jdk-sandbox: src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java@68fa3d4026ea (annotated)

50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	1	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	4	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	10	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	15	* accompanied this code).
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	16	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	20	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	23	* questions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	24	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	25
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	26	package sun.security.ssl;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	27
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	28	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	29	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	30	import java.security.CryptoPrimitive;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	31	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	32	import java.text.MessageFormat;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	33	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	34	import java.util.Collections;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	35	import java.util.EnumSet;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	36	import java.util.LinkedList;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	37	import java.util.List;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	38	import java.util.Locale;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	39	import java.util.Map;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	40	import javax.net.ssl.SSLProtocolException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	41	import sun.security.ssl.DHKeyExchange.DHECredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	42	import sun.security.ssl.DHKeyExchange.DHEPossession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	43	import sun.security.ssl.ECDHKeyExchange.ECDHECredentials;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	44	import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	45	import sun.security.ssl.KeyShareExtension.CHKeyShareSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	46	import sun.security.ssl.SSLExtension.ExtensionConsumer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	47	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	48	import sun.security.ssl.SSLHandshake.HandshakeMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	49	import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	50	import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	51	import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	52	import sun.security.util.HexDumpEncoder;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	53
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	54	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	55	* Pack of the "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	56	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	57	final class KeyShareExtension {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	58	static final HandshakeProducer chNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	59	new CHKeyShareProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	60	static final ExtensionConsumer chOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	61	new CHKeyShareConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	62	static final SSLStringizer chStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	63	new CHKeyShareStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	64
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	65	static final HandshakeProducer shNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	66	new SHKeyShareProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	67	static final ExtensionConsumer shOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	68	new SHKeyShareConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	69	static final HandshakeAbsence shOnLoadAbsence =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	70	new SHKeyShareAbsence();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	71	static final SSLStringizer shStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	72	new SHKeyShareStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	73
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	74	static final HandshakeProducer hrrNetworkProducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	75	new HRRKeyShareProducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	76	static final ExtensionConsumer hrrOnLoadConsumer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	77	new HRRKeyShareConsumer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	78	static final HandshakeProducer hrrNetworkReproducer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	79	new HRRKeyShareReproducer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	80	static final SSLStringizer hrrStringizer =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	81	new HRRKeyShareStringizer();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	82
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	83	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	84	* The key share entry used in "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	85	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	86	private static final class KeyShareEntry {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	87	final int namedGroupId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	88	final byte[] keyExchange;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	89
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	90	private KeyShareEntry(int namedGroupId, byte[] keyExchange) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	91	this.namedGroupId = namedGroupId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	92	this.keyExchange = keyExchange;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	93	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	94
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	95	private byte[] getEncoded() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	96	byte[] buffer = new byte[keyExchange.length + 4];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	97	// 2: named group id
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	98	// +2: key exchange length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	99	ByteBuffer m = ByteBuffer.wrap(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	100	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	101	Record.putInt16(m, namedGroupId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	102	Record.putBytes16(m, keyExchange);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	103	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	104	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	105	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	106	"Unlikely IOException", ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	107	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	108	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	109
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	110	return buffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	111	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	112
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	113	private int getEncodedSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	114	return keyExchange.length + 4; // 2: named group id
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	115	// +2: key exchange length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	116	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	117
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	118	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	119	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	120	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	121	"\n'{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	122	" \"named group\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	123	" \"key_exchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	124	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	125	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	126	"'}',", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	128	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	129	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	130	NamedGroup.nameOf(namedGroupId),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	131	Utilities.indent(hexEncoder.encode(keyExchange), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	132	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	133
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	134	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	135	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	136	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	137
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	138	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	139	* The "key_share" extension in a ClientHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	140	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	141	static final class CHKeyShareSpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	142	final List<KeyShareEntry> clientShares;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	143
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	144	private CHKeyShareSpec(List<KeyShareEntry> clientShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	145	this.clientShares = clientShares;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	146	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	147
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	148	private CHKeyShareSpec(ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	149	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	150	// KeyShareEntry client_shares<0..2^16-1>;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	151	// } KeyShareClientHello;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	152	if (buffer.remaining() < 2) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	153	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	154	"Invalid key_share extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	155	"insufficient data (length=" + buffer.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	156	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	157
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	158	int listLen = Record.getInt16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	159	if (listLen != buffer.remaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	160	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	161	"Invalid key_share extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	162	"incorrect list length (length=" + listLen + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	163	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	164
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	165	List<KeyShareEntry> keyShares = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	166	while (buffer.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	167	int namedGroupId = Record.getInt16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	168	byte[] keyExchange = Record.getBytes16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	169	if (keyExchange.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	170	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	171	"Invalid key_share extension: empty key_exchange");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	172	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	173
