8300285: Enhance TLS data handling

Reviewed-by: ahgross, ascarpino, rhalade

Author: Jamil Nimeh

src/java.base/share/conf/security/java.security

@@ -912,7 +912,8 @@ jdk.tls.legacyAlgorithms=NULL, anon, RC4, DES, 3DES_EDE_CBC
 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 # is not guaranteed to be examined and used by other implementations.
 #
-jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37
+jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37, \
+                  ChaCha20-Poly1305 KeyUpdate 2^37
 
 #
 # Cryptographic Jurisdiction Policy defaults

test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineKeyLimit.java

@@ -23,18 +23,25 @@
 
 /*
  * @test
- * @bug 8164879
+ * @bug 8164879 8300285
  * @library ../../
  *          /test/lib
  *          /javax/net/ssl/templates
- * @summary Verify AES/GCM's limits set in the jdk.tls.keyLimits property
+ * @summary Verify AEAD TLS cipher suite limits set in the jdk.tls.keyLimits
+ * property
  * start a new handshake sequence to renegotiate the symmetric key with an
  * SSLSocket connection.  This test verifies the handshake method was called
  * via debugging info.  It does not verify the renegotiation was successful
  * as that is very hard.
  *
- * @run main SSLEngineKeyLimit 0 server AES/GCM/NoPadding keyupdate 1050000
- * @run main SSLEngineKeyLimit 1 client AES/GCM/NoPadding keyupdate 2^22
+ * @run main SSLEngineKeyLimit 0 server TLS_AES_256_GCM_SHA384
+ *      AES/GCM/NoPadding keyupdate 1050000
+ * @run main SSLEngineKeyLimit 1 client TLS_AES_256_GCM_SHA384
+ *      AES/GCM/NoPadding keyupdate 2^22
+ * @run main SSLEngineKeyLimit 0 server TLS_CHACHA20_POLY1305_SHA256
+ *      AES/GCM/NoPadding keyupdate 1050000, ChaCha20-Poly1305 KeyUpdate 1050000
+ * @run main SSLEngineKeyLimit 1 client TLS_CHACHA20_POLY1305_SHA256
+ *      AES/GCM/NoPadding keyupdate 2^22, ChaCha20-Poly1305 KeyUpdate 2^22
  */
 
 /*
@@ -78,7 +85,7 @@ public class SSLEngineKeyLimit extends SSLContextTemplate {
     }
 
     /**
-     * args should have two values:  server|client, <limit size>
+     * args should have two values:  server|client, cipher suite, <limit size>
      * Prepending 'p' is for internal use only.
      */
     public static void main(String args[]) throws Exception {
@@ -97,7 +104,7 @@ public static void main(String args[]) throws Exception {
             File f = new File("keyusage."+ System.nanoTime());
             PrintWriter p = new PrintWriter(f);
             p.write("jdk.tls.keyLimits=");
-            for (int i = 2; i < args.length; i++) {
+            for (int i = 3; i < args.length; i++) {
                 p.write(" "+ args[i]);
             }
             p.close();
@@ -112,10 +119,13 @@ public static void main(String args[]) throws Exception {
                     System.getProperty("test.java.opts"));
 
             ProcessBuilder pb = ProcessTools.createTestJvm(
-                    Utils.addTestJavaOpts("SSLEngineKeyLimit", "p", args[1]));
+                    Utils.addTestJavaOpts("SSLEngineKeyLimit", "p", args[1],
+                            args[2]));
 
             OutputAnalyzer output = ProcessTools.executeProcess(pb);
             try {
+                output.shouldContain(String.format(
+                        "\"cipher suite\"        : \"%s", args[2]));
                 if (expectedFail) {
                     output.shouldNotContain("KeyUpdate: write key updated");
                     output.shouldNotContain("KeyUpdate: read key updated");
@@ -156,9 +166,10 @@ public static void main(String args[]) throws Exception {
         cTos.clear();
         sToc.clear();
 
-        Thread ts = new Thread(serverwrite ? new Client() : new Server());
+        Thread ts = new Thread(serverwrite ? new Client() :
+                new Server(args[2]));
         ts.start();
-        (serverwrite ? new Server() : new Client()).run();
+        (serverwrite ? new Server(args[2]) : new Client()).run();
         ts.interrupt();
         ts.join();
     }
@@ -395,11 +406,14 @@ protected ContextParameters getServerContextParameters() {
     }
 
     static class Server extends SSLEngineKeyLimit implements Runnable {
-        Server() throws Exception {
+        Server(String cipherSuite) throws Exception {
             super();
             eng = initContext().createSSLEngine();
             eng.setUseClientMode(false);
             eng.setNeedClientAuth(true);
+            if (cipherSuite != null && cipherSuite.length() > 0) {
+                eng.setEnabledCipherSuites(new String[] { cipherSuite });
+            }
         }
 
         public void run() {

test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketKeyLimit.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,14 +23,24 @@
 
