24 */ |
24 */ |
25 |
25 |
26 package sun.security.ssl; |
26 package sun.security.ssl; |
27 |
27 |
28 import java.security.*; |
28 import java.security.*; |
|
29 import java.security.interfaces.ECPrivateKey; |
29 import java.security.spec.AlgorithmParameterSpec; |
30 import java.security.spec.AlgorithmParameterSpec; |
|
31 import java.security.spec.ECParameterSpec; |
30 import java.security.spec.PSSParameterSpec; |
32 import java.security.spec.PSSParameterSpec; |
31 import java.util.ArrayList; |
33 import java.util.ArrayList; |
32 import java.util.Arrays; |
34 import java.util.Arrays; |
33 import java.util.Collection; |
35 import java.util.Collection; |
34 import java.util.Collections; |
36 import java.util.Collections; |
35 import java.util.EnumSet; |
37 import java.util.EnumSet; |
36 import java.util.LinkedList; |
38 import java.util.LinkedList; |
37 import java.util.List; |
39 import java.util.List; |
38 import java.util.Set; |
40 import java.util.Set; |
|
41 import sun.security.ssl.SupportedGroupsExtension.NamedGroup; |
|
42 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType; |
39 import sun.security.util.KeyUtil; |
43 import sun.security.util.KeyUtil; |
40 |
44 |
41 enum SignatureScheme { |
45 enum SignatureScheme { |
42 // EdDSA algorithms |
46 // EdDSA algorithms |
43 ED25519 (0x0807, "ed25519", "ed25519", |
47 ED25519 (0x0807, "ed25519", "ed25519", |
49 |
53 |
50 // ECDSA algorithms |
54 // ECDSA algorithms |
51 ECDSA_SECP256R1_SHA256 (0x0403, "ecdsa_secp256r1_sha256", |
55 ECDSA_SECP256R1_SHA256 (0x0403, "ecdsa_secp256r1_sha256", |
52 "SHA256withECDSA", |
56 "SHA256withECDSA", |
53 "EC", |
57 "EC", |
|
58 NamedGroup.SECP256_R1, |
54 ProtocolVersion.PROTOCOLS_TO_13), |
59 ProtocolVersion.PROTOCOLS_TO_13), |
55 ECDSA_SECP384R1_SHA384 (0x0503, "ecdsa_secp384r1_sha384", |
60 ECDSA_SECP384R1_SHA384 (0x0503, "ecdsa_secp384r1_sha384", |
56 "SHA384withECDSA", |
61 "SHA384withECDSA", |
57 "EC", |
62 "EC", |
|
63 NamedGroup.SECP384_R1, |
58 ProtocolVersion.PROTOCOLS_TO_13), |
64 ProtocolVersion.PROTOCOLS_TO_13), |
59 ECDSA_SECP512R1_SHA512 (0x0603, "ecdsa_secp512r1_sha512", |
65 ECDSA_SECP512R1_SHA512 (0x0603, "ecdsa_secp512r1_sha512", |
60 "SHA512withECDSA", |
66 "SHA512withECDSA", |
61 "EC", |
67 "EC", |
|
68 NamedGroup.SECP521_R1, |
62 ProtocolVersion.PROTOCOLS_TO_13), |
69 ProtocolVersion.PROTOCOLS_TO_13), |
63 |
70 |
64 // RSASSA-PSS algorithms with public key OID rsaEncryption |
71 // RSASSA-PSS algorithms with public key OID rsaEncryption |
65 RSA_PSS_RSAE_SHA256 (0x0804, "rsa_pss_rsae_sha256", |
72 RSA_PSS_RSAE_SHA256 (0x0804, "rsa_pss_rsae_sha256", |
66 "RSASSA-PSS", "RSA", |
73 "RSASSA-PSS", "RSA", |
89 SigAlgParamSpec.RSA_PSS_SHA512, 768, |
96 SigAlgParamSpec.RSA_PSS_SHA512, 768, |
90 ProtocolVersion.PROTOCOLS_OF_13), |
97 ProtocolVersion.PROTOCOLS_OF_13), |
91 |
98 |
92 // RSASSA-PKCS1-v1_5 algorithms |
99 // RSASSA-PKCS1-v1_5 algorithms |
93 RSA_PKCS1_SHA256 (0x0401, "rsa_pkcs1_sha256", "SHA256withRSA", |
100 RSA_PKCS1_SHA256 (0x0401, "rsa_pkcs1_sha256", "SHA256withRSA", |
94 "RSA", null, 512, |
101 "RSA", null, null, 512, |
95 ProtocolVersion.PROTOCOLS_TO_13, |
102 ProtocolVersion.PROTOCOLS_TO_13, |
96 ProtocolVersion.PROTOCOLS_TO_12), |
103 ProtocolVersion.PROTOCOLS_TO_12), |
97 RSA_PKCS1_SHA384 (0x0501, "rsa_pkcs1_sha384", "SHA384withRSA", |
104 RSA_PKCS1_SHA384 (0x0501, "rsa_pkcs1_sha384", "SHA384withRSA", |
98 "RSA", null, 768, |
105 "RSA", null, null, 768, |
99 ProtocolVersion.PROTOCOLS_TO_13, |
