jdk-sandbox: src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java@cb1642ccc732 (annotated)

30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	1	/*
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	2	* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	4	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	10	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	15	* accompanied this code).
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	16	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	20	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	23	* questions.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	24	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	25
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	26	package sun.security.ssl;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	27
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	28	import java.io.IOException;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	29	import java.security.MessageDigest;
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	30	import java.security.NoSuchAlgorithmException;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	31	import java.security.SecureRandom;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	32	import java.util.Arrays;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	33	import static sun.security.ssl.ClientHello.ClientHelloMessage;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	34
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	35	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	36	* (D)TLS handshake cookie manager
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	37	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	38	abstract class HelloCookieManager {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	39
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	40	static class Builder {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	41
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	42	final SecureRandom secureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	43
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	44	private volatile D10HelloCookieManager d10HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	45	private volatile D13HelloCookieManager d13HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	46	private volatile T13HelloCookieManager t13HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	47
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	48	Builder(SecureRandom secureRandom) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	49	this.secureRandom = secureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	50	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	51
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	52	HelloCookieManager valueOf(ProtocolVersion protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	53	if (protocolVersion.isDTLS) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	54	if (protocolVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	55	if (d13HelloCookieManager != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	56	return d13HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	57	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	58
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	59	synchronized (this) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	60	if (d13HelloCookieManager == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	61	d13HelloCookieManager =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	62	new D13HelloCookieManager(secureRandom);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	63	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	64	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	65
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	66	return d13HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	67	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	68	if (d10HelloCookieManager != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	69	return d10HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	70	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	71
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	72	synchronized (this) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	73	if (d10HelloCookieManager == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	74	d10HelloCookieManager =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	75	new D10HelloCookieManager(secureRandom);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	76	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	77	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	78
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	79	return d10HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	80	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	81	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	82	if (protocolVersion.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	83	if (t13HelloCookieManager != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	84	return t13HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	85	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	86
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	87	synchronized (this) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	88	if (t13HelloCookieManager == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	89	t13HelloCookieManager =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	90	new T13HelloCookieManager(secureRandom);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	91	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	92	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	93
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	94	return t13HelloCookieManager;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	95	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	96	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	97
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	98	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	99	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	100	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	101
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	102	abstract byte[] createCookie(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	103	ClientHelloMessage clientHello) throws IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	104
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	105	abstract boolean isCookieValid(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	106	ClientHelloMessage clientHello, byte[] cookie) throws IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	108	// DTLS 1.0/1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	109	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	110	class D10HelloCookieManager extends HelloCookieManager {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	111
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	112	final SecureRandom secureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	113	private int cookieVersion; // allow to wrap, version + sequence
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	114	private byte[] cookieSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	115	private byte[] legacySecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	116
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	117	D10HelloCookieManager(SecureRandom secureRandom) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	118	this.secureRandom = secureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	119
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	120	this.cookieVersion = secureRandom.nextInt();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	121	this.cookieSecret = new byte[32];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	122	this.legacySecret = new byte[32];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	124	secureRandom.nextBytes(cookieSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	125	System.arraycopy(cookieSecret, 0, legacySecret, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	126	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	127
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	128	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	129	byte[] createCookie(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	130	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	131	int version;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	132	byte[] secret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	133
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	134	synchronized (this) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	135	version = cookieVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	136	secret = cookieSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	137
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	138	// the cookie secret usage limit is 2^24
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	139	if ((cookieVersion & 0xFFFFFF) == 0) { // reset the secret
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	140	System.arraycopy(cookieSecret, 0, legacySecret, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	141	secureRandom.nextBytes(cookieSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	142	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	143
