BCJSSE: Configurable (client) early key_share groups

- via BCSSLParameters.earlyNamedGroups property
- via "org.bouncycastle.jsse.client.earlyNamedGroups" system property
- see #2095

Author: peterdettman

tls/src/main/java/org/bouncycastle/jsse/BCSSLParameters.java

@@ -44,6 +44,7 @@ private static <T> List<T> copyList(Collection<T> list)
     private String[] signatureSchemes = null;
     private String[] signatureSchemesCert = null;
     private String[] namedGroups = null;
+    private String[] earlyNamedGroups = null;
 
     public BCSSLParameters()
     {
@@ -326,4 +327,34 @@ public void setNamedGroups(String[] namedGroups)
 
         this.namedGroups = check;
     }
+
+    public String[] getEarlyNamedGroups()
+    {
+        return TlsUtils.clone(earlyNamedGroups);
+    }
+
+    public void setEarlyNamedGroups(String[] earlyNamedGroups)
+    {
+        String[] check = null;
+
+        if (earlyNamedGroups != null)
+        {
+            check = TlsUtils.clone(earlyNamedGroups);
+            HashSet<String> seenEntries = new HashSet<String>();
+            for (String entry : check)
+            {
+                if (TlsUtils.isNullOrEmpty(entry))
+                {
+                    throw new IllegalArgumentException("'earlyNamedGroups' entries cannot be null or empty strings");
+                }
+
+                if (!seenEntries.add(entry))
+                {
+                    throw new IllegalArgumentException("'earlyNamedGroups' contains duplicate entry: " + entry);
+                }
+            }
+        }
+
+        this.earlyNamedGroups = check;
+    }
 }

tls/src/main/java/org/bouncycastle/jsse/provider/NamedGroupInfo.java

@@ -29,6 +29,8 @@ class NamedGroupInfo
 
     private static final String PROPERTY_NAMED_GROUPS = "jdk.tls.namedGroups";
 
+    private static final String PROPERTY_BC_EARLY_NAMED_GROUPS = "org.bouncycastle.jsse.client.earlyNamedGroups";
+
     // NOTE: Not all of these are necessarily enabled/supported; it will be checked at runtime
     private enum All
     {
@@ -162,21 +164,28 @@ private All(int namedGroup, String jcaAlgorithm1, String jcaAlgorithm2)
     static class PerConnection
     {
         private final Map<Integer, NamedGroupInfo> local;
+        private final Vector localEarly;
         private final boolean localECDSA;
         private final AtomicReference<List<NamedGroupInfo>> peer;
 
-        PerConnection(Map<Integer, NamedGroupInfo> local, boolean localECDSA)
+        PerConnection(Map<Integer, NamedGroupInfo> local, Vector localEarly, boolean localECDSA)
         {
             if (local == null)
             {
                 throw new NullPointerException("local");
             }
 
             this.local = local;
+            this.localEarly = localEarly;
             this.localECDSA = localECDSA;
             this.peer = new AtomicReference<List<NamedGroupInfo>>();
         }
 
+        Vector getLocalEarly()
+        {
+            return localEarly;
+        }
+
         List<NamedGroupInfo> getPeer()
         {
             return peer.get();
@@ -195,11 +204,13 @@ static class PerContext
     {
         private final Map<Integer, NamedGroupInfo> index;
         private final int[] candidates;
+        private final int[] earlyCandidates;
 
-        PerContext(Map<Integer, NamedGroupInfo> index, int[] candidates)
+        PerContext(Map<Integer, NamedGroupInfo> index, int[] candidates, int[] earlyCandidates)
         {
             this.index = index;
             this.candidates = candidates;
+            this.earlyCandidates = earlyCandidates;
         }
     }
 
@@ -276,15 +287,52 @@ private static PerConnection createPerConnection(PerContext perContext, ProvSSLP
 
         boolean localECDSA = hasAnyECDSA(local);
 
