# HG changeset patch # User xuelei # Date 1573062304 28800 # Node ID d6e682e8fcc3eae4f356e0d9cef4ad2b3576010d # Parent 898d548e91f50c94765a7be1c7895e4278c794a8 8223940: Private key not supported by chosen signature algorithm Reviewed-by: valeriep diff -r 898d548e91f5 -r d6e682e8fcc3 src/java.base/share/classes/sun/security/ssl/CertificateVerify.java --- a/src/java.base/share/classes/sun/security/ssl/CertificateVerify.java Wed Nov 06 19:37:52 2019 +0300 +++ b/src/java.base/share/classes/sun/security/ssl/CertificateVerify.java Wed Nov 06 09:45:04 2019 -0800 @@ -31,6 +31,7 @@ import java.text.MessageFormat; import java.util.Arrays; import java.util.Locale; +import java.util.Map; import sun.security.ssl.SSLHandshake.HandshakeMessage; import sun.security.ssl.X509Authentication.X509Credentials; import sun.security.ssl.X509Authentication.X509Possession; @@ -563,31 +564,28 @@ // This happens in client side only. ClientHandshakeContext chc = (ClientHandshakeContext)context; - this.signatureScheme = SignatureScheme.getPreferableAlgorithm( + Map.Entry schemeAndSigner = + SignatureScheme.getSignerOfPreferableAlgorithm( chc.algorithmConstraints, chc.peerRequestedSignatureSchemes, x509Possession, chc.negotiatedProtocol); - if (signatureScheme == null) { + if (schemeAndSigner == null) { // Unlikely, the credentials generator should have // selected the preferable signature algorithm properly. throw chc.conContext.fatal(Alert.INTERNAL_ERROR, - "No preferred signature algorithm for CertificateVerify"); + "No supported CertificateVerify signature algorithm for " + + x509Possession.popPrivateKey.getAlgorithm() + + " key"); } + this.signatureScheme = schemeAndSigner.getKey(); byte[] temproary = null; try { - Signature signer = - signatureScheme.getSignature(x509Possession.popPrivateKey); + Signature signer = schemeAndSigner.getValue(); signer.update(chc.handshakeHash.archived()); temproary = signer.sign(); - } catch (NoSuchAlgorithmException | - InvalidAlgorithmParameterException nsae) { - throw chc.conContext.fatal(Alert.INTERNAL_ERROR, - "Unsupported signature algorithm (" + - signatureScheme.name + - ") used in CertificateVerify handshake message", nsae); - } catch (InvalidKeyException | SignatureException ikse) { + } catch (SignatureException ikse) { throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Cannot produce CertificateVerify signature", ikse); } @@ -647,7 +645,7 @@ this.signature = Record.getBytes16(m); try { Signature signer = - signatureScheme.getSignature(x509Credentials.popPublicKey); + signatureScheme.getVerifier(x509Credentials.popPublicKey); signer.update(shc.handshakeHash.archived()); if (!signer.verify(signature)) { throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, @@ -865,18 +863,23 @@ X509Possession x509Possession) throws IOException { super(context); - this.signatureScheme = SignatureScheme.getPreferableAlgorithm( + Map.Entry schemeAndSigner = + SignatureScheme.getSignerOfPreferableAlgorithm( context.algorithmConstraints, context.peerRequestedSignatureSchemes, x509Possession, context.negotiatedProtocol); - if (signatureScheme == null) { + if (schemeAndSigner == null) { // Unlikely, the credentials generator should have // selected the preferable signature algorithm properly. throw context.conContext.fatal(Alert.INTERNAL_ERROR, - "No preferred signature algorithm for CertificateVerify"); + "No supported CertificateVerify signature algorithm for " + + x509Possession.popPrivateKey.getAlgorithm() + + " key"); } + this.signatureScheme = schemeAndSigner.getKey(); + byte[] hashValue = context.handshakeHash.digest(); byte[] contentCovered; if (context.sslConfig.isClientMode) { @@ -893,17 +896,10 @@ byte[] temproary = null; try { - Signature signer = - signatureScheme.getSignature(x509Possession.popPrivateKey); + Signature signer = schemeAndSigner.getValue(); signer.update(contentCovered); temproary = signer.sign(); - } catch (NoSuchAlgorithmException | - InvalidAlgorithmParameterException nsae) { - throw context.conContext.fatal(Alert.INTERNAL_ERROR, - "Unsupported signature algorithm (" + - signatureScheme.name + - ") used in CertificateVerify handshake message", nsae); - } catch (InvalidKeyException | SignatureException ikse) { + } catch (SignatureException ikse) { throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE, "Cannot