|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 package sun.security.ssl; |
|
26 |
|
27 import java.io.IOException; |
|
28 import java.nio.ByteBuffer; |
|
29 import java.text.MessageFormat; |
|
30 import java.util.*; |
|
31 import javax.net.ssl.SSLProtocolException; |
|
32 import sun.security.ssl.SSLExtension.ExtensionConsumer; |
|
33 |
|
34 import sun.security.ssl.SSLExtension.SSLExtensionSpec; |
|
35 import sun.security.ssl.SSLHandshake.HandshakeMessage; |
|
36 |
|
37 /** |
|
38 * Pack of the "psk_key_exchange_modes" extensions. |
|
39 */ |
|
40 final class PskKeyExchangeModesExtension { |
|
41 static final HandshakeProducer chNetworkProducer = |
|
42 new PskKeyExchangeModesProducer(); |
|
43 static final ExtensionConsumer chOnLoadConsumer = |
|
44 new PskKeyExchangeModesConsumer(); |
|
45 static final HandshakeAbsence chOnLoadAbsence = |
|
46 new PskKeyExchangeModesOnLoadAbsence(); |
|
47 static final HandshakeAbsence chOnTradeAbsence = |
|
48 new PskKeyExchangeModesOnTradeAbsence(); |
|
49 |
|
50 static final SSLStringizer pkemStringizer = |
|
51 new PskKeyExchangeModesStringizer(); |
|
52 |
|
53 enum PskKeyExchangeMode { |
|
54 PSK_KE ((byte)0, "psk_ke"), |
|
55 PSK_DHE_KE ((byte)1, "psk_dhe_ke"); |
|
56 |
|
57 final byte id; |
|
58 final String name; |
|
59 |
|
60 PskKeyExchangeMode(byte id, String name) { |
|
61 this.id = id; |
|
62 this.name = name; |
|
63 } |
|
64 |
|
65 static PskKeyExchangeMode valueOf(byte id) { |
|
66 for(PskKeyExchangeMode pkem : values()) { |
|
67 if (pkem.id == id) { |
|
68 return pkem; |
|
69 } |
|
70 } |
|
71 |
|
72 return null; |
|
73 } |
|
74 |
|
75 static String nameOf(byte id) { |
|
76 for (PskKeyExchangeMode pkem : PskKeyExchangeMode.values()) { |
|
77 if (pkem.id == id) { |
|
78 return pkem.name; |
|
79 } |
|
80 } |
|
81 |
|
82 return "<UNKNOWN PskKeyExchangeMode TYPE: " + (id & 0x0FF) + ">"; |
|
83 } |
|
84 } |
|
85 |
|
86 static final |
|
87 class PskKeyExchangeModesSpec implements SSLExtensionSpec { |
|
88 private static final PskKeyExchangeModesSpec DEFAULT = |
|
89 new PskKeyExchangeModesSpec(new byte[] { |
|
90 PskKeyExchangeMode.PSK_DHE_KE.id}); |
|
91 |
|
92 final byte[] modes; |
|
93 |
|
94 PskKeyExchangeModesSpec(byte[] modes) { |
|
95 this.modes = modes; |
|
96 } |
|
97 |
|
98 PskKeyExchangeModesSpec(ByteBuffer m) throws IOException { |
|
99 if (m.remaining() < 2) { |
|
100 throw new SSLProtocolException( |
|
101 "Invalid psk_key_exchange_modes extension: " + |
|
102 "insufficient data"); |
|
103 } |
|
104 |
|
105 this.modes = Record.getBytes8(m); |
|
106 } |
|
107 |
|
108 boolean contains(PskKeyExchangeMode mode) { |
|
109 if (modes != null) { |
|
110 for (byte m : modes) { |
|
111 if (mode.id == m) { |
|
112 return true; |
|
113 } |
|
114 } |
|
115 } |
|
116 |
|
117 return false; |
|
118 } |
|
119 |
|
120 @Override |
|
121 public String toString() { |
|
122 MessageFormat messageFormat = new MessageFormat( |
|
123 "\"ke_modes\": '['{0}']'", Locale.ENGLISH); |
|
124 if (modes == null || modes.length == 0) { |
|
125 Object[] messageFields = { |
|
126 "<no PSK key exchange modes specified>" |
|
127 }; |
|
128 return messageFormat.format(messageFields); |
|
129 } else { |
|
130 StringBuilder builder = new StringBuilder(64); |
|
131 boolean isFirst = true; |
|
132 for (byte mode : modes) { |
|
133 if (isFirst) { |
|
134 isFirst = false; |
|