-        return new PerConnection(local, localECDSA);
+        Vector localEarly = null;
+        {
+            String[] earlyNamedGroups = sslParameters.getEarlyNamedGroups();
+
+            int[] earlyCandidates;
+            if (earlyNamedGroups == null)
+            {
+                earlyCandidates = perContext.earlyCandidates;
+            }
+            else
+            {
+                earlyCandidates = createEarlyCandidates(perContext.index, earlyNamedGroups,
+                    "BCSSLParameters.earlyNamedGroups");
+            }
+
+            if (earlyCandidates != null)
+            {
+                int earlyCount = earlyCandidates.length;
+                localEarly = new Vector(earlyCount);
+                for (int i = 0; i < earlyCount; ++i)
+                {
+                    Integer earlyCandidate = Integers.valueOf(earlyCandidates[i]);
+
+                    NamedGroupInfo earlyNamedGroupInfo = local.get(earlyCandidate);
+                    if (earlyNamedGroupInfo == null || !earlyNamedGroupInfo.isEnabled())
+                    {
+                        LOG.warning("Candidate early named group not an enabled named group: "
+                            + NamedGroup.getName(earlyCandidates[i]));
+                        continue;
+                    }
+
+                    localEarly.add(earlyCandidate);
+                }
+            }
+        }
+
+        return new PerConnection(local, localEarly, localECDSA);
     }
 
     static PerContext createPerContext(boolean isFipsContext, JcaTlsCrypto crypto)
     {
         Map<Integer, NamedGroupInfo> index = createIndex(isFipsContext, crypto);
         int[] candidates = createCandidatesFromProperty(index, PROPERTY_NAMED_GROUPS);
+        int[] earlyCandidates = createEarlyCandidatesFromProperty(index, PROPERTY_BC_EARLY_NAMED_GROUPS);
 
-        return new PerContext(index, candidates);
+        return new PerContext(index, candidates, earlyCandidates);
     }
 
     static DefaultedResult getMaximumBitsServerECDH(PerConnection perConnection)
@@ -537,7 +585,7 @@ private static int[] createCandidates(Map<Integer, NamedGroupInfo> index, String
                 continue;
             }
 
-            NamedGroupInfo namedGroupInfo = index.get(namedGroup);
+            NamedGroupInfo namedGroupInfo = index.get(Integers.valueOf(namedGroup));
             if (null == namedGroupInfo)
             {
                 LOG.warning("'" + description + "' contains unsupported NamedGroup: " + name);
@@ -563,6 +611,52 @@ private static int[] createCandidates(Map<Integer, NamedGroupInfo> index, String
         return result;
     }
 
+    private static int[] createEarlyCandidatesFromProperty(Map<Integer, NamedGroupInfo> index, String propertyName)
+    {
+        String[] names = PropertyUtils.getStringArraySystemProperty(propertyName);
+        if (null == names)
+        {
+            return null;
+        }
+
+        return createEarlyCandidates(index, names, propertyName);
+    }
+
+    private static int[] createEarlyCandidates(Map<Integer, NamedGroupInfo> index, String[] names, String description)
+    {
+        int[] result = new int[names.length];
+        int count = 0;
+        for (String name : names)
+        {
+            int namedGroup = getNamedGroupByName(name);
+            if (namedGroup < 0)
+            {
+                LOG.warning("'" + description + "' contains unrecognised NamedGroup: " + name);
+                continue;
+            }
+
+            NamedGroupInfo namedGroupInfo = index.get(Integers.valueOf(namedGroup));
+            if (null == namedGroupInfo)
+            {
+                LOG.warning("'" + description + "' contains unsupported NamedGroup: " + name);
+                continue;
+            }
+
+            if (!namedGroupInfo.isEnabled())
+            {
+                LOG.warning("'" + description + "' contains disabled NamedGroup: " + name);
+                continue;
+            }
+
+            result[count++] = namedGroup;
+        }
+        if (count < result.length)
+        {
+            result = Arrays.copyOf(result, count);
+        }
+        return result;
+    }
+
     private static Map<Integer, NamedGroupInfo> createIndex(boolean isFipsContext, JcaTlsCrypto crypto)
     {
         Map<Integer, NamedGroupInfo> ng = new TreeMap<Integer, NamedGroupInfo>();
@@ -618,7 +712,7 @@ private static List<NamedGroupInfo> getNamedGroupInfos(Map<Integer, NamedGroupIn
         {
             int namedGroup = namedGroups[i];
 
