jdk-sandbox: src/java.base/share/classes/sun/security/ssl/Finished.java@c36464ea1f04 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.InvalidKeyException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.MessageDigest;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.security.NoSuchAlgorithmException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.security.ProviderException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.security.spec.AlgorithmParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import javax.crypto.KeyGenerator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import javax.crypto.Mac;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import javax.crypto.spec.IvParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import javax.crypto.spec.SecretKeySpec;
52621 f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	43	import javax.net.ssl.SSLPeerUnverifiedException;
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	44
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	45	import jdk.internal.event.EventHelper;
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	46	import jdk.internal.event.TLSHandshakeEvent;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import sun.security.internal.spec.TlsPrfParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	import sun.security.ssl.CipherSuite.HashAlg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	import static sun.security.ssl.CipherSuite.HashAlg.H_NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	import sun.security.ssl.SSLBasicKeyDerivation.SecretSizeSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	import sun.security.ssl.SSLCipher.SSLReadCipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	import sun.security.ssl.SSLCipher.SSLWriteCipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	* Pack of the Finished handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	final class Finished {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	static final SSLConsumer t12HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	new T12FinishedConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	static final HandshakeProducer t12HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	new T12FinishedProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	static final SSLConsumer t13HandshakeConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	new T13FinishedConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	static final HandshakeProducer t13HandshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	new T13FinishedProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	* The Finished handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	private static final class FinishedMessage extends HandshakeMessage {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	private final byte[] verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	FinishedMessage(HandshakeContext context) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	VerifyDataScheme vds =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	VerifyDataScheme.valueOf(context.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	byte[] vd = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	vd = vds.createVerifyData(context, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	"Failed to generate verify_data", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	this.verifyData = vd;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	FinishedMessage(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	super(context);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	int verifyDataLen = 12;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	if (context.negotiatedProtocol == ProtocolVersion.SSL30) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	verifyDataLen = 36;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	} else if (context.negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	verifyDataLen =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	context.negotiatedCipherSuite.hashAlg.hashLength;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	if (m.remaining() != verifyDataLen) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	"Inappropriate finished message: need " + verifyDataLen +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	" but remaining " + m.remaining() + " bytes verify_data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	this.verifyData = new byte[verifyDataLen];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	m.get(verifyData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	VerifyDataScheme vd =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	VerifyDataScheme.valueOf(context.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	byte[] myVerifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	myVerifyData = vd.createVerifyData(context, true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	"Failed to generate verify_data", ioe);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	121	return;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	if (!MessageDigest.isEqual(myVerifyData, verifyData)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	context.conContext.fatal(Alert.ILLEGAL_PARAMETER,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	"The Finished message cannot be verified.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	public SSLHandshake handshakeType() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	return SSLHandshake.FINISHED;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	public int messageLength() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	return verifyData.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	public void send(HandshakeOutStream hos) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	hos.write(verifyData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	"\"Finished\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	" \"verify data\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	"{0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	" '}'" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	"'}'",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	Utilities.indent(hexEncoder.encode(verifyData), " "),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	interface VerifyDataGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	byte[] createVerifyData(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	boolean isValidation) throws IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	enum VerifyDataScheme {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	SSL30 ("kdf_ssl30", new S30VerifyDataGenerator()),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	TLS10 ("kdf_tls10", new T10VerifyDataGenerator()),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	TLS12 ("kdf_tls12", new T12VerifyDataGenerator()),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	TLS13 ("kdf_tls13", new T13VerifyDataGenerator());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	final String name;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	final VerifyDataGenerator generator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	VerifyDataScheme(String name, VerifyDataGenerator verifyDataGenerator) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	this.name = name;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	this.generator = verifyDataGenerator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	static VerifyDataScheme valueOf(ProtocolVersion protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	switch (protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	case SSL30:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	return VerifyDataScheme.SSL30;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	case TLS10:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	case TLS11:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	case DTLS10:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	return VerifyDataScheme.TLS10;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	case TLS12:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	case DTLS12:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	return VerifyDataScheme.TLS12;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	case TLS13:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	return VerifyDataScheme.TLS13;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	default:
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	public byte[] createVerifyData(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	boolean isValidation) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	if (generator != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	return generator.createVerifyData(context, isValidation);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	// SSL 3.0