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	174	keyShares.add(new KeyShareEntry(namedGroupId, keyExchange));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	175	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	176
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	177	this.clientShares = Collections.unmodifiableList(keyShares);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	178	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	179
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	180	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	181	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	182	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	183	"\"client_shares\": '['{0}\n']'", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	184
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	185	StringBuilder builder = new StringBuilder(512);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	186	for (KeyShareEntry entry : clientShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	187	builder.append(entry.toString());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	188	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	189
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	190	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	191	Utilities.indent(builder.toString())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	192	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	193
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	194	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	195	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	196	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	197
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	198	private static final class CHKeyShareStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	199	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	200	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	201	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	202	return (new CHKeyShareSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	203	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	204	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	205	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	206	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	208	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	209
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	210	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	211	* Network data producer of the extension in a ClientHello
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	212	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	213	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	214	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	215	class CHKeyShareProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	216	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	217	private CHKeyShareProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	218	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	219	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	220
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	221	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	222	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	223	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	224	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	225	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	226
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	227	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	228	if (!chc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	229	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	230	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	231	"Ignore unavailable key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	232	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	233	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	234	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	235
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	236	List<NamedGroup> namedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	237	if (chc.serverSelectedNamedGroup != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	238	// Response to HelloRetryRequest
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	239	namedGroups = Arrays.asList(chc.serverSelectedNamedGroup);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	240	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	241	namedGroups = chc.clientRequestedNamedGroups;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	242	if (namedGroups == null \|\| namedGroups.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	243	// No supported groups.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	244	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	245	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	246	"Ignore key_share extension, no supported groups");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	247	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	248	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	249	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	250	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	251
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	252	List<KeyShareEntry> keyShares = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	253	for (NamedGroup ng : namedGroups) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	254	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	255	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	256	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	257	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	258	"No key exchange for named group " + ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	259	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	260	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	261	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	262
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	263	SSLPossession[] poses = ke.createPossessions(chc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	264	for (SSLPossession pos : poses) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	265	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	266	chc.handshakePossessions.add(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	267	if (!(pos instanceof ECDHEPossession) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	268	!(pos instanceof DHEPossession)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	269	// May need more possesion types in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	270	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	271	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	272
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	273	keyShares.add(new KeyShareEntry(ng.id, pos.encode()));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	274	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	275
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	276	// One key share entry only. Too much key share entries makes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	277	// the ClientHello handshake message really big.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	278	if (!keyShares.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	279	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	280	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	281	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	282
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	283	int listLen = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	284	for (KeyShareEntry entry : keyShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	285	listLen += entry.getEncodedSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	286	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	287	byte[] extData = new byte[listLen + 2]; // 2: list length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	288	ByteBuffer m = ByteBuffer.wrap(extData);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	289	Record.putInt16(m, listLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	290	for (KeyShareEntry entry : keyShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	291	m.put(entry.getEncoded());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	292	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	293
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	294	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	295	chc.handshakeExtensions.put(SSLExtension.CH_KEY_SHARE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	296	new CHKeyShareSpec(keyShares));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	297
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	298	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	299	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	300	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	301
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	302	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	303	* Network data consumer of the extension in a ClientHello
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	304	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	305	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	306	private static final class CHKeyShareConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	307	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	308	private CHKeyShareConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	309	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	310	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	311
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	312	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	313	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	314	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	315	// The consuming happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	316	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	317
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	318	if (shc.handshakeExtensions.containsKey(SSLExtension.CH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	319	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	320	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	321	"The key_share extension has been loaded");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	322	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	323	return;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	324	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	325
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	326	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	327	if (!shc.sslConfig.isAvailable(SSLExtension.CH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	328	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	329	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	330	"Ignore unavailable key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	331	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	332	return; // ignore the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	333	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	334
