1 /* 2 * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8043758 27 * @summary Testing DTLS records sequence number property support in application 28 * data exchange. 29 * @key randomness 30 * @library /sun/security/krb5/auto /test/lib /javax/net/ssl/TLSCommon 31 * @modules java.security.jgss 32 * jdk.security.auth 33 * java.security.jgss/sun.security.krb5:+open 34 * java.security.jgss/sun.security.krb5.internal:+open 35 * java.security.jgss/sun.security.krb5.internal.ccache 36 * java.security.jgss/sun.security.krb5.internal.crypto 37 * java.security.jgss/sun.security.krb5.internal.ktab 38 * java.base/sun.security.util 39 * @run main/othervm -Dtest.security.protocol=DTLS 40 * -Dtest.mode=norm DTLSSequenceNumberTest 41 * @run main/othervm -Dtest.security.protocol=DTLS 42 * -Dtest.mode=norm_sni DTLSSequenceNumberTest 43 * @run main/othervm -Dtest.security.protocol=DTLS 44 * -Dtest.mode=krb DTLSSequenceNumberTest 45 */ 46 47 import java.nio.ByteBuffer; 48 import java.util.TreeMap; 49 import javax.net.ssl.SSLContext; 50 import javax.net.ssl.SSLEngine; 51 import javax.net.ssl.SSLEngineResult; 52 import javax.net.ssl.SSLException; 53 import java.util.Random; 54 import jdk.test.lib.RandomFactory; 55 56 /** 57 * Testing DTLS records sequence number property support in application data 58 * exchange. 59 */ 60 public class DTLSSequenceNumberTest extends SSLEngineTestCase { 61 62 private final String BIG_MESSAGE = "Very very big message. One two three" 63 + " four five six seven eight nine ten eleven twelve thirteen" 64 + " fourteen fifteen sixteen seventeen eighteen nineteen twenty."; 65 private final byte[] BIG_MESSAGE_BYTES = BIG_MESSAGE.getBytes(); 66 private final int PIECES_NUMBER = 15; 67 68 public static void main(String[] args) { 69 DTLSSequenceNumberTest test = new DTLSSequenceNumberTest(); 70 setUpAndStartKDCIfNeeded(); 71 test.runTests(); 72 } 73 74 @Override 75 protected void testOneCipher(String cipher) throws SSLException { 76 SSLContext context = getContext(); 77 int maxPacketSize = getMaxPacketSize(); 78 boolean useSNI = !TEST_MODE.equals("norm"); 79 SSLEngine clientEngine = getClientSSLEngine(context, useSNI); 80 SSLEngine serverEngine = getServerSSLEngine(context, useSNI); 81 clientEngine.setEnabledCipherSuites(new String[]{cipher}); 82 serverEngine.setEnabledCipherSuites(new String[]{cipher}); 83 serverEngine.setNeedClientAuth(!cipher.contains("anon")); 84 doHandshake(clientEngine, serverEngine, maxPacketSize, 85 HandshakeMode.INITIAL_HANDSHAKE); 86 checkSeqNumPropertyWithAppDataSend(clientEngine, serverEngine); 87 checkSeqNumPropertyWithAppDataSend(serverEngine, clientEngine); 88 } 89 90 private void checkSeqNumPropertyWithAppDataSend(SSLEngine sendEngine, 91 SSLEngine recvEngine) throws SSLException { 92 String sender, reciever; 93 if (sendEngine.getUseClientMode() && !recvEngine.getUseClientMode()) { 94 sender = "Client"; 95 reciever = "Server"; 96 } else if (recvEngine.getUseClientMode() && !sendEngine.getUseClientMode()) { 97 sender = "Server"; 98 reciever = "Client"; 99 } else { 100 throw new Error("Both engines are in the same mode"); 101 } 102 System.out.println("=================================================" 103 + "==========="); 104 