jdk-sandbox: src/java.base/share/classes/sun/security/ssl/RandomCookie.java@68fa3d4026ea (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2	* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.*;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	29	import java.nio.ByteBuffer;
2 90ce3da70b43 Initial load duke parents: diff changeset	30	import java.security.SecureRandom;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	31	import java.util.Arrays;
2 90ce3da70b43 Initial load duke parents: diff changeset	32
90ce3da70b43 Initial load duke parents: diff changeset	33	/*
90ce3da70b43 Initial load duke parents: diff changeset	34	* RandomCookie ... SSL hands standard format random cookies (nonces)
90ce3da70b43 Initial load duke parents: diff changeset	35	* around. These know how to encode/decode themselves on SSL streams,
90ce3da70b43 Initial load duke parents: diff changeset	36	* and can be created and printed.
90ce3da70b43 Initial load duke parents: diff changeset	37	*
90ce3da70b43 Initial load duke parents: diff changeset	38	* @author David Brownell
90ce3da70b43 Initial load duke parents: diff changeset	39	*/
90ce3da70b43 Initial load duke parents: diff changeset	40	final class RandomCookie {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	41	final byte[] randomBytes = new byte[32]; // exactly 32 bytes
2 90ce3da70b43 Initial load duke parents: diff changeset	42
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	43	private static final byte[] hrrRandomBytes = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	44	(byte)0xCF, (byte)0x21, (byte)0xAD, (byte)0x74,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	45	(byte)0xE5, (byte)0x9A, (byte)0x61, (byte)0x11,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	46	(byte)0xBE, (byte)0x1D, (byte)0x8C, (byte)0x02,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	47	(byte)0x1E, (byte)0x65, (byte)0xB8, (byte)0x91,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	48	(byte)0xC2, (byte)0xA2, (byte)0x11, (byte)0x16,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	49	(byte)0x7A, (byte)0xBB, (byte)0x8C, (byte)0x5E,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	50	(byte)0x07, (byte)0x9E, (byte)0x09, (byte)0xE2,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	51	(byte)0xC8, (byte)0xA8, (byte)0x33, (byte)0x9C
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	52	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	53
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	54	private static final byte[] t12Protection = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	55	(byte)0x44, (byte)0x4F, (byte)0x57, (byte)0x4E,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	56	(byte)0x47, (byte)0x52, (byte)0x44, (byte)0x01
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	57	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	58
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	59	private static final byte[] t11Protection = new byte[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	60	(byte)0x44, (byte)0x4F, (byte)0x57, (byte)0x4E,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	61	(byte)0x47, (byte)0x52, (byte)0x44, (byte)0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	62	};
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	63
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	64	static final RandomCookie hrrRandom = new RandomCookie(hrrRandomBytes);
2 90ce3da70b43 Initial load duke parents: diff changeset	65
90ce3da70b43 Initial load duke parents: diff changeset	66	RandomCookie(SecureRandom generator) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	67	generator.nextBytes(randomBytes);
2 90ce3da70b43 Initial load duke parents: diff changeset	68	}
90ce3da70b43 Initial load duke parents: diff changeset	69
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	70	// Used for server random generation with version downgrade protection.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	71	RandomCookie(HandshakeContext context) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	72	SecureRandom generator = context.sslContext.getSecureRandom();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	73	generator.nextBytes(randomBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	74
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	75	// TLS 1.3 has a downgrade protection mechanism embedded in the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	76	// server's random value. TLS 1.3 servers which negotiate TLS 1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	77	// or below in response to a ClientHello MUST set the last eight
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	78	// bytes of their Random value specially.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	79	byte[] protection = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	80	if (context.maximumActiveProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	81	if (!context.negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	82	if (context.negotiatedProtocol.useTLS12PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	83	protection = t12Protection;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	84	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	85	protection = t11Protection;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	86	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	87	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	88	} else if (context.maximumActiveProtocol.useTLS12PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	89	if (!context.negotiatedProtocol.useTLS12PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	90	protection = t11Protection;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	91	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	92	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	93
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	94	if (protection != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	95	System.arraycopy(protection, 0, randomBytes,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	96	randomBytes.length - protection.length, protection.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	97	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	98	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	99
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	100	RandomCookie(ByteBuffer m) throws IOException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	101	m.get(randomBytes);
2 90ce3da70b43 Initial load duke parents: diff changeset	102	}
90ce3da70b43 Initial load duke parents: diff changeset	103
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	104	private RandomCookie(byte[] randomBytes) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	105	System.arraycopy(randomBytes, 0, this.randomBytes, 0, 32);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	106	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	107
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	108	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	109	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	110	return "random_bytes = {" + Utilities.toHexString(randomBytes) + "}";
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	111	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	112
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	113	boolean isHelloRetryRequest() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	114	return Arrays.equals(hrrRandomBytes, randomBytes);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	115	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	116
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	117	// Used for client random validation of version downgrade protection.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	118	boolean isVersionDowngrade(HandshakeContext context) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	119	if (context.maximumActiveProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	120	if (!context.negotiatedProtocol.useTLS13PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	121	return isT12Downgrade() \|\| isT11Downgrade();
2 90ce3da70b43 Initial load duke parents: diff changeset	122	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	123	} else if (context.maximumActiveProtocol.useTLS12PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	124	if (!context.negotiatedProtocol.useTLS12PlusSpec()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	125	return isT11Downgrade();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	126	}
2 90ce3da70b43 Initial load duke parents: diff changeset	127	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	128
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	129	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	130	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	131
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	132	private boolean isT12Downgrade() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	133	return Arrays.equals(randomBytes, 24, 32, t12Protection, 0, 8);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	134	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	135
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	136	private boolean isT11Downgrade() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	137	return Arrays.equals(randomBytes, 24, 32, t11Protection, 0, 8);
2 90ce3da70b43 Initial load duke parents: diff changeset	138	}
90ce3da70b43 Initial load duke parents: diff changeset	139	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
permissions	-rw-r--r--