	422
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	423	if (!credentials.isEmpty()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	424	shc.handshakeCredentials.addAll(credentials);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	425	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	426	// New handshake credentials are required from the client side.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	427	shc.handshakeProducers.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	428	SSLHandshake.HELLO_RETRY_REQUEST.id,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	429	SSLHandshake.HELLO_RETRY_REQUEST);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	430	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	431
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	432	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	433	shc.handshakeExtensions.put(SSLExtension.CH_KEY_SHARE, spec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	434	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	435	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	436
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	437	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	438	* The key share entry used in ServerHello "key_share" extensions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	439	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	440	static final class SHKeyShareSpec implements SSLExtensionSpec {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	441	final KeyShareEntry serverShare;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	442
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	443	SHKeyShareSpec(KeyShareEntry serverShare) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	444	this.serverShare = serverShare;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	445	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	446
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	447	private SHKeyShareSpec(ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	448	// struct {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	449	// KeyShareEntry server_share;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	450	// } KeyShareServerHello;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	451	if (buffer.remaining() < 5) { // 5: minimal server_share
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	452	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	453	"Invalid key_share extension: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	454	"insufficient data (length=" + buffer.remaining() + ")");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	455	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	456
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	457	int namedGroupId = Record.getInt16(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	458	byte[] keyExchange = Record.getBytes16(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	459
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	460	if (buffer.hasRemaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	461	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	462	"Invalid key_share extension: unknown extra data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	463	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	464
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	465	this.serverShare = new KeyShareEntry(namedGroupId, keyExchange);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	466	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	467
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	468	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	469	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	470	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	471	"\"server_share\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	472	" \"named group\": {0}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	473	" \"key_exchange\": '{'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	474	"{1}\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	475	" '}'\n" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	476	"'}',", Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	477
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	478	HexDumpEncoder hexEncoder = new HexDumpEncoder();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	479	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	480	NamedGroup.nameOf(serverShare.namedGroupId),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	481	Utilities.indent(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	482	hexEncoder.encode(serverShare.keyExchange), " ")
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	483	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	484
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	485	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	486	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	487	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	488
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	489	private static final class SHKeyShareStringize implements SSLStringize {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	490	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	491	public String toString(ByteBuffer buffer) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	492	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	493	return (new SHKeyShareSpec(buffer)).toString();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	494	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	495	// For debug logging only, so please swallow exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	496	return ioe.getMessage();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	497	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	498	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	499	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	500
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	501	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	502	* Network data producer of the extension in a ServerHello
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	503	* handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	504	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	505	private static final class SHKeyShareProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	506	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	507	private SHKeyShareProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	508	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	509	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	510
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	511	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	512	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	513	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	514	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	515	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	516
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	517	// In response to key_share request only
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	518	CHKeyShareSpec kss =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	519	(CHKeyShareSpec)shc.handshakeExtensions.get(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	520	SSLExtension.CH_KEY_SHARE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	521	if (kss == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	522	// Unlikely, no key_share extension requested.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	523	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	524	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	525	"Ignore, no client key_share extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	526	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	527	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	528	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	529
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	530	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	531	if (!shc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	532	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	533	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	534	"Ignore, no available server key_share extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	535	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	536	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	537	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	538
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	539	// use requested key share entries
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	540	if ((shc.handshakeCredentials == null) \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	541	shc.handshakeCredentials.isEmpty()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	542	// Unlikely, HelloRetryRequest should be used ealier.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	543	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	544	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	545	"No available client key share entries");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	546	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	547	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	548	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	549
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	550	KeyShareEntry keyShare = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	551	for (SSLCredentials cd : shc.handshakeCredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	552	NamedGroup ng = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	553	if (cd instanceof ECDHECredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	554	ng = ((ECDHECredentials)cd).namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	555	} else if (cd instanceof DHECredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	556	ng = ((DHECredentials)cd).namedGroup;
56589 bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	557	} else if (cd instanceof XDHECredentials) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	558	ng = ((XDHECredentials)cd).namedGroup;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	559	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	560
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	561	if (ng == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	562	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	563	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	564
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	565	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	566	if (ke == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	567	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	568	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	569	"No key exchange for named group " + ng.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	570	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	571	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	572	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	573
