changeset 58677:f229508da5ed

8215711: Missing key_share extension for (EC)DHE key exchange should alert missing_extension Reviewed-by: ascarpino
author xuelei
date Sun, 05 Apr 2020 20:17:08 -0700
parents a7e42c260029
children eb4d8e75a148
files src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java src/java.base/share/classes/sun/security/ssl/SSLExtension.java src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java
diffstat 4 files changed, 103 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java	Sat Apr 04 09:24:23 2020 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java	Sun Apr 05 20:17:08 2020 -0700
@@ -51,6 +51,8 @@
             new CHKeyShareProducer();
     static final ExtensionConsumer chOnLoadConsumer =
             new CHKeyShareConsumer();
+    static final HandshakeAbsence chOnTradAbsence =
+            new CHKeyShareOnTradeAbsence();
     static final SSLStringizer chStringizer =
             new CHKeyShareStringizer();
 
@@ -373,6 +375,36 @@
     }
 
     /**
+     * The absence processing if the extension is not present in
+     * a ClientHello handshake message.
+     */
+    private static final class CHKeyShareOnTradeAbsence
+            implements HandshakeAbsence {
+        @Override
+        public void absent(ConnectionContext context,
+                HandshakeMessage message) throws IOException {
+            // The producing happens in server side only.
+            ServerHandshakeContext shc = (ServerHandshakeContext)context;
+
+            // A client is considered to be attempting to negotiate using this
+            // specification if the ClientHello contains a "supported_versions"
+            // extension with 0x0304 contained in its body.  Such a ClientHello
+            // message MUST meet the following requirements:
+            //    -  If containing a "supported_groups" extension, it MUST also
+            //       contain a "key_share" extension, and vice versa.  An empty
+            //       KeyShare.client_shares vector is permitted.
+            if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
+                    shc.handshakeExtensions.containsKey(
+                            SSLExtension.CH_SUPPORTED_GROUPS)) {
+                throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
+                        "No key_share extension to work with " +
+                        "the supported_groups extension");
+            }
+        }
+    }
+
+
+    /**
      * The key share entry used in ServerHello "key_share" extensions.
      */
     static final class SHKeyShareSpec implements SSLExtensionSpec {
--- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java	Sat Apr 04 09:24:23 2020 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java	Sun Apr 05 20:17:08 2020 -0700
@@ -56,9 +56,11 @@
     static final ExtensionConsumer chOnLoadConsumer =
             new CHPreSharedKeyConsumer();
     static final HandshakeAbsence chOnLoadAbsence =
-            new CHPreSharedKeyAbsence();
+            new CHPreSharedKeyOnLoadAbsence();
     static final HandshakeConsumer chOnTradeConsumer =
             new CHPreSharedKeyUpdate();
+    static final HandshakeAbsence chOnTradAbsence =
+            new CHPreSharedKeyOnTradeAbsence();
     static final SSLStringizer chStringizer =
             new CHPreSharedKeyStringizer();
 
@@ -822,7 +824,7 @@
     }
 
     private static final
-            class CHPreSharedKeyAbsence implements HandshakeAbsence {
+            class CHPreSharedKeyOnLoadAbsence implements HandshakeAbsence {
         @Override
         public void absent(ConnectionContext context,
                            HandshakeMessage message) throws IOException {
@@ -840,6 +842,37 @@
         }
     }
 
