1 /*
2 * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 8043758
27 * @summary Testing DTLS records sequence number property support in application
28 * data exchange.
29 * @key randomness
30 * @library /sun/security/krb5/auto /test/lib /javax/net/ssl/TLSCommon
31 * @modules java.security.jgss
32 * jdk.security.auth
33 * java.security.jgss/sun.security.krb5:+open
34 * java.security.jgss/sun.security.krb5.internal:+open
35 * java.security.jgss/sun.security.krb5.internal.ccache
36 * java.security.jgss/sun.security.krb5.internal.crypto
37 * java.security.jgss/sun.security.krb5.internal.ktab
38 * java.base/sun.security.util
39 * @build jdk.test.lib.RandomFactory
40 * @run main/othervm -Dtest.security.protocol=DTLS
41 * -Dtest.mode=norm DTLSSequenceNumberTest
42 * @run main/othervm -Dtest.security.protocol=DTLS
43 * -Dtest.mode=norm_sni DTLSSequenceNumberTest
44 * @run main/othervm -Dtest.security.protocol=DTLS
45 * -Dtest.mode=krb DTLSSequenceNumberTest
46 */
47
48 import java.nio.ByteBuffer;
49 import java.util.TreeMap;
50 import javax.net.ssl.SSLContext;
51 import javax.net.ssl.SSLEngine;
52 import javax.net.ssl.SSLEngineResult;
53 import javax.net.ssl.SSLException;
54 import java.util.Random;
55 import jdk.test.lib.RandomFactory;
56
57 /**
58 * Testing DTLS records sequence number property support in application data
59 * exchange.
60 */
61 public class DTLSSequenceNumberTest extends SSLEngineTestCase {
62
63 private final String BIG_MESSAGE = "Very very big message. One two three"
64 + " four five six seven eight nine ten eleven twelve thirteen"
65 + " fourteen fifteen sixteen seventeen eighteen nineteen twenty.";
66 private final byte[] BIG_MESSAGE_BYTES = BIG_MESSAGE.getBytes();
67 private final int PIECES_NUMBER = 15;
68
69 public static void main(String[] args) {
70 DTLSSequenceNumberTest test = new DTLSSequenceNumberTest();
71 setUpAndStartKDCIfNeeded();
72 test.runTests();
73 }
74
75 @Override
76 protected void testOneCipher(String cipher) throws SSLException {
77 SSLContext context = getContext();
78 int maxPacketSize = getMaxPacketSize();
79 boolean useSNI = !TEST_MODE.equals("norm");
80 SSLEngine clientEngine = getClientSSLEngine(context, useSNI);
81 SSLEngine serverEngine = getServerSSLEngine(context, useSNI);
82 clientEngine.setEnabledCipherSuites(new String[]{cipher});
83 serverEngine.setEnabledCipherSuites(new String[]{cipher});
84 serverEngine.setNeedClientAuth(!cipher.contains("anon"));
85 doHandshake(clientEngine, serverEngine, maxPacketSize,
86 HandshakeMode.INITIAL_HANDSHAKE);
87 checkSeqNumPropertyWithAppDataSend(clientEngine, serverEngine);
88 checkSeqNumPropertyWithAppDataSend(serverEngine, clientEngine);
89 }
90
91 private void checkSeqNumPropertyWithAppDataSend(SSLEngine sendEngine,
92 SSLEngine recvEngine) throws SSLException {
93 String sender, reciever;
94 if (sendEngine.getUseClientMode() && !recvEngine.getUseClientMode()) {
95 sender = "Client";
96 reciever = "Server";
97 } else if (recvEngine.getUseClientMode() && !sendEngine.getUseClientMode()) {
98 sender = "Server";
99 reciever = "Client";
100 } else {
101 throw new Error("Both engines are in the same mode");
102 }
103 System.out.println("================================================="
104 + "===========");