106 ProtocolVersion.PROTOCOLS_TO_13, |
100 ProtocolVersion.PROTOCOLS_TO_12), |
107 ProtocolVersion.PROTOCOLS_TO_12), |
101 RSA_PKCS1_SHA512 (0x0601, "rsa_pkcs1_sha512", "SHA512withRSA", |
108 RSA_PKCS1_SHA512 (0x0601, "rsa_pkcs1_sha512", "SHA512withRSA", |
102 "RSA", null, 768, |
109 "RSA", null, null, 768, |
103 ProtocolVersion.PROTOCOLS_TO_13, |
110 ProtocolVersion.PROTOCOLS_TO_13, |
104 ProtocolVersion.PROTOCOLS_TO_12), |
111 ProtocolVersion.PROTOCOLS_TO_12), |
105 |
112 |
106 // Legacy algorithms |
113 // Legacy algorithms |
107 DSA_SHA256 (0x0402, "dsa_sha256", "SHA256withDSA", |
114 DSA_SHA256 (0x0402, "dsa_sha256", "SHA256withDSA", |
118 ProtocolVersion.PROTOCOLS_TO_12), |
125 ProtocolVersion.PROTOCOLS_TO_12), |
119 ECDSA_SHA1 (0x0203, "ecdsa_sha1", "SHA1withECDSA", |
126 ECDSA_SHA1 (0x0203, "ecdsa_sha1", "SHA1withECDSA", |
120 "EC", |
127 "EC", |
121 ProtocolVersion.PROTOCOLS_TO_13), |
128 ProtocolVersion.PROTOCOLS_TO_13), |
122 RSA_PKCS1_SHA1 (0x0201, "rsa_pkcs1_sha1", "SHA1withRSA", |
129 RSA_PKCS1_SHA1 (0x0201, "rsa_pkcs1_sha1", "SHA1withRSA", |
123 "rsa", null, 512, |
130 "rsa", null, null, 512, |
124 ProtocolVersion.PROTOCOLS_TO_13, |
131 ProtocolVersion.PROTOCOLS_TO_13, |
125 ProtocolVersion.PROTOCOLS_TO_12), |
132 ProtocolVersion.PROTOCOLS_TO_12), |
126 DSA_SHA1 (0x0202, "dsa_sha1", "SHA1withDSA", |
133 DSA_SHA1 (0x0202, "dsa_sha1", "SHA1withDSA", |
127 "dsa", |
134 "dsa", |
128 ProtocolVersion.PROTOCOLS_TO_12), |
135 ProtocolVersion.PROTOCOLS_TO_12), |
133 final int id; // hash + signature |
140 final int id; // hash + signature |
134 final String name; // literal name |
141 final String name; // literal name |
135 private final String algorithm; // signature algorithm |
142 private final String algorithm; // signature algorithm |
136 final String keyAlgorithm; // signature key algorithm |
143 final String keyAlgorithm; // signature key algorithm |
137 private final AlgorithmParameterSpec signAlgParameter; |
144 private final AlgorithmParameterSpec signAlgParameter; |
|
145 private final NamedGroup namedGroup; // associated named group |
138 |
146 |
139 // The minial required key size in bits. |
147 // The minial required key size in bits. |
140 // |
148 // |
141 // Only need to check RSA algorithm at present. RSA keys of 512 bits |
149 // Only need to check RSA algorithm at present. RSA keys of 512 bits |
142 // have been shown to be practically breakable, it does not make much |
150 // have been shown to be practically breakable, it does not make much |
143 // sense to use the strong hash algorithm for keys whose key size less |
151 // sense to use the strong hash algorithm for keys whose key size less |
144 // than 512 bits. So it is not necessary to caculate the minial |
152 // than 512 bits. So it is not necessary to caculate the minial |
145 // required key size exactly for a hash algorithm. |
153 // required key size exactly for a hash algorithm. |
146 final int minimalKeySize; |
154 final int minimalKeySize; |
147 final List<ProtocolVersion> supportedProtocols; |
155 final List<ProtocolVersion> supportedProtocols; |
|
156 |
148 // Some signature schemes are supported in different versions for handshake |
157 // Some signature schemes are supported in different versions for handshake |
149 // messages and certificates. This field holds the supported protocols |
158 // messages and certificates. This field holds the supported protocols |
150 // for handshake messages. |
159 // for handshake messages. |
