188 break; |
188 break; |
189 } |
189 } |
190 } |
190 } |
191 |
191 |
192 if (x509Credentials == null) { |
192 if (x509Credentials == null) { |
193 chc.conContext.fatal(Alert.INTERNAL_ERROR, |
193 throw chc.conContext.fatal(Alert.INTERNAL_ERROR, |
194 "No server certificate for ECDH client key exchange"); |
194 "No server certificate for ECDH client key exchange"); |
195 } |
195 } |
196 |
196 |
197 PublicKey publicKey = x509Credentials.popPublicKey; |
197 PublicKey publicKey = x509Credentials.popPublicKey; |
198 if (!publicKey.getAlgorithm().equals("EC")) { |
198 if (!publicKey.getAlgorithm().equals("EC")) { |
199 chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
199 throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
200 "Not EC server certificate for ECDH client key exchange"); |
200 "Not EC server certificate for ECDH client key exchange"); |
201 } |
201 } |
202 |
202 |
203 ECParameterSpec params = ((ECPublicKey)publicKey).getParams(); |
203 ECParameterSpec params = ((ECPublicKey)publicKey).getParams(); |
204 NamedGroup namedGroup = NamedGroup.valueOf(params); |
204 NamedGroup namedGroup = NamedGroup.valueOf(params); |
205 if (namedGroup == null) { |
205 if (namedGroup == null) { |
206 chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
206 throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
207 "Unsupported EC server cert for ECDH client key exchange"); |
207 "Unsupported EC server cert for ECDH client key exchange"); |
208 } |
208 } |
209 |
209 |
210 ECDHEPossession ecdhePossession = new ECDHEPossession( |
210 ECDHEPossession ecdhePossession = new ECDHEPossession( |
211 namedGroup, chc.sslContext.getSecureRandom()); |
211 namedGroup, chc.sslContext.getSecureRandom()); |
226 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
226 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
227 chc.negotiatedCipherSuite.keyExchange, |
227 chc.negotiatedCipherSuite.keyExchange, |
228 chc.negotiatedProtocol); |
228 chc.negotiatedProtocol); |
229 if (ke == null) { |
229 if (ke == null) { |
230 // unlikely |
230 // unlikely |
231 chc.conContext.fatal(Alert.INTERNAL_ERROR, |
231 throw chc.conContext.fatal(Alert.INTERNAL_ERROR, |
232 "Not supported key exchange type"); |
232 "Not supported key exchange type"); |
233 } else { |
233 } else { |
234 SSLKeyDerivation masterKD = ke.createKeyDerivation(chc); |
234 SSLKeyDerivation masterKD = ke.createKeyDerivation(chc); |
235 SecretKey masterSecret = |
235 SecretKey masterSecret = |
236 masterKD.deriveKey("MasterSecret", null); |
236 masterKD.deriveKey("MasterSecret", null); |
238 |
238 |
239 SSLTrafficKeyDerivation kd = |
239 SSLTrafficKeyDerivation kd = |
240 SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol); |
240 SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol); |
241 if (kd == null) { |
241 if (kd == null) { |
242 // unlikely |
242 // unlikely |
243 chc.conContext.fatal(Alert.INTERNAL_ERROR, |
243 throw chc.conContext.fatal(Alert.INTERNAL_ERROR, |
244 "Not supported key derivation: " + |
244 "Not supported key derivation: " + |
245 chc.negotiatedProtocol); |
245 chc.negotiatedProtocol); |
246 } else { |
246 } else { |
247 chc.handshakeKeyDerivation = |
247 chc.handshakeKeyDerivation = |
248 kd.createKeyDerivation(chc, masterSecret); |
248 kd.createKeyDerivation(chc, masterSecret); |
278 } |
278 } |
279 } |
279 } |
280 |
280 |
281 if (x509Possession == null) { |
281 if (x509Possession == null) { |
282 // unlikely, have been checked during cipher suite negotiation. |
282 // unlikely, have been checked during cipher suite negotiation. |
283 shc.conContext.fatal(Alert.INTERNAL_ERROR, |
283 throw shc.conContext.fatal(Alert.INTERNAL_ERROR, |
284 "No expected EC server cert for ECDH client key exchange"); |
284 "No expected EC server cert for ECDH client key exchange"); |
285 return; // make the compiler happy |
|
286 } |
285 } |
287 |
286 |
288 PrivateKey privateKey = x509Possession.popPrivateKey; |
287 PrivateKey privateKey = x509Possession.popPrivateKey; |
