Mercurial > hg > openjdk > aarch64-port > jdk
changeset 11004:4f9e3c8e65b3
8076328: Enforce key exchange constraints
Reviewed-by: wetmore, ahgross, asmotrak, xuelei
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Tue May 05 20:04:16 2015 +0300 +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Fri Apr 24 13:59:30 2015 +0300 @@ -675,6 +675,14 @@ // NOTREACHED } ephemeralServerKey = mesg.getPublicKey(); + + // check constraints of RSA PublicKey + if (!algorithmConstraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ephemeralServerKey)) { + + throw new SSLHandshakeException("RSA ServerKeyExchange " + + "does not comply to algorithm constraints"); + } } @@ -692,6 +700,9 @@ dh = new DHCrypt(mesg.getModulus(), mesg.getBase(), sslContext.getSecureRandom()); serverDH = mesg.getServerPublicKey(); + + // check algorithm constraints + dh.checkConstraints(algorithmConstraints, serverDH); } private void serverKeyExchange(ECDH_ServerKeyExchange mesg) @@ -702,6 +713,14 @@ ECPublicKey key = mesg.getPublicKey(); ecdh = new ECDHCrypt(key.getParams(), sslContext.getSecureRandom()); ephemeralServerKey = key; + + // check constraints of EC PublicKey + if (!algorithmConstraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ephemeralServerKey)) { + + throw new SSLHandshakeException("ECDH ServerKeyExchange " + + "does not comply to algorithm constraints"); + } } /*
--- a/src/share/classes/sun/security/ssl/DHCrypt.java Tue May 05 20:04:16 2015 +0300 +++ b/src/share/classes/sun/security/ssl/DHCrypt.java Fri Apr 24 13:59:30 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,7 @@ import javax.crypto.KeyAgreement; import javax.crypto.interfaces.DHPublicKey; import javax.crypto.spec.*; +import java.util.EnumSet; import sun.security.util.KeyUtil; @@ -216,6 +217,28 @@ } } + // Check constraints of the specified DH public key. + void checkConstraints(AlgorithmConstraints constraints, + BigInteger peerPublicValue) throws SSLHandshakeException { + + try { + KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman"); + DHPublicKeySpec spec = + new DHPublicKeySpec(peerPublicValue, modulus, base); + DHPublicKey publicKey = (DHPublicKey)kf.generatePublic(spec); + + // check constraints of DHPublicKey + if (!constraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) { + throw new SSLHandshakeException( + "DHPublicKey does not comply to algorithm constraints"); + } + } catch (GeneralSecurityException gse) { + throw (SSLHandshakeException) new SSLHandshakeException( + "Could not generate DHPublicKey").initCause(gse); + } + } + // Generate and validate DHPublicKeySpec private DHPublicKeySpec generateDHPublicKeySpec(KeyPairGenerator kpg) throws GeneralSecurityException {
--- a/src/share/classes/sun/security/ssl/ECDHCrypt.java Tue May 05 20:04:16 2015 +0300 +++ b/src/share/classes/sun/security/ssl/ECDHCrypt.java Fri Apr 24 13:59:30 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.security.interfaces.ECPublicKey; import java.security.spec.*; +import java.util.EnumSet; import javax.crypto.SecretKey; import javax.crypto.KeyAgreement; import javax.net.ssl.SSLHandshakeException; @@ -88,8 +89,11 @@ return publicKey; } - // called by ClientHandshaker with either the server's static or ephemeral public key - SecretKey getAgreedSecret(PublicKey peerPublicKey) throws SSLHandshakeException { + // called by ClientHandshaker with either the server's static or + // ephemeral public key + SecretKey getAgreedSecret( + PublicKey peerPublicKey) throws SSLHandshakeException { + try { KeyAgreement ka = JsseJce.getKeyAgreement("ECDH"); ka.init(privateKey); @@ -102,10 +106,13 @@ } // called by ServerHandshaker - SecretKey getAgreedSecret(byte[] encodedPoint) throws SSLHandshakeException { + SecretKey getAgreedSecret( + byte[] encodedPoint) throws SSLHandshakeException { + try { ECParameterSpec params = publicKey.getParams(); - ECPoint point = JsseJce.decodePoint(encodedPoint, params.getCurve()); + ECPoint point = + JsseJce.decodePoint(encodedPoint, params.getCurve()); KeyFactory kf = JsseJce.getKeyFactory("EC"); ECPublicKeySpec spec = new ECPublicKeySpec(point, params); PublicKey peerPublicKey = kf.generatePublic(spec); @@ -116,4 +123,30 @@ } } + // Check constraints of the specified EC public key. + void checkConstraints(AlgorithmConstraints constraints, + byte[] encodedPoint) throws SSLHandshakeException { + + try { + + ECParameterSpec params = publicKey.getParams(); + ECPoint point = + JsseJce.decodePoint(encodedPoint, params.getCurve()); + ECPublicKeySpec spec = new ECPublicKeySpec(point, params); + + KeyFactory kf = JsseJce.getKeyFactory("EC"); + ECPublicKey publicKey = (ECPublicKey)kf.generatePublic(spec); + + // check constraints of ECPublicKey + if (!constraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) { + throw new SSLHandshakeException( + "ECPublicKey does not comply to algorithm constraints"); + } + } catch (GeneralSecurityException | java.io.IOException e) { + throw (SSLHandshakeException) new SSLHandshakeException( + "Could not generate ECPublicKey").initCause(e); + } + } + }
