--- a/src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java Thu Aug 16 14:01:03 2018 -0400
@@ -61,7 +61,7 @@
static final SSLKeyAgreementGenerator kaGenerator =
new DHEKAGenerator();
- static final class DHECredentials implements SSLCredentials {
+ static final class DHECredentials implements SSLKeyAgreementCredentials {
final DHPublicKey popPublicKey;
final NamedGroup namedGroup;
@@ -70,6 +70,11 @@
this.namedGroup = namedGroup;
}
+ @Override
+ public PublicKey getPublicKey() {
+ return popPublicKey;
+ }
+
static DHECredentials valueOf(NamedGroup ng,
byte[] encodedPublic) throws IOException, GeneralSecurityException {
@@ -210,9 +215,8 @@
try {
KeyFactory factory = JsseJce.getKeyFactory("DiffieHellman");
return factory.getKeySpec(key, DHPublicKeySpec.class);
- } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
- // unlikely
- throw new RuntimeException("Unable to get DHPublicKeySpec", e);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
}
}
--- a/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java Thu Aug 16 14:01:03 2018 -0400
@@ -63,7 +63,7 @@
static final SSLKeyAgreementGenerator ecdhKAGenerator =
new ECDHKAGenerator();
- static final class ECDHECredentials implements SSLCredentials {
+ static final class ECDHECredentials implements SSLKeyAgreementCredentials {
final ECPublicKey popPublicKey;
final NamedGroup namedGroup;
@@ -72,6 +72,11 @@
this.namedGroup = namedGroup;
}
+ @Override
+ public PublicKey getPublicKey() {
+ return popPublicKey;
+ }
+
static ECDHECredentials valueOf(NamedGroup namedGroup,
byte[] encodedPoint) throws IOException, GeneralSecurityException {
--- a/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java Thu Aug 16 14:01:03 2018 -0400
@@ -42,12 +42,14 @@
import sun.security.ssl.DHKeyExchange.DHEPossession;
import sun.security.ssl.ECDHKeyExchange.ECDHECredentials;
import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
+import sun.security.ssl.XDHKeyExchange.XDHEPossession;
+import sun.security.ssl.XDHKeyExchange.XDHECredentials;
import sun.security.ssl.KeyShareExtension.CHKeyShareSpec;
import sun.security.ssl.SSLExtension.ExtensionConsumer;
import sun.security.ssl.SSLExtension.SSLExtensionSpec;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
-import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
+import sun.security.ssl.SupportedGroupsExtension.NamedGroupFunctions;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.util.HexDumpEncoder;
@@ -265,7 +267,8 @@
// update the context
chc.handshakePossessions.add(pos);
if (!(pos instanceof ECDHEPossession) &&
- !(pos instanceof DHEPossession)) {
+ !(pos instanceof DHEPossession) &&
+ !(pos instanceof XDHEPossession)) {
// May need more possesion types in the future.
continue;
}
@@ -354,46 +357,26 @@
continue;
}
- if (ng.type == NamedGroupType.NAMED_GROUP_ECDHE) {
- try {
- ECDHECredentials ecdhec =
- ECDHECredentials.valueOf(ng, entry.keyExchange);
- if (ecdhec != null) {
- if (!shc.algorithmConstraints.permits(
- EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
- ecdhec.popPublicKey)) {
- SSLLogger.warning(
- "ECDHE key share entry does not " +
- "comply to algorithm constraints");
- } else {
- credentials.add(ecdhec);
- }
+ try {
+ NamedGroupFunctions ngf = ng.getFunctions().orElseThrow(
+ GeneralSecurityException::new);
+ SSLKeyAgreementCredentials kaCred =
+ ngf.decodeCredentials(entry.keyExchange);
+ if (kaCred != null) {
+ if (!shc.algorithmConstraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+ kaCred.getPublicKey())) {
+ SSLLogger.warning(
+ "key share entry does not " +
+ "comply with algorithm constraints");
+ } else {
+ credentials.add(kaCred);
}
- } catch (IOException | GeneralSecurityException ex) {
- SSLLogger.warning(
- "Cannot decode named group: " +
- NamedGroup.nameOf(entry.namedGroupId));
}
- } else if (ng.type == NamedGroupType.NAMED_GROUP_FFDHE) {
- try {
- DHECredentials dhec =
- DHECredentials.valueOf(ng, entry.keyExchange);
- if (dhec != null) {
- if (!shc.algorithmConstraints.permits(
- EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
- dhec.popPublicKey)) {
- SSLLogger.warning(
- "DHE key share entry does not " +
- "comply to algorithm constraints");
- } else {
- credentials.add(dhec);
- }
- }
- } catch (IOException | GeneralSecurityException ex) {
- SSLLogger.warning(
- "Cannot decode named group: " +
- NamedGroup.nameOf(entry.namedGroupId));
- }
+ } catch (GeneralSecurityException ex) {
+ SSLLogger.warning(
+ "Cannot decode named group: " +
+ NamedGroup.nameOf(entry.namedGroupId));
}
}
@@ -531,6 +514,8 @@
ng = ((ECDHECredentials)cd).namedGroup;
} else if (cd instanceof DHECredentials) {
ng = ((DHECredentials)cd).namedGroup;
+ } else if (cd instanceof XDHECredentials) {
+ ng = ((XDHECredentials)cd).namedGroup;
}
if (ng == null) {
@@ -549,7 +534,8 @@
SSLPossession[] poses = ke.createPossessions(shc);
for (SSLPossession pos : poses) {
if (!(pos instanceof ECDHEPossession) &&
- !(pos instanceof DHEPossession)) {
+ !(pos instanceof DHEPossession) &&
+ !(pos instanceof XDHEPossession)) {
// May need more possesion types in the future.
continue;
}
@@ -649,50 +635,26 @@
}
SSLCredentials credentials = null;
- if (ng.type == NamedGroupType.NAMED_GROUP_ECDHE) {
- try {
- ECDHECredentials ecdhec =
- ECDHECredentials.valueOf(ng, keyShare.keyExchange);
- if (ecdhec != null) {
- if (!chc.algorithmConstraints.permits(
- EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
- ecdhec.popPublicKey)) {
- chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
- "ECDHE key share entry does not " +
- "comply to algorithm constraints");
- } else {
- credentials = ecdhec;
- }
+ try {
+ NamedGroupFunctions ngf = ng.getFunctions().orElseThrow(
+ GeneralSecurityException::new);
+ SSLKeyAgreementCredentials kaCred =
+ ngf.decodeCredentials(keyShare.keyExchange);
+ if (kaCred != null) {
+ if (!chc.algorithmConstraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
+ kaCred.getPublicKey())) {
+ chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+ "key share entry does not " +
+ "comply to algorithm constraints");
+ } else {
+ credentials = kaCred;
}
- } catch (IOException | GeneralSecurityException ex) {
- chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
- "Cannot decode named group: " +
- NamedGroup.nameOf(keyShare.namedGroupId));
}
- } else if (ng.type == NamedGroupType.NAMED_GROUP_FFDHE) {
- try {
- DHECredentials dhec =
- DHECredentials.valueOf(ng, keyShare.keyExchange);
- if (dhec != null) {
- if (!chc.algorithmConstraints.permits(
- EnumSet.of(CryptoPrimitive.KEY_AGREEMENT),
- dhec.popPublicKey)) {
- chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
- "DHE key share entry does not " +
- "comply to algorithm constraints");
- } else {
- credentials = dhec;
- }
- }
- } catch (IOException | GeneralSecurityException ex) {
- chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
- "Cannot decode named group: " +
- NamedGroup.nameOf(keyShare.namedGroupId));
- }
- } else {
+ } catch (IOException | GeneralSecurityException ex) {
chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
- "Unsupported named group: " +
- NamedGroup.nameOf(keyShare.namedGroupId));
+ "Cannot decode named group: " +
+ NamedGroup.nameOf(keyShare.namedGroupId));
}
if (credentials == null) {
@@ -817,6 +779,8 @@
ng.name);
}
+ // TODO: is the named group supported by the underlying
+ // crypto provider?
selectedGroup = ng;
break;
}
@@ -940,6 +904,10 @@
return; // fatal() always throws, make the compiler happy.
