mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-28 23:34:52 +02:00
Merge
This commit is contained in:
Jesper Wilhelmsson
commit
fc9f8baf56
27 changed files with 446 additions and 231 deletions
|
|
@ -34,6 +34,7 @@ import java.security.SecureRandom;
|
|||
import java.security.spec.*;
|
||||
|
||||
import javax.crypto.spec.DHParameterSpec;
|
||||
import sun.security.util.SafeDHParameterSpec;
|
||||
|
||||
/**
|
||||
* Cache for DSA and DH parameter specs. Used by the KeyPairGenerators
|
||||
|
|
@ -55,6 +56,26 @@ public final class ParameterCache {
|
|||
// cache of DH parameters
|
||||
private static final Map<Integer,DHParameterSpec> dhCache;
|
||||
|
||||
// convert DHParameterSpec to SafeDHParameterSpec if its parameters are
|
||||
// safe primes; validation takes time but should be worthwhile for the
|
||||
// parameter cache since the parameters may be reused many times.
|
||||
private static DHParameterSpec makeSafe(DHParameterSpec spec) {
|
||||
if (spec instanceof SafeDHParameterSpec) {
|
||||
return spec;
|
||||
}
|
||||
|
||||
BigInteger p = spec.getP();
|
||||
BigInteger g = spec.getG();
|
||||
|
||||
boolean isSafe = (g.equals(BigInteger.TWO) && p.testBit(0) &&
|
||||
p.shiftRight(1).isProbablePrime(100));
|
||||
if (isSafe) {
|
||||
return new SafeDHParameterSpec(p, g, spec.getL());
|
||||
} else {
|
||||
return spec;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return cached DSA parameters for the given length combination of
|
||||
* prime and subprime, or null if none are available in the cache.
|
||||
|
|
@ -74,7 +95,7 @@ public final class ParameterCache {
|
|||
* are available in the cache.
|
||||
*/
|
||||
public static DHParameterSpec getCachedDHParameterSpec(int keyLength) {
|
||||
return dhCache.get(Integer.valueOf(keyLength));
|
||||
return dhCache.get(keyLength);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -132,7 +153,7 @@ public final class ParameterCache {
|
|||
gen.init(keyLength, random);
|
||||
AlgorithmParameters params = gen.generateParameters();
|
||||
spec = params.getParameterSpec(DHParameterSpec.class);
|
||||
dhCache.put(Integer.valueOf(keyLength), spec);
|
||||
dhCache.put(keyLength, makeSafe(spec));
|
||||
return spec;
|
||||
}
|
||||
|
||||
|
|
@ -393,6 +414,12 @@ public final class ParameterCache {
|
|||
// the common generator
|
||||
BigInteger dhG = BigInteger.TWO;
|
||||
|
||||
// Self generated following the approach from RFC 2412 Appendix E but
|
||||
// using random source instead of binary expansion of pi
|
||||
BigInteger dhP512 = new BigInteger(
|
||||
"FFFFFFFFFFFFFFFF8B479B3A6E8DE86C294188F0BF2CD86C" +
|
||||
"DB950ADB36D0F61FD51E46F69C99ED95ABE5A7BBB230A6ED" +
|
||||
"1D0B4506B5317284FFFFFFFFFFFFFFFF", 16);
|
||||
//
|
||||
// From RFC 7296
|
||||
|
||||
|
|
@ -561,16 +588,18 @@ public final class ParameterCache {
|
|||
"9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" +
|
||||
"60C980DD98EDD3DFFFFFFFFFFFFFFFFF", 16);
|
||||
|
||||
// use DSA parameters for DH for sizes not defined in RFC 7296, 3526
|
||||
dhCache.put(Integer.valueOf(512), new DHParameterSpec(p512, g512));
|
||||
// self-generated safe prime
|
||||
dhCache.put(512, new SafeDHParameterSpec(dhP512, dhG));
|
||||
|
||||
dhCache.put(Integer.valueOf(768), new DHParameterSpec(dhP768, dhG));
