crypto/tls: improve ech parsing errors

rolandshoemaker · gopherbot · commit 9b842e2e63b6 · 2025-02-19T19:33:58.000-08:00
Make the errors we return when parsing an ECHConfig slightly more verbose. Fixes #71706 Change-Id: Id138fd9defec71ce492a490a71af4981cb9ede51 Reviewed-on: https://go-review.googlesource.com/c/go/+/650720 Auto-Submit: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Michael Knyszek <mknyszek@google.com>
diff --git a/src/crypto/tls/ech.go b/src/crypto/tls/ech.go
@@ -53,67 +53,78 @@ type echConfig struct {
 	Extensions    []echExtension
 }
 
-var errMalformedECHConfig = errors.New("tls: malformed ECHConfigList")
+var errMalformedECHConfigList = errors.New("tls: malformed ECHConfigList")
+
+type echConfigErr struct {
+	field string
+}
+
+func (e *echConfigErr) Error() string {
+	if e.field == "" {
+		return "tls: malformed ECHConfig"
+	}
+	return fmt.Sprintf("tls: malformed ECHConfig, invalid %s field", e.field)
+}
 
 func parseECHConfig(enc []byte) (skip bool, ec echConfig, err error) {
 	s := cryptobyte.String(enc)
 	ec.raw = []byte(enc)
 	if !s.ReadUint16(&ec.Version) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"version"}
 	}
 	if !s.ReadUint16(&ec.Length) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"length"}
 	}
 	if len(ec.raw) < int(ec.Length)+4 {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"length"}
 	}
 	ec.raw = ec.raw[:ec.Length+4]
 	if ec.Version != extensionEncryptedClientHello {
 		s.Skip(int(ec.Length))
 		return true, echConfig{}, nil
 	}
 	if !s.ReadUint8(&ec.ConfigID) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"config_id"}
 	}
 	if !s.ReadUint16(&ec.KemID) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"kem_id"}
 	}
 	if !readUint16LengthPrefixed(&s, &ec.PublicKey) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"public_key"}
 	}
 	var cipherSuites cryptobyte.String
 	if !s.ReadUint16LengthPrefixed(&cipherSuites) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"cipher_suites"}
 	}
 	for !cipherSuites.Empty() {
 		var c echCipher
 		if !cipherSuites.ReadUint16(&c.KDFID) {
-			return false, echConfig{}, errMalformedECHConfig
+			return false, echConfig{}, &echConfigErr{"cipher_suites kdf_id"}
 		}
 		if !cipherSuites.ReadUint16(&c.AEADID) {
-			return false, echConfig{}, errMalformedECHConfig
+			return false, echConfig{}, &echConfigErr{"cipher_suites aead_id"}
 		}
 		ec.SymmetricCipherSuite = append(ec.SymmetricCipherSuite, c)
 	}
 	if !s.ReadUint8(&ec.MaxNameLength) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"maximum_name_length"}
 	}
 	var publicName cryptobyte.String
 	if !s.ReadUint8LengthPrefixed(&publicName) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"public_name"}
 	}
 	ec.PublicName = publicName
 	var extensions cryptobyte.String
 	if !s.ReadUint16LengthPrefixed(&extensions) {
-		return false, echConfig{}, errMalformedECHConfig
+		return false, echConfig{}, &echConfigErr{"extensions"}
 	}
 	for !extensions.Empty() {
 		var e echExtension
 		if !extensions.ReadUint16(&e.Type) {
-			return false, echConfig{}, errMalformedECHConfig
+			return false, echConfig{}, &echConfigErr{"extensions type"}
 		}
 		if !extensions.ReadUint16LengthPrefixed((*cryptobyte.String)(&e.Data)) {
-			return false, echConfig{}, errMalformedECHConfig
+			return false, echConfig{}, &echConfigErr{"extensions data"}
 		}
 		ec.Extensions = append(ec.Extensions, e)
 	}
@@ -128,10 +139,10 @@ func parseECHConfigList(data []byte) ([]echConfig, error) {
 	s := cryptobyte.String(data)
 	var length uint16
 	if !s.ReadUint16(&length) {
-		return nil, errMalformedECHConfig
+		return nil, errMalformedECHConfigList
 	}
 	if length != uint16(len(data)-2) {
-		return nil, errMalformedECHConfig
+		return nil, errMalformedECHConfigList
 	}
 	var configs []echConfig
 	for len(s) > 0 {

