jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SignatureScheme.java@e7df7c86eda1 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 52337 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.security.*;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.security.spec.AlgorithmParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.spec.ECParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.spec.MGF1ParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.spec.PSSParameterSpec;
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	33	import java.util.AbstractMap.SimpleImmutableEntry;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.ArrayList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.util.Collection;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.util.EnumSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import java.util.List;
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	41	import java.util.Map;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import java.util.Set;
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	43	import sun.security.ssl.NamedGroup.NamedGroupSpec;
55452 1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	44	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	45	import sun.security.ssl.X509Authentication.X509Possession;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	import sun.security.util.KeyUtil;
54483 ac20c3bdc55d 8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange valeriep parents: 54417 diff changeset	47	import sun.security.util.SignatureUtil;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	enum SignatureScheme {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	// EdDSA algorithms
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	ED25519 (0x0807, "ed25519", "ed25519",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	"ed25519",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	ProtocolVersion.PROTOCOLS_OF_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	ED448 (0x0808, "ed448", "ed448",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	"ed448",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	ProtocolVersion.PROTOCOLS_OF_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	// ECDSA algorithms
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	ECDSA_SECP256R1_SHA256 (0x0403, "ecdsa_secp256r1_sha256",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	"SHA256withECDSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	"EC",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	NamedGroup.SECP256_R1,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	ProtocolVersion.PROTOCOLS_TO_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64	ECDSA_SECP384R1_SHA384 (0x0503, "ecdsa_secp384r1_sha384",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	"SHA384withECDSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	"EC",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	NamedGroup.SECP384_R1,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	ProtocolVersion.PROTOCOLS_TO_13),
52337 346ad00d6154 8212738: Incorrectly named signature scheme ecdsa_secp512r1_sha512 xuelei parents: 52208 diff changeset	69	ECDSA_SECP521R1_SHA512 (0x0603, "ecdsa_secp521r1_sha512",
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	"SHA512withECDSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	"EC",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	NamedGroup.SECP521_R1,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73	ProtocolVersion.PROTOCOLS_TO_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	// RSASSA-PSS algorithms with public key OID rsaEncryption
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	// The minimalKeySize is calculated as (See RFC 8017 for details):
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	// hash length + salt length + 16
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	RSA_PSS_RSAE_SHA256 (0x0804, "rsa_pss_rsae_sha256",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	"RSASSA-PSS", "RSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	SigAlgParamSpec.RSA_PSS_SHA256, 528,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	ProtocolVersion.PROTOCOLS_12_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	RSA_PSS_RSAE_SHA384 (0x0805, "rsa_pss_rsae_sha384",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	"RSASSA-PSS", "RSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	SigAlgParamSpec.RSA_PSS_SHA384, 784,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	ProtocolVersion.PROTOCOLS_12_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	RSA_PSS_RSAE_SHA512 (0x0806, "rsa_pss_rsae_sha512",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	"RSASSA-PSS", "RSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89	SigAlgParamSpec.RSA_PSS_SHA512, 1040,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	ProtocolVersion.PROTOCOLS_12_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	// RSASSA-PSS algorithms with public key OID RSASSA-PSS
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94	// The minimalKeySize is calculated as (See RFC 8017 for details):
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	// hash length + salt length + 16
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	RSA_PSS_PSS_SHA256 (0x0809, "rsa_pss_pss_sha256",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	"RSASSA-PSS", "RSASSA-PSS",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	SigAlgParamSpec.RSA_PSS_SHA256, 528,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	ProtocolVersion.PROTOCOLS_12_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	RSA_PSS_PSS_SHA384 (0x080A, "rsa_pss_pss_sha384",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	"RSASSA-PSS", "RSASSA-PSS",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	SigAlgParamSpec.RSA_PSS_SHA384, 784,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	ProtocolVersion.PROTOCOLS_12_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	RSA_PSS_PSS_SHA512 (0x080B, "rsa_pss_pss_sha512",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	"RSASSA-PSS", "RSASSA-PSS",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	SigAlgParamSpec.RSA_PSS_SHA512, 1040,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	ProtocolVersion.PROTOCOLS_12_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	// RSASSA-PKCS1-v1_5 algorithms
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	RSA_PKCS1_SHA256 (0x0401, "rsa_pkcs1_sha256", "SHA256withRSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	"RSA", null, null, 511,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	ProtocolVersion.PROTOCOLS_TO_13,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	RSA_PKCS1_SHA384 (0x0501, "rsa_pkcs1_sha384", "SHA384withRSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	"RSA", null, null, 768,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	ProtocolVersion.PROTOCOLS_TO_13,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	RSA_PKCS1_SHA512 (0x0601, "rsa_pkcs1_sha512", "SHA512withRSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	"RSA", null, null, 768,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	ProtocolVersion.PROTOCOLS_TO_13,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	// Legacy algorithms