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	144	cookieVersion++;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	145	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	146
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	147	MessageDigest md;
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	148	try {
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	149	md = MessageDigest.getInstance("SHA-256");
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	150	} catch (NoSuchAlgorithmException nsae) {
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	151	throw new RuntimeException(
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	152	"MessageDigest algorithm SHA-256 is not available", nsae);
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	153	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	154	byte[] helloBytes = clientHello.getHelloCookieBytes();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	155	md.update(helloBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	156	byte[] cookie = md.digest(secret); // 32 bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	157	cookie[0] = (byte)((version >> 24) & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	158
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	159	return cookie;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	160	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	161
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	162	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	163	boolean isCookieValid(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	164	ClientHelloMessage clientHello, byte[] cookie) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	165	// no cookie exchange or not a valid cookie length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	166	if ((cookie == null) \|\| (cookie.length != 32)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	167	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	168	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	169
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	170	byte[] secret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	171	synchronized (this) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	172	if (((cookieVersion >> 24) & 0xFF) == cookie[0]) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	173	secret = cookieSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	174	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	175	secret = legacySecret; // including out of window cookies
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	176	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	177	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	178
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	179	MessageDigest md;
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	180	try {
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	181	md = MessageDigest.getInstance("SHA-256");
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	182	} catch (NoSuchAlgorithmException nsae) {
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	183	throw new RuntimeException(
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	184	"MessageDigest algorithm SHA-256 is not available", nsae);
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	185	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	186	byte[] helloBytes = clientHello.getHelloCookieBytes();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	187	md.update(helloBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	188	byte[] target = md.digest(secret); // 32 bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	189	target[0] = cookie[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	190
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	191	return Arrays.equals(target, cookie);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	192	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	193	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	194
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	195	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	196	class D13HelloCookieManager extends HelloCookieManager {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	197	D13HelloCookieManager(SecureRandom secureRandom) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	198	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	199
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	200	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	201	byte[] createCookie(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	202	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	203	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	204	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	205
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	206	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	207	boolean isCookieValid(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	208	ClientHelloMessage clientHello, byte[] cookie) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	209	throw new UnsupportedOperationException("Not supported yet.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	210	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	211	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	212
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	213	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	214	class T13HelloCookieManager extends HelloCookieManager {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	215
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	216	final SecureRandom secureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	217	private int cookieVersion; // version + sequence
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	218	private final byte[] cookieSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	219	private final byte[] legacySecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	220
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	221	T13HelloCookieManager(SecureRandom secureRandom) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	222	this.secureRandom = secureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	223	this.cookieVersion = secureRandom.nextInt();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	224	this.cookieSecret = new byte[64];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	225	this.legacySecret = new byte[64];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	226
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	227	secureRandom.nextBytes(cookieSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	228	System.arraycopy(cookieSecret, 0, legacySecret, 0, 64);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	229	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	230
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	231	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	232	byte[] createCookie(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	233	ClientHelloMessage clientHello) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	234	int version;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	235	byte[] secret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	236
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	237	synchronized (this) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	238	version = cookieVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	239	secret = cookieSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	241	// the cookie secret usage limit is 2^24
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	242	if ((cookieVersion & 0xFFFFFF) == 0) { // reset the secret
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	243	System.arraycopy(cookieSecret, 0, legacySecret, 0, 64);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	244	secureRandom.nextBytes(cookieSecret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	245	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	246
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	247	cookieVersion++; // allow wrapped version number
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	248	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	249
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	250	MessageDigest md;
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	251	try {
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	252	md = MessageDigest.getInstance(
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	253	context.negotiatedCipherSuite.hashAlg.name);
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	254	} catch (NoSuchAlgorithmException nsae) {
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	255	throw new RuntimeException(
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	256	"MessageDigest algorithm " +
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	257	context.negotiatedCipherSuite.hashAlg.name +
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	258	" is not available", nsae);
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	259	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	260	byte[] headerBytes = clientHello.getHeaderBytes();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	261	md.update(headerBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	262	byte[] headerCookie = md.digest(secret);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	263