System.out.println("Checking DTLS sequence number support" 105 + " by sending data from " + sender + " to " + reciever); 106 ByteBuffer[] sentMessages = new ByteBuffer[PIECES_NUMBER]; 107 ByteBuffer[] netBuffers = new ByteBuffer[PIECES_NUMBER]; 108 TreeMap<Long, ByteBuffer> recvMap = new TreeMap<>(Long::compareUnsigned); 109 int symbolsInAMessage; 110 int symbolsInTheLastMessage; 111 int[] recievingSequence = new int[PIECES_NUMBER]; 112 for (int i = 0; i < PIECES_NUMBER; i++) { 113 recievingSequence[i] = i; 114 } 115 shuffleArray(recievingSequence); 116 if (BIG_MESSAGE.length() % PIECES_NUMBER == 0) { 117 symbolsInAMessage = BIG_MESSAGE.length() / PIECES_NUMBER; 118 symbolsInTheLastMessage = symbolsInAMessage; 119 } else { 120 symbolsInAMessage = BIG_MESSAGE.length() / (PIECES_NUMBER - 1); 121 symbolsInTheLastMessage = BIG_MESSAGE.length() % (PIECES_NUMBER - 1); 122 } 123 for (int i = 0; i < PIECES_NUMBER - 1; i++) { 124 sentMessages[i] = ByteBuffer.wrap(BIG_MESSAGE_BYTES, 125 i * symbolsInAMessage, symbolsInAMessage); 126 } 127 sentMessages[PIECES_NUMBER - 1] = ByteBuffer.wrap(BIG_MESSAGE_BYTES, 128 (PIECES_NUMBER - 1) * symbolsInAMessage, symbolsInTheLastMessage); 129 long prevSeqNum = 0L; 130 //Wrapping massages in direct order 131 for (int i = 0; i < PIECES_NUMBER; i++) { 132 netBuffers[i] = ByteBuffer.allocate(sendEngine.getSession() 133 .getPacketBufferSize()); 134 SSLEngineResult[] r = new SSLEngineResult[1]; 135 netBuffers[i] = doWrap(sendEngine, sender, 0, sentMessages[i], r); 136 long seqNum = r[0].sequenceNumber(); 137 if (Long.compareUnsigned(seqNum, prevSeqNum) <= 0) { 138 throw new AssertionError("Sequence number of the wrapped " 139 + "message is less or equal than that of the" 140 + " previous one! " 141 + "Was " + prevSeqNum + ", now " + seqNum + "."); 142 } 143 prevSeqNum = seqNum; 144 } 145 //Unwrapping messages in random order and trying to reconstruct order 146 //from sequence number. 147 for (int i = 0; i < PIECES_NUMBER; i++) { 148 int recvNow = recievingSequence[i]; 149 SSLEngineResult[] r = new SSLEngineResult[1]; 150 ByteBuffer recvMassage = doUnWrap(recvEngine, reciever, 151 netBuffers[recvNow], r); 152 long seqNum = r[0].sequenceNumber(); 153 recvMap.put(seqNum, recvMassage); 154 } 155 int mapSize = recvMap.size(); 156 if (mapSize != PIECES_NUMBER) { 157 throw new AssertionError("The number of received massages " 158 + mapSize + " is not equal to the number of sent messages " 159 + PIECES_NUMBER + "!"); 160 } 161 byte[] recvBigMsgBytes = new byte[BIG_MESSAGE_BYTES.length]; 162 int counter = 0; 163 for (ByteBuffer msg : recvMap.values()) { 164 System.arraycopy(msg.array(), 0, recvBigMsgBytes, 165 counter * symbolsInAMessage, msg.remaining()); 166 counter++; 167 } 168 String recvBigMsg = new String(recvBigMsgBytes); 169 if (!recvBigMsg.equals(BIG_MESSAGE)) { 170 throw new AssertionError("Received big message is not equal to" 171 + " one that was sent! Received message is: " + recvBigMsg); 172 } 173 } 174 175 private static void shuffleArray(int[] ar) { 176 final Random RNG = RandomFactory.getRandom(); 177 for (int i = ar.length - 1; i > 0; i--) { 178 int index = RNG.nextInt(i + 1); 179 int a = ar[index]; 180 ar[index] = ar[i]; 181 ar[i] = a; 182 } 183 } 184 }