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	DSA_SHA256 (0x0402, "dsa_sha256", "SHA256withDSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	"DSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	ECDSA_SHA224 (0x0303, "ecdsa_sha224", "SHA224withECDSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	"EC",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	RSA_SHA224 (0x0301, "rsa_sha224", "SHA224withRSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	"RSA", 511,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	DSA_SHA224 (0x0302, "dsa_sha224", "SHA224withDSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	"DSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	ECDSA_SHA1 (0x0203, "ecdsa_sha1", "SHA1withECDSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	"EC",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	ProtocolVersion.PROTOCOLS_TO_13),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	RSA_PKCS1_SHA1 (0x0201, "rsa_pkcs1_sha1", "SHA1withRSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	"RSA", null, null, 511,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	ProtocolVersion.PROTOCOLS_TO_13,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143	DSA_SHA1 (0x0202, "dsa_sha1", "SHA1withDSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	"DSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	ProtocolVersion.PROTOCOLS_TO_12),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	RSA_MD5 (0x0101, "rsa_md5", "MD5withRSA",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	"RSA", 511,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	ProtocolVersion.PROTOCOLS_TO_12);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	final int id; // hash + signature
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	final String name; // literal name
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	private final String algorithm; // signature algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	final String keyAlgorithm; // signature key algorithm
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	154	private final SigAlgParamSpec signAlgParams; // signature parameters
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	private final NamedGroup namedGroup; // associated named group
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	// The minimal required key size in bits.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	// Only need to check RSA algorithm at present. RSA keys of 512 bits
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	// have been shown to be practically breakable, it does not make much
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	// sense to use the strong hash algorithm for keys whose key size less
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	// than 512 bits. So it is not necessary to calculate the minimal
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	// required key size exactly for a hash algorithm.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	// Note that some provider may use 511 bits for 512-bit strength RSA keys.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	final int minimalKeySize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	final List<ProtocolVersion> supportedProtocols;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	// Some signature schemes are supported in different versions for handshake
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	// messages and certificates. This field holds the supported protocols
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	// for handshake messages.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	final List<ProtocolVersion> handshakeSupportedProtocols;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	final boolean isAvailable;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	private static final String[] hashAlgorithms = new String[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	"none", "md5", "sha1", "sha224",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	"sha256", "sha384", "sha512"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	private static final String[] signatureAlgorithms = new String[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	"anonymous", "rsa", "dsa", "ecdsa",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	static enum SigAlgParamSpec { // support RSASSA-PSS only now
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	RSA_PSS_SHA256 ("SHA-256", 32),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	RSA_PSS_SHA384 ("SHA-384", 48),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	RSA_PSS_SHA512 ("SHA-512", 64);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	189	private final AlgorithmParameterSpec parameterSpec;
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	190	private final AlgorithmParameters parameters;
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	191	private final boolean isAvailable;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	SigAlgParamSpec(String hash, int saltLength) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	// See RFC 8017
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	PSSParameterSpec pssParamSpec =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	new PSSParameterSpec(hash, "MGF1",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	new MGF1ParameterSpec(hash), saltLength, 1);
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	198	AlgorithmParameters pssParams = null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	boolean mediator = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	try {
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 52337 diff changeset	202	Signature signer = Signature.getInstance("RSASSA-PSS");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	signer.setParameter(pssParamSpec);
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	204	pssParams = signer.getParameters();
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	} catch (InvalidAlgorithmParameterException \|
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	206	NoSuchAlgorithmException \| RuntimeException exp) {
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	207	// Signature.getParameters() may throw RuntimeException.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	mediator = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	"RSASSA-PSS signature with " + hash +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	" is not supported by the underlying providers", exp);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	this.isAvailable = mediator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	this.parameterSpec = mediator ? pssParamSpec : null;
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	218	this.parameters = mediator ? pssParams : null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	// performance optimization
