< prev index next >

src/java.base/share/classes/sun/security/ssl/Finished.java

Print this page




 393 
 394             // Change write cipher and delivery ChangeCipherSpec message.
 395             ChangeCipherSpec.t10Producer.produce(chc, message);
 396 
 397             if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
 398                 SSLLogger.fine(
 399                         "Produced client Finished handshake message", fm);
 400             }
 401 
 402             // Output the handshake message.
 403             fm.write(chc.handshakeOutput);
 404             chc.handshakeOutput.flush();
 405 
 406             /*
 407              * save server verify data for secure renegotiation
 408              */
 409             if (chc.conContext.secureRenegotiation) {
 410                 chc.conContext.clientVerifyData = fm.verifyData;
 411             }
 412 
 413             if (chc.statelessResumption) {
 414                 chc.handshakeConsumers.put(
 415                         SSLHandshake.NEW_SESSION_TICKET.id, SSLHandshake.NEW_SESSION_TICKET);
 416             }
 417             // update the consumers and producers
 418             if (!chc.isResumption) {
 419                 chc.conContext.consumers.put(ContentType.CHANGE_CIPHER_SPEC.id,
 420                         ChangeCipherSpec.t10Consumer);
 421                 chc.handshakeConsumers.put(
 422                         SSLHandshake.FINISHED.id, SSLHandshake.FINISHED);
 423                 chc.conContext.inputRecord.expectingFinishFlight();
 424             } else {
 425                 if (chc.handshakeSession.isRejoinable()) {
 426                     ((SSLSessionContextImpl)chc.sslContext.
 427                         engineGetClientSessionContext()).put(
 428                             chc.handshakeSession);
 429                 }
 430                 chc.conContext.conSession = chc.handshakeSession.finish();
 431                 chc.conContext.protocolVersion = chc.negotiatedProtocol;
 432 
 433                 // handshake context cleanup.
 434                 chc.handshakeFinished = true;
 435 
 436                 // May need to retransmit the last flight for DTLS.
 437                 if (!chc.sslContext.isDTLS()) {
 438                     chc.conContext.finishHandshake();
 439                 }
 440             }
 441 
 442             // The handshake message has been delivered.
 443             return null;
 444         }
 445 
 446         private byte[] onProduceFinished(ServerHandshakeContext shc,
 447                 HandshakeMessage message) throws IOException {
 448             if (shc.statelessResumption) {
 449                 NewSessionTicket.handshake12Producer.produce(shc, message);
 450             }
 451 
 452             // Refresh handshake hash
 453             shc.handshakeHash.update();
 454 
 455             FinishedMessage fm = new FinishedMessage(shc);
 456 
 457             // Change write cipher and delivery ChangeCipherSpec message.
 458             ChangeCipherSpec.t10Producer.produce(shc, message);
 459 
 460             if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
 461                 SSLLogger.fine(
 462                         "Produced server Finished handshake message", fm);
 463             }
 464 
 465             // Output the handshake message.
 466             fm.write(shc.handshakeOutput);
 467             shc.handshakeOutput.flush();
 468 
 469             /*
 470              * save client verify data for secure renegotiation
 471              */
 472             if (shc.conContext.secureRenegotiation) {
 473                 shc.conContext.serverVerifyData = fm.verifyData;
 474             }
 475 
 476             // update the consumers and producers
 477             if (shc.isResumption) {
 478                 shc.conContext.consumers.put(ContentType.CHANGE_CIPHER_SPEC.id,
 479                         ChangeCipherSpec.t10Consumer);
 480                 shc.handshakeConsumers.put(
 481                         SSLHandshake.FINISHED.id, SSLHandshake.FINISHED);
 482                 shc.conContext.inputRecord.expectingFinishFlight();
 483             } else {
 484                 if (shc.handshakeSession.isRejoinable() &&
 485                         !shc.statelessResumption) {
 486                     ((SSLSessionContextImpl)shc.sslContext.
 487                         engineGetServerSessionContext()).put(
 488                             shc.handshakeSession);
 489                 }
 490                 shc.conContext.conSession = shc.handshakeSession.finish();
 491                 shc.conContext.protocolVersion = shc.negotiatedProtocol;
 492 
 493                 // handshake context cleanup.
 494                 shc.handshakeFinished = true;
 495 
 496                 // May need to retransmit the last flight for DTLS.
 497                 if (!shc.sslContext.isDTLS()) {
 498                     shc.conContext.finishHandshake();
 499                 }
 500             }
 501 
 502             // The handshake message has been delivered.
 503             return null;
 504         }
 505     }