}
+ // TODO: the selected group does not correspond to a group which
+ // was provided in the "key_share" extension in the original
+ // ClientHello.
+
// update the context
// When sending the new ClientHello, the client MUST replace the
--- a/src/java.base/share/classes/sun/security/ssl/SSLCredentials.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/SSLCredentials.java Thu Aug 16 14:01:03 2018 -0400
@@ -26,4 +26,5 @@
package sun.security.ssl;
interface SSLCredentials {
+
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/classes/sun/security/ssl/SSLKeyAgreementCredentials.java Thu Aug 16 14:01:03 2018 -0400
@@ -0,0 +1,8 @@
+package sun.security.ssl;
+
+import java.security.PublicKey;
+
+interface SSLKeyAgreementCredentials extends SSLCredentials {
+
+ PublicKey getPublicKey();
+}
--- a/src/java.base/share/classes/sun/security/ssl/SSLKeyExchange.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/SSLKeyExchange.java Thu Aug 16 14:01:03 2018 -0400
@@ -30,10 +30,13 @@
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
+import java.util.Optional;
import sun.security.ssl.DHKeyExchange.DHEPossession;
import sun.security.ssl.ECDHKeyExchange.ECDHEPossession;
+import sun.security.ssl.XDHKeyExchange.XDHEPossession;
import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
+import sun.security.ssl.SupportedGroupsExtension.NamedGroupFunctions;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Possession;
@@ -570,27 +573,24 @@
@Override
public SSLPossession createPossession(HandshakeContext hc) {
- if (namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) {
- return new ECDHEPossession(
- namedGroup, hc.sslContext.getSecureRandom());
- } else if (namedGroup.type == NamedGroupType.NAMED_GROUP_FFDHE) {
- return new DHEPossession(
- namedGroup, hc.sslContext.getSecureRandom());
+
+ Optional<NamedGroupFunctions> ngf = namedGroup.getFunctions();
+ if (ngf.isEmpty()) {
+ return null;
}
-
- return null;
+ return ngf.get().createPossession(hc.sslContext.getSecureRandom());
}
@Override
public SSLKeyDerivation createKeyDerivation(
HandshakeContext hc) throws IOException {
- if (namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) {
- return ECDHKeyExchange.ecdheKAGenerator.createKeyDerivation(hc);
- } else if (namedGroup.type == NamedGroupType.NAMED_GROUP_FFDHE) {
- return DHKeyExchange.kaGenerator.createKeyDerivation(hc);
+
+ Optional<NamedGroupFunctions> ngf = namedGroup.getFunctions();
+ if (ngf.isEmpty()) {
+ return null;
}
+ return ngf.get().createKeyDerivation(hc);
- return null;
}
}
}
--- a/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java Thu Aug 16 14:01:03 2018 -0400
@@ -31,11 +31,14 @@
import java.security.AlgorithmConstraints;
import java.security.AlgorithmParameters;
import java.security.CryptoPrimitive;
+import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidParameterSpecException;
+import java.security.spec.NamedParameterSpec;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
@@ -45,6 +48,7 @@
import java.util.List;
import java.util.Locale;
import java.util.Map;
+import java.util.Optional;
import javax.crypto.spec.DHParameterSpec;
import javax.net.ssl.SSLProtocolException;
import sun.security.action.GetPropertyAction;
@@ -176,6 +180,214 @@
}
}
+ interface NamedGroupFunctions {
+
+ SSLKeyAgreementCredentials decodeCredentials(byte[] encoded)
+ throws IOException, GeneralSecurityException;
+
+ SSLPossession createPossession(SecureRandom random);
+
+ SSLKeyDerivation createKeyDerivation(HandshakeContext hc)
+ throws IOException;
+
+ AlgorithmParameterSpec getParameterSpec();
+
+ boolean isAvailable();
+ }
+
+ private static class FFDHFunctions implements NamedGroupFunctions {
+
+ private final NamedGroup ng;
+
+ FFDHFunctions(NamedGroup ng) {
+ this.ng = ng;
+ }
+
+ @Override
+ public SSLKeyAgreementCredentials decodeCredentials(byte[] encoded)
+ throws IOException, GeneralSecurityException {
+ return DHKeyExchange.DHECredentials.valueOf(ng, encoded);
+ }
+
+ @Override
+ public SSLPossession createPossession(SecureRandom random) {
+ return new DHKeyExchange.DHEPossession(ng, random);
+ }
+
+ @Override
+ public SSLKeyDerivation createKeyDerivation(HandshakeContext hc)
+ throws IOException {
+ return DHKeyExchange.kaGenerator.createKeyDerivation(hc);
+ }
+
+ @Override
+ public AlgorithmParameterSpec getParameterSpec() {
+ return getDHParameterSpec(ng);
+ }
+
+ static DHParameterSpec getDHParameterSpec(NamedGroup namedGroup) {
+ if (namedGroup.type != NamedGroupType.NAMED_GROUP_FFDHE) {
+ throw new RuntimeException(
+ "Not a named DH group: " + namedGroup);
+ }
+
+ AlgorithmParameters params = SupportedGroups.namedGroupParams.get(namedGroup);
+ try {
+ return params.getParameterSpec(DHParameterSpec.class);
+ } catch (InvalidParameterSpecException ipse) {
+ // should be unlikely
+ return getPredefinedDHParameterSpec(namedGroup);
+ }
+ }
+
+ private static DHParameterSpec getFFDHEDHParameterSpec(
+ NamedGroup namedGroup) {
+ DHParameterSpec spec = null;
+ switch (namedGroup) {
+ case FFDHE_2048:
+ spec = PredefinedDHParameterSpecs.ffdheParams.get(2048);
+ break;
+ case FFDHE_3072:
+ spec = PredefinedDHParameterSpecs.ffdheParams.get(3072);
+ break;
+ case FFDHE_4096:
+ spec = PredefinedDHParameterSpecs.ffdheParams.get(4096);
+ break;
+ case FFDHE_6144:
+ spec = PredefinedDHParameterSpecs.ffdheParams.get(6144);
+ break;
+ case FFDHE_8192:
+ spec = PredefinedDHParameterSpecs.ffdheParams.get(8192);
+ }
+
+ return spec;
+ }
+
+ private static DHParameterSpec getPredefinedDHParameterSpec(
+ NamedGroup namedGroup) {
+ DHParameterSpec spec = null;
+ switch (namedGroup) {
+ case FFDHE_2048:
+ spec = PredefinedDHParameterSpecs.definedParams.get(2048);
+ break;
+ case FFDHE_3072:
+ spec = PredefinedDHParameterSpecs.definedParams.get(3072);
