mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-27 14:54:52 +02:00
8215711: Missing key_share extension for (EC)DHE key exchange should alert missing_extension
Reviewed-by: ascarpino
This commit is contained in:
Xue-Lei Andrew Fan
parent
a6b990f74a
commit
ed00873148
4 changed files with 103 additions and 5 deletions
|
|
@ -51,6 +51,8 @@ final class KeyShareExtension {
|
|||
new CHKeyShareProducer();
|
||||
static final ExtensionConsumer chOnLoadConsumer =
|
||||
new CHKeyShareConsumer();
|
||||
static final HandshakeAbsence chOnTradAbsence =
|
||||
new CHKeyShareOnTradeAbsence();
|
||||
static final SSLStringizer chStringizer =
|
||||
new CHKeyShareStringizer();
|
||||
|
||||
|
|
@ -372,6 +374,36 @@ final class KeyShareExtension {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The absence processing if the extension is not present in
|
||||
* a ClientHello handshake message.
|
||||
*/
|
||||
private static final class CHKeyShareOnTradeAbsence
|
||||
implements HandshakeAbsence {
|
||||
@Override
|
||||
public void absent(ConnectionContext context,
|
||||
HandshakeMessage message) throws IOException {
|
||||
// The producing happens in server side only.
|
||||
ServerHandshakeContext shc = (ServerHandshakeContext)context;
|
||||
|
||||
// A client is considered to be attempting to negotiate using this
|
||||
// specification if the ClientHello contains a "supported_versions"
|
||||
// extension with 0x0304 contained in its body. Such a ClientHello
|
||||
// message MUST meet the following requirements:
|
||||
// - If containing a "supported_groups" extension, it MUST also
|
||||
// contain a "key_share" extension, and vice versa. An empty
|
||||
// KeyShare.client_shares vector is permitted.
|
||||
if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
|
||||
shc.handshakeExtensions.containsKey(
|
||||
SSLExtension.CH_SUPPORTED_GROUPS)) {
|
||||
throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
|
||||
"No key_share extension to work with " +
|
||||
"the supported_groups extension");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* The key share entry used in ServerHello "key_share" extensions.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -56,9 +56,11 @@ final class PreSharedKeyExtension {
|
|||
static final ExtensionConsumer chOnLoadConsumer =
|
||||
new CHPreSharedKeyConsumer();
|
||||
static final HandshakeAbsence chOnLoadAbsence =
|
||||
new CHPreSharedKeyAbsence();
|
||||
new CHPreSharedKeyOnLoadAbsence();
|
||||
static final HandshakeConsumer chOnTradeConsumer =
|
||||
new CHPreSharedKeyUpdate();
|
||||
static final HandshakeAbsence chOnTradAbsence =
|
||||
new CHPreSharedKeyOnTradeAbsence();
|
||||
static final SSLStringizer chStringizer =
|
||||
new CHPreSharedKeyStringizer();
|
||||
|
||||
|
|
@ -822,7 +824,7 @@ final class PreSharedKeyExtension {
|
|||
}
|
||||
|
||||
private static final
|
||||
class CHPreSharedKeyAbsence implements HandshakeAbsence {
|
||||
class CHPreSharedKeyOnLoadAbsence implements HandshakeAbsence {
|
||||
@Override
|
||||
public void absent(ConnectionContext context,
|
||||
HandshakeMessage message) throws IOException {
|
||||
|
|
@ -840,6 +842,37 @@ final class PreSharedKeyExtension {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The absence processing if the extension is not present in
|
||||
* a ClientHello handshake message.
|
||||
*/
|
||||
private static final class CHPreSharedKeyOnTradeAbsence
|
||||
implements HandshakeAbsence {
|
||||
@Override
|
||||
public void absent(ConnectionContext context,
|
||||
HandshakeMessage message) throws IOException {
|
||||
// The producing happens in server side only.
|
||||
ServerHandshakeContext shc = (ServerHandshakeContext)context;
|
||||
|
||||
// A client is considered to be attempting to negotiate using this
|
||||
// specification if the ClientHello contains a "supported_versions"
|
||||
// extension with 0x0304 contained in its body. Such a ClientHello
|
||||
// message MUST meet the following requirements:
|
||||
// - If not containing a "pre_shared_key" extension, it MUST
|
||||
// contain both a "signature_algorithms" extension and a
|
||||
// "supported_groups" extension.
