jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java@68fa3d4026ea (annotated)

30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	1	/*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2	* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	4	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	10	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	15	* accompanied this code).
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	16	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	20	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	23	* questions.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	24	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	25
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	26	package sun.security.ssl;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	27
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	28	import java.io.EOFException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	29	import java.io.IOException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	30	import java.io.InputStream;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	31	import java.io.OutputStream;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	32	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	33	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	34	import java.util.ArrayList;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	35	import javax.crypto.BadPaddingException;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	36	import javax.net.ssl.SSLException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	37	import javax.net.ssl.SSLHandshakeException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	38	import javax.net.ssl.SSLProtocolException;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	39
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	40	import sun.security.ssl.SSLCipher.SSLReadCipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	41	import sun.security.ssl.KeyUpdate.KeyUpdateMessage;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	42	import sun.security.ssl.KeyUpdate.KeyUpdateRequest;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	43
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	44	/**
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	45	* {@code InputRecord} implementation for {@code SSLSocket}.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	46	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	47	* @author David Brownell
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	48	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	49	final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	50	private InputStream is = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	51	private OutputStream os = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	52	private final byte[] temporary = new byte[1024];
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	53
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	54	private boolean formatVerified = false; // SSLv2 ruled out?
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	55
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	56	// Cache for incomplete handshake messages.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	57	private ByteBuffer handshakeBuffer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	58
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	59	private boolean hasHeader = false; // Had read the record header
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	60
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	61	SSLSocketInputRecord(HandshakeHash handshakeHash) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	62	super(handshakeHash, SSLReadCipher.nullTlsReadCipher());
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	63	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	64
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	65	@Override
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	66	int bytesInCompletePacket() throws IOException {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	67	if (!hasHeader) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	68	// read exactly one record
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	69	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	70	int really = read(is, temporary, 0, headerSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	71	if (really < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	72	// EOF: peer shut down incorrectly
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	73	return -1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	74	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	75	} catch (EOFException eofe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	76	// The caller will handle EOF.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	77	return -1;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	78	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	79	hasHeader = true;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	80	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	81
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	82	byte byteZero = temporary[0];
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	83	int len = 0;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	84
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	85	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	86	* If we have already verified previous packets, we can
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	87	* ignore the verifications steps, and jump right to the
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	88	* determination. Otherwise, try one last heuristic to
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	89	* see if it's SSL/TLS.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	90	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	91	if (formatVerified \|\|
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	92	(byteZero == ContentType.HANDSHAKE.id) \|\|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	93	(byteZero == ContentType.ALERT.id)) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	94	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	95	* Last sanity check that it's not a wild record
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	96	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	97	if (!ProtocolVersion.isNegotiable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	98	temporary[1], temporary[2], false, false)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	99	throw new SSLException("Unrecognized record version " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	100	ProtocolVersion.nameOf(temporary[1], temporary[2]) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	101	" , plaintext connection?");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	102	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	103
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	104	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	105	* Reasonably sure this is a V3, disable further checks.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	106	* We can't do the same in the v2 check below, because
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	107	* read still needs to parse/handle the v2 clientHello.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	108	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	109	formatVerified = true;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	110
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	111	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	112	* One of the SSLv3/TLS message types.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	113	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	114	len = ((temporary[3] & 0xFF) << 8) +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	115	(temporary[4] & 0xFF) + headerSize;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	116	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	117	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	118	* Must be SSLv2 or something unknown.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	119	* Check if it's short (2 bytes) or
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	120	* long (3) header.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	121	*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	122	* Internals can warn about unsupported SSLv2
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	123	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	124	boolean isShort = ((byteZero & 0x80) != 0);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	125
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	126	if (isShort && ((temporary[2] == 1) \|\| (temporary[2] == 4))) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	127	if (!ProtocolVersion.isNegotiable(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	128	temporary[3], temporary[4], false, false)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	129	throw new SSLException("Unrecognized record version " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	130	ProtocolVersion.nameOf(temporary[3], temporary[4]) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	131	" , plaintext connection?");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	132	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	133
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	134	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	135	* Client or Server Hello
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	136	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	137	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	138	// Short header is using here. We reverse the code here
37880 60ec48925dc6 8156661: Handful of typos in javadoc igerasim parents: 34687 diff changeset	139	// in case it is used in the future.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	140	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	141	// int mask = (isShort ? 0x7F : 0x3F);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	142	// len = ((byteZero & mask) << 8) +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	143	// (temporary[1] & 0xFF) + (isShort ? 2 : 3);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	144	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	145	len = ((byteZero & 0x7F) << 8) + (temporary[1] & 0xFF) + 2;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	146	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	147	// Gobblygook!