+ break;
+ case FFDHE_4096:
+ spec = PredefinedDHParameterSpecs.definedParams.get(4096);
+ break;
+ case FFDHE_6144:
+ spec = PredefinedDHParameterSpecs.definedParams.get(6144);
+ break;
+ case FFDHE_8192:
+ spec = PredefinedDHParameterSpecs.definedParams.get(8192);
+ }
+
+ return spec;
+ }
+
+ @Override
+ public boolean isAvailable() {
+
+ try {
+ AlgorithmParameters params = JsseJce.getAlgorithmParameters("DiffieHellman");
+ AlgorithmParameterSpec spec = getFFDHEDHParameterSpec(ng);
+ params.init(spec);
+ SupportedGroups.putNamedGroupParams(ng, params);
+ return true;
+ } catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
+ return false;
+ }
+ }
+ }
+
+ private static class ECDHFunctions implements NamedGroupFunctions {
+
+ private final NamedGroup ng;
+
+ ECDHFunctions(NamedGroup ng) {
+ this.ng = ng;
+ }
+
+ @Override
+ public SSLKeyAgreementCredentials decodeCredentials(byte[] encoded)
+ throws IOException, GeneralSecurityException {
+ return ECDHKeyExchange.ECDHECredentials.valueOf(ng, encoded);
+ }
+
+ @Override
+ public SSLPossession createPossession(SecureRandom random) {
+ return new ECDHKeyExchange.ECDHEPossession(ng, random);
+ }
+
+ @Override
+ public SSLKeyDerivation createKeyDerivation(HandshakeContext hc)
+ throws IOException {
+ return ECDHKeyExchange.ecdheKAGenerator.createKeyDerivation(hc);
+ }
+
+ @Override
+ public AlgorithmParameterSpec getParameterSpec() {
+ return SupportedGroups.getECGenParamSpec(ng);
+ }
+
+ @Override
+ public boolean isAvailable() {
+
+ try {
+ AlgorithmParameters params = JsseJce.getAlgorithmParameters("EC");
+ AlgorithmParameterSpec spec = new ECGenParameterSpec(ng.oid);
+ params.init(spec);
+ SupportedGroups.putNamedGroupParams(ng, params);
+ return true;
+ } catch (NoSuchAlgorithmException | InvalidParameterSpecException e) {
+ return false;
+ }
+ }
+ }
+
+ private static class XDHFunctions implements NamedGroupFunctions {
+
+ private final NamedGroup ng;
+
+ XDHFunctions(NamedGroup ng) {
+ this.ng = ng;
+ }
+
+ @Override
+ public SSLKeyAgreementCredentials decodeCredentials(byte[] encoded)
+ throws IOException, GeneralSecurityException {
+ return XDHKeyExchange.XDHECredentials.valueOf(ng, encoded);
+ }
+
+ @Override
+ public SSLPossession createPossession(SecureRandom random) {
+ return new XDHKeyExchange.XDHEPossession(ng, random);
+ }
+
+ @Override
+ public SSLKeyDerivation createKeyDerivation(HandshakeContext hc)
+ throws IOException {
+ return XDHKeyExchange.xdheKAGenerator.createKeyDerivation(hc);
+ }
+
+ @Override
+ public AlgorithmParameterSpec getParameterSpec() {
+ return new NamedParameterSpec(ng.algorithm);
+ }
+
+ @Override
+ public boolean isAvailable() {
+
+ try {
+ JsseJce.getKeyAgreement(ng.algorithm);
+ return true;
+ } catch (NoSuchAlgorithmException ex) {
+ return false;
+ }
+ }
+ }
+
static enum NamedGroup {
// Elliptic Curves (RFC 4492)
//
@@ -292,12 +504,14 @@
final String algorithm; // signature algorithm
final boolean isFips; // can be used in FIPS mode?
final ProtocolVersion[] supportedProtocols;
+ private final NamedGroupFunctions functions; // may be null
// Constructor used for Elliptic Curve Groups (ECDHE)
private NamedGroup(int id, String name, String oid, boolean isFips,
ProtocolVersion[] supportedProtocols) {
this.id = id;
this.type = NamedGroupType.NAMED_GROUP_ECDHE;
+ this.functions = new ECDHFunctions(this);
this.name = name;
this.oid = oid;
this.algorithm = "EC";
@@ -311,6 +525,7 @@
ProtocolVersion[] supportedProtocols) {
this.id = id;
this.type = NamedGroupType.NAMED_GROUP_XDH;
+ this.functions = new XDHFunctions(this);
this.name = name;
this.oid = null;
this.algorithm = algorithm;
@@ -323,6 +538,7 @@
ProtocolVersion[] supportedProtocols) {
this.id = id;
this.type = NamedGroupType.NAMED_GROUP_FFDHE;
+ this.functions = new FFDHFunctions(this);
this.name = name;
this.oid = null;
this.algorithm = "DiffieHellman";
@@ -335,6 +551,7 @@
ProtocolVersion[] supportedProtocols) {
this.id = id;
this.type = NamedGroupType.NAMED_GROUP_ARBITRARY;
+ this.functions = null;
this.name = name;
this.oid = null;
this.algorithm = "EC";
@@ -342,6 +559,10 @@
this.supportedProtocols = supportedProtocols;
}
+ Optional<NamedGroupFunctions> getFunctions() {
+ return Optional.ofNullable(functions);
+ }
+
static NamedGroup valueOf(int id) {
for (NamedGroup group : NamedGroup.values()) {
if (group.id == id) {
@@ -450,13 +671,11 @@
}
AlgorithmParameterSpec getParameterSpec() {
- if (this.type == NamedGroupType.NAMED_GROUP_ECDHE) {
- return SupportedGroups.getECGenParamSpec(this);
- } else if (this.type == NamedGroupType.NAMED_GROUP_FFDHE) {
- return SupportedGroups.getDHParameterSpec(this);
+ Optional<NamedGroupFunctions> ngf = getFunctions();
+ if (ngf.isEmpty()) {
+ return null;
}
-
- return null;
+ return ngf.get().getParameterSpec();
}
}
@@ -552,6 +771,10 @@
// non-NIST curves
NamedGroup.SECP256_K1,
+ // XDH
+ NamedGroup.X25519,
+ NamedGroup.X448,
+
// FFDHE 2048
NamedGroup.FFDHE_2048,
NamedGroup.FFDHE_3072,
@@ -583,86 +806,18 @@
// check whether the group is supported by the underlying providers
private static boolean isAvailableGroup(NamedGroup namedGroup) {
- AlgorithmParameters params = null;
- AlgorithmParameterSpec spec = null;
- if (namedGroup.type == NamedGroupType.NAMED_GROUP_ECDHE) {
- if (namedGroup.oid != null) {
- try {
- params = JsseJce.getAlgorithmParameters("EC");
- spec = new ECGenParameterSpec(namedGroup.oid);
- } catch (NoSuchAlgorithmException e) {
- return false;
- }
- }
- } else if (namedGroup.type == NamedGroupType.NAMED_GROUP_FFDHE) {
- try {
- params = JsseJce.getAlgorithmParameters("DiffieHellman");
- spec = getFFDHEDHParameterSpec(namedGroup);
- } catch (NoSuchAlgorithmException e) {
- return false;
- }
- } // Otherwise, unsupported.