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	264	// hash of ClientHello handshake message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	265	context.handshakeHash.update();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	266	byte[] clientHelloHash = context.handshakeHash.digest();
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	267
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	268	// version and cipher suite
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	269	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	270	// Store the negotiated cipher suite in the cookie as well.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	271	// cookie[0]/[1]: cipher suite
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	272	// cookie[2]: cookie version
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	273	// + (hash length): Mac(ClientHello header)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	274	// + (hash length): Hash(ClientHello)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	275	byte[] prefix = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	276	(byte)((context.negotiatedCipherSuite.id >> 8) & 0xFF),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	277	(byte)(context.negotiatedCipherSuite.id & 0xFF),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	278	(byte)((version >> 24) & 0xFF)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	279	};
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	280
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	281	byte[] cookie = Arrays.copyOf(prefix,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	282	prefix.length + headerCookie.length + clientHelloHash.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	283	System.arraycopy(headerCookie, 0, cookie,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	284	prefix.length, headerCookie.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	285	System.arraycopy(clientHelloHash, 0, cookie,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	286	prefix.length + headerCookie.length, clientHelloHash.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	287
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	288	return cookie;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	289	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	290
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	291	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	292	boolean isCookieValid(ServerHandshakeContext context,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	293	ClientHelloMessage clientHello, byte[] cookie) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	294	// no cookie exchange or not a valid cookie length
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	295	if ((cookie == null) \|\| (cookie.length <= 32)) { // 32: roughly
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	296	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	297	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	298
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	299	int csId = ((cookie[0] & 0xFF) << 8) \| (cookie[1] & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	300	CipherSuite cs = CipherSuite.valueOf(csId);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	301	if (cs == null \|\| cs.hashAlg == null \|\| cs.hashAlg.hashLength == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	302	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	303	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	304
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	305	int hashLen = cs.hashAlg.hashLength;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	306	if (cookie.length != (3 + hashLen * 2)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	307	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	308	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	309
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	310	byte[] prevHeadCookie =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	311	Arrays.copyOfRange(cookie, 3, 3 + hashLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	312	byte[] prevClientHelloHash =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	313	Arrays.copyOfRange(cookie, 3 + hashLen, cookie.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	314
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	315	byte[] secret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	316	synchronized (this) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	317	if ((byte)((cookieVersion >> 24) & 0xFF) == cookie[2]) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	318	secret = cookieSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	319	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	320	secret = legacySecret; // including out of window cookies
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	321	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	322	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	323
53734 cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	324	MessageDigest md;
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	325	try {
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	326	md = MessageDigest.getInstance(cs.hashAlg.name);
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	327	} catch (NoSuchAlgorithmException nsae) {
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	328	throw new RuntimeException(
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	329	"MessageDigest algorithm " +
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	330	cs.hashAlg.name + " is not available", nsae);
cb1642ccc732 8217835: Remove the experimental SunJSSE FIPS compliant mode xuelei parents: 50768 diff changeset	331	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	332	byte[] headerBytes = clientHello.getHeaderBytes();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	333	md.update(headerBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	334	byte[] headerCookie = md.digest(secret);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	335
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	336	if (!Arrays.equals(headerCookie, prevHeadCookie)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	337	return false;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	338	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	339
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	340	// Use the ClientHello hash in the cookie for transtript
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	341	// hash calculation for stateless HelloRetryRequest.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	342	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	343	// Transcript-Hash(ClientHello1, HelloRetryRequest, ... Mn) =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	344	// Hash(message_hash \|\| /* Handshake type */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	345	// 00 00 Hash.length \|\| /* Handshake message length (bytes) */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	346	// Hash(ClientHello1) \|\| /* Hash of ClientHello1 */
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	347	// HelloRetryRequest \|\| ... \|\| Mn)
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	348
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	349	// Reproduce HelloRetryRequest handshake message
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	350	byte[] hrrMessage =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	351	ServerHello.hrrReproducer.produce(context, clientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	352	context.handshakeHash.push(hrrMessage);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	353
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	354	// Construct the 1st ClientHello message for transcript hash
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	355	byte[] hashedClientHello = new byte[4 + hashLen];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	356	hashedClientHello[0] = SSLHandshake.MESSAGE_HASH.id;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	357	hashedClientHello[1] = (byte)0x00;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	358	hashedClientHello[2] = (byte)0x00;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	359	hashedClientHello[3] = (byte)(hashLen & 0xFF);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	360	System.arraycopy(prevClientHelloHash, 0,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	361	hashedClientHello, 4, hashLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	362
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	363	context.handshakeHash.push(hashedClientHello);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	364
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	365	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	366	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	367	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	368	}

author	xuelei
	Tue, 12 Feb 2019 13:36:15 -0800
changeset 53734	cb1642ccc732
parent 50768	68fa3d4026ea
child 54443	dfba4e321ab3
permissions	-rw-r--r--