author | xuelei |
Tue, 02 Jun 2015 04:01:04 +0000 | |
changeset 30904 | ec0224270f90 |
parent 30820 | 0d4717a011d3 |
permissions | -rw-r--r-- |
28565
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
1 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
2 |
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
4 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
8 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
13 |
* accompanied this code). |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
14 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
18 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
21 |
* questions. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
22 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
23 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
24 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
25 |
* @test |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
26 |
* @bug 8044860 |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
27 |
* @summary Vectors and fixed length fields should be verified |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
28 |
* for allowed sizes. |
30820 | 29 |
* @modules java.base/sun.security.ssl |
28565
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
30 |
* @run main/othervm LengthCheckTest |
30046 | 31 |
* @key randomness |
28565
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
32 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
33 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
34 |
/** |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
35 |
* A SSLEngine usage example which simplifies the presentation |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
36 |
* by removing the I/O and multi-threading concerns. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
37 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
38 |
* The test creates two SSLEngines, simulating a client and server. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
39 |
* The "transport" layer consists two byte buffers: think of them |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
40 |
* as directly connected pipes. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
41 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
42 |
* Note, this is a *very* simple example: real code will be much more |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
43 |
* involved. For example, different threading and I/O models could be |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
44 |
* used, transport mechanisms could close unexpectedly, and so on. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
45 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
46 |
* When this application runs, notice that several messages |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
47 |
* (wrap/unwrap) pass before any application data is consumed or |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
48 |
* produced. (For more information, please see the SSL/TLS |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
49 |
* specifications.) There may several steps for a successful handshake, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
50 |
* so it's typical to see the following series of operations: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
51 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
52 |
* client server message |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
53 |
* ====== ====== ======= |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
54 |
* wrap() ... ClientHello |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
55 |
* ... unwrap() ClientHello |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
56 |
* ... wrap() ServerHello/Certificate |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
57 |
* unwrap() ... ServerHello/Certificate |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
58 |
* wrap() ... ClientKeyExchange |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
59 |
* wrap() ... ChangeCipherSpec |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
60 |
* wrap() ... Finished |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
61 |
* ... unwrap() ClientKeyExchange |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
62 |
* ... unwrap() ChangeCipherSpec |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
63 |
* ... unwrap() Finished |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
64 |
* ... wrap() ChangeCipherSpec |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
65 |
* ... wrap() Finished |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
66 |
* unwrap() ... ChangeCipherSpec |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
67 |
* unwrap() ... Finished |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
68 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
69 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
70 |
import javax.net.ssl.*; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
71 |
import javax.net.ssl.SSLEngineResult.*; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
72 |
import java.io.*; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
73 |
import java.security.*; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
74 |
import java.nio.*; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
75 |
import java.util.List; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
76 |
import java.util.ArrayList; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
77 |
import sun.security.ssl.ProtocolVersion; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
78 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
79 |
public class LengthCheckTest { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
80 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
81 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
82 |
* Enables logging of the SSLEngine operations. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
83 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
84 |
private static final boolean logging = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
85 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
86 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
87 |
* Enables the JSSE system debugging system property: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
88 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
89 |
* -Djavax.net.debug=all |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
90 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
91 |
* This gives a lot of low-level information about operations underway, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
92 |
* including specific handshake messages, and might be best examined |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
93 |
* after gaining some familiarity with this application. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
94 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
95 |
private static final boolean debug = false; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
96 |
private static final boolean dumpBufs = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
97 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
98 |
private final SSLContext sslc; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
99 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
100 |
private SSLEngine clientEngine; // client Engine |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
101 |
private ByteBuffer clientOut; // write side of clientEngine |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
102 |
private ByteBuffer clientIn; // read side of clientEngine |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
103 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
104 |
private SSLEngine serverEngine; // server Engine |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
105 |
private ByteBuffer serverOut; // write side of serverEngine |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
106 |
private ByteBuffer serverIn; // read side of serverEngine |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
107 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
108 |
private HandshakeTest handshakeTest; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
109 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
110 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
111 |
* For data transport, this example uses local ByteBuffers. This |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
112 |
* isn't really useful, but the purpose of this example is to show |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
113 |
* SSLEngine concepts, not how to do network transport. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
