1 /* |
1 /* |
2 * copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
692 ProtocolVersion protocolVersion; |
692 ProtocolVersion protocolVersion; |
693 |
693 |
694 // the preferable signature algorithm used by this ServerKeyExchange message |
694 // the preferable signature algorithm used by this ServerKeyExchange message |
695 private SignatureAndHashAlgorithm preferableSignatureAlgorithm; |
695 private SignatureAndHashAlgorithm preferableSignatureAlgorithm; |
696 |
696 |
697 /* Return the Diffie-Hellman modulus */ |
|
698 BigInteger getModulus() { |
|
699 return new BigInteger(1, dh_p); |
|
700 } |
|
701 |
|
702 /* Return the Diffie-Hellman base/generator */ |
|
703 BigInteger getBase() { |
|
704 return new BigInteger(1, dh_g); |
|
705 } |
|
706 |
|
707 /* Return the server's Diffie-Hellman public key */ |
|
708 BigInteger getServerPublicKey() { |
|
709 return new BigInteger(1, dh_Ys); |
|
710 } |
|
711 |
|
712 /* |
|
713 * Update sig with nonces and Diffie-Hellman public key. |
|
714 */ |
|
715 private void updateSignature(Signature sig, byte clntNonce[], |
|
716 byte svrNonce[]) throws SignatureException { |
|
717 int tmp; |
|
718 |
|
719 sig.update(clntNonce); |
|
720 sig.update(svrNonce); |
|
721 |
|
722 tmp = dh_p.length; |
|
723 sig.update((byte)(tmp >> 8)); |
|
724 sig.update((byte)(tmp & 0x0ff)); |
|
725 sig.update(dh_p); |
|
726 |
|
727 tmp = dh_g.length; |
|
728 sig.update((byte)(tmp >> 8)); |
|
729 sig.update((byte)(tmp & 0x0ff)); |
|
730 sig.update(dh_g); |
|
731 |
|
732 tmp = dh_Ys.length; |
|
733 sig.update((byte)(tmp >> 8)); |
|
734 sig.update((byte)(tmp & 0x0ff)); |
|
735 sig.update(dh_Ys); |
|
736 } |
|
737 |
|
738 /* |
697 /* |
739 * Construct from initialized DH key object, for DH_anon |
698 * Construct from initialized DH key object, for DH_anon |
740 * key exchange. |
699 * key exchange. |
741 */ |
700 */ |
742 DH_ServerKeyExchange(DHCrypt obj, ProtocolVersion protocolVersion) { |
701 DH_ServerKeyExchange(DHCrypt obj, ProtocolVersion protocolVersion) { |
775 } |
734 } |
776 |
735 |
777 sig.initSign(key, sr); |
736 sig.initSign(key, sr); |
778 updateSignature(sig, clntNonce, svrNonce); |
737 updateSignature(sig, clntNonce, svrNonce); |
779 signature = sig.sign(); |
738 signature = sig.sign(); |
780 } |
|
781 |
|
782 private void setValues(DHCrypt obj) { |
|
783 dh_p = toByteArray(obj.getModulus()); |
|
784 dh_g = toByteArray(obj.getBase()); |
|
785 dh_Ys = toByteArray(obj.getPublicKey()); |
|
786 } |
739 } |
787 |
740 |
788 /* |
741 /* |
789 * Construct a DH_ServerKeyExchange message from an input |
742 * Construct a DH_ServerKeyExchange message from an input |
790 * stream, as if sent from server to client for use with |
743 * stream, as if sent from server to client for use with |
873 if (sig.verify(signature) == false ) { |
826 if (sig.verify(signature) == false ) { |
874 throw new SSLKeyException("Server D-H key verification failed"); |
827 throw new SSLKeyException("Server D-H key verification failed"); |
875 } |
828 } |
876 } |
829 } |
877 |
830 |
|
831 /* Return the Diffie-Hellman modulus */ |
|
832 BigInteger getModulus() { |
|
833 return new BigInteger(1, dh_p); |
|
834 } |
|
835 |
|
836 /* Return the Diffie-Hellman base/generator */ |
|
837 BigInteger getBase() { |
|
838 return new BigInteger(1, dh_g); |
|
839 } |
|
840 |
|
841 /* Return the server's Diffie-Hellman public key */ |
|
842 BigInteger getServerPublicKey() { |
|
843 return new BigInteger(1, dh_Ys); |
|
844 } |
|
845 |
|
846 /* |
|
847 * Update sig with nonces and Diffie-Hellman public key. |
|
848 */ |
|
849 private void updateSignature(Signature sig, byte clntNonce[], |
|
850 byte svrNonce[]) throws SignatureException { |
|
851 int tmp; |
|
852 |
|
853 sig.update(clntNonce); |
|
854 sig.update(svrNonce); |
|
855 |
|
856 tmp = dh_p.length; |
|
857 sig.update((byte)(tmp >> 8)); |
|
858 sig.update((byte)(tmp & 0x0ff)); |
|
859 sig.update(dh_p); |
|
860 |
|
861 tmp = dh_g.length; |
|
862 sig.update((byte)(tmp >> 8)); |
|
863 sig.update((byte)(tmp & 0x0ff)); |
|
864 sig.update(dh_g); |
|
865 |
|
866 tmp = dh_Ys.length; |
|