-            NamedGroupInfo namedGroupInfo = namedGroupInfos.get(namedGroup);
+            NamedGroupInfo namedGroupInfo = namedGroupInfos.get(Integers.valueOf(namedGroup));
             if (null != namedGroupInfo)
             {
                 result.add(namedGroupInfo);

tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLParameters.java

@@ -47,6 +47,7 @@ private static <T> List<T> copyList(Collection<T> list)
     private String[] signatureSchemes = null;
     private String[] signatureSchemesCert = null;
     private String[] namedGroups = null;
+    private String[] earlyNamedGroups = null;
 
     private BCApplicationProtocolSelector<SSLEngine> engineAPSelector;
     private BCApplicationProtocolSelector<SSLSocket> socketAPSelector;
@@ -77,6 +78,7 @@ ProvSSLParameters copy()
         p.signatureSchemes = signatureSchemes;
         p.signatureSchemesCert = signatureSchemesCert;
         p.namedGroups = namedGroups;
+        p.earlyNamedGroups = earlyNamedGroups;
         p.engineAPSelector = engineAPSelector;
         p.socketAPSelector = socketAPSelector;
         p.sessionToResume = sessionToResume;
@@ -291,6 +293,16 @@ public void setNamedGroups(String[] namedGroups)
         this.namedGroups = TlsUtils.clone(namedGroups);
     }
 
+    public String[] getEarlyNamedGroups()
+    {
+        return TlsUtils.clone(earlyNamedGroups);
+    }
+
+    public void setEarlyNamedGroups(String[] earlyNamedGroups)
+    {
+        this.earlyNamedGroups = TlsUtils.clone(earlyNamedGroups);
+    }
+
     public BCApplicationProtocolSelector<SSLEngine> getEngineAPSelector()
     {
         return engineAPSelector;

tls/src/main/java/org/bouncycastle/jsse/provider/ProvTlsClient.java

@@ -393,6 +393,18 @@ public JcaTlsCrypto getCrypto()
         return manager.getContextData().getCrypto();
     }
 
+    @Override
+    public Vector getEarlyKeyShareGroups()
+    {
+        Vector jsse = jsseSecurityParameters.namedGroups.getLocalEarly();
+        if (jsse != null)
+        {
+            return jsse;
+        }
+
+        return super.getEarlyKeyShareGroups();
+    }
+
     @Override
     public int getMaxCertificateChainLength()
     {

tls/src/main/jdk1.5/org/bouncycastle/jsse/provider/SSLParametersUtil.java

@@ -86,6 +86,7 @@ static BCSSLParameters getParameters(ProvSSLParameters prov)
         ssl.setSignatureSchemes(prov.getSignatureSchemes());
         ssl.setSignatureSchemesCert(prov.getSignatureSchemesCert());
         ssl.setNamedGroups(prov.getNamedGroups());
+        ssl.setEarlyNamedGroups(prov.getEarlyNamedGroups());
 
         return ssl;
     }
@@ -181,6 +182,11 @@ static SSLParameters getSSLParameters(ProvSSLParameters prov)
 
         // Unsupported as of JDK 21
 
+//        if (null != setEarlyNamedGroups)
+//        {
+//            set(ssl, setEarlyNamedGroups, prov.getEarlyNamedGroups());
+//        }
+
 //        if (null != setUseNamedGroupsOrder)
 //        {
 //            set(ssl, setUseNamedGroupsOrder, prov.getUseNamedGroupsOrder());
@@ -292,6 +298,11 @@ static BCSSLParameters importSSLParameters(SSLParameters ssl)
 
         // Unsupported as of JDK 21
 
+//        if (null != getEarlyNamedGroups)
+//        {
+//            bc.setEarlyNamedGroups((String[])get(ssl, getEarlyNamedGroups));
+//        }
+
 //        if (null != getUseNamedGroupsOrder)
 //        {
 //            bc.setUseNamedGroupsOrder((Boolean)get(ssl, getUseNamedGroupsOrder));
@@ -371,6 +382,8 @@ static void setParameters(ProvSSLParameters prov, BCSSLParameters ssl)
 
         prov.setNamedGroups(ssl.getNamedGroups());
 
+        prov.setEarlyNamedGroups(ssl.getEarlyNamedGroups());
+
         prov.setSignatureSchemesCert(ssl.getSignatureSchemesCert());
     }
 
@@ -482,6 +495,11 @@ static void setSSLParameters(ProvSSLParameters prov, SSLParameters ssl)
 
         // Unsupported as of JDK 21
 
+//        if (null != getEarlyNamedGroups)
+//        {
+//            prov.setEarlyNamedGroups((String[])get(ssl, getEarlyNamedGroups));
+//        }
+
 //        if (null != getUseNamedGroupsOrder)
 //        {
 //            prov.setUseNamedGroupsOrder((Boolean)get(ssl, getUseNamedGroupsOrder));

tls/src/main/jdk1.9/org/bouncycastle/jsse/provider/SSLParametersUtil.java

@@ -57,6 +57,7 @@ static BCSSLParameters getParameters(ProvSSLParameters prov)
         ssl.setSignatureSchemes(prov.getSignatureSchemes());
         ssl.setSignatureSchemesCert(prov.getSignatureSchemesCert());
         ssl.setNamedGroups(prov.getNamedGroups());
+        ssl.setEarlyNamedGroups(prov.getEarlyNamedGroups());
 
         return ssl;
     }
@@ -133,6 +134,11 @@ static SSLParameters getSSLParameters(ProvSSLParameters prov)
 
         // Unsupported as of JDK 21
 
+//        if (null != setEarlyNamedGroups)
+//        {
+//            set(ssl, setEarlyNamedGroups, prov.getEarlyNamedGroups());
+//        }
+
 //        if (null != setUseNamedGroupsOrder)
 //        {
 //            set(ssl, setUseNamedGroupsOrder, prov.getUseNamedGroupsOrder());
@@ -230,6 +236,11 @@ static BCSSLParameters importSSLParameters(SSLParameters ssl)
 
         // Unsupported as of JDK 21
 
+//        if (null != getEarlyNamedGroups)
+//        {
+//            bc.setEarlyNamedGroups((String[])get(ssl, getEarlyNamedGroups));
+//        }
+
 //        if (null != getUseNamedGroupsOrder)
 //        {
 //            bc.setUseNamedGroupsOrder((Boolean)get(ssl, getUseNamedGroupsOrder));
@@ -309,6 +320,8 @@ static void setParameters(ProvSSLParameters prov, BCSSLParameters ssl)
 
         prov.setNamedGroups(ssl.getNamedGroups());
 
+        prov.setEarlyNamedGroups(ssl.getEarlyNamedGroups());
+
         prov.setSignatureSchemesCert(ssl.getSignatureSchemesCert());
     }
 
@@ -406,6 +419,11 @@ static void setSSLParameters(ProvSSLParameters prov, SSLParameters ssl)
 
         // Unsupported as of JDK 21
 
+//        if (null != getEarlyNamedGroups)
+//        {
+//            prov.setEarlyNamedGroups((String[])get(ssl, getEarlyNamedGroups));
+//        }
+
 //        if (null != getUseNamedGroupsOrder)
 //        {
 //            prov.setUseNamedGroupsOrder((Boolean)get(ssl, getUseNamedGroupsOrder));