23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.IOException;
29 import java.nio.ByteBuffer;
30 import java.security.GeneralSecurityException;
31 import java.security.InvalidKeyException;
32 import java.security.MessageDigest;
33 import java.security.NoSuchAlgorithmException;
34 import java.security.ProviderException;
35 import java.security.spec.AlgorithmParameterSpec;
36 import java.text.MessageFormat;
37 import java.util.Locale;
38 import javax.crypto.KeyGenerator;
39 import javax.crypto.Mac;
40 import javax.crypto.SecretKey;
41 import javax.crypto.spec.IvParameterSpec;
42 import javax.crypto.spec.SecretKeySpec;
43 import sun.security.internal.spec.TlsPrfParameterSpec;
44 import sun.security.ssl.CipherSuite.HashAlg;
45 import static sun.security.ssl.CipherSuite.HashAlg.H_NONE;
46 import sun.security.ssl.SSLBasicKeyDerivation.SecretSizeSpec;
47 import sun.security.ssl.SSLCipher.SSLReadCipher;
48 import sun.security.ssl.SSLCipher.SSLWriteCipher;
49 import sun.security.ssl.SSLHandshake.HandshakeMessage;
50 import sun.security.util.HexDumpEncoder;
51
52 /**
53 * Pack of the Finished handshake message.
54 */
55 final class Finished {
56 static final SSLConsumer t12HandshakeConsumer =
57 new T12FinishedConsumer();
58 static final HandshakeProducer t12HandshakeProducer =
59 new T12FinishedProducer();
60
61 static final SSLConsumer t13HandshakeConsumer =
62 new T13FinishedConsumer();
531 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
532 SSLLogger.fine(
533 "Consuming server Finished handshake message", fm);
534 }
535
536 if (chc.conContext.secureRenegotiation) {
537 chc.conContext.serverVerifyData = fm.verifyData;
538 }
539
540 if (!chc.isResumption) {
541 if (chc.handshakeSession.isRejoinable()) {
542 ((SSLSessionContextImpl)chc.sslContext.
543 engineGetClientSessionContext()).put(
544 chc.handshakeSession);
545 }
546 chc.conContext.conSession = chc.handshakeSession.finish();
547 chc.conContext.protocolVersion = chc.negotiatedProtocol;
548
549 // handshake context cleanup.
550 chc.handshakeFinished = true;
551
552 // May need to retransmit the last flight for DTLS.
553 if (!chc.sslContext.isDTLS()) {
554 chc.conContext.finishHandshake();
555 }
556 } else {
557 chc.handshakeProducers.put(SSLHandshake.FINISHED.id,
558 SSLHandshake.FINISHED);
559 }
560
561 //
562 // produce
563 //
564 SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
565 SSLHandshake.FINISHED
566 };
567
568 for (SSLHandshake hs : probableHandshakeMessages) {
569 HandshakeProducer handshakeProducer =
570 chc.handshakeProducers.remove(hs.id);
580 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
581 SSLLogger.fine(
582 "Consuming client Finished handshake message", fm);
583 }
584
585 if (shc.conContext.secureRenegotiation) {
586 shc.conContext.clientVerifyData = fm.verifyData;
587 }
588
589 if (shc.isResumption) {
590 if (shc.handshakeSession.isRejoinable()) {
591 ((SSLSessionContextImpl)shc.sslContext.
592 engineGetServerSessionContext()).put(
593 shc.handshakeSession);
594 }
595 shc.conContext.conSession = shc.handshakeSession.finish();
596 shc.conContext.protocolVersion = shc.negotiatedProtocol;
597
598 // handshake context cleanup.
599 shc.handshakeFinished = true;
600
601 // May need to retransmit the last flight for DTLS.
602 if (!shc.sslContext.isDTLS()) {
603 shc.conContext.finishHandshake();
604 }
605 } else {
606 shc.handshakeProducers.put(SSLHandshake.FINISHED.id,
607 SSLHandshake.FINISHED);
608 }
609
610 //
611 // produce
612 //
613 SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
614 SSLHandshake.FINISHED
615 };
616
617 for (SSLHandshake hs : probableHandshakeMessages) {
618 HandshakeProducer handshakeProducer =
619 shc.handshakeProducers.remove(hs.id);
713
714 } catch (GeneralSecurityException gse) {
715 chc.conContext.fatal(Alert.INTERNAL_ERROR,
716 "Failure to derive application secrets", gse);
717 return null; // make the compiler happy
718 }
719
720 // The resumption master secret is stored in the session so
721 // it can be used after the handshake is completed.
722 SSLSecretDerivation sd = ((SSLSecretDerivation) kd).forContext(chc);
723 SecretKey resumptionMasterSecret = sd.deriveKey(
724 "TlsResumptionMasterSecret", null);
725 chc.handshakeSession.setResumptionMasterSecret(resumptionMasterSecret);
726
727 chc.conContext.conSession = chc.handshakeSession.finish();
728 chc.conContext.protocolVersion = chc.negotiatedProtocol;
729
730 // handshake context cleanup.
