jdk-sandbox: src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java@ec60669bc501 (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.math.BigInteger;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.InvalidKeyException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.security.KeyFactory;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.security.KeyPair;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.security.KeyPairGenerator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.security.NoSuchAlgorithmException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.security.PrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.security.PublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.security.SecureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import java.security.spec.AlgorithmParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import java.security.spec.InvalidKeySpecException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import javax.crypto.KeyAgreement;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import javax.crypto.interfaces.DHPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import javax.crypto.spec.DHParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	import javax.crypto.spec.DHPublicKeySpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	import javax.crypto.spec.SecretKeySpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import javax.net.ssl.SSLHandshakeException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	import sun.security.action.GetPropertyAction;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	import sun.security.ssl.CipherSuite.HashAlg;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53	import sun.security.ssl.X509Authentication.X509Possession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	import sun.security.util.KeyUtil;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	final class DHKeyExchange {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	static final SSLPossessionGenerator poGenerator =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	new DHEPossessionGenerator(false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	static final SSLPossessionGenerator poExportableGenerator =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	new DHEPossessionGenerator(true);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	static final SSLKeyAgreementGenerator kaGenerator =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	new DHEKAGenerator();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63
56858 829e9b5ace08 Patching in old branch apetcher parents: 50768 diff changeset	64	static final class DHECredentials implements SSLKeyAgreementCredentials {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	final DHPublicKey popPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	final NamedGroup namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	DHECredentials(DHPublicKey popPublicKey, NamedGroup namedGroup) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	this.popPublicKey = popPublicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	this.namedGroup = namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72
56858 829e9b5ace08 Patching in old branch apetcher parents: 50768 diff changeset	73	@Override
829e9b5ace08 Patching in old branch apetcher parents: 50768 diff changeset	74	public PublicKey getPublicKey() {
829e9b5ace08 Patching in old branch apetcher parents: 50768 diff changeset	75	return popPublicKey;
829e9b5ace08 Patching in old branch apetcher parents: 50768 diff changeset	76	}
829e9b5ace08 Patching in old branch apetcher parents: 50768 diff changeset	77
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	static DHECredentials valueOf(NamedGroup ng,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	byte[] encodedPublic) throws IOException, GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	if (ng.type != NamedGroupType.NAMED_GROUP_FFDHE) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	"Credentials decoding: Not FFDHE named group");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	if (encodedPublic == null \|\| encodedPublic.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	DHParameterSpec params = (DHParameterSpec)ng.getParameterSpec();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	if (params == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	DHPublicKeySpec spec = new DHPublicKeySpec(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	new BigInteger(1, encodedPublic),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	params.getP(), params.getG());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	DHPublicKey publicKey =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	(DHPublicKey)kf.generatePublic(spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	return new DHECredentials(publicKey, ng);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	static final class DHEPossession implements SSLPossession {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	final PrivateKey privateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	final DHPublicKey publicKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109	final NamedGroup namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	DHEPossession(NamedGroup namedGroup, SecureRandom random) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	KeyPairGenerator kpg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	JsseJce.getKeyPairGenerator("DiffieHellman");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	DHParameterSpec params =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	(DHParameterSpec)namedGroup.getParameterSpec();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117	kpg.initialize(params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	KeyPair kp = generateDHKeyPair(kpg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	if (kp == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	throw new RuntimeException("Could not generate DH keypair");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	privateKey = kp.getPrivate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	publicKey = (DHPublicKey)kp.getPublic();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	"Could not generate DH keypair", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	this.namedGroup = namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	DHEPossession(int keyLength, SecureRandom random) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133	DHParameterSpec params =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	PredefinedDHParameterSpecs.definedParams.get(keyLength);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	KeyPairGenerator kpg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137	JsseJce.getKeyPairGenerator("DiffieHellman");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	if (params != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	kpg.initialize(params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	kpg.initialize(keyLength, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	KeyPair kp = generateDHKeyPair(kpg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	if (kp == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147	"Could not generate DH keypair of " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	keyLength + " bits");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	privateKey = kp.getPrivate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	publicKey = (DHPublicKey)kp.getPublic();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	"Could not generate DH keypair", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157	this.namedGroup = NamedGroup.valueOf(publicKey.getParams());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	DHEPossession(DHECredentials credentials, SecureRandom random) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	KeyPairGenerator kpg =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	JsseJce.getKeyPairGenerator("DiffieHellman");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164	kpg.initialize(credentials.popPublicKey.getParams(), random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	KeyPair kp = generateDHKeyPair(kpg);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	if (kp == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	throw new RuntimeException("Could not generate DH keypair");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	privateKey = kp.getPrivate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	publicKey = (DHPublicKey)kp.getPublic();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173	"Could not generate DH keypair", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176	this.namedGroup = credentials.namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179	// Generate and validate DHPublicKeySpec