114 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
115 |
private ByteBuffer cTOs; // "reliable" transport client->server |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
116 |
private ByteBuffer sTOc; // "reliable" transport server->client |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
117 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
118 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
119 |
* The following is to set up the keystores. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
120 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
121 |
private static final String pathToStores = "../../../../javax/net/ssl/etc"; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
122 |
private static final String keyStoreFile = "keystore"; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
123 |
private static final String trustStoreFile = "truststore"; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
124 |
private static final String passwd = "passphrase"; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
125 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
126 |
private static final String keyFilename = |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
127 |
System.getProperty("test.src", ".") + "/" + pathToStores + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
128 |
"/" + keyStoreFile; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
129 |
private static final String trustFilename = |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
130 |
System.getProperty("test.src", ".") + "/" + pathToStores + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
131 |
"/" + trustStoreFile; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
132 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
133 |
// Define a few basic TLS record and message types we might need |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
134 |
private static final int TLS_RECTYPE_CCS = 0x14; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
135 |
private static final int TLS_RECTYPE_ALERT = 0x15; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
136 |
private static final int TLS_RECTYPE_HANDSHAKE = 0x16; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
137 |
private static final int TLS_RECTYPE_APPDATA = 0x17; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
138 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
139 |
private static final int TLS_HS_HELLO_REQUEST = 0x00; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
140 |
private static final int TLS_HS_CLIENT_HELLO = 0x01; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
141 |
private static final int TLS_HS_SERVER_HELLO = 0x02; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
142 |
private static final int TLS_HS_CERTIFICATE = 0x0B; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
143 |
private static final int TLS_HS_SERVER_KEY_EXCHG = 0x0C; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
144 |
private static final int TLS_HS_CERT_REQUEST = 0x0D; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
145 |
private static final int TLS_HS_SERVER_HELLO_DONE = 0x0E; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
146 |
private static final int TLS_HS_CERT_VERIFY = 0x0F; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
147 |
private static final int TLS_HS_CLIENT_KEY_EXCHG = 0x10; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
148 |
private static final int TLS_HS_FINISHED = 0x14; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
149 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
150 |
// We're not going to define all the alert types in TLS, just |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
151 |
// the ones we think we'll need to reference by name. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
152 |
private static final int TLS_ALERT_LVL_WARNING = 0x01; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
153 |
private static final int TLS_ALERT_LVL_FATAL = 0x02; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
154 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
155 |
private static final int TLS_ALERT_UNEXPECTED_MSG = 0x0A; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
156 |
private static final int TLS_ALERT_HANDSHAKE_FAILURE = 0x28; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
157 |
private static final int TLS_ALERT_INTERNAL_ERROR = 0x50; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
158 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
159 |
public interface HandshakeTest { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
160 |
void execTest() throws Exception; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
161 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
162 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
163 |
public final HandshakeTest servSendLongID = new HandshakeTest() { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
164 |
@Override |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
165 |
public void execTest() throws Exception { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
166 |
boolean gotException = false; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
167 |
SSLEngineResult clientResult; // results from client's last op |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
168 |
SSLEngineResult serverResult; // results from server's last op |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
169 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
170 |
log("\n==== Test: Client receives 64-byte session ID ===="); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
171 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
172 |
// Send Client Hello |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
173 |
clientResult = clientEngine.wrap(clientOut, cTOs); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
174 |
log("client wrap: ", clientResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
175 |
runDelegatedTasks(clientResult, clientEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
176 |
cTOs.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
177 |
dumpByteBuffer("CLIENT-TO-SERVER", cTOs); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
178 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
179 |
// Server consumes Client Hello |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
180 |
serverResult = serverEngine.unwrap(cTOs, serverIn); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
181 |
log("server unwrap: ", serverResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
182 |
runDelegatedTasks(serverResult, serverEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
183 |
cTOs.compact(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
184 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
185 |
// Server generates ServerHello/Cert/Done record |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
186 |
serverResult = serverEngine.wrap(serverOut, sTOc); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
187 |
log("server wrap: ", serverResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
188 |
runDelegatedTasks(serverResult, serverEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
189 |
sTOc.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
190 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
191 |
// Intercept the ServerHello messages and instead send |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
192 |
// one that has a 64-byte session ID. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
193 |
if (isTlsMessage(sTOc, TLS_RECTYPE_HANDSHAKE, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
194 |
TLS_HS_SERVER_HELLO)) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
195 |
ArrayList<ByteBuffer> recList = splitRecord(sTOc); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
196 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
197 |
// Use the original ServerHello as a template to craft one |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
198 |
// with a longer-than-allowed session ID. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
199 |
ByteBuffer servHelloBuf = |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
200 |
createEvilServerHello(recList.get(0), 64); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
201 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
202 |
recList.set(0, servHelloBuf); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
203 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
204 |
// Now send each ByteBuffer (each being a complete |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
205 |
// TLS record) into the client-side unwrap. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
206 |
