/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* Wrapper class around InputRecord.
*
* Application data is kept external to the InputRecord,
* but handshake data (alert/change_cipher_spec/handshake) will
* be kept internally in the ByteArrayInputStream.
*
* @author Brad Wetmore
*/
/*
* A dummy ByteBuffer we'll pass back even when the data
* is stored internally. It'll never actually be used.
*/
/*
* internal in the ByteArrayInputStream, or in the external
* buffers.
*/
private boolean internalData;
super();
}
byte contentType() {
if (internalData) {
return super.contentType();
} else {
return ct_application_data;
}
}
/*
* Check if there is enough inbound data in the ByteBuffer
* to make a inbound packet. Look for both SSLv2 and SSLv3.
*
* @return -1 if there are not enough bytes to tell (small header),
*/
/*
* SSLv2 length field is in bytes 0/1
*/
return -1;
}
int len = 0;
/*
* If we have already verified previous packets, we can
* ignore the verifications steps, and jump right to the
* determination. Otherwise, try one last hueristic to
*/
if (formatVerified ||
(byteZero == ct_handshake) ||
/*
* Last sanity check that it's not a wild record
*/
// Check if too old (currently not possible)
// or if the major version does not match.
// The actual version negotiation is in the handshaker classes
throw new SSLException(
"Unsupported record version " + recordVersion);
}
/*
* Reasonably sure this is a V3, disable further checks.
* We can't do the same in the v2 check below, because
*/
formatVerified = true;
/*
*/
} else {
/*
* Must be SSLv2 or something unknown.
* Check if it's short (2 bytes) or
* long (3) header.
*
* Internals can warn about unsupported SSLv2
*/
if (isShort &&
// Check if too old (currently not possible)
// or if the major version does not match.
// The actual version negotiation is in the handshaker classes
// if it's not SSLv2, we're out of here.
throw new SSLException(
"Unsupported record version " + recordVersion);
}
}
/*
* Client or Server Hello
*/
} else {
// Gobblygook!
throw new SSLException(
"Unrecognized SSL message, plaintext connection?");
}
}
return len;
}
/*
* Pass the data down if it's internally cached, otherwise
* do it here.
*
* If internal data, data is decrypted internally.
*
* If external data(app), return a new ByteBuffer with data to
* process.
*/
if (internalData) {
return tmpBB;
}
if (!box.isNullCipher()) {
// sanity check length of the ciphertext
throw new BadPaddingException(
"ciphertext sanity check failed");
}
try {
// Note that the CipherBox.decrypt() does not change
// the capacity of the buffer.
} catch (BadPaddingException bpe) {
// RFC 2246 states that decryption_failed should be used
// for this purpose. However, that allows certain attacks,
// so we just send bad record MAC. We also need to make
// sure to always check the MAC to avoid a timing attack
// for the same issue. See paper by Vaudenay et al and the
// update in RFC 4346/5246.
//
// Failover to message authentication code checking.
reservedBPE = bpe;
} finally {
}
}
if (tagLen != 0) {
// Note that although it is not necessary, we run the same MAC
// computation and comparison on the payload for both stream
// cipher and CBC block cipher.
// negative data length, something is wrong
if (reservedBPE == null) {
}
// set offset of the dummy MAC
}
// Run MAC computation and comparison on the payload.
if (reservedBPE == null) {
}
}
// Run MAC computation and comparison on the remainder.
//
// It is only necessary for CBC block cipher. It is used to get a
// constant time of MAC computation and comparison on each record.
// NOTE: here we use the InputRecord.buf because I did not find
// an effective way to work on ByteBuffer when its capacity is
// less than remainingLen.
// NOTE: remainingLen may be bigger (less than 1 block of the
// hash algorithm of the MAC) than the cipheredLength. However,
// We won't need to worry about it because we always use a
// maximum buffer for every record. We need a change here if
// we use small buffer size in the future.
// unlikely to happen, just a placehold
throw new RuntimeException(
"Internal buffer capacity error");
}
// Won't need to worry about the result on the remainder. And
// then we won't need to worry about what's actual data to
// check MAC tag on. We start the check from the header of the
// buffer so that we don't need to construct a new byte buffer.
}
}
// Is it a failover?
if (reservedBPE != null) {
throw reservedBPE;
}
}
/*
* Run MAC computation and comparison
*
* Please DON'T change the content of the ByteBuffer parameter!
*/
// Something is wrong with MAC implementation.
throw new RuntimeException("Internal MAC error");
}
try {
} finally {
}
}
/*
* A constant-time comparison of the MAC tags.
*
* Please DON'T change the content of the ByteBuffer parameter!
*/
// An array of hits is used to prevent Hotspot optimization for
// the purpose of a constant-time check.
// The caller ensures there are enough bytes available in the buffer.
// So we won't need to check the remaining of the buffer.
} else {
}
}
return results;
}
/*
* Override the actual write below. We do things this way to be
* consistent with InputRecord. InputRecord may try to write out
* data to the peer, and *then* throw an Exception. This forces
* generated.
*/
throws IOException {
/*
* Copy data out of buffer, it's ready to go.
*/
}
/*
* Delineate or read a complete packet from src.
*
* If internal data (hs, alert, ccs), the data is read and
* stored internally.
*
* If external data (app), return a new ByteBuffer which points
* to the data to process.
*/
/*
* but that was already checked by SSLEngine.unwrap before
* ever attempting to read.
*/
/*
* If we have anything besides application data,
* or if we haven't even done the initial v2 verification,
* we send this down to be processed by the underlying
* internal cache.
*/
if (!formatVerified ||
internalData = true;
return tmpBB;
}
internalData = false;
// Check if too old (currently not possible)
// or if the major version does not match.
// The actual version negotiation is in the handshaker classes
throw new SSLException(
"Unsupported record version " + recordVersion);
}
/*
* It's really application data. How much to consume?
* Jump over the header.
*/
assert(len > 0);
try {
} catch (IOException e) { }
}
// Demarcate past header to end of packet.
// Protect remainder of buffer, create slice to actually
// operate on.
return bb;
}
}