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	574	SSLPossession[] poses = ke.createPossessions(shc);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	575	for (SSLPossession pos : poses) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	576	if (!(pos instanceof ECDHEPossession) &&
56589 bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	577	!(pos instanceof DHEPossession) &&
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	578	!(pos instanceof XDHEPossession)) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	579	// May need more possesion types in the future.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	580	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	581	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	582
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	583	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	584	shc.handshakeKeyExchange = ke;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	585	shc.handshakePossessions.add(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	586	keyShare = new KeyShareEntry(ng.id, pos.encode());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	587	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	588	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	589
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	590	if (keyShare != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	591	for (Map.Entry<Byte, HandshakeProducer> me :
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	592	ke.getHandshakeProducers(shc)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	593	shc.handshakeProducers.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	594	me.getKey(), me.getValue());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	595	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	596
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	597	// We have got one! Don't forgor to break.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	598	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	599	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	600	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	601
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	602	if (keyShare == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	603	// Unlikely, HelloRetryRequest should be used instead ealier.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	604	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	605	SSLLogger.warning(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	606	"No available server key_share extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	607	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	608	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	609	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	610
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	611	byte[] extData = keyShare.getEncoded();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	612
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	613	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	614	SHKeyShareSpec spec = new SHKeyShareSpec(keyShare);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	615	shc.handshakeExtensions.put(SSLExtension.SH_KEY_SHARE, spec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	616
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	617	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	618	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	619	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	620
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	621	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	622	* Network data consumer of the extension in a ServerHello
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	623	* handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	624	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	625	private static final class SHKeyShareConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	626	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	627	private SHKeyShareConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	628	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	629	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	630
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	631	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	632	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	633	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	634	// Happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	635	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	636	if (chc.clientRequestedNamedGroups == null \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	637	chc.clientRequestedNamedGroups.isEmpty()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	638	// No supported groups.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	639	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	640	"Unexpected key_share extension in ServerHello");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	641	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	642	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	643
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	644	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	645	if (!chc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	646	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	647	"Unsupported key_share extension in ServerHello");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	648	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	649	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	650
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	651	// Parse the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	652	SHKeyShareSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	653	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	654	spec = new SHKeyShareSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	655	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	656	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	657	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	658	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	659
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	660	KeyShareEntry keyShare = spec.serverShare;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	661	NamedGroup ng = NamedGroup.valueOf(keyShare.namedGroupId);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	662	if (ng == null \|\| !SupportedGroups.isActivatable(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	663	chc.sslConfig.algorithmConstraints, ng)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	664	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	665	"Unsupported named group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	666	NamedGroup.nameOf(keyShare.namedGroupId));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	667	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	668	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	669
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	670	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	671	if (ke == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	672	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	673	"No key exchange for named group " + ng.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	674	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	675	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	676
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	677	SSLCredentials credentials = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	678	if (ng.type == NamedGroupType.NAMED_GROUP_ECDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	679	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	680	ECDHECredentials ecdhec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	681	ECDHECredentials.valueOf(ng, keyShare.keyExchange);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	682	if (ecdhec != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	683	if (!chc.algorithmConstraints.permits(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	684	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	685	ecdhec.popPublicKey)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	686	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	687	"ECDHE key share entry does not " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	688	"comply to algorithm constraints");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	689	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	690	credentials = ecdhec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	691	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	692	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	693	} catch (IOException \| GeneralSecurityException ex) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	694	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	695	"Cannot decode named group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	696	NamedGroup.nameOf(keyShare.namedGroupId));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	697	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	698	} else if (ng.type == NamedGroupType.NAMED_GROUP_FFDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	699	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	700	DHECredentials dhec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	701	DHECredentials.valueOf(ng, keyShare.keyExchange);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	702	if (dhec != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	703	if (!chc.algorithmConstraints.permits(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	704	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	705	dhec.popPublicKey)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	706	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	707	"DHE key share entry does not " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	708	"comply to algorithm constraints");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	709	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	710	credentials = dhec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	711	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	712	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	713	} catch (IOException \| GeneralSecurityException ex) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	714	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	715	"Cannot decode named group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	716	NamedGroup.nameOf(keyShare.namedGroupId));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	717	}