151 final List<ProtocolVersion> handshakeSupportedProtocols; |
160 final List<ProtocolVersion> handshakeSupportedProtocols; |
152 final boolean isAvailable; |
161 final boolean isAvailable; |
209 |
218 |
210 private SignatureScheme(int id, String name, |
219 private SignatureScheme(int id, String name, |
211 String algorithm, String keyAlgorithm, |
220 String algorithm, String keyAlgorithm, |
212 int minimalKeySize, |
221 int minimalKeySize, |
213 ProtocolVersion[] supportedProtocols) { |
222 ProtocolVersion[] supportedProtocols) { |
214 this(id, name, algorithm, keyAlgorithm, null, |
223 this(id, name, algorithm, keyAlgorithm, |
215 minimalKeySize, supportedProtocols); |
224 null, minimalKeySize, supportedProtocols); |
216 } |
|
217 |
|
218 private SignatureScheme(int id, String name, |
|
219 String algorithm, String keyAlgorithm, |
|
220 SigAlgParamSpec signAlgParamSpec, int minimalKeySize, |
|
221 ProtocolVersion[] supportedProtocols) { |
|
222 this(id, name, algorithm, keyAlgorithm, signAlgParamSpec, minimalKeySize, |
|
223 supportedProtocols, supportedProtocols); |
|
224 } |
225 } |
225 |
226 |
226 private SignatureScheme(int id, String name, |
227 private SignatureScheme(int id, String name, |
227 String algorithm, String keyAlgorithm, |
228 String algorithm, String keyAlgorithm, |
228 SigAlgParamSpec signAlgParamSpec, int minimalKeySize, |
229 SigAlgParamSpec signAlgParamSpec, int minimalKeySize, |
|
230 ProtocolVersion[] supportedProtocols) { |
|
231 this(id, name, algorithm, keyAlgorithm, |
|
232 signAlgParamSpec, null, minimalKeySize, |
|
233 supportedProtocols, supportedProtocols); |
|
234 } |
|
235 |
|
236 private SignatureScheme(int id, String name, |
|
237 String algorithm, String keyAlgorithm, |
|
238 NamedGroup namedGroup, |
|
239 ProtocolVersion[] supportedProtocols) { |
|
240 this(id, name, algorithm, keyAlgorithm, |
|
241 null, namedGroup, -1, |
|
242 supportedProtocols, supportedProtocols); |
|
243 } |
|
244 |
|
245 private SignatureScheme(int id, String name, |
|
246 String algorithm, String keyAlgorithm, |
|
247 SigAlgParamSpec signAlgParamSpec, |
|
248 NamedGroup namedGroup, int minimalKeySize, |
229 ProtocolVersion[] supportedProtocols, |
249 ProtocolVersion[] supportedProtocols, |
230 ProtocolVersion[] handshakeSupportedProtocols) { |
250 ProtocolVersion[] handshakeSupportedProtocols) { |
231 this.id = id; |
251 this.id = id; |
232 this.name = name; |
252 this.name = name; |
233 this.algorithm = algorithm; |
253 this.algorithm = algorithm; |
234 this.keyAlgorithm = keyAlgorithm; |
254 this.keyAlgorithm = keyAlgorithm; |
235 this.signAlgParameter = |
255 this.signAlgParameter = |
236 signAlgParamSpec != null ? signAlgParamSpec.parameterSpec : null; |
256 signAlgParamSpec != null ? signAlgParamSpec.parameterSpec : null; |
|
257 this.namedGroup = namedGroup; |
237 this.minimalKeySize = minimalKeySize; |
258 this.minimalKeySize = minimalKeySize; |
238 this.supportedProtocols = Arrays.asList(supportedProtocols); |
259 this.supportedProtocols = Arrays.asList(supportedProtocols); |
239 this.handshakeSupportedProtocols = Arrays.asList(handshakeSupportedProtocols); |
260 this.handshakeSupportedProtocols = |
|
261 Arrays.asList(handshakeSupportedProtocols); |
240 |
262 |
241 boolean mediator = true; |
263 boolean mediator = true; |
242 if (signAlgParamSpec != null) { |
264 if (signAlgParamSpec != null) { |
243 mediator = signAlgParamSpec.isAvailable; |
265 mediator = signAlgParamSpec.isAvailable; |
244 } else { |
266 } else { |