for (ByteBuffer bBuf : recList) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
207 |
dumpByteBuffer("SERVER-TO-CLIENT", bBuf); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
208 |
try { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
209 |
clientResult = clientEngine.unwrap(bBuf, clientIn); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
210 |
} catch (SSLProtocolException e) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
211 |
log("Received expected SSLProtocolException: " + e); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
212 |
gotException = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
213 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
214 |
log("client unwrap: ", clientResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
215 |
runDelegatedTasks(clientResult, clientEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
216 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
217 |
} else { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
218 |
dumpByteBuffer("SERVER-TO-CLIENT", sTOc); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
219 |
log("client unwrap: ", clientResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
220 |
runDelegatedTasks(clientResult, clientEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
221 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
222 |
sTOc.compact(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
223 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
224 |
// The Client should now send a TLS Alert |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
225 |
clientResult = clientEngine.wrap(clientOut, cTOs); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
226 |
log("client wrap: ", clientResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
227 |
runDelegatedTasks(clientResult, clientEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
228 |
cTOs.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
229 |
dumpByteBuffer("CLIENT-TO-SERVER", cTOs); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
230 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
231 |
// At this point we can verify that both an exception |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
232 |
// was thrown and the proper action (a TLS alert) was |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
233 |
// sent back to the server. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
234 |
if (gotException == false || |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
235 |
!isTlsMessage(cTOs, TLS_RECTYPE_ALERT, TLS_ALERT_LVL_FATAL, |
30904 | 236 |
TLS_ALERT_UNEXPECTED_MSG)) { |
28565
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
237 |
throw new SSLException( |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
238 |
"Client failed to throw Alert:fatal:internal_error"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
239 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
240 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
241 |
}; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
242 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
243 |
public final HandshakeTest clientSendLongID = new HandshakeTest() { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
244 |
@Override |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
245 |
public void execTest() throws Exception { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
246 |
boolean gotException = false; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
247 |
SSLEngineResult clientResult; // results from client's last op |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
248 |
SSLEngineResult serverResult; // results from server's last op |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
249 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
250 |
log("\n==== Test: Server receives 64-byte session ID ===="); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
251 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
252 |
// Send Client Hello |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
253 |
ByteBuffer evilClientHello = createEvilClientHello(64); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
254 |
dumpByteBuffer("CLIENT-TO-SERVER", evilClientHello); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
255 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
256 |
try { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
257 |
// Server consumes Client Hello |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
258 |
serverResult = serverEngine.unwrap(evilClientHello, serverIn); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
259 |
log("server unwrap: ", serverResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
260 |
runDelegatedTasks(serverResult, serverEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
261 |
evilClientHello.compact(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
262 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
263 |
// Under normal circumstances this should be a ServerHello |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
264 |
// But should throw an exception instead due to the invalid |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
265 |
// session ID. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
266 |
serverResult = serverEngine.wrap(serverOut, sTOc); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
267 |
log("server wrap: ", serverResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
268 |
runDelegatedTasks(serverResult, serverEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
269 |
sTOc.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
270 |
dumpByteBuffer("SERVER-TO-CLIENT", sTOc); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
271 |
} catch (SSLProtocolException ssle) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
272 |
log("Received expected SSLProtocolException: " + ssle); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
273 |
gotException = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
274 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
275 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
276 |
// We expect to see the server generate an alert here |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
277 |
serverResult = serverEngine.wrap(serverOut, sTOc); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
278 |
log("server wrap: ", serverResult); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
279 |
runDelegatedTasks(serverResult, serverEngine); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
280 |
sTOc.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
281 |
dumpByteBuffer("SERVER-TO-CLIENT", sTOc); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
282 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
283 |
// At this point we can verify that both an exception |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
284 |
// was thrown and the proper action (a TLS alert) was |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
285 |
// sent back to the client. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
286 |
if (gotException == false || |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
287 |
!isTlsMessage(sTOc, TLS_RECTYPE_ALERT, TLS_ALERT_LVL_FATAL, |
30904 | 288 |
TLS_ALERT_UNEXPECTED_MSG)) { |
28565
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
289 |
throw new SSLException( |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
290 |
"Server failed to throw Alert:fatal:internal_error"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
291 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
292 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
293 |
}; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
294 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
295 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
296 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
297 |
* Main entry point for this test. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
298 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
299 |
public static void main(String args[]) throws Exception { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
300 |
List<LengthCheckTest> ccsTests = new ArrayList<>(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
301 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
302 |
if (debug) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
303 |
System.setProperty("javax.net.debug", "ssl"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
304 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
305 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
306 |
ccsTests.add(new LengthCheckTest("ServSendLongID")); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