56589 bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	718	} else if (ng.type == NamedGroupType.NAMED_GROUP_XDH) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	719	try {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	720	XDHECredentials xdhec =
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	721	XDHECredentials.valueOf(ng, keyShare.keyExchange);
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	722	if (xdhec != null) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	723	if (!chc.algorithmConstraints.permits(
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	724	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	725	xdhec.popPublicKey)) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	726	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	727	"XDHE key share entry does not " +
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	728	"comply to algorithm constraints");
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	729	} else {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	730	credentials = xdhec;
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	731	}
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	732	}
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	733	} catch (IOException \| GeneralSecurityException ex) {
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	734	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	735	"Cannot decode named group: " +
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	736	NamedGroup.nameOf(keyShare.namedGroupId));
bafd8be2f970 Initial working XDH support in TLS. I should try to refactor the code a bit. apetcher parents: 56542 diff changeset	737	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	738	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	739	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	740	"Unsupported named group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	741	NamedGroup.nameOf(keyShare.namedGroupId));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	742	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	743
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	744	if (credentials == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	745	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	746	"Unsupported named group: " + ng.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	747	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	748
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	749	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	750	chc.handshakeKeyExchange = ke;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	751	chc.handshakeCredentials.add(credentials);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	752	chc.handshakeExtensions.put(SSLExtension.SH_KEY_SHARE, spec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	753	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	754	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	755
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	756	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	757	* The absence processing if the extension is not present in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	758	* the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	759	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	760	private static final class SHKeyShareAbsence implements HandshakeAbsence {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	761	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	762	public void absent(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	763	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	764	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	765	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	766
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	767	// Cannot use the previous requested key shares any more.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	768	if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	769	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	770	"No key_share extension in ServerHello, " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	771	"cleanup the key shares if necessary");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	772	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	773	chc.handshakePossessions.clear();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	774	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	775	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	776
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	777	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	778	* The key share entry used in HelloRetryRequest "key_share" extensions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	779	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	780	static final class HRRKeyShareSpec implements SSLExtensionSpec {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	781	final int selectedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	782
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	783	HRRKeyShareSpec(NamedGroup serverGroup) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	784	this.selectedGroup = serverGroup.id;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	785	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	786
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	787	private HRRKeyShareSpec(ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	788	// struct {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	789	// NamedGroup selected_group;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	790	// } KeyShareHelloRetryRequest;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	791	if (buffer.remaining() != 2) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	792	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	793	"Invalid key_share extension: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	794	"improper data (length=" + buffer.remaining() + ")");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	795	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	796
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	797	this.selectedGroup = Record.getInt16(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	798	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	799
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	800	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	801	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	802	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	803	"\"selected group\": '['{0}']'", Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	804
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	805	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	806	NamedGroup.nameOf(selectedGroup)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	807	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	808	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	809	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	810	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	811
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	812	private static final class HRRKeyShareStringize implements SSLStringize {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	813	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	814	public String toString(ByteBuffer buffer) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	815	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	816	return (new HRRKeyShareSpec(buffer)).toString();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	817	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	818	// For debug logging only, so please swallow exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	819	return ioe.getMessage();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	820	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	821	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	822	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	823
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	824	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	825	* Network data producer of the extension in a HelloRetryRequest
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	826	* handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	827	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	828	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	829	class HRRKeyShareProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	830	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	831	private HRRKeyShareProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	832	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	833	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	834
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	835	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	836	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	837	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	838	// The producing happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	839	ServerHandshakeContext shc = (ServerHandshakeContext) context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	840
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	841	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	842	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	843	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	844	"Unsupported key_share extension in HelloRetryRequest");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	845	return null; // make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	846	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	847
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	848	if (shc.clientRequestedNamedGroups == null \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	849	shc.clientRequestedNamedGroups.isEmpty()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	850	// No supported groups.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	851	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	852	"Unexpected key_share extension in HelloRetryRequest");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	853	return null; // make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	854	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	855
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	856	NamedGroup selectedGroup = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	857	for (NamedGroup ng : shc.clientRequestedNamedGroups) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	858	if (SupportedGroups.isActivatable(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	859	shc.sslConfig.algorithmConstraints, ng)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	860	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	861	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	862	"HelloRetryRequest selected named group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	863	ng.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	864	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	865