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	private KeyPair generateDHKeyPair(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	KeyPairGenerator kpg) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	boolean doExtraValiadtion =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	(!KeyUtil.isOracleJCEProvider(kpg.getProvider().getName()));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184	boolean isRecovering = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	for (int i = 0; i <= 2; i++) { // Try to recover from failure.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	KeyPair kp = kpg.generateKeyPair();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	// validate the Diffie-Hellman public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	if (doExtraValiadtion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189	DHPublicKeySpec spec = getDHPublicKeySpec(kp.getPublic());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	KeyUtil.validate(spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	} catch (InvalidKeyException ivke) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193	if (isRecovering) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	throw ivke;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	// otherwise, ignore the exception and try again
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197	isRecovering = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	return kp;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	private static DHPublicKeySpec getDHPublicKeySpec(PublicKey key) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209	if (key instanceof DHPublicKey) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	DHPublicKey dhKey = (DHPublicKey)key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	DHParameterSpec params = dhKey.getParams();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	return new DHPublicKeySpec(dhKey.getY(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	params.getP(), params.getG());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	KeyFactory factory = JsseJce.getKeyFactory("DiffieHellman");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	return factory.getKeySpec(key, DHPublicKeySpec.class);
56861 3c83db004067 minor code cleanup apetcher parents: 56858 diff changeset	218	} catch (NoSuchAlgorithmException \| InvalidKeySpecException e) {
3c83db004067 minor code cleanup apetcher parents: 56858 diff changeset	219	// unlikely
3c83db004067 minor code cleanup apetcher parents: 56858 diff changeset	220	throw new RuntimeException("Unable to get DHPublicKeySpec", e);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	public byte[] encode() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226	// Note: the DH public value is encoded as a big-endian integer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	// and padded to the left with zeros to the size of p in bytes.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	byte[] encoded = publicKey.getY().toByteArray();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	int pSize = KeyUtil.getKeySize(publicKey);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	if (pSize > 0 && encoded.length < pSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	byte[] buffer = new byte[pSize];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	System.arraycopy(encoded, 0,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	buffer, pSize - encoded.length, encoded.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	encoded = buffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	return encoded;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	private static final class
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	DHEPossessionGenerator implements SSLPossessionGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	// Flag to use smart ephemeral DH key which size matches the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	// corresponding authentication key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	private static final boolean useSmartEphemeralDHKeys;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	// Flag to use legacy ephemeral DH key which size is 512 bits for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	// exportable cipher suites, and 768 bits for others
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	private static final boolean useLegacyEphemeralDHKeys;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251	// The customized ephemeral DH key size for non-exportable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	// cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	private static final int customizedDHKeySize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	// Is it for exportable cipher suite?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	private final boolean exportable;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	static {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	String property = GetPropertyAction.privilegedGetProperty(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	"jdk.tls.ephemeralDHKeySize");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	if (property == null \|\| property.length() == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262	useLegacyEphemeralDHKeys = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	useSmartEphemeralDHKeys = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	customizedDHKeySize = -1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	} else if ("matched".equals(property)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	useLegacyEphemeralDHKeys = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	useSmartEphemeralDHKeys = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	customizedDHKeySize = -1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	} else if ("legacy".equals(property)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	useLegacyEphemeralDHKeys = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	useSmartEphemeralDHKeys = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272	customizedDHKeySize = -1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	useLegacyEphemeralDHKeys = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275	useSmartEphemeralDHKeys = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	// DH parameter generation can be extremely slow, best to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	// use one of the supported pre-computed DH parameters
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	// (see DHCrypt class).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	customizedDHKeySize = Integer.parseUnsignedInt(property);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282	if (customizedDHKeySize < 1024 \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	customizedDHKeySize > 8192 \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	(customizedDHKeySize & 0x3f) != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	throw new IllegalArgumentException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	"Unsupported customized DH key size: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	customizedDHKeySize + ". " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	"The key size must be multiple of 64, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	"and range from 1024 to 8192 (inclusive)");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	} catch (NumberFormatException nfe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	throw new IllegalArgumentException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293	"Invalid system property jdk.tls.ephemeralDHKeySize");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	private DHEPossessionGenerator(boolean exportable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	this.exportable = exportable;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	// Used for ServerKeyExchange, TLS 1.2 and prior versions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	public SSLPossession createPossession(HandshakeContext context) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	NamedGroup preferableNamedGroup = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	if (!useLegacyEphemeralDHKeys &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	(context.clientRequestedNamedGroups != null) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	(!context.clientRequestedNamedGroups.isEmpty())) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	preferableNamedGroup =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311	SupportedGroups.getPreferredGroup(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	context.negotiatedProtocol,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	context.algorithmConstraints,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	NamedGroupType.NAMED_GROUP_FFDHE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	context.clientRequestedNamedGroups);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	if (preferableNamedGroup != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317	return new DHEPossession(preferableNamedGroup,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	context.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	* 768 bits ephemeral DH private keys were used to be used in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	* ServerKeyExchange except that exportable ciphers max out at 512
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325	* bits modulus values. We still adhere to this behavior in legacy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	* mode (system property "jdk.tls.ephemeralDHKeySize" is defined
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	* as "legacy").