105 System.out.println("Checking DTLS sequence number support"
106 + " by sending data from " + sender + " to " + reciever);
107 ByteBuffer[] sentMessages = new ByteBuffer[PIECES_NUMBER];
108 ByteBuffer[] netBuffers = new ByteBuffer[PIECES_NUMBER];
109 TreeMap<Long, ByteBuffer> recvMap = new TreeMap<>(Long::compareUnsigned);
110 int symbolsInAMessage;
111 int symbolsInTheLastMessage;
112 int[] recievingSequence = new int[PIECES_NUMBER];
113 for (int i = 0; i < PIECES_NUMBER; i++) {
114 recievingSequence[i] = i;
115 }
116 shuffleArray(recievingSequence);
117 if (BIG_MESSAGE.length() % PIECES_NUMBER == 0) {
118 symbolsInAMessage = BIG_MESSAGE.length() / PIECES_NUMBER;
119 symbolsInTheLastMessage = symbolsInAMessage;
120 } else {
121 symbolsInAMessage = BIG_MESSAGE.length() / (PIECES_NUMBER - 1);
122 symbolsInTheLastMessage = BIG_MESSAGE.length() % (PIECES_NUMBER - 1);
123 }
124 for (int i = 0; i < PIECES_NUMBER - 1; i++) {
125 sentMessages[i] = ByteBuffer.wrap(BIG_MESSAGE_BYTES,
126 i * symbolsInAMessage, symbolsInAMessage);
127 }
128 sentMessages[PIECES_NUMBER - 1] = ByteBuffer.wrap(BIG_MESSAGE_BYTES,
129 (PIECES_NUMBER - 1) * symbolsInAMessage, symbolsInTheLastMessage);
130 long prevSeqNum = 0L;
131 //Wrapping massages in direct order
132 for (int i = 0; i < PIECES_NUMBER; i++) {
133 netBuffers[i] = ByteBuffer.allocate(sendEngine.getSession()
134 .getPacketBufferSize());
135 SSLEngineResult[] r = new SSLEngineResult[1];
136 netBuffers[i] = doWrap(sendEngine, sender, 0, sentMessages[i], r);
137 long seqNum = r[0].sequenceNumber();
138 if (Long.compareUnsigned(seqNum, prevSeqNum) <= 0) {
139 throw new AssertionError("Sequence number of the wrapped "
140 + "message is less or equal than that of the"
141 + " previous one! "
142 + "Was " + prevSeqNum + ", now " + seqNum + ".");
143 }
144 prevSeqNum = seqNum;
145 }
146 //Unwrapping messages in random order and trying to reconstruct order
147 //from sequence number.
148 for (int i = 0; i < PIECES_NUMBER; i++) {
149 int recvNow = recievingSequence[i];
150 SSLEngineResult[] r = new SSLEngineResult[1];
151 ByteBuffer recvMassage = doUnWrap(recvEngine, reciever,
152 netBuffers[recvNow], r);
153 long seqNum = r[0].sequenceNumber();
154 recvMap.put(seqNum, recvMassage);
155 }
156 int mapSize = recvMap.size();
157 if (mapSize != PIECES_NUMBER) {
158 throw new AssertionError("The number of received massages "
159 + mapSize + " is not equal to the number of sent messages "
160 + PIECES_NUMBER + "!");
161 }
162 byte[] recvBigMsgBytes = new byte[BIG_MESSAGE_BYTES.length];
163 int counter = 0;
164 for (ByteBuffer msg : recvMap.values()) {
165 System.arraycopy(msg.array(), 0, recvBigMsgBytes,
166 counter * symbolsInAMessage, msg.remaining());
167 counter++;
168 }
169 String recvBigMsg = new String(recvBigMsgBytes);
170 if (!recvBigMsg.equals(BIG_MESSAGE)) {
171 throw new AssertionError("Received big message is not equal to"
172 + " one that was sent! Received message is: " + recvBigMsg);
173 }
174 }
175
176 private static void shuffleArray(int[] ar) {
177 final Random RNG = RandomFactory.getRandom();
178 for (int i = ar.length - 1; i > 0; i--) {
179 int index = RNG.nextInt(i + 1);
180 int a = ar[index];
181 ar[index] = ar[i];
182 ar[i] = a;
183 }
184 }
185 }