- if ((params != null) && (spec != null)) {
- try {
- params.init(spec);
- } catch (InvalidParameterSpecException e) {
- return false;
- }
+ Optional<NamedGroupFunctions> ngf = namedGroup.getFunctions();
+ if (ngf.isEmpty()) {
+ return false;
+ }
+ return ngf.get().isAvailable();
- // cache the parameters
- namedGroupParams.put(namedGroup, params);
-
- return true;
- }
-
- return false;
}
- private static DHParameterSpec getFFDHEDHParameterSpec(
- NamedGroup namedGroup) {
- DHParameterSpec spec = null;
- switch (namedGroup) {
- case FFDHE_2048:
- spec = PredefinedDHParameterSpecs.ffdheParams.get(2048);
- break;
- case FFDHE_3072:
- spec = PredefinedDHParameterSpecs.ffdheParams.get(3072);
- break;
- case FFDHE_4096:
- spec = PredefinedDHParameterSpecs.ffdheParams.get(4096);
- break;
- case FFDHE_6144:
- spec = PredefinedDHParameterSpecs.ffdheParams.get(6144);
- break;
- case FFDHE_8192:
- spec = PredefinedDHParameterSpecs.ffdheParams.get(8192);
- }
-
- return spec;
- }
-
- private static DHParameterSpec getPredefinedDHParameterSpec(
- NamedGroup namedGroup) {
- DHParameterSpec spec = null;
- switch (namedGroup) {
- case FFDHE_2048:
- spec = PredefinedDHParameterSpecs.definedParams.get(2048);
- break;
- case FFDHE_3072:
- spec = PredefinedDHParameterSpecs.definedParams.get(3072);
- break;
- case FFDHE_4096:
- spec = PredefinedDHParameterSpecs.definedParams.get(4096);
- break;
- case FFDHE_6144:
- spec = PredefinedDHParameterSpecs.definedParams.get(6144);
- break;
- case FFDHE_8192:
- spec = PredefinedDHParameterSpecs.definedParams.get(8192);
- }
-
- return spec;
+ static void putNamedGroupParams(NamedGroup ng,
+ AlgorithmParameters params) {
+ namedGroupParams.put(ng, params);
}
static ECGenParameterSpec getECGenParamSpec(NamedGroup namedGroup) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/classes/sun/security/ssl/XDHKeyExchange.java Thu Aug 16 14:01:03 2018 -0400
@@ -0,0 +1,483 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.ssl;
+
+import java.io.IOException;
+import java.security.AlgorithmConstraints;
+import java.security.CryptoPrimitive;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.interfaces.XECPrivateKey;
+import java.security.interfaces.XECPublicKey;
+import java.security.spec.*;
+import java.util.EnumSet;
+import javax.crypto.KeyAgreement;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.net.ssl.SSLHandshakeException;
+import sun.security.ssl.CipherSuite.HashAlg;
+import sun.security.ssl.SupportedGroupsExtension.NamedGroup;
+import sun.security.ssl.SupportedGroupsExtension.NamedGroupType;
+import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
+import sun.security.ssl.X509Authentication.X509Credentials;
+import sun.security.ssl.X509Authentication.X509Possession;
+import sun.security.util.ECUtil;
+
+final class XDHKeyExchange {
+ static final SSLPossessionGenerator poGenerator =
+ new XDHEPossessionGenerator();
+ static final SSLKeyAgreementGenerator xdheKAGenerator =
+ new XDHEKAGenerator();
+ static final SSLKeyAgreementGenerator xdhKAGenerator =
+ new XDHKAGenerator();
+
+ static final class XDHECredentials implements SSLKeyAgreementCredentials {
+ final XECPublicKey popPublicKey;
+ final NamedGroup namedGroup;
+
+ XDHECredentials(XECPublicKey popPublicKey, NamedGroup namedGroup) {
+ this.popPublicKey = popPublicKey;
+ this.namedGroup = namedGroup;
+ }
+
+ @Override
+ public PublicKey getPublicKey() {
+ return popPublicKey;
+ }
+
+ static XDHECredentials valueOf(NamedGroup namedGroup,
+ byte[] encodedPoint) throws IOException, GeneralSecurityException {
+
+ if (namedGroup.type != NamedGroupType.NAMED_GROUP_XDH) {
+ throw new RuntimeException(
+ "Credentials decoding: Not XDH named group");
+ }
+
+ if (encodedPoint == null || encodedPoint.length == 0) {
+ return null;
+ }
+
+ NamedParameterSpec namedSpec = new NamedParameterSpec(namedGroup.algorithm);
+ XECPublicKeySpec xecKeySpec = ECUtil.decodeXecPublicKey(encodedPoint, namedSpec);
+ KeyFactory factory = JsseJce.getKeyFactory(namedGroup.algorithm);
+
+ XECPublicKey publicKey = (XECPublicKey)factory.generatePublic(xecKeySpec);
+ return new XDHECredentials(publicKey, namedGroup);
+ }
+ }
+
+ static final class XDHEPossession implements SSLPossession {
+ final PrivateKey privateKey;
+ final XECPublicKey publicKey;
+ final NamedGroup namedGroup;
+
+ XDHEPossession(NamedGroup namedGroup, SecureRandom random) {
+ try {
+ KeyPairGenerator kpg = JsseJce.getKeyPairGenerator(namedGroup.algorithm);
+ AlgorithmParameterSpec params = namedGroup.getParameterSpec();
+ kpg.initialize(params, random);
+ KeyPair kp = kpg.generateKeyPair();
+ privateKey = kp.getPrivate();
+ publicKey = (XECPublicKey)kp.getPublic();
+ } catch (GeneralSecurityException e) {
+ throw new RuntimeException(
+ "Could not generate XDH keypair", e);
+ }
+
+ this.namedGroup = namedGroup;
+ }
+
+ XDHEPossession(XDHECredentials credentials, SecureRandom random) {
+ AlgorithmParameterSpec params = credentials.popPublicKey.getParams();
+ try {
+ KeyPairGenerator kpg = JsseJce.getKeyPairGenerator(credentials.namedGroup.algorithm);
+ kpg.initialize(params, random);
+ KeyPair kp = kpg.generateKeyPair();
+ privateKey = kp.getPrivate();
+ publicKey = (XECPublicKey)kp.getPublic();
+ } catch (GeneralSecurityException e) {
+ throw new RuntimeException(
+ "Could not generate XDH keypair", e);
+ }
+
+ this.namedGroup = credentials.namedGroup;
+ }
+
+ @Override
+ public byte[] encode() {
+ try {
+ return ECUtil.encodeXecPublicKey(publicKey.getU(), publicKey.getParams());
+ } catch (InvalidParameterSpecException ex) {
+ throw new RuntimeException(ex);
+ }
+ }
+
+ // called by client handshaker
+ SecretKey getAgreedSecret(
+ PublicKey peerPublicKey) throws SSLHandshakeException {
+
+ try {
+ KeyAgreement ka = JsseJce.getKeyAgreement("XDH");
+ ka.init(privateKey);
+ ka.doPhase(peerPublicKey, true);
+ return ka.generateSecret("TlsPremasterSecret");
+ } catch (GeneralSecurityException e) {
+ throw (SSLHandshakeException) new SSLHandshakeException(
+ "Could not generate secret").initCause(e);
+ }
+ }
+
+ // called by ServerHandshaker
+ SecretKey getAgreedSecret(
+ byte[] encodedKey) throws SSLHandshakeException {
+ try {
+ AlgorithmParameterSpec params = publicKey.getParams();
+
+ KeyFactory kf = JsseJce.getKeyFactory("XDH");
+ XECPublicKeySpec spec = ECUtil.decodeXecPublicKey(encodedKey, params);
+ PublicKey peerPublicKey = kf.generatePublic(spec);
+ return getAgreedSecret(peerPublicKey);
+ } catch (GeneralSecurityException | java.io.IOException e) {
+ throw (SSLHandshakeException) new SSLHandshakeException(
+ "Could not generate secret").initCause(e);
+ }
+ }
+
+ // Check constraints of the specified EC public key.
+ void checkConstraints(AlgorithmConstraints constraints,
+ byte[] encodedKey) throws SSLHandshakeException {
+ try {
+
+ AlgorithmParameterSpec params = publicKey.getParams();
+ XECPublicKeySpec spec = ECUtil.decodeXecPublicKey(encodedKey, params);
+
+ KeyFactory kf = JsseJce.getKeyFactory("XDH");
+ PublicKey pubKey = kf.generatePublic(spec);
+
+ // check constraints of ECPublicKey
+ if (!constraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), pubKey)) {
+ throw new SSLHandshakeException(
+ "ECPublicKey does not comply to algorithm constraints");
+ }
+ } catch (GeneralSecurityException | java.io.IOException e) {
+ throw (SSLHandshakeException) new SSLHandshakeException(
+ "Could not generate ECPublicKey").initCause(e);
+ }
+ }
+ }
+
+ private static final
+ class XDHEPossessionGenerator implements SSLPossessionGenerator {
+ // Prevent instantiation of this class.
+ private XDHEPossessionGenerator() {
+ // blank
+ }
+
+ @Override
+ public SSLPossession createPossession(HandshakeContext context) {
+ NamedGroup preferableNamedGroup = null;
+ if ((context.clientRequestedNamedGroups != null) &&
+ (!context.clientRequestedNamedGroups.isEmpty())) {
+ preferableNamedGroup = SupportedGroups.getPreferredGroup(
+ context.negotiatedProtocol,
+ context.algorithmConstraints,
+ NamedGroupType.NAMED_GROUP_XDH,
+ context.clientRequestedNamedGroups);
+ } else {
+ preferableNamedGroup = SupportedGroups.getPreferredGroup(
+ context.negotiatedProtocol,
+ context.algorithmConstraints,
+ NamedGroupType.NAMED_GROUP_XDH);
+ }
+
+ if (preferableNamedGroup != null) {
+ return new XDHEPossession(preferableNamedGroup,
+ context.sslContext.getSecureRandom());
+ }
+
+ // no match found, cannot use this cipher suite.
