8156213: Remove SHA-1 and 3KeyTDEA algorithms from DRBG
Reviewed-by: wetmore, xuelei
--- a/jdk/src/java.base/share/classes/java/security/DrbgParameters.java Thu May 12 09:49:42 2016 +0800
+++ b/jdk/src/java.base/share/classes/java/security/DrbgParameters.java Thu May 12 13:06:03 2016 +0800
@@ -196,10 +196,9 @@
* of the JDK reference implementation.
* <p>
* This implementation supports the Hash_DRBG and HMAC_DRBG mechanisms with
- * DRBG algorithm SHA-1, SHA-224, SHA-512/224, SHA-256, SHA-512/256,
- * SHA-384 and SHA-512, and CTR_DRBG (both using derivation function and
- * not using derivation function) with DRBG algorithm 3KeyTDEA
- * (also known as DESede in JCE), AES-128, AES-192 and AES-256.
+ * DRBG algorithm SHA-224, SHA-512/224, SHA-256, SHA-512/256, SHA-384 and
+ * SHA-512, and CTR_DRBG (both using derivation function and not using
+ * derivation function) with DRBG algorithm AES-128, AES-192 and AES-256.
* <p>
* The mechanism name and DRBG algorithm name are determined by the
* {@linkplain Security#getProperty(String) security property}
--- a/jdk/src/java.base/share/classes/sun/security/provider/AbstractDrbg.java Thu May 12 09:49:42 2016 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/provider/AbstractDrbg.java Thu May 12 13:06:03 2016 +0800
@@ -267,10 +267,9 @@
* {@code DEFAULT_STRENGTH} is 128) for HashDRBG:
* <pre>
* requested effective
- * (SHA-1, -1) (SHA-1,128)
- * (SHA-1, 112) (SHA-1,112)
- * (SHA-1, 192) IAE
+ * (SHA-224, 256) IAE
* (SHA-256, -1) (SHA-256,128)
+ * (SHA-256, 112) (SHA-256,112)
* (SHA-256, 128) (SHA-256,128)
* (SHA-3, -1) IAE
* (null, -1) (SHA-256,128)
--- a/jdk/src/java.base/share/classes/sun/security/provider/AbstractHashDrbg.java Thu May 12 09:49:42 2016 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/provider/AbstractHashDrbg.java Thu May 12 13:06:03 2016 +0800
@@ -39,8 +39,6 @@
private static int alg2strength(String algorithm) {
switch (algorithm.toUpperCase(Locale.ROOT)) {
- case "SHA-1":
- return 128;
case "SHA-224":
case "SHA-512/224":
return 192;
@@ -82,10 +80,6 @@
this.securityStrength = tryStrength;
}
switch (algorithm.toUpperCase(Locale.ROOT)) {
- case "SHA-1":
- this.seedLen = 440 / 8;
- this.outLen = 160 / 8;
- break;
case "SHA-224":
case "SHA-512/224":
this.seedLen = 440 / 8;
--- a/jdk/src/java.base/share/classes/sun/security/provider/CtrDrbg.java Thu May 12 09:49:42 2016 +0800
+++ b/jdk/src/java.base/share/classes/sun/security/provider/CtrDrbg.java Thu May 12 13:06:03 2016 +0800
@@ -27,7 +27,6 @@
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
-import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.security.*;
@@ -68,11 +67,6 @@
private static int alg2strength(String algorithm) {
switch (algorithm.toUpperCase(Locale.ROOT)) {
- case "TDEA":
- case "3KEYTDEA":
- case "3 KEY TDEA":
- case "DESEDE":
- return 112;
case "AES-128":
return 128;
case "AES-192":
@@ -120,16 +114,6 @@
this.securityStrength = tryStrength;
}
switch (algorithm.toUpperCase(Locale.ROOT)) {
- case "TDEA":
- case "3KEYTDEA":
- case "3 KEY TDEA":
- case "DESEDE":
- algorithm = "DESede";
- this.keyAlg = "DESede";
- this.cipherAlg = "DESede/ECB/NoPadding";
- this.blockLen = 64 / 8;
- this.keyLen = 168 / 8;
- break;
case "AES-128":
