16913
|
1 |
/*
|
|
2 |
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
|
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
4 |
*
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
7 |
* published by the Free Software Foundation. Oracle designates this
|
|
8 |
* particular file as subject to the "Classpath" exception as provided
|
|
9 |
* by Oracle in the LICENSE file that accompanied this code.
|
|
10 |
*
|
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
15 |
* accompanied this code).
|
|
16 |
*
|
|
17 |
* You should have received a copy of the GNU General Public License version
|
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
20 |
*
|
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
22 |
* or visit www.oracle.com if you need additional information or have any
|
|
23 |
* questions.
|
|
24 |
*/
|
|
25 |
|
|
26 |
package sun.security.ssl;
|
|
27 |
|
|
28 |
import java.util.Arrays;
|
|
29 |
|
|
30 |
/**
|
|
31 |
* This class represents an SSL/TLS message authentication token,
|
|
32 |
* which encapsulates a sequence number and ensures that attempts to
|
|
33 |
* delete or reorder messages can be detected.
|
|
34 |
*
|
|
35 |
* Each SSL/TLS connection state contains a sequence number, which
|
|
36 |
* is maintained separately for read and write states. The sequence
|
|
37 |
* number MUST be set to zero whenever a connection state is made the
|
|
38 |
* active state. Sequence numbers are of type uint64 and may not
|
|
39 |
* exceed 2^64-1. Sequence numbers do not wrap. If a SSL/TLS
|
|
40 |
* implementation would need to wrap a sequence number, it must
|
|
41 |
* renegotiate instead. A sequence number is incremented after each
|
|
42 |
* record: specifically, the first record transmitted under a
|
|
43 |
* particular connection state MUST use sequence number 0.
|
|
44 |
*/
|
|
45 |
class Authenticator {
|
|
46 |
|
|
47 |
// byte array containing the additional authentication information for
|
|
48 |
// each record
|
|
49 |
private final byte[] block;
|
|
50 |
|
|
51 |
// the block size of SSL v3.0:
|
|
52 |
// sequence number + record type + + record length
|
|
53 |
private static final int BLOCK_SIZE_SSL = 8 + 1 + 2;
|
|
54 |
|
|
55 |
// the block size of TLS v1.0 and later:
|
|
56 |
// sequence number + record type + protocol version + record length
|
|
57 |
private static final int BLOCK_SIZE_TLS = 8 + 1 + 2 + 2;
|
|
58 |
|
|
59 |
/**
|
|
60 |
* Default construct, no message authentication token is initialized.
|
|
61 |
*
|
|
62 |
* Note that this construct can only be called for null MAC
|
|
63 |
*/
|
|
64 |
Authenticator() {
|
|
65 |
block = new byte[0];
|
|
66 |
}
|
|
67 |
|
|
68 |
/**
|
|
69 |
* Constructs the message authentication token for the specified
|
|
70 |
* SSL/TLS protocol.
|
|
71 |
*/
|
|
72 |
Authenticator(ProtocolVersion protocolVersion) {
|
|
73 |
if (protocolVersion.v >= ProtocolVersion.TLS10.v) {
|
|
74 |
block = new byte[BLOCK_SIZE_TLS];
|
|
75 |
block[9] = protocolVersion.major;
|
|
76 |
block[10] = protocolVersion.minor;
|
|
77 |
} else {
|
|
78 |
block = new byte[BLOCK_SIZE_SSL];
|
|
79 |
}
|
|
80 |
}
|
|
81 |
|
|
82 |
/**
|
|
83 |
* Checks whether the sequence number is close to wrap.
|
|
84 |
*
|
|
85 |
* Sequence numbers are of type uint64 and may not exceed 2^64-1.
|
|
86 |
* Sequence numbers do not wrap. When the sequence number is near
|
|
87 |
* to wrap, we need to close the connection immediately.
|
|
88 |
*
|
|
89 |
* @return true if the sequence number is close to wrap
|
|
90 |
*/
|
|
91 |
final boolean seqNumOverflow() {
|
|
92 |
/*
|
|
93 |
* Conservatively, we don't allow more records to be generated
|
|
94 |
* when there are only 2^8 sequence numbers left.
|
|
95 |
*/
|
|
96 |
return (block.length != 0 &&
|
|
97 |
block[0] == (byte)0xFF && block[1] == (byte)0xFF &&
|
|
98 |
block[2] == (byte)0xFF && block[3] == (byte)0xFF &&
|
|
99 |
block[4] == (byte)0xFF && block[5] == (byte)0xFF &&
|
|
100 |
block[6] == (byte)0xFF);
|
|
101 |
}
|
|
102 |
|
|
103 |
/**
|
|
104 |
* Checks whether the sequence number close to renew.
|
|
105 |
*
|
|
106 |
* Sequence numbers are of type uint64 and may not exceed 2^64-1.
|
|
107 |
* Sequence numbers do not wrap. If a TLS
|
|
108 |
* implementation would need to wrap a sequence number, it must
|
|
109 |
* renegotiate instead.
|
|
110 |
*
|
|
111 |
* @return true if the sequence number is huge enough to renew
|
|
112 |
*/
|
|
113 |
final boolean seqNumIsHuge() {
|
|
114 |
/*
|
|
115 |
* Conservatively, we should ask for renegotiation when there are
|
|
116 |
* only 2^48 sequence numbers left.
|
|
117 |
*/
|
|
118 |
return (block.length != 0 &&
|
|
119 |
block[0] == (byte)0xFF && block[1] == (byte)0xFF);
|
|
120 |
}
|
|
121 |
|
|
122 |
/**
|
|
123 |
* Gets the current sequence number.
|
|
124 |
*
|
|
125 |
* @return the byte array of the current sequence number
|
|
126 |
*/
|
|
127 |
final byte[] sequenceNumber() {
|
|
128 |
return Arrays.copyOf(block, 8);
|
|
129 |
}
|
|
130 |
|
|
131 |
/**
|
|
132 |
* Acquires the current message authentication information with the
|
|
133 |
* specified record type and fragment length, and then increases the
|
|
134 |
* sequence number.
|
|
135 |
*
|
|
136 |
* @param type the record type
|
|
137 |
* @param length the fragment of the record
|
|
138 |
* @return the byte array of the current message authentication information
|
|
139 |
*/
|
|
140 |
final byte[] acquireAuthenticationBytes(byte type, int length) {
|
|
141 |
byte[] copy = block.clone();
|
|
142 |
|
|
143 |
if (block.length != 0) {
|
|
144 |
copy[8] = type;
|
|
145 |
copy[copy.length - 2] = (byte)(length >> 8);
|
|
146 |
copy[copy.length - 1] = (byte)(length);
|
|
147 |
|
|
148 |
/*
|
|
149 |
* Increase the sequence number in the block array
|
|
150 |
* it is a 64-bit number stored in big-endian format
|
|
151 |
*/
|
|
152 |
int k = 7;
|
|
153 |
while ((k >= 0) && (++block[k] == 0)) {
|
|
154 |
k--;
|
|
155 |
}
|
|
156 |
}
|
|
157 |
|
|
158 |
return copy;
|
|
159 |
}
|
|
160 |
|
|
161 |
}
|