+ //
+ return null;
+ }
+ }
+
+ private static final
+ class XDHKAGenerator implements SSLKeyAgreementGenerator {
+ // Prevent instantiation of this class.
+ private XDHKAGenerator() {
+ // blank
+ }
+
+ @Override
+ public SSLKeyDerivation createKeyDerivation(
+ HandshakeContext context) throws IOException {
+ if (context instanceof ServerHandshakeContext) {
+ return createServerKeyDerivation(
+ (ServerHandshakeContext)context);
+ } else {
+ return createClientKeyDerivation(
+ (ClientHandshakeContext)context);
+ }
+ }
+
+ private SSLKeyDerivation createServerKeyDerivation(
+ ServerHandshakeContext shc) throws IOException {
+ X509Possession x509Possession = null;
+ XDHECredentials xdheCredentials = null;
+ for (SSLPossession poss : shc.handshakePossessions) {
+ if (!(poss instanceof X509Possession)) {
+ continue;
+ }
+
+ PrivateKey privateKey = ((X509Possession)poss).popPrivateKey;
+ if (! (privateKey instanceof XECPrivateKey)) {
+ continue;
+ }
+ AlgorithmParameterSpec params = ((XECPrivateKey)privateKey).getParams();
+ // group must be specified by name
+ if (!(params instanceof NamedParameterSpec)) {
+ continue;
+ }
+ NamedParameterSpec namedParams = (NamedParameterSpec) params;
+ NamedGroup ng = NamedGroup.valueOf(namedParams.getName());
+ if (ng == null) {
+ // unlikely, have been checked during cipher suite negotiation.
+ shc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
+ "Unsupported server cert for XDH key exchange");
+ }
+
+ for (SSLCredentials cred : shc.handshakeCredentials) {
+ if (!(cred instanceof XDHECredentials)) {
+ continue;
+ }
+ if (ng.equals(((XDHECredentials)cred).namedGroup)) {
+ xdheCredentials = (XDHECredentials)cred;
+ break;
+ }
+ }
+
+ if (xdheCredentials != null) {
+ x509Possession = (X509Possession)poss;
+ break;
+ }
+ }
+
+ if (x509Possession == null || xdheCredentials == null) {
+ shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
+ "No sufficient XDHE key agreement parameters negotiated");
+ }
+
+ return new XDHEKAKeyDerivation(shc,
+ x509Possession.popPrivateKey, xdheCredentials.popPublicKey);
+ }
+
+ private SSLKeyDerivation createClientKeyDerivation(
+ ClientHandshakeContext chc) throws IOException {
+
+ XDHEPossession xdhePossession = null;
+ X509Credentials x509Credentials = null;
+ for (SSLPossession poss : chc.handshakePossessions) {
+ if (!(poss instanceof XDHEPossession)) {
+ continue;
+ }
+
+ NamedGroup ng = ((XDHEPossession)poss).namedGroup;
+ for (SSLCredentials cred : chc.handshakeCredentials) {
+ if (!(cred instanceof X509Credentials)) {
+ continue;
+ }
+
+ PublicKey publicKey = ((X509Credentials)cred).popPublicKey;
+ if (!(publicKey instanceof XECPublicKey)) {
+ continue;
+ }
+ XECPublicKey xecPublicKey = (XECPublicKey) publicKey;
+ AlgorithmParameterSpec params = xecPublicKey.getParams();
+ // group must be specified by name
+ if (!(params instanceof NamedParameterSpec)) {
+ continue;
+ }
+ NamedParameterSpec namedParams = (NamedParameterSpec) params;
+
+ NamedGroup namedGroup = NamedGroup.valueOf(namedParams.getName());
+ if (namedGroup == null) {
+ // unlikely, should have been checked previously
+ chc.conContext.fatal(Alert.ILLEGAL_PARAMETER,
+ "Unsupported EC server cert for XDH key exchange");
+ }
+
+ if (ng.equals(namedGroup)) {
+ x509Credentials = (X509Credentials)cred;
+ break;
+ }
+ }
+
+ if (x509Credentials != null) {
+ xdhePossession = (XDHEPossession)poss;
+ break;
+ }
+ }
+
+ if (xdhePossession == null || x509Credentials == null) {
+ chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
+ "No sufficient XDH key agreement parameters negotiated");
+ }
+
+ return new XDHEKAKeyDerivation(chc,
+ xdhePossession.privateKey, x509Credentials.popPublicKey);
+ }
+ }
+
+ private static final
+ class XDHEKAGenerator implements SSLKeyAgreementGenerator {
+ // Prevent instantiation of this class.
+ private XDHEKAGenerator() {
+ // blank
+ }
+
+ @Override
+ public SSLKeyDerivation createKeyDerivation(
+ HandshakeContext context) throws IOException {
+ XDHEPossession xdhePossession = null;
+ XDHECredentials xdheCredentials = null;
+ for (SSLPossession poss : context.handshakePossessions) {
+ if (!(poss instanceof XDHEPossession)) {
+ continue;
+ }
+
+ NamedGroup ng = ((XDHEPossession)poss).namedGroup;
+ for (SSLCredentials cred : context.handshakeCredentials) {
+ if (!(cred instanceof XDHECredentials)) {
+ continue;
+ }
+ if (ng.equals(((XDHECredentials)cred).namedGroup)) {
+ xdheCredentials = (XDHECredentials)cred;
+ break;
+ }
+ }
+
+ if (xdheCredentials != null) {
+ xdhePossession = (XDHEPossession)poss;
+ break;
+ }
+ }
+
+ if (xdhePossession == null || xdheCredentials == null) {
+ context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
+ "No sufficient XDHE key agreement parameters negotiated");
+ }
+
+ return new XDHEKAKeyDerivation(context,
+ xdhePossession.privateKey, xdheCredentials.popPublicKey);
+ }
+ }
+
+ private static final
+ class XDHEKAKeyDerivation implements SSLKeyDerivation {
+ private final HandshakeContext context;
+ private final PrivateKey localPrivateKey;
+ private final PublicKey peerPublicKey;
+
+ XDHEKAKeyDerivation(HandshakeContext context,
+ PrivateKey localPrivateKey,
+ PublicKey peerPublicKey) {
+ this.context = context;
+ this.localPrivateKey = localPrivateKey;
+ this.peerPublicKey = peerPublicKey;
+ }
+
+ @Override
+ public SecretKey deriveKey(String algorithm,
+ AlgorithmParameterSpec params) throws IOException {
+ if (!context.negotiatedProtocol.useTLS13PlusSpec()) {
+ return t12DeriveKey(algorithm, params);
+ } else {
+ return t13DeriveKey(algorithm, params);
+ }
+ }
+
+ private SecretKey t12DeriveKey(String algorithm,
+ AlgorithmParameterSpec params) throws IOException {
+ try {
+ KeyAgreement ka = JsseJce.getKeyAgreement("XDH");
+ ka.init(localPrivateKey);
+ ka.doPhase(peerPublicKey, true);
+ SecretKey preMasterSecret =
+ ka.generateSecret("TlsPremasterSecret");
+
+ SSLMasterKeyDerivation mskd =
+ SSLMasterKeyDerivation.valueOf(
+ context.negotiatedProtocol);
+ SSLKeyDerivation kd = mskd.createKeyDerivation(
+ context, preMasterSecret);
+ return kd.deriveKey("TODO", params);
+ } catch (GeneralSecurityException gse) {
+ throw (SSLHandshakeException) new SSLHandshakeException(
+ "Could not generate secret").initCause(gse);
+ }
+ }
+
+ private SecretKey t13DeriveKey(String algorithm,
+ AlgorithmParameterSpec params) throws IOException {
+ try {
+ KeyAgreement ka = JsseJce.getKeyAgreement("XDH");
+ ka.init(localPrivateKey);
+ ka.doPhase(peerPublicKey, true);
+ SecretKey sharedSecret =
+ ka.generateSecret("TlsPremasterSecret");
+
+ HashAlg hashAlg = context.negotiatedCipherSuite.hashAlg;
+ SSLKeyDerivation kd = context.handshakeKeyDerivation;
+ HKDF hkdf = new HKDF(hashAlg.name);
+ if (kd == null) { // No PSK is in use.
