author | ascarpino |
Mon, 10 Dec 2018 09:19:30 -0800 | |
changeset 52928 | d59955700113 |
parent 50768 | 68fa3d4026ea |
child 53563 | a4b7ea85d668 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
50768 | 2 |
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.ssl; |
|
27 |
||
7043 | 28 |
import java.io.ByteArrayOutputStream; |
50768 | 29 |
import java.io.IOException; |
30904 | 30 |
import java.nio.ByteBuffer; |
50768 | 31 |
import java.security.MessageDigest; |
32 |
import java.util.Arrays; |
|
33 |
import java.util.LinkedList; |
|
34 |
import javax.crypto.SecretKey; |
|
35 |
import sun.security.util.MessageDigestSpi2; |
|
36 |
||
37 |
final class HandshakeHash { |
|
38 |
private TranscriptHash transcriptHash; |
|
39 |
private LinkedList<byte[]> reserves; // one handshake message per entry |
|
40 |
private boolean hasBeenUsed; |
|
41 |
||
42 |
HandshakeHash() { |
|
43 |
this.transcriptHash = new CacheOnlyHash(); |
|
44 |
this.reserves = new LinkedList<>(); |
|
45 |
this.hasBeenUsed = false; |
|
46 |
} |
|
2 | 47 |
|
50768 | 48 |
// fix the negotiated protocol version and cipher suite |
49 |
void determine(ProtocolVersion protocolVersion, |
|
50 |
CipherSuite cipherSuite) { |
|
51 |
if (!(transcriptHash instanceof CacheOnlyHash)) { |
|
52 |
throw new IllegalStateException( |
|
53 |
"Not expected instance of transcript hash"); |
|
54 |
} |
|
2 | 55 |
|
50768 | 56 |
CacheOnlyHash coh = (CacheOnlyHash)transcriptHash; |
57 |
if (protocolVersion.useTLS13PlusSpec()) { |
|
58 |
transcriptHash = new T13HandshakeHash(cipherSuite); |
|
59 |
} else if (protocolVersion.useTLS12PlusSpec()) { |
|
60 |
transcriptHash = new T12HandshakeHash(cipherSuite); |
|
61 |
} else if (protocolVersion.useTLS10PlusSpec()) { |
|
62 |
transcriptHash = new T10HandshakeHash(cipherSuite); |
|
63 |
} else { |
|
64 |
transcriptHash = new S30HandshakeHash(cipherSuite); |
|
65 |
} |
|
30904 | 66 |
|
50768 | 67 |
byte[] reserved = coh.baos.toByteArray(); |
68 |
if (reserved.length != 0) { |
|
69 |
transcriptHash.update(reserved, 0, reserved.length); |
|
70 |
} |
|
7043 | 71 |
} |
2 | 72 |
|
50768 | 73 |
HandshakeHash copy() { |
74 |
if (transcriptHash instanceof CacheOnlyHash) { |
|
75 |
HandshakeHash result = new HandshakeHash(); |
|
76 |
result.transcriptHash = ((CacheOnlyHash)transcriptHash).copy(); |
|
77 |
result.reserves = new LinkedList<>(reserves); |
|
78 |
result.hasBeenUsed = hasBeenUsed; |
|
79 |
return result; |
|
80 |
} else { |
|
81 |
throw new IllegalStateException("Hash does not support copying"); |
|
82 |
} |
|
83 |
} |
|
84 |
||
85 |
void receive(byte[] input) { |
|
86 |
reserves.add(Arrays.copyOf(input, input.length)); |
|
87 |
} |
|
88 |
||
89 |
void receive(ByteBuffer input, int length) { |
|
30904 | 90 |
if (input.hasArray()) { |
50768 | 91 |
int from = input.position() + input.arrayOffset(); |
92 |
int to = from + length; |
|
93 |
reserves.add(Arrays.copyOfRange(input.array(), from, to)); |
|
94 |