case "AES-192":
case "AES-256":
@@ -224,7 +208,7 @@
// Step 2.1. Increment
addOne(v, ctrLen);
// Step 2.2. Block_Encrypt
- cipher.init(Cipher.ENCRYPT_MODE, getKey(keyAlg, k));
+ cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
// Step 2.3. Encrypt into right position, no need to cat
cipher.doFinal(v, 0, blockLen, temp, i * blockLen);
}
@@ -316,7 +300,7 @@
for (int i = 0; i * blockLen < seedLen; i++) {
try {
- cipher.init(Cipher.ENCRYPT_MODE, getKey(keyAlg, k));
+ cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
int tailLen = temp.length - blockLen*i;
if (tailLen > blockLen) {
tailLen = blockLen;
@@ -340,7 +324,7 @@
inputBlock[j] ^= chain[j];
}
try {
- cipher.init(Cipher.ENCRYPT_MODE, getKey(keyAlg, k));
+ cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
chain = cipher.doFinal(inputBlock);
} catch (GeneralSecurityException e) {
throw new InternalError(e);
@@ -456,7 +440,7 @@
addOne(v, ctrLen);
try {
// Step 4.2. Encrypt
- cipher.init(Cipher.ENCRYPT_MODE, getKey(keyAlg, k));
+ cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
byte[] out = cipher.doFinal(v);
// Step 4.3 and 5. Cat bytes and leftmost
@@ -479,43 +463,6 @@
// Step 8. Return
}
- private static void des7to8(
- byte[] key56, int off56, byte[] key64, int off64) {
- key64[off64 + 0] = (byte)
- (key56[off56 + 0] & 0xFE); // << 0
- key64[off64 + 1] = (byte)
- ((key56[off56 + 0] << 7) | ((key56[off56 + 1] & 0xFF) >>> 1));
- key64[off64 + 2] = (byte)
- ((key56[off56 + 1] << 6) | ((key56[off56 + 2] & 0xFF) >>> 2));
- key64[off64 + 3] = (byte)
- ((key56[off56 + 2] << 5) | ((key56[off56 + 3] & 0xFF) >>> 3));
- key64[off64 + 4] = (byte)
- ((key56[off56 + 3] << 4) | ((key56[off56 + 4] & 0xFF) >>> 4));
- key64[off64 + 5] = (byte)
- ((key56[off56 + 4] << 3) | ((key56[off56 + 5] & 0xFF) >>> 5));
- key64[off64 + 6] = (byte)
- ((key56[off56 + 5] << 2) | ((key56[off56 + 6] & 0xFF) >>> 6));
- key64[off64 + 7] = (byte)
- (key56[off56 + 6] << 1);
-
- for (int i = 0; i < 8; i++) {
- // if even # bits, make uneven, XOR with 1 (uneven & 1)
- // for uneven # bits, make even, XOR with 0 (even & 1)
- key64[off64 + i] ^= Integer.bitCount(key64[off64 + i] ^ 1) & 1;
- }
- }
-
- private static SecretKey getKey(String keyAlg, byte[] k) {
- if (keyAlg.equals("DESede")) {
- byte[] k2 = new byte[24];
- des7to8(k, 0, k2, 0);
- des7to8(k, 7, k2, 8);
- des7to8(k, 14, k2, 16);
- k = k2;
- }
- return new SecretKeySpec(k, keyAlg);
- }
-
private void readObject(java.io.ObjectInputStream s)
throws IOException, ClassNotFoundException {
s.defaultReadObject ();
--- a/jdk/src/java.base/share/conf/security/java.security Thu May 12 09:49:42 2016 +0800
+++ b/jdk/src/java.base/share/conf/security/java.security Thu May 12 13:06:03 2016 +0800
@@ -206,16 +206,15 @@
# "Hash_DRBG" | "HMAC_DRBG" | "CTR_DRBG"
#
# // The DRBG algorithm name. The "SHA-***" names are for Hash_DRBG and
-# // HMAC_DRBG, default "SHA-256". "3KeyTDEA" and "AES-***" names are for
-# // CTR_DRBG, default "AES-128" when using the limited cryptographic
-# // or "AES-256" when using the unlimited.
+# // HMAC_DRBG, default "SHA-256". The "AES-***" names are for CTR_DRBG,
+# // default "AES-128" when using the limited cryptographic or "AES-256"
+# // when using the unlimited.