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	class S30VerifyDataGenerator implements VerifyDataGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	public byte[] createVerifyData(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	boolean isValidation) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	HandshakeHash handshakeHash = context.handshakeHash;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	SecretKey masterSecretKey =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	context.handshakeSession.getMasterSecret();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	boolean useClientLabel =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	(context.sslConfig.isClientMode && !isValidation) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	(!context.sslConfig.isClientMode && isValidation);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	return handshakeHash.digest(useClientLabel, masterSecretKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	// TLS 1.0, TLS 1.1, DTLS 1.0
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	class T10VerifyDataGenerator implements VerifyDataGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	public byte[] createVerifyData(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	boolean isValidation) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	HandshakeHash handshakeHash = context.handshakeHash;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	SecretKey masterSecretKey =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	context.handshakeSession.getMasterSecret();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	boolean useClientLabel =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	(context.sslConfig.isClientMode && !isValidation) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	(!context.sslConfig.isClientMode && isValidation);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	String tlsLabel;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	if (useClientLabel) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	tlsLabel = "client finished";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	tlsLabel = "server finished";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	byte[] seed = handshakeHash.digest();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	String prfAlg = "SunTlsPrf";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	HashAlg hashAlg = H_NONE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	* RFC 5246/7.4.9 says that finished messages can
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	* be ciphersuite-specific in both length/PRF hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	* algorithm. If we ever run across a different
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	* length, this call will need to be updated.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	@SuppressWarnings("deprecation")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	TlsPrfParameterSpec spec = new TlsPrfParameterSpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	masterSecretKey, tlsLabel, seed, 12,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	hashAlg.name, hashAlg.hashLength, hashAlg.blockSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	KeyGenerator kg = JsseJce.getKeyGenerator(prfAlg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	kg.init(spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	SecretKey prfKey = kg.generateKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	if (!"RAW".equals(prfKey.getFormat())) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	throw new ProviderException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	"Invalid PRF output, format must be RAW. " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	"Format received: " + prfKey.getFormat());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	byte[] finished = prfKey.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	return finished;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	} catch (GeneralSecurityException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	throw new RuntimeException("PRF failed", e);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	// TLS 1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	class T12VerifyDataGenerator implements VerifyDataGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	public byte[] createVerifyData(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	boolean isValidation) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	CipherSuite cipherSuite = context.negotiatedCipherSuite;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	HandshakeHash handshakeHash = context.handshakeHash;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	SecretKey masterSecretKey =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	context.handshakeSession.getMasterSecret();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	boolean useClientLabel =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	(context.sslConfig.isClientMode && !isValidation) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	(!context.sslConfig.isClientMode && isValidation);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	String tlsLabel;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	if (useClientLabel) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	tlsLabel = "client finished";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	tlsLabel = "server finished";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	byte[] seed = handshakeHash.digest();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	String prfAlg = "SunTls12Prf";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	HashAlg hashAlg = cipherSuite.hashAlg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	* RFC 5246/7.4.9 says that finished messages can
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	* be ciphersuite-specific in both length/PRF hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	* algorithm. If we ever run across a different
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	* length, this call will need to be updated.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	@SuppressWarnings("deprecation")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	TlsPrfParameterSpec spec = new TlsPrfParameterSpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	masterSecretKey, tlsLabel, seed, 12,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	hashAlg.name, hashAlg.hashLength, hashAlg.blockSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	KeyGenerator kg = JsseJce.getKeyGenerator(prfAlg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	kg.init(spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	SecretKey prfKey = kg.generateKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	if (!"RAW".equals(prfKey.getFormat())) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	throw new ProviderException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	"Invalid PRF output, format must be RAW. " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	"Format received: " + prfKey.getFormat());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	byte[] finished = prfKey.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	return finished;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	} catch (GeneralSecurityException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	throw new RuntimeException("PRF failed", e);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	// TLS 1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	class T13VerifyDataGenerator implements VerifyDataGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	private static final byte[] hkdfLabel = "tls13 finished".getBytes();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	private static final byte[] hkdfContext = new byte[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	public byte[] createVerifyData(HandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	boolean isValidation) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	// create finished secret key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	HashAlg hashAlg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	context.negotiatedCipherSuite.hashAlg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	SecretKey secret = isValidation ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	context.baseReadSecret : context.baseWriteSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	SSLBasicKeyDerivation kdf = new SSLBasicKeyDerivation(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	secret, hashAlg.name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	