 /*
  * @test
- * @bug 8164879
+ * @bug 8164879 8300285
  * @library ../../
  * @library /test/lib
  * @modules java.base/sun.security.util
- * @summary Verify AES/GCM's limits set in the jdk.tls.keyLimits property
- * @run main SSLSocketKeyLimit 0 server AES/GCM/NoPadding keyupdate 1000000
- * @run main SSLSocketKeyLimit 0 client AES/GCM/NoPadding keyupdate 1000000
- * @run main SSLSocketKeyLimit 1 client AES/GCM/NoPadding keyupdate 2^22
+ * @summary Verify AEAD TLS cipher suite limits set in the jdk.tls.keyLimits
+ * property
+ * @run main SSLSocketKeyLimit 0 server TLS_AES_256_GCM_SHA384
+ *      AES/GCM/NoPadding keyupdate 1000000
+ * @run main SSLSocketKeyLimit 0 client TLS_AES_256_GCM_SHA384
+ *      AES/GCM/NoPadding keyupdate 1000000
+ * @run main SSLSocketKeyLimit 1 client TLS_AES_256_GCM_SHA384
+ *      AES/GCM/NoPadding keyupdate 2^22
+ * @run main SSLSocketKeyLimit 0 server TLS_CHACHA20_POLY1305_SHA256
+ *      AES/GCM/NoPadding keyupdate 1000000, ChaCha20-Poly1305 KeyUpdate 1000000
+ * @run main SSLSocketKeyLimit 0 client TLS_CHACHA20_POLY1305_SHA256
+ *      AES/GCM/NoPadding keyupdate 1000000, ChaCha20-Poly1305 KeyUpdate 1000000
+ * @run main SSLSocketKeyLimit 1 client TLS_CHACHA20_POLY1305_SHA256
+ *      AES/GCM/NoPadding keyupdate 2^22, ChaCha20-Poly1305 KeyUpdate 2^22
  */
 
  /**
@@ -96,7 +106,7 @@ SSLContext initContext() throws Exception {
     }
 
     /**
-     * args should have two values:  server|client, <limit size>
+     * args should have three values:  server|client, cipher suite, <limit size>
      * Prepending 'p' is for internal use only.
      */
     public static void main(String args[]) throws Exception {
@@ -110,7 +120,7 @@ public static void main(String args[]) throws Exception {
             File f = new File("keyusage."+ System.nanoTime());
             PrintWriter p = new PrintWriter(f);
             p.write("jdk.tls.keyLimits=");
-            for (int i = 2; i < args.length; i++) {
+            for (int i = 3; i < args.length; i++) {
                 p.write(" "+ args[i]);
             }
             p.close();
@@ -125,10 +135,13 @@ public static void main(String args[]) throws Exception {
                     System.getProperty("test.java.opts"));
 
             ProcessBuilder pb = ProcessTools.createTestJvm(
-                    Utils.addTestJavaOpts("SSLSocketKeyLimit", "p", args[1]));
+                    Utils.addTestJavaOpts("SSLSocketKeyLimit", "p", args[1],
+                            args[2]));
 
             OutputAnalyzer output = ProcessTools.executeProcess(pb);
             try {
+                output.shouldContain(String.format(
+                        "\"cipher suite\"        : \"%s", args[2]));
                 if (expectedFail) {
                     output.shouldNotContain("KeyUpdate: write key updated");
                     output.shouldNotContain("KeyUpdate: read key updated");
@@ -150,7 +163,7 @@ public static void main(String args[]) throws Exception {
             return;
         }
 
-        if (args.length > 0 && args[0].compareToIgnoreCase("client") == 0) {
+        if (args.length > 0 && args[1].compareToIgnoreCase("client") == 0) {
             serverwrite = false;
         }
 
@@ -162,7 +175,7 @@ public static void main(String args[]) throws Exception {
         System.setProperty("javax.net.ssl.keyStorePassword", passwd);
 
         Arrays.fill(data, (byte)0x0A);
-        Thread ts = new Thread(new Server());
+        Thread ts = new Thread(new Server(args[2]));
 
         ts.start();
         while (!serverReady) {
@@ -200,7 +213,8 @@ void read(SSLSocket s) throws Exception {
         int len;
         byte i = 0;
         try {
-            System.out.println("Server: connected " + s.getSession().getCipherSuite());
+            System.out.println("Server: connected " +
+                    s.getSession().getCipherSuite());
             in = s.getInputStream();
             out = s.getOutputStream();
             while (true) {
@@ -212,7 +226,8 @@ void read(SSLSocket s) throws Exception {
                     if (b == 0x0A || b == 0x0D) {
                         continue;
                     }
-                    System.out.println("\nData invalid: " + HexPrinter.minimal().toString(buf));
+                    System.out.println("\nData invalid: " +
+                            HexPrinter.minimal().toString(buf));
                     break;
                 }
 
@@ -237,11 +252,14 @@ void read(SSLSocket s) throws Exception {
     static class Server extends SSLSocketKeyLimit implements Runnable {
         private SSLServerSocketFactory ssf;
         private SSLServerSocket ss;
-        Server() {
+        Server(String cipherSuite) {
             super();
             try {
                 ssf = initContext().getServerSocketFactory();
                 ss = (SSLServerSocket) ssf.createServerSocket(serverPort);
+                if (cipherSuite != null && cipherSuite.length() > 0) {
+                    ss.setEnabledCipherSuites(new String[] { cipherSuite });
+                }
                 serverPort = ss.getLocalPort();
             } catch (Exception e) {
                 System.out.println("server: " + e.getMessage());