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	866	// TODO: is the named group supported by the underlying
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	867	// crypto provider?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	868	selectedGroup = ng;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	869	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	870	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	871	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	872
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	873	if (selectedGroup == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	874	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	875	new IOException("No common named group"));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	876	return null; // make the complier happy
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	877	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	878
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	879	byte[] extdata = new byte[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	880	(byte)((selectedGroup.id >> 8) & 0xFF),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	881	(byte)(selectedGroup.id & 0xFF)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	882	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	883
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	884	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	885	shc.serverSelectedNamedGroup = selectedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	886	shc.handshakeExtensions.put(SSLExtension.HRR_KEY_SHARE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	887	new HRRKeyShareSpec(selectedGroup));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	888
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	889	return extdata;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	890	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	891	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	892
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	893	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	894	* Network data producer of the extension for stateless
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	895	* HelloRetryRequest reconstruction.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	896	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	897	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	898	class HRRKeyShareReproducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	899	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	900	private HRRKeyShareReproducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	901	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	902	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	903
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	904	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	905	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	906	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	907	// The producing happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	908	ServerHandshakeContext shc = (ServerHandshakeContext) context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	909
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	910	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	911	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	912	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	913	"Unsupported key_share extension in HelloRetryRequest");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	914	return null; // make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	915	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	916
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	917	CHKeyShareSpec spec = (CHKeyShareSpec)shc.handshakeExtensions.get(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	918	SSLExtension.CH_KEY_SHARE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	919	if (spec != null && spec.clientShares != null &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	920	spec.clientShares.size() == 1) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	921	int namedGroupId = spec.clientShares.get(0).namedGroupId;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	922
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	923	byte[] extdata = new byte[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	924	(byte)((namedGroupId >> 8) & 0xFF),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	925	(byte)(namedGroupId & 0xFF)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	926	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	927
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	928	return extdata;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	929	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	930
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	931	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	932	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	933	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	934
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	935	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	936	* Network data consumer of the extension in a HelloRetryRequest
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	937	* handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	938	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	939	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	940	class HRRKeyShareConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	941	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	942	private HRRKeyShareConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	943	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	944	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	945
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	946	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	947	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	948	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	949	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	950	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	951
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	952	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	953	if (!chc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	954	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	955	"Unsupported key_share extension in HelloRetryRequest");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	956	return; // make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	957	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	958
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	959	if (chc.clientRequestedNamedGroups == null \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	960	chc.clientRequestedNamedGroups.isEmpty()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	961	// No supported groups.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	962	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	963	"Unexpected key_share extension in HelloRetryRequest");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	964	return; // make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	965	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	966
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	967	// Parse the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	968	HRRKeyShareSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	969	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	970	spec = new HRRKeyShareSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	971	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	972	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	973	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	974	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	975
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	976	NamedGroup serverGroup = NamedGroup.valueOf(spec.selectedGroup);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	977	if (serverGroup == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	978	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	979	"Unsupported HelloRetryRequest selected group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	980	NamedGroup.nameOf(spec.selectedGroup));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	981	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	982	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	983
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	984	if (!chc.clientRequestedNamedGroups.contains(serverGroup)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	985	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	986	"Unexpected HelloRetryRequest selected group: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	987	serverGroup.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	988	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	989	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	990
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	991	// TODO: the selected group does not correspond to a group which
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	992	// was provided in the "key_share" extension in the original
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	993	// ClientHello.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	994
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	995	// update the context
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	996
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	997	// When sending the new ClientHello, the client MUST replace the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	998	// original "key_share" extension with one containing only a new
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	999	// KeyShareEntry for the group indicated in the selected_group
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1000	// field of the triggering HelloRetryRequest.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1001	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1002	chc.serverSelectedNamedGroup = serverGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1003	chc.handshakeExtensions.put(SSLExtension.HRR_KEY_SHARE, spec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1004	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1005	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1006	}

author	apetcher
	Tue, 22 May 2018 13:44:02 -0400
branch	JDK-8171279-XDH-TLS-branch
changeset 56589	bafd8be2f970
parent 56542	56aaa6cb3693
child 56855	ee6aa4c74a4b
permissions	-rw-r--r--