jdk-sandbox: src/java.base/share/classes/sun/security/ssl/ExtendedMasterSecretExtension.java@b472b5917a1b (annotated)

48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	1	/*
56557 daa34bd1c8dc Corrected copyright wetmore parents: 56542 diff changeset	2	* Copyright (c) 2017, Red Hat, Inc. and/or its affiliates.
daa34bd1c8dc Corrected copyright wetmore parents: 56542 diff changeset	3	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	4	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	5	*
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	6	* This code is free software; you can redistribute it and/or modify it
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	7	* under the terms of the GNU General Public License version 2 only, as
48373 f9152f462cbc 8193758: Update copyright headers of files in src tree that are missing Classpath exception alanb parents: 48225 diff changeset	8	* published by the Free Software Foundation. Oracle designates this
f9152f462cbc 8193758: Update copyright headers of files in src tree that are missing Classpath exception alanb parents: 48225 diff changeset	9	* particular file as subject to the "Classpath" exception as provided
f9152f462cbc 8193758: Update copyright headers of files in src tree that are missing Classpath exception alanb parents: 48225 diff changeset	10	* by Oracle in the LICENSE file that accompanied this code.
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	11	*
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	12	* This code is distributed in the hope that it will be useful, but WITHOUT
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	13	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	14	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	15	* version 2 for more details (a copy is included in the LICENSE file that
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	16	* accompanied this code).
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	17	*
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	18	* You should have received a copy of the GNU General Public License version
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	19	* 2 along with this work; if not, write to the Free Software Foundation,
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	20	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	21	*
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	22	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	23	* or visit www.oracle.com if you need additional information or have any
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	24	* questions.
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	25	*/
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	26
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	27	package sun.security.ssl;
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	28
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	29	import java.io.IOException;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	30	import java.nio.ByteBuffer;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	31	import javax.net.ssl.SSLProtocolException;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	32	import static sun.security.ssl.SSLExtension.CH_EXTENDED_MASTER_SECRET;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	33	import sun.security.ssl.SSLExtension.ExtensionConsumer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	34	import static sun.security.ssl.SSLExtension.SH_EXTENDED_MASTER_SECRET;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	35	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	36	import sun.security.ssl.SSLHandshake.HandshakeMessage;
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	37
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	38	/**
56782 b472b5917a1b typo, format and copyrigth corrections xuelei parents: 56708 diff changeset	39	* Pack of the "extended_master_secret" extensions [RFC 7627].
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	40	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	41	final class ExtendedMasterSecretExtension {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	42	static final HandshakeProducer chNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	43	new CHExtendedMasterSecretProducer();
56704 c3ee22c3a0f6 Minor nits and cleanup across SSLExtension classes jnimeh parents: 56559 diff changeset	44	static final ExtensionConsumer chOnLoadConsumer =
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	45	new CHExtendedMasterSecretConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	46	static final HandshakeAbsence chOnLoadAbsence =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	47	new CHExtendedMasterSecretAbsence();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	48
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	49	static final HandshakeProducer shNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	50	new SHExtendedMasterSecretProducer();
56704 c3ee22c3a0f6 Minor nits and cleanup across SSLExtension classes jnimeh parents: 56559 diff changeset	51	static final ExtensionConsumer shOnLoadConsumer =
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	52	new SHExtendedMasterSecretConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	53	static final HandshakeAbsence shOnLoadAbsence =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	54	new SHExtendedMasterSecretAbsence();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	55
56708 25178bb3e8f5 Rename Stringize to Stringizer xuelei parents: 56704 diff changeset	56	static final SSLStringizer emsStringizer =
25178bb3e8f5 Rename Stringize to Stringizer xuelei parents: 56704 diff changeset	57	new ExtendedMasterSecretStringizer();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	58
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	59	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	60	* The "extended_master_secret" extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	61	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	62	static final class ExtendedMasterSecretSpec implements SSLExtensionSpec {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	63	// A nominal object that does not holding any real renegotiation info.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	64	static final ExtendedMasterSecretSpec NOMINAL =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	65	new ExtendedMasterSecretSpec();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	66
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	67	private ExtendedMasterSecretSpec() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	68	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	69	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	70
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	71	private ExtendedMasterSecretSpec(ByteBuffer m) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	72	// Parse the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	73	if (m.hasRemaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	74	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	75	"Invalid extended_master_secret extension data: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	76	"not empty");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	77	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	78	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	79
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	80	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	81	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	82	return "<empty>";
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	83	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	84	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	85
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	86	private static final
56708 25178bb3e8f5 Rename Stringize to Stringizer xuelei parents: 56704 diff changeset	87	class ExtendedMasterSecretStringizer implements SSLStringizer {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	88	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	89	public String toString(ByteBuffer buffer) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	90	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	91	return (new ExtendedMasterSecretSpec(buffer)).toString();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	92	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	93	// For debug logging only, so please swallow exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	94	return ioe.getMessage();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	95	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	96	}
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	97	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	98
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	99	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	100	* Network data producer of a "extended_master_secret" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	101	* the ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	102	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	103	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	104	class CHExtendedMasterSecretProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	105	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	106	private CHExtendedMasterSecretProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	107	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	108	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	109
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	110	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	111	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	112	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	113	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	114	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	115
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	116	// Is it a supported and enabled extension?
