archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 14:54:52 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8171277: Elliptic Curves for Security in Crypto

Browse source 
Implementations of X25519 and X448 key agreement in SunEC

Reviewed-by: mullan
This commit is contained in:
Adam Petcher 2018-05-08 09:47:28 -04:00
parent f15ab37909
commit f5a247a85f
28 changed files with 7938 additions and 95 deletions
Download patch file Download diff file Expand all files Collapse all files

47
src/java.base/share/classes/java/security/interfaces/XECKey.java Normal file
View file

@ -0,0 +1,47 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.security.spec.AlgorithmParameterSpec;
/**
* An interface for an elliptic curve public/private key as defined by
* RFC 7748. These keys are distinct from the keys represented by
* {@code ECKey}, and they are intended for use with algorithms based on RFC
* 7748 such as the XDH {@code KeyAgreement} algorithm. This interface allows
* access to the algorithm parameters associated with the key.
*
* @since 11
*/
public interface XECKey {
/**
* Returns the algorithm parameters associated
* with the key.
*
* @return the associated algorithm parameters
*/
AlgorithmParameterSpec getParams();
}

57
src/java.base/share/classes/java/security/interfaces/XECPrivateKey.java Normal file
View file

@ -0,0 +1,57 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.security.PrivateKey;
import java.util.Optional;
/**
* An interface for an elliptic curve private key as defined by RFC 7748.
* These keys are distinct from the keys represented by {@code ECPrivateKey},
* and they are intended for use with algorithms based on RFC 7748 such as the
* XDH {@code KeyAgreement} algorithm.
*
* An XEC private key is an encoded scalar value as described in RFC 7748.
* The decoding procedure defined in this RFC includes an operation that forces
* certain bits of the key to either 1 or 0. This operation is known as
* "pruning" or "clamping" the private key. Arrays returned by this interface
* are unpruned, and implementations will need to prune the array before
* using it in any numerical operations.
*
* @since 11
*/
public interface XECPrivateKey extends XECKey, PrivateKey {
/**
* Get the scalar value encoded as an unpruned byte array. A new copy of
* the array is returned each time this method is called.
*
* @return the unpruned encoded scalar value, or an empty Optional if the
* scalar cannot be extracted (e.g. if the provider is a hardware token
* and the private key is not allowed to leave the crypto boundary).
*/
Optional<byte[]> getScalar();
}

56
src/java.base/share/classes/java/security/interfaces/XECPublicKey.java Normal file
View file

@ -0,0 +1,56 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.interfaces;
import java.math.BigInteger;
import java.security.PublicKey;
/**
* An interface for an elliptic curve public key as defined by RFC 7748.
* These keys are distinct from the keys represented by {@code ECPublicKey},
* and they are intended for use with algorithms based on RFC 7748 such as the
* XDH {@code KeyAgreement} algorithm.
*
* An XEC public key is a particular point on the curve, which is represented
* using only its u-coordinate as described in RFC 7748. A u-coordinate is an
* element of the field of integers modulo some value that is determined by
* the algorithm parameters. This field element is represented by a BigInteger
* which may hold any value. That is, the BigInteger is not restricted to the
* range of canonical field elements.
*
* @since 11
*/
public interface XECPublicKey extends XECKey, PublicKey {
/**
* Get the u coordinate of the point.
*
* @return the u-coordinate, represented using a BigInteger which may hold
* any value
*/
BigInteger getU();
}

30
src/java.base/share/classes/java/security/spec/ECGenParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,9 +34,7 @@ package java.security.spec;
*
* @since 1.5
*/
public class ECGenParameterSpec implements AlgorithmParameterSpec {
private String name;
public class ECGenParameterSpec extends NamedParameterSpec {
/**
* Creates a parameter specification for EC parameter
@ -44,25 +42,15 @@ public class ECGenParameterSpec implements AlgorithmParameterSpec {
* {@code stdName} in order to generate the corresponding
* (precomputed) elliptic curve domain parameters. For the
* list of supported names, please consult the documentation
* of provider whose implementation will be used.
* of the provider whose implementation will be used.
*
* @param stdName the standard name of the to-be-generated EC
* domain parameters.
* @exception NullPointerException if {@code stdName}
* is null.
* domain parameters.
* @throws NullPointerException if {@code stdName}
* is null.
*/
public ECGenParameterSpec(String stdName) {
if (stdName == null) {
throw new NullPointerException("stdName is null");
}
this.name = stdName;
}
/**
* Returns the standard or predefined name of the
* to-be-generated EC domain parameters.
* @return the standard or predefined name.
*/
public String getName() {
return name;
super(stdName);
}
}

81
src/java.base/share/classes/java/security/spec/NamedParameterSpec.java Normal file
View file

