jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java

equal deleted inserted replaced

-:13588c901957
+:9cf78a70fa4f
 import java.security.KeyPairGenerator;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.interfaces.ECPublicKey;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.ECGenParameterSpec;
 import java.security.spec.ECParameterSpec;
 import java.security.spec.ECPoint;
 import java.security.spec.ECPublicKeySpec;
 import java.util.EnumSet;
 import javax.crypto.KeyAgreement;
 import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
 import javax.net.ssl.SSLHandshakeException;
-import sun.security.ssl.CipherSuite.HashAlg;
+import sun.security.ssl.NamedGroup.NamedGroupSpec;
-import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
-import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
 import sun.security.ssl.X509Authentication.X509Credentials;
 import sun.security.ssl.X509Authentication.X509Possession;
+import sun.security.ssl.XDHKeyExchange.XDHECredentials;
+import sun.security.ssl.XDHKeyExchange.XDHEPossession;
 import sun.security.util.ECUtil;
 final class ECDHKeyExchange {
 static final SSLPossessionGenerator poGenerator =
 new ECDHEPossessionGenerator();
+static final SSLKeyAgreementGenerator ecdhKAGenerator =
+new ECDHKAGenerator();
+// TLSv1.3
 static final SSLKeyAgreementGenerator ecdheKAGenerator =
 new ECDHEKAGenerator();
-static final SSLKeyAgreementGenerator ecdhKAGenerator =
-new ECDHKAGenerator();
+// TLSv1-1.2, the KA gets more difficult with EC/XEC keys
+static final SSLKeyAgreementGenerator ecdheXdhKAGenerator =
-static final class ECDHECredentials implements SSLCredentials {
+new ECDHEXDHKAGenerator();
+static final class ECDHECredentials implements NamedGroupCredentials {
 final ECPublicKey popPublicKey;
 final NamedGroup namedGroup;
 ECDHECredentials(ECPublicKey popPublicKey, NamedGroup namedGroup) {
 this.popPublicKey = popPublicKey;
 this.namedGroup = namedGroup;
 }
+@Override
+public PublicKey getPublicKey() {
+return popPublicKey;
+}
+@Override
+public NamedGroup getNamedGroup() {
+return namedGroup;
+}
 static ECDHECredentials valueOf(NamedGroup namedGroup,
 byte[] encodedPoint) throws IOException, GeneralSecurityException {
-if (namedGroup.type != NamedGroupType.NAMED_GROUP_ECDHE) {
+if (namedGroup.spec != NamedGroupSpec.NAMED_GROUP_ECDHE) {
 throw new RuntimeException(
 "Credentials decoding:  Not ECDHE named group");
 }
 if (encodedPoint == null || encodedPoint.length == 0) {
 return null;
 }
 ECParameterSpec parameters =
-ECUtil.getECParameterSpec(null, namedGroup.oid);
+(ECParameterSpec)namedGroup.keAlgParamSpec;
-if (parameters == null) {
-return null;
-}
 ECPoint point = ECUtil.decodePoint(
 encodedPoint, parameters.getCurve());
 KeyFactory factory = KeyFactory.getInstance("EC");
 ECPublicKey publicKey = (ECPublicKey)factory.generatePublic(
 new ECPublicKeySpec(point, parameters));
 return new ECDHECredentials(publicKey, namedGroup);
 }
 }
-static final class ECDHEPossession implements SSLPossession {
+static final class ECDHEPossession implements NamedGroupPossession {
 final PrivateKey privateKey;
 final ECPublicKey publicKey;
 final NamedGroup namedGroup;
 ECDHEPossession(NamedGroup namedGroup, SecureRandom random) {
 try {
 KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
-ECGenParameterSpec params =
+kpg.initialize(namedGroup.keAlgParamSpec, random);
-(ECGenParameterSpec)namedGroup.getParameterSpec();
-kpg.initialize(params, random);
 KeyPair kp = kpg.generateKeyPair();
 privateKey = kp.getPrivate();
 publicKey = (ECPublicKey)kp.getPublic();
 } catch (GeneralSecurityException e) {
 throw new RuntimeException(
 } catch (GeneralSecurityException | java.io.IOException e) {
 throw (SSLHandshakeException) new SSLHandshakeException(
 "Could not generate ECPublicKey").initCause(e);
 }
 }
+@Override
+public PublicKey getPublicKey() {
+return publicKey;
+}
+@Override
+public NamedGroup getNamedGroup() {
+return namedGroup;
+}
+@Override
+public PrivateKey getPrivateKey() {
+return privateKey;
+}
 }
 private static final
 class ECDHEPossessionGenerator implements SSLPossessionGenerator {
 // Prevent instantiation of this class.
