security/ssl/Record.java

0N/A/*
5357N/A * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation.  Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A
0N/Apackage sun.security.ssl;
0N/A
0N/A
0N/A/**
0N/A * SSL/TLS records, as pulled off (and put onto) a TCP stream.  This is
0N/A * the base interface, which defines common information and interfaces
0N/A * used by both Input and Output records.
0N/A *
0N/A * @author David Brownell
0N/A */
0N/Ainterface Record {
0N/A    /*
0N/A     * There are four SSL record types, which are part of the interface
0N/A     * to this level (along with the maximum record size)
0N/A     *
0N/A     * enum { change_cipher_spec(20), alert(21), handshake(22),
0N/A     *      application_data(23), (255) } ContentType;
0N/A     */
0N/A    static final byte   ct_change_cipher_spec = 20;
0N/A    static final byte   ct_alert = 21;
0N/A    static final byte   ct_handshake = 22;
0N/A    static final byte   ct_application_data = 23;
0N/A
2998N/A    static final int    headerSize = 5;         // SSLv3 record header
2998N/A    static final int    maxExpansion = 1024;    // for bad compression
2998N/A    static final int    trailerSize = 20;       // SHA1 hash size
2998N/A    static final int    maxDataSize = 16384;    // 2^14 bytes of data
2998N/A    static final int    maxPadding = 256;       // block cipher padding
2998N/A    static final int    maxIVLength = 256;      // block length
0N/A
0N/A    /*
0N/A     * SSL has a maximum record size.  It's header, (compressed) data,
0N/A     * padding, and a trailer for the MAC.
0N/A     * Some compression algorithms have rare cases where they expand the data.
0N/A     * As we don't support compression at this time, leave that out.
0N/A     */
2998N/A    static final int    maxRecordSize =
0N/A                                      headerSize        // header
2998N/A                                    + maxIVLength       // iv
0N/A                                    + maxDataSize       // data
0N/A                                    + maxPadding        // padding
0N/A                                    + trailerSize;      // MAC
0N/A
4466N/A    static final boolean enableCBCProtection =
4466N/A            Debug.getBooleanProperty("jsse.enableCBCProtection", true);
4466N/A
4466N/A    /*
4466N/A     * For CBC protection in SSL3/TLS1, we break some plaintext into two
4466N/A     * packets.  Max application data size for the second packet.
4466N/A     */
4466N/A    static final int    maxDataSizeMinusOneByteRecord =
4466N/A                                  maxDataSize       // max data size
4466N/A                                - (                 // max one byte record size
4466N/A                                      headerSize    // header
4466N/A                                    + maxIVLength   // iv
4466N/A                                    + 1             // one byte data
4466N/A                                    + maxPadding    // padding
4466N/A                                    + trailerSize   // MAC
4466N/A                                  );
4466N/A
0N/A    /*
0N/A     * The maximum large record size.
0N/A     *
0N/A     * Some SSL/TLS implementations support large fragment upto 2^15 bytes,
0N/A     * such as Microsoft. We support large incoming fragments.
0N/A     *
0N/A     * The maximum large record size is defined as maxRecordSize plus 2^14,
0N/A     * this is the amount OpenSSL is using.
0N/A     */
2998N/A    static final int    maxLargeRecordSize =
0N/A                maxRecordSize   // Max size with a conforming implemenation
0N/A              + maxDataSize;    // extra 2^14 bytes for large data packets.
0N/A
0N/A
0N/A    /*
0N/A     * Maximum record size for alert and change cipher spec records.
0N/A     * They only contain 2 and 1 bytes of data, respectively.
0N/A     * Allocate a smaller array.
0N/A     */
2998N/A    static final int    maxAlertRecordSize =
2998N/A                                      headerSize        // header
2998N/A                                    + maxIVLength       // iv
2998N/A                                    + 2                 // alert
2998N/A                                    + maxPadding        // padding
2998N/A                                    + trailerSize;      // MAC
0N/A
5357N/A    /*
5357N/A     * The overflow values of integers of 8, 16 and 24 bits.
5357N/A     */
5357N/A    static final int OVERFLOW_OF_INT08 = (1 << 8);
5357N/A    static final int OVERFLOW_OF_INT16 = (1 << 16);
5357N/A    static final int OVERFLOW_OF_INT24 = (1 << 24);
0N/A}