731 chc.handshakeFinished = true;
732 chc.conContext.finishHandshake();
733
734 // The handshake message has been delivered.
735 return null;
736 }
737
738 private byte[] onProduceFinished(ServerHandshakeContext shc,
739 HandshakeMessage message) throws IOException {
740 // Refresh handshake hash
741 shc.handshakeHash.update();
742
743 FinishedMessage fm = new FinishedMessage(shc);
744 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
745 SSLLogger.fine(
746 "Produced server Finished handshake message", fm);
747 }
748
749 // Output the handshake message.
750 fm.write(shc.handshakeOutput);
751 shc.handshakeOutput.flush();
752
1046 SecretKey resumptionMasterSecret = sd.deriveKey(
1047 "TlsResumptionMasterSecret", null);
1048 shc.handshakeSession.setResumptionMasterSecret(resumptionMasterSecret);
1049 } catch (GeneralSecurityException gse) {
1050 shc.conContext.fatal(Alert.INTERNAL_ERROR,
1051 "Failure to derive application secrets", gse);
1052 return; // make the compiler happy
1053 }
1054
1055 // update connection context
1056 shc.conContext.conSession = shc.handshakeSession.finish();
1057 shc.conContext.protocolVersion = shc.negotiatedProtocol;
1058
1059 // handshake context cleanup.
1060 shc.handshakeFinished = true;
1061
1062 // May need to retransmit the last flight for DTLS.
1063 if (!shc.sslContext.isDTLS()) {
1064 shc.conContext.finishHandshake();
1065 }
1066
1067 //
1068 // produce
1069 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
1070 SSLLogger.fine(
1071 "Sending new session ticket");
1072 }
1073 NewSessionTicket.kickstartProducer.produce(shc);
1074
1075 }
1076 }
1077 }
|
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.IOException;
29 import java.nio.ByteBuffer;
30 import java.security.GeneralSecurityException;
31 import java.security.InvalidKeyException;
32 import java.security.MessageDigest;
33 import java.security.NoSuchAlgorithmException;
34 import java.security.ProviderException;
35 import java.security.spec.AlgorithmParameterSpec;
36 import java.text.MessageFormat;
37 import java.util.Locale;
38 import javax.crypto.KeyGenerator;
39 import javax.crypto.Mac;
40 import javax.crypto.SecretKey;
41 import javax.crypto.spec.IvParameterSpec;
42 import javax.crypto.spec.SecretKeySpec;
43 import javax.net.ssl.SSLPeerUnverifiedException;
44
45 import jdk.internal.event.EventHelper;
46 import jdk.internal.event.TLSHandshakeEvent;
47 import sun.security.internal.spec.TlsPrfParameterSpec;
48 import sun.security.ssl.CipherSuite.HashAlg;
49 import static sun.security.ssl.CipherSuite.HashAlg.H_NONE;
50 import sun.security.ssl.SSLBasicKeyDerivation.SecretSizeSpec;
51 import sun.security.ssl.SSLCipher.SSLReadCipher;
52 import sun.security.ssl.SSLCipher.SSLWriteCipher;
53 import sun.security.ssl.SSLHandshake.HandshakeMessage;
54 import sun.security.util.HexDumpEncoder;
55
56 /**
57 * Pack of the Finished handshake message.
58 */
59 final class Finished {
60 static final SSLConsumer t12HandshakeConsumer =
61 new T12FinishedConsumer();
62 static final HandshakeProducer t12HandshakeProducer =
63 new T12FinishedProducer();
64
65 static final SSLConsumer t13HandshakeConsumer =
66 new T13FinishedConsumer();
535 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
536 SSLLogger.fine(
537 "Consuming server Finished handshake message", fm);
538 }
539
540 if (chc.conContext.secureRenegotiation) {
541 chc.conContext.serverVerifyData = fm.verifyData;
542 }
543
544 if (!chc.isResumption) {
545 if (chc.handshakeSession.isRejoinable()) {
546 ((SSLSessionContextImpl)chc.sslContext.
547 engineGetClientSessionContext()).put(
548 chc.handshakeSession);
549 }
550 chc.conContext.conSession = chc.handshakeSession.finish();
551 chc.conContext.protocolVersion = chc.negotiatedProtocol;
552
553 // handshake context cleanup.
554 chc.handshakeFinished = true;
555 recordEvent(chc.conContext.conSession);
556
557 // May need to retransmit the last flight for DTLS.
558 if (!chc.sslContext.isDTLS()) {
559 chc.conContext.finishHandshake();
560 }
561 } else {
562 chc.handshakeProducers.put(SSLHandshake.FINISHED.id,
563 SSLHandshake.FINISHED);
564 }
565
566 //
567 // produce
568 //
569 SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
570 SSLHandshake.FINISHED
571 };
572
573 for (SSLHandshake hs : probableHandshakeMessages) {
574 HandshakeProducer handshakeProducer =
575 chc.handshakeProducers.remove(hs.id);
585 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
586 SSLLogger.fine(
587 "Consuming client Finished handshake message", fm);
588 }
589
590 if (shc.conContext.secureRenegotiation) {
591 shc.conContext.clientVerifyData = fm.verifyData;
592 }
593
594 if (shc.isResumption) {
595 if (shc.handshakeSession.isRejoinable()) {
596 ((SSLSessionContextImpl)shc.sslContext.