307 |
ccsTests.add(new LengthCheckTest("ClientSendLongID")); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
308 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
309 |
for (LengthCheckTest test : ccsTests) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
310 |
test.runTest(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
311 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
312 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
313 |
System.out.println("Test Passed."); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
314 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
315 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
316 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
317 |
* Create an initialized SSLContext to use for these tests. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
318 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
319 |
public LengthCheckTest(String testName) throws Exception { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
320 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
321 |
KeyStore ks = KeyStore.getInstance("JKS"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
322 |
KeyStore ts = KeyStore.getInstance("JKS"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
323 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
324 |
char[] passphrase = "passphrase".toCharArray(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
325 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
326 |
ks.load(new FileInputStream(keyFilename), passphrase); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
327 |
ts.load(new FileInputStream(trustFilename), passphrase); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
328 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
329 |
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
330 |
kmf.init(ks, passphrase); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
331 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
332 |
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
333 |
tmf.init(ts); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
334 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
335 |
SSLContext sslCtx = SSLContext.getInstance("TLS"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
336 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
337 |
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
338 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
339 |
sslc = sslCtx; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
340 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
341 |
switch (testName) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
342 |
case "ServSendLongID": |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
343 |
handshakeTest = servSendLongID; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
344 |
break; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
345 |
case "ClientSendLongID": |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
346 |
handshakeTest = clientSendLongID; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
347 |
break; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
348 |
default: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
349 |
throw new IllegalArgumentException("Unknown test name: " + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
350 |
testName); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
351 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
352 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
353 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
354 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
355 |
* Run the test. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
356 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
357 |
* Sit in a tight loop, both engines calling wrap/unwrap regardless |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
358 |
* of whether data is available or not. We do this until both engines |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
359 |
* report back they are closed. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
360 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
361 |
* The main loop handles all of the I/O phases of the SSLEngine's |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
362 |
* lifetime: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
363 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
364 |
* initial handshaking |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
365 |
* application data transfer |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
366 |
* engine closing |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
367 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
368 |
* One could easily separate these phases into separate |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
369 |
* sections of code. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
370 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
371 |
private void runTest() throws Exception { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
372 |
boolean dataDone = false; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
373 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
374 |
createSSLEngines(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
375 |
createBuffers(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
376 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
377 |
handshakeTest.execTest(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
378 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
379 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
380 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
381 |
* Using the SSLContext created during object creation, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
382 |
* create/configure the SSLEngines we'll use for this test. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
383 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
384 |
private void createSSLEngines() throws Exception { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
385 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
386 |
* Configure the serverEngine to act as a server in the SSL/TLS |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
387 |
* handshake. Also, require SSL client authentication. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
388 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
389 |
serverEngine = sslc.createSSLEngine(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
390 |
serverEngine.setUseClientMode(false); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
391 |
serverEngine.setNeedClientAuth(false); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
392 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
393 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
394 |
* Similar to above, but using client mode instead. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
395 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
396 |
clientEngine = sslc.createSSLEngine("client", 80); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
397 |
clientEngine.setUseClientMode(true); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
398 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
399 |
// In order to make a test that will be backwards compatible |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
400 |
// going back to JDK 5, force the handshake to be TLS 1.0 and |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
401 |
// use one of the older cipher suites. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
402 |
clientEngine.setEnabledProtocols(new String[]{"TLSv1"}); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
403 |
clientEngine.setEnabledCipherSuites( |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
404 |
new String[]{"TLS_RSA_WITH_AES_128_CBC_SHA"}); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
405 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
406 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
407 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
408 |
* Create and size the buffers appropriately. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
409 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
410 |
private void createBuffers() { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
411 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
412 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
413 |
* We'll assume the buffer sizes are the same |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
414 |
* between client and server. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
415 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
