Add a few fatal alert detail messages

peterdettman · peterdettman · commit 037912017db9 · 2025-05-14T13:45:35.000+07:00
diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsClientProtocol.java b/tls/src/main/java/org/bouncycastle/tls/TlsClientProtocol.java
@@ -840,7 +840,7 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)
         final Hashtable extensions = helloRetryRequest.getExtensions();
         if (null == extensions)
         {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, "no extensions found");
         }
         TlsUtils.checkExtensionData13(extensions, HandshakeType.hello_retry_request, AlertDescription.illegal_parameter);
 
@@ -855,30 +855,37 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)
             while (e.hasMoreElements())
             {
                 Integer extType = (Integer)e.nextElement();
+                int extensionType = extType.intValue();
 
-                if (ExtensionType.cookie == extType.intValue())
+                if (ExtensionType.cookie == extensionType)
                 {
                     continue;
                 }
 
                 if (null == TlsUtils.getExtensionData(clientExtensions, extType))
                 {
-                    throw new TlsFatalAlert(AlertDescription.unsupported_extension);
+                    throw new TlsFatalAlert(AlertDescription.unsupported_extension,
+                        "received unrequested extension response: " + ExtensionType.getText(extensionType));
                 }
             }
         }
 
         final ProtocolVersion server_version = TlsExtensionsUtils.getSupportedVersionsExtensionServer(extensions);
         if (null == server_version)
         {
-            throw new TlsFatalAlert(AlertDescription.missing_extension);
+            throw new TlsFatalAlert(AlertDescription.missing_extension,
+                "missing extension response: " + ExtensionType.getText(ExtensionType.supported_versions));
         }
 
         if (!ProtocolVersion.TLSv13.isEqualOrEarlierVersionOf(server_version) ||
-            !ProtocolVersion.contains(tlsClientContext.getClientSupportedVersions(), server_version) ||
-            !TlsUtils.isValidVersionForCipherSuite(cipherSuite, server_version))
+            !ProtocolVersion.contains(tlsClientContext.getClientSupportedVersions(), server_version))
         {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, "invalid version selected: " + server_version);
+        }
+
+        if (!TlsUtils.isValidVersionForCipherSuite(cipherSuite, server_version))
+        {
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, "invalid cipher suite for selected version");
         }
 
         if (null != clientBinders)
@@ -891,6 +898,20 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)
             }
         }
 
+        final int selected_group = TlsExtensionsUtils.getKeyShareHelloRetryRequest(extensions);
+
+        /*
+         * TODO[tls:psk_ke]
+         *
+         * RFC 8446 4.2.8. Servers [..] MUST NOT send a KeyShareEntry when using the "psk_ke"
+         * PskKeyExchangeMode.
+         */
+        if (selected_group < 0)
+        {
+            throw new TlsFatalAlert(AlertDescription.missing_extension,
+                "missing extension response: " + ExtensionType.getText(ExtensionType.key_share));
+        }
+
         /*
          * RFC 8446 4.2.8. Upon receipt of this [Key Share] extension in a HelloRetryRequest, the
          * client MUST verify that (1) the selected_group field corresponds to a group which was
@@ -899,12 +920,10 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)
          * extension in the original ClientHello. If either of these checks fails, then the client
          * MUST abort the handshake with an "illegal_parameter" alert.
          */
-        final int selected_group = TlsExtensionsUtils.getKeyShareHelloRetryRequest(extensions);
-
         if (!TlsUtils.isValidKeyShareSelection(server_version, securityParameters.getClientSupportedGroups(),
             clientAgreements, selected_group))
         {
-            throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+            throw new TlsFatalAlert(AlertDescription.illegal_parameter, "invalid key_share selected");
         }
 
         final byte[] cookie = TlsExtensionsUtils.getCookieExtension(extensions);

