39 import java.security.spec.InvalidKeySpecException; |
39 import java.security.spec.InvalidKeySpecException; |
40 import javax.crypto.interfaces.DHPublicKey; |
40 import javax.crypto.interfaces.DHPublicKey; |
41 import javax.crypto.spec.DHParameterSpec; |
41 import javax.crypto.spec.DHParameterSpec; |
42 import javax.crypto.spec.DHPublicKeySpec; |
42 import javax.crypto.spec.DHPublicKeySpec; |
43 import sun.security.action.GetPropertyAction; |
43 import sun.security.action.GetPropertyAction; |
44 import sun.security.ssl.NamedGroup.NamedGroupType; |
44 import sun.security.ssl.NamedGroup.NamedGroupSpec; |
45 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups; |
45 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups; |
46 import sun.security.ssl.X509Authentication.X509Possession; |
46 import sun.security.ssl.X509Authentication.X509Possession; |
47 import sun.security.util.KeyUtil; |
47 import sun.security.util.KeyUtil; |
48 |
48 |
49 final class DHKeyExchange { |
49 final class DHKeyExchange { |
74 } |
74 } |
75 |
75 |
76 static DHECredentials valueOf(NamedGroup ng, |
76 static DHECredentials valueOf(NamedGroup ng, |
77 byte[] encodedPublic) throws IOException, GeneralSecurityException { |
77 byte[] encodedPublic) throws IOException, GeneralSecurityException { |
78 |
78 |
79 if (ng.type != NamedGroupType.NAMED_GROUP_FFDHE) { |
79 if (ng.spec != NamedGroupSpec.NAMED_GROUP_FFDHE) { |
80 throw new RuntimeException( |
80 throw new RuntimeException( |
81 "Credentials decoding: Not FFDHE named group"); |
81 "Credentials decoding: Not FFDHE named group"); |
82 } |
82 } |
83 |
83 |
84 if (encodedPublic == null || encodedPublic.length == 0) { |
84 if (encodedPublic == null || encodedPublic.length == 0) { |
85 return null; |
85 return null; |
86 } |
86 } |
87 |
87 |
88 DHParameterSpec params = (DHParameterSpec)ng.getParameterSpec(); |
88 DHParameterSpec params = (DHParameterSpec)ng.keAlgParamSpec; |
89 if (params == null) { |
|
90 return null; |
|
91 } |
|
92 |
|
93 KeyFactory kf = KeyFactory.getInstance("DiffieHellman"); |
89 KeyFactory kf = KeyFactory.getInstance("DiffieHellman"); |
94 DHPublicKeySpec spec = new DHPublicKeySpec( |
90 DHPublicKeySpec spec = new DHPublicKeySpec( |
95 new BigInteger(1, encodedPublic), |
91 new BigInteger(1, encodedPublic), |
96 params.getP(), params.getG()); |
92 params.getP(), params.getG()); |
97 DHPublicKey publicKey = |
93 DHPublicKey publicKey = |
108 |
104 |
109 DHEPossession(NamedGroup namedGroup, SecureRandom random) { |
105 DHEPossession(NamedGroup namedGroup, SecureRandom random) { |
110 try { |
106 try { |
111 KeyPairGenerator kpg = |
107 KeyPairGenerator kpg = |
112 KeyPairGenerator.getInstance("DiffieHellman"); |
108 KeyPairGenerator.getInstance("DiffieHellman"); |
113 DHParameterSpec params = |
109 kpg.initialize(namedGroup.keAlgParamSpec, random); |
114 (DHParameterSpec)namedGroup.getParameterSpec(); |
|
115 kpg.initialize(params, random); |
|
116 KeyPair kp = generateDHKeyPair(kpg); |
110 KeyPair kp = generateDHKeyPair(kpg); |
117 if (kp == null) { |
111 if (kp == null) { |
118 throw new RuntimeException("Could not generate DH keypair"); |
112 throw new RuntimeException("Could not generate DH keypair"); |
119 } |
113 } |
120 privateKey = kp.getPrivate(); |
114 privateKey = kp.getPrivate(); |
319 NamedGroup preferableNamedGroup; |
313 NamedGroup preferableNamedGroup; |
320 if (!useLegacyEphemeralDHKeys && |
314 if (!useLegacyEphemeralDHKeys && |
321 (context.clientRequestedNamedGroups != null) && |
315 (context.clientRequestedNamedGroups != null) && |
322 (!context.clientRequestedNamedGroups.isEmpty())) { |
316 (!context.clientRequestedNamedGroups.isEmpty())) { |
323 preferableNamedGroup = |
317 preferableNamedGroup = |
324 SupportedGroups.getPreferredGroup( |
318 SupportedGroups.getPreferredGroup(context.negotiatedProtocol, |
325 context.negotiatedProtocol, |
|
326 context.algorithmConstraints, |
319 context.algorithmConstraints, |
327 new NamedGroupType [] { |
320 new NamedGroupSpec [] { |
328 NamedGroupType.NAMED_GROUP_FFDHE }, |
321 NamedGroupSpec.NAMED_GROUP_FFDHE }, |
329 context.clientRequestedNamedGroups); |
322 context.clientRequestedNamedGroups); |
330 if (preferableNamedGroup != null) { |
323 if (preferableNamedGroup != null) { |
331 return new DHEPossession(preferableNamedGroup, |
324 return new DHEPossession(preferableNamedGroup, |
332 context.sslContext.getSecureRandom()); |
325 context.sslContext.getSecureRandom()); |
333 } |
326 } |