Mercurial > hg > release > icedtea7-forest-2.5 > jdk
changeset 8240:a0feab3bb26e
8076328: Enforce key exchange constraints
Reviewed-by: wetmore, ahgross, asmotrak, xuelei
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Mon Jul 06 20:06:03 2015 +0100 @@ -675,6 +675,14 @@ // NOTREACHED } ephemeralServerKey = mesg.getPublicKey(); + + // check constraints of RSA PublicKey + if (!algorithmConstraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ephemeralServerKey)) { + + throw new SSLHandshakeException("RSA ServerKeyExchange " + + "does not comply to algorithm constraints"); + } } @@ -692,6 +700,9 @@ dh = new DHCrypt(mesg.getModulus(), mesg.getBase(), sslContext.getSecureRandom()); serverDH = mesg.getServerPublicKey(); + + // check algorithm constraints + dh.checkConstraints(algorithmConstraints, serverDH); } private void serverKeyExchange(ECDH_ServerKeyExchange mesg) @@ -702,6 +713,14 @@ ECPublicKey key = mesg.getPublicKey(); ecdh = new ECDHCrypt(key.getParams(), sslContext.getSecureRandom()); ephemeralServerKey = key; + + // check constraints of EC PublicKey + if (!algorithmConstraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ephemeralServerKey)) { + + throw new SSLHandshakeException("ECDH ServerKeyExchange " + + "does not comply to algorithm constraints"); + } } /*
--- a/src/share/classes/sun/security/ssl/DHCrypt.java Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/classes/sun/security/ssl/DHCrypt.java Mon Jul 06 20:06:03 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,7 @@ import javax.crypto.KeyAgreement; import javax.crypto.interfaces.DHPublicKey; import javax.crypto.spec.*; +import java.util.EnumSet; import sun.security.util.KeyUtil; @@ -216,6 +217,28 @@ } } + // Check constraints of the specified DH public key. + void checkConstraints(AlgorithmConstraints constraints, + BigInteger peerPublicValue) throws SSLHandshakeException { + + try { + KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman"); + DHPublicKeySpec spec = + new DHPublicKeySpec(peerPublicValue, modulus, base); + DHPublicKey publicKey = (DHPublicKey)kf.generatePublic(spec); + + // check constraints of DHPublicKey + if (!constraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) { + throw new SSLHandshakeException( + "DHPublicKey does not comply to algorithm constraints"); + } + } catch (GeneralSecurityException gse) { + throw (SSLHandshakeException) new SSLHandshakeException( + "Could not generate DHPublicKey").initCause(gse); + } + } + // Generate and validate DHPublicKeySpec private DHPublicKeySpec generateDHPublicKeySpec(KeyPairGenerator kpg) throws GeneralSecurityException {
--- a/src/share/classes/sun/security/ssl/ECDHCrypt.java Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/classes/sun/security/ssl/ECDHCrypt.java Mon Jul 06 20:06:03 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,7 @@ import java.security.interfaces.ECPublicKey; import java.security.spec.*; +import java.util.EnumSet; import javax.crypto.SecretKey; import javax.crypto.KeyAgreement; import javax.crypto.spec.*; @@ -89,8 +90,11 @@ return publicKey; } - // called by ClientHandshaker with either the server's static or ephemeral public key - SecretKey getAgreedSecret(PublicKey peerPublicKey) throws SSLHandshakeException { + // called by ClientHandshaker with either the server's static or + // ephemeral public key + SecretKey getAgreedSecret( + PublicKey peerPublicKey) throws SSLHandshakeException { + try { KeyAgreement ka = JsseJce.getKeyAgreement("ECDH"); ka.init(privateKey); @@ -103,10 +107,13 @@ } // called by ServerHandshaker - SecretKey getAgreedSecret(byte[] encodedPoint) throws SSLHandshakeException { + SecretKey getAgreedSecret( + byte[] encodedPoint) throws SSLHandshakeException { + try { ECParameterSpec params = publicKey.getParams(); - ECPoint point = JsseJce.decodePoint(encodedPoint, params.getCurve()); + ECPoint point = + JsseJce.decodePoint(encodedPoint, params.getCurve()); KeyFactory kf = JsseJce.getKeyFactory("EC"); ECPublicKeySpec spec = new ECPublicKeySpec(point, params); PublicKey peerPublicKey = kf.generatePublic(spec); @@ -117,4 +124,30 @@ } } + // Check constraints of the specified EC public key. + void checkConstraints(AlgorithmConstraints constraints, + byte[] encodedPoint) throws SSLHandshakeException { + + try { + + ECParameterSpec params = publicKey.getParams(); + ECPoint point = + JsseJce.decodePoint(encodedPoint, params.getCurve()); + ECPublicKeySpec spec = new ECPublicKeySpec(point, params); + + KeyFactory kf = JsseJce.getKeyFactory("EC"); + ECPublicKey publicKey = (ECPublicKey)kf.generatePublic(spec); + + // check constraints of ECPublicKey + if (!constraints.permits( + EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) { + throw new SSLHandshakeException( + "ECPublicKey does not comply to algorithm constraints"); + } + } catch (GeneralSecurityException | java.io.IOException e) { + throw (SSLHandshakeException) new SSLHandshakeException( + "Could not generate ECPublicKey").initCause(e); + } + } + }
--- a/src/share/classes/sun/security/ssl/Handshaker.java Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/classes/sun/security/ssl/Handshaker.java Mon Jul 06 20:06:03 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -85,7 +85,7 @@ String identificationProtocol; // The cryptographic algorithm constraints - private AlgorithmConstraints algorithmConstraints = null; + AlgorithmConstraints algorithmConstraints = null; // Local supported signature and algorithms Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java Mon Jul 06 20:06:03 2015 +0100 @@ -32,6 +32,7 @@ import java.security.cert.*; import java.security.interfaces.*; import java.security.spec.ECParameterSpec; +import java.math.BigInteger; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; @@ -1495,7 +1496,13 @@ if (debug != null && Debug.isOn("handshake")) { mesg.print(System.out); } - return dh.getAgreedSecret(mesg.getClientPublicKey(), false); + + BigInteger publicKeyValue = mesg.getClientPublicKey(); + + // check algorithm constraints + dh.checkConstraints(algorithmConstraints, publicKeyValue); + + return dh.getAgreedSecret(publicKeyValue, false); } private SecretKey clientKeyExchange(ECDHClientKeyExchange mesg) @@ -1504,7 +1511,13 @@ if (debug != null && Debug.isOn("handshake")) { mesg.print(System.out); } - return ecdh.getAgreedSecret(mesg.getEncodedPoint()); + + byte[] publicPoint = mesg.getEncodedPoint(); + + // check algorithm constraints + ecdh.checkConstraints(algorithmConstraints, publicPoint); + + return ecdh.getAgreedSecret(publicPoint); } /*
--- a/src/share/lib/security/java.security-linux Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/lib/security/java.security-linux Mon Jul 06 20:06:03 2015 +0100 @@ -437,7 +437,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -476,7 +476,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/src/share/lib/security/java.security-macosx Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/lib/security/java.security-macosx Mon Jul 06 20:06:03 2015 +0100 @@ -442,7 +442,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -481,7 +481,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/src/share/lib/security/java.security-solaris Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/lib/security/java.security-solaris Mon Jul 06 20:06:03 2015 +0100 @@ -441,7 +441,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -480,7 +480,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/src/share/lib/security/java.security-windows Tue Aug 05 20:17:08 2014 +0100 +++ b/src/share/lib/security/java.security-windows Mon Jul 06 20:06:03 2015 +0100 @@ -442,7 +442,7 @@ # # Example: # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 -jdk.tls.disabledAlgorithms=SSLv3 +jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # processing in JSSE implementation. @@ -481,7 +481,7 @@ # 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA # 2. JSSE key exchange algorithm name, e.g., RSA # 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC -# 4. JSSE message digest algorithm name, e.g., SHA-1 +# 4. JSSE message digest algorithm name, e.g., SHA # # See SSL/TLS specifications and "Java Cryptography Architecture Standard # Algorithm Name Documentation" for information about the algorithm names.
--- a/test/sun/security/ec/TestEC.java Tue Aug 05 20:17:08 2014 +0100 +++ b/test/sun/security/ec/TestEC.java Mon Jul 06 20:06:03 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -53,9 +53,10 @@ public class TestEC { public static void main(String[] args) throws Exception { - // reset the security property to make sure that the algorithms + // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); ProvidersSnapshot snapshot = ProvidersSnapshot.create(); try {
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Tue Aug 05 20:17:08 2014 +0100 +++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Mon Jul 06 20:06:03 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -38,9 +38,10 @@ private static String[] cmdArgs; public static void main(String[] args) throws Exception { - // reset the security property to make sure that the algorithms + // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); cmdArgs = args; main(new ClientJSSEServerJSSE());
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java Tue Aug 05 20:17:08 2014 +0100 +++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java Mon Jul 06 20:06:03 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,11 @@ // system properties in samevm/agentvm mode. // +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 4392475 @@ -36,6 +41,7 @@ import java.io.*; import java.net.*; import javax.net.ssl.*; +import java.security.Security; public class AnonCipherWithWantClientAuth { @@ -158,6 +164,11 @@ volatile Exception clientException = null; public static void main(String[] args) throws Exception { + // reset security properties to make sure that the algorithms + // and keys used in this test are not disabled. + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + String keyFilename = System.getProperty("test.src", "./") + "/" + pathToStores + "/" + keyStoreFile;
--- a/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Tue Aug 05 20:17:08 2014 +0100 +++ b/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Mon Jul 06 20:06:03 2015 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,9 +34,10 @@ public class ClientJSSEServerJSSE { public static void main(String[] args) throws Exception { - // reset the security property to make sure that the algorithms + // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.tls.disabledAlgorithms", ""); + Security.setProperty("jdk.certpath.disabledAlgorithms", ""); CipherTest.main(new JSSEFactory(), args); }