< prev index next >

src/java.base/share/classes/sun/security/ssl/SSLKeyExchange.java

Print this page


   1 /*
   2  * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.IOException;
  29 import java.util.AbstractMap.SimpleImmutableEntry;
  30 import java.util.Arrays;
  31 import java.util.HashMap;
  32 import java.util.Map;




  33 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
  34 import sun.security.ssl.X509Authentication.X509Possession;
  35 
  36 final class SSLKeyExchange implements SSLKeyAgreementGenerator,
  37         SSLHandshakeBinding {
  38     private final SSLAuthentication authentication;
  39     private final SSLKeyAgreement keyAgreement;
  40 
  41     SSLKeyExchange(X509Authentication authentication,
  42             SSLKeyAgreement keyAgreement) {
  43         this.authentication = authentication;
  44         this.keyAgreement = keyAgreement;
  45     }
  46 
  47     SSLPossession[] createPossessions(HandshakeContext context) {
  48         // authentication
  49         SSLPossession authPossession = null;
  50         if (authentication != null) {
  51             authPossession = authentication.createPossession(context);
  52             if (authPossession == null) {


 222                 return SSLKeyExECDHRSA.KE;
 223             case K_ECDHE_ECDSA:
 224                 return SSLKeyExECDHEECDSA.KE;
 225             case K_ECDHE_RSA:
 226                 if (protocolVersion.useTLS12PlusSpec()) {   // (D)TLS 1.2
 227                     return SSLKeyExECDHERSAOrPSS.KE;
 228                 } else {    // SSL 3.0, TLS 1.0/1.1
 229                     return SSLKeyExECDHERSA.KE;
 230                 }
 231             case K_ECDH_ANON:
 232                 return SSLKeyExECDHANON.KE;
 233         }
 234 
 235         return null;
 236     }
 237 
 238     // TLS 1.3
 239     static SSLKeyExchange valueOf(NamedGroup namedGroup) {
 240         SSLKeyAgreement ka = T13KeyAgreement.valueOf(namedGroup);
 241         if (ka != null) {
 242             return new SSLKeyExchange(null, ka);

 243         }
 244 
 245         return null;
 246     }
 247 
 248     private static class SSLKeyExRSA {
 249         private static SSLKeyExchange KE = new SSLKeyExchange(
 250                 X509Authentication.RSA, T12KeyAgreement.RSA);
 251     }
 252 
 253     private static class SSLKeyExRSAExport {
 254         private static SSLKeyExchange KE = new SSLKeyExchange(
 255                 X509Authentication.RSA, T12KeyAgreement.RSA_EXPORT);
 256     }
 257 
 258     private static class SSLKeyExDHEDSS {
 259         private static SSLKeyExchange KE = new SSLKeyExchange(
 260                 X509Authentication.DSA, T12KeyAgreement.DHE);
 261     }
 262 


 315                 X509Authentication.RSA_OR_PSS, T12KeyAgreement.ECDHE);
 316     }
 317 
 318     private static class SSLKeyExECDHANON {
 319         private static SSLKeyExchange KE = new SSLKeyExchange(
 320                 null, T12KeyAgreement.ECDHE);
 321     }
 322 
 323     private enum T12KeyAgreement implements SSLKeyAgreement {
 324         RSA             ("rsa",         null,
 325                                         RSAKeyExchange.kaGenerator),
 326         RSA_EXPORT      ("rsa_export",  RSAKeyExchange.poGenerator,
 327                                         RSAKeyExchange.kaGenerator),
 328         DHE             ("dhe",         DHKeyExchange.poGenerator,
 329                                         DHKeyExchange.kaGenerator),
 330         DHE_EXPORT      ("dhe_export",  DHKeyExchange.poExportableGenerator,
 331                                         DHKeyExchange.kaGenerator),
 332         ECDH            ("ecdh",        null,
 333                                         ECDHKeyExchange.ecdhKAGenerator),
 334         ECDHE           ("ecdhe",       ECDHKeyExchange.poGenerator,
 335                                         ECDHKeyExchange.ecdheXdhKAGenerator);
 336 
 337         final String name;
 338         final SSLPossessionGenerator possessionGenerator;
 339         final SSLKeyAgreementGenerator keyAgreementGenerator;
 340 
 341         T12KeyAgreement(String name,
 342                 SSLPossessionGenerator possessionGenerator,
 343                 SSLKeyAgreementGenerator keyAgreementGenerator) {
 344             this.name = name;
 345             this.possessionGenerator = possessionGenerator;
 346             this.keyAgreementGenerator = keyAgreementGenerator;
 347         }
 348 
 349         @Override
 350         public SSLPossession createPossession(HandshakeContext context) {
 351             if (possessionGenerator != null) {
 352                 return possessionGenerator.createPossession(context);
 353             }
 354 
 355             return null;