} else { |
|
95 |
int inPos = input.position(); |
|
96 |
byte[] holder = new byte[length]; |
|
97 |
input.get(holder); |
|
98 |
input.position(inPos); |
|
99 |
reserves.add(Arrays.copyOf(holder, holder.length)); |
|
100 |
} |
|
101 |
} |
|
102 |
void receive(ByteBuffer input) { |
|
103 |
receive(input, input.remaining()); |
|
104 |
} |
|
105 |
||
106 |
// For HelloRetryRequest only! Please use this method very carefully! |
|
107 |
void push(byte[] input) { |
|
108 |
reserves.push(Arrays.copyOf(input, input.length)); |
|
109 |
} |
|
110 |
||
111 |
// For PreSharedKey to modify the state of the PSK binder hash |
|
112 |
byte[] removeLastReceived() { |
|
113 |
return reserves.removeLast(); |
|
114 |
} |
|
115 |
||
116 |
void deliver(byte[] input) { |
|
117 |
update(); |
|
118 |
transcriptHash.update(input, 0, input.length); |
|
119 |
} |
|
120 |
||
121 |
void deliver(byte[] input, int offset, int length) { |
|
122 |
update(); |
|
123 |
transcriptHash.update(input, offset, length); |
|
124 |
} |
|
125 |
||
126 |
void deliver(ByteBuffer input) { |
|
127 |
update(); |
|
128 |
if (input.hasArray()) { |
|
129 |
transcriptHash.update(input.array(), |
|
30904 | 130 |
input.position() + input.arrayOffset(), input.remaining()); |
131 |
} else { |
|
132 |
int inPos = input.position(); |
|
133 |
byte[] holder = new byte[input.remaining()]; |
|
134 |
input.get(holder); |
|
135 |
input.position(inPos); |
|
50768 | 136 |
transcriptHash.update(holder, 0, holder.length); |
30904 | 137 |
} |
138 |
} |
|
139 |
||
50768 | 140 |
// Use one handshake message if it has not been used. |
141 |
void utilize() { |
|
142 |
if (hasBeenUsed) { |
|
143 |
return; |
|
144 |
} |
|
145 |
if (reserves.size() != 0) { |
|
146 |
byte[] holder = reserves.remove(); |
|
147 |
transcriptHash.update(holder, 0, holder.length); |
|
148 |
hasBeenUsed = true; |
|
30904 | 149 |
} |
150 |
} |
|
151 |
||
50768 | 152 |
// Consume one handshake message if it has not been consumed. |
153 |
void consume() { |
|
154 |
if (hasBeenUsed) { |
|
155 |
hasBeenUsed = false; |
|
156 |
return; |
|
157 |
} |
|
158 |
if (reserves.size() != 0) { |
|
159 |
byte[] holder = reserves.remove(); |
|
160 |
transcriptHash.update(holder, 0, holder.length); |
|
30904 | 161 |
} |
162 |
} |
|
163 |
||
50768 | 164 |
void update() { |
165 |
while (reserves.size() != 0) { |
|
166 |
byte[] holder = reserves.remove(); |
|
167 |
transcriptHash.update(holder, 0, holder.length); |
|
168 |
} |
|
169 |
hasBeenUsed = false; |
|
170 |
} |
|
30904 | 171 |
|
50768 | 172 |
byte[] digest() { |
173 |
// Note that the reserve handshake message may be not a part of |
|
174 |
// the expected digest. |
|
175 |
return transcriptHash.digest(); |
|
176 |
} |
|
177 |
||
178 |
void finish() { |
|
179 |
this.transcriptHash = new CacheOnlyHash(); |
|
180 |
this.reserves = new LinkedList<>(); |
|
181 |
this.hasBeenUsed = false; |
|
182 |
} |
|
183 |
||
184 |
// Optional |
|
185 |
byte[] archived() { |
|