hkdfLabel, hkdfContext, hashAlg.hashLength);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	AlgorithmParameterSpec keySpec =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	new SecretSizeSpec(hashAlg.hashLength);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	SecretKey finishedSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	kdf.deriveKey("TlsFinishedSecret", keySpec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	String hmacAlg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	"Hmac" + hashAlg.name.replace("-", "");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	Mac hmac = JsseJce.getMac(hmacAlg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	hmac.init(finishedSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	return hmac.doFinal(context.handshakeHash.digest());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	} catch (NoSuchAlgorithmException \|InvalidKeyException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	throw new ProviderException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	"Failed to generate verify_data", ex);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	* The "Finished" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	class T12FinishedProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	private T12FinishedProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	// The consuming happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	return onProduceFinished(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	(ClientHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	return onProduceFinished(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	(ServerHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	private byte[] onProduceFinished(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	// Refresh handshake hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	chc.handshakeHash.update();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	FinishedMessage fm = new FinishedMessage(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	// Change write cipher and delivery ChangeCipherSpec message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	ChangeCipherSpec.t10Producer.produce(chc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	"Produced client Finished handshake message", fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	fm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	* save server verify data for secure renegotiation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	if (chc.conContext.secureRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	chc.conContext.clientVerifyData = fm.verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	// update the consumers and producers
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	if (!chc.isResumption) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	chc.conContext.consumers.put(ContentType.CHANGE_CIPHER_SPEC.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	ChangeCipherSpec.t10Consumer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	chc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	SSLHandshake.FINISHED.id, SSLHandshake.FINISHED);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	chc.conContext.inputRecord.expectingFinishFlight();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	if (chc.handshakeSession.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	((SSLSessionContextImpl)chc.sslContext.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	engineGetClientSessionContext()).put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	chc.handshakeSession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	chc.conContext.conSession = chc.handshakeSession.finish();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	chc.conContext.protocolVersion = chc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	// handshake context cleanup.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	chc.handshakeFinished = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433	// May need to retransmit the last flight for DTLS.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	if (!chc.sslContext.isDTLS()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	chc.conContext.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	private byte[] onProduceFinished(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	// Refresh handshake hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	shc.handshakeHash.update();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	FinishedMessage fm = new FinishedMessage(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	// Change write cipher and delivery ChangeCipherSpec message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	ChangeCipherSpec.t10Producer.produce(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	"Produced server Finished handshake message", fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	fm.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	* save client verify data for secure renegotiation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465	if (shc.conContext.secureRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	shc.conContext.serverVerifyData = fm.verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	// update the consumers and producers
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	if (shc.isResumption) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	shc.conContext.consumers.put(ContentType.CHANGE_CIPHER_SPEC.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	ChangeCipherSpec.t10Consumer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	shc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	SSLHandshake.FINISHED.id, SSLHandshake.FINISHED);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	shc.conContext.inputRecord.expectingFinishFlight();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477	if (shc.handshakeSession.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	((SSLSessionContextImpl)shc.sslContext.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	engineGetServerSessionContext()).put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	shc.handshakeSession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	shc.conContext.conSession = shc.handshakeSession.finish();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	// handshake context cleanup.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	shc.handshakeFinished = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	// May need to retransmit the last flight for DTLS.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	if (!shc.sslContext.isDTLS()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	shc.conContext.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	* The "Finished" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	private static final class T12FinishedConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	private T12FinishedConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	// The consuming happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	// This consumer can be used only once.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	hc.handshakeConsumers.remove(SSLHandshake.FINISHED.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	// We should not be processing finished messages unless
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	// we have received ChangeCipherSpec
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	if (hc.conContext.consumers.containsKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	ContentType.CHANGE_CIPHER_SPEC.id)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	hc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	"Missing ChangeCipherSpec message");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	onConsumeFinished((ClientHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	onConsumeFinished((ServerHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	private void onConsumeFinished(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	FinishedMessage fm = new FinishedMessage(chc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	"Consuming server Finished handshake message", fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	if (chc.conContext.secureRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	chc.conContext.serverVerifyData = fm.verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	if (!chc.isResumption) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	if (chc.handshakeSession.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	((SSLSessionContextImpl)chc.sslContext.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	engineGetClientSessionContext()).put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548	chc.handshakeSession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	chc.conContext.conSession = chc.handshakeSession.finish();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	chc.conContext.protocolVersion = chc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	// handshake context cleanup.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	chc.handshakeFinished = true;