 // blank
 }
 @Override
 public SSLPossession createPossession(HandshakeContext context) {
-NamedGroup preferableNamedGroup = null;
+NamedGroup preferableNamedGroup;
+// Find most preferred EC or XEC groups
 if ((context.clientRequestedNamedGroups != null) &&
 (!context.clientRequestedNamedGroups.isEmpty())) {
 preferableNamedGroup = SupportedGroups.getPreferredGroup(
 context.negotiatedProtocol,
 context.algorithmConstraints,
-NamedGroupType.NAMED_GROUP_ECDHE,
+new NamedGroupSpec[] {
+NamedGroupSpec.NAMED_GROUP_ECDHE,
+NamedGroupSpec.NAMED_GROUP_XDH },
 context.clientRequestedNamedGroups);
 } else {
 preferableNamedGroup = SupportedGroups.getPreferredGroup(
 context.negotiatedProtocol,
 context.algorithmConstraints,
-NamedGroupType.NAMED_GROUP_ECDHE);
+new NamedGroupSpec[] {
+NamedGroupSpec.NAMED_GROUP_ECDHE,
+NamedGroupSpec.NAMED_GROUP_XDH });
 }
 if (preferableNamedGroup != null) {
-return new ECDHEPossession(preferableNamedGroup,
+return preferableNamedGroup.createPossession(
 context.sslContext.getSecureRandom());
 }
 // no match found, cannot use this cipher suite.
 //
 return null;
 continue;
 }
 NamedGroup ng = NamedGroup.valueOf(params);
 if (ng == null) {
-// unlikely, have been checked during cipher suite negotiation.
+// unlikely, have been checked during cipher suite
+// negotiation.
 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
 "Unsupported EC server cert for ECDH key exchange");
 }
 for (SSLCredentials cred : shc.handshakeCredentials) {
 if (x509Possession == null || ecdheCredentials == null) {
 throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
 "No sufficient ECDHE key agreement parameters negotiated");
 }
-return new ECDHEKAKeyDerivation(shc,
+return new KAKeyDerivation("ECDH", shc,
 x509Possession.popPrivateKey, ecdheCredentials.popPublicKey);
 }
 private SSLKeyDerivation createClientKeyDerivation(
 ClientHandshakeContext chc) throws IOException {
 if (ecdhePossession == null || x509Credentials == null) {
 throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
 "No sufficient ECDH key agreement parameters negotiated");
 }
-return new ECDHEKAKeyDerivation(chc,
+return new KAKeyDerivation("ECDH", chc,
 ecdhePossession.privateKey, x509Credentials.popPublicKey);
 }
 }
 private static final
 if (ecdhePossession == null || ecdheCredentials == null) {
 throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
 "No sufficient ECDHE key agreement parameters negotiated");
 }
-return new ECDHEKAKeyDerivation(context,
+return new KAKeyDerivation("ECDH", context,
 ecdhePossession.privateKey, ecdheCredentials.popPublicKey);
 }
 }
+/*
+* A Generator for TLSv1-1.2 to create a ECDHE or a XDH KeyDerivation
+* object depending on the negotiated group.
+*/
 private static final
-class ECDHEKAKeyDerivation implements SSLKeyDerivation {
+class ECDHEXDHKAGenerator implements SSLKeyAgreementGenerator {
-private final HandshakeContext context;
+// Prevent instantiation of this class.