186 |
// Note that the reserve handshake message may be not a part of |
|
187 |
// the expected digest. |
|
188 |
return transcriptHash.archived(); |
|
2 | 189 |
} |
190 |
||
50768 | 191 |
// Optional, TLS 1.0/1.1 only |
192 |
byte[] digest(String algorithm) { |
|
193 |
T10HandshakeHash hh = (T10HandshakeHash)transcriptHash; |
|
194 |
return hh.digest(algorithm); |
|
195 |
} |
|
196 |
||
197 |
// Optional, SSL 3.0 only |
|
198 |
byte[] digest(String algorithm, SecretKey masterSecret) { |
|
199 |
S30HandshakeHash hh = (S30HandshakeHash)transcriptHash; |
|
200 |
return hh.digest(algorithm, masterSecret); |
|
201 |
} |
|
202 |
||
203 |
// Optional, SSL 3.0 only |
|
204 |
byte[] digest(boolean useClientLabel, SecretKey masterSecret) { |
|
205 |
S30HandshakeHash hh = (S30HandshakeHash)transcriptHash; |
|
206 |
return hh.digest(useClientLabel, masterSecret); |
|
2 | 207 |
} |
208 |
||
50768 | 209 |
public boolean isHashable(byte handshakeType) { |
210 |
return handshakeType != SSLHandshake.HELLO_REQUEST.id && |
|
211 |
handshakeType != SSLHandshake.HELLO_VERIFY_REQUEST.id; |
|
212 |
} |
|
7043 | 213 |
|
50768 | 214 |
interface TranscriptHash { |
215 |
void update(byte[] input, int offset, int length); |
|
216 |
byte[] digest(); |
|
217 |
byte[] archived(); // optional |
|
218 |
} |
|
219 |
||
220 |
// For cache only. |
|
221 |
private static final class CacheOnlyHash implements TranscriptHash { |
|
222 |
private final ByteArrayOutputStream baos; |
|
223 |
||
224 |
CacheOnlyHash() { |
|
225 |
this.baos = new ByteArrayOutputStream(); |
|
30904 | 226 |
} |
7043 | 227 |
|
50768 | 228 |
@Override |
229 |
public void update(byte[] input, int offset, int length) { |
|
230 |
baos.write(input, offset, length); |
|
30904 | 231 |
} |
50768 | 232 |
|
233 |
@Override |
|
234 |
public byte[] digest() { |
|
235 |
throw new IllegalStateException( |
|
236 |
"Not expected call to handshake hash digest"); |
|
7043 | 237 |
} |
238 |
||
50768 | 239 |
@Override |
240 |
public byte[] archived() { |
|
241 |
return baos.toByteArray(); |
|
7043 | 242 |
} |
2 | 243 |
|
50768 | 244 |
CacheOnlyHash copy() { |
245 |
CacheOnlyHash result = new CacheOnlyHash(); |
|
246 |
try { |
|
247 |
baos.writeTo(result.baos); |
|
248 |
} catch (IOException ex) { |
|
249 |
throw new RuntimeException("unable to to clone hash state"); |
|
250 |
} |
|
251 |
return result; |
|
2 | 252 |
} |
253 |
} |
|
254 |
||
50768 | 255 |
static final class S30HandshakeHash implements TranscriptHash { |
256 |
static final byte[] MD5_pad1 = genPad(0x36, 48); |
|
257 |
static final byte[] MD5_pad2 = genPad(0x5c, 48); |
|
258 |
||
259 |
static final byte[] SHA_pad1 = genPad(0x36, 40); |
|
260 |
static final byte[] SHA_pad2 = genPad(0x5c, 40); |
|
261 |
||
262 |
private static final byte[] SSL_CLIENT = { 0x43, 0x4C, 0x4E, 0x54 }; |
|
263 |
private static final byte[] SSL_SERVER = { 0x53, 0x52, 0x56, 0x52 }; |
|
264 |
||
265 |
private final MessageDigest mdMD5; |