Original file line number	Diff line number	Diff line change
`@@ -840,7 +840,7 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)`
`840`	`840`	`final Hashtable extensions = helloRetryRequest.getExtensions();`
`841`	`841`	`if (null == extensions)`
`842`	`842`	`{`
`843`		`- throw new TlsFatalAlert(AlertDescription.illegal_parameter);`
	`843`	`+ throw new TlsFatalAlert(AlertDescription.illegal_parameter, "no extensions found");`
`844`	`844`	`}`
`845`	`845`	`TlsUtils.checkExtensionData13(extensions, HandshakeType.hello_retry_request, AlertDescription.illegal_parameter);`
`846`	`846`
`@@ -855,30 +855,37 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)`
`855`	`855`	`while (e.hasMoreElements())`
`856`	`856`	`{`
`857`	`857`	`Integer extType = (Integer)e.nextElement();`
	`858`	`+ int extensionType = extType.intValue();`
`858`	`859`
`859`		`- if (ExtensionType.cookie == extType.intValue())`
	`860`	`+ if (ExtensionType.cookie == extensionType)`
`860`	`861`	`{`
`861`	`862`	`continue;`
`862`	`863`	`}`
`863`	`864`
`864`	`865`	`if (null == TlsUtils.getExtensionData(clientExtensions, extType))`
`865`	`866`	`{`
`866`		`- throw new TlsFatalAlert(AlertDescription.unsupported_extension);`
	`867`	`+ throw new TlsFatalAlert(AlertDescription.unsupported_extension,`
	`868`	`+ "received unrequested extension response: " + ExtensionType.getText(extensionType));`
`867`	`869`	`}`
`868`	`870`	`}`
`869`	`871`	`}`
`870`	`872`
`871`	`873`	`final ProtocolVersion server_version = TlsExtensionsUtils.getSupportedVersionsExtensionServer(extensions);`
`872`	`874`	`if (null == server_version)`
`873`	`875`	`{`
`874`		`- throw new TlsFatalAlert(AlertDescription.missing_extension);`
	`876`	`+ throw new TlsFatalAlert(AlertDescription.missing_extension,`
	`877`	`+ "missing extension response: " + ExtensionType.getText(ExtensionType.supported_versions));`
`875`	`878`	`}`
`876`	`879`
`877`	`880`	`if (!ProtocolVersion.TLSv13.isEqualOrEarlierVersionOf(server_version) \|\|`
`878`		`- !ProtocolVersion.contains(tlsClientContext.getClientSupportedVersions(), server_version) \|\|`
`879`		`- !TlsUtils.isValidVersionForCipherSuite(cipherSuite, server_version))`
	`881`	`+ !ProtocolVersion.contains(tlsClientContext.getClientSupportedVersions(), server_version))`
`880`	`882`	`{`
`881`		`- throw new TlsFatalAlert(AlertDescription.illegal_parameter);`
	`883`	`+ throw new TlsFatalAlert(AlertDescription.illegal_parameter, "invalid version selected: " + server_version);`
	`884`	`+ }`
	`885`	`+`
	`886`	`+ if (!TlsUtils.isValidVersionForCipherSuite(cipherSuite, server_version))`
	`887`	`+ {`
	`888`	`+ throw new TlsFatalAlert(AlertDescription.illegal_parameter, "invalid cipher suite for selected version");`
`882`	`889`	`}`
`883`	`890`
`884`	`891`	`if (null != clientBinders)`
`@@ -891,6 +898,20 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)`
`891`	`898`	`}`
`892`	`899`	`}`
`893`	`900`
	`901`	`+ final int selected_group = TlsExtensionsUtils.getKeyShareHelloRetryRequest(extensions);`
	`902`	`+`
	`903`	`+ /*`
	`904`	`+ * TODO[tls:psk_ke]`
	`905`	`+ *`
	`906`	`+ * RFC 8446 4.2.8. Servers [..] MUST NOT send a KeyShareEntry when using the "psk_ke"`
	`907`	`+ * PskKeyExchangeMode.`
	`908`	`+ */`
	`909`	`+ if (selected_group < 0)`
	`910`	`+ {`
	`911`	`+ throw new TlsFatalAlert(AlertDescription.missing_extension,`
	`912`	`+ "missing extension response: " + ExtensionType.getText(ExtensionType.key_share));`
	`913`	`+ }`
	`914`	`+`
`894`	`915`	`/*`
`895`	`916`	`* RFC 8446 4.2.8. Upon receipt of this [Key Share] extension in a HelloRetryRequest, the`
`896`	`917`	`* client MUST verify that (1) the selected_group field corresponds to a group which was`
`@@ -899,12 +920,10 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)`
`899`	`920`	`* extension in the original ClientHello. If either of these checks fails, then the client`
`900`	`921`	`* MUST abort the handshake with an "illegal_parameter" alert.`
`901`	`922`	`*/`
`902`		`- final int selected_group = TlsExtensionsUtils.getKeyShareHelloRetryRequest(extensions);`
`903`		`-`
`904`	`923`	`if (!TlsUtils.isValidKeyShareSelection(server_version, securityParameters.getClientSupportedGroups(),`
`905`	`924`	`clientAgreements, selected_group))`
`906`	`925`	`{`
`907`		`- throw new TlsFatalAlert(AlertDescription.illegal_parameter);`
	`926`	`+ throw new TlsFatalAlert(AlertDescription.illegal_parameter, "invalid key_share selected");`
`908`	`927`	`}`
`909`	`928`
`910`	`929`	`final byte[] cookie = TlsExtensionsUtils.getCookieExtension(extensions);`