-private final PrivateKey localPrivateKey;
+private ECDHEXDHKAGenerator() {
-private final PublicKey peerPublicKey;
+// blank
+}
-ECDHEKAKeyDerivation(HandshakeContext context,
-PrivateKey localPrivateKey,
+@Override
-PublicKey peerPublicKey) {
+public SSLKeyDerivation createKeyDerivation(
-this.context = context;
+HandshakeContext context) throws IOException {
-this.localPrivateKey = localPrivateKey;
-this.peerPublicKey = peerPublicKey;
+NamedGroupPossession namedGroupPossession = null;
-}
+NamedGroupCredentials namedGroupCredentials = null;
+NamedGroup namedGroup = null;
-@Override
-public SecretKey deriveKey(String algorithm,
+// Find a possession/credential combo using the same named group
-AlgorithmParameterSpec params) throws IOException {
+search:
-if (!context.negotiatedProtocol.useTLS13PlusSpec()) {
+for (SSLPossession poss : context.handshakePossessions) {
-return t12DeriveKey(algorithm, params);
+for (SSLCredentials cred : context.handshakeCredentials) {
-} else {
+if (((poss instanceof ECDHEPossession) &&
-return t13DeriveKey(algorithm, params);
+(cred instanceof ECDHECredentials)) ||
-}
+(((poss instanceof XDHEPossession) &&
-}
+(cred instanceof XDHECredentials)))) {
+NamedGroupPossession p = (NamedGroupPossession)poss;
-private SecretKey t12DeriveKey(String algorithm,
+NamedGroupCredentials c = (NamedGroupCredentials)cred;
-AlgorithmParameterSpec params) throws IOException {
+if (p.getNamedGroup() != c.getNamedGroup()) {
-try {
+continue;
-KeyAgreement ka = KeyAgreement.getInstance("ECDH");
+} else {
-ka.init(localPrivateKey);
+namedGroup = p.getNamedGroup();
-ka.doPhase(peerPublicKey, true);
+}
-SecretKey preMasterSecret =
+namedGroupPossession = p;
-ka.generateSecret("TlsPremasterSecret");
+namedGroupCredentials = c;
+break search;
-SSLMasterKeyDerivation mskd =
+}
-SSLMasterKeyDerivation.valueOf(
+}
-context.negotiatedProtocol);
+}
-if (mskd == null) {
-// unlikely
+if (namedGroupPossession == null || namedGroupCredentials == null) {
-throw new SSLHandshakeException(
+throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
-"No expected master key derivation for protocol: " +
+"No sufficient ECDHE/XDH key agreement " +
-context.negotiatedProtocol.name);
+"parameters negotiated");
 }
-SSLKeyDerivation kd = mskd.createKeyDerivation(
-context, preMasterSecret);
+String alg;
-return kd.deriveKey("MasterSecret", params);
+switch (namedGroup.spec) {
-} catch (GeneralSecurityException gse) {
+case NAMED_GROUP_ECDHE:
-throw (SSLHandshakeException) new SSLHandshakeException(
+alg = "ECDH";
-"Could not generate secret").initCause(gse);
+break;
-}
+case NAMED_GROUP_XDH:
-}
+alg = "XDH";
+break;
-private SecretKey t13DeriveKey(String algorithm,
+default:
-AlgorithmParameterSpec params) throws IOException {
+throw new RuntimeException("Unexpected named group type");
-try {
+}
-KeyAgreement ka = KeyAgreement.getInstance("ECDH");
-ka.init(localPrivateKey);
+return new KAKeyDerivation(alg, context,
-ka.doPhase(peerPublicKey, true);
+namedGroupPossession.getPrivateKey(),
-SecretKey sharedSecret =
+namedGroupCredentials.getPublicKey());
-ka.generateSecret("TlsPremasterSecret");
-HashAlg hashAlg = context.negotiatedCipherSuite.hashAlg;
-SSLKeyDerivation kd = context.handshakeKeyDerivation;
-HKDF hkdf = new HKDF(hashAlg.name);
-if (kd == null) {   // No PSK is in use.
-// If PSK is not in use Early Secret will still be
-// HKDF-Extract(0, 0).
-byte[] zeros = new byte[hashAlg.hashLength];
-SecretKeySpec ikm =
-new SecretKeySpec(zeros, "TlsPreSharedSecret");
-SecretKey earlySecret =
-hkdf.extract(zeros, ikm, "TlsEarlySecret");
-kd = new SSLSecretDerivation(context, earlySecret);
-}
-// derive salt secret
-SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
-// derive handshake secret
-return hkdf.extract(saltSecret, sharedSecret, algorithm);
-} catch (GeneralSecurityException gse) {
-throw (SSLHandshakeException) new SSLHandshakeException(
-"Could not generate secret").initCause(gse);
-}
 }
 }
 }

branch	datagramsocketimpl-branch
changeset 58678	9cf78a70fa4f
parent 54417	f87041131515
child 58679	9c3209ff7550