|
266 |
private final MessageDigest mdSHA; |
|
267 |
private final TranscriptHash md5; |
|
268 |
private final TranscriptHash sha; |
|
269 |
private final ByteArrayOutputStream baos; |
|
270 |
||
271 |
S30HandshakeHash(CipherSuite cipherSuite) { |
|
272 |
this.mdMD5 = JsseJce.getMessageDigest("MD5"); |
|
273 |
this.mdSHA = JsseJce.getMessageDigest("SHA"); |
|
274 |
||
275 |
boolean hasArchived = false; |
|
276 |
if (mdMD5 instanceof Cloneable) { |
|
277 |
md5 = new CloneableHash(mdMD5); |
|
278 |
} else { |
|
279 |
hasArchived = true; |
|
280 |
md5 = new NonCloneableHash(mdMD5); |
|
281 |
} |
|
282 |
if (mdSHA instanceof Cloneable) { |
|
283 |
sha = new CloneableHash(mdSHA); |
|
284 |
} else { |
|
285 |
hasArchived = true; |
|
286 |
sha = new NonCloneableHash(mdSHA); |
|
287 |
} |
|
7043 | 288 |
|
50768 | 289 |
if (hasArchived) { |
290 |
this.baos = null; |
|
291 |
} else { |
|
292 |
this.baos = new ByteArrayOutputStream(); |
|
293 |
} |
|
294 |
} |
|
295 |
||
296 |
@Override |
|
297 |
public void update(byte[] input, int offset, int length) { |
|
298 |
md5.update(input, offset, length); |
|
299 |
sha.update(input, offset, length); |
|
300 |
if (baos != null) { |
|
301 |
baos.write(input, offset, length); |
|
7043 | 302 |
} |
50768 | 303 |
} |
304 |
||
305 |
@Override |
|
306 |
public byte[] digest() { |
|
307 |
byte[] digest = new byte[36]; |
|
308 |
System.arraycopy(md5.digest(), 0, digest, 0, 16); |
|
309 |
System.arraycopy(sha.digest(), 0, digest, 16, 20); |
|
310 |
||
311 |
return digest; |
|
312 |
} |
|
313 |
||
314 |
@Override |
|
315 |
public byte[] archived() { |
|
316 |
if (baos != null) { |
|
317 |
return baos.toByteArray(); |
|
318 |
} else if (md5 instanceof NonCloneableHash) { |
|
319 |
return md5.archived(); |
|
320 |
} else { |
|
321 |
return sha.archived(); |
|
7043 | 322 |
} |
323 |
} |
|
50768 | 324 |
|
325 |
byte[] digest(boolean useClientLabel, SecretKey masterSecret) { |
|
326 |
MessageDigest md5Clone = cloneMd5(); |
|
327 |
MessageDigest shaClone = cloneSha(); |
|
328 |
||
329 |
if (useClientLabel) { |
|
330 |
md5Clone.update(SSL_CLIENT); |
|
331 |
shaClone.update(SSL_CLIENT); |
|
332 |
} else { |
|
333 |
md5Clone.update(SSL_SERVER); |
|
334 |
shaClone.update(SSL_SERVER); |
|
335 |
} |
|
336 |
||
337 |
updateDigest(md5Clone, MD5_pad1, MD5_pad2, masterSecret); |
|
338 |
updateDigest(shaClone, SHA_pad1, SHA_pad2, masterSecret); |
|
339 |
||
340 |
byte[] digest = new byte[36]; |
|
341 |
System.arraycopy(md5Clone.digest(), 0, digest, 0, 16); |
|
342 |
System.arraycopy(shaClone.digest(), 0, digest, 16, 20); |
|
343 |
||
344 |
return digest; |
|
345 |
} |
|
346 |
||
347 |
byte[] digest(String algorithm, SecretKey masterSecret) { |
|
348 |
if ("RSA".equalsIgnoreCase(algorithm)) { |
|
349 |
MessageDigest md5Clone = cloneMd5(); |
|
350 |
MessageDigest shaClone = cloneSha(); |
|
351 |
updateDigest(md5Clone, MD5_pad1, MD5_pad2, masterSecret); |
|
352 |