|
||||
dhCache.put(Integer.valueOf(1024), new DHParameterSpec(dhP1024, dhG));
|
||||
dhCache.put(Integer.valueOf(1536), new DHParameterSpec(dhP1536, dhG));
|
||||
dhCache.put(Integer.valueOf(2048), new DHParameterSpec(dhP2048, dhG));
|
||||
dhCache.put(Integer.valueOf(3072), new DHParameterSpec(dhP3072, dhG));
|
||||
dhCache.put(Integer.valueOf(4096), new DHParameterSpec(dhP4096, dhG));
|
||||
dhCache.put(Integer.valueOf(6144), new DHParameterSpec(dhP6144, dhG));
|
||||
dhCache.put(Integer.valueOf(8192), new DHParameterSpec(dhP8192, dhG));
|
||||
// from RFC 7296
|
||||
dhCache.put(768, new SafeDHParameterSpec(dhP768, dhG));
|
||||
dhCache.put(1024, new SafeDHParameterSpec(dhP1024, dhG));
|
||||
// from RFC 3526
|
||||
dhCache.put(1536, new SafeDHParameterSpec(dhP1536, dhG));
|
||||
dhCache.put(2048, new SafeDHParameterSpec(dhP2048, dhG));
|
||||
dhCache.put(3072, new SafeDHParameterSpec(dhP3072, dhG));
|
||||
dhCache.put(4096, new SafeDHParameterSpec(dhP4096, dhG));
|
||||
dhCache.put(6144, new SafeDHParameterSpec(dhP6144, dhG));
|
||||
dhCache.put(8192, new SafeDHParameterSpec(dhP8192, dhG));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1378,25 +1378,30 @@ final class ClientHello {
|
|||
shc.resumingSession = resumingSession ? previous : null;
|
||||
}
|
||||
|
||||
HelloCookieManager hcm =
|
||||
shc.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10);
|
||||
if (!shc.isResumption &&
|
||||
!hcm.isCookieValid(shc, clientHello, clientHello.cookie)) {
|
||||
//
|
||||
// Perform cookie exchange for DTLS handshaking if no cookie
|
||||
// or the cookie is invalid in the ClientHello message.
|
||||
//
|
||||
// update the responders
|
||||
shc.handshakeProducers.put(
|
||||
SSLHandshake.HELLO_VERIFY_REQUEST.id,
|
||||
SSLHandshake.HELLO_VERIFY_REQUEST);
|
||||
|
||||
//
|
||||
// produce response handshake message
|
||||
//
|
||||
SSLHandshake.HELLO_VERIFY_REQUEST.produce(context, clientHello);
|
||||
// We will by default exchange DTLS cookies for all handshakes
|
||||
// (new and resumed) unless jdk.tls.enableDtlsResumeCookie=false.
|
||||
// The property only affects the cookie exchange for resumption.
|
||||
if (!shc.isResumption || SSLConfiguration.enableDtlsResumeCookie) {
|
||||
HelloCookieManager hcm =
|
||||
shc.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10);
|
||||
if (!hcm.isCookieValid(shc, clientHello, clientHello.cookie)) {
|
||||
//
|
||||
// Perform cookie exchange for DTLS handshaking if no cookie
|
||||
// or the cookie is invalid in the ClientHello message.
|
||||
//
|
||||
// update the responders
|
||||
shc.handshakeProducers.put(
|
||||
SSLHandshake.HELLO_VERIFY_REQUEST.id,
|
||||
SSLHandshake.HELLO_VERIFY_REQUEST);
|
||||
|
||||
return;
|
||||
//
|
||||
// produce response handshake message
|
||||
//
|
||||
SSLHandshake.HELLO_VERIFY_REQUEST.produce(context, clientHello);
|
||||
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// cache the client random number for further using
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import java.util.Map;
|
|||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
import javax.crypto.spec.DHParameterSpec;
|
||||
import sun.security.util.SafeDHParameterSpec;
|
||||
|
||||
/**
|
||||
* Predefined default DH ephemeral parameters.