+ // If PSK is not in use Early Secret will still be
+ // HKDF-Extract(0, 0).
+ byte[] zeros = new byte[hashAlg.hashLength];
+ SecretKeySpec ikm =
+ new SecretKeySpec(zeros, "TlsPreSharedSecret");
+ SecretKey earlySecret =
+ hkdf.extract(zeros, ikm, "TlsEarlySecret");
+ kd = new SSLSecretDerivation(context, earlySecret);
+ }
+
+ // derive salt secret
+ SecretKey saltSecret = kd.deriveKey("TlsSaltSecret", null);
+
+ // derive handshake secret
+ return hkdf.extract(saltSecret, sharedSecret, algorithm);
+ } catch (GeneralSecurityException gse) {
+ throw (SSLHandshakeException) new SSLHandshakeException(
+ "Could not generate secret").initCause(gse);
+ }
+ }
+ }
+}
--- a/src/java.base/share/classes/sun/security/util/ECUtil.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/java.base/share/classes/sun/security/util/ECUtil.java Thu Aug 16 14:01:03 2018 -0400
@@ -227,5 +227,65 @@
return nameSpec.getName();
}
+ public static BigInteger decodeXecPublicKey(byte[] key,
+ XECParameters params) {
+
+ reverse(key);
+
+ // clear the extra bits
+ int bitsMod8 = params.getBits() % 8;
+ if (bitsMod8 != 0) {
+ int mask = (1 << bitsMod8) - 1;
+ key[0] &= mask;
+ }
+
+ return new BigInteger(1, key);
+ }
+
+ public static XECPublicKeySpec decodeXecPublicKey(byte[] key,
+ AlgorithmParameterSpec spec)
+ throws InvalidParameterSpecException {
+
+ XECParameters params = XECParameters.get(
+ InvalidParameterSpecException::new, spec);
+ BigInteger u = decodeXecPublicKey(key, params);
+ return new XECPublicKeySpec(spec, u);
+ }
+
+ public static byte[] encodeXecPublicKey(BigInteger u,
+ XECParameters params) {
+
+ byte[] u_arr = u.toByteArray();
+ ECUtil.reverse(u_arr);
+ // u_arr may be too large or too small, depending on the value of u
+ return Arrays.copyOf(u_arr, params.getBytes());
+ }
+
+ public static byte[] encodeXecPublicKey(BigInteger u,
+ AlgorithmParameterSpec spec)
+ throws InvalidParameterSpecException {
+
+ XECParameters params = XECParameters.get(
+ InvalidParameterSpecException::new, spec);
+ return encodeXecPublicKey(u, params);
+ }
+
+ private static void swap(byte[] arr, int i, int j) {
+ byte tmp = arr[i];
+ arr[i] = arr[j];
+ arr[j] = tmp;
+ }
+
+ public static void reverse(byte [] arr) {
+ int i = 0;
+ int j = arr.length - 1;
+
+ while (i < j) {
+ swap(arr, i, j);
+ i++;
+ j--;
+ }
+ }
+
private ECUtil() {}
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/classes/sun/security/util/XECParameters.java Thu Aug 16 14:01:03 2018 -0400
@@ -0,0 +1,263 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.NamedParameterSpec;
+import java.util.Collections;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Optional;
+import java.util.function.Function;
+import java.util.function.Supplier;
+
+import sun.security.util.ObjectIdentifier;
+import sun.security.x509.AlgorithmId;
+
+public class XECParameters {
+
+ // Naming/identification parameters
+ private final ObjectIdentifier oid;
+ private final String name;
+
+ // Curve/field parameters
+ private final int bits;
+ private final BigInteger p;
+ private final int logCofactor;
+ private final int a24;
+ private final byte basePoint;
+
+ /**
+ *
+ * Construct an object holding the supplied parameters. No parameters are
+ * checked, so this method always succeeds. This method supports
+ * Montgomery curves of the form y^2 = x^3 + ax^2 + x.
+ *
+ * @param bits The number of relevant bits in a public/private key.
+ * @param p The prime that defines the finite field.
+ * @param a24 The value of (a - 2) / 4, where a is the second-degree curve
+ * coefficient.
+ * @param basePoint The point that generates the desired group
+ * @param logCofactor The base-2 logarithm of the cofactor of the curve
+ * @param oid
+ * @param name
+ */
+ public XECParameters(int bits, BigInteger p, int a24,
+ byte basePoint, int logCofactor,
+ ObjectIdentifier oid, String name) {
+
+ this.bits = bits;
+ this.logCofactor = logCofactor;
+ this.p = p;
+ this.a24 = a24;
+ this.basePoint = basePoint;
+ this.oid = oid;
+ this.name = name;
+
+ }
+
+ public int getBits() {
+ return bits;
+ }
+ public int getBytes() {
+ return (bits + 7) / 8;
+ }
+ public int getLogCofactor() {
+ return logCofactor;
+ }
+ public BigInteger getP() {
+ return p;
+ }
+ public int getA24() {
+ return a24;
+ }
+ public byte getBasePoint() {
+ return basePoint;
+ }
+ public ObjectIdentifier getOid() {
+ return oid;
+ }
+ public String getName() {
+ return name;
+ }
+
+ private static final Map<Integer, XECParameters> SIZE_MAP;
+ private static final Map<ObjectIdentifier, XECParameters> OID_MAP;
+ private static final Map<String, XECParameters> NAME_MAP;
+
+ static {
+ final BigInteger TWO = BigInteger.valueOf(2);
+
+ Map<Integer, XECParameters> bySize = new HashMap<>();
+ Map<ObjectIdentifier, XECParameters> byOid = new HashMap<>();
+ Map<String, XECParameters> byName = new HashMap<>();
+
+ // set up X25519
+ try {
+ BigInteger p = TWO.pow(255).subtract(BigInteger.valueOf(19));
+ addParameters(255, p, 121665, (byte) 0x09, 3,
+ new int[]{1, 3, 101, 110}, NamedParameterSpec.X25519.getName(),
+ bySize, byOid, byName);
+
+ } catch (IOException ex) {
+ // Unable to set X25519 parameters---it will be disabled
+ }
+
+ // set up X448
+ try {
+ BigInteger p = TWO.pow(448).subtract(TWO.pow(224))
+ .subtract(BigInteger.ONE);
+ addParameters(448, p, 39081, (byte) 0x05, 2,
+ new int[]{1, 3, 101, 111}, NamedParameterSpec.X448.getName(),
+ bySize, byOid, byName);
+
+ } catch (IOException ex) {
+ // Unable to set X448 parameters---it will be disabled
+ }
+
+ SIZE_MAP = Collections.unmodifiableMap(bySize);
+ OID_MAP = Collections.unmodifiableMap(byOid);
+ NAME_MAP = Collections.unmodifiableMap(byName);
+ }
+
+ private static void addParameters(int bits, BigInteger p, int a24,
+ byte basePoint, int logCofactor, int[] oidBytes, String name,
+ Map<Integer, XECParameters> bySize,
+ Map<ObjectIdentifier, XECParameters> byOid,
+ Map<String, XECParameters> byName) throws IOException {
+
+ ObjectIdentifier oid = new ObjectIdentifier(oidBytes);
+ XECParameters params =
+ new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name);
+ bySize.put(bits, params);
+ byOid.put(oid, params);
+ byName.put(name.toLowerCase(), params);
+ }
+
+ public static Optional<XECParameters> getByOid(ObjectIdentifier id) {
+ return Optional.ofNullable(OID_MAP.get(id));
+ }
+ public static Optional<XECParameters> getBySize(int size) {
+ return Optional.ofNullable(SIZE_MAP.get(size));
+ }
+ public static Optional<XECParameters> getByName(String name) {
+ return Optional.ofNullable(NAME_MAP.get(name.toLowerCase()));
+ }
+
+ public boolean oidEquals(XECParameters other) {
+ return oid.equals(other.getOid());
+ }
+
+ // Utility method that is used by the methods below to handle exception
+ // suppliers
+ private static
+ <A, B> Supplier<B> apply(final Function<A, B> func, final A a) {
+ return new Supplier<B>() {
+ @Override
+ public B get() {
+ return func.apply(a);
+ }
+ };
+ }
+
+ /**
+ * Get parameters by key size, or throw an exception if no parameters are
+ * defined for the specified key size. This method is used in several
+ * contexts that should throw different exceptions when the parameters
+ * are not found. The first argument is a function that produces the
+ * desired exception.
