jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java@f103e0c2be1e (annotated)

56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	4	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	10	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	15	* accompanied this code).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	16	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	20	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	23	* questions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	24	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	25
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	26	package sun.security.ssl;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	27
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	28	import java.io.IOException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	29	import java.security.AlgorithmConstraints;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	30	import java.security.CryptoPrimitive;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	31	import java.security.GeneralSecurityException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	32	import java.security.KeyFactory;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	33	import java.security.KeyPair;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	34	import java.security.KeyPairGenerator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	35	import java.security.PrivateKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	36	import java.security.PublicKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	37	import java.security.SecureRandom;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	38	import java.security.interfaces.ECPrivateKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	39	import java.security.interfaces.ECPublicKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	40	import java.security.spec.AlgorithmParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	41	import java.security.spec.ECGenParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	42	import java.security.spec.ECParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	43	import java.security.spec.ECPoint;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	44	import java.security.spec.ECPublicKeySpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	45	import java.util.EnumSet;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	46	import javax.crypto.KeyAgreement;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	47	import javax.crypto.SecretKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	48	import javax.crypto.spec.SecretKeySpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	49	import javax.net.ssl.SSLHandshakeException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	50	import sun.security.ssl.CipherSuite.HashAlg;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	51	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	52	import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	53	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	54	import sun.security.ssl.X509Authentication.X509Credentials;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	55	import sun.security.ssl.X509Authentication.X509Possession;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	56	import sun.security.util.ECUtil;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	57
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	58	final class ECDHKeyExchange {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	59	static final SSLPossessionGenerator poGenerator =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	60	new ECDHEPossessionGenerator();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	61	static final SSLKeyAgreementGenerator ecdheKAGenerator =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	62	new ECDHEKAGenerator();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	63	static final SSLKeyAgreementGenerator ecdhKAGenerator =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	64	new ECDHKAGenerator();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	65
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	66	static final class ECDHECredentials implements SSLCredentials {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	67	final ECPublicKey popPublicKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	68	final NamedGroup namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	69
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	70	ECDHECredentials(ECPublicKey popPublicKey, NamedGroup namedGroup) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	71	this.popPublicKey = popPublicKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	72	this.namedGroup = namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	73	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	74
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	75	static ECDHECredentials valueOf(NamedGroup namedGroup,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	76	byte[] encodedPoint) throws IOException, GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	77
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	78	if (namedGroup.type != NamedGroupType.NAMED_GROUP_ECDHE) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	79	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	80	"Credentials decoding: Not ECDHE named group");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	81	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	82
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	83	if (encodedPoint == null \|\| encodedPoint.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	84	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	85	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	86
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	87	ECParameterSpec parameters =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	88	JsseJce.getECParameterSpec(namedGroup.oid);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	89	if (parameters == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	90	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	91	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	92
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	93	ECPoint point = JsseJce.decodePoint(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	94	encodedPoint, parameters.getCurve());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	95	KeyFactory factory = JsseJce.getKeyFactory("EC");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	96	ECPublicKey publicKey = (ECPublicKey)factory.generatePublic(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	97	new ECPublicKeySpec(point, parameters));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	98	return new ECDHECredentials(publicKey, namedGroup);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	99	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	100	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	101
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	102	static final class ECDHEPossession implements SSLPossession {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	103	final PrivateKey privateKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	104	final ECPublicKey publicKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	105	final NamedGroup namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	106
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	107	ECDHEPossession(NamedGroup namedGroup, SecureRandom random) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	108	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	109	KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("EC");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	110	ECGenParameterSpec params =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	111	(ECGenParameterSpec)namedGroup.getParameterSpec();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	112	kpg.initialize(params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	113	KeyPair kp = kpg.generateKeyPair();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	114	privateKey = kp.getPrivate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	115	publicKey = (ECPublicKey)kp.getPublic();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	116	} catch (GeneralSecurityException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	117	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	118	"Could not generate ECDH keypair", e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	119	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	120
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	121	this.namedGroup = namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	122	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	123
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	124	ECDHEPossession(ECDHECredentials credentials, SecureRandom random) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	125	ECParameterSpec params = credentials.popPublicKey.getParams();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	126	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	127	KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("EC");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	128	kpg.initialize(params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	129	KeyPair kp = kpg.generateKeyPair();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	130	privateKey = kp.getPrivate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	131	publicKey = (ECPublicKey)kp.getPublic();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	132	} catch (GeneralSecurityException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	133	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	134	"Could not generate ECDH keypair", e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	135	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	136