--- a/src/share/classes/sun/security/ssl/Handshaker.java Tue May 05 20:04:16 2015 +0300 +++ b/src/share/classes/sun/security/ssl/Handshaker.java Fri Apr 24 13:59:30 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -86,7 +86,7 @@ String identificationProtocol; // The cryptographic algorithm constraints - private AlgorithmConstraints algorithmConstraints = null; + AlgorithmConstraints algorithmConstraints = null; // Local supported signature and algorithms Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java Tue May 05 20:04:16 2015 +0300 +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java Fri Apr 24 13:59:30 2015 +0300 @@ -32,6 +32,7 @@ import java.security.cert.*; import java.security.interfaces.*; import java.security.spec.ECParameterSpec; +import java.math.BigInteger; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; @@ -1564,7 +1565,13 @@ if (debug != null && Debug.isOn("handshake")) { mesg.print(System.out); } - return dh.getAgreedSecret(mesg.getClientPublicKey(), false); + + BigInteger publicKeyValue = mesg.getClientPublicKey(); + + // check algorithm constraints + dh.checkConstraints(algorithmConstraints, publicKeyValue); + + return dh.getAgreedSecret(publicKeyValue, false); } private SecretKey clientKeyExchange(ECDHClientKeyExchange mesg) @@ -1573,7 +1580,13 @@ if (debug != null && Debug.isOn("handshake")) { mesg.print(System.out); } - return ecdh.getAgreedSecret(mesg.getEncodedPoint()); + + byte[] publicPoint = mesg.getEncodedPoint(); + + // check algorithm constraints + ecdh.checkConstraints(algorithmConstraints, publicPoint); + + return ecdh.getAgreedSecret(publicPoint); } /*
--- a/src/share/lib/security/java.security-aix Tue May 05 20:04:16 2015 +0300 +++ b/src/share/lib/security/java.security-aix Fri Apr 24 13:59:30 2015 +0300 @@ -500,7 +500,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -539,7 +539,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/src/share/lib/security/java.security-linux Tue May 05 20:04:16 2015 +0300 +++ b/src/share/lib/security/java.security-linux Fri Apr 24 13:59:30 2015 +0300 @@ -500,7 +500,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -539,7 +539,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/src/share/lib/security/java.security-macosx Tue May 05 20:04:16 2015 +0300 +++ b/src/share/lib/security/java.security-macosx Fri Apr 24 13:59:30 2015 +0300 @@ -503,7 +503,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -542,7 +542,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/src/share/lib/security/java.security-solaris Tue May 05 20:04:16 2015 +0300 +++ b/src/share/lib/security/java.security-solaris Fri Apr 24 13:59:30 2015 +0300 @@ -502,7 +502,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -541,7 +541,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/src/share/lib/security/java.security-windows Tue May 05 20:04:16 2015 +0300 +++ b/src/share/lib/security/java.security-windows Fri Apr 24 13:59:30 2015 +0300 @@ -503,7 +503,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -542,7 +542,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/test/sun/security/ec/TestEC.java Tue May 05 20:04:16 2015 +0300 +++ b/test/sun/security/ec/TestEC.java Fri Apr 24 13:59:30 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -59,6 +59,11 @@ public class TestEC { public static void main(String[] args) throws Exception { + // reset security properties to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + ProvidersSnapshot snapshot = ProvidersSnapshot.create(); try { main0(args); @@ -68,10 +73,6 @@ } public static void main0(String[] args) throws Exception { - // reset the security property to make sure that the algorithms - // and keys used in this test are not disabled. - Security.setProperty("jdk.tls.disabledAlgorithms", ""); - Provider p = Security.getProvider("SunEC"); if (p == null) {
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Tue May 05 20:04:16 2015 +0300 +++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Fri Apr 24 13:59:30 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -43,9 +43,10 @@ private static String[] cmdArgs; public static void main(String[] args) throws Exception { - // reset the security property to make sure that the algorithms + // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); cmdArgs = args; main(new ClientJSSEServerJSSE());
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Tue May 05 20:04:16 2015 +0300 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Fri Apr 24 13:59:30 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -100,6 +100,7 @@ import javax.net.ssl.SSLEngineResult.*; import java.io.*; import java.nio.*; +import java.security.Security; import java.security.KeyStore; import java.security.KeyFactory; import java.security.cert.Certificate; @@ -377,6 +378,11 @@ } public static void main(String args[]) throws Exception { + // reset security properties to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + if (args.length != 4) { System.out.println( "Usage: java DHEKeySizing cipher-suite " +
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java Tue May 05 20:04:16 2015 +0300 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java Fri Apr 24 13:59:30 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,11 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 4392475 @@ -34,6 +39,7 @@ import java.io.*; import java.net.*; import javax.net.ssl.*; +import java.security.Security; public class AnonCipherWithWantClientAuth { @@ -156,6 +162,11 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // reset security properties to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Tue May 05 20:04:16 2015 +0300 +++ b/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Fri Apr 24 13:59:30 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,9 +34,10 @@ public class ClientJSSEServerJSSE { public static void main(String[] args) throws Exception { - // reset the security property to make sure that the algorithms + // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); CipherTest.main(new JSSEFactory(), args); }