+ *
+ * @param exception a function that produces an exception from a string
+ * @param size the desired key size
+ * @param <T> the type of exception that is thrown
+ * @return the parameters for the specified key size
+ * @throws T when suitable parameters do not exist
+ */
+ public static
+ <T extends Throwable>
+ XECParameters getBySize(Function<String, T> exception,
+ int size) throws T {
+
+ Optional<XECParameters> xecParams = getBySize(size);
+ return xecParams.orElseThrow(
+ apply(exception, "Unsupported size: " + size));
+ }
+
+ /**
+ * Get parameters by algorithm ID, or throw an exception if no
+ * parameters are defined for the specified ID. This method is used in
+ * several contexts that should throw different exceptions when the
+ * parameters are not found. The first argument is a function that produces
+ * the desired exception.
+ *
+ * @param exception a function that produces an exception from a string
+ * @param algId the algorithm ID
+ * @param <T> the type of exception that is thrown
+ * @return the parameters for the specified algorithm ID
+ * @throws T when suitable parameters do not exist
+ */
+ public static
+ <T extends Throwable>
+ XECParameters get(Function<String, T> exception,
+ AlgorithmId algId) throws T {
+
+ Optional<XECParameters> xecParams = getByOid(algId.getOID());
+ return xecParams.orElseThrow(
+ apply(exception, "Unsupported OID: " + algId.getOID()));
+ }
+
+ /**
+ * Get parameters by algorithm parameter spec, or throw an exception if no
+ * parameters are defined for the spec. This method is used in
+ * several contexts that should throw different exceptions when the
+ * parameters are not found. The first argument is a function that produces
+ * the desired exception.
+ *
+ * @param exception a function that produces an exception from a string
+ * @param params the algorithm parameters spec
+ * @param <T> the type of exception that is thrown
+ * @return the parameters for the spec
+ * @throws T when suitable parameters do not exist
+ */
+ public static
+ <T extends Throwable>
+ XECParameters get(Function<String, T> exception,
+ AlgorithmParameterSpec params) throws T {
+
+ if (params instanceof NamedParameterSpec) {
+ NamedParameterSpec namedParams = (NamedParameterSpec) params;
+ Optional<XECParameters> xecParams =
+ getByName(namedParams.getName());
+ return xecParams.orElseThrow(
+ apply(exception, "Unsupported name: " + namedParams.getName()));
+ } else {
+ throw exception.apply("Only NamedParameterSpec is supported.");
+ }
+ }
+}
+
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyAgreement.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyAgreement.java Thu Aug 16 14:01:03 2018 -0400
@@ -38,8 +38,11 @@
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
+import javax.crypto.spec.SecretKeySpec;
import java.util.function.Function;
+import sun.security.util.XECParameters;
+
public class XDHKeyAgreement extends KeyAgreementSpi {
private byte[] privateKey;
@@ -202,7 +205,14 @@
throws IllegalStateException, NoSuchAlgorithmException,
InvalidKeyException {
- throw new NoSuchAlgorithmException("Not supported");
+ if (algorithm == null) {
+ throw new NoSuchAlgorithmException("Algorithm must not be null");
+ }
+ if (!(algorithm.equals("TlsPremasterSecret"))) {
+ throw new NoSuchAlgorithmException
+ ("Only supported for algorithm TlsPremasterSecret");
+ }
+ return new SecretKeySpec(engineGenerateSecret(), "TlsPremasterSecret");
}
static class X25519 extends XDHKeyAgreement {
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyFactory.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyFactory.java Thu Aug 16 14:01:03 2018 -0400
@@ -44,6 +44,8 @@
import java.security.spec.XECPrivateKeySpec;
import java.util.function.Function;
+import sun.security.util.XECParameters;
+
public class XDHKeyFactory extends KeyFactorySpi {
private XECParameters lockedParams = null;
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyPairGenerator.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHKeyPairGenerator.java Thu Aug 16 14:01:03 2018 -0400
@@ -37,6 +37,7 @@
import java.security.spec.NamedParameterSpec;
import sun.security.jca.JCAUtil;
+import sun.security.util.XECParameters;
/**
* Key pair generator for the XDH key agreement algorithm.
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHPrivateKeyImpl.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHPrivateKeyImpl.java Thu Aug 16 14:01:03 2018 -0400
@@ -28,11 +28,11 @@
import java.security.interfaces.XECPrivateKey;
import java.util.Optional;
import java.security.InvalidKeyException;
-import java.security.PrivateKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
import sun.security.pkcs.PKCS8Key;
+import sun.security.util.XECParameters;
import sun.security.x509.AlgorithmId;
public final class XDHPrivateKeyImpl extends PKCS8Key implements XECPrivateKey {
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHPublicKeyImpl.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/XDHPublicKeyImpl.java Thu Aug 16 14:01:03 2018 -0400
@@ -28,13 +28,13 @@
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyRep;
-import java.security.PublicKey;
import java.security.interfaces.XECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.NamedParameterSpec;
-import java.util.Arrays;
import sun.security.util.BitArray;
+import sun.security.util.ECUtil;
+import sun.security.util.XECParameters;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X509Key;
@@ -52,11 +52,7 @@
this.algid = new AlgorithmId(params.getOid());
this.u = u.mod(params.getP());
- byte[] u_arr = this.u.toByteArray();
- reverse(u_arr);
- // u_arr may be too large or too small, depending on the value of u
- u_arr = Arrays.copyOf(u_arr, params.getBytes());
-
+ byte[] u_arr = ECUtil.encodeXecPublicKey(this.u, params);
setKey(new BitArray(u_arr.length * 8, u_arr));
checkLength(params);
@@ -70,16 +66,7 @@
this.paramSpec = new NamedParameterSpec(params.getName());
// construct the BigInteger representation
byte[] u_arr = getKey().toByteArray();
- reverse(u_arr);
-
- // clear the extra bits
- int bitsMod8 = params.getBits() % 8;
- if (bitsMod8 != 0) {
- int mask = (1 << bitsMod8) - 1;
- u_arr[0] &= mask;
- }
-
- this.u = new BigInteger(1, u_arr);
+ this.u = ECUtil.decodeXecPublicKey(u_arr, params);
checkLength(params);
}
@@ -113,22 +100,5 @@
getFormat(),
getEncoded());
}
-
- private static void swap(byte[] arr, int i, int j) {
- byte tmp = arr[i];
- arr[i] = arr[j];
- arr[j] = tmp;
- }
-
- private static void reverse(byte [] arr) {
- int i = 0;
- int j = arr.length - 1;
-
- while (i < j) {
- swap(arr, i, j);
- i++;
- j--;
- }
- }
}
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XECOperations.java Thu Aug 16 13:57:59 2018 -0400
+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/XECOperations.java Thu Aug 16 14:01:03 2018 -0400
@@ -32,6 +32,7 @@
import sun.security.util.math.SmallValue;
import sun.security.util.math.intpoly.IntegerPolynomial25519;
import sun.security.util.math.intpoly.IntegerPolynomial448;
+import sun.security.util.XECParameters;
import java.math.BigInteger;
import java.security.ProviderException;
--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/XECParameters.java Thu Aug 16 13:57:59 2018 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,263 +0,0 @@
-/*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.ec;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.NamedParameterSpec;
-import java.util.Collections;
-import java.util.Map;
-import java.util.HashMap;
-import java.util.Optional;
-import java.util.function.Function;
-import java.util.function.Supplier;
-
-import sun.security.util.ObjectIdentifier;
-import sun.security.x509.AlgorithmId;
-
-public class XECParameters {
-
- // Naming/identification parameters
- private final ObjectIdentifier oid;
- private final String name;
-
- // Curve/field parameters
- private final int bits;
- private final BigInteger p;
- private final int logCofactor;
- private final int a24;
- private final byte basePoint;
-
- /**
- *
- * Construct an object holding the supplied parameters. No parameters are
- * checked, so this method always succeeds. This method supports
- * Montgomery curves of the form y^2 = x^3 + ax^2 + x.
