OpenJDK / jdk / jdk
changeset 58677:f229508da5ed
8215711: Missing key_share extension for (EC)DHE key exchange should alert missing_extension
Reviewed-by: ascarpino
| author | xuelei |
|---|---|
| date | Sun, 05 Apr 2020 20:17:08 -0700 |
| parents | a7e42c260029 |
| children | eb4d8e75a148 |
| files | src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java src/java.base/share/classes/sun/security/ssl/SSLExtension.java src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java |
| diffstat | 4 files changed, 103 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java Sat Apr 04 09:24:23 2020 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java Sun Apr 05 20:17:08 2020 -0700 @@ -51,6 +51,8 @@ new CHKeyShareProducer(); static final ExtensionConsumer chOnLoadConsumer = new CHKeyShareConsumer(); + static final HandshakeAbsence chOnTradAbsence = + new CHKeyShareOnTradeAbsence(); static final SSLStringizer chStringizer = new CHKeyShareStringizer(); @@ -373,6 +375,36 @@ } /** + * The absence processing if the extension is not present in + * a ClientHello handshake message. + */ + private static final class CHKeyShareOnTradeAbsence + implements HandshakeAbsence { + @Override + public void absent(ConnectionContext context, + HandshakeMessage message) throws IOException { + // The producing happens in server side only. + ServerHandshakeContext shc = (ServerHandshakeContext)context; + + // A client is considered to be attempting to negotiate using this + // specification if the ClientHello contains a "supported_versions" + // extension with 0x0304 contained in its body. Such a ClientHello + // message MUST meet the following requirements: + // - If containing a "supported_groups" extension, it MUST also + // contain a "key_share" extension, and vice versa. An empty + // KeyShare.client_shares vector is permitted. + if (shc.negotiatedProtocol.useTLS13PlusSpec() && + shc.handshakeExtensions.containsKey( + SSLExtension.CH_SUPPORTED_GROUPS)) { + throw shc.conContext.fatal(Alert.MISSING_EXTENSION, + "No key_share extension to work with " + + "the supported_groups extension"); + } + } + } + + + /** * The key share entry used in ServerHello "key_share" extensions. */ static final class SHKeyShareSpec implements SSLExtensionSpec {
--- a/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java Sat Apr 04 09:24:23 2020 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/PreSharedKeyExtension.java Sun Apr 05 20:17:08 2020 -0700 @@ -56,9 +56,11 @@ static final ExtensionConsumer chOnLoadConsumer = new CHPreSharedKeyConsumer(); static final HandshakeAbsence chOnLoadAbsence = - new CHPreSharedKeyAbsence(); + new CHPreSharedKeyOnLoadAbsence(); static final HandshakeConsumer chOnTradeConsumer = new CHPreSharedKeyUpdate(); + static final HandshakeAbsence chOnTradAbsence = + new CHPreSharedKeyOnTradeAbsence(); static final SSLStringizer chStringizer = new CHPreSharedKeyStringizer(); @@ -822,7 +824,7 @@ } private static final - class CHPreSharedKeyAbsence implements HandshakeAbsence { + class CHPreSharedKeyOnLoadAbsence implements HandshakeAbsence { @Override public void absent(ConnectionContext context, HandshakeMessage message) throws IOException { @@ -840,6 +842,37 @@ } } + /** + * The absence processing if the extension is not present in + * a ClientHello handshake message. + */ + private static final class CHPreSharedKeyOnTradeAbsence + implements HandshakeAbsence { + @Override + public void absent(ConnectionContext context, + HandshakeMessage message) throws IOException { + // The producing happens in server side only. + ServerHandshakeContext shc = (ServerHandshakeContext)context; + + // A client is considered to be attempting to negotiate using this + // specification if the ClientHello contains a "supported_versions" + // extension with 0x0304 contained in its body. Such a ClientHello + // message MUST meet the following requirements: + // - If not containing a "pre_shared_key" extension, it MUST + // contain both a "signature_algorithms" extension and a + // "supported_groups" extension. + if (shc.negotiatedProtocol.useTLS13PlusSpec() && + (!shc.handshakeExtensions.containsKey( + SSLExtension.CH_SIGNATURE_ALGORITHMS) || + !shc.handshakeExtensions.containsKey( + SSLExtension.CH_SUPPORTED_GROUPS))) { + throw shc.conContext.fatal(Alert.MISSING_EXTENSION, + "No supported_groups or signature_algorithms extension " + + "when pre_shared_key extension is not present"); + } + } + } + private static final class SHPreSharedKeyConsumer implements ExtensionConsumer { // Prevent instantiation of this class.
--- a/src/java.base/share/classes/sun/security/ssl/SSLExtension.java Sat Apr 04 09:24:23 2020 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLExtension.java Sun Apr 05 20:17:08 2020 -0700 @@ -142,7 +142,7 @@ SupportedGroupsExtension.chOnLoadConsumer, null, null, - null, + SupportedGroupsExtension.chOnTradAbsence, SupportedGroupsExtension.sgsStringizer), EE_SUPPORTED_GROUPS (0x000A, "supported_groups", SSLHandshake.ENCRYPTED_EXTENSIONS, @@ -416,7 +416,9 @@ ProtocolVersion.PROTOCOLS_OF_13, KeyShareExtension.chNetworkProducer, KeyShareExtension.chOnLoadConsumer, - null, null, null, + null, + null, + KeyShareExtension.chOnTradAbsence, KeyShareExtension.chStringizer), SH_KEY_SHARE (0x0033, "key_share", SSLHandshake.SERVER_HELLO, @@ -469,7 +471,7 @@ PreSharedKeyExtension.chOnLoadConsumer, PreSharedKeyExtension.chOnLoadAbsence, PreSharedKeyExtension.chOnTradeConsumer, - null, + PreSharedKeyExtension.chOnTradAbsence, PreSharedKeyExtension.chStringizer), SH_PRE_SHARED_KEY (0x0029, "pre_shared_key", SSLHandshake.SERVER_HELLO,
--- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Sat Apr 04 09:24:23 2020 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Sun Apr 05 20:17:08 2020 -0700 @@ -52,6 +52,8 @@ new CHSupportedGroupsProducer(); static final ExtensionConsumer chOnLoadConsumer = new CHSupportedGroupsConsumer(); + static final HandshakeAbsence chOnTradAbsence = + new CHSupportedGroupsOnTradeAbsence(); static final SSLStringizer sgsStringizer = new SupportedGroupsStringizer(); @@ -437,6 +439,35 @@ } /** + * The absence processing if the extension is not present in + * a ClientHello handshake message. + */ + private static final class CHSupportedGroupsOnTradeAbsence + implements HandshakeAbsence { + @Override + public void absent(ConnectionContext context, + HandshakeMessage message) throws IOException { + // The producing happens in server side only. + ServerHandshakeContext shc = (ServerHandshakeContext)context; + + // A client is considered to be attempting to negotiate using this + // specification if the ClientHello contains a "supported_versions" + // extension with 0x0304 contained in its body. Such a ClientHello + // message MUST meet the following requirements: + // - If containing a "supported_groups" extension, it MUST also + // contain a "key_share" extension, and vice versa. An empty + // KeyShare.client_shares vector is permitted. + if (shc.negotiatedProtocol.useTLS13PlusSpec() && + shc.handshakeExtensions.containsKey( + SSLExtension.CH_KEY_SHARE)) { + throw shc.conContext.fatal(Alert.MISSING_EXTENSION, + "No supported_groups extension to work with " + + "the key_share extension"); + } + } + } + + /** * Network data producer of a "supported_groups" extension in * the EncryptedExtensions handshake message. */