416 |
SSLSession session = clientEngine.getSession(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
417 |
int appBufferMax = session.getApplicationBufferSize(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
418 |
int netBufferMax = session.getPacketBufferSize(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
419 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
420 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
421 |
* We'll make the input buffers a bit bigger than the max needed |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
422 |
* size, so that unwrap()s following a successful data transfer |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
423 |
* won't generate BUFFER_OVERFLOWS. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
424 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
425 |
* We'll use a mix of direct and indirect ByteBuffers for |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
426 |
* tutorial purposes only. In reality, only use direct |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
427 |
* ByteBuffers when they give a clear performance enhancement. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
428 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
429 |
clientIn = ByteBuffer.allocate(appBufferMax + 50); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
430 |
serverIn = ByteBuffer.allocate(appBufferMax + 50); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
431 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
432 |
cTOs = ByteBuffer.allocateDirect(netBufferMax); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
433 |
sTOc = ByteBuffer.allocateDirect(netBufferMax); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
434 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
435 |
clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
436 |
serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
437 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
438 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
439 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
440 |
* If the result indicates that we have outstanding tasks to do, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
441 |
* go ahead and run them in this thread. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
442 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
443 |
private static void runDelegatedTasks(SSLEngineResult result, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
444 |
SSLEngine engine) throws Exception { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
445 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
446 |
if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
447 |
Runnable runnable; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
448 |
while ((runnable = engine.getDelegatedTask()) != null) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
449 |
log("\trunning delegated task..."); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
450 |
runnable.run(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
451 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
452 |
HandshakeStatus hsStatus = engine.getHandshakeStatus(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
453 |
if (hsStatus == HandshakeStatus.NEED_TASK) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
454 |
throw new Exception( |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
455 |
"handshake shouldn't need additional tasks"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
456 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
457 |
log("\tnew HandshakeStatus: " + hsStatus); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
458 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
459 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
460 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
461 |
private static boolean isEngineClosed(SSLEngine engine) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
462 |
return (engine.isOutboundDone() && engine.isInboundDone()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
463 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
464 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
465 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
466 |
* Simple check to make sure everything came across as expected. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
467 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
468 |
private static void checkTransfer(ByteBuffer a, ByteBuffer b) |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
469 |
throws Exception { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
470 |
a.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
471 |
b.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
472 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
473 |
if (!a.equals(b)) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
474 |
throw new Exception("Data didn't transfer cleanly"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
475 |
} else { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
476 |
log("\tData transferred cleanly"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
477 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
478 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
479 |
a.position(a.limit()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
480 |
b.position(b.limit()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
481 |
a.limit(a.capacity()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
482 |
b.limit(b.capacity()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
483 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
484 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
485 |
/* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
486 |
* Logging code |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
487 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
488 |
private static boolean resultOnce = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
489 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
490 |
private static void log(String str, SSLEngineResult result) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
491 |
if (!logging) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
492 |
return; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
493 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
494 |
if (resultOnce) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
495 |
resultOnce = false; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
496 |
System.out.println("The format of the SSLEngineResult is: \n" + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
497 |
"\t\"getStatus() / getHandshakeStatus()\" +\n" + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
498 |
"\t\"bytesConsumed() / bytesProduced()\"\n"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
499 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
500 |
HandshakeStatus hsStatus = result.getHandshakeStatus(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
501 |
log(str + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
502 |
result.getStatus() + "/" + hsStatus + ", " + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
503 |
result.bytesConsumed() + "/" + result.bytesProduced() + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
504 |
" bytes"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
505 |
if (hsStatus == HandshakeStatus.FINISHED) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
506 |
log("\t...ready for application data"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
507 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
508 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
509 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
510 |
private static void log(String str) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
511 |
if (logging) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
512 |
System.out.println(str); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
513 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
514 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
515 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
516 |
/** |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
517 |
* Split a record consisting of multiple TLS handshake messages |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
518 |
* into individual TLS records, each one in a ByteBuffer of its own. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
519 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
520 |
* @param tlsRecord A ByteBuffer containing the tls record data. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
521 |