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	137	this.namedGroup = credentials.namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	138	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	139
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	140	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	141	public byte[] encode() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	142	return ECUtil.encodePoint(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	143	publicKey.getW(), publicKey.getParams().getCurve());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	144	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	145
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	146	// called by ClientHandshaker with either the server's static or
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	147	// ephemeral public key
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	148	SecretKey getAgreedSecret(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	149	PublicKey peerPublicKey) throws SSLHandshakeException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	150
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	151	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	152	KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	153	ka.init(privateKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	154	ka.doPhase(peerPublicKey, true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	155	return ka.generateSecret("TlsPremasterSecret");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	156	} catch (GeneralSecurityException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	157	throw (SSLHandshakeException) new SSLHandshakeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	158	"Could not generate secret").initCause(e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	159	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	160	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	161
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	162	// called by ServerHandshaker
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	163	SecretKey getAgreedSecret(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	164	byte[] encodedPoint) throws SSLHandshakeException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	165	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	166	ECParameterSpec params = publicKey.getParams();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	167	ECPoint point =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	168	JsseJce.decodePoint(encodedPoint, params.getCurve());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	169	KeyFactory kf = JsseJce.getKeyFactory("EC");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	170	ECPublicKeySpec spec = new ECPublicKeySpec(point, params);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	171	PublicKey peerPublicKey = kf.generatePublic(spec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	172	return getAgreedSecret(peerPublicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	173	} catch (GeneralSecurityException \| java.io.IOException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	174	throw (SSLHandshakeException) new SSLHandshakeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	175	"Could not generate secret").initCause(e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	176	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	177	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	178
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	179	// Check constraints of the specified EC public key.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	180	void checkConstraints(AlgorithmConstraints constraints,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	181	byte[] encodedPoint) throws SSLHandshakeException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	182	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	183
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	184	ECParameterSpec params = publicKey.getParams();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	185	ECPoint point =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	186	JsseJce.decodePoint(encodedPoint, params.getCurve());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	187	ECPublicKeySpec spec = new ECPublicKeySpec(point, params);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	188
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	189	KeyFactory kf = JsseJce.getKeyFactory("EC");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	190	ECPublicKey pubKey = (ECPublicKey)kf.generatePublic(spec);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	191
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	192	// check constraints of ECPublicKey
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	193	if (!constraints.permits(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	194	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), pubKey)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	195	throw new SSLHandshakeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	196	"ECPublicKey does not comply to algorithm constraints");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	197	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	198	} catch (GeneralSecurityException \| java.io.IOException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	199	throw (SSLHandshakeException) new SSLHandshakeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	200	"Could not generate ECPublicKey").initCause(e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	201	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	202	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	203	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	204
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	205	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	206	class ECDHEPossessionGenerator implements SSLPossessionGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	207	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	208	private ECDHEPossessionGenerator() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	209	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	210	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	211
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	212	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	213	public SSLPossession createPossession(HandshakeContext context) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	214	NamedGroup preferableNamedGroup = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	215	if ((context.clientRequestedNamedGroups != null) &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	216	(!context.clientRequestedNamedGroups.isEmpty())) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	217	preferableNamedGroup = SupportedGroups.getPreferredGroup(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	218	context.negotiatedProtocol,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	219	context.algorithmConstraints,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	220	NamedGroupType.NAMED_GROUP_ECDHE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	221	context.clientRequestedNamedGroups);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	222	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	223	preferableNamedGroup = SupportedGroups.getPreferredGroup(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	224	context.negotiatedProtocol,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	225	context.algorithmConstraints,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	226	NamedGroupType.NAMED_GROUP_ECDHE);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	227	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	228
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	229	if (preferableNamedGroup != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	230	return new ECDHEPossession(preferableNamedGroup,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	231	context.sslContext.getSecureRandom());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	232	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	233
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	234	// no match found, cannot use this cipher suite.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	235	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	236	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	237	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	238	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	239
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	240	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	241	class ECDHKAGenerator implements SSLKeyAgreementGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	242	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	243	private ECDHKAGenerator() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	244	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	245	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	246