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	335	// Parse the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	336	CHKeyShareSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	337	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	338	spec = new CHKeyShareSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	339	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	340	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	341	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	342	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	343
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	344	List<SSLCredentials> credentials = new LinkedList<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	345	for (KeyShareEntry entry : spec.clientShares) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	346	NamedGroup ng = NamedGroup.valueOf(entry.namedGroupId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	347	if (ng == null \|\| !SupportedGroups.isActivatable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	348	shc.sslConfig.algorithmConstraints, ng)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	349	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	350	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	351	"Ignore unsupported named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	352	NamedGroup.nameOf(entry.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	353	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	354	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	355	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	356
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	357	if (ng.type == NamedGroupType.NAMED_GROUP_ECDHE) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	358	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	359	ECDHECredentials ecdhec =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	360	ECDHECredentials.valueOf(ng, entry.keyExchange);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	361	if (ecdhec != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	362	if (!shc.algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	363	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	364	ecdhec.popPublicKey)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	365	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	366	"ECDHE key share entry does not " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	367	"comply to algorithm constraints");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	368	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	369	credentials.add(ecdhec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	370	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	371	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	372	} catch (IOException \| GeneralSecurityException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	373	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	374	"Cannot decode named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	375	NamedGroup.nameOf(entry.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	376	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	377	} else if (ng.type == NamedGroupType.NAMED_GROUP_FFDHE) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	378	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	379	DHECredentials dhec =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	380	DHECredentials.valueOf(ng, entry.keyExchange);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	381	if (dhec != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	382	if (!shc.algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	383	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	384	dhec.popPublicKey)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	385	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	386	"DHE key share entry does not " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	387	"comply to algorithm constraints");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	388	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	389	credentials.add(dhec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	390	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	391	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	392	} catch (IOException \| GeneralSecurityException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	393	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	394	"Cannot decode named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	395	NamedGroup.nameOf(entry.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	396	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	397	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	398	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	399
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	400	if (!credentials.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	401	shc.handshakeCredentials.addAll(credentials);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	402	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	403	// New handshake credentials are required from the client side.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	404	shc.handshakeProducers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	405	SSLHandshake.HELLO_RETRY_REQUEST.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	406	SSLHandshake.HELLO_RETRY_REQUEST);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	407	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	408
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	409	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	410	shc.handshakeExtensions.put(SSLExtension.CH_KEY_SHARE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	411	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	412	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	413
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	414	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	415	* The key share entry used in ServerHello "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	416	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	417	static final class SHKeyShareSpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	418	final KeyShareEntry serverShare;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	419
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	420	SHKeyShareSpec(KeyShareEntry serverShare) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	421	this.serverShare = serverShare;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	422	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	423
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	424	private SHKeyShareSpec(ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	425	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	426	// KeyShareEntry server_share;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	427	// } KeyShareServerHello;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	428	if (buffer.remaining() < 5) { // 5: minimal server_share
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	429	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	430	"Invalid key_share extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	431	"insufficient data (length=" + buffer.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	432	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	433
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	434	int namedGroupId = Record.getInt16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	435	byte[] keyExchange = Record.getBytes16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	436
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	437	if (buffer.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	438	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	439	"Invalid key_share extension: unknown extra data");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	440	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	441
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	442	this.serverShare = new KeyShareEntry(namedGroupId, keyExchange);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	443	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	444
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	445	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	446	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	447	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	448	"\"server_share\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	449	" \"named group\": {0}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	450	" \"key_exchange\": '{'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	451	"{1}\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	452	" '}'\n" +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	453	"'}',", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	454
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	455	HexDumpEncoder hexEncoder = new HexDumpEncoder();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	456	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	457	NamedGroup.nameOf(serverShare.namedGroupId),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	458	Utilities.indent(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	459	hexEncoder.encode(serverShare.keyExchange), " ")
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	460	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	461
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	462	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	463	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	464	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	465
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	466	private static final class SHKeyShareStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	467	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	468	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	469	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	470	return (new SHKeyShareSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	471	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	472	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	473	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	474	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	475	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	476	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	477
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	478	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	479	* Network data producer of the extension in a ServerHello
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	480	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	481	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	482	private static final class SHKeyShareProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	483	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	484	private SHKeyShareProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	485	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	486	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	487
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	488	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	489	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	490	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	491	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	492	ServerHandshakeContext shc = (ServerHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	493
