Skip to content
Permalink
Browse files

8215711: Missing key_share extension for (EC)DHE key exchange should …

…alert missing_extension

Reviewed-by: ascarpino
  • Loading branch information
XueleiFan committed Apr 6, 2020
1 parent a6b990f commit ed00873148823e11fc5f240806dd5d48dded38e3
@@ -51,6 +51,8 @@
new CHKeyShareProducer();
static final ExtensionConsumer chOnLoadConsumer =
new CHKeyShareConsumer();
static final HandshakeAbsence chOnTradAbsence =
new CHKeyShareOnTradeAbsence();
static final SSLStringizer chStringizer =
new CHKeyShareStringizer();

@@ -372,6 +374,36 @@ public void consume(ConnectionContext context,
}
}

/**
* The absence processing if the extension is not present in
* a ClientHello handshake message.
*/
private static final class CHKeyShareOnTradeAbsence
implements HandshakeAbsence {
@Override
public void absent(ConnectionContext context,
HandshakeMessage message) throws IOException {
// The producing happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;

// A client is considered to be attempting to negotiate using this
// specification if the ClientHello contains a "supported_versions"
// extension with 0x0304 contained in its body. Such a ClientHello
// message MUST meet the following requirements:
// - If containing a "supported_groups" extension, it MUST also
// contain a "key_share" extension, and vice versa. An empty
// KeyShare.client_shares vector is permitted.
if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
shc.handshakeExtensions.containsKey(
SSLExtension.CH_SUPPORTED_GROUPS)) {
throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
"No key_share extension to work with " +
"the supported_groups extension");
}
}
}


/**
* The key share entry used in ServerHello "key_share" extensions.
*/
@@ -56,9 +56,11 @@
static final ExtensionConsumer chOnLoadConsumer =
new CHPreSharedKeyConsumer();
static final HandshakeAbsence chOnLoadAbsence =
new CHPreSharedKeyAbsence();
new CHPreSharedKeyOnLoadAbsence();
static final HandshakeConsumer chOnTradeConsumer =
new CHPreSharedKeyUpdate();
static final HandshakeAbsence chOnTradAbsence =
new CHPreSharedKeyOnTradeAbsence();
static final SSLStringizer chStringizer =
new CHPreSharedKeyStringizer();

@@ -822,7 +824,7 @@ private static SecretKey deriveBinderKey(HandshakeContext context,
}

private static final
class CHPreSharedKeyAbsence implements HandshakeAbsence {
class CHPreSharedKeyOnLoadAbsence implements HandshakeAbsence {
@Override
public void absent(ConnectionContext context,
HandshakeMessage message) throws IOException {
@@ -840,6 +842,37 @@ public void absent(ConnectionContext context,
}
}

/**
* The absence processing if the extension is not present in
* a ClientHello handshake message.
*/
private static final class CHPreSharedKeyOnTradeAbsence
implements HandshakeAbsence {
@Override
public void absent(ConnectionContext context,
HandshakeMessage message) throws IOException {
// The producing happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;

// A client is considered to be attempting to negotiate using this
// specification if the ClientHello contains a "supported_versions"
// extension with 0x0304 contained in its body. Such a ClientHello
// message MUST meet the following requirements:
// - If not containing a "pre_shared_key" extension, it MUST
// contain both a "signature_algorithms" extension and a
// "supported_groups" extension.
if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
(!shc.handshakeExtensions.containsKey(
SSLExtension.CH_SIGNATURE_ALGORITHMS) ||
!shc.handshakeExtensions.containsKey(
SSLExtension.CH_SUPPORTED_GROUPS))) {
throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
"No supported_groups or signature_algorithms extension " +
"when pre_shared_key extension is not present");
}
}
}

private static final
class SHPreSharedKeyConsumer implements ExtensionConsumer {
// Prevent instantiation of this class.
@@ -142,7 +142,7 @@
SupportedGroupsExtension.chOnLoadConsumer,
null,
null,
null,
SupportedGroupsExtension.chOnTradAbsence,
SupportedGroupsExtension.sgsStringizer),
EE_SUPPORTED_GROUPS (0x000A, "supported_groups",
SSLHandshake.ENCRYPTED_EXTENSIONS,
@@ -416,7 +416,9 @@
ProtocolVersion.PROTOCOLS_OF_13,
KeyShareExtension.chNetworkProducer,
KeyShareExtension.chOnLoadConsumer,
null, null, null,
null,
null,
KeyShareExtension.chOnTradAbsence,
KeyShareExtension.chStringizer),
SH_KEY_SHARE (0x0033, "key_share",
SSLHandshake.SERVER_HELLO,
@@ -469,7 +471,7 @@
PreSharedKeyExtension.chOnLoadConsumer,
PreSharedKeyExtension.chOnLoadAbsence,
PreSharedKeyExtension.chOnTradeConsumer,
null,
PreSharedKeyExtension.chOnTradAbsence,
PreSharedKeyExtension.chStringizer),
SH_PRE_SHARED_KEY (0x0029, "pre_shared_key",
SSLHandshake.SERVER_HELLO,
@@ -52,6 +52,8 @@
new CHSupportedGroupsProducer();
static final ExtensionConsumer chOnLoadConsumer =
new CHSupportedGroupsConsumer();
static final HandshakeAbsence chOnTradAbsence =
new CHSupportedGroupsOnTradeAbsence();
static final SSLStringizer sgsStringizer =
new SupportedGroupsStringizer();

@@ -436,6 +438,35 @@ public void consume(ConnectionContext context,
}
}

/**
* The absence processing if the extension is not present in
* a ClientHello handshake message.
*/
private static final class CHSupportedGroupsOnTradeAbsence
implements HandshakeAbsence {
@Override
public void absent(ConnectionContext context,
HandshakeMessage message) throws IOException {
// The producing happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;

// A client is considered to be attempting to negotiate using this
// specification if the ClientHello contains a "supported_versions"
// extension with 0x0304 contained in its body. Such a ClientHello
// message MUST meet the following requirements:
// - If containing a "supported_groups" extension, it MUST also
// contain a "key_share" extension, and vice versa. An empty
// KeyShare.client_shares vector is permitted.
if (shc.negotiatedProtocol.useTLS13PlusSpec() &&
shc.handshakeExtensions.containsKey(
SSLExtension.CH_KEY_SHARE)) {
throw shc.conContext.fatal(Alert.MISSING_EXTENSION,
"No supported_groups extension to work with " +
"the key_share extension");
}
}
}

/**
* Network data producer of a "supported_groups" extension in
* the EncryptedExtensions handshake message.

0 comments on commit ed00873

Please sign in to comment.