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	Collections.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	private SignatureScheme(int id, String name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	String algorithm, String keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	ProtocolVersion[] supportedProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	this(id, name, algorithm, keyAlgorithm, -1, supportedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	private SignatureScheme(int id, String name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	String algorithm, String keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	int minimalKeySize,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	ProtocolVersion[] supportedProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	this(id, name, algorithm, keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	null, minimalKeySize, supportedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	private SignatureScheme(int id, String name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	String algorithm, String keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	SigAlgParamSpec signAlgParamSpec, int minimalKeySize,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	ProtocolVersion[] supportedProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	this(id, name, algorithm, keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	signAlgParamSpec, null, minimalKeySize,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	supportedProtocols, supportedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	private SignatureScheme(int id, String name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	String algorithm, String keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	NamedGroup namedGroup,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	ProtocolVersion[] supportedProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	this(id, name, algorithm, keyAlgorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	null, namedGroup, -1,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	supportedProtocols, supportedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	private SignatureScheme(int id, String name,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	String algorithm, String keyAlgorithm,
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	261	SigAlgParamSpec signAlgParams,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	NamedGroup namedGroup, int minimalKeySize,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	ProtocolVersion[] supportedProtocols,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	ProtocolVersion[] handshakeSupportedProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	this.id = id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	this.name = name;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	this.algorithm = algorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	this.keyAlgorithm = keyAlgorithm;
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	269	this.signAlgParams = signAlgParams;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	this.namedGroup = namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	this.minimalKeySize = minimalKeySize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	this.supportedProtocols = Arrays.asList(supportedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	this.handshakeSupportedProtocols =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	Arrays.asList(handshakeSupportedProtocols);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	boolean mediator = true;
59214 e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	277	// HACK CODE
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	278	//
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	279	// An EC provider, for example the SunEC provider, may support
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	280	// AlgorithmParameters but not KeyPairGenerator or Signature.
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	281	if ("EC".equals(keyAlgorithm)) {
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	282	mediator = JsseJce.isEcAvailable();
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	283	}
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	284
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	285	// Check the specific algorithm and parameters.
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	286	if (mediator) {
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	287	if (signAlgParams != null) {
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	288	mediator = signAlgParams.isAvailable;
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	289	} else {
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	290	try {
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	291	Signature.getInstance(algorithm);
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	292	} catch (Exception e) {
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	293	mediator = false;
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	294	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	295	SSLLogger.warning(
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	296	"Signature algorithm, " + algorithm +
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	297	", is not supported by the underlying providers");
e7df7c86eda1 8233954: UnsatisfiedLinkError or NoSuchAlgorithmException after removing sunec.dll xuelei parents: 58951 diff changeset	298	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	if (mediator && ((id >> 8) & 0xFF) == 0x03) { // SHA224
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	// There are some problems to use SHA224 on Windows.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	if (Security.getProvider("SunMSCAPI") != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	mediator = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	this.isAvailable = mediator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	static SignatureScheme valueOf(int id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	for (SignatureScheme ss: SignatureScheme.values()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	if (ss.id == id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	return ss;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	static String nameOf(int id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	for (SignatureScheme ss: SignatureScheme.values()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	if (ss.id == id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	return ss.name;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	// Use TLS 1.2 style name for unknown signature scheme.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	int hashId = ((id >> 8) & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	int signId = (id & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	String hashName = (hashId >= hashAlgorithms.length) ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	"UNDEFINED-HASH(" + hashId + ")" : hashAlgorithms[hashId];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	String signName = (signId >= signatureAlgorithms.length) ?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	"UNDEFINED-SIGNATURE(" + signId + ")" :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	signatureAlgorithms[signId];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	return signName + "_" + hashName;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	// Return the size of a SignatureScheme structure in TLS record
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	static int sizeInRecord() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	return 2;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	347	private boolean isPermitted(AlgorithmConstraints constraints) {
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	348	return constraints.permits(SIGNATURE_PRIMITIVE_SET,
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	349	this.name, null) &&
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	350	constraints.permits(SIGNATURE_PRIMITIVE_SET,
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	351	this.keyAlgorithm, null) &&
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	352	constraints.permits(SIGNATURE_PRIMITIVE_SET,
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	353	this.algorithm, (signAlgParams != null ?
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	354	signAlgParams.parameters : null)) &&
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	355	(namedGroup != null ?