56559 a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	117	if (!chc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) \|\|
a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	118	!SSLConfiguration.useExtendedMasterSecret \|\|
a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	119	!chc.conContext.protocolVersion.useTLS10PlusSpec()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	120	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	121	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	122	"Ignore unavailable extended_master_secret extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	123	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	124
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	125	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	126	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	127
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	128	if (chc.handshakeSession == null \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	129	chc.handshakeSession.useExtendedMasterSecret) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	130	byte[] extData = new byte[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	131	chc.handshakeExtensions.put(CH_EXTENDED_MASTER_SECRET,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	132	ExtendedMasterSecretSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	133
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	134	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	135	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	136
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	137	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	138	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	139	}
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	140
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	141	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	142	* Network data producer of a "extended_master_secret" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	143	* the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	144	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	145	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	146	class CHExtendedMasterSecretConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	147	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	148	private CHExtendedMasterSecretConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	149	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	150	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	151
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	152	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	153	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	154	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	155
56704 c3ee22c3a0f6 Minor nits and cleanup across SSLExtension classes jnimeh parents: 56559 diff changeset	156	// The consuming happens in server side only.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	157	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	158
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	159	// Is it a supported and enabled extension?
56559 a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	160	if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) \|\|
a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	161	!SSLConfiguration.useExtendedMasterSecret \|\|
a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	162	!shc.negotiatedProtocol.useTLS10PlusSpec()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	163	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	164	SSLLogger.fine("Ignore unavailable extension: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	165	CH_EXTENDED_MASTER_SECRET.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	166	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	167	return; // ignore the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	168	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	169
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	170	// Parse the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	171	ExtendedMasterSecretSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	172	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	173	spec = new ExtendedMasterSecretSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	174	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	175	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	176	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	177	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	178
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	179	if (shc.isResumption && shc.resumingSession != null &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	180	!shc.resumingSession.useExtendedMasterSecret) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	181	// For abbreviated handshake request, If the original
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	182	// session did not use the "extended_master_secret"
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	183	// extension but the new ClientHello contains the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	184	// extension, then the server MUST NOT perform the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	185	// abbreviated handshake. Instead, it SHOULD continue
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	186	// with a full handshake.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	187	shc.isResumption = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	188	shc.resumingSession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	189	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	190	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	191	"abort session resumption which did not use " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	192	"Extended Master Secret extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	193	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	194	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	195
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	196	// Update the context.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	197	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	198	shc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	199	CH_EXTENDED_MASTER_SECRET, ExtendedMasterSecretSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	200
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	201	// No impact on session resumption.
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	202	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	203	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	204
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	205	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	206	* The absence processing if a "extended_master_secret" extension is
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	207	* not present in the ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	208	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	209	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	210	class CHExtendedMasterSecretAbsence implements HandshakeAbsence {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	211	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	212	public void absent(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	213	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	214	// The producing happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	215	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	216
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	217	// Is it a supported and enabled extension?
56559 a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	218	if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET) \|\|
a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	219	!SSLConfiguration.useExtendedMasterSecret) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	220	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	221	SSLLogger.fine("Ignore unavailable extension: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	222	CH_EXTENDED_MASTER_SECRET.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	223	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	224	return; // ignore the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	225	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	226
56559 a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	227	if (shc.negotiatedProtocol.useTLS10PlusSpec() &&
a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	228	!SSLConfiguration.allowLegacyMasterSecret) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	229	// For full handshake, if the server receives a ClientHello
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	230	// without the extension, it SHOULD abort the handshake if
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	231	// it does not wish to interoperate with legacy clients.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	232	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	233	// As if extended master extension is required for full
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	234	// handshake, it MUST be used in abbreviated handshake too.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	235	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	236	"Extended Master Secret extension is required");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	237	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	238
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	239	if (shc.isResumption && shc.resumingSession != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	240	if (shc.resumingSession.useExtendedMasterSecret) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	241	// For abbreviated handshake request, if the original
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	242	// session used the "extended_master_secret" extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	243	// but the new ClientHello does not contain it, the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	244	// server MUST abort the abbreviated handshake.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	245	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	246	"Missing Extended Master Secret extension " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	247	"on session resumption");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	248	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	249	// For abbreviated handshake request, if neither the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	250	// original session nor the new ClientHello uses the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	251	// extension, the server SHOULD abort the handshake.