52621 f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	555	recordEvent(chc.conContext.conSession);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	// May need to retransmit the last flight for DTLS.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	if (!chc.sslContext.isDTLS()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	chc.conContext.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	chc.handshakeProducers.put(SSLHandshake.FINISHED.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563	SSLHandshake.FINISHED);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575	chc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	handshakeProducer.produce(chc, fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	private void onConsumeFinished(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584	FinishedMessage fm = new FinishedMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	"Consuming client Finished handshake message", fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590	if (shc.conContext.secureRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	shc.conContext.clientVerifyData = fm.verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594	if (shc.isResumption) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	if (shc.handshakeSession.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	((SSLSessionContextImpl)shc.sslContext.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	engineGetServerSessionContext()).put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	shc.handshakeSession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	shc.conContext.conSession = shc.handshakeSession.finish();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	// handshake context cleanup.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604	shc.handshakeFinished = true;
52621 f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	605	recordEvent(shc.conContext.conSession);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	// May need to retransmit the last flight for DTLS.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	if (!shc.sslContext.isDTLS()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	shc.conContext.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	shc.handshakeProducers.put(SSLHandshake.FINISHED.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	SSLHandshake.FINISHED);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	shc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	handshakeProducer.produce(shc, fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	* The "Finished" handshake message producer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	class T13FinishedProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	private T13FinishedProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	// The consuming happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	return onProduceFinished(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650	(ClientHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	return onProduceFinished(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653	(ServerHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	private byte[] onProduceFinished(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	// Refresh handshake hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	chc.handshakeHash.update();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	FinishedMessage fm = new FinishedMessage(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	"Produced client Finished handshake message", fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	fm.write(chc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	chc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672	// save server verify data for secure renegotiation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	if (chc.conContext.secureRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	chc.conContext.clientVerifyData = fm.verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	// Change client/server application traffic secrets.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	SSLKeyDerivation kd = chc.handshakeKeyDerivation;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	"no key derivation");
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	684	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	SSLTrafficKeyDerivation kdg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	if (kdg == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693	chc.negotiatedProtocol);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	694	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	// update the application traffic read keys.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	SecretKey writeSecret = kd.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	"TlsClientAppTrafficSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702	SSLKeyDerivation writeKD =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	kdg.createKeyDerivation(chc, writeSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	SecretKey writeKey = writeKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	"TlsKey", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706	SecretKey writeIvSecret = writeKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707	"TlsIv", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	IvParameterSpec writeIv =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709	new IvParameterSpec(writeIvSecret.getEncoded());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710	SSLWriteCipher writeCipher =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	chc.negotiatedCipherSuite.bulkCipher.createWriteCipher(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	Authenticator.valueOf(chc.negotiatedProtocol),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	chc.negotiatedProtocol, writeKey, writeIv,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	716	if (writeCipher == null) {
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	717	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	718	"Illegal cipher suite (" + chc.negotiatedCipherSuite +
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	719	") and protocol version (" + chc.negotiatedProtocol +
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	720	")");
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	721
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	722	return null;
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	723	}
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	724
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	chc.baseWriteSecret = writeSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726	chc.conContext.outputRecord.changeWriteCiphers(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	writeCipher, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	"Failure to derive application secrets", gse);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	732	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735	// The resumption master secret is stored in the session so
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736	// it can be used after the handshake is completed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	SSLSecretDerivation sd = ((SSLSecretDerivation) kd).forContext(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	SecretKey resumptionMasterSecret = sd.deriveKey(
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	739	"TlsResumptionMasterSecret", null);
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	740	chc.handshakeSession.setResumptionMasterSecret(
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	741	resumptionMasterSecret);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	chc.conContext.conSession = chc.handshakeSession.finish();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	chc.conContext.protocolVersion = chc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746	// handshake context cleanup.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747	chc.handshakeFinished = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	chc.conContext.finishHandshake();
52621 f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	749	recordEvent(chc.conContext.conSession);
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	750