135 } else { |
|
136 builder.append(", "); |
|
137 } |
|
138 |
|
139 builder.append(PskKeyExchangeMode.nameOf(mode)); |
|
140 } |
|
141 |
|
142 Object[] messageFields = { |
|
143 builder.toString() |
|
144 }; |
|
145 |
|
146 return messageFormat.format(messageFields); |
|
147 } |
|
148 } |
|
149 } |
|
150 |
|
151 private static final |
|
152 class PskKeyExchangeModesStringizer implements SSLStringizer { |
|
153 @Override |
|
154 public String toString(ByteBuffer buffer) { |
|
155 try { |
|
156 return (new PskKeyExchangeModesSpec(buffer)).toString(); |
|
157 } catch (IOException ioe) { |
|
158 // For debug logging only, so please swallow exceptions. |
|
159 return ioe.getMessage(); |
|
160 } |
|
161 } |
|
162 } |
|
163 |
|
164 /** |
|
165 * Network data consumer of a "psk_key_exchange_modes" extension in |
|
166 * the ClientHello handshake message. |
|
167 */ |
|
168 private static final |
|
169 class PskKeyExchangeModesConsumer implements ExtensionConsumer { |
|
170 // Prevent instantiation of this class. |
|
171 private PskKeyExchangeModesConsumer() { |
|
172 // blank |
|
173 } |
|
174 |
|
175 @Override |
|
176 public void consume(ConnectionContext context, |
|
177 HandshakeMessage message, ByteBuffer buffer) throws IOException { |
|
178 |
|
179 // The consuming happens in server side only. |
|
180 ServerHandshakeContext shc = (ServerHandshakeContext)context; |
|
181 |
|
182 // Is it a supported and enabled extension? |
|
183 if (!shc.sslConfig.isAvailable( |
|
184 SSLExtension.PSK_KEY_EXCHANGE_MODES)) { |
|
185 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
186 SSLLogger.fine( |
|
187 "Ignore unavailable psk_key_exchange_modes extension"); |
|
188 } |
|
189 |
|
190 // No session resumption is allowed. |
|
191 if (shc.isResumption && shc.resumingSession != null) { |
|
192 shc.isResumption = false; |
|
193 shc.resumingSession = null; |
|
194 } |
|
195 |
|
196 return; // ignore the extension |
|
197 } |
|
198 |
|
199 // Parse the extension. |
|
200 PskKeyExchangeModesSpec spec; |
|
201 try { |
|
202 spec = new PskKeyExchangeModesSpec(buffer); |
|
203 } catch (IOException ioe) { |
|
204 shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe); |
|
205 return; // fatal() always throws, make the compiler happy. |
|
206 } |
|
207 |
|
208 // Update the context. |
|
209 shc.handshakeExtensions.put( |
|
210 SSLExtension.PSK_KEY_EXCHANGE_MODES, spec); |
|
211 |
|
212 // Impact on session resumption. |
|
213 // |
|
214 // Do the requested modes support session resumption? |
|
215 if (shc.isResumption) { // resumingSession may not be set |
|
216 // Note: psk_dhe_ke is the only supported mode now. If the |
|
217 // psk_ke mode is supported in the future, may need an update |
|
218 // here. |
|
219 if (!spec.contains(PskKeyExchangeMode.PSK_DHE_KE)) { |
|
220 shc.isResumption = false; |
|
221 shc.resumingSession = null; |
|
222 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
223 SSLLogger.fine( |
|
224 "abort session resumption, " + |
|
225 "no supported psk_dhe_ke PSK key exchange mode"); |
|
226 } |
|
227 } |
|
228 } |
|
229 } |
|
230 } |
|
231 |
|
232 /** |
|
233 * Network data producer of a "psk_key_exchange_modes" extension in the |
|
234 * ClientHello handshake message. |
|
235 */ |
|
236 private static final |
|
237 class PskKeyExchangeModesProducer implements HandshakeProducer { |
|
238 |
|