56559 a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	252	if (!SSLConfiguration.allowLegacyResumption) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	253	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	254	"Missing Extended Master Secret extension " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	255	"on session resumption");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	256	} else { // Otherwise, continue with a full handshake.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	257	shc.isResumption = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	258	shc.resumingSession = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	259	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	260	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	261	"abort session resumption, " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	262	"missing Extended Master Secret extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	263	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	264	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	265	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	266	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	267	}
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	268	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	269
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	270	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	271	* Network data producer of a "extended_master_secret" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	272	* the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	273	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	274	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	275	class SHExtendedMasterSecretProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	276	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	277	private SHExtendedMasterSecretProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	278	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	279	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	280
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	281	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	282	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	283	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	284	// The producing happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	285	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	286
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	287	if (shc.handshakeSession.useExtendedMasterSecret) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	288	byte[] extData = new byte[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	289	shc.handshakeExtensions.put(SH_EXTENDED_MASTER_SECRET,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	290	ExtendedMasterSecretSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	291
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	292	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	293	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	294
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	295	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	296	}
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	297	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	298
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	299	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	300	* Network data consumer of a "extended_master_secret" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	301	* the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	302	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	303	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	304	class SHExtendedMasterSecretConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	305	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	306	private SHExtendedMasterSecretConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	307	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	308	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	309
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	310	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	311	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	312	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	313	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	314	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	315
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	316	// In response to the client extended_master_secret extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	317	// request, which is mandatory for ClientHello message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	318	ExtendedMasterSecretSpec requstedSpec = (ExtendedMasterSecretSpec)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	319	chc.handshakeExtensions.get(CH_EXTENDED_MASTER_SECRET);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	320	if (requstedSpec == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	321	chc.conContext.fatal(Alert.UNSUPPORTED_EXTENSION,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	322	"Server sent the extended_master_secret " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	323	"extension improperly");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	324	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	325
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	326	// Parse the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	327	ExtendedMasterSecretSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	328	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	329	spec = new ExtendedMasterSecretSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	330	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	331	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	332	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	333	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	334
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	335	if (chc.isResumption && chc.resumingSession != null &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	336	!chc.resumingSession.useExtendedMasterSecret) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	337	chc.conContext.fatal(Alert.UNSUPPORTED_EXTENSION,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	338	"Server sent an unexpected extended_master_secret " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	339	"extension on session resumption");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	340	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	341
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	342	// Update the context.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	343	chc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	344	SH_EXTENDED_MASTER_SECRET, ExtendedMasterSecretSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	345
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	346	// No impact on session resumption.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	347	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	348	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	349
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	350	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	351	* The absence processing if a "extended_master_secret" extension is
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	352	* not present in the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	353	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	354	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	355	class SHExtendedMasterSecretAbsence implements HandshakeAbsence {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	356	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	357	public void absent(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	358	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	359	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	360	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	361
56559 a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	362	if (SSLConfiguration.useExtendedMasterSecret &&
a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	363	!SSLConfiguration.allowLegacyMasterSecret) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	364	// For full handshake, if a client receives a ServerHello
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	365	// without the extension, it SHOULD abort the handshake if
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	366	// it does not wish to interoperate with legacy servers.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	367	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	368	"Extended Master Secret extension is required");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	369	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	370
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	371	if (chc.isResumption && chc.resumingSession != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	372	if (chc.resumingSession.useExtendedMasterSecret) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	373	// For abbreviated handshake, if the original session used
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	374	// the "extended_master_secret" extension but the new
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	375	// ServerHello does not contain the extension, the client
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	376	// MUST abort the handshake.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	377	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	378	"Missing Extended Master Secret extension " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	379	"on session resumption");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	380	} else if (SSLConfiguration.useExtendedMasterSecret &&
56559 a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	381	!SSLConfiguration.allowLegacyResumption &&
a423173d0578 rollbak behavior changes of extended secret extension xuelei parents: 56557 diff changeset	382	chc.negotiatedProtocol.useTLS10PlusSpec()) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	383	// Unlikely, abbreviated handshake should be discarded.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	384	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	385	"Extended Master Secret extension is required");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	386	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	387	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 48373 diff changeset	388	}
48225 718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	389	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	390	}
718669e6b375 8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension xuelei parents: diff changeset	391

author	xuelei
	Tue, 19 Jun 2018 09:05:57 -0700
branch	JDK-8145252-TLS13-branch
changeset 56782	b472b5917a1b
parent 56708	25178bb3e8f5
permissions	-rw-r--r--