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	494	// In response to key_share request only
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	495	CHKeyShareSpec kss =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	496	(CHKeyShareSpec)shc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	497	SSLExtension.CH_KEY_SHARE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	498	if (kss == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	499	// Unlikely, no key_share extension requested.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	500	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	501	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	502	"Ignore, no client key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	503	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	504	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	505	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	506
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	507	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	508	if (!shc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	509	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	510	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	511	"Ignore, no available server key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	512	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	513	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	514	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	515
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	516	// use requested key share entries
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	517	if ((shc.handshakeCredentials == null) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	518	shc.handshakeCredentials.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	519	// Unlikely, HelloRetryRequest should be used ealier.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	520	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	521	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	522	"No available client key share entries");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	523	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	524	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	525	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	526
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	527	KeyShareEntry keyShare = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	528	for (SSLCredentials cd : shc.handshakeCredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	529	NamedGroup ng = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	530	if (cd instanceof ECDHECredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	531	ng = ((ECDHECredentials)cd).namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	532	} else if (cd instanceof DHECredentials) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	533	ng = ((DHECredentials)cd).namedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	534	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	535
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	536	if (ng == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	537	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	538	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	539
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	540	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	541	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	542	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	543	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	544	"No key exchange for named group " + ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	545	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	546	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	547	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	548
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	549	SSLPossession[] poses = ke.createPossessions(shc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	550	for (SSLPossession pos : poses) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	551	if (!(pos instanceof ECDHEPossession) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	552	!(pos instanceof DHEPossession)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	553	// May need more possesion types in the future.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	554	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	555	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	556
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	557	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	558	shc.handshakeKeyExchange = ke;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	559	shc.handshakePossessions.add(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	560	keyShare = new KeyShareEntry(ng.id, pos.encode());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	561	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	562	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	563
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	564	if (keyShare != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	565	for (Map.Entry<Byte, HandshakeProducer> me :
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	566	ke.getHandshakeProducers(shc)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	567	shc.handshakeProducers.put(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	568	me.getKey(), me.getValue());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	569	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	570
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	571	// We have got one! Don't forgor to break.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	572	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	573	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	574	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	575
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	576	if (keyShare == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	577	// Unlikely, HelloRetryRequest should be used instead ealier.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	578	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	579	SSLLogger.warning(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	580	"No available server key_share extension");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	581	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	582	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	583	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	584
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	585	byte[] extData = keyShare.getEncoded();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	586
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	587	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	588	SHKeyShareSpec spec = new SHKeyShareSpec(keyShare);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	589	shc.handshakeExtensions.put(SSLExtension.SH_KEY_SHARE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	590
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	591	return extData;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	592	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	593	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	594
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	595	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	596	* Network data consumer of the extension in a ServerHello
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	597	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	598	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	599	private static final class SHKeyShareConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	600	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	601	private SHKeyShareConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	602	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	603	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	604
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	605	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	606	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	607	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	608	// Happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	609	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	610	if (chc.clientRequestedNamedGroups == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	611	chc.clientRequestedNamedGroups.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	612	// No supported groups.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	613	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	614	"Unexpected key_share extension in ServerHello");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	615	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	616	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	617
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	618	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	619	if (!chc.sslConfig.isAvailable(SSLExtension.SH_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	620	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	621	"Unsupported key_share extension in ServerHello");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	622	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	623	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	624
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	625	// Parse the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	626	SHKeyShareSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	627	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	628	spec = new SHKeyShareSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	629	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	630	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	631	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	632	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	633
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	634	KeyShareEntry keyShare = spec.serverShare;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	635	NamedGroup ng = NamedGroup.valueOf(keyShare.namedGroupId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	636	if (ng == null \|\| !SupportedGroups.isActivatable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	637	chc.sslConfig.algorithmConstraints, ng)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	638	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	639	"Unsupported named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	640	NamedGroup.nameOf(keyShare.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	641	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	642	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	643
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	644	SSLKeyExchange ke = SSLKeyExchange.valueOf(ng);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	645	if (ke == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	646	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	647	"No key exchange for named group " + ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	648	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	649	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	650
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	651	SSLCredentials credentials = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	652	if (ng.type == NamedGroupType.NAMED_GROUP_ECDHE) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	653	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	654	ECDHECredentials ecdhec =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	655	ECDHECredentials.valueOf(ng, keyShare.keyExchange);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	656	if (ecdhec != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	657	if (!chc.algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	658	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	659	ecdhec.popPublicKey)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	660	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	661	"ECDHE key share entry does not " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	662	"comply to algorithm constraints");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	663	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	664	credentials = ecdhec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	665	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	666	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	667	} catch (IOException \| GeneralSecurityException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	668	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	669	"Cannot decode named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	670	NamedGroup.nameOf(keyShare.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	671	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	672	} else if (ng.type == NamedGroupType.NAMED_GROUP_FFDHE) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	673	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	674	DHECredentials dhec =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	675	DHECredentials.valueOf(ng, keyShare.keyExchange);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	676	if (dhec != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	677	if (!chc.algorithmConstraints.permits(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	678	EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	679	dhec.popPublicKey)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	680	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	681	"DHE key share entry does not " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	682	"comply to algorithm constraints");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	683	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	684	credentials = dhec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	685	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	686	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	687	} catch (IOException \| GeneralSecurityException ex) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	688	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	689	"Cannot decode named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	690	NamedGroup.nameOf(keyShare.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	691	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	692	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	693	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	694	"Unsupported named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	695	NamedGroup.nameOf(keyShare.namedGroupId));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	696	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	697
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	698	if (credentials == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	699	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	700	"Unsupported named group: " + ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	701	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	702
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	703	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	704	chc.handshakeKeyExchange = ke;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	705	chc.handshakeCredentials.add(credentials);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	706	chc.handshakeExtensions.put(SSLExtension.SH_KEY_SHARE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	707	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	708	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	709
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	710	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	711	* The absence processing if the extension is not present in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	712	* the ServerHello handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	713	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	714	private static final class SHKeyShareAbsence implements HandshakeAbsence {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	715	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	716	public void absent(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	717	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	718	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	719	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	720
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	721	// Cannot use the previous requested key shares any more.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	722	if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	723	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	724	"No key_share extension in ServerHello, " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	725	"cleanup the key shares if necessary");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	726	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	727	chc.handshakePossessions.clear();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	728	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	729	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	730
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	731	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	732	* The key share entry used in HelloRetryRequest "key_share" extensions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	733	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	734	static final class HRRKeyShareSpec implements SSLExtensionSpec {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	735	final int selectedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	736
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	737	HRRKeyShareSpec(NamedGroup serverGroup) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	738	this.selectedGroup = serverGroup.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	739	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	740
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	741	private HRRKeyShareSpec(ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	742	// struct {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	743	// NamedGroup selected_group;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	744	// } KeyShareHelloRetryRequest;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	745	if (buffer.remaining() != 2) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	746	throw new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	747	"Invalid key_share extension: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	748	"improper data (length=" + buffer.remaining() + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	749	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	750
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	751	this.selectedGroup = Record.getInt16(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	752	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	753
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	754	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	755	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	756	MessageFormat messageFormat = new MessageFormat(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	757	"\"selected group\": '['{0}']'", Locale.ENGLISH);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	758
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	759	Object[] messageFields = {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	760	NamedGroup.nameOf(selectedGroup)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	761	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	762	return messageFormat.format(messageFields);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	763	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	764	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	765
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	766	private static final class HRRKeyShareStringizer implements SSLStringizer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	767	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	768	public String toString(ByteBuffer buffer) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	769	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	770	return (new HRRKeyShareSpec(buffer)).toString();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	771	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	772	// For debug logging only, so please swallow exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	773	return ioe.getMessage();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	774	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	775	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	776	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	777
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	778	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	779	* Network data producer of the extension in a HelloRetryRequest
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	780	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	781	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	782	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	783	class HRRKeyShareProducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	784	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	785	private HRRKeyShareProducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	786	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	787	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	788
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	789	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	790	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	791	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	792	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	793	ServerHandshakeContext shc = (ServerHandshakeContext) context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	794
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	795	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	796	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	797	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	798	"Unsupported key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	799	return null; // make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	800	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	801
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	802	if (shc.clientRequestedNamedGroups == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	803	shc.clientRequestedNamedGroups.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	804	// No supported groups.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	805	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	806	"Unexpected key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	807	return null; // make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	808	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	809