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756	private byte[] onProduceFinished(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758	// Refresh handshake hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	shc.handshakeHash.update();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	FinishedMessage fm = new FinishedMessage(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764	"Produced server Finished handshake message", fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	// Output the handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	fm.write(shc.handshakeOutput);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	shc.handshakeOutput.flush();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	// Change client/server application traffic secrets.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	SSLKeyDerivation kd = shc.handshakeKeyDerivation;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776	"no key derivation");
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	777	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780	SSLTrafficKeyDerivation kdg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	if (kdg == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	shc.negotiatedProtocol);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	787	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790	// derive salt secret
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794	// derive application secrets
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	HashAlg hashAlg = shc.negotiatedCipherSuite.hashAlg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	HKDF hkdf = new HKDF(hashAlg.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	byte[] zeros = new byte[hashAlg.hashLength];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	SecretKeySpec sharedSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799	new SecretKeySpec(zeros, "TlsZeroSecret");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801	hkdf.extract(saltSecret, sharedSecret, "TlsMasterSecret");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	SSLKeyDerivation secretKD =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804	new SSLSecretDerivation(shc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	// update the handshake traffic write keys.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	SecretKey writeSecret = secretKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	"TlsServerAppTrafficSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809	SSLKeyDerivation writeKD =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	kdg.createKeyDerivation(shc, writeSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	SecretKey writeKey = writeKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	"TlsKey", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813	SecretKey writeIvSecret = writeKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	"TlsIv", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	IvParameterSpec writeIv =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	new IvParameterSpec(writeIvSecret.getEncoded());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	SSLWriteCipher writeCipher =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	shc.negotiatedCipherSuite.bulkCipher.createWriteCipher(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819	Authenticator.valueOf(shc.negotiatedProtocol),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	shc.negotiatedProtocol, writeKey, writeIv,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821	shc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	823	if (writeCipher == null) {
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	824	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	825	"Illegal cipher suite (" + shc.negotiatedCipherSuite +
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	826	") and protocol version (" + shc.negotiatedProtocol +
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	827	")");
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	828
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	829	return null;
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	830	}
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	831
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	shc.baseWriteSecret = writeSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	shc.conContext.outputRecord.changeWriteCiphers(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	writeCipher, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	// update the context for the following key derivation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	shc.handshakeKeyDerivation = secretKD;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840	"Failure to derive application secrets", gse);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	841	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	* save client verify data for secure renegotiation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	if (shc.conContext.secureRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	shc.conContext.serverVerifyData = fm.verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	shc.handshakeConsumers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	SSLHandshake.FINISHED.id, SSLHandshake.FINISHED);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855	// The handshake message has been delivered.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861	* The "Finished" handshake message consumer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	private static final class T13FinishedConsumer implements SSLConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	private T13FinishedConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	868
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	// The consuming happens in handshake context only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	HandshakeContext hc = (HandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874	if (hc.sslConfig.isClientMode) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	onConsumeFinished(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	876	(ClientHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878	onConsumeFinished(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879	(ServerHandshakeContext)context, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	882
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	private void onConsumeFinished(ClientHandshakeContext chc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885	FinishedMessage fm = new FinishedMessage(chc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	"Consuming server Finished handshake message", fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	// Save client verify data for secure renegotiation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	if (chc.conContext.secureRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893	chc.conContext.serverVerifyData = fm.verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	902	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	// A change_cipher_spec record received after the peer's Finished
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	// message MUST be treated as an unexpected record type.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906	chc.conContext.consumers.remove(ContentType.CHANGE_CIPHER_SPEC.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	// Change client/server application traffic secrets.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	// Refresh handshake hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910	chc.handshakeHash.update();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911	SSLKeyDerivation kd = chc.handshakeKeyDerivation;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915	"no key derivation");
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	916	return;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	SSLTrafficKeyDerivation kdg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	if (kdg == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	chc.negotiatedProtocol);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	926	return;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	// save the session
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930	if (!chc.isResumption && chc.handshakeSession.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	931	SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	chc.sslContext.engineGetClientSessionContext();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	933	sessionContext.put(chc.handshakeSession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	// derive salt secret