* The position of the buffer should be at the first byte |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
522 |
* in the TLS record data. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
523 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
524 |
* @return An ArrayList consisting of one or more ByteBuffers. Each |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
525 |
* ByteBuffer will contain a single TLS record with one message. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
526 |
* That message will be taken from the input record. The order |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
527 |
* of the messages in the ArrayList will be the same as they |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
528 |
* were in the input record. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
529 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
530 |
private ArrayList<ByteBuffer> splitRecord(ByteBuffer tlsRecord) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
531 |
SSLSession session = clientEngine.getSession(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
532 |
int netBufferMax = session.getPacketBufferSize(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
533 |
ArrayList<ByteBuffer> recordList = new ArrayList<>(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
534 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
535 |
if (tlsRecord.hasRemaining()) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
536 |
int type = Byte.toUnsignedInt(tlsRecord.get()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
537 |
byte ver_major = tlsRecord.get(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
538 |
byte ver_minor = tlsRecord.get(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
539 |
int recLen = Short.toUnsignedInt(tlsRecord.getShort()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
540 |
byte[] newMsgData = null; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
541 |
while (tlsRecord.hasRemaining()) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
542 |
ByteBuffer newRecord = ByteBuffer.allocateDirect(netBufferMax); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
543 |
switch (type) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
544 |
case TLS_RECTYPE_CCS: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
545 |
case TLS_RECTYPE_ALERT: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
546 |
case TLS_RECTYPE_APPDATA: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
547 |
// None of our tests have multiple non-handshake |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
548 |
// messages coalesced into a single record. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
549 |
break; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
550 |
case TLS_RECTYPE_HANDSHAKE: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
551 |
newMsgData = getHandshakeMessage(tlsRecord); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
552 |
break; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
553 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
554 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
555 |
// Put a new TLS record on the destination ByteBuffer |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
556 |
newRecord.put((byte)type); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
557 |
newRecord.put(ver_major); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
558 |
newRecord.put(ver_minor); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
559 |
newRecord.putShort((short)newMsgData.length); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
560 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
561 |
// Now add the message content itself and attach to the |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
562 |
// returned ArrayList |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
563 |
newRecord.put(newMsgData); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
564 |
newRecord.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
565 |
recordList.add(newRecord); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
566 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
567 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
568 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
569 |
return recordList; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
570 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
571 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
572 |
private static ByteBuffer createEvilClientHello(int sessIdLen) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
573 |
ByteBuffer newRecord = ByteBuffer.allocateDirect(4096); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
574 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
575 |
// Lengths will initially be place holders until we determine the |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
576 |
// finished length of the ByteBuffer. Then we'll go back and scribble |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
577 |
// in the correct lengths. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
578 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
579 |
newRecord.put((byte)TLS_RECTYPE_HANDSHAKE); // Record type |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
580 |
newRecord.putShort((short)0x0301); // Protocol (TLS 1.0) |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
581 |
newRecord.putShort((short)0); // Length place holder |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
582 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
583 |
newRecord.putInt(TLS_HS_CLIENT_HELLO << 24); // HS type and length |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
584 |
newRecord.putShort((short)0x0301); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
585 |
newRecord.putInt((int)(System.currentTimeMillis() / 1000)); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
586 |
SecureRandom sr = new SecureRandom(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
587 |
byte[] randBuf = new byte[28]; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
588 |
sr.nextBytes(randBuf); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
589 |
newRecord.put(randBuf); // Client Random |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
590 |
newRecord.put((byte)sessIdLen); // Session ID length |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
591 |
if (sessIdLen > 0) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
592 |
byte[] sessId = new byte[sessIdLen]; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
593 |
sr.nextBytes(sessId); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
594 |
newRecord.put(sessId); // Session ID |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
595 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
596 |
newRecord.putShort((short)2); // 2 bytes of ciphers |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
597 |
newRecord.putShort((short)0x002F); // TLS_RSA_AES_CBC_SHA |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
598 |
newRecord.putShort((short)0x0100); // only null compression |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
599 |
newRecord.putShort((short)5); // 5 bytes of extensions |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
600 |
newRecord.putShort((short)0xFF01); // Renegotiation info |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
601 |
newRecord.putShort((short)1); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
602 |
newRecord.put((byte)0); // No reneg info exts |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
603 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
604 |
// Go back and fill in the correct length values for the record |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
605 |
// and handshake message headers. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
606 |
int recordLength = newRecord.position(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
607 |
newRecord.putShort(3, (short)(recordLength - 5)); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
608 |
int newTypeAndLen = (newRecord.getInt(5) & 0xFF000000) | |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
609 |
((recordLength - 9) & 0x00FFFFFF); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
610 |
newRecord.putInt(5, newTypeAndLen); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
611 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
612 |
newRecord.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
613 |
return newRecord; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
614 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
615 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
616 |
private static ByteBuffer createEvilServerHello(ByteBuffer origHello, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