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	356	namedGroup.isPermitted(constraints) : true);
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	357	}
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	358
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	// Get local supported algorithm collection complying to algorithm
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	// constraints.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	static List<SignatureScheme> getSupportedAlgorithms(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	AlgorithmConstraints constraints,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	List<ProtocolVersion> activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	List<SignatureScheme> supported = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	for (SignatureScheme ss: SignatureScheme.values()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	if (!ss.isAvailable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	boolean isMatch = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	for (ProtocolVersion pv : activeProtocols) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	if (ss.supportedProtocols.contains(pv)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	isMatch = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	if (isMatch) {
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	379	if (ss.isPermitted(constraints)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	supported.add(ss);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	} else if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	SSLLogger.finest(
52208 5bf98ad48412 8212752: Typo in SSL log message related to inactive/disabled signature scheme coffeys parents: 51574 diff changeset	384	"Ignore disabled signature scheme: " + ss.name);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	} else if (SSLLogger.isOn &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	SSLLogger.isOn("ssl,handshake,verbose")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	SSLLogger.finest(
52208 5bf98ad48412 8212752: Typo in SSL log message related to inactive/disabled signature scheme coffeys parents: 51574 diff changeset	389	"Ignore inactive signature scheme: " + ss.name);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	return supported;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	static List<SignatureScheme> getSupportedAlgorithms(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	AlgorithmConstraints constraints,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	ProtocolVersion protocolVersion, int[] algorithmIds) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	List<SignatureScheme> supported = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	for (int ssid : algorithmIds) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	SignatureScheme ss = SignatureScheme.valueOf(ssid);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	if (ss == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	"Unsupported signature scheme: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	SignatureScheme.nameOf(ssid));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	} else if (ss.isAvailable &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	ss.supportedProtocols.contains(protocolVersion) &&
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	410	ss.isPermitted(constraints)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	supported.add(ss);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	"Unsupported signature scheme: " + ss.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	return supported;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	static SignatureScheme getPreferableAlgorithm(
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	424	AlgorithmConstraints constraints,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	List<SignatureScheme> schemes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	SignatureScheme certScheme,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	ProtocolVersion version) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	for (SignatureScheme ss : schemes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	if (ss.isAvailable &&
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	431	ss.handshakeSupportedProtocols.contains(version) &&
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	432	certScheme.keyAlgorithm.equalsIgnoreCase(ss.keyAlgorithm) &&
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	433	ss.isPermitted(constraints)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	return ss;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	441	static Map.Entry<SignatureScheme, Signature> getSignerOfPreferableAlgorithm(
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	442	AlgorithmConstraints constraints,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	List<SignatureScheme> schemes,
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	444	X509Possession x509Possession,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	ProtocolVersion version) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	447	PrivateKey signingKey = x509Possession.popPrivateKey;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	String keyAlgorithm = signingKey.getAlgorithm();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	int keySize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	// Only need to check RSA algorithm at present.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	if (keyAlgorithm.equalsIgnoreCase("RSA") \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	keyAlgorithm.equalsIgnoreCase("RSASSA-PSS")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	keySize = KeyUtil.getKeySize(signingKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	keySize = Integer.MAX_VALUE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	for (SignatureScheme ss : schemes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	if (ss.isAvailable && (keySize >= ss.minimalKeySize) &&
55353 946f7f2d321c 8171279: Support X25519 and X448 in TLS wetmore parents: 54483 diff changeset	459	ss.handshakeSupportedProtocols.contains(version) &&
57718 a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	460	keyAlgorithm.equalsIgnoreCase(ss.keyAlgorithm) &&
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	461	ss.isPermitted(constraints)) {
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	462	if ((ss.namedGroup != null) && (ss.namedGroup.spec ==
a93b7b28f644 8226374: Restrict TLS signature schemes and named groups xuelei parents: 55452 diff changeset	463	NamedGroupSpec.NAMED_GROUP_ECDHE)) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	ECParameterSpec params =
54417 f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	465	x509Possession.getECParameterSpec();
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	466	if (params != null &&
f87041131515 8217610: TLSv1.3 fail with ClassException when EC keys are stored in PKCS11 xuelei parents: 53734 diff changeset	467	ss.namedGroup == NamedGroup.valueOf(params)) {
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	468	Signature signer = ss.getSigner(signingKey);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	469	if (signer != null) {
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	470	return new SimpleImmutableEntry<>(ss, signer);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	471	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	}
55452 1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	473
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	474	if (SSLLogger.isOn &&
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	475	SSLLogger.isOn("ssl,handshake,verbose")) {
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	476	SSLLogger.finest(
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	477	"Ignore the signature algorithm (" + ss +
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	478	"), unsupported EC parameter spec: " + params);
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	479	}
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	480	} else if ("EC".equals(ss.keyAlgorithm)) {
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	481	// Must be a legacy signature algorithm, which does not
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	482	// specify the associated named groups. The connection
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	483	// cannot be established if the peer cannot recognize
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	484	// the named group used for the signature. RFC 8446
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	485	// does not define countermeasures for the corner cases.