 583                         chc.handshakeProducers.remove(hs.id);
 584                 if (handshakeProducer != null) {
 585                     handshakeProducer.produce(chc, fm);
 586                 }
 587             }
 588         }
 589 
 590         private void onConsumeFinished(ServerHandshakeContext shc,
 591                 ByteBuffer message) throws IOException {
 592             FinishedMessage fm = new FinishedMessage(shc, message);
 593             if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
 594                 SSLLogger.fine(
 595                         "Consuming client Finished handshake message", fm);
 596             }
 597 
 598             if (shc.conContext.secureRenegotiation) {
 599                 shc.conContext.clientVerifyData = fm.verifyData;
 600             }
 601 
 602             if (shc.isResumption) {
 603                 if (shc.handshakeSession.isRejoinable() &&
 604                         !shc.statelessResumption) {
 605                     ((SSLSessionContextImpl)shc.sslContext.
 606                         engineGetServerSessionContext()).put(
 607                             shc.handshakeSession);
 608                 }
 609                 shc.conContext.conSession = shc.handshakeSession.finish();
 610                 shc.conContext.protocolVersion = shc.negotiatedProtocol;
 611 
 612                 // handshake context cleanup.
 613                 shc.handshakeFinished = true;
 614                 recordEvent(shc.conContext.conSession);
 615 
 616                 // May need to retransmit the last flight for DTLS.
 617                 if (!shc.sslContext.isDTLS()) {
 618                     shc.conContext.finishHandshake();
 619                 }
 620             } else {
 621                 shc.handshakeProducers.put(SSLHandshake.FINISHED.id,
 622                         SSLHandshake.FINISHED);
 623             }
 624 


 908             // Refresh handshake hash
 909             chc.handshakeHash.update();
 910             SSLKeyDerivation kd = chc.handshakeKeyDerivation;
 911             if (kd == null) {
 912                 // unlikely
 913                 throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
 914                     "no key derivation");
 915             }
 916 
 917             SSLTrafficKeyDerivation kdg =
 918                     SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol);
 919             if (kdg == null) {
 920                 // unlikely
 921                 throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
 922                         "Not supported key derivation: " +
 923                         chc.negotiatedProtocol);
 924             }
 925 
 926             // save the session
 927             if (!chc.isResumption && chc.handshakeSession.isRejoinable()) {
 928                 ((SSLSessionContextImpl)chc.sslContext.
 929                         engineGetClientSessionContext()).
 930                         put(chc.handshakeSession);
 931             }
 932 
 933             // derive salt secret
 934             try {
 935                 SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
 936 
 937                 // derive application secrets
 938                 HashAlg hashAlg = chc.negotiatedCipherSuite.hashAlg;
 939                 HKDF hkdf = new HKDF(hashAlg.name);
 940                 byte[] zeros = new byte[hashAlg.hashLength];
 941                 SecretKeySpec sharedSecret =
 942                         new SecretKeySpec(zeros, "TlsZeroSecret");
 943                 SecretKey masterSecret =
 944                     hkdf.extract(saltSecret, sharedSecret, "TlsMasterSecret");
 945 
 946                 SSLKeyDerivation secretKD =
 947                         new SSLSecretDerivation(chc, masterSecret);
 948 
 949                 // update the handshake traffic read keys.
 950                 SecretKey readSecret = secretKD.deriveKey(


1021             //
1022             // update
1023             //
1024             // Change client/server application traffic secrets.
1025             SSLKeyDerivation kd = shc.handshakeKeyDerivation;
1026             if (kd == null) {
1027                 // unlikely
1028                 throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
1029                     "no key derivation");
1030             }
1031 
1032             SSLTrafficKeyDerivation kdg =
1033                     SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol);
1034             if (kdg == null) {
1035                 // unlikely
1036                 throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
1037                         "Not supported key derivation: " +
1038                         shc.negotiatedProtocol);
1039             }
1040 
1041             // Save the session if possible and not stateless
1042             if (!shc.statelessResumption && !shc.isResumption &&
1043                     shc.handshakeSession.isRejoinable()) {
1044                 SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
1045                         shc.sslContext.engineGetServerSessionContext();
1046                 sessionContext.put(shc.handshakeSession);
1047             }
1048 
1049             try {
1050                 // update the application traffic read keys.
1051                 SecretKey readSecret = kd.deriveKey(
1052                         "TlsClientAppTrafficSecret", null);
1053 
1054                 SSLKeyDerivation readKD =
1055                         kdg.createKeyDerivation(shc, readSecret);
1056                 SecretKey readKey = readKD.deriveKey(
1057                         "TlsKey", null);
1058                 SecretKey readIvSecret = readKD.deriveKey(
1059                         "TlsIv", null);
1060                 IvParameterSpec readIv =
1061                         new IvParameterSpec(readIvSecret.getEncoded());
1062                 SSLReadCipher readCipher =
1063                         shc.negotiatedCipherSuite.bulkCipher.createReadCipher(
1064                                 Authenticator.valueOf(shc.negotiatedProtocol),
1065                                 shc.negotiatedProtocol, readKey, readIv,




