1 /*
2 * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // Please run in othervm mode. SunJSSE does not support dynamic system
26 // properties, no way to re-use system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 8148421 8193683
32 * @summary Transport Layer Security (TLS) Session Hash and Extended
33 * Master Secret Extension
34 * @summary Increase the number of clones in the CloneableDigest
35 * @library /javax/net/ssl/templates
36 * @library /lib/security
37 * @compile DigestBase.java
38 * @run main/othervm HandshakeHashCloneExhaustion
39 * TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
40 * @run main/othervm HandshakeHashCloneExhaustion
41 * TLSv1.1 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
42 */
43
44 import java.io.InputStream;
45 import java.io.OutputStream;
46 import java.security.MessageDigest;
47 import java.security.Security;
48 import javax.net.ssl.SSLSocket;
49
50 public class HandshakeHashCloneExhaustion extends SSLSocketTemplate {
51
52 private static String[] protocol;
53 private static String[] ciphersuite;
54 private static String[] mds = { "SHA", "MD5", "SHA-256" };
55
56 /*
57 * ==================
58 * Run the test case.
59 */
60 public static void main(String[] args) throws Exception {
61 // Add in a non-cloneable MD5/SHA1/SHA-256 implementation
62 Security.insertProviderAt(new MyProvider(), 1);
63 // make sure our provider is functioning
64 for (String s : mds) {
65 MessageDigest md = MessageDigest.getInstance(s);
66 String p = md.getProvider().getName();
67 if (!p.equals("MyProvider")) {
68 throw new RuntimeException("Unexpected provider: " + p);
69 }
70 }
71
72 if (args.length != 2) {
73 throw new Exception(
74 "Usage: HandshakeHashCloneExhaustion protocol ciphersuite");
75 }
76
77 System.out.println("Testing: " + args[0] + " " + args[1]);
78 protocol = new String [] { args[0] };
79 ciphersuite = new String[] { args[1] };
80
81 // Re-enable TLSv1.1 when test depends on it.
82 if (protocol[0].equals("TLSv1.1")) {
83 SecurityUtils.removeFromDisabledTlsAlgs(protocol[0]);
84 }
85 (new HandshakeHashCloneExhaustion()).run();
86 }
87
88 @Override
89 protected void runServerApplication(SSLSocket socket) throws Exception {
90 socket.setNeedClientAuth(true);
91 socket.setEnabledProtocols(protocol);
92 socket.setEnabledCipherSuites(ciphersuite);
93
94 // here comes the test logic
95 InputStream sslIS = socket.getInputStream();
96 OutputStream sslOS = socket.getOutputStream();
97
98 sslIS.read();
99 sslOS.write(85);
100 sslOS.flush();
101 }
102
103 @Override
104 protected void runClientApplication(SSLSocket socket) throws Exception {
105 InputStream sslIS = socket.getInputStream();
106 OutputStream sslOS = socket.getOutputStream();
107
108 sslOS.write(280);
109 sslOS.flush();
110 sslIS.read();
111 }
112 }