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	486	// In order to mitigate the impact, we choose to check
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	487	// against the local supported named groups. The risk
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	488	// should be minimal as applications should not use
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	489	// unsupported named groups for its certificates.
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	490	ECParameterSpec params =
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	491	x509Possession.getECParameterSpec();
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	492	if (params != null) {
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	493	NamedGroup keyGroup = NamedGroup.valueOf(params);
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	494	if (keyGroup != null &&
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	495	SupportedGroups.isSupported(keyGroup)) {
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	496	Signature signer = ss.getSigner(signingKey);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	497	if (signer != null) {
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	498	return new SimpleImmutableEntry<>(ss, signer);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	499	}
55452 1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	500	}
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	501	}
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	502
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	503	if (SSLLogger.isOn &&
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	504	SSLLogger.isOn("ssl,handshake,verbose")) {
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	505	SSLLogger.finest(
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	506	"Ignore the legacy signature algorithm (" + ss +
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	507	"), unsupported EC parameter spec: " + params);
1170b6d92d1c 8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 xuelei parents: 55353 diff changeset	508	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	} else {
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	510	Signature signer = ss.getSigner(signingKey);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	511	if (signer != null) {
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	512	return new SimpleImmutableEntry<>(ss, signer);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	513	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	static String[] getAlgorithmNames(Collection<SignatureScheme> schemes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	if (schemes != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	ArrayList<String> names = new ArrayList<>(schemes.size());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	for (SignatureScheme scheme : schemes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	names.add(scheme.algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	return names.toArray(new String[0]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	return new String[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	534	// This method is used to get the signature instance of this signature
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	535	// scheme for the specific public key. Unlike getSigner(), the exception
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	536	// is bubbled up. If the public key does not support this signature
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	537	// scheme, it normally means the TLS handshaking cannot continue and
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	538	// the connection should be terminated.
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	539	Signature getVerifier(PublicKey publicKey) throws NoSuchAlgorithmException,
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	InvalidAlgorithmParameterException, InvalidKeyException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	if (!isAvailable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	545	Signature verifier = Signature.getInstance(algorithm);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	546	SignatureUtil.initVerifyWithParam(verifier, publicKey,
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	547	(signAlgParams != null ? signAlgParams.parameterSpec : null));
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	548
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	549	return verifier;
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	550	}
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	551
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	552	// This method is also used to choose preferable signature scheme for the
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	553	// specific private key. If the private key does not support the signature
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	554	// scheme, {@code null} is returned, and the caller may fail back to next
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	555	// available signature scheme.
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	556	private Signature getSigner(PrivateKey privateKey) {
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	557	if (!isAvailable) {
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	558	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560
58951 d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	561	try {
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	562	Signature signer = Signature.getInstance(algorithm);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	563	SignatureUtil.initSignWithParam(signer, privateKey,
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	564	(signAlgParams != null ? signAlgParams.parameterSpec : null),
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	565	null);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	566	return signer;
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	567	} catch (NoSuchAlgorithmException \| InvalidKeyException \|
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	568	InvalidAlgorithmParameterException nsae) {
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	569	if (SSLLogger.isOn &&
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	570	SSLLogger.isOn("ssl,handshake,verbose")) {
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	571	SSLLogger.finest(
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	572	"Ignore unsupported signature algorithm (" +
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	573	this.name + ")", nsae);
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	574	}
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	575	}
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	576
d6e682e8fcc3 8223940: Private key not supported by chosen signature algorithm xuelei parents: 57718 diff changeset	577	return null;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	}

author	xuelei
	Thu, 21 Nov 2019 18:42:33 -0800
changeset 59214	e7df7c86eda1
parent 58951	d6e682e8fcc3
permissions	-rw-r--r--