Home | History | Annotate | Download | only in ssl 
      1 /*
      2  * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
      3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
      4  *
      5  * This code is free software; you can redistribute it and/or modify it
      6  * under the terms of the GNU General Public License version 2 only, as
      7  * published by the Free Software Foundation.  Oracle designates this
      8  * particular file as subject to the "Classpath" exception as provided
      9  * by Oracle in the LICENSE file that accompanied this code.
     10  *
     11  * This code is distributed in the hope that it will be useful, but WITHOUT
     12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
     13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
     14  * version 2 for more details (a copy is included in the LICENSE file that
     15  * accompanied this code).
     16  *
     17  * You should have received a copy of the GNU General Public License version
     18  * 2 along with this work; if not, write to the Free Software Foundation,
     19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
     20  *
     21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
     22  * or visit www.oracle.com if you need additional information or have any
     23  * questions.
     24  */
     25 
     26 
     27 package sun.security.ssl;
     28 
     29 
     30 /**
     31  * SSL/TLS records, as pulled off (and put onto) a TCP stream.  This is
     32  * the base interface, which defines common information and interfaces
     33  * used by both Input and Output records.
     34  *
     35  * @author David Brownell
     36  */
     37 interface Record {
     38     /*
     39      * There are four SSL record types, which are part of the interface
     40      * to this level (along with the maximum record size)
     41      *
     42      * enum { change_cipher_spec(20), alert(21), handshake(22),
     43      *      application_data(23), (255) } ContentType;
     44      */
     45     static final byte   ct_change_cipher_spec = 20;
     46     static final byte   ct_alert = 21;
     47     static final byte   ct_handshake = 22;
     48     static final byte   ct_application_data = 23;
     49 
     50     static final int    headerSize = 5;         // SSLv3 record header
     51     static final int    maxExpansion = 1024;    // for bad compression
     52     static final int    trailerSize = 20;       // SHA1 hash size
     53     static final int    maxDataSize = 16384;    // 2^14 bytes of data
     54     static final int    maxPadding = 256;       // block cipher padding
     55     static final int    maxIVLength = 256;      // block length
     56 
     57     /*
     58      * SSL has a maximum record size.  It's header, (compressed) data,
     59      * padding, and a trailer for the MAC.
     60      * Some compression algorithms have rare cases where they expand the data.
     61      * As we don't support compression at this time, leave that out.
     62      */
     63     static final int    maxRecordSize =
     64                                       headerSize        // header
     65                                     + maxIVLength       // iv
     66                                     + maxDataSize       // data
     67                                     + maxPadding        // padding
     68                                     + trailerSize;      // MAC
     69 
     70     static final boolean enableCBCProtection =
     71             Debug.getBooleanProperty("jsse.enableCBCProtection", true);
     72 
     73     /*
     74      * For CBC protection in SSL3/TLS1, we break some plaintext into two
     75      * packets.  Max application data size for the second packet.
     76      */
     77     static final int    maxDataSizeMinusOneByteRecord =
     78                                   maxDataSize       // max data size
     79                                 - (                 // max one byte record size
     80                                       headerSize    // header
     81                                     + maxIVLength   // iv
     82                                     + 1             // one byte data
     83                                     + maxPadding    // padding
     84                                     + trailerSize   // MAC
     85                                   );
     86 
     87     /*
     88      * The maximum large record size.
     89      *
     90      * Some SSL/TLS implementations support large fragment upto 2^15 bytes,
     91      * such as Microsoft. We support large incoming fragments.
     92      *
     93      * The maximum large record size is defined as maxRecordSize plus 2^14,
     94      * this is the amount OpenSSL is using.
     95      */
     96     static final int    maxLargeRecordSize =
     97                 maxRecordSize   // Max size with a conforming implemenation
     98               + maxDataSize;    // extra 2^14 bytes for large data packets.
     99 
    100 
    101     /*
    102      * Maximum record size for alert and change cipher spec records.
    103      * They only contain 2 and 1 bytes of data, respectively.
    104      * Allocate a smaller array.
    105      */
    106     static final int    maxAlertRecordSize =
    107                                       headerSize        // header
    108                                     + maxIVLength       // iv
    109                                     + 2                 // alert
    110                                     + maxPadding        // padding
    111                                     + trailerSize;      // MAC
    112 
    113     /*
    114      * The overflow values of integers of 8, 16 and 24 bits.
    115      */
    116     static final int OVERFLOW_OF_INT08 = (1 << 8);
    117     static final int OVERFLOW_OF_INT16 = (1 << 16);
    118     static final int OVERFLOW_OF_INT24 = (1 << 24);
    119 }
    120