Re: Code Review Request: TLS 1.3 Implementation

[Xuelei Fan]

Update: http://hg.openjdk.java.net/jdk/sandbox/rev/75527e40bdfd
This update fixed the session resumption and related issues.   The 
update code will be included in the next webrev for further review.

Xuelei

On 6/3/2018 12:58 PM, Xuelei Fan wrote:
 > http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00

PreSharedKeyExtension.java
--------------------------
A few lines exceed the 80-characters per line limit.

   68  static final class PskIdentity {
This class can be private.


   72  public PskIdentity(byte[] identity, int obfuscatedAge) {
   77  public PskIdentity(ByteBuffer m)
It is not necessary to use "public" scope.  Please check other public 
methods as well if existing.


  111  CHPreSharedKeySpec(ByteBuffer m)
  112      throws IllegalParameterException, IOException {
Implementation of this method does not check the boundary of the 
PreSharedKeyExtension struct.


  271  ServerHandshakeContext shc = (ServerHandshakeContext) 
message.handshakeContext;
It is more simple to use the context parameter rather than the message 
context.


  315   shc.isResumption = false;
  316   shc.resumingSession = null;
        ...
  324       resumeSession(shc, s, idIndex);
This resets of shc.isResumption and shc.resumingSession override the set 
of other extensions.  It could lead to unexpected behaviors.


  675   if (shPsk.selectedIdentity != 0) {
If only the 1st id can be use, may be don't bother to cache and request 
other ids.  I'm  not very sure of it yet, need more time to think about it.

Xuelei

On 5/25/2018 4:45 PM, Xuelei Fan wrote:
Hi,

I'd like to invite you to review the TLS 1.3 implementation.  I 
appreciate it if I could have compatibility and specification feedback 
before May 31, 2018, and implementation feedback before June 7, 2018.

Here is the webrev:
     http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00

The formal TLS 1.3 specification is not finalized yet, although it had 
been approved to be a standard.  The implementation is based on the 
draft version 28:
     https://tools.ietf.org/html/draft-ietf-tls-tls13-28

For the overall description of this enhancement, please refer to JEP 332:
     http://openjdk.java.net/jeps/332

For the compatibility and specification update, please refer to CSR 
8202625:
     https://bugs.openjdk.java.net/browse/JDK-8202625

Note that we are using the sandbox for the development right now.  For 
more information, please refer to Bradford's previous email:

http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html

Thanks & Regards,
Xuelei