 393 
 394             // Change write cipher and delivery ChangeCipherSpec message.
 395             ChangeCipherSpec.t10Producer.produce(chc, message);
 396 
 397             if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
 398                 SSLLogger.fine(
 399                         "Produced client Finished handshake message", fm);
 400             }
 401 
 402             // Output the handshake message.
 403             fm.write(chc.handshakeOutput);
 404             chc.handshakeOutput.flush();
 405 
 406             /*
 407              * save server verify data for secure renegotiation
 408              */
 409             if (chc.conContext.secureRenegotiation) {
 410                 chc.conContext.clientVerifyData = fm.verifyData;
 411             }
 412 




 413             // update the consumers and producers
 414             if (!chc.isResumption) {
 415                 chc.conContext.consumers.put(ContentType.CHANGE_CIPHER_SPEC.id,
 416                         ChangeCipherSpec.t10Consumer);
 417                 chc.handshakeConsumers.put(
 418                         SSLHandshake.FINISHED.id, SSLHandshake.FINISHED);
 419                 chc.conContext.inputRecord.expectingFinishFlight();
 420             } else {
 421                 if (chc.handshakeSession.isRejoinable()) {
 422                     ((SSLSessionContextImpl)chc.sslContext.
 423                         engineGetClientSessionContext()).put(
 424                             chc.handshakeSession);
 425                 }
 426                 chc.conContext.conSession = chc.handshakeSession.finish();
 427                 chc.conContext.protocolVersion = chc.negotiatedProtocol;
 428 
 429                 // handshake context cleanup.
 430                 chc.handshakeFinished = true;
 431 
 432                 // May need to retransmit the last flight for DTLS.
 433                 if (!chc.sslContext.isDTLS()) {
 434                     chc.conContext.finishHandshake();
 435                 }
 436             }
 437 
 438             // The handshake message has been delivered.
 439             return null;
 440         }
 441 
 442         private byte[] onProduceFinished(ServerHandshakeContext shc,
 443                 HandshakeMessage message) throws IOException {




 444             // Refresh handshake hash
 445             shc.handshakeHash.update();
 446 
 447             FinishedMessage fm = new FinishedMessage(shc);
 448 
 449             // Change write cipher and delivery ChangeCipherSpec message.
 450             ChangeCipherSpec.t10Producer.produce(shc, message);
 451 
 452             if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
 453                 SSLLogger.fine(
 454                         "Produced server Finished handshake message", fm);
 455             }
 456 
 457             // Output the handshake message.
 458             fm.write(shc.handshakeOutput);
 459             shc.handshakeOutput.flush();
 460 
 461             /*
 462              * save client verify data for secure renegotiation
 463              */
 464             if (shc.conContext.secureRenegotiation) {
 465                 shc.conContext.serverVerifyData = fm.verifyData;
 466             }
 467 
 468             // update the consumers and producers
 469             if (shc.isResumption) {
 470                 shc.conContext.consumers.put(ContentType.CHANGE_CIPHER_SPEC.id,
 471                         ChangeCipherSpec.t10Consumer);
 472                 shc.handshakeConsumers.put(
 473                         SSLHandshake.FINISHED.id, SSLHandshake.FINISHED);
 474                 shc.conContext.inputRecord.expectingFinishFlight();
 475             } else {
 476                 if (shc.handshakeSession.isRejoinable()) {

 477                     ((SSLSessionContextImpl)shc.sslContext.
 478                         engineGetServerSessionContext()).put(
 479                             shc.handshakeSession);
 480                 }
 481                 shc.conContext.conSession = shc.handshakeSession.finish();
 482                 shc.conContext.protocolVersion = shc.negotiatedProtocol;
 483 
 484                 // handshake context cleanup.
 485                 shc.handshakeFinished = true;
 486 
 487                 // May need to retransmit the last flight for DTLS.
 488                 if (!shc.sslContext.isDTLS()) {
 489                     shc.conContext.finishHandshake();
 490                 }
 491             }
 492 
 493             // The handshake message has been delivered.
 494             return null;
 495         }
 496     }