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	937	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938	SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940	// derive application secrets
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	HashAlg hashAlg = chc.negotiatedCipherSuite.hashAlg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942	HKDF hkdf = new HKDF(hashAlg.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	byte[] zeros = new byte[hashAlg.hashLength];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944	SecretKeySpec sharedSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945	new SecretKeySpec(zeros, "TlsZeroSecret");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	SecretKey masterSecret =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947	hkdf.extract(saltSecret, sharedSecret, "TlsMasterSecret");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949	SSLKeyDerivation secretKD =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	950	new SSLSecretDerivation(chc, masterSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	951
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952	// update the handshake traffic read keys.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953	SecretKey readSecret = secretKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	954	"TlsServerAppTrafficSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	955	SSLKeyDerivation writeKD =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	956	kdg.createKeyDerivation(chc, readSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	957	SecretKey readKey = writeKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	958	"TlsKey", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	959	SecretKey readIvSecret = writeKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	960	"TlsIv", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	961	IvParameterSpec readIv =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	962	new IvParameterSpec(readIvSecret.getEncoded());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	963	SSLReadCipher readCipher =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	964	chc.negotiatedCipherSuite.bulkCipher.createReadCipher(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	965	Authenticator.valueOf(chc.negotiatedProtocol),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	966	chc.negotiatedProtocol, readKey, readIv,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	967	chc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	968
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	969	if (readCipher == null) {
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	970	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	971	"Illegal cipher suite (" + chc.negotiatedCipherSuite +
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	972	") and protocol version (" + chc.negotiatedProtocol +
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	973	")");
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	974
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	975	return;
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	976	}
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	977
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	978	chc.baseReadSecret = readSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	979	chc.conContext.inputRecord.changeReadCiphers(readCipher);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	980
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	981	// update the context for the following key derivation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	982	chc.handshakeKeyDerivation = secretKD;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	983	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	984	chc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	985	"Failure to derive application secrets", gse);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	986	return;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	987	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	988
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	989	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	990	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	991	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	992	chc.handshakeProducers.put(SSLHandshake.FINISHED.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	993	SSLHandshake.FINISHED);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	994	SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	995	// full handshake messages
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	996	SSLHandshake.CERTIFICATE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	997	SSLHandshake.CERTIFICATE_VERIFY,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	998	SSLHandshake.FINISHED
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	999	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1000
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1001	for (SSLHandshake hs : probableHandshakeMessages) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1002	HandshakeProducer handshakeProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1003	chc.handshakeProducers.remove(hs.id);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1004	if (handshakeProducer != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1005	handshakeProducer.produce(chc, null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1006	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1007	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1008	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1009
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1010	private void onConsumeFinished(ServerHandshakeContext shc,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1011	ByteBuffer message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1012	FinishedMessage fm = new FinishedMessage(shc, message);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1013	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1014	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1015	"Consuming client Finished handshake message", fm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1016	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1017
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1018	if (shc.conContext.secureRenegotiation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1019	shc.conContext.clientVerifyData = fm.verifyData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1020	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1021
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1022	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1023	// validate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1024	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1025	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1026
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1027	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1028	// update
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1029	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1030	// Change client/server application traffic secrets.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1031	SSLKeyDerivation kd = shc.handshakeKeyDerivation;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1032	if (kd == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1033	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1034	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1035	"no key derivation");
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1036	return;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1037	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1038
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1039	SSLTrafficKeyDerivation kdg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1040	SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1041	if (kdg == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1042	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1043	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1044	"Not supported key derivation: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1045	shc.negotiatedProtocol);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1046	return;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1047	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1048
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1049	// save the session
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1050	if (!shc.isResumption && shc.handshakeSession.isRejoinable()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1051	SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1052	shc.sslContext.engineGetServerSessionContext();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1053	sessionContext.put(shc.handshakeSession);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1054	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1055