239 // Prevent instantiation of this class. |
|
240 private PskKeyExchangeModesProducer() { |
|
241 // blank |
|
242 } |
|
243 |
|
244 @Override |
|
245 public byte[] produce(ConnectionContext context, |
|
246 HandshakeMessage message) throws IOException { |
|
247 // The producing happens in client side only. |
|
248 ClientHandshakeContext chc = (ClientHandshakeContext)context; |
|
249 |
|
250 // Is it a supported and enabled extension? |
|
251 if (!chc.sslConfig.isAvailable( |
|
252 SSLExtension.PSK_KEY_EXCHANGE_MODES)) { |
|
253 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
254 SSLLogger.warning( |
|
255 "Ignore unavailable psk_key_exchange_modes extension"); |
|
256 } |
|
257 |
|
258 return null; |
|
259 } |
|
260 |
|
261 byte[] extData = new byte[] {0x01, 0x01}; // psk_dhe_ke |
|
262 |
|
263 // Update the context. |
|
264 chc.handshakeExtensions.put( |
|
265 SSLExtension.PSK_KEY_EXCHANGE_MODES, |
|
266 PskKeyExchangeModesSpec.DEFAULT); |
|
267 |
|
268 return extData; |
|
269 } |
|
270 } |
|
271 /** |
|
272 * The absence processing if a "psk_key_exchange_modes" extension is |
|
273 * not present in the ClientHello handshake message. |
|
274 */ |
|
275 private static final |
|
276 class PskKeyExchangeModesOnLoadAbsence implements HandshakeAbsence { |
|
277 |
|
278 // Prevent instantiation of this class. |
|
279 private PskKeyExchangeModesOnLoadAbsence() { |
|
280 // blank |
|
281 } |
|
282 |
|
283 @Override |
|
284 public void absent(ConnectionContext context, |
|
285 HandshakeMessage message) throws IOException { |
|
286 // The consuming happens in server side only. |
|
287 ServerHandshakeContext shc = (ServerHandshakeContext)context; |
|
288 |
|
289 // No session resumptio is allowed. |
|
290 if (shc.isResumption) { // resumingSession may not be set |
|
291 shc.isResumption = false; |
|
292 shc.resumingSession = null; |
|
293 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
294 SSLLogger.fine( |
|
295 "abort session resumption, " + |
|
296 "no supported psk_dhe_ke PSK key exchange mode"); |
|
297 } |
|
298 } |
|
299 } |
|
300 } |
|
301 |
|
302 /** |
|
303 * The absence processing if a "signature_algorithms" extension is |
|
304 * not present in the ClientHello handshake message. |
|
305 */ |
|
306 private static final |
|
307 class PskKeyExchangeModesOnTradeAbsence implements HandshakeAbsence { |
|
308 |
|
309 // Prevent instantiation of this class. |
|
310 private PskKeyExchangeModesOnTradeAbsence() { |
|
311 // blank |
|
312 } |
|
313 |
|
314 @Override |
|
315 public void absent(ConnectionContext context, |
|
316 HandshakeMessage message) throws IOException { |
|
317 // The consuming happens in server side only. |
|
318 ServerHandshakeContext shc = (ServerHandshakeContext)context; |
|
319 |
|
320 // A client MUST provide a "psk_key_exchange_modes" extension if |
|
321 // it offers a "pre_shared_key" extension. If clients offer |
|
322 // "pre_shared_key" without a "psk_key_exchange_modes" extension, |
|
323 // servers MUST abort the handshake. |
|
324 SSLExtensionSpec spec = |
|
325 shc.handshakeExtensions.get(SSLExtension.CH_PRE_SHARED_KEY); |
|
326 if (spec == null) { |
|
327 shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
|
328 "pre_shared_key key extension is offered " + |
|
329 "without a psk_key_exchange_modes extension"); |
|
330 } |
|
331 } |
|
332 } |
|
333 } |