< prev index next >

src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java

Print this page 
rev 54061 : 8226374: Restrict TLS signature schemes and named groups
Reviewed-by: mullan


  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.IOException;
  29 import java.nio.ByteBuffer;
  30 import java.security.GeneralSecurityException;
  31 import java.security.InvalidAlgorithmParameterException;
  32 import java.security.InvalidKeyException;
  33 import java.security.Key;
  34 import java.security.NoSuchAlgorithmException;
  35 import java.security.PrivateKey;
  36 import java.security.PublicKey;
  37 import java.security.Signature;
  38 import java.security.SignatureException;
  39 import java.text.MessageFormat;
  40 import java.util.Locale;
  41 import java.util.Map;

  42 import sun.security.ssl.SSLHandshake.HandshakeMessage;
  43 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
  44 import sun.security.ssl.X509Authentication.X509Credentials;
  45 import sun.security.ssl.X509Authentication.X509Possession;
  46 import sun.security.util.HexDumpEncoder;
  47 
  48 /**
  49  * Pack of the ServerKeyExchange handshake message.
  50  */
  51 final class ECDHServerKeyExchange {
  52     static final SSLConsumer ecdheHandshakeConsumer =
  53             new ECDHServerKeyExchangeConsumer();
  54     static final HandshakeProducer ecdheHandshakeProducer =
  55             new ECDHServerKeyExchangeProducer();
  56 
  57     /**
  58      * The ECDH ServerKeyExchange handshake message.
  59      */
  60     private static final
  61             class ECDHServerKeyExchangeMessage extends HandshakeMessage {


  94                     namedGroupPossession = (NamedGroupPossession)possession;
  95                     if (x509Possession != null) {
  96                         break;
  97                     }
  98                 } else if (possession instanceof X509Possession) {
  99                     x509Possession = (X509Possession)possession;
 100                     if (namedGroupPossession != null) {
 101                         break;
 102                     }
 103                 }
 104             }
 105 
 106             if (namedGroupPossession == null) {
 107                 // unlikely
 108                 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
 109                     "No ECDHE credentials negotiated for server key exchange");
 110             }
 111 
 112             // Find the NamedGroup used for the ephemeral keys.
 113             namedGroup = namedGroupPossession.getNamedGroup();






 114             publicPoint = namedGroup.encodePossessionPublicKey(
 115                     namedGroupPossession);
 116 
 117             if ((namedGroup == null) || (namedGroup.oid == null) ) {
 118                 // unlikely
 119                 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
 120                     "Missing Named Group");
 121             }
 122 
 123             if (x509Possession == null) {
 124                 // anonymous, no authentication, no signature
 125                 paramsSignature = null;
 126                 signatureScheme = null;
 127                 useExplicitSigAlgorithm = false;
 128             } else {
 129                 useExplicitSigAlgorithm =
 130                         shc.negotiatedProtocol.useTLS12PlusSpec();
 131                 Signature signer = null;
 132                 if (useExplicitSigAlgorithm) {
 133                     Map.Entry<SignatureScheme, Signature> schemeAndSigner =
 134                             SignatureScheme.getSignerOfPreferableAlgorithm(

 135                                 shc.peerRequestedSignatureSchemes,
 136                                 x509Possession,
 137                                 shc.negotiatedProtocol);
 138                     if (schemeAndSigner == null) {
 139                         // Unlikely, the credentials generator should have
 140                         // selected the preferable signature algorithm properly.
 141                         throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
 142                                 "No supported signature algorithm for " +
 143                                 x509Possession.popPrivateKey.getAlgorithm() +
 144                                 "  key");
 145                     } else {
 146                         signatureScheme = schemeAndSigner.getKey();
 147                         signer = schemeAndSigner.getValue();
 148                     }
 149                 } else {
 150                     signatureScheme = null;
 151                     try {
 152                         signer = getSignature(
 153                                 x509Possession.popPrivateKey.getAlgorithm(),
 154                                 x509Possession.popPrivateKey);