 548                 supportedKeyShares = new HashMap<>();
 549 
 550         static {
 551             for (NamedGroup namedGroup :
 552                     SupportedGroups.supportedNamedGroups) {
 553                 supportedKeyShares.put(
 554                         namedGroup, new T13KeyAgreement(namedGroup));
 555             }
 556         }
 557 
 558         private T13KeyAgreement(NamedGroup namedGroup) {
 559             this.namedGroup = namedGroup;
 560         }
 561 
 562         static T13KeyAgreement valueOf(NamedGroup namedGroup) {
 563             return supportedKeyShares.get(namedGroup);
 564         }
 565 
 566         @Override
 567         public SSLPossession createPossession(HandshakeContext hc) {
 568             return namedGroup.createPossession(hc.sslContext.getSecureRandom());








 569         }
 570 
 571         @Override
 572         public SSLKeyDerivation createKeyDerivation(
 573                 HandshakeContext hc) throws IOException {
 574             return namedGroup.createKeyDerivation(hc);






 575         }
 576     }
 577 }
   1 /*
   2  * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.ssl;
  27 
  28 import java.io.IOException;
  29 import java.util.AbstractMap.SimpleImmutableEntry;
  30 import java.util.Arrays;
  31 import java.util.HashMap;
  32 import java.util.Map;
  33 import sun.security.ssl.DHKeyExchange.DHEPossession;
  34 import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
  35 import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
  36 import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
  37 import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
  38 import sun.security.ssl.X509Authentication.X509Possession;
  39 
  40 final class SSLKeyExchange implements SSLKeyAgreementGenerator,
  41         SSLHandshakeBinding {
  42     private final SSLAuthentication authentication;
  43     private final SSLKeyAgreement keyAgreement;
  44 
  45     SSLKeyExchange(X509Authentication authentication,
  46             SSLKeyAgreement keyAgreement) {
  47         this.authentication = authentication;
  48         this.keyAgreement = keyAgreement;
  49     }
  50 
  51     SSLPossession[] createPossessions(HandshakeContext context) {
  52         // authentication
  53         SSLPossession authPossession = null;
  54         if (authentication != null) {
  55             authPossession = authentication.createPossession(context);
  56             if (authPossession == null) {


 226                 return SSLKeyExECDHRSA.KE;
 227             case K_ECDHE_ECDSA:
 228                 return SSLKeyExECDHEECDSA.KE;
 229             case K_ECDHE_RSA:
 230                 if (protocolVersion.useTLS12PlusSpec()) {   // (D)TLS 1.2
 231                     return SSLKeyExECDHERSAOrPSS.KE;
 232                 } else {    // SSL 3.0, TLS 1.0/1.1
 233                     return SSLKeyExECDHERSA.KE;
 234                 }
 235             case K_ECDH_ANON:
 236                 return SSLKeyExECDHANON.KE;
 237         }
 238 
 239         return null;
 240     }
 241 
 242     // TLS 1.3
 243     static SSLKeyExchange valueOf(NamedGroup namedGroup) {
 244         SSLKeyAgreement ka = T13KeyAgreement.valueOf(namedGroup);
 245         if (ka != null) {
 246             return new SSLKeyExchange(
 247                 null, T13KeyAgreement.valueOf(namedGroup));
 248         }
 249 
 250         return null;
 251     }
 252 
 253     private static class SSLKeyExRSA {
 254         private static SSLKeyExchange KE = new SSLKeyExchange(
 255                 X509Authentication.RSA, T12KeyAgreement.RSA);
 256     }
 257 
 258     private static class SSLKeyExRSAExport {
 259         private static SSLKeyExchange KE = new SSLKeyExchange(
 260                 X509Authentication.RSA, T12KeyAgreement.RSA_EXPORT);
 261     }
 262 
 263     private static class SSLKeyExDHEDSS {
 264         private static SSLKeyExchange KE = new SSLKeyExchange(
 265                 X509Authentication.DSA, T12KeyAgreement.DHE);
 266     }
 267 