produce CertificateVerify signature", ikse); } @@ -974,7 +970,7 @@ try { Signature signer = - signatureScheme.getSignature(x509Credentials.popPublicKey); + signatureScheme.getVerifier(x509Credentials.popPublicKey); signer.update(contentCovered); if (!signer.verify(signature)) { throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE, diff -r 898d548e91f5 -r d6e682e8fcc3 src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java --- a/src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java Wed Nov 06 19:37:52 2019 +0300 +++ b/src/java.base/share/classes/sun/security/ssl/DHServerKeyExchange.java Wed Nov 06 09:45:04 2019 -0800 @@ -42,6 +42,7 @@ import java.text.MessageFormat; import java.util.EnumSet; import java.util.Locale; +import java.util.Map; import javax.crypto.interfaces.DHPublicKey; import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHPublicKeySpec; @@ -124,25 +125,22 @@ shc.negotiatedProtocol.useTLS12PlusSpec(); Signature signer = null; if (useExplicitSigAlgorithm) { - signatureScheme = SignatureScheme.getPreferableAlgorithm( - shc.algorithmConstraints, - shc.peerRequestedSignatureSchemes, - x509Possession, - shc.negotiatedProtocol); - if (signatureScheme == null) { + Map.Entry schemeAndSigner = + SignatureScheme.getSignerOfPreferableAlgorithm( + shc.algorithmConstraints, + shc.peerRequestedSignatureSchemes, + x509Possession, + shc.negotiatedProtocol); + if (schemeAndSigner == null) { // Unlikely, the credentials generator should have // selected the preferable signature algorithm properly. throw shc.conContext.fatal(Alert.INTERNAL_ERROR, - "No preferred signature algorithm"); - } - try { - signer = signatureScheme.getSignature( - x509Possession.popPrivateKey); - } catch (NoSuchAlgorithmException | InvalidKeyException | - InvalidAlgorithmParameterException nsae) { - throw shc.conContext.fatal(Alert.INTERNAL_ERROR, - "Unsupported signature algorithm: " + - signatureScheme.name, nsae); + "No supported signature algorithm for " + + x509Possession.popPrivateKey.getAlgorithm() + + " key"); + } else { + signatureScheme = schemeAndSigner.getKey(); + signer = schemeAndSigner.getValue(); } } else { signatureScheme = null; @@ -241,7 +239,7 @@ Signature signer; if (useExplicitSigAlgorithm) { try { - signer = signatureScheme.getSignature( + signer = signatureScheme.getVerifier( x509Credentials.popPublicKey); } catch (NoSuchAlgorithmException | InvalidKeyException | InvalidAlgorithmParameterException nsae) { diff -r 898d548e91f5 -r d6e682e8fcc3 src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java --- a/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java Wed Nov 06 19:37:52 2019 +0300 +++ b/src/java.base/share/classes/sun/security/ssl/ECDHServerKeyExchange.java Wed Nov 06 09:45:04 2019 -0800 @@ -38,7 +38,7 @@ import java.security.SignatureException; import java.text.MessageFormat; import java.util.Locale; -import sun.security.ssl.NamedGroup.NamedGroupSpec; +import java.util.Map; import sun.security.ssl.SSLHandshake.HandshakeMessage; import sun.security.ssl.SupportedGroupsExtension.SupportedGroups; import sun.security.ssl.X509Authentication.X509Credentials; @@ -135,27 +135,22 @@ shc.negotiatedProtocol.useTLS12PlusSpec(); Signature signer = null; if (useExplicitSigAlgorithm) { - signatureScheme = SignatureScheme.getPreferableAlgorithm( - shc.algorithmConstraints, - shc.peerRequestedSignatureSchemes, - x509Possession, - shc.negotiatedProtocol); - if (signatureScheme == null) { + Map.Entry schemeAndSigner = + SignatureScheme.getSignerOfPreferableAlgorithm( + shc.algorithmConstraints, + shc.peerRequestedSignatureSchemes, + x509Possession, + shc.negotiatedProtocol); + if (schemeAndSigner == null) { // Unlikely, the credentials generator should have // selected the preferable signature algorithm properly. throw shc.conContext.fatal(Alert.INTERNAL_ERROR, - "No preferred signature algorithm for " + + "No supported signature algorithm for " + x509Possession.popPrivateKey.getAlgorithm() + " key"); - } - try { - signer = signatureScheme.getSignature( - x509Possession.popPrivateKey); - } catch (NoSuchAlgorithmException | InvalidKeyException | - InvalidAlgorithmParameterException nsae) { - throw shc.conContext.fatal(Alert.INTERNAL_ERROR, - "Unsupported signature algorithm: " + - signatureScheme.name, nsae); + } else { + signatureScheme = schemeAndSigner.getKey(); + signer = schemeAndSigner.getValue(); } } else { signatureScheme = null; @@ -276,7 +271,7 @@ Signature signer; if (useExplicitSigAlgorithm) { try { - signer = signatureScheme.getSignature( + signer = signatureScheme.getVerifier( x509Credentials.popPublicKey); } catch (NoSuchAlgorithmException | InvalidKeyException | InvalidAlgorithmParameterException nsae) { diff -r 898d548e91f5 -r d6e682e8fcc3 src/java.base/share/classes/sun/security/ssl/SignatureScheme.java --- a/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java Wed Nov 06 19:37:52 2019 +0300 +++ b/src/java.base/share/classes/sun/security/ssl/SignatureScheme.java Wed Nov 06 09:45:04 2019 -0800 @@ -30,6 +30,7 @@ import java.security.spec.ECParameterSpec; import java.security.spec.MGF1ParameterSpec; import java.security.spec.PSSParameterSpec; +import java.util.AbstractMap.SimpleImmutableEntry; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -37,6 +38,7 @@ import java.util.EnumSet; import java.util.LinkedList; import java.util.List; +import java.util.Map; import java.util.Set; import sun.security.ssl.NamedGroup.NamedGroupSpec; import sun.security.ssl.SupportedGroupsExtension.SupportedGroups; @@ -425,7 +427,7 @@ return null; } - static SignatureScheme getPreferableAlgorithm( + static Map.Entry getSignerOfPreferableAlgorithm( AlgorithmConstraints constraints, List schemes, X509Possession x509Possession, @@ -452,7 +454,10 @@ x509Possession.getECParameterSpec(); if (params != null && ss.namedGroup == NamedGroup.valueOf(params)) { - return ss; + Signature signer = ss.getSigner(signingKey); + if (signer != null) { + return new SimpleImmutableEntry<>(ss, signer); + } } if (SSLLogger.isOn && @@ -477,7 +482,10 @@ NamedGroup keyGroup = NamedGroup.valueOf(params); if (keyGroup != null && SupportedGroups.isSupported(keyGroup)) { - return ss; + Signature signer = ss.getSigner(signingKey); + if (signer != null) { + return new SimpleImmutableEntry<>(ss, signer); + } } } @@ -488,7 +496,10 @@ "), unsupported EC parameter spec: " + params); } } else { - return ss; + Signature signer = ss.getSigner(signingKey); + if (signer != null) { + return new SimpleImmutableEntry<>(ss, signer); + } } } } @@ -509,24 +520,49 @@ return new String[0]; } - Signature getSignature(Key key) throws NoSuchAlgorithmException, + // This method is used to get the signature instance of this signature + // scheme for the specific public key. Unlike getSigner(), the exception + // is bubbled up. If the public key does not support this signature + // scheme, it normally means the TLS handshaking cannot continue and + // the connection should be terminated. + Signature getVerifier(PublicKey publicKey) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException { if (!isAvailable) { return null; } - Signature signer = Signature.getInstance(algorithm); - if (key instanceof PublicKey) { - SignatureUtil.initVerifyWithParam(signer, (PublicKey)key, - (signAlgParams != null ? - signAlgParams.parameterSpec : null)); - } else { - SignatureUtil.initSignWithParam(signer, (PrivateKey)key, - (signAlgParams != null ? - signAlgParams.parameterSpec : null), - null); + Signature verifier = Signature.getInstance(algorithm); + SignatureUtil.initVerifyWithParam(verifier, publicKey, + (signAlgParams != null ? signAlgParams.parameterSpec : null)); + + return verifier; + } + + // This method is also used to choose preferable signature scheme for the + // specific private key. If the private key does not support the signature + // scheme, {@code null} is returned, and the caller may fail back to next + // available signature scheme. + private Signature getSigner(PrivateKey privateKey) { + if (!isAvailable) { + return null; } - return signer; + try { + Signature signer = Signature.getInstance(algorithm); + SignatureUtil.initSignWithParam(signer, privateKey, + (signAlgParams != null ? signAlgParams.parameterSpec : null), + null); + return signer; + } catch (NoSuchAlgorithmException | InvalidKeyException | + InvalidAlgorithmParameterException nsae) { + if (SSLLogger.isOn && + SSLLogger.isOn("ssl,handshake,verbose")) { + SSLLogger.finest( + "Ignore unsupported signature algorithm (" + + this.name + ")", nsae); + } + } + + return null; } }