Mercurial > hg > openjdk > aarch64-port > jdk
view src/share/classes/sun/security/ssl/ECDHCrypt.java @ 11004:4f9e3c8e65b3
8076328: Enforce key exchange constraints
Reviewed-by: wetmore, ahgross, asmotrak, xuelei
| author | igerasim |
|---|---|
| date | Fri, 24 Apr 2015 13:59:30 +0300 |
| parents | 86d8ddab2310 |
| children |
line wrap: on
line source
/* * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.ssl; import java.security.*; import java.security.interfaces.ECPublicKey; import java.security.spec.*; import java.util.EnumSet; import javax.crypto.SecretKey; import javax.crypto.KeyAgreement; import javax.net.ssl.SSLHandshakeException; /** * Helper class for the ECDH key exchange. It generates the appropriate * ephemeral keys as necessary and performs the actual shared secret derivation. * * @since 1.6 * @author Andreas Sterbenz */ final class ECDHCrypt { // our private key private PrivateKey privateKey; // our public key private ECPublicKey publicKey; // Called by ServerHandshaker for static ECDH ECDHCrypt(PrivateKey privateKey, PublicKey publicKey) { this.privateKey = privateKey; this.publicKey = (ECPublicKey)publicKey; } // Called by ServerHandshaker for ephemeral ECDH ECDHCrypt(String curveName, SecureRandom random) { try { KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("EC"); ECGenParameterSpec params = new ECGenParameterSpec(curveName); kpg.initialize(params, random); KeyPair kp = kpg.generateKeyPair(); privateKey = kp.getPrivate(); publicKey = (ECPublicKey)kp.getPublic(); } catch (GeneralSecurityException e) { throw new RuntimeException("Could not generate DH keypair", e); } } // Called by ClientHandshaker with params it received from the server ECDHCrypt(ECParameterSpec params, SecureRandom random) { try { KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("EC"); kpg.initialize(params, random); KeyPair kp = kpg.generateKeyPair(); privateKey = kp.getPrivate(); publicKey = (ECPublicKey)kp.getPublic(); } catch (GeneralSecurityException e) { throw new RuntimeException("Could not generate DH keypair", e); } } /** * Gets the public key of this end of the key exchange. */ PublicKey getPublicKey() { return publicKey; } // called by ClientHandshaker with either the server's static or // ephemeral public key SecretKey getAgreedSecret( PublicKey peerPublicKey) throws SSLHandshakeException { try { KeyAgreement ka = JsseJce.getKeyAgreement("ECDH"); ka.init(privateKey); ka.doPhase(peerPublicKey, true); return ka.generateSecret("TlsPremasterSecret"); } catch (GeneralSecurityException e) { throw (SSLHandshakeException) new SSLHandshakeException( "Could not generate secret").initCause(e); } } // called by ServerHandshaker SecretKey getAgreedSecret( byte[] encodedPoint) throws SSLHandshakeException { try { ECParameterSpec params = publicKey.getParams(); ECPoint point = JsseJce.decodePoint(encodedPoint, params.getCurve()); KeyFactory kf = JsseJce.getKeyFactory("EC"); ECPublicKeySpec spec = new ECPublicKeySpec(point, params); PublicKey peerPublicKey = kf.generatePublic(spec); return getAgreedSecret(peerPublicKey); } catch (GeneralSecurityException | java.io.IOException e) { throw (SSLHandshakeException) new SSLHandshakeException( "Could not generate secret").initCause(e); } } // Check constraints of the specified EC public key. void checkConstraints(AlgorithmConstraints constraints, byte[] encodedPoint) throws SSLHandshakeException { try { ECParameterSpec params = publicKey.getParams(); ECPoint point = JsseJce.decodePoint(encodedPoint, params.getCurve()); ECPublicKeySpec spec = new ECPublicKeySpec(point, params); KeyFactory kf = JsseJce.getKeyFactory("EC"); ECPublicKey publicKey = (ECPublicKey)kf.generatePublic(spec); // check constraints of ECPublicKey if (!constraints.permits( EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) { throw new SSLHandshakeException( "ECPublicKey does not comply to algorithm constraints"); } } catch (GeneralSecurityException | java.io.IOException e) { throw (SSLHandshakeException) new SSLHandshakeException( "Could not generate ECPublicKey").initCause(e); } } }