617 |
int newSessIdLen) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
618 |
if (newSessIdLen < 0 || newSessIdLen > Byte.MAX_VALUE) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
619 |
throw new RuntimeException("Length must be 0 <= X <= 127"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
620 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
621 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
622 |
ByteBuffer newRecord = ByteBuffer.allocateDirect(4096); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
623 |
// Copy the bytes from the old hello to the new up to the session ID |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
624 |
// field. We will go back later and fill in a new length field in |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
625 |
// the record header. This includes the record header (5 bytes), the |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
626 |
// Handshake message header (4 bytes), protocol version (2 bytes), |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
627 |
// and the random (32 bytes). |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
628 |
ByteBuffer scratchBuffer = origHello.slice(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
629 |
scratchBuffer.limit(43); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
630 |
newRecord.put(scratchBuffer); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
631 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
632 |
// Advance the position in the originial hello buffer past the |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
633 |
// session ID. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
634 |
origHello.position(43); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
635 |
int origIDLen = Byte.toUnsignedInt(origHello.get()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
636 |
if (origIDLen > 0) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
637 |
// Skip over the session ID |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
638 |
origHello.position(origHello.position() + origIDLen); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
639 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
640 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
641 |
// Now add our own sessionID to the new record |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
642 |
SecureRandom sr = new SecureRandom(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
643 |
byte[] sessId = new byte[newSessIdLen]; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
644 |
sr.nextBytes(sessId); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
645 |
newRecord.put((byte)newSessIdLen); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
646 |
newRecord.put(sessId); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
647 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
648 |
// Create another slice in the original buffer, based on the position |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
649 |
// past the session ID. Copy the remaining bytes into the new |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
650 |
// hello buffer. Then go back and fix up the length |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
651 |
newRecord.put(origHello.slice()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
652 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
653 |
// Go back and fill in the correct length values for the record |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
654 |
// and handshake message headers. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
655 |
int recordLength = newRecord.position(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
656 |
newRecord.putShort(3, (short)(recordLength - 5)); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
657 |
int newTypeAndLen = (newRecord.getInt(5) & 0xFF000000) | |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
658 |
((recordLength - 9) & 0x00FFFFFF); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
659 |
newRecord.putInt(5, newTypeAndLen); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
660 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
661 |
newRecord.flip(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
662 |
return newRecord; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
663 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
664 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
665 |
/** |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
666 |
* Look at an incoming TLS record and see if it is the desired |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
667 |
* record type, and where appropriate the correct subtype. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
668 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
669 |
* @param srcRecord The input TLS record to be evaluated. This |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
670 |
* method will only look at the leading message if multiple |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
671 |
* TLS handshake messages are coalesced into a single record. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
672 |
* @param reqRecType The requested TLS record type |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
673 |
* @param recParams Zero or more integer sub type fields. For CCS |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
674 |
* and ApplicationData, no params are used. For handshake records, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
675 |
* one value corresponding to the HandshakeType is required. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
676 |
* For Alerts, two values corresponding to AlertLevel and |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
677 |
* AlertDescription are necessary. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
678 |
* |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
679 |
* @return true if the proper handshake message is the first one |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
680 |
* in the input record, false otherwise. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
681 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
682 |
private boolean isTlsMessage(ByteBuffer srcRecord, int reqRecType, |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
683 |
int... recParams) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
684 |
boolean foundMsg = false; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
685 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
686 |
if (srcRecord.hasRemaining()) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
687 |
srcRecord.mark(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
688 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
689 |
// Grab the fields from the TLS Record |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
690 |
int recordType = Byte.toUnsignedInt(srcRecord.get()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
691 |
byte ver_major = srcRecord.get(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
692 |
byte ver_minor = srcRecord.get(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
693 |
int recLen = Short.toUnsignedInt(srcRecord.getShort()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
694 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
695 |
if (recordType == reqRecType) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
696 |
// For any zero-length recParams, making sure the requested |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
697 |
// type is sufficient. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
698 |
if (recParams.length == 0) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
699 |
foundMsg = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
700 |
} else { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
701 |
switch (recordType) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
702 |
case TLS_RECTYPE_CCS: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
703 |
case TLS_RECTYPE_APPDATA: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
704 |
// We really shouldn't find ourselves here, but |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
705 |
// if someone asked for these types and had more |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
706 |
// recParams we can ignore them. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
707 |
foundMsg = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
708 |
break; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
709 |
case TLS_RECTYPE_ALERT: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
710 |
// Needs two params, AlertLevel and AlertDescription |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