@ -0,0 +1,81 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.util.Objects;
/**
* This class is used to specify any algorithm parameters that are determined
* by a standard name. This class also holds constants for standard parameter
* set names. The names of these constants exactly match the corresponding
* parameter set name. For example, NamedParameterSpec.X25519 represents the
* parameter set identified by the string "X25519". These strings are defined
* in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#parameter-spec-names">
* Java Security Standard Algorithm Names Specification</a>.
*
* @since 11
*
*/
public class NamedParameterSpec implements AlgorithmParameterSpec {
/**
* The X25519 parameters
*/
public static final NamedParameterSpec X25519
= new NamedParameterSpec("X25519");
/**
* The X448 parameters
*/
public static final NamedParameterSpec X448
= new NamedParameterSpec("X448");
private String name;
/**
* Creates a parameter specification using a standard (or predefined)
* name {@code stdName}. For the
* list of supported names, please consult the documentation
* of the provider whose implementation will be used.
*
* @param stdName the standard name of the algorithm parameters
*
* @throws NullPointerException if {@code stdName}
* is null.
*/
public NamedParameterSpec(String stdName) {
Objects.requireNonNull(stdName, "stdName must not be null");
this.name = stdName;
}
/**
* Returns the standard name that determines the algorithm parameters.
* @return the standard name.
*/
public String getName() {
return name;
}
}

82
src/java.base/share/classes/java/security/spec/XECPrivateKeySpec.java Normal file
View file

@ -0,0 +1,82 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.util.Objects;
/**
* A class representing elliptic curve private keys as defined in RFC 7748,
* including the curve and other algorithm parameters. The private key is
* represented as an encoded scalar value. The decoding procedure defined in
* the RFC includes an operation that forces certain bits of the key to either
* 1 or 0. This operation is known as "pruning" or "clamping" the private key.
* All arrays in this spec are unpruned, and implementations will need to prune
* the array before using it in any numerical operations.
*
* @since 11
*/
public class XECPrivateKeySpec implements KeySpec {
private final AlgorithmParameterSpec params;
private final byte[] scalar;
/**
* Construct a private key spec using the supplied parameters and
* encoded scalar value.
*
* @param params the algorithm parameters
* @param scalar the unpruned encoded scalar value. This array is copied
* to protect against subsequent modification.
*
* @throws NullPointerException if {@code params} or {@code scalar}
* is null.
*/
public XECPrivateKeySpec(AlgorithmParameterSpec params, byte[] scalar) {
Objects.requireNonNull(params, "params must not be null");
Objects.requireNonNull(scalar, "scalar must not be null");
this.params = params;
this.scalar = scalar.clone();
}
/**
* Get the algorithm parameters that define the curve and other settings.
*
* @return the algorithm parameters
*/
public AlgorithmParameterSpec getParams() {
return params;
}
/**
* Get the scalar value encoded as an unpruned byte array. A new copy of
* the array is returned each time this method is called.
*
* @return the unpruned encoded scalar value
*/
public byte[] getScalar() {
return scalar.clone();
}
}

83
src/java.base/share/classes/java/security/spec/XECPublicKeySpec.java Normal file
View file

@ -0,0 +1,83 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.spec;
import java.math.BigInteger;
import java.util.Objects;
/**
* A class representing elliptic curve public keys as defined in RFC 7748,
* including the curve and other algorithm parameters. The public key is a
* particular point on the curve, which is represented using only its
* u-coordinate. A u-coordinate is an element of the field of integers modulo
* some value that is determined by the algorithm parameters. This field
* element is represented by a BigInteger which may hold any value. That is,
* the BigInteger is not restricted to the range of canonical field elements.
*
* @since 11
*/
public class XECPublicKeySpec implements KeySpec {
private final AlgorithmParameterSpec params;
private final BigInteger u;
/**
* Construct a public key spec using the supplied parameters and
* u coordinate.
*
* @param params the algorithm parameters
* @param u the u-coordinate of the point, represented using a BigInteger
* which may hold any value
*
* @throws NullPointerException if {@code params} or {@code u}
* is null.
*/
public XECPublicKeySpec(AlgorithmParameterSpec params, BigInteger u) {
Objects.requireNonNull(params, "params must not be null");
Objects.requireNonNull(u, "u must not be null");
this.params = params;
this.u = u;
}
/**
* Get the algorithm parameters that define the curve and other settings.
*
* @return the parameters
*/
public AlgorithmParameterSpec getParams() {
return params;
}
/**
* Get the u coordinate of the point.
*
* @return the u-coordinate, represented using a BigInteger which may hold
* any value
*/
public BigInteger getU() {
return u;
}
}

4
src/java.base/share/classes/module-info.java
View file

@ -289,6 +289,10 @@ module java.base {
jdk.jartool,
jdk.security.auth,
jdk.security.jgss;
exports sun.security.util.math to
jdk.crypto.ec
exports sun.security.util.math.intpoly to
jdk.crypto.ec
exports sun.security.x509 to
jdk.crypto.ec,
jdk.crypto.cryptoki,