+    /**
+     * The absence processing if the extension is not present in
+     * a ClientHello handshake message.
+     */
+    private static final class CHPreSharedKeyOnTradeAbsence
+            implements HandshakeAbsence {
+        @Override
+        public void absent(ConnectionContext context,
+                HandshakeMessage message) throws IOException {
+            // The producing happens in server side only.
+            ServerHandshakeContext shc = (ServerHandshakeContext)context;
+
+            // A client is considered to be attempting to negotiate using this
+            // specification if the ClientHello contains a "supported_versions"
+            // extension with 0x0304 contained in its body.  Such a ClientHello
+            // message MUST meet the following requirements:
+            //   -  If not containing a "pre_shared_key" extension, it MUST
+            //      contain both a "signature_algorithms" extension and a
+            //      "supported_groups" extension.
+            if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
+                    (!shc.handshakeExtensions.containsKey(
+                            SSLExtension.CH_SIGNATURE_ALGORITHMS) ||
+                     !shc.handshakeExtensions.containsKey(
+                            SSLExtension.CH_SUPPORTED_GROUPS))) {
+                throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
+                    "No supported_groups or signature_algorithms extension " +
+                    "when pre_shared_key extension is not present");
+            }
+        }
+    }
+
     private static final
             class SHPreSharedKeyConsumer implements ExtensionConsumer {
         // Prevent instantiation of this class.
--- a/src/java.base/share/classes/sun/security/ssl/SSLExtension.java	Sat Apr 04 09:24:23 2020 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLExtension.java	Sun Apr 05 20:17:08 2020 -0700
@@ -142,7 +142,7 @@
                                 SupportedGroupsExtension.chOnLoadConsumer,
                                 null,
                                 null,
-                                null,
+                                SupportedGroupsExtension.chOnTradAbsence,
                                 SupportedGroupsExtension.sgsStringizer),
     EE_SUPPORTED_GROUPS     (0x000A, "supported_groups",
                                 SSLHandshake.ENCRYPTED_EXTENSIONS,
@@ -416,7 +416,9 @@
                                 ProtocolVersion.PROTOCOLS_OF_13,
                                 KeyShareExtension.chNetworkProducer,
                                 KeyShareExtension.chOnLoadConsumer,
-                                null, null, null,
+                                null,
+                                null,
+                                KeyShareExtension.chOnTradAbsence,
                                 KeyShareExtension.chStringizer),
     SH_KEY_SHARE            (0x0033, "key_share",
                                 SSLHandshake.SERVER_HELLO,
@@ -469,7 +471,7 @@
                                 PreSharedKeyExtension.chOnLoadConsumer,
                                 PreSharedKeyExtension.chOnLoadAbsence,
                                 PreSharedKeyExtension.chOnTradeConsumer,
-                                null,
+                                PreSharedKeyExtension.chOnTradAbsence,
                                 PreSharedKeyExtension.chStringizer),
     SH_PRE_SHARED_KEY       (0x0029, "pre_shared_key",
                                 SSLHandshake.SERVER_HELLO,
--- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java	Sat Apr 04 09:24:23 2020 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java	Sun Apr 05 20:17:08 2020 -0700
@@ -52,6 +52,8 @@
             new CHSupportedGroupsProducer();
     static final ExtensionConsumer chOnLoadConsumer =
             new CHSupportedGroupsConsumer();
+    static final HandshakeAbsence chOnTradAbsence =
+            new CHSupportedGroupsOnTradeAbsence();
     static final SSLStringizer sgsStringizer =
             new SupportedGroupsStringizer();
 
@@ -437,6 +439,35 @@
     }
 
     /**
+     * The absence processing if the extension is not present in
+     * a ClientHello handshake message.
+     */
+    private static final class CHSupportedGroupsOnTradeAbsence
+            implements HandshakeAbsence {
+        @Override
+        public void absent(ConnectionContext context,
+                HandshakeMessage message) throws IOException {
+            // The producing happens in server side only.
+            ServerHandshakeContext shc = (ServerHandshakeContext)context;
+
+            // A client is considered to be attempting to negotiate using this
+            // specification if the ClientHello contains a "supported_versions"
+            // extension with 0x0304 contained in its body.  Such a ClientHello
+            // message MUST meet the following requirements:
+            //    -  If containing a "supported_groups" extension, it MUST also
+            //       contain a "key_share" extension, and vice versa.  An empty
+            //       KeyShare.client_shares vector is permitted.
+            if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
+                    shc.handshakeExtensions.containsKey(
+                            SSLExtension.CH_KEY_SHARE)) {
+                throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
+                        "No supported_groups extension to work with " +
+                        "the key_share extension");
+            }
+        }
+    }
+
+    /**
      * Network data producer of a "supported_groups" extension in
      * the EncryptedExtensions handshake message.
      */