net.luminis.tls.engine.impl.TranscriptHash Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of agent15 Show documentation
Show all versions of agent15 Show documentation
A (partial) TLS 1.3 implementation in Java, suitable and intended for use in a QUIC implementation.
/*
* Copyright © 2020, 2021, 2022, 2023, 2024 Peter Doornbosch
*
* This file is part of Agent15, an implementation of TLS 1.3 in Java.
*
* Agent15 is free software: you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the
* Free Software Foundation, either version 3 of the License, or (at your option)
* any later version.
*
* Agent15 is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for
* more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this program. If not, see msgData = new ConcurrentHashMap<>();
private Map hashes = new ConcurrentHashMap<>();
public TranscriptHash(int hashLength) {
// https://tools.ietf.org/html/rfc8446#section-7.1
// "The Hash function used by Transcript-Hash and HKDF is the cipher suite hash algorithm."
String hashAlgorithm = "SHA-" + (hashLength * 8);
try {
hashFunction = MessageDigest.getInstance(hashAlgorithm);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Missing " + hashAlgorithm + " support");
}
}
/**
* Return the transcript hash for the messages in the handshake up to and including the indicated message type.
* @param msgType
* @return
*/
public byte[] getHash(TlsConstants.HandshakeType msgType) {
return getHash(convert(msgType));
}
/**
* Return the transcript hash for the messages in the handshake up to and including the indicated client message type.
* For example, when the msgType parameter has value certificate, the transcript hash for
* the concatenation of handshake messages up to (and including) the client certificate message is returned.
* @param msgType
* @return
*/
public byte[] getClientHash(TlsConstants.HandshakeType msgType) {
return getHash(convert(msgType, true));
}
/**
* Return the transcript hash for the messages in the handshake up to and including the indicated server message type.
* For example, when the msgType parameter has value certificate, the transcript hash for
* the concatenation of handshake messages up to (and including) the server certificate message is returned.
* @param msgType
* @return
*/
public byte[] getServerHash(TlsConstants.HandshakeType msgType) {
return getHash(convert(msgType, false));
}
/**
* Record a handshake message for computing the transcript hash. The type of the message determines its position
* in the transcript hash computation.
* @param msg
*/
public void record(HandshakeMessage msg) {
List ambigousTypes = List.of(TlsConstants.HandshakeType.certificate,
TlsConstants.HandshakeType.certificate_verify, TlsConstants.HandshakeType.finished);
if (ambigousTypes.contains(msg.getType())) {
throw new IllegalArgumentException();
}
msgData.put(convert(msg.getType()), msg.getBytes());
}
/**
* Record a client handshake message for computing the transcript hash. This method is needed because the
* TlsConstants.HandshakeType type does not differentiate between client and server variants, whilst
* these variants have a different position in the transcript hash computation.
* Note that the term "client" here refers to the message type, not whether it is sent or received by a client.
* For example, a client certificate message is sent by the client and received by the server; both need to use
* this method to record the message.
* @param msg
*/
public void recordClient(HandshakeMessage msg) {
msgData.put(convert(msg.getType(), true), msg.getBytes());
}
/**
* Record a server handshake message for computing the transcript hash. This method is needed because the
* TlsConstants.HandshakeType type does not differentiate between client and server variants, whilst
* these variants have a different position in the transcript hash computation.
* Note that the term "server" here refers to the message type, not whether it is sent or received by a server.
* For example, a server certificate message is sent by the server and received by the client; both need to use
* this method to record the message.
* @param msg
*/
public void recordServer(HandshakeMessage msg) {
msgData.put(convert(msg.getType(), false), msg.getBytes());
}
private byte[] getHash(ExtendedHandshakeType type) {
if (! hashes.containsKey(type)) {
computeHash(type);
}
return hashes.get(type);
}
private void computeHash(ExtendedHandshakeType requestedType) {
for (ExtendedHandshakeType type: hashedMessages) {
if (msgData.containsKey(type)) {
hashFunction.update(msgData.get(type));
}
if (type == requestedType) {
break;
}
}
hashes.put(requestedType, hashFunction.digest());
}
private ExtendedHandshakeType convert(TlsConstants.HandshakeType type) {
List ambigousTypes = List.of(TlsConstants.HandshakeType.certificate,
TlsConstants.HandshakeType.certificate_verify, TlsConstants.HandshakeType.finished);
if (ambigousTypes.contains(type)) {
throw new IllegalArgumentException("cannot convert ambiguous type " + type);
}
return ExtendedHandshakeType.values()[type.ordinal()];
}
private ExtendedHandshakeType convert(TlsConstants.HandshakeType type, boolean client) {
if (type == TlsConstants.HandshakeType.finished) {
return client? ExtendedHandshakeType.client_finished: ExtendedHandshakeType.server_finished;
}
else if (type == TlsConstants.HandshakeType.certificate) {
return client? ExtendedHandshakeType.client_certificate: ExtendedHandshakeType.server_certificate;
}
else if (type == TlsConstants.HandshakeType.certificate_verify) {
return client? ExtendedHandshakeType.client_certificate_verify: ExtendedHandshakeType.server_certificate_verify;
}
return ExtendedHandshakeType.values()[type.ordinal()];
}
}