• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 
27 package sun.security.ssl;
28 
29 
30 /**
31  * SSL/TLS records, as pulled off (and put onto) a TCP stream.  This is
32  * the base interface, which defines common information and interfaces
33  * used by both Input and Output records.
34  *
35  * @author David Brownell
36  */
37 interface Record {
38     /*
39      * There are four SSL record types, which are part of the interface
40      * to this level (along with the maximum record size)
41      *
42      * enum { change_cipher_spec(20), alert(21), handshake(22),
43      *      application_data(23), (255) } ContentType;
44      */
45     static final byte   ct_change_cipher_spec = 20;
46     static final byte   ct_alert = 21;
47     static final byte   ct_handshake = 22;
48     static final byte   ct_application_data = 23;
49 
50     static final int    headerSize = 5;         // SSLv3 record header
51     static final int    maxExpansion = 1024;    // for bad compression
52     static final int    trailerSize = 20;       // SHA1 hash size
53     static final int    maxDataSize = 16384;    // 2^14 bytes of data
54     static final int    maxPadding = 256;       // block cipher padding
55     static final int    maxIVLength = 256;      // block length
56 
57     /*
58      * SSL has a maximum record size.  It's header, (compressed) data,
59      * padding, and a trailer for the MAC.
60      * Some compression algorithms have rare cases where they expand the data.
61      * As we don't support compression at this time, leave that out.
62      */
63     static final int    maxRecordSize =
64                                       headerSize        // header
65                                     + maxIVLength       // iv
66                                     + maxDataSize       // data
67                                     + maxPadding        // padding
68                                     + trailerSize;      // MAC
69 
70     static final boolean enableCBCProtection =
71             Debug.getBooleanProperty("jsse.enableCBCProtection", true);
72 
73     /*
74      * For CBC protection in SSL3/TLS1, we break some plaintext into two
75      * packets.  Max application data size for the second packet.
76      */
77     static final int    maxDataSizeMinusOneByteRecord =
78                                   maxDataSize       // max data size
79                                 - (                 // max one byte record size
80                                       headerSize    // header
81                                     + maxIVLength   // iv
82                                     + 1             // one byte data
83                                     + maxPadding    // padding
84                                     + trailerSize   // MAC
85                                   );
86 
87     /*
88      * The maximum large record size.
89      *
90      * Some SSL/TLS implementations support large fragment upto 2^15 bytes,
91      * such as Microsoft. We support large incoming fragments.
92      *
93      * The maximum large record size is defined as maxRecordSize plus 2^14,
94      * this is the amount OpenSSL is using.
95      */
96     static final int    maxLargeRecordSize =
97                 maxRecordSize   // Max size with a conforming implemenation
98               + maxDataSize;    // extra 2^14 bytes for large data packets.
99 
100 
101     /*
102      * Maximum record size for alert and change cipher spec records.
103      * They only contain 2 and 1 bytes of data, respectively.
104      * Allocate a smaller array.
105      */
106     static final int    maxAlertRecordSize =
107                                       headerSize        // header
108                                     + maxIVLength       // iv
109                                     + 2                 // alert
110                                     + maxPadding        // padding
111                                     + trailerSize;      // MAC
112 
113     /*
114      * The overflow values of integers of 8, 16 and 24 bits.
115      */
116     static final int OVERFLOW_OF_INT08 = (1 << 8);
117     static final int OVERFLOW_OF_INT16 = (1 << 16);
118     static final int OVERFLOW_OF_INT24 = (1 << 24);
119 }
120