Original file line number	Diff line number	Diff line change
`@@ -53,67 +53,78 @@ type echConfig struct {`
`53`	`53`	`Extensions []echExtension`
`54`	`54`	`}`
`55`	`55`
`56`		`-var errMalformedECHConfig = errors.New("tls: malformed ECHConfigList")`
	`56`	`+var errMalformedECHConfigList = errors.New("tls: malformed ECHConfigList")`
	`57`	`+`
	`58`	`+type echConfigErr struct {`
	`59`	`+ field string`
	`60`	`+}`
	`61`	`+`
	`62`	`+func (e *echConfigErr) Error() string {`
	`63`	`+ if e.field == "" {`
	`64`	`+ return "tls: malformed ECHConfig"`
	`65`	`+ }`
	`66`	`+ return fmt.Sprintf("tls: malformed ECHConfig, invalid %s field", e.field)`
	`67`	`+}`
`57`	`68`
`58`	`69`	`func parseECHConfig(enc []byte) (skip bool, ec echConfig, err error) {`
`59`	`70`	`s := cryptobyte.String(enc)`
`60`	`71`	`ec.raw = []byte(enc)`
`61`	`72`	`if !s.ReadUint16(&ec.Version) {`
`62`		`- return false, echConfig{}, errMalformedECHConfig`
	`73`	`+ return false, echConfig{}, &echConfigErr{"version"}`
`63`	`74`	`}`
`64`	`75`	`if !s.ReadUint16(&ec.Length) {`
`65`		`- return false, echConfig{}, errMalformedECHConfig`
	`76`	`+ return false, echConfig{}, &echConfigErr{"length"}`
`66`	`77`	`}`
`67`	`78`	`if len(ec.raw) < int(ec.Length)+4 {`
`68`		`- return false, echConfig{}, errMalformedECHConfig`
	`79`	`+ return false, echConfig{}, &echConfigErr{"length"}`
`69`	`80`	`}`
`70`	`81`	`ec.raw = ec.raw[:ec.Length+4]`
`71`	`82`	`if ec.Version != extensionEncryptedClientHello {`
`72`	`83`	`s.Skip(int(ec.Length))`
`73`	`84`	`return true, echConfig{}, nil`
`74`	`85`	`}`
`75`	`86`	`if !s.ReadUint8(&ec.ConfigID) {`
`76`		`- return false, echConfig{}, errMalformedECHConfig`
	`87`	`+ return false, echConfig{}, &echConfigErr{"config_id"}`
`77`	`88`	`}`
`78`	`89`	`if !s.ReadUint16(&ec.KemID) {`
`79`		`- return false, echConfig{}, errMalformedECHConfig`
	`90`	`+ return false, echConfig{}, &echConfigErr{"kem_id"}`
`80`	`91`	`}`
`81`	`92`	`if !readUint16LengthPrefixed(&s, &ec.PublicKey) {`
`82`		`- return false, echConfig{}, errMalformedECHConfig`
	`93`	`+ return false, echConfig{}, &echConfigErr{"public_key"}`
`83`	`94`	`}`
`84`	`95`	`var cipherSuites cryptobyte.String`
`85`	`96`	`if !s.ReadUint16LengthPrefixed(&cipherSuites) {`
`86`		`- return false, echConfig{}, errMalformedECHConfig`
	`97`	`+ return false, echConfig{}, &echConfigErr{"cipher_suites"}`
`87`	`98`	`}`
`88`	`99`	`for !cipherSuites.Empty() {`
`89`	`100`	`var c echCipher`
`90`	`101`	`if !cipherSuites.ReadUint16(&c.KDFID) {`
`91`		`- return false, echConfig{}, errMalformedECHConfig`
	`102`	`+ return false, echConfig{}, &echConfigErr{"cipher_suites kdf_id"}`
`92`	`103`	`}`
`93`	`104`	`if !cipherSuites.ReadUint16(&c.AEADID) {`
`94`		`- return false, echConfig{}, errMalformedECHConfig`
	`105`	`+ return false, echConfig{}, &echConfigErr{"cipher_suites aead_id"}`
`95`	`106`	`}`
`96`	`107`	`ec.SymmetricCipherSuite = append(ec.SymmetricCipherSuite, c)`
`97`	`108`	`}`
`98`	`109`	`if !s.ReadUint8(&ec.MaxNameLength) {`
`99`		`- return false, echConfig{}, errMalformedECHConfig`
	`110`	`+ return false, echConfig{}, &echConfigErr{"maximum_name_length"}`
`100`	`111`	`}`
`101`	`112`	`var publicName cryptobyte.String`
`102`	`113`	`if !s.ReadUint8LengthPrefixed(&publicName) {`
`103`		`- return false, echConfig{}, errMalformedECHConfig`
	`114`	`+ return false, echConfig{}, &echConfigErr{"public_name"}`
`104`	`115`	`}`
`105`	`116`	`ec.PublicName = publicName`
`106`	`117`	`var extensions cryptobyte.String`
`107`	`118`	`if !s.ReadUint16LengthPrefixed(&extensions) {`
`108`		`- return false, echConfig{}, errMalformedECHConfig`
	`119`	`+ return false, echConfig{}, &echConfigErr{"extensions"}`
`109`	`120`	`}`
`110`	`121`	`for !extensions.Empty() {`
`111`	`122`	`var e echExtension`
`112`	`123`	`if !extensions.ReadUint16(&e.Type) {`
`113`		`- return false, echConfig{}, errMalformedECHConfig`
	`124`	`+ return false, echConfig{}, &echConfigErr{"extensions type"}`
`114`	`125`	`}`
`115`	`126`	`if !extensions.ReadUint16LengthPrefixed((*cryptobyte.String)(&e.Data)) {`
`116`		`- return false, echConfig{}, errMalformedECHConfig`
	`127`	`+ return false, echConfig{}, &echConfigErr{"extensions data"}`
`117`	`128`	`}`
`118`	`129`	`ec.Extensions = append(ec.Extensions, e)`
`119`	`130`	`}`
`@@ -128,10 +139,10 @@ func parseECHConfigList(data []byte) ([]echConfig, error) {`
`128`	`139`	`s := cryptobyte.String(data)`
`129`	`140`	`var length uint16`
`130`	`141`	`if !s.ReadUint16(&length) {`
`131`		`- return nil, errMalformedECHConfig`
	`142`	`+ return nil, errMalformedECHConfigList`
`132`	`143`	`}`
`133`	`144`	`if length != uint16(len(data)-2) {`
`134`		`- return nil, errMalformedECHConfig`
	`145`	`+ return nil, errMalformedECHConfigList`
`135`	`146`	`}`
`136`	`147`	`var configs []echConfig`
`137`	`148`	`for len(s) > 0 {`