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	247	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	248	public SSLKeyDerivation createKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	249	HandshakeContext context) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	250	if (context instanceof ServerHandshakeContext) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	251	return createServerKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	252	(ServerHandshakeContext)context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	253	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	254	return createClientKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	255	(ClientHandshakeContext)context);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	256	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	257	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	258
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	259	private SSLKeyDerivation createServerKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	260	ServerHandshakeContext shc) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	261	X509Possession x509Possession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	262	ECDHECredentials ecdheCredentials = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	263	for (SSLPossession poss : shc.handshakePossessions) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	264	if (!(poss instanceof X509Possession)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	265	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	266	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	267
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	268	PrivateKey privateKey = ((X509Possession)poss).popPrivateKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	269	if (!privateKey.getAlgorithm().equals("EC")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	270	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	271	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	272
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	273	ECParameterSpec params = ((ECPrivateKey)privateKey).getParams();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	274	NamedGroup ng = NamedGroup.valueOf(params);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	275	if (ng == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	276	// unlikely, have been checked during cipher suite negotiation.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	277	shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	278	"Unsupported EC server cert for ECDH key exchange");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	279	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	280
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	281	for (SSLCredentials cred : shc.handshakeCredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	282	if (!(cred instanceof ECDHECredentials)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	283	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	284	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	285	if (ng.equals(((ECDHECredentials)cred).namedGroup)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	286	ecdheCredentials = (ECDHECredentials)cred;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	287	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	288	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	289	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	290
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	291	if (ecdheCredentials != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	292	x509Possession = (X509Possession)poss;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	293	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	294	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	295	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	296
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	297	if (x509Possession == null \|\| ecdheCredentials == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	298	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	299	"No sufficient ECDHE key agreement parameters negotiated");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	300	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	301
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	302	return new ECDHEKAKeyDerivation(shc,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	303	x509Possession.popPrivateKey, ecdheCredentials.popPublicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	304	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	305
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	306	private SSLKeyDerivation createClientKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	307	ClientHandshakeContext chc) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	308	ECDHEPossession ecdhePossession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	309	X509Credentials x509Credentials = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	310	for (SSLPossession poss : chc.handshakePossessions) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	311	if (!(poss instanceof ECDHEPossession)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	312	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	313	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	314
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	315	NamedGroup ng = ((ECDHEPossession)poss).namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	316	for (SSLCredentials cred : chc.handshakeCredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	317	if (!(cred instanceof X509Credentials)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	318	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	319	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	320
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	321	PublicKey publicKey = ((X509Credentials)cred).popPublicKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	322	if (!publicKey.getAlgorithm().equals("EC")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	323	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	324	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	325	ECParameterSpec params =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	326	((ECPublicKey)publicKey).getParams();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	327	NamedGroup namedGroup = NamedGroup.valueOf(params);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	328	if (namedGroup == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	329	// unlikely, should have been checked previously
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	330	chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	331	"Unsupported EC server cert for ECDH key exchange");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	332	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	333
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	334	if (ng.equals(namedGroup)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	335	x509Credentials = (X509Credentials)cred;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	336	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	337	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	338	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	339
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	340	if (x509Credentials != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	341	ecdhePossession = (ECDHEPossession)poss;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	342	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	343	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	344	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	345
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	346	if (ecdhePossession == null \|\| x509Credentials == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	347	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	348	"No sufficient ECDH key agreement parameters negotiated");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	349	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	350
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	351	return new ECDHEKAKeyDerivation(chc,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	352	ecdhePossession.privateKey, x509Credentials.popPublicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	353	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	354	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	355
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	356	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	357	class ECDHEKAGenerator implements SSLKeyAgreementGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	358	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	359	private ECDHEKAGenerator() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	360	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	361	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	362