289 if (!privateKey.getAlgorithm().equals("EC")) { |
288 if (!privateKey.getAlgorithm().equals("EC")) { |
290 // unlikely, have been checked during cipher suite negotiation. |
289 // unlikely, have been checked during cipher suite negotiation. |
291 shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
290 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
292 "Not EC server cert for ECDH client key exchange"); |
291 "Not EC server cert for ECDH client key exchange"); |
293 } |
292 } |
294 |
293 |
295 ECParameterSpec params = ((ECPrivateKey)privateKey).getParams(); |
294 ECParameterSpec params = ((ECPrivateKey)privateKey).getParams(); |
296 NamedGroup namedGroup = NamedGroup.valueOf(params); |
295 NamedGroup namedGroup = NamedGroup.valueOf(params); |
297 if (namedGroup == null) { |
296 if (namedGroup == null) { |
298 // unlikely, have been checked during cipher suite negotiation. |
297 // unlikely, have been checked during cipher suite negotiation. |
299 shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
298 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
300 "Unsupported EC server cert for ECDH client key exchange"); |
299 "Unsupported EC server cert for ECDH client key exchange"); |
301 } |
300 } |
302 |
301 |
303 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
302 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
304 shc.negotiatedCipherSuite.keyExchange, |
303 shc.negotiatedCipherSuite.keyExchange, |
305 shc.negotiatedProtocol); |
304 shc.negotiatedProtocol); |
306 if (ke == null) { |
305 if (ke == null) { |
307 // unlikely |
306 // unlikely |
308 shc.conContext.fatal(Alert.INTERNAL_ERROR, |
307 throw shc.conContext.fatal(Alert.INTERNAL_ERROR, |
309 "Not supported key exchange type"); |
308 "Not supported key exchange type"); |
310 return; // make the compiler happy |
|
311 } |
309 } |
312 |
310 |
313 // parse the handshake message |
311 // parse the handshake message |
314 ECDHClientKeyExchangeMessage cke = |
312 ECDHClientKeyExchangeMessage cke = |
315 new ECDHClientKeyExchangeMessage(shc, message); |
313 new ECDHClientKeyExchangeMessage(shc, message); |
351 |
349 |
352 SSLTrafficKeyDerivation kd = |
350 SSLTrafficKeyDerivation kd = |
353 SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol); |
351 SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol); |
354 if (kd == null) { |
352 if (kd == null) { |
355 // unlikely |
353 // unlikely |
356 shc.conContext.fatal(Alert.INTERNAL_ERROR, |
354 throw shc.conContext.fatal(Alert.INTERNAL_ERROR, |
357 "Not supported key derivation: " + shc.negotiatedProtocol); |
355 "Not supported key derivation: " + shc.negotiatedProtocol); |
358 } else { |
356 } else { |
359 shc.handshakeKeyDerivation = |
357 shc.handshakeKeyDerivation = |
360 kd.createKeyDerivation(shc, masterSecret); |
358 kd.createKeyDerivation(shc, masterSecret); |
361 } |
359 } |
385 break; |
383 break; |
386 } |
384 } |
387 } |
385 } |
388 |
386 |
389 if (ecdheCredentials == null) { |
387 if (ecdheCredentials == null) { |
390 chc.conContext.fatal(Alert.INTERNAL_ERROR, |
388 throw chc.conContext.fatal(Alert.INTERNAL_ERROR, |
391 "No ECDHE credentials negotiated for client key exchange"); |
389 "No ECDHE credentials negotiated for client key exchange"); |
392 } |
390 } |
393 |
391 |
394 ECDHEPossession ecdhePossession = new ECDHEPossession( |
392 ECDHEPossession ecdhePossession = new ECDHEPossession( |
395 ecdheCredentials, chc.sslContext.getSecureRandom()); |
393 ecdheCredentials, chc.sslContext.getSecureRandom()); |
410 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
408 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
411 chc.negotiatedCipherSuite.keyExchange, |
409 chc.negotiatedCipherSuite.keyExchange, |
412 chc.negotiatedProtocol); |
410 chc.negotiatedProtocol); |
413 if (ke == null) { |
411 if (ke == null) { |
414 // unlikely |
412 // unlikely |
415 chc.conContext.fatal(Alert.INTERNAL_ERROR, |
413 throw chc.conContext.fatal(Alert.INTERNAL_ERROR, |