597 engineGetServerSessionContext()).put(
598 shc.handshakeSession);
599 }
600 shc.conContext.conSession = shc.handshakeSession.finish();
601 shc.conContext.protocolVersion = shc.negotiatedProtocol;
602
603 // handshake context cleanup.
604 shc.handshakeFinished = true;
605 recordEvent(shc.conContext.conSession);
606
607 // May need to retransmit the last flight for DTLS.
608 if (!shc.sslContext.isDTLS()) {
609 shc.conContext.finishHandshake();
610 }
611 } else {
612 shc.handshakeProducers.put(SSLHandshake.FINISHED.id,
613 SSLHandshake.FINISHED);
614 }
615
616 //
617 // produce
618 //
619 SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] {
620 SSLHandshake.FINISHED
621 };
622
623 for (SSLHandshake hs : probableHandshakeMessages) {
624 HandshakeProducer handshakeProducer =
625 shc.handshakeProducers.remove(hs.id);
719
720 } catch (GeneralSecurityException gse) {
721 chc.conContext.fatal(Alert.INTERNAL_ERROR,
722 "Failure to derive application secrets", gse);
723 return null; // make the compiler happy
724 }
725
726 // The resumption master secret is stored in the session so
727 // it can be used after the handshake is completed.
728 SSLSecretDerivation sd = ((SSLSecretDerivation) kd).forContext(chc);
729 SecretKey resumptionMasterSecret = sd.deriveKey(
730 "TlsResumptionMasterSecret", null);
731 chc.handshakeSession.setResumptionMasterSecret(resumptionMasterSecret);
732
733 chc.conContext.conSession = chc.handshakeSession.finish();
734 chc.conContext.protocolVersion = chc.negotiatedProtocol;
735
736 // handshake context cleanup.
737 chc.handshakeFinished = true;
738 chc.conContext.finishHandshake();
739 recordEvent(chc.conContext.conSession);
740
741
742 // The handshake message has been delivered.
743 return null;
744 }
745
746 private byte[] onProduceFinished(ServerHandshakeContext shc,
747 HandshakeMessage message) throws IOException {
748 // Refresh handshake hash
749 shc.handshakeHash.update();
750
751 FinishedMessage fm = new FinishedMessage(shc);
752 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
753 SSLLogger.fine(
754 "Produced server Finished handshake message", fm);
755 }
756
757 // Output the handshake message.
758 fm.write(shc.handshakeOutput);
759 shc.handshakeOutput.flush();
760
1054 SecretKey resumptionMasterSecret = sd.deriveKey(
1055 "TlsResumptionMasterSecret", null);
1056 shc.handshakeSession.setResumptionMasterSecret(resumptionMasterSecret);
1057 } catch (GeneralSecurityException gse) {
1058 shc.conContext.fatal(Alert.INTERNAL_ERROR,
1059 "Failure to derive application secrets", gse);
1060 return; // make the compiler happy
1061 }
1062
1063 // update connection context
1064 shc.conContext.conSession = shc.handshakeSession.finish();
1065 shc.conContext.protocolVersion = shc.negotiatedProtocol;
1066
1067 // handshake context cleanup.
1068 shc.handshakeFinished = true;
1069
1070 // May need to retransmit the last flight for DTLS.
1071 if (!shc.sslContext.isDTLS()) {
1072 shc.conContext.finishHandshake();
1073 }
1074 recordEvent(shc.conContext.conSession);
1075
1076 //
1077 // produce
1078 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
1079 SSLLogger.fine(
1080 "Sending new session ticket");
1081 }
1082 NewSessionTicket.kickstartProducer.produce(shc);
1083
1084 }
1085 }
1086
1087 private static void recordEvent(SSLSessionImpl session) {
1088 TLSHandshakeEvent event = new TLSHandshakeEvent();
1089 if (event.shouldCommit() || EventHelper.isLoggingSecurity()) {
1090 String peerCertID = "";
1091 try {
1092 peerCertID = session
1093 .getCertificateChain()[0]
1094 .getSerialNumber()
1095 .toString(16);
1096 } catch (SSLPeerUnverifiedException e) {
1097 peerCertID = e.getMessage(); // not verified msg
1098 }
1099 if(event.shouldCommit()) {
1100 event.peerHost = session.getPeerHost();
1101 event.peerPort = session.getPeerPort();
1102 event.cipherSuite = session.getCipherSuite();
1103 event.protocolVersion = session.getProtocol();
1104 event.peerCertId = peerCertID;
1105 event.commit();
1106 }
1107 if (EventHelper.isLoggingSecurity()) {
1108 EventHelper.logTLSHandshakeEvent(null,
1109 session.getPeerHost(),
1110 session.getPeerPort(),
1111 session.getCipherSuite(),
1112 session.getProtocol(),
1113 peerCertID);
1114 }
1115 }
1116 }
1117 }
|