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	810	NamedGroup selectedGroup = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	811	for (NamedGroup ng : shc.clientRequestedNamedGroups) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	812	if (SupportedGroups.isActivatable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	813	shc.sslConfig.algorithmConstraints, ng)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	814	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	815	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	816	"HelloRetryRequest selected named group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	817	ng.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	818	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	819
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	820	selectedGroup = ng;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	821	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	822	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	823	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	824
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	825	if (selectedGroup == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	826	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	827	new IOException("No common named group"));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	828	return null; // make the complier happy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	829	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	830
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	831	byte[] extdata = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	832	(byte)((selectedGroup.id >> 8) & 0xFF),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	833	(byte)(selectedGroup.id & 0xFF)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	834	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	835
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	836	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	837	shc.serverSelectedNamedGroup = selectedGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	838	shc.handshakeExtensions.put(SSLExtension.HRR_KEY_SHARE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	839	new HRRKeyShareSpec(selectedGroup));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	840
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	841	return extdata;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	842	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	843	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	844
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	845	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	846	* Network data producer of the extension for stateless
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	847	* HelloRetryRequest reconstruction.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	848	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	849	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	850	class HRRKeyShareReproducer implements HandshakeProducer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	851	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	852	private HRRKeyShareReproducer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	853	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	854	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	855
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	856	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	857	public byte[] produce(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	858	HandshakeMessage message) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	859	// The producing happens in server side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	860	ServerHandshakeContext shc = (ServerHandshakeContext) context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	861
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	862	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	863	if (!shc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	864	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	865	"Unsupported key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	866	return null; // make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	867	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	868
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	869	CHKeyShareSpec spec = (CHKeyShareSpec)shc.handshakeExtensions.get(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	870	SSLExtension.CH_KEY_SHARE);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	871	if (spec != null && spec.clientShares != null &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	872	spec.clientShares.size() == 1) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	873	int namedGroupId = spec.clientShares.get(0).namedGroupId;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	874
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	875	byte[] extdata = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	876	(byte)((namedGroupId >> 8) & 0xFF),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	877	(byte)(namedGroupId & 0xFF)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	878	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	879
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	880	return extdata;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	881	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	882
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	883	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	884	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	885	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	886
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	887	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	888	* Network data consumer of the extension in a HelloRetryRequest
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	889	* handshake message.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	890	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	891	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	892	class HRRKeyShareConsumer implements ExtensionConsumer {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	893	// Prevent instantiation of this class.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	894	private HRRKeyShareConsumer() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	895	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	896	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	897
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	898	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	899	public void consume(ConnectionContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	900	HandshakeMessage message, ByteBuffer buffer) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	901	// The producing happens in client side only.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	902	ClientHandshakeContext chc = (ClientHandshakeContext)context;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	903
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	904	// Is it a supported and enabled extension?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	905	if (!chc.sslConfig.isAvailable(SSLExtension.HRR_KEY_SHARE)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	906	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	907	"Unsupported key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	908	return; // make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	909	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	910
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	911	if (chc.clientRequestedNamedGroups == null \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	912	chc.clientRequestedNamedGroups.isEmpty()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	913	// No supported groups.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	914	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	915	"Unexpected key_share extension in HelloRetryRequest");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	916	return; // make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	917	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	918
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	919	// Parse the extension
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	920	HRRKeyShareSpec spec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	921	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	922	spec = new HRRKeyShareSpec(buffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	923	} catch (IOException ioe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	924	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	925	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	926	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	927
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	928	NamedGroup serverGroup = NamedGroup.valueOf(spec.selectedGroup);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	929	if (serverGroup == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	930	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	931	"Unsupported HelloRetryRequest selected group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	932	NamedGroup.nameOf(spec.selectedGroup));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	933	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	934	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	935
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	936	if (!chc.clientRequestedNamedGroups.contains(serverGroup)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	937	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	938	"Unexpected HelloRetryRequest selected group: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	939	serverGroup.name);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	940	return; // fatal() always throws, make the compiler happy.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	941	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	942
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	943	// update the context
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	944
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	945	// When sending the new ClientHello, the client MUST replace the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	946	// original "key_share" extension with one containing only a new
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	947	// KeyShareEntry for the group indicated in the selected_group
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	948	// field of the triggering HelloRetryRequest.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	949	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	950	chc.serverSelectedNamedGroup = serverGroup;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	951	chc.handshakeExtensions.put(SSLExtension.HRR_KEY_SHARE, spec);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	952	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	953	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: diff changeset	954	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
child 53056	9041178a0b69
child 56858	829e9b5ace08
permissions	-rw-r--r--