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	148	throw new SSLException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	149	"Unrecognized SSL message, plaintext connection?");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	150	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	151	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	152
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	153	return len;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	154	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	155
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	156	// Note that the input arguments are not used actually.
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	157	@Override
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	158	Plaintext[] decode(ByteBuffer[] srcs, int srcsOffset,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	159	int srcsLength) throws IOException, BadPaddingException {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	160
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	161	if (isClosed) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	162	return null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	163	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	164
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	165	if (!hasHeader) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	166	// read exactly one record
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	167	int really = read(is, temporary, 0, headerSize);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	168	if (really < 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	169	throw new EOFException("SSL peer shut down incorrectly");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	170	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	171	hasHeader = true;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	172	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	173
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	174	Plaintext plaintext = null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	175	if (!formatVerified) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	176	formatVerified = true;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	177
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	178	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	179	* The first record must either be a handshake record or an
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	180	* alert message. If it's not, it is either invalid or an
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	181	* SSLv2 message.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	182	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	183	if ((temporary[0] != ContentType.HANDSHAKE.id) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	184	(temporary[0] != ContentType.ALERT.id)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	185	hasHeader = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	186	return handleUnknownRecord(temporary);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	187	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	188	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	189
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	190	// The record header should has consumed.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	191	hasHeader = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	192	return decodeInputRecord(temporary);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	193	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	194
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	195	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	196	void setReceiverStream(InputStream inputStream) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	197	this.is = inputStream;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	198	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	199
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	200	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	201	void setDeliverStream(OutputStream outputStream) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	202	this.os = outputStream;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	203	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	204
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	205	// Note that destination may be null
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	206	private Plaintext[] decodeInputRecord(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	207	byte[] header) throws IOException, BadPaddingException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	208	byte contentType = header[0]; // pos: 0
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	209	byte majorVersion = header[1]; // pos: 1
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	210	byte minorVersion = header[2]; // pos: 2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	211	int contentLen = ((header[3] & 0xFF) << 8) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	212	(header[4] & 0xFF); // pos: 3, 4
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	213
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	214	if (SSLLogger.isOn && SSLLogger.isOn("record")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	215	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	216	"READ: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	217	ProtocolVersion.nameOf(majorVersion, minorVersion) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	218	" " + ContentType.nameOf(contentType) + ", length = " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	219	contentLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	220	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	221
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	222	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	223	// Check for upper bound.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	224	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	225	// Note: May check packetSize limit in the future.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	226	if (contentLen < 0 \|\| contentLen > maxLargeRecordSize - headerSize) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	227	throw new SSLProtocolException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	228	"Bad input record size, TLSCiphertext.length = " + contentLen);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	229	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	230
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	231	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	232	// Read a complete record.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	233	//
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	234	ByteBuffer destination = ByteBuffer.allocate(headerSize + contentLen);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	235	int dstPos = destination.position();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	236	destination.put(temporary, 0, headerSize);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	237	while (contentLen > 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	238	int howmuch = Math.min(temporary.length, contentLen);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	239	int really = read(is, temporary, 0, howmuch);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	240	if (really < 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	241	throw new EOFException("SSL peer shut down incorrectly");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	242	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	243
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	244	destination.put(temporary, 0, howmuch);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	245	contentLen -= howmuch;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	246	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	247	destination.flip();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	248	destination.position(dstPos + headerSize);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	249
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	250	if (SSLLogger.isOn && SSLLogger.isOn("record")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	251	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	252	"READ: " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	253	ProtocolVersion.nameOf(majorVersion, minorVersion) +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	254	" " + ContentType.nameOf(contentType) + ", length = " +
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	255	destination.remaining());
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	256	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	257
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	258	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	259	// Decrypt the fragment
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	260	//
