22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.IOException;
29 import java.nio.ByteBuffer;
30 import java.security.GeneralSecurityException;
31 import java.security.InvalidAlgorithmParameterException;
32 import java.security.InvalidKeyException;
33 import java.security.Key;
34 import java.security.NoSuchAlgorithmException;
35 import java.security.PrivateKey;
36 import java.security.PublicKey;
37 import java.security.Signature;
38 import java.security.SignatureException;
39 import java.text.MessageFormat;
40 import java.util.Locale;
41 import java.util.Map;
42 import sun.security.ssl.SSLHandshake.HandshakeMessage;
43 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
44 import sun.security.ssl.X509Authentication.X509Credentials;
45 import sun.security.ssl.X509Authentication.X509Possession;
46 import sun.security.util.HexDumpEncoder;
47
48 /**
49 * Pack of the ServerKeyExchange handshake message.
50 */
51 final class ECDHServerKeyExchange {
52 static final SSLConsumer ecdheHandshakeConsumer =
53 new ECDHServerKeyExchangeConsumer();
54 static final HandshakeProducer ecdheHandshakeProducer =
55 new ECDHServerKeyExchangeProducer();
56
57 /**
58 * The ECDH ServerKeyExchange handshake message.
59 */
60 private static final
61 class ECDHServerKeyExchangeMessage extends HandshakeMessage {
94 namedGroupPossession = (NamedGroupPossession)possession;
95 if (x509Possession != null) {
96 break;
97 }
98 } else if (possession instanceof X509Possession) {
99 x509Possession = (X509Possession)possession;
100 if (namedGroupPossession != null) {
101 break;
102 }
103 }
104 }
105
106 if (namedGroupPossession == null) {
107 // unlikely
108 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
109 "No ECDHE credentials negotiated for server key exchange");
110 }
111
112 // Find the NamedGroup used for the ephemeral keys.
113 namedGroup = namedGroupPossession.getNamedGroup();
114 publicPoint = namedGroup.encodePossessionPublicKey(
115 namedGroupPossession);
116
117 if ((namedGroup == null) || (namedGroup.oid == null) ) {
118 // unlikely
119 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
120 "Missing Named Group");
121 }
122
123 if (x509Possession == null) {
124 // anonymous, no authentication, no signature
125 paramsSignature = null;
126 signatureScheme = null;
127 useExplicitSigAlgorithm = false;
128 } else {
129 useExplicitSigAlgorithm =
130 shc.negotiatedProtocol.useTLS12PlusSpec();
131 Signature signer = null;
132 if (useExplicitSigAlgorithm) {
133 Map.Entry<SignatureScheme, Signature> schemeAndSigner =
134 SignatureScheme.getSignerOfPreferableAlgorithm(
135 shc.peerRequestedSignatureSchemes,
136 x509Possession,
137 shc.negotiatedProtocol);
138 if (schemeAndSigner == null) {
139 // Unlikely, the credentials generator should have
140 // selected the preferable signature algorithm properly.
141 throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
142 "No supported signature algorithm for " +
143 x509Possession.popPrivateKey.getAlgorithm() +
144 " key");
145 } else {
146 signatureScheme = schemeAndSigner.getKey();
147 signer = schemeAndSigner.getValue();
148 }
149 } else {
150 signatureScheme = null;
151 try {
152 signer = getSignature(
153 x509Possession.popPrivateKey.getAlgorithm(),
154 x509Possession.popPrivateKey);
|
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.io.IOException;
29 import java.nio.ByteBuffer;
30 import java.security.GeneralSecurityException;
31 import java.security.InvalidAlgorithmParameterException;
32 import java.security.InvalidKeyException;
33 import java.security.Key;
34 import java.security.NoSuchAlgorithmException;
35 import java.security.PrivateKey;
36 import java.security.PublicKey;
37 import java.security.Signature;
38 import java.security.SignatureException;
39 import java.text.MessageFormat;
40 import java.util.Locale;
41 import java.util.Map;
42 import sun.security.ssl.NamedGroup.NamedGroupSpec;
43 import sun.security.ssl.SSLHandshake.HandshakeMessage;
44 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
45 import sun.security.ssl.X509Authentication.X509Credentials;
46 import sun.security.ssl.X509Authentication.X509Possession;
47 import sun.security.util.HexDumpEncoder;
48
49 /**
50 * Pack of the ServerKeyExchange handshake message.
51 */
52 final class ECDHServerKeyExchange {
53 static final SSLConsumer ecdheHandshakeConsumer =
54 new ECDHServerKeyExchangeConsumer();
55 static final HandshakeProducer ecdheHandshakeProducer =
56 new ECDHServerKeyExchangeProducer();
57
58 /**
59 * The ECDH ServerKeyExchange handshake message.
60 */
61 private static final
62 class ECDHServerKeyExchangeMessage extends HandshakeMessage {
95 namedGroupPossession = (NamedGroupPossession)possession;
96 if (x509Possession != null) {
97 break;
98 }
99 } else if (possession instanceof X509Possession) {
100 x509Possession = (X509Possession)possession;
101 if (namedGroupPossession != null) {
102 break;
103 }
104 }
105 }
106
107 if (namedGroupPossession == null) {
108 // unlikely
109 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
110 "No ECDHE credentials negotiated for server key exchange");
111 }
112
113 // Find the NamedGroup used for the ephemeral keys.
114 namedGroup = namedGroupPossession.getNamedGroup();
115 if ((namedGroup == null) || (!namedGroup.isAvailable)) {
116 // unlikely
117 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
118 "Missing or improper named group: " + namedGroup);
119 }
120
121 publicPoint = namedGroup.encodePossessionPublicKey(
122 namedGroupPossession);
123 if (publicPoint == null) {
124 // unlikely
125 throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
126 "Missing public point for named group: " + namedGroup);
127 }
128
129 if (x509Possession == null) {
130 // anonymous, no authentication, no signature
131 paramsSignature = null;
132 signatureScheme = null;
133 useExplicitSigAlgorithm = false;
134 } else {
135 useExplicitSigAlgorithm =
136 shc.negotiatedProtocol.useTLS12PlusSpec();
137 Signature signer = null;
138 if (useExplicitSigAlgorithm) {
139 Map.Entry<SignatureScheme, Signature> schemeAndSigner =
140 SignatureScheme.getSignerOfPreferableAlgorithm(
141 shc.algorithmConstraints,
142 shc.peerRequestedSignatureSchemes,
143 x509Possession,
144 shc.negotiatedProtocol);
145 if (schemeAndSigner == null) {
146 // Unlikely, the credentials generator should have
147 // selected the preferable signature algorithm properly.
148 throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
149 "No supported signature algorithm for " +
150 x509Possession.popPrivateKey.getAlgorithm() +
151 " key");
152 } else {
153 signatureScheme = schemeAndSigner.getKey();
154 signer = schemeAndSigner.getValue();
155 }
156 } else {
157 signatureScheme = null;
158 try {
159 signer = getSignature(
160 x509Possession.popPrivateKey.getAlgorithm(),
161 x509Possession.popPrivateKey);
|