867 sig.update((byte)(tmp >> 8)); |
|
868 sig.update((byte)(tmp & 0x0ff)); |
|
869 sig.update(dh_Ys); |
|
870 } |
|
871 |
|
872 private void setValues(DHCrypt obj) { |
|
873 dh_p = toByteArray(obj.getModulus()); |
|
874 dh_g = toByteArray(obj.getBase()); |
|
875 dh_Ys = toByteArray(obj.getPublicKey()); |
|
876 } |
|
877 |
878 int messageLength() { |
878 int messageLength() { |
879 int temp = 6; // overhead for p, g, y(s) values. |
879 int temp = 6; // overhead for p, g, y(s) values. |
880 |
880 |
881 temp += dh_p.length; |
881 temp += dh_p.length; |
882 temp += dh_g.length; |
882 temp += dh_g.length; |
943 * EC domain parameters). |
943 * EC domain parameters). |
944 * |
944 * |
945 * We support named curves only, no explicitly encoded curves. |
945 * We support named curves only, no explicitly encoded curves. |
946 */ |
946 */ |
947 static final |
947 static final |
948 class ECDH_ServerKeyExchange extends ServerKeyExchange |
948 class ECDH_ServerKeyExchange extends ServerKeyExchange { |
949 { |
|
950 |
949 |
951 // constants for ECCurveType |
950 // constants for ECCurveType |
952 private final static int CURVE_EXPLICIT_PRIME = 1; |
951 private final static int CURVE_EXPLICIT_PRIME = 1; |
953 private final static int CURVE_EXPLICIT_CHAR2 = 2; |
952 private final static int CURVE_EXPLICIT_CHAR2 = 2; |
954 private final static int CURVE_NAMED_CURVE = 3; |
953 private final static int CURVE_NAMED_CURVE = 3; |
1118 sig.update((byte)pointBytes.length); |
1117 sig.update((byte)pointBytes.length); |
1119 sig.update(pointBytes); |
1118 sig.update(pointBytes); |
1120 } |
1119 } |
1121 |
1120 |
1122 int messageLength() { |
1121 int messageLength() { |
1123 int sigLen = (signatureBytes == null) ? 0 : 2 + signatureBytes.length; |
1122 int sigLen = 0; |
1124 |
1123 if (signatureBytes != null) { |
1125 if (protocolVersion.v >= ProtocolVersion.TLS12.v) { |
1124 sigLen = 2 + signatureBytes.length; |
1126 sigLen += SignatureAndHashAlgorithm.sizeInRecord(); |
1125 if (protocolVersion.v >= ProtocolVersion.TLS12.v) { |
|
1126 sigLen += SignatureAndHashAlgorithm.sizeInRecord(); |
|
1127 } |
1127 } |
1128 } |
1128 |
1129 |
1129 return 4 + pointBytes.length + sigLen; |
1130 return 4 + pointBytes.length + sigLen; |
1130 } |
1131 } |
1131 |
1132 |
1132 void send(HandshakeOutStream s) throws IOException { |
1133 void send(HandshakeOutStream s) throws IOException { |
1133 s.putInt8(CURVE_NAMED_CURVE); |
1134 s.putInt8(CURVE_NAMED_CURVE); |
1134 s.putInt16(curveId); |
1135 s.putInt16(curveId); |
1135 s.putBytes8(pointBytes); |
1136 s.putBytes8(pointBytes); |
1136 if (protocolVersion.v >= ProtocolVersion.TLS12.v) { |
|
1137 s.putInt8(preferableSignatureAlgorithm.getHashValue()); |
|
1138 s.putInt8(preferableSignatureAlgorithm.getSignatureValue()); |
|
1139 } |
|
1140 |
1137 |
1141 if (signatureBytes != null) { |
1138 if (signatureBytes != null) { |
|
1139 if (protocolVersion.v >= ProtocolVersion.TLS12.v) { |
|
1140 s.putInt8(preferableSignatureAlgorithm.getHashValue()); |
|
1141 s.putInt8(preferableSignatureAlgorithm.getSignatureValue()); |
|
1142 } |
|
1143 |
1142 s.putBytes16(signatureBytes); |
1144 s.putBytes16(signatureBytes); |
1143 } |
1145 } |
1144 } |
1146 } |
1145 |
1147 |
1146 void print(PrintStream s) throws IOException { |
1148 void print(PrintStream s) throws IOException { |
1147 s.println("*** ECDH ServerKeyExchange"); |
1149 s.println("*** ECDH ServerKeyExchange"); |
1148 |
1150 |
1149 if (debug != null && Debug.isOn("verbose")) { |
1151 if (debug != null && Debug.isOn("verbose")) { |
1150 if (protocolVersion.v >= ProtocolVersion.TLS12.v) { |
1152 if (signatureBytes == null) { |
1151 s.println("Signature Algorithm " + |
1153 s.println("Anonymous"); |
1152 preferableSignatureAlgorithm.getAlgorithmName()); |
1154 } else { |
|
1155 if (protocolVersion.v >= ProtocolVersion.TLS12.v) { |
|
1156 s.println("Signature Algorithm " + |
|
1157 preferableSignatureAlgorithm.getAlgorithmName()); |
|
1158 } |
1153 } |
1159 } |
1154 |
1160 |
1155 s.println("Server key: " + publicKey); |
1161 s.println("Server key: " + publicKey); |
1156 } |
1162 } |
1157 } |
1163 } |