# algorithm_name:
-# "SHA-1" | "SHA-224" | "SHA-512/224" | "SHA-256" |
+# "SHA-224" | "SHA-512/224" | "SHA-256" |
# "SHA-512/256" | "SHA-384" | "SHA-512" |
-# "3KeyTDEA" | "AES-128" | "AES-192" | "AES-256"
+# "AES-128" | "AES-192" | "AES-256"
#
-# // Security strength requested. Default "128", or "112"
-# // if mech_name is CTR_DRBG and algorithm_name is "3KeyTDEA"
+# // Security strength requested. Default "128"
# strength:
# "112" | "128" | "192" | "256"
#
@@ -234,7 +233,7 @@
# "use_df" | "no_df"
#
# Examples,
-# securerandom.drbg.config=Hash_DRBG,SHA-1,112,none
+# securerandom.drbg.config=Hash_DRBG,SHA-224,112,none
# securerandom.drbg.config=CTR_DRBG,AES-256,192,pr_and_reseed,use_df
#
# The default value is an empty string, which is equivalent to
--- a/jdk/test/sun/security/provider/SecureRandom/DRBGAlg.java Thu May 12 09:49:42 2016 +0800
+++ b/jdk/test/sun/security/provider/SecureRandom/DRBGAlg.java Thu May 12 13:06:03 2016 +0800
@@ -47,7 +47,6 @@
check(null, "Hash_DRBG", "SHA-256", "reseed_only", ",128");
check("", "Hash_DRBG", "SHA-256", "reseed_only", ",128");
- check("sha-1", "Hash_DRBG", "SHA-1", "reseed_only", ",128");
check("sha-256", "Hash_DRBG", "SHA-256", "reseed_only", ",128");
check("SHA-3");
check("hash_drbg", "Hash_DRBG", "SHA-256", "reseed_only", ",128");
@@ -61,20 +60,20 @@
"Hash_DRBG", "SHA-512", "pr_and_reseed", ",192");
check("Hash_DRBG,Hmac_DRBG");
- check("SHA-1,SHA-256");
+ check("SHA-224,SHA-256");
check("128,256");
check("none,reseed_only");
check("use_df,no_df");
- check("Hash_DRBG,,SHA-1");
+ check("Hash_DRBG,,SHA-256");
check(null, DrbgParameters.instantiation(112, PR_AND_RESEED, null),
"Hash_DRBG", "SHA-256", "pr_and_reseed", ",112");
check(null, DrbgParameters.instantiation(256, PR_AND_RESEED, null),
"Hash_DRBG", "SHA-256", "pr_and_reseed", ",256");
check(null, DrbgParameters.instantiation(384, PR_AND_RESEED, null));
- check("sha-1", DrbgParameters.instantiation(112, PR_AND_RESEED, null),
- "Hash_DRBG", "SHA-1", "pr_and_reseed", ",112");
- check("sha-1", DrbgParameters.instantiation(192, PR_AND_RESEED, null));
+ check("sha-224", DrbgParameters.instantiation(112, PR_AND_RESEED, null),
+ "Hash_DRBG", "SHA-224", "pr_and_reseed", ",112");
+ check("sha-224", DrbgParameters.instantiation(256, PR_AND_RESEED, null));
check("hash_drbg,sha-512,Pr_and_Reseed,192",
DrbgParameters.instantiation(112, NONE, null),
"Hash_DRBG", "SHA-512", "reseed_only", ",112");
@@ -86,23 +85,23 @@
DrbgParameters.instantiation(192, PR_AND_RESEED, null),
"Hash_DRBG", "SHA-256", "pr_and_reseed", ",192");
- check("hash_drbg,sha-1", new MoreDrbgParameters(
+ check("hash_drbg,sha-224", new MoreDrbgParameters(
null, null, "sha-512", null, false,
DrbgParameters.instantiation(-1, NONE, null)),
"Hash_DRBG", "SHA-512");
- check("hash_drbg,sha-1", new MoreDrbgParameters(
+ check("hash_drbg,sha-224", new MoreDrbgParameters(
null, null, null, null, false,
DrbgParameters.instantiation(-1, NONE, null)),
- "Hash_DRBG", "SHA-1");
+ "Hash_DRBG", "SHA-224");
check("hash_drbg", new MoreDrbgParameters(
null, "hmac_drbg", null, null, false,
DrbgParameters.instantiation(-1, NONE, null)),
"HMAC_DRBG", "SHA-256");
- check("hash_drbg,sha-1", new MoreDrbgParameters(
+ check("hash_drbg,sha-224", new MoreDrbgParameters(
null, null, "sha-3", null, false,
DrbgParameters.instantiation(-1, NONE, null)));
- check("hash_drbg,sha-1", new MoreDrbgParameters(
+ check("hash_drbg,sha-224", new MoreDrbgParameters(
null, "Unknown_DRBG", null, null, false,
DrbgParameters.instantiation(-1, NONE, null)));
}
--- a/jdk/test/sun/security/provider/SecureRandom/DrbgCavp.java Thu May 12 09:49:42 2016 +0800
+++ b/jdk/test/sun/security/provider/SecureRandom/DrbgCavp.java Thu May 12 13:06:03 2016 +0800
@@ -278,10 +278,13 @@
ps)),
"SUN");
} catch (NoSuchAlgorithmException iae) {
+ // We don't support SHA-1 and 3KeyTDEA. AES-192 or
// AES-256 might not be available. This is OK.
- if ((algorithm.equals("AES-192")
+ if (algorithm.equals("SHA-1") ||
+ algorithm.equals("3KeyTDEA") ||
+ ((algorithm.equals("AES-192")
|| algorithm.equals("AES-256"))
- && AES_LIMIT == 128) {
+ && AES_LIMIT == 128)) {
hd = null;
} else {
throw iae;