updateDigest(shaClone, SHA_pad1, SHA_pad2, masterSecret); |
|
353 |
||
354 |
byte[] digest = new byte[36]; |
|
355 |
System.arraycopy(md5Clone.digest(), 0, digest, 0, 16); |
|
356 |
System.arraycopy(shaClone.digest(), 0, digest, 16, 20); |
|
357 |
||
358 |
return digest; |
|
359 |
} else { |
|
360 |
MessageDigest shaClone = cloneSha(); |
|
361 |
updateDigest(shaClone, SHA_pad1, SHA_pad2, masterSecret); |
|
362 |
return shaClone.digest(); |
|
363 |
} |
|
364 |
} |
|
365 |
||
366 |
private static byte[] genPad(int b, int count) { |
|
367 |
byte[] padding = new byte[count]; |
|
368 |
Arrays.fill(padding, (byte)b); |
|
369 |
return padding; |
|
370 |
} |
|
371 |
||
372 |
private MessageDigest cloneMd5() { |
|
373 |
MessageDigest md5Clone; |
|
374 |
if (mdMD5 instanceof Cloneable) { |
|
375 |
try { |
|
376 |
md5Clone = (MessageDigest)mdMD5.clone(); |
|
377 |
} catch (CloneNotSupportedException ex) { // unlikely |
|
378 |
throw new RuntimeException( |
|
379 |
"MessageDigest does no support clone operation"); |
|
380 |
} |
|
381 |
} else { |
|
382 |
md5Clone = JsseJce.getMessageDigest("MD5"); |
|
383 |
md5Clone.update(md5.archived()); |
|
384 |
} |
|
385 |
||
386 |
return md5Clone; |
|
387 |
} |
|
388 |
||
389 |
private MessageDigest cloneSha() { |
|
390 |
MessageDigest shaClone; |
|
391 |
if (mdSHA instanceof Cloneable) { |
|
392 |
try { |
|
393 |
shaClone = (MessageDigest)mdSHA.clone(); |
|
394 |
} catch (CloneNotSupportedException ex) { // unlikely |
|
395 |
throw new RuntimeException( |
|
396 |
"MessageDigest does no support clone operation"); |
|
397 |
} |
|
398 |
} else { |
|
399 |
shaClone = JsseJce.getMessageDigest("SHA"); |
|
400 |
shaClone.update(sha.archived()); |
|
401 |
} |
|
402 |
||
403 |
return shaClone; |
|
404 |
} |
|
405 |
||
406 |
private static void updateDigest(MessageDigest md, |
|
407 |
byte[] pad1, byte[] pad2, SecretKey masterSecret) { |
|
408 |
byte[] keyBytes = "RAW".equals(masterSecret.getFormat()) |
|
409 |
? masterSecret.getEncoded() : null; |
|
410 |
if (keyBytes != null) { |
|
411 |
md.update(keyBytes); |
|
412 |
} else { |
|
413 |
digestKey(md, masterSecret); |
|
414 |
} |
|
415 |
md.update(pad1); |
|
416 |
byte[] temp = md.digest(); |
|
417 |
||
418 |
if (keyBytes != null) { |
|
419 |
md.update(keyBytes); |
|
420 |
} else { |
|
421 |
digestKey(md, masterSecret); |
|
422 |
} |
|
423 |
md.update(pad2); |
|
424 |
md.update(temp); |
|
7043 | 425 |
} |
426 |
||
50768 | 427 |
private static void digestKey(MessageDigest md, SecretKey key) { |
428 |
try { |
|
429 |
if (md instanceof MessageDigestSpi2) { |
|
430 |
((MessageDigestSpi2)md).engineUpdate(key); |
|
431 |
} else { |
|
432 |
throw new Exception( |
|
433 |
"Digest does not support implUpdate(SecretKey)"); |
|
434 |
} |
|
435 |
} catch (Exception e) { |
|
436 |
throw new RuntimeException( |
|
437 |
"Could not obtain encoded key and " |
|
438 |
+ "MessageDigest cannot digest key", e); |
|
439 |
} |
|
440 |
} |
|
441 |
} |
|
442 |
||
443 |