 320                 X509Authentication.RSA_OR_PSS, T12KeyAgreement.ECDHE);
 321     }
 322 
 323     private static class SSLKeyExECDHANON {
 324         private static SSLKeyExchange KE = new SSLKeyExchange(
 325                 null, T12KeyAgreement.ECDHE);
 326     }
 327 
 328     private enum T12KeyAgreement implements SSLKeyAgreement {
 329         RSA             ("rsa",         null,
 330                                         RSAKeyExchange.kaGenerator),
 331         RSA_EXPORT      ("rsa_export",  RSAKeyExchange.poGenerator,
 332                                         RSAKeyExchange.kaGenerator),
 333         DHE             ("dhe",         DHKeyExchange.poGenerator,
 334                                         DHKeyExchange.kaGenerator),
 335         DHE_EXPORT      ("dhe_export",  DHKeyExchange.poExportableGenerator,
 336                                         DHKeyExchange.kaGenerator),
 337         ECDH            ("ecdh",        null,
 338                                         ECDHKeyExchange.ecdhKAGenerator),
 339         ECDHE           ("ecdhe",       ECDHKeyExchange.poGenerator,
 340                                         ECDHKeyExchange.ecdheKAGenerator);
 341 
 342         final String name;
 343         final SSLPossessionGenerator possessionGenerator;
 344         final SSLKeyAgreementGenerator keyAgreementGenerator;
 345 
 346         T12KeyAgreement(String name,
 347                 SSLPossessionGenerator possessionGenerator,
 348                 SSLKeyAgreementGenerator keyAgreementGenerator) {
 349             this.name = name;
 350             this.possessionGenerator = possessionGenerator;
 351             this.keyAgreementGenerator = keyAgreementGenerator;
 352         }
 353 
 354         @Override
 355         public SSLPossession createPossession(HandshakeContext context) {
 356             if (possessionGenerator != null) {
 357                 return possessionGenerator.createPossession(context);
 358             }
 359 
 360             return null;


 553                 supportedKeyShares = new HashMap<>();
 554 
 555         static {
 556             for (NamedGroup namedGroup :
 557                     SupportedGroups.supportedNamedGroups) {
 558                 supportedKeyShares.put(
 559                         namedGroup, new T13KeyAgreement(namedGroup));
 560             }
 561         }
 562 
 563         private T13KeyAgreement(NamedGroup namedGroup) {
 564             this.namedGroup = namedGroup;
 565         }
 566 
 567         static T13KeyAgreement valueOf(NamedGroup namedGroup) {
 568             return supportedKeyShares.get(namedGroup);
 569         }
 570 
 571         @Override
 572         public SSLPossession createPossession(HandshakeContext hc) {
 573             if (namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) {
 574                 return new ECDHEPossession(
 575                         namedGroup, hc.sslContext.getSecureRandom());
 576             } else if (namedGroup.type == NamedGroupType.NAMED_GROUP_FFDHE) {
 577                 return new DHEPossession(
 578                         namedGroup, hc.sslContext.getSecureRandom());
 579             }
 580 
 581             return null;
 582         }
 583 
 584         @Override
 585         public SSLKeyDerivation createKeyDerivation(
 586                 HandshakeContext hc) throws IOException {
 587             if (namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) {
 588                 return ECDHKeyExchange.ecdheKAGenerator.createKeyDerivation(hc);
 589             } else if (namedGroup.type == NamedGroupType.NAMED_GROUP_FFDHE) {
 590                 return DHKeyExchange.kaGenerator.createKeyDerivation(hc);
 591             }
 592 
 593             return null;
 594         }
 595     }
 596 }
< prev index next >