 574                         chc.handshakeProducers.remove(hs.id);
 575                 if (handshakeProducer != null) {
 576                     handshakeProducer.produce(chc, fm);
 577                 }
 578             }
 579         }
 580 
 581         private void onConsumeFinished(ServerHandshakeContext shc,
 582                 ByteBuffer message) throws IOException {
 583             FinishedMessage fm = new FinishedMessage(shc, message);
 584             if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
 585                 SSLLogger.fine(
 586                         "Consuming client Finished handshake message", fm);
 587             }
 588 
 589             if (shc.conContext.secureRenegotiation) {
 590                 shc.conContext.clientVerifyData = fm.verifyData;
 591             }
 592 
 593             if (shc.isResumption) {
 594                 if (shc.handshakeSession.isRejoinable()) {

 595                     ((SSLSessionContextImpl)shc.sslContext.
 596                         engineGetServerSessionContext()).put(
 597                             shc.handshakeSession);
 598                 }
 599                 shc.conContext.conSession = shc.handshakeSession.finish();
 600                 shc.conContext.protocolVersion = shc.negotiatedProtocol;
 601 
 602                 // handshake context cleanup.
 603                 shc.handshakeFinished = true;
 604                 recordEvent(shc.conContext.conSession);
 605 
 606                 // May need to retransmit the last flight for DTLS.
 607                 if (!shc.sslContext.isDTLS()) {
 608                     shc.conContext.finishHandshake();
 609                 }
 610             } else {
 611                 shc.handshakeProducers.put(SSLHandshake.FINISHED.id,
 612                         SSLHandshake.FINISHED);
 613             }
 614 


 898             // Refresh handshake hash
 899             chc.handshakeHash.update();
 900             SSLKeyDerivation kd = chc.handshakeKeyDerivation;
 901             if (kd == null) {
 902                 // unlikely
 903                 throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
 904                     "no key derivation");
 905             }
 906 
 907             SSLTrafficKeyDerivation kdg =
 908                     SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol);
 909             if (kdg == null) {
 910                 // unlikely
 911                 throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
 912                         "Not supported key derivation: " +
 913                         chc.negotiatedProtocol);
 914             }
 915 
 916             // save the session
 917             if (!chc.isResumption && chc.handshakeSession.isRejoinable()) {
 918                 SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
 919                 chc.sslContext.engineGetClientSessionContext();
 920                 sessionContext.put(chc.handshakeSession);
 921             }
 922 
 923             // derive salt secret
 924             try {
 925                 SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
 926 
 927                 // derive application secrets
 928                 HashAlg hashAlg = chc.negotiatedCipherSuite.hashAlg;
 929                 HKDF hkdf = new HKDF(hashAlg.name);
 930                 byte[] zeros = new byte[hashAlg.hashLength];
 931                 SecretKeySpec sharedSecret =
 932                         new SecretKeySpec(zeros, "TlsZeroSecret");
 933                 SecretKey masterSecret =
 934                     hkdf.extract(saltSecret, sharedSecret, "TlsMasterSecret");
 935 
 936                 SSLKeyDerivation secretKD =
 937                         new SSLSecretDerivation(chc, masterSecret);
 938 
 939                 // update the handshake traffic read keys.
 940                 SecretKey readSecret = secretKD.deriveKey(


1011             //
1012             // update
1013             //
1014             // Change client/server application traffic secrets.
1015             SSLKeyDerivation kd = shc.handshakeKeyDerivation;
1016             if (kd == null) {
1017                 // unlikely
1018                 throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
1019                     "no key derivation");
1020             }
1021 
1022             SSLTrafficKeyDerivation kdg =
1023                     SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol);
1024             if (kdg == null) {
1025                 // unlikely
1026                 throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
1027                         "Not supported key derivation: " +
1028                         shc.negotiatedProtocol);
1029             }
1030 
1031             // save the session
1032             if (!shc.isResumption && shc.handshakeSession.isRejoinable()) {

1033                 SSLSessionContextImpl sessionContext = (SSLSessionContextImpl)
1034                 shc.sslContext.engineGetServerSessionContext();
1035                 sessionContext.put(shc.handshakeSession);
1036             }
1037 
1038             try {
1039                 // update the application traffic read keys.
1040                 SecretKey readSecret = kd.deriveKey(
1041                         "TlsClientAppTrafficSecret", null);
1042 
1043                 SSLKeyDerivation readKD =
1044                         kdg.createKeyDerivation(shc, readSecret);
1045                 SecretKey readKey = readKD.deriveKey(
1046                         "TlsKey", null);
1047                 SecretKey readIvSecret = readKD.deriveKey(
1048                         "TlsIv", null);
1049                 IvParameterSpec readIv =
1050                         new IvParameterSpec(readIvSecret.getEncoded());
1051                 SSLReadCipher readCipher =
1052                         shc.negotiatedCipherSuite.bulkCipher.createReadCipher(
1053                                 Authenticator.valueOf(shc.negotiatedProtocol),
1054                                 shc.negotiatedProtocol, readKey, readIv,


< prev index next >