// TLS 1.0 and TLS 1.1 |
|
444 |
static final class T10HandshakeHash implements TranscriptHash { |
|
445 |
private final TranscriptHash md5; |
|
446 |
private final TranscriptHash sha; |
|
447 |
private final ByteArrayOutputStream baos; |
|
448 |
||
449 |
T10HandshakeHash(CipherSuite cipherSuite) { |
|
450 |
MessageDigest mdMD5 = JsseJce.getMessageDigest("MD5"); |
|
451 |
MessageDigest mdSHA = JsseJce.getMessageDigest("SHA"); |
|
452 |
||
453 |
boolean hasArchived = false; |
|
454 |
if (mdMD5 instanceof Cloneable) { |
|
455 |
md5 = new CloneableHash(mdMD5); |
|
456 |
} else { |
|
457 |
hasArchived = true; |
|
458 |
md5 = new NonCloneableHash(mdMD5); |
|
459 |
} |
|
460 |
if (mdSHA instanceof Cloneable) { |
|
461 |
sha = new CloneableHash(mdSHA); |
|
462 |
} else { |
|
463 |
hasArchived = true; |
|
464 |
sha = new NonCloneableHash(mdSHA); |
|
465 |
} |
|
7043 | 466 |
|
50768 | 467 |
if (hasArchived) { |
468 |
this.baos = null; |
|
469 |
} else { |
|
470 |
this.baos = new ByteArrayOutputStream(); |
|
471 |
} |
|
472 |
} |
|
473 |
||
474 |
@Override |
|
475 |
public void update(byte[] input, int offset, int length) { |
|
476 |
md5.update(input, offset, length); |
|
477 |
sha.update(input, offset, length); |
|
478 |
if (baos != null) { |
|
479 |
baos.write(input, offset, length); |
|
480 |
} |
|
7043 | 481 |
} |
50768 | 482 |
|
483 |
@Override |
|
484 |
public byte[] digest() { |
|
485 |
byte[] digest = new byte[36]; |
|
486 |
System.arraycopy(md5.digest(), 0, digest, 0, 16); |
|
487 |
System.arraycopy(sha.digest(), 0, digest, 16, 20); |
|
488 |
||
489 |
return digest; |
|
490 |
} |
|
491 |
||
492 |
byte[] digest(String algorithm) { |
|
493 |
if ("RSA".equalsIgnoreCase(algorithm)) { |
|
494 |
return digest(); |
|
495 |
} else { |
|
496 |
return sha.digest(); |
|
497 |
} |
|
498 |
} |
|
499 |
||
500 |
@Override |
|
501 |
public byte[] archived() { |
|
502 |
if (baos != null) { |
|
503 |
return baos.toByteArray(); |
|
504 |
} else if (md5 instanceof NonCloneableHash) { |
|
505 |
return md5.archived(); |
|
506 |
} else { |
|
507 |
return sha.archived(); |
|
508 |
} |
|
509 |
} |
|
7043 | 510 |
} |
511 |
||
50768 | 512 |
static final class T12HandshakeHash implements TranscriptHash { |
513 |
private final TranscriptHash transcriptHash; |
|
514 |
private final ByteArrayOutputStream baos; |
|
515 |
||
516 |
T12HandshakeHash(CipherSuite cipherSuite) { |
|
517 |
MessageDigest md = |
|
518 |
JsseJce.getMessageDigest(cipherSuite.hashAlg.name); |
|
519 |
if (md instanceof Cloneable) { |
|
520 |
transcriptHash = new CloneableHash(md); |
|
52928
d59955700113
8214098: sun.security.ssl.HandshakeHash.T12HandshakeHash constructor check backwards.
ascarpino
parents:
50768
diff
changeset
|
521 |
this.baos = new ByteArrayOutputStream(); |
50768 | 522 |
} else { |
523 |
transcriptHash = new NonCloneableHash(md); |
|
52928
d59955700113
8214098: sun.security.ssl.HandshakeHash.T12HandshakeHash constructor check backwards.