- *
- * @param bits The number of relevant bits in a public/private key.
- * @param p The prime that defines the finite field.
- * @param a24 The value of (a - 2) / 4, where a is the second-degree curve
- * coefficient.
- * @param basePoint The point that generates the desired group
- * @param logCofactor The base-2 logarithm of the cofactor of the curve
- * @param oid
- * @param name
- */
- public XECParameters(int bits, BigInteger p, int a24,
- byte basePoint, int logCofactor,
- ObjectIdentifier oid, String name) {
-
- this.bits = bits;
- this.logCofactor = logCofactor;
- this.p = p;
- this.a24 = a24;
- this.basePoint = basePoint;
- this.oid = oid;
- this.name = name;
-
- }
-
- public int getBits() {
- return bits;
- }
- public int getBytes() {
- return (bits + 7) / 8;
- }
- public int getLogCofactor() {
- return logCofactor;
- }
- public BigInteger getP() {
- return p;
- }
- public int getA24() {
- return a24;
- }
- public byte getBasePoint() {
- return basePoint;
- }
- public ObjectIdentifier getOid() {
- return oid;
- }
- public String getName() {
- return name;
- }
-
- private static final Map<Integer, XECParameters> SIZE_MAP;
- private static final Map<ObjectIdentifier, XECParameters> OID_MAP;
- private static final Map<String, XECParameters> NAME_MAP;
-
- static {
- final BigInteger TWO = BigInteger.valueOf(2);
-
- Map<Integer, XECParameters> bySize = new HashMap<>();
- Map<ObjectIdentifier, XECParameters> byOid = new HashMap<>();
- Map<String, XECParameters> byName = new HashMap<>();
-
- // set up X25519
- try {
- BigInteger p = TWO.pow(255).subtract(BigInteger.valueOf(19));
- addParameters(255, p, 121665, (byte) 0x09, 3,
- new int[]{1, 3, 101, 110}, NamedParameterSpec.X25519.getName(),
- bySize, byOid, byName);
-
- } catch (IOException ex) {
- // Unable to set X25519 parameters---it will be disabled
- }
-
- // set up X448
- try {
- BigInteger p = TWO.pow(448).subtract(TWO.pow(224))
- .subtract(BigInteger.ONE);
- addParameters(448, p, 39081, (byte) 0x05, 2,
- new int[]{1, 3, 101, 111}, NamedParameterSpec.X448.getName(),
- bySize, byOid, byName);
-
- } catch (IOException ex) {
- // Unable to set X448 parameters---it will be disabled
- }
-
- SIZE_MAP = Collections.unmodifiableMap(bySize);
- OID_MAP = Collections.unmodifiableMap(byOid);
- NAME_MAP = Collections.unmodifiableMap(byName);
- }
-
- private static void addParameters(int bits, BigInteger p, int a24,
- byte basePoint, int logCofactor, int[] oidBytes, String name,
- Map<Integer, XECParameters> bySize,
- Map<ObjectIdentifier, XECParameters> byOid,
- Map<String, XECParameters> byName) throws IOException {
-
- ObjectIdentifier oid = new ObjectIdentifier(oidBytes);
- XECParameters params =
- new XECParameters(bits, p, a24, basePoint, logCofactor, oid, name);
- bySize.put(bits, params);
- byOid.put(oid, params);
- byName.put(name, params);
- }
-
- public static Optional<XECParameters> getByOid(ObjectIdentifier id) {
- return Optional.ofNullable(OID_MAP.get(id));
- }
- public static Optional<XECParameters> getBySize(int size) {
- return Optional.ofNullable(SIZE_MAP.get(size));
- }
- public static Optional<XECParameters> getByName(String name) {
- return Optional.ofNullable(NAME_MAP.get(name));
- }
-
- boolean oidEquals(XECParameters other) {
- return oid.equals(other.getOid());
- }
-
- // Utility method that is used by the methods below to handle exception
- // suppliers
- private static
- <A, B> Supplier<B> apply(final Function<A, B> func, final A a) {
- return new Supplier<B>() {
- @Override
- public B get() {
- return func.apply(a);
- }
- };
- }
-
- /**
- * Get parameters by key size, or throw an exception if no parameters are
- * defined for the specified key size. This method is used in several
- * contexts that should throw different exceptions when the parameters
- * are not found. The first argument is a function that produces the
- * desired exception.
- *
- * @param exception a function that produces an exception from a string
- * @param size the desired key size
- * @param <T> the type of exception that is thrown
- * @return the parameters for the specified key size
- * @throws T when suitable parameters do not exist
- */
- public static
- <T extends Throwable>
- XECParameters getBySize(Function<String, T> exception,
- int size) throws T {
-
- Optional<XECParameters> xecParams = getBySize(size);
- return xecParams.orElseThrow(
- apply(exception, "Unsupported size: " + size));
- }
-
- /**
- * Get parameters by algorithm ID, or throw an exception if no
- * parameters are defined for the specified ID. This method is used in
- * several contexts that should throw different exceptions when the
- * parameters are not found. The first argument is a function that produces
- * the desired exception.
- *
- * @param exception a function that produces an exception from a string
- * @param algId the algorithm ID
- * @param <T> the type of exception that is thrown
- * @return the parameters for the specified algorithm ID
- * @throws T when suitable parameters do not exist
- */
- public static
- <T extends Throwable>
- XECParameters get(Function<String, T> exception,
- AlgorithmId algId) throws T {
-
- Optional<XECParameters> xecParams = getByOid(algId.getOID());
- return xecParams.orElseThrow(
- apply(exception, "Unsupported OID: " + algId.getOID()));
- }
-
- /**
- * Get parameters by algorithm parameter spec, or throw an exception if no
- * parameters are defined for the spec. This method is used in
- * several contexts that should throw different exceptions when the
- * parameters are not found. The first argument is a function that produces
- * the desired exception.
- *
- * @param exception a function that produces an exception from a string
- * @param params the algorithm parameters spec
- * @param <T> the type of exception that is thrown
- * @return the parameters for the spec
- * @throws T when suitable parameters do not exist
- */
- public static
- <T extends Throwable>
- XECParameters get(Function<String, T> exception,
- AlgorithmParameterSpec params) throws T {
-
- if (params instanceof NamedParameterSpec) {
- NamedParameterSpec namedParams = (NamedParameterSpec) params;
- Optional<XECParameters> xecParams =
- getByName(namedParams.getName());
- return xecParams.orElseThrow(
- apply(exception, "Unsupported name: " + namedParams.getName()));
- } else {
- throw exception.apply("Only NamedParameterSpec is supported.");
- }
- }
-}
-