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	261	ByteBuffer fragment;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	262	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	263	Plaintext plaintext =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	264	readCipher.decrypt(contentType, destination, null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	265	fragment = plaintext.fragment;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	266	contentType = plaintext.contentType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	267	} catch (BadPaddingException bpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	268	throw bpe;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	269	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	270	throw (SSLProtocolException)(new SSLProtocolException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	271	"Unexpected exception")).initCause(gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	272	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	273
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	274	if (contentType != ContentType.HANDSHAKE.id &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	275	handshakeBuffer != null && handshakeBuffer.hasRemaining()) {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	276	throw new SSLProtocolException(
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	277	"Expecting a handshake fragment, but received " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	278	ContentType.nameOf(contentType));
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	279	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	280
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	281	//
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	282	// parse handshake messages
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	283	//
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	284	if (contentType == ContentType.HANDSHAKE.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	285	ByteBuffer handshakeFrag = fragment;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	286	if ((handshakeBuffer != null) &&
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	287	(handshakeBuffer.remaining() != 0)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	288	ByteBuffer bb = ByteBuffer.wrap(new byte[
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	289	handshakeBuffer.remaining() + fragment.remaining()]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	290	bb.put(handshakeBuffer);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	291	bb.put(fragment);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	292	handshakeFrag = bb.rewind();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	293	handshakeBuffer = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	294	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	295
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	296	ArrayList<Plaintext> plaintexts = new ArrayList<>(5);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	297	while (handshakeFrag.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	298	int remaining = handshakeFrag.remaining();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	299	if (remaining < handshakeHeaderSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	300	handshakeBuffer = ByteBuffer.wrap(new byte[remaining]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	301	handshakeBuffer.put(handshakeFrag);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	302	handshakeBuffer.rewind();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	303	break;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	304	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	305
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	306	handshakeFrag.mark();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	307	// skip the first byte: handshake type
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	308	byte handshakeType = handshakeFrag.get();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	309	int handshakeBodyLen = Record.getInt24(handshakeFrag);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	310	handshakeFrag.reset();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	311	int handshakeMessageLen =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	312	handshakeHeaderSize + handshakeBodyLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	313	if (remaining < handshakeMessageLen) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	314	handshakeBuffer = ByteBuffer.wrap(new byte[remaining]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	315	handshakeBuffer.put(handshakeFrag);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	316	handshakeBuffer.rewind();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	317	break;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	318	} if (remaining == handshakeMessageLen) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	319	if (handshakeHash.isHashable(handshakeType)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	320	handshakeHash.receive(handshakeFrag);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	321	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	322
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	323	plaintexts.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	324	new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	325	majorVersion, minorVersion, -1, -1L, handshakeFrag)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	326	);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	327	break;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	328	} else {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	329	int fragPos = handshakeFrag.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	330	int fragLim = handshakeFrag.limit();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	331	int nextPos = fragPos + handshakeMessageLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	332	handshakeFrag.limit(nextPos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	333
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	334	if (handshakeHash.isHashable(handshakeType)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	335	handshakeHash.receive(handshakeFrag);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	336	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	337
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	338	plaintexts.add(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	339	new Plaintext(contentType, majorVersion, minorVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	340	-1, -1L, handshakeFrag.slice())
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	341	);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	342
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	343	handshakeFrag.position(nextPos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	344	handshakeFrag.limit(fragLim);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	345	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	346	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	347
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	348	return plaintexts.toArray(new Plaintext[0]);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	349	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	350
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	351	// KeyLimit check during application data.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	352	// atKeyLimit() inactive when limits not checked, tc set when limits
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	353	// are active.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	354
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	355	if (readCipher.atKeyLimit()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	356	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	357	SSLLogger.fine("KeyUpdate: triggered, read side.");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	358	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	359
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	360	PostHandshakeContext p = new PostHandshakeContext(tc);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	361	KeyUpdate.handshakeProducer.produce(p,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	362	new KeyUpdateMessage(p, KeyUpdateRequest.REQUESTED));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	363	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	364
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	365	return new Plaintext[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	366	new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	367	majorVersion, minorVersion, -1, -1L, fragment)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	368	};
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	369	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	370
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	371	private Plaintext[] handleUnknownRecord(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	372	byte[] header) throws IOException, BadPaddingException {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	373	byte firstByte = header[0];
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	374	byte thirdByte = header[2];
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	375
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	376	// Does it look like a Version 2 client hello (V2ClientHello)?