ascarpino
parents:
50768
diff
changeset
|
524 |
this.baos = null; |
50768 | 525 |
} |
526 |
} |
|
527 |
||
528 |
@Override |
|
529 |
public void update(byte[] input, int offset, int length) { |
|
530 |
transcriptHash.update(input, offset, length); |
|
531 |
if (baos != null) { |
|
532 |
baos.write(input, offset, length); |
|
533 |
} |
|
534 |
} |
|
535 |
||
536 |
@Override |
|
537 |
public byte[] digest() { |
|
538 |
return transcriptHash.digest(); |
|
539 |
} |
|
540 |
||
541 |
@Override |
|
542 |
public byte[] archived() { |
|
543 |
if (baos != null) { |
|
544 |
return baos.toByteArray(); |
|
545 |
} else { |
|
546 |
return transcriptHash.archived(); |
|
547 |
} |
|
548 |
} |
|
7043 | 549 |
} |
550 |
||
50768 | 551 |
static final class T13HandshakeHash implements TranscriptHash { |
552 |
private final TranscriptHash transcriptHash; |
|
553 |
||
554 |
T13HandshakeHash(CipherSuite cipherSuite) { |
|
555 |
MessageDigest md = |
|
556 |
JsseJce.getMessageDigest(cipherSuite.hashAlg.name); |
|
557 |
if (md instanceof Cloneable) { |
|
558 |
transcriptHash = new CloneableHash(md); |
|
559 |
} else { |
|
560 |
transcriptHash = new NonCloneableHash(md); |
|
561 |
} |
|
562 |
} |
|
563 |
||
564 |
@Override |
|
565 |
public void update(byte[] input, int offset, int length) { |
|
566 |
transcriptHash.update(input, offset, length); |
|
567 |
} |
|
568 |
||
569 |
@Override |
|
570 |
public byte[] digest() { |
|
571 |
return transcriptHash.digest(); |
|
572 |
} |
|
573 |
||
574 |
@Override |
|
575 |
public byte[] archived() { |
|
52928
d59955700113
8214098: sun.security.ssl.HandshakeHash.T12HandshakeHash constructor check backwards.
ascarpino
parents:
50768
diff
changeset
|
576 |
// This method is not necessary in T13 |
d59955700113
8214098: sun.security.ssl.HandshakeHash.T12HandshakeHash constructor check backwards.
ascarpino
parents:
50768
diff
changeset
|
577 |
throw new UnsupportedOperationException( |
d59955700113
8214098: sun.security.ssl.HandshakeHash.T12HandshakeHash constructor check backwards.
ascarpino
parents:
50768
diff
changeset
|
578 |
"TLS 1.3 does not require archived."); |
50768 | 579 |
} |
580 |
} |
|
581 |
||
582 |
static final class CloneableHash implements TranscriptHash { |
|
583 |
private final MessageDigest md; |
|
584 |
||
585 |
CloneableHash(MessageDigest md) { |
|
586 |
this.md = md; |
|
587 |
} |
|
588 |
||
589 |
@Override |
|
590 |
public void update(byte[] input, int offset, int length) { |
|
591 |
md.update(input, offset, length); |
|
592 |
} |
|
593 |
||
594 |
@Override |
|
595 |
public byte[] digest() { |
|
596 |
try { |
|
597 |
return ((MessageDigest)md.clone()).digest(); |
|
598 |
} catch (CloneNotSupportedException ex) { |
|
599 |
// unlikely |
|
600 |
return new byte[0]; |
|
601 |
} |
|
602 |
} |
|
603 |
||
604 |
@Override |
|
605 |
public byte[] archived() { |
|
606 |
throw new UnsupportedOperationException("Not supported yet."); |
|
607 |
} |
|
608 |
} |
|
609 |
||
610 |
static final class NonCloneableHash implements TranscriptHash { |
|
611 |
private final MessageDigest md; |
|
612 |
private final ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
|
613 |
||
614 |
NonCloneableHash(MessageDigest md) { |
|
615 |
this.md = md; |
|
616 |
} |
|
617 |
||
618 |
@Override |
|
619 |
public void update(byte[] input, int offset, int length) { |
|
620 |
baos.write(input, offset, length); |
|
621 |
} |
|
622 |
||
623 |
@Override |
|
624 |
public byte[] digest() { |
|
625 |
byte[] bytes = baos.toByteArray(); |
|
626 |
md.reset(); |
|
627 |
return md.digest(bytes); |
|
628 |
} |
|
629 |
||
630 |
@Override |
|
631 |
public byte[] archived() { |
|
632 |
return baos.toByteArray(); |
|
7043 | 633 |
} |
634 |
} |
|
2 | 635 |
} |