# HG changeset patch # User apetcher # Date 1508853507 14400 # Node ID d4898fde81715ff226f33d763d459d4c69ad04a9 # Parent 52449da2c34910dce4582df497e1ea3af4ab4a4d 8185292: Stricter key generation Reviewed-by: mullan diff -r 52449da2c349 -r d4898fde8171 src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java --- a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java Wed Oct 18 10:43:58 2017 +0800 +++ b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java Tue Oct 24 09:58:27 2017 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,11 +28,13 @@ import java.util.*; import java.lang.*; import java.math.BigInteger; +import java.security.AccessController; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import java.security.PrivilegedAction; import java.security.ProviderException; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.InvalidKeySpecException; @@ -60,6 +62,17 @@ private BigInteger x = BigInteger.ZERO; // the private value private BigInteger y = BigInteger.ZERO; + private static class AllowKDF { + + private static final boolean VALUE = getValue(); + + private static boolean getValue() { + return AccessController.doPrivileged( + (PrivilegedAction) + () -> Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF")); + } + } + /** * Empty constructor */ @@ -367,6 +380,14 @@ if (algorithm == null) { throw new NoSuchAlgorithmException("null algorithm"); } + + if (!algorithm.equalsIgnoreCase("TlsPremasterSecret") && + !AllowKDF.VALUE) { + + throw new NoSuchAlgorithmException("Unsupported secret key " + + "algorithm: " + algorithm); + } + byte[] secret = engineGenerateSecret(); if (algorithm.equalsIgnoreCase("DES")) { // DES diff -r 52449da2c349 -r d4898fde8171 src/java.base/share/lib/security/default.policy --- a/src/java.base/share/lib/security/default.policy Wed Oct 18 10:43:58 2017 +0800 +++ b/src/java.base/share/lib/security/default.policy Tue Oct 24 09:58:27 2017 -0400 @@ -124,6 +124,7 @@ permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.arch", "read"; + permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; permission java.security.SecurityPermission "putProviderProperty.*"; permission java.security.SecurityPermission "clearProviderProperties.*"; permission java.security.SecurityPermission "removeProviderProperty.*"; diff -r 52449da2c349 -r d4898fde8171 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java Wed Oct 18 10:43:58 2017 +0800 +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java Tue Oct 24 09:58:27 2017 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -69,6 +69,17 @@ // KeyAgreement from SunJCE as fallback for > 2 party agreement private KeyAgreement multiPartyAgreement; + private static class AllowKDF { + + private static final boolean VALUE = getValue(); + + private static boolean getValue() { + return AccessController.doPrivileged( + (PrivilegedAction) + () -> Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF")); + } + } + P11KeyAgreement(Token token, String algorithm, long mechanism) { super(); this.token = token; @@ -260,6 +271,7 @@ if (algorithm == null) { throw new NoSuchAlgorithmException("Algorithm must not be null"); } + if (algorithm.equals("TlsPremasterSecret")) { // For now, only perform native derivation for TlsPremasterSecret // as that is required for FIPS compliance. @@ -268,6 +280,14 @@ // (bug not yet filed). return nativeGenerateSecret(algorithm); } + + if (!algorithm.equalsIgnoreCase("TlsPremasterSecret") && + !AllowKDF.VALUE) { + + throw new NoSuchAlgorithmException("Unsupported secret key " + + "algorithm: " + algorithm); + } + byte[] secret = engineGenerateSecret(); // Maintain compatibility for SunJCE: // verify secret length is sensible for algorithm / truncate diff -r 52449da2c349 -r d4898fde8171 test/jdk/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java --- a/test/jdk/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java Wed Oct 18 10:43:58 2017 +0800 +++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java Tue Oct 24 09:58:27 2017 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,6 +27,7 @@ * @summary Verify that DHKeyAgreement can generate secret key * objects for AES algorithm * @author Valerie Peng + * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHGenSecretKey */ import java.security.*; import java.security.interfaces.*; diff -r 52449da2c349 -r d4898fde8171 test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java --- a/test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java Wed Oct 18 10:43:58 2017 +0800 +++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java Tue Oct 24 09:58:27 2017 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ * @bug 7146728 * @summary DHKeyAgreement2 * @author Jan Luehe + * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHKeyAgreement2 */ import java.io.*; diff -r 52449da2c349 -r d4898fde8171 test