416 "Not supported key exchange type"); |
414 "Not supported key exchange type"); |
417 } else { |
415 } else { |
418 SSLKeyDerivation masterKD = ke.createKeyDerivation(chc); |
416 SSLKeyDerivation masterKD = ke.createKeyDerivation(chc); |
419 SecretKey masterSecret = |
417 SecretKey masterSecret = |
420 masterKD.deriveKey("MasterSecret", null); |
418 masterKD.deriveKey("MasterSecret", null); |
422 |
420 |
423 SSLTrafficKeyDerivation kd = |
421 SSLTrafficKeyDerivation kd = |
424 SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol); |
422 SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol); |
425 if (kd == null) { |
423 if (kd == null) { |
426 // unlikely |
424 // unlikely |
427 chc.conContext.fatal(Alert.INTERNAL_ERROR, |
425 throw chc.conContext.fatal(Alert.INTERNAL_ERROR, |
428 "Not supported key derivation: " + |
426 "Not supported key derivation: " + |
429 chc.negotiatedProtocol); |
427 chc.negotiatedProtocol); |
430 } else { |
428 } else { |
431 chc.handshakeKeyDerivation = |
429 chc.handshakeKeyDerivation = |
432 kd.createKeyDerivation(chc, masterSecret); |
430 kd.createKeyDerivation(chc, masterSecret); |
461 break; |
459 break; |
462 } |
460 } |
463 } |
461 } |
464 if (ecdhePossession == null) { |
462 if (ecdhePossession == null) { |
465 // unlikely |
463 // unlikely |
466 shc.conContext.fatal(Alert.INTERNAL_ERROR, |
464 throw shc.conContext.fatal(Alert.INTERNAL_ERROR, |
467 "No expected ECDHE possessions for client key exchange"); |
465 "No expected ECDHE possessions for client key exchange"); |
468 return; // make the compiler happy |
|
469 } |
466 } |
470 |
467 |
471 ECParameterSpec params = ecdhePossession.publicKey.getParams(); |
468 ECParameterSpec params = ecdhePossession.publicKey.getParams(); |
472 NamedGroup namedGroup = NamedGroup.valueOf(params); |
469 NamedGroup namedGroup = NamedGroup.valueOf(params); |
473 if (namedGroup == null) { |
470 if (namedGroup == null) { |
474 // unlikely, have been checked during cipher suite negotiation. |
471 // unlikely, have been checked during cipher suite negotiation. |
475 shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
472 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, |
476 "Unsupported EC server cert for ECDHE client key exchange"); |
473 "Unsupported EC server cert for ECDHE client key exchange"); |
477 } |
474 } |
478 |
475 |
479 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
476 SSLKeyExchange ke = SSLKeyExchange.valueOf( |
480 shc.negotiatedCipherSuite.keyExchange, |
477 shc.negotiatedCipherSuite.keyExchange, |
481 shc.negotiatedProtocol); |
478 shc.negotiatedProtocol); |
482 if (ke == null) { |
479 if (ke == null) { |
483 // unlikely |
480 // unlikely |
484 shc.conContext.fatal(Alert.INTERNAL_ERROR, |
481 throw shc.conContext.fatal(Alert.INTERNAL_ERROR, |
485 "Not supported key exchange type"); |
482 "Not supported key exchange type"); |
486 return; // make the compiler happy |
|
487 } |
483 } |
488 |
484 |
489 // parse the handshake message |
485 // parse the handshake message |
490 ECDHClientKeyExchangeMessage cke = |
486 ECDHClientKeyExchangeMessage cke = |
491 new ECDHClientKeyExchangeMessage(shc, message); |
487 new ECDHClientKeyExchangeMessage(shc, message); |
527 |
523 |
528 SSLTrafficKeyDerivation kd = |
524 SSLTrafficKeyDerivation kd = |
529 SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol); |
525 SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol); |
530 if (kd == null) { |
526 if (kd == null) { |
531 // unlikely |
527 // unlikely |
532 shc.conContext.fatal(Alert.INTERNAL_ERROR, |
528 throw shc.conContext.fatal(Alert.INTERNAL_ERROR, |
533 "Not supported key derivation: " + shc.negotiatedProtocol); |
529 "Not supported key derivation: " + shc.negotiatedProtocol); |
534 } else { |
530 } else { |
535 shc.handshakeKeyDerivation = |
531 shc.handshakeKeyDerivation = |
536 kd.createKeyDerivation(shc, masterSecret); |
532 kd.createKeyDerivation(shc, masterSecret); |
537 } |
533 } |