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1056	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1057	// update the application traffic read keys.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1058	SecretKey readSecret = kd.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1059	"TlsClientAppTrafficSecret", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1060
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1061	SSLKeyDerivation readKD =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1062	kdg.createKeyDerivation(shc, readSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1063	SecretKey readKey = readKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1064	"TlsKey", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1065	SecretKey readIvSecret = readKD.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1066	"TlsIv", null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1067	IvParameterSpec readIv =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1068	new IvParameterSpec(readIvSecret.getEncoded());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1069	SSLReadCipher readCipher =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1070	shc.negotiatedCipherSuite.bulkCipher.createReadCipher(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1071	Authenticator.valueOf(shc.negotiatedProtocol),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1072	shc.negotiatedProtocol, readKey, readIv,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1073	shc.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1074
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1075	if (readCipher == null) {
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1076	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1077	"Illegal cipher suite (" + shc.negotiatedCipherSuite +
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1078	") and protocol version (" + shc.negotiatedProtocol +
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1079	")");
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1080
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1081	return;
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1082	}
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1083
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1084	shc.baseReadSecret = readSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1085	shc.conContext.inputRecord.changeReadCiphers(readCipher);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1086
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1087	// The resumption master secret is stored in the session so
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1088	// it can be used after the handshake is completed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1089	shc.handshakeHash.update();
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1090	SSLSecretDerivation sd =
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1091	((SSLSecretDerivation)kd).forContext(shc);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1092	SecretKey resumptionMasterSecret = sd.deriveKey(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1093	"TlsResumptionMasterSecret", null);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1094	shc.handshakeSession.setResumptionMasterSecret(
c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1095	resumptionMasterSecret);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1096	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1097	shc.conContext.fatal(Alert.INTERNAL_ERROR,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1098	"Failure to derive application secrets", gse);
53055 c36464ea1f04 8213782: NullPointerException in sun.security.ssl.OutputRecord.changeWriteCiphers xuelei parents: 52621 diff changeset	1099	return;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1100	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1101
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1102	// update connection context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1103	shc.conContext.conSession = shc.handshakeSession.finish();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1104	shc.conContext.protocolVersion = shc.negotiatedProtocol;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1105
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1106	// handshake context cleanup.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1107	shc.handshakeFinished = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1108
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1109	// May need to retransmit the last flight for DTLS.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1110	if (!shc.sslContext.isDTLS()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1111	shc.conContext.finishHandshake();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1112	}
52621 f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1113	recordEvent(shc.conContext.conSession);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1114
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1115	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1116	// produce
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1117	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1118	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1119	"Sending new session ticket");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1120	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1121	NewSessionTicket.kickstartProducer.produce(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1122
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1123	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1124	}
52621 f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1125
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1126	private static void recordEvent(SSLSessionImpl session) {
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1127	TLSHandshakeEvent event = new TLSHandshakeEvent();
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1128	if (event.shouldCommit() \|\| EventHelper.isLoggingSecurity()) {
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1129	int peerCertificateId = 0;
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1130	try {
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1131	// use hash code for Id
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1132	peerCertificateId = session
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1133	.getCertificateChain()[0]
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1134	.hashCode();
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1135	} catch (SSLPeerUnverifiedException e) {
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1136	// not verified msg
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1137	}
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1138	if (event.shouldCommit()) {
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1139	event.peerHost = session.getPeerHost();
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1140	event.peerPort = session.getPeerPort();
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1141	event.cipherSuite = session.getCipherSuite();
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1142	event.protocolVersion = session.getProtocol();
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1143	event.certificateId = peerCertificateId;
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1144	event.commit();
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1145	}
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1146	if (EventHelper.isLoggingSecurity()) {
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1147	EventHelper.logTLSHandshakeEvent(null,
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1148	session.getPeerHost(),
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1149	session.getPeerPort(),
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1150	session.getCipherSuite(),
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1151	session.getProtocol(),
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1152	peerCertificateId);
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1153	}
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1154	}
f7309a1491d9 8148188: Enhance the security libraries to record events of interest coffeys parents: 50768 diff changeset	1155	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1156	}

author	xuelei
	Fri, 14 Dec 2018 17:51:02 -0800
changeset 53055	c36464ea1f04
parent 52621	f7309a1491d9
child 53064	103ed9569fc8
permissions	-rw-r--r--