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	363	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	364	public SSLKeyDerivation createKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	365	HandshakeContext context) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	366	ECDHEPossession ecdhePossession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	367	ECDHECredentials ecdheCredentials = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	368	for (SSLPossession poss : context.handshakePossessions) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	369	if (!(poss instanceof ECDHEPossession)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	370	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	371	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	372
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	373	NamedGroup ng = ((ECDHEPossession)poss).namedGroup;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	374	for (SSLCredentials cred : context.handshakeCredentials) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	375	if (!(cred instanceof ECDHECredentials)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	376	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	377	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	378	if (ng.equals(((ECDHECredentials)cred).namedGroup)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	379	ecdheCredentials = (ECDHECredentials)cred;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	380	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	381	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	382	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	383
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	384	if (ecdheCredentials != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	385	ecdhePossession = (ECDHEPossession)poss;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	386	break;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	387	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	388	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	389
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	390	if (ecdhePossession == null \|\| ecdheCredentials == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	391	context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	392	"No sufficient ECDHE key agreement parameters negotiated");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	393	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	394
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	395	return new ECDHEKAKeyDerivation(context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	396	ecdhePossession.privateKey, ecdheCredentials.popPublicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	397	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	398	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	399
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	400	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	401	class ECDHEKAKeyDerivation implements SSLKeyDerivation {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	402	private final HandshakeContext context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	403	private final PrivateKey localPrivateKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	404	private final PublicKey peerPublicKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	405
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	406	ECDHEKAKeyDerivation(HandshakeContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	407	PrivateKey localPrivateKey,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	408	PublicKey peerPublicKey) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	409	this.context = context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	410	this.localPrivateKey = localPrivateKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	411	this.peerPublicKey = peerPublicKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	412	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	413
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	414	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	415	public SecretKey deriveKey(String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	416	AlgorithmParameterSpec params) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	417	if (!context.negotiatedProtocol.useTLS13PlusSpec()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	418	return t12DeriveKey(algorithm, params);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	419	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	420	return t13DeriveKey(algorithm, params);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	421	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	422	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	423
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	424	private SecretKey t12DeriveKey(String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	425	AlgorithmParameterSpec params) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	426	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	427	KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	428	ka.init(localPrivateKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	429	ka.doPhase(peerPublicKey, true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	430	SecretKey preMasterSecret =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	431	ka.generateSecret("TlsPremasterSecret");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	432
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	433	SSLMasterKeyDerivation mskd =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	434	SSLMasterKeyDerivation.valueOf(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	435	context.negotiatedProtocol);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	436	SSLKeyDerivation kd = mskd.createKeyDerivation(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	437	context, preMasterSecret);
56603 f103e0c2be1e remove TODO tags if no need any more xuelei parents: 56542 diff changeset	438	return kd.deriveKey("MasterSecret", params);
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	439	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	440	throw (SSLHandshakeException) new SSLHandshakeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	441	"Could not generate secret").initCause(gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	442	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	443	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	444
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	445	private SecretKey t13DeriveKey(String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	446	AlgorithmParameterSpec params) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	447	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	448	KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	449	ka.init(localPrivateKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	450	ka.doPhase(peerPublicKey, true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	451	SecretKey sharedSecret =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	452	ka.generateSecret("TlsPremasterSecret");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	453
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	454	HashAlg hashAlg = context.negotiatedCipherSuite.hashAlg;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	455	SSLKeyDerivation kd = context.handshakeKeyDerivation;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	456	HKDF hkdf = new HKDF(hashAlg.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	457	if (kd == null) { // No PSK is in use.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	458	// If PSK is not in use Early Secret will still be
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	459	// HKDF-Extract(0, 0).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	460	byte[] zeros = new byte[hashAlg.hashLength];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	461	SecretKeySpec ikm =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	462	new SecretKeySpec(zeros, "TlsPreSharedSecret");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	463	SecretKey earlySecret =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	464	hkdf.extract(zeros, ikm, "TlsEarlySecret");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	465	kd = new SSLSecretDerivation(context, earlySecret);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	466	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	467
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	468	// derive salt secret
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	469	SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	470
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	471	// derive handshake secret
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	472	return hkdf.extract(saltSecret, sharedSecret, algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	473	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	474	throw (SSLHandshakeException) new SSLHandshakeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	475	"Could not generate secret").initCause(gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	476	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	477	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	478	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	479	}

author	xuelei
	Thu, 24 May 2018 09:21:01 -0700
branch	JDK-8145252-TLS13-branch
changeset 56603	f103e0c2be1e
parent 56542	56aaa6cb3693
child 56794	1cc2f6afa943
permissions	-rw-r--r--