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	377	if (((firstByte & 0x80) != 0) && (thirdByte == 1)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	378	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	379	* If SSLv2Hello is not enabled, throw an exception.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	380	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	381	if (helloVersion != ProtocolVersion.SSL20Hello) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	382	throw new SSLHandshakeException("SSLv2Hello is not enabled");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	383	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	384
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	385	byte majorVersion = header[3];
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	386	byte minorVersion = header[4];
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	387
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	388	if ((majorVersion == ProtocolVersion.SSL20Hello.major) &&
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	389	(minorVersion == ProtocolVersion.SSL20Hello.minor)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	390
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	391	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	392	* Looks like a V2 client hello, but not one saying
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	393	* "let's talk SSLv3". So we need to send an SSLv2
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	394	* error message, one that's treated as fatal by
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	395	* clients (Otherwise we'll hang.)
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	396	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	397	os.write(SSLRecord.v2NoCipher); // SSLv2Hello
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	398
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	399	if (SSLLogger.isOn) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	400	if (SSLLogger.isOn("record")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	401	SSLLogger.fine(
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	402	"Requested to negotiate unsupported SSLv2!");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	403	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	404
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	405	if (SSLLogger.isOn("packet")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	406	SSLLogger.fine("Raw write", SSLRecord.v2NoCipher);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	407	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	408	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	409
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	410	throw new SSLException("Unsupported SSL v2.0 ClientHello");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	411	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	412
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	413	int msgLen = ((header[0] & 0x7F) << 8) \| (header[1] & 0xFF);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	414
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	415	ByteBuffer destination = ByteBuffer.allocate(headerSize + msgLen);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	416	destination.put(temporary, 0, headerSize);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	417	msgLen -= 3; // had read 3 bytes of content as header
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	418	while (msgLen > 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	419	int howmuch = Math.min(temporary.length, msgLen);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	420	int really = read(is, temporary, 0, howmuch);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	421	if (really < 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	422	throw new EOFException("SSL peer shut down incorrectly");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	423	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	424
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	425	destination.put(temporary, 0, howmuch);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	426	msgLen -= howmuch;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	427	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	428	destination.flip();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	429
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	430	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	431	* If we can map this into a V3 ClientHello, read and
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	432	* hash the rest of the V2 handshake, turn it into a
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	433	* V3 ClientHello message, and pass it up.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	434	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	435	destination.position(2); // exclude the header
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	436	handshakeHash.receive(destination);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	437	destination.position(0);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	438
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	439	ByteBuffer converted = convertToClientHello(destination);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	440
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	441	if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	442	SSLLogger.fine(
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	443	"[Converted] ClientHello", converted);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	444	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	445
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	446	return new Plaintext[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	447	new Plaintext(ContentType.HANDSHAKE.id,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	448	majorVersion, minorVersion, -1, -1L, converted)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	449	};
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	450	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	451	if (((firstByte & 0x80) != 0) && (thirdByte == 4)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	452	throw new SSLException("SSL V2.0 servers are not supported.");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	453	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	454
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	455	throw new SSLException("Unsupported or unrecognized SSL message");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	456	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	457	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	458
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	459	// Read the exact bytes of data, otherwise, return -1.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	460	private static int read(InputStream is,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	461	byte[] buffer, int offset, int len) throws IOException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	462	int n = 0;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	463	while (n < len) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	464	int readLen = is.read(buffer, offset + n, len - n);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	465	if (readLen < 0) {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	466	if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	467	SSLLogger.fine("Raw read: EOF");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	468	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	469	return -1;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	470	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	471
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	472	if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	473	ByteBuffer bb = ByteBuffer.wrap(buffer, offset + n, readLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	474	SSLLogger.fine("Raw read", bb);
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	475	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	476
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	477	n += readLen;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	478	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	479
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	480	return n;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	481	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: diff changeset	482	}

author	xuelei
	Mon, 25 Jun 2018 13:41:39 -0700
changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
child 51407	910f7b56592f
permissions	-rw-r--r--