|
||||
|
|
@ -280,8 +281,8 @@ final class PredefinedDHParameterSpecs {
|
|||
String baseGenerator = paramsFinder.group(2);
|
||||
BigInteger g = new BigInteger(baseGenerator, 16);
|
||||
|
||||
DHParameterSpec spec = new DHParameterSpec(p, g);
|
||||
int primeLen = p.bitLength();
|
||||
DHParameterSpec spec = new DHParameterSpec(p, g);
|
||||
defaultParams.put(primeLen, spec);
|
||||
}
|
||||
} else if (SSLLogger.isOn && SSLLogger.isOn("sslctx")) {
|
||||
|
|
@ -293,7 +294,7 @@ final class PredefinedDHParameterSpecs {
|
|||
Map<Integer,DHParameterSpec> tempFFDHEs = new HashMap<>();
|
||||
for (BigInteger p : ffdhePrimes) {
|
||||
int primeLen = p.bitLength();
|
||||
DHParameterSpec dhps = new DHParameterSpec(p, BigInteger.TWO);
|
||||
DHParameterSpec dhps = new SafeDHParameterSpec(p, BigInteger.TWO);
|
||||
tempFFDHEs.put(primeLen, dhps);
|
||||
defaultParams.putIfAbsent(primeLen, dhps);
|
||||
}
|
||||
|
|
@ -301,8 +302,8 @@ final class PredefinedDHParameterSpecs {
|
|||
for (BigInteger p : supportedPrimes) {
|
||||
int primeLen = p.bitLength();
|
||||
if (defaultParams.get(primeLen) == null) {
|
||||
defaultParams.put(primeLen,
|
||||
new DHParameterSpec(p, BigInteger.TWO));
|
||||
defaultParams.put(primeLen, new SafeDHParameterSpec(p,
|
||||
BigInteger.TWO));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -116,6 +116,9 @@ final class SSLConfiguration implements Cloneable {
|
|||
static final boolean enableFFDHE =
|
||||
Utilities.getBooleanProperty("jsse.enableFFDHE", true);
|
||||
|
||||
static final boolean enableDtlsResumeCookie = Utilities.getBooleanProperty(
|
||||
"jdk.tls.enableDtlsResumeCookie", true);
|
||||
|
||||
// Is the extended_master_secret extension supported?
|
||||
static {
|
||||
boolean supportExtendedMasterSecret = Utilities.getBooleanProperty(
|
||||
|
|
|
|||
|
|
@ -0,0 +1,45 @@
|
|||
/*
|
||||
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Oracle designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
package sun.security.util;
|
||||
|
||||
import java.math.BigInteger;
|
||||
import javax.crypto.spec.DHParameterSpec;
|
||||
|
||||
/**
|
||||
* Internal marker class for well-known safe DH parameters. It should
|
||||
* only be used with trusted callers since it does not have all the needed
|
||||
* values for validation.
|
||||
*/
|
||||
|
||||
public final class SafeDHParameterSpec extends DHParameterSpec {
|
||||
public SafeDHParameterSpec(BigInteger p, BigInteger g) {
|
||||
super(p, g);
|
||||
}
|
||||
|
||||
public SafeDHParameterSpec(BigInteger p, BigInteger g, int l) {
|
||||
super(p, g, l);
|
||||
}
|
||||
}
|
||||
|
|
@ -33,6 +33,7 @@ import java.security.InvalidParameterException;
|
|||
import java.security.ProviderException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.spec.DHParameterSpec;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
|
||||
/**
|
||||
|
|
@ -102,6 +103,42 @@ public final class SecurityProviderConstants {
|
|||
}
|
||||
}
|
||||
|
||||
public static final int getDefDHPrivateExpSize(DHParameterSpec spec) {
|
||||
|
||||
int dhGroupSize = spec.getP().bitLength();
|
||||
|
||||
if (spec instanceof SafeDHParameterSpec) {
|
||||
// Known safe primes
|
||||
// use 2*security strength as default private exponent size
|
||||
// as in table 2 of NIST SP 800-57 part 1 rev 5, sec 5.6.1.1
|
||||
// and table 25 of NIST SP 800-56A rev 3, appendix D.
|
||||
if (dhGroupSize >= 15360) {
|
||||
return 512;
|
||||
} else if (dhGroupSize >= 8192) {
|
||||
return 400;
|
||||
} else if (dhGroupSize >= 7680) {
|
||||
return 384;
|
||||
} else if (dhGroupSize >= 6144) {
|
||||
return 352;
|
||||
} else if (dhGroupSize >= 4096) {
|
||||
return 304;
|
||||
} else if (dhGroupSize >= 3072) {
|
||||
return 256;
|
||||
} else if (dhGroupSize >= 2048) {
|
||||
return 224;
|
||||
} else {
|
||||
// min value for legacy key sizes
|
||||
return 160;
|
||||
}
|
||||
} else {
|
||||
// assume the worst and use groupSize/2 as private exp length
|
||||
// up to 1024-bit and use the same minimum 384 as before
|
||||
return Math.max((dhGroupSize >= 2048 ? 1024 : dhGroupSize >> 1),
|
||||
384);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public static final int getDefAESKeySize() {
|
||||
int currVal = DEF_AES_KEY_SIZE.get();
|
||||
if (currVal == -1) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue