archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 23:34:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8223940: Private key not supported by chosen signature algorithm

Browse source 
Reviewed-by: valeriep
This commit is contained in:
Xue-Lei Andrew Fan 2019-11-06 09:45:04 -08:00
parent 7fbb1f5ae1
commit b7f557e5c7
4 changed files with 102 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

48
src/java.base/share/classes/sun/security/ssl/CertificateVerify.java
View file

@ -31,6 +31,7 @@ import java.security.*;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Locale;
import java.util.Map;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.X509Authentication.X509Credentials;
import sun.security.ssl.X509Authentication.X509Possession;
@ -563,31 +564,28 @@ final class CertificateVerify {
// This happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
chc.algorithmConstraints,
chc.peerRequestedSignatureSchemes,
x509Possession,
chc.negotiatedProtocol);
if (signatureScheme == null) {
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
"No preferred signature algorithm for CertificateVerify");
"No supported CertificateVerify signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
}
this.signatureScheme = schemeAndSigner.getKey();
byte[] temproary = null;
try {
Signature signer =
signatureScheme.getSignature(x509Possession.popPrivateKey);
Signature signer = schemeAndSigner.getValue();
signer.update(chc.handshakeHash.archived());
temproary = signer.sign();
} catch (NoSuchAlgorithmException |
InvalidAlgorithmParameterException nsae) {
throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
"Unsupported signature algorithm (" +
signatureScheme.name +
") used in CertificateVerify handshake message", nsae);
} catch (InvalidKeyException | SignatureException ikse) {
} catch (SignatureException ikse) {
throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"Cannot produce CertificateVerify signature", ikse);
}
@ -647,7 +645,7 @@ final class CertificateVerify {
this.signature = Record.getBytes16(m);
try {
Signature signer =
signatureScheme.getSignature(x509Credentials.popPublicKey);
signatureScheme.getVerifier(x509Credentials.popPublicKey);
signer.update(shc.handshakeHash.archived());
if (!signer.verify(signature)) {
throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
@ -865,18 +863,23 @@ final class CertificateVerify {
X509Possession x509Possession) throws IOException {
super(context);
this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
context.algorithmConstraints,
context.peerRequestedSignatureSchemes,
x509Possession,
context.negotiatedProtocol);
if (signatureScheme == null) {
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw context.conContext.fatal(Alert.INTERNAL_ERROR,
"No preferred signature algorithm for CertificateVerify");
"No supported CertificateVerify signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
}
this.signatureScheme = schemeAndSigner.getKey();
byte[] hashValue = context.handshakeHash.digest();
byte[] contentCovered;
if (context.sslConfig.isClientMode) {
@ -893,17 +896,10 @@ final class CertificateVerify {
byte[] temproary = null;
try {
Signature signer =
signatureScheme.getSignature(x509Possession.popPrivateKey);
Signature signer = schemeAndSigner.getValue();
signer.update(contentCovered);
temproary = signer.sign();
} catch (NoSuchAlgorithmException |
InvalidAlgorithmParameterException nsae) {
throw context.conContext.fatal(Alert.INTERNAL_ERROR,
"Unsupported signature algorithm (" +
signatureScheme.name +
") used in CertificateVerify handshake message", nsae);
} catch (InvalidKeyException | SignatureException ikse) {
} catch (SignatureException ikse) {
throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"Cannot produce CertificateVerify signature", ikse);
}
@ -974,7 +970,7 @@ final class CertificateVerify {
try {
Signature signer =
signatureScheme.getSignature(x509Credentials.popPublicKey);
signatureScheme.getVerifier(x509Credentials.popPublicKey);
signer.update(contentCovered);
if (!signer.verify(signature)) {
throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,

32
src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java
View file

@ -42,6 +42,7 @@ import java.security.SignatureException;
import java.text.MessageFormat;
import java.util.EnumSet;
import java.util.Locale;
import java.util.Map;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
@ -124,25 +125,22 @@ final class DHServerKeyExchange {
shc.negotiatedProtocol.useTLS12PlusSpec();
Signature signer = null;
if (useExplicitSigAlgorithm) {
signatureScheme = SignatureScheme.getPreferableAlgorithm(
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);
if (signatureScheme == null) {
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"No preferred signature algorithm");
}
try {
signer = signatureScheme.getSignature(
x509Possession.popPrivateKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"Unsupported signature algorithm: " +
signatureScheme.name, nsae);
"No supported signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
} else {
signatureScheme = schemeAndSigner.getKey();
signer = schemeAndSigner.getValue();
}
} else {
signatureScheme = null;
@ -241,7 +239,7 @@ final class DHServerKeyExchange {
Signature signer;
if (useExplicitSigAlgorithm) {
try {
signer = signatureScheme.getSignature(
signer = signatureScheme.getVerifier(
x509Credentials.popPublicKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {

31
src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java
View file

@ -38,7 +38,7 @@ import java.security.Signature;
import java.security.SignatureException;
import java.text.MessageFormat;
import java.util.Locale;
import sun.security.ssl.NamedGroup.NamedGroupSpec;
import java.util.Map;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Credentials;
@ -135,27 +135,22 @@ final class ECDHServerKeyExchange {
shc.negotiatedProtocol.useTLS12PlusSpec();
Signature signer = null;
if (useExplicitSigAlgorithm) {
signatureScheme = SignatureScheme.getPreferableAlgorithm(
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);
if (signatureScheme == null) {
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"No preferred signature algorithm for " +
"No supported signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
}
try {
signer = signatureScheme.getSignature(
x509Possession.popPrivateKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"Unsupported signature algorithm: " +
signatureScheme.name, nsae);
} else {
signatureScheme = schemeAndSigner.getKey();
signer = schemeAndSigner.getValue();
}
} else {
signatureScheme = null;
@ -276,7 +271,7 @@ final class ECDHServerKeyExchange {
Signature signer;
if (useExplicitSigAlgorithm) {
try {
signer = signatureScheme.getSignature(
signer = signatureScheme.getVerifier(
x509Credentials.popPublicKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {

68
src/java.base/share/classes/sun/security/ssl/SignatureScheme.java
View file

@ -30,6 +30,7 @@ import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.AbstractMap.SimpleImmutableEntry;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@ -37,6 +38,7 @@ import java.util.Collections;
import java.util.EnumSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import sun.security.ssl.NamedGroup.NamedGroupSpec;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
@ -425,7 +427,7 @@ enum SignatureScheme {
return null;
}
static SignatureScheme getPreferableAlgorithm(
static Map.Entry<SignatureScheme, Signature> getSignerOfPreferableAlgorithm(
AlgorithmConstraints constraints,
List<SignatureScheme> schemes,
X509Possession x509Possession,
@ -452,7 +454,10 @@ enum SignatureScheme {
x509Possession.getECParameterSpec();
if (params != null &&
ss.namedGroup == NamedGroup.valueOf(params)) {
return ss;
Signature signer = ss.getSigner(signingKey);
if (signer != null) {
return new SimpleImmutableEntry<>(ss, signer);
}
}
if (SSLLogger.isOn &&
@ -477,7 +482,10 @@ enum SignatureScheme {
NamedGroup keyGroup = NamedGroup.valueOf(params);
if (keyGroup != null &&
SupportedGroups.isSupported(keyGroup)) {
return ss;
Signature signer = ss.getSigner(signingKey);
if (signer != null) {
return new SimpleImmutableEntry<>(ss, signer);
}
}
}
@ -488,7 +496,10 @@ enum SignatureScheme {
"), unsupported EC parameter spec: " + params);
}
} else {
return ss;
Signature signer = ss.getSigner(signingKey);
if (signer != null) {
return new SimpleImmutableEntry<>(ss, signer);
}
}
}
}
@ -509,24 +520,49 @@ enum SignatureScheme {
return new String[0];
}
Signature getSignature(Key key) throws NoSuchAlgorithmException,
// This method is used to get the signature instance of this signature
// scheme for the specific public key. Unlike getSigner(), the exception
// is bubbled up. If the public key does not support this signature
// scheme, it normally means the TLS handshaking cannot continue and
// the connection should be terminated.
Signature getVerifier(PublicKey publicKey) throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, InvalidKeyException {
if (!isAvailable) {
return null;
}
Signature signer = Signature.getInstance(algorithm);
if (key instanceof PublicKey) {
SignatureUtil.initVerifyWithParam(signer, (PublicKey)key,
(signAlgParams != null ?
signAlgParams.parameterSpec : null));
} else {
SignatureUtil.initSignWithParam(signer, (PrivateKey)key,
(signAlgParams != null ?
signAlgParams.parameterSpec : null),
null);
Signature verifier = Signature.getInstance(algorithm);
SignatureUtil.initVerifyWithParam(verifier, publicKey,
(signAlgParams != null ? signAlgParams.parameterSpec : null));
return verifier;
}
// This method is also used to choose preferable signature scheme for the
// specific private key. If the private key does not support the signature
// scheme, {@code null} is returned, and the caller may fail back to next
// available signature scheme.
private Signature getSigner(PrivateKey privateKey) {
if (!isAvailable) {
return null;
}
return signer;
try {
Signature signer = Signature.getInstance(algorithm);
SignatureUtil.initSignWithParam(signer, privateKey,
(signAlgParams != null ? signAlgParams.parameterSpec : null),
null);
return signer;
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore unsupported signature algorithm (" +
this.name + ")", nsae);
}
}
return null;
}
}