711 |
if (recParams.length != 2) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
712 |
throw new RuntimeException( |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
713 |
"Test for Alert requires level and desc."); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
714 |
} else { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
715 |
int level = Byte.toUnsignedInt(srcRecord.get()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
716 |
int desc = Byte.toUnsignedInt(srcRecord.get()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
717 |
if (level == recParams[0] && |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
718 |
desc == recParams[1]) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
719 |
foundMsg = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
720 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
721 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
722 |
break; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
723 |
case TLS_RECTYPE_HANDSHAKE: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
724 |
// Needs one parameter, HandshakeType |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
725 |
if (recParams.length != 1) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
726 |
throw new RuntimeException( |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
727 |
"Test for Handshake requires only HS type"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
728 |
} else { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
729 |
// Go into the first handhshake message in the |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
730 |
// record and grab the handshake message header. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
731 |
// All we need to do is parse out the leading |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
732 |
// byte. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
733 |
int msgHdr = srcRecord.getInt(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
734 |
int msgType = (msgHdr >> 24) & 0x000000FF; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
735 |
if (msgType == recParams[0]) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
736 |
foundMsg = true; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
737 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
738 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
739 |
break; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
740 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
741 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
742 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
743 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
744 |
srcRecord.reset(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
745 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
746 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
747 |
return foundMsg; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
748 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
749 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
750 |
private byte[] getHandshakeMessage(ByteBuffer srcRecord) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
751 |
// At the start of this routine, the position should be lined up |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
752 |
// at the first byte of a handshake message. Mark this location |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
753 |
// so we can return to it after reading the type and length. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
754 |
srcRecord.mark(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
755 |
int msgHdr = srcRecord.getInt(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
756 |
int type = (msgHdr >> 24) & 0x000000FF; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
757 |
int length = msgHdr & 0x00FFFFFF; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
758 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
759 |
// Create a byte array that has enough space for the handshake |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
760 |
// message header and body. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
761 |
byte[] data = new byte[length + 4]; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
762 |
srcRecord.reset(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
763 |
srcRecord.get(data, 0, length + 4); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
764 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
765 |
return (data); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
766 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
767 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
768 |
/** |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
769 |
* Hex-dumps a ByteBuffer to stdout. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
770 |
*/ |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
771 |
private static void dumpByteBuffer(String header, ByteBuffer bBuf) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
772 |
if (dumpBufs == false) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
773 |
return; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
774 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
775 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
776 |
int bufLen = bBuf.remaining(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
777 |
if (bufLen > 0) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
778 |
bBuf.mark(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
779 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
780 |
// We expect the position of the buffer to be at the |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
781 |
// beginning of a TLS record. Get the type, version and length. |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
782 |
int type = Byte.toUnsignedInt(bBuf.get()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
783 |
int ver_major = Byte.toUnsignedInt(bBuf.get()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
784 |
int ver_minor = Byte.toUnsignedInt(bBuf.get()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
785 |
int recLen = Short.toUnsignedInt(bBuf.getShort()); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
786 |
ProtocolVersion pv = ProtocolVersion.valueOf(ver_major, ver_minor); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
787 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
788 |
log("===== " + header + " (" + tlsRecType(type) + " / " + |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
789 |
pv + " / " + bufLen + " bytes) ====="); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
790 |
bBuf.reset(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
791 |
for (int i = 0; i < bufLen; i++) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
792 |
if (i != 0 && i % 16 == 0) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
793 |
System.out.print("\n"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
794 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
795 |
System.out.format("%02X ", bBuf.get(i)); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
796 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
797 |
log("\n==============================================="); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
798 |
bBuf.reset(); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
799 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
800 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
801 |
|
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
802 |
private static String tlsRecType(int type) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
803 |
switch (type) { |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
804 |
case 20: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
805 |
return "Change Cipher Spec"; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
806 |
case 21: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
807 |
return "Alert"; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
808 |
case 22: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
809 |
return "Handshake"; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
810 |
case 23: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
811 |
return "Application Data"; |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
812 |
default: |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
813 |
return ("Unknown (" + type + ")"); |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
814 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
815 |
} |
48712ca501c1
8044860: Vectors and fixed length fields should be verified for allowed sizes.
jnimeh
parents:
diff
changeset
|
816 |
} |