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	* Old JDK (JDK 7 and previous) releases don't support DH keys
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	* bigger than 1024 bits. We have to consider the compatibility
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	* requirement. 1024 bits DH key is always used for non-exportable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	* cipher suites in default mode (system property
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	* "jdk.tls.ephemeralDHKeySize" is not defined).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	* However, if applications want more stronger strength, setting
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	* system property "jdk.tls.ephemeralDHKeySize" to "matched"
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	* is a workaround to use ephemeral DH key which size matches the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	* corresponding authentication key. For example, if the public key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	* size of an authentication certificate is 2048 bits, then the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	* ephemeral DH key size should be 2048 bits accordingly unless
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	* the cipher suite is exportable. This key sizing scheme keeps
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	* the cryptographic strength consistent between authentication
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343	* keys and key-exchange keys.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	* Applications may also want to customize the ephemeral DH key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	* size to a fixed length for non-exportable cipher suites. This
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	* can be approached by setting system property
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	* "jdk.tls.ephemeralDHKeySize" to a valid positive integer between
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	* 1024 and 8192 bits, inclusive.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	* Note that the minimum acceptable key size is 1024 bits except
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	* exportable cipher suites or legacy mode.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	* Note that per RFC 2246, the key size limit of DH is 512 bits for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	* exportable cipher suites. Because of the weakness, exportable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356	* cipher suites are deprecated since TLS v1.1 and they are not
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	* enabled by default in Oracle provider. The legacy behavior is
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	* reserved and 512 bits DH key is always used for exportable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	* cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	int keySize = exportable ? 512 : 1024; // default mode
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	if (!exportable) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	if (useLegacyEphemeralDHKeys) { // legacy mode
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	keySize = 768;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	} else if (useSmartEphemeralDHKeys) { // matched mode
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	PrivateKey key = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	ServerHandshakeContext shc =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	(ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	if (shc.interimAuthn instanceof X509Possession) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	key = ((X509Possession)shc.interimAuthn).popPrivateKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	if (key != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	int ks = KeyUtil.getKeySize(key);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	// DH parameter generation can be extremely slow, make
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	// sure to use one of the supported pre-computed DH
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	// parameters.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	// Old deployed applications may not be ready to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	// support DH key sizes bigger than 2048 bits. Please
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	// DON'T use value other than 1024 and 2048 at present.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	// May improve the underlying providers and key size
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	// limit in the future when the compatibility and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	// interoperability impact is limited.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	keySize = ks <= 1024 ? 1024 : 2048;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	} // Otherwise, anonymous cipher suites, 1024-bit is used.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	} else if (customizedDHKeySize > 0) { // customized mode
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	keySize = customizedDHKeySize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	return new DHEPossession(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	keySize, context.sslContext.getSecureRandom());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399	class DHEKAGenerator implements SSLKeyAgreementGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	static private DHEKAGenerator instance = new DHEKAGenerator();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	private DHEKAGenerator() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408	public SSLKeyDerivation createKeyDerivation(
56864 ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	409	HandshakeContext context) throws IOException {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	DHEPossession dhePossession = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	DHECredentials dheCredentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	for (SSLPossession poss : context.handshakePossessions) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413	if (!(poss instanceof DHEPossession)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416
56864 ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	417	DHEPossession dhep = (DHEPossession) poss;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	for (SSLCredentials cred : context.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419	if (!(cred instanceof DHECredentials)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	}
56864 ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	422	DHECredentials dhec = (DHECredentials) cred;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423	if (dhep.namedGroup != null && dhec.namedGroup != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	if (dhep.namedGroup.equals(dhec.namedGroup)) {
56864 ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	425	dheCredentials = (DHECredentials) cred;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	DHParameterSpec pps = dhep.publicKey.getParams();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	DHParameterSpec cps = dhec.popPublicKey.getParams();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	if (pps.getP().equals(cps.getP()) &&
56864 ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	432	pps.getG().equals(cps.getG())) {
ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	433	dheCredentials = (DHECredentials) cred;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	if (dheCredentials != null) {
56864 ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	440	dhePossession = (DHEPossession) poss;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	if (dhePossession == null \|\| dheCredentials == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56864 ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	447	"No sufficient DHE key agreement parameters negotiated");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449
56864 ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	450	return new KAKeyDerivation("DiffieHellman", context,
ec60669bc501 Factoring out some duplicate code. apetcher parents: 56861 diff changeset	451	dhePossession.privateKey, dheCredentials.popPublicKey);
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454	}

author	apetcher
	Mon, 20 Aug 2018 13:16:49 -0400
branch	JDK-8171279-XDH-TLS-branch-2
changeset 56864	ec60669bc501
parent 56861	3c83db004067
child 56876	ea6498b870e9
permissions	-rw-r--r--