  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.IOException;
  29 import java.nio.ByteBuffer;
  30 import java.security.GeneralSecurityException;
  31 import java.security.InvalidAlgorithmParameterException;
  32 import java.security.InvalidKeyException;
  33 import java.security.Key;
  34 import java.security.NoSuchAlgorithmException;
  35 import java.security.PrivateKey;
  36 import java.security.PublicKey;
  37 import java.security.Signature;
  38 import java.security.SignatureException;
  39 import java.text.MessageFormat;
  40 import java.util.Locale;
  41 import java.util.Map;
  42 import sun.security.ssl.NamedGroup.NamedGroupSpec;
  43 import sun.security.ssl.SSLHandshake.HandshakeMessage;
  44 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
  45 import sun.security.ssl.X509Authentication.X509Credentials;
  46 import sun.security.ssl.X509Authentication.X509Possession;
  47 import sun.security.util.HexDumpEncoder;
  48 
  49 /**
  50  * Pack of the ServerKeyExchange handshake message.
  51  */
  52 final class ECDHServerKeyExchange {
  53     static final SSLConsumer ecdheHandshakeConsumer =
  54             new ECDHServerKeyExchangeConsumer();
  55     static final HandshakeProducer ecdheHandshakeProducer =
  56             new ECDHServerKeyExchangeProducer();
  57 
  58     /**
  59      * The ECDH ServerKeyExchange handshake message.
  60      */
  61     private static final
  62             class ECDHServerKeyExchangeMessage extends HandshakeMessage {


  95                     namedGroupPossession = (NamedGroupPossession)possession;
  96                     if (x509Possession != null) {
  97                         break;
  98                     }
  99                 } else if (possession instanceof X509Possession) {
 100                     x509Possession = (X509Possession)possession;
 101                     if (namedGroupPossession != null) {
 102                         break;
 103                     }
 104                 }
 105             }
 106 
 107             if (namedGroupPossession == null) {
 108                 // unlikely
 109                 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
 110                     "No ECDHE credentials negotiated for server key exchange");
 111             }
 112 
 113             // Find the NamedGroup used for the ephemeral keys.
 114             namedGroup = namedGroupPossession.getNamedGroup();
 115             if ((namedGroup == null) || (!namedGroup.isAvailable)) {
 116                 // unlikely
 117                 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
 118                     "Missing or improper named group: " + namedGroup);
 119             }
 120 
 121             publicPoint = namedGroup.encodePossessionPublicKey(
 122                     namedGroupPossession);
 123             if (publicPoint == null) {

 124                 // unlikely
 125                 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
 126                     "Missing public point for named group: " + namedGroup);
 127             }
 128 
 129             if (x509Possession == null) {
 130                 // anonymous, no authentication, no signature
 131                 paramsSignature = null;
 132                 signatureScheme = null;
 133                 useExplicitSigAlgorithm = false;
 134             } else {
 135                 useExplicitSigAlgorithm =
 136                         shc.negotiatedProtocol.useTLS12PlusSpec();
 137                 Signature signer = null;
 138                 if (useExplicitSigAlgorithm) {
 139                     Map.Entry<SignatureScheme, Signature> schemeAndSigner =
 140                             SignatureScheme.getSignerOfPreferableAlgorithm(
 141                                 shc.algorithmConstraints,
 142                                 shc.peerRequestedSignatureSchemes,
 143                                 x509Possession,
 144                                 shc.negotiatedProtocol);
 145                     if (schemeAndSigner == null) {
 146                         // Unlikely, the credentials generator should have
 147                         // selected the preferable signature algorithm properly.
 148                         throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
 149                                 "No supported signature algorithm for " +
 150                                 x509Possession.popPrivateKey.getAlgorithm() +
 151                                 "  key");
 152                     } else {
 153                         signatureScheme = schemeAndSigner.getKey();
 154                         signer = schemeAndSigner.getValue();
 155                     }
 156                 } else {
 157                     signatureScheme = null;
 158                     try {
 159                         signer = getSignature(
 160                                 x509Possession.popPrivateKey.getAlgorithm(),
 161                                 x509Possession.popPrivateKey);
< prev index next >