|
||||
if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
|
||||
(!shc.handshakeExtensions.containsKey(
|
||||
SSLExtension.CH_SIGNATURE_ALGORITHMS) ||
|
||||
!shc.handshakeExtensions.containsKey(
|
||||
SSLExtension.CH_SUPPORTED_GROUPS))) {
|
||||
throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
|
||||
"No supported_groups or signature_algorithms extension " +
|
||||
"when pre_shared_key extension is not present");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static final
|
||||
class SHPreSharedKeyConsumer implements ExtensionConsumer {
|
||||
// Prevent instantiation of this class.
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ enum SSLExtension implements SSLStringizer {
|
|||
SupportedGroupsExtension.chOnLoadConsumer,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
SupportedGroupsExtension.chOnTradAbsence,
|
||||
SupportedGroupsExtension.sgsStringizer),
|
||||
EE_SUPPORTED_GROUPS (0x000A, "supported_groups",
|
||||
SSLHandshake.ENCRYPTED_EXTENSIONS,
|
||||
|
|
@ -416,7 +416,9 @@ enum SSLExtension implements SSLStringizer {
|
|||
ProtocolVersion.PROTOCOLS_OF_13,
|
||||
KeyShareExtension.chNetworkProducer,
|
||||
KeyShareExtension.chOnLoadConsumer,
|
||||
null, null, null,
|
||||
null,
|
||||
null,
|
||||
KeyShareExtension.chOnTradAbsence,
|
||||
KeyShareExtension.chStringizer),
|
||||
SH_KEY_SHARE (0x0033, "key_share",
|
||||
SSLHandshake.SERVER_HELLO,
|
||||
|
|
@ -469,7 +471,7 @@ enum SSLExtension implements SSLStringizer {
|
|||
PreSharedKeyExtension.chOnLoadConsumer,
|
||||
PreSharedKeyExtension.chOnLoadAbsence,
|
||||
PreSharedKeyExtension.chOnTradeConsumer,
|
||||
null,
|
||||
PreSharedKeyExtension.chOnTradAbsence,
|
||||
PreSharedKeyExtension.chStringizer),
|
||||
SH_PRE_SHARED_KEY (0x0029, "pre_shared_key",
|
||||
SSLHandshake.SERVER_HELLO,
|
||||
|
|
|
|||
|
|
@ -52,6 +52,8 @@ final class SupportedGroupsExtension {
|
|||
new CHSupportedGroupsProducer();
|
||||
static final ExtensionConsumer chOnLoadConsumer =
|
||||
new CHSupportedGroupsConsumer();
|
||||
static final HandshakeAbsence chOnTradAbsence =
|
||||
new CHSupportedGroupsOnTradeAbsence();
|
||||
static final SSLStringizer sgsStringizer =
|
||||
new SupportedGroupsStringizer();
|
||||
|
||||
|
|
@ -436,6 +438,35 @@ final class SupportedGroupsExtension {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* The absence processing if the extension is not present in
|
||||
* a ClientHello handshake message.
|
||||
*/
|
||||
private static final class CHSupportedGroupsOnTradeAbsence
|
||||
implements HandshakeAbsence {
|
||||
@Override
|
||||
public void absent(ConnectionContext context,
|
||||
HandshakeMessage message) throws IOException {
|
||||
// The producing happens in server side only.
|
||||
ServerHandshakeContext shc = (ServerHandshakeContext)context;
|
||||
|
||||
// A client is considered to be attempting to negotiate using this
|
||||
// specification if the ClientHello contains a "supported_versions"
|
||||
// extension with 0x0304 contained in its body. Such a ClientHello
|
||||
// message MUST meet the following requirements:
|
||||
// - If containing a "supported_groups" extension, it MUST also
|
||||
// contain a "key_share" extension, and vice versa. An empty
|
||||
// KeyShare.client_shares vector is permitted.
|
||||
if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
|
||||
shc.handshakeExtensions.containsKey(
|
||||
SSLExtension.CH_KEY_SHARE)) {
|
||||
throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
|
||||
"No supported_groups extension to work with " +
|
||||
"the key_share extension");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Network data producer of a "supported_groups" extension in
|
||||
* the EncryptedExtensions handshake message.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue