Code Review Request: TLS 1.3 Implementation

Xuelei Fan xuelei.fan at oracle.com
Fri Jun 1 19:56:05 UTC 2018


 > http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00

MaxFragExtension.java
---------------------
Looks fine to me.


KeyUpdate.java
--------------
- 74  new IOException("KeyUpdate message value invalid: " + status);
+ 74  throw new IOException("KeyUpdate message value invalid: " + status);
Or
+ 74  context.conContext.fatal(...);
The exception is not thrown.  Personally, I may prefer a 
RuntimeException as it is used in generation side, or send a fatal alert 
to indicate the problem.


   81  if (m.remaining() != 1) {
   82    throw new IOException("KeyUpdate has an unexpected length of "+
   83        m.remaining());
   84  }
Personally, I'd prefer to send a fatal alert.


   87  if (status > 1) {
   88     new IOException("KeyUpdate message value invalid: " + status);
   89  }
The exception is not thrown.  I may use a fatal alert.


  108  @Override
  109  public String toString() {
  110      throw new UnsupportedOperationException("Not supported yet.");
  111  }
For debugging, please implement this method and dump debug information 
in the consumer and producer accordingly.


  145  public void consume(ConnectionContext context,
  146          ByteBuffer message) throws IOException {

I think we need to catch up with the following spec in this method:
    Implementations that receive a KeyUpdate message prior to receiving
    a Finished message MUST terminate the connection with an
    unexpected_message" alert.


  151  if (km.getStatus() == KeyUpdateMessage.NOTREQUSTED) {
  152      return;
  153  }

If I'm correct, the "update_not_requested" status means "recipient of 
the KeyUpdate" may not respond with its own KeyUpdate", but still need 
to update its receiving keys.  Am I missing something?


  165 SSLKeyDerivation skd = kdg.createKeyDerivation(hc,
  166        hc.conContext.inputRecord.readCipher.baseSecret);
  167 SecretKey nplus1 = skd.deriveKey("TlsUpdateNplus1", null);
  168 if (skd == null) {
  169      // unlikely
  170       hc.conContext.fatal(Alert.INTERNAL_ERROR,
  171             "no key derivation");
  172       return;
  173 }
Move line 167 bellow 173? he skd non-null checking can be performed  198 
      new KeyUpdateMessage(hc, KeyUpdateMessage.NOTREQUSTED));earlier.


The blank line 191 may be not necessary.


  196  // Send Reply
  197  handshakeProducer.produce(hc,
  198      new KeyUpdateMessage(hc, KeyUpdateMessage.NOTREQUSTED));
If one update the 151-153 block, please don't forgot to update this 
block as well if needed: send reply if the status is REQUSTED.


  219  if (km.getStatus() == KeyUpdateMessage.REQUSTED) {
  220      secret = hc.conContext.outputRecord.writeCipher.baseSecret;
  221  } else {
  222      km.write(hc.handshakeOutput);
  223      hc.handshakeOutput.flush();
  224      return null;
  225  }
Similar comment as 151-153.  For NOTREQUSTED status, may still need to 
update the write keys.


Xuelei

On 5/25/2018 4:45 PM, Xuelei Fan wrote:
> Hi,
> 
> I'd like to invite you to review the TLS 1.3 implementation.  I 
> appreciate it if I could have compatibility and specification feedback 
> before May 31, 2018, and implementation feedback before June 7, 2018.
> 
> Here is the webrev:
>      http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
> 
> The formal TLS 1.3 specification is not finalized yet, although it had 
> been approved to be a standard.  The implementation is based on the 
> draft version 28:
>      https://tools.ietf.org/html/draft-ietf-tls-tls13-28
> 
> For the overall description of this enhancement, please refer to JEP 332:
>      http://openjdk.java.net/jeps/332
> 
> For the compatibility and specification update, please refer to CSR 
> 8202625:
>      https://bugs.openjdk.java.net/browse/JDK-8202625
> 
> Note that we are using the sandbox for the development right now.  For 
> more information, please refer to Bradford's previous email:
> 
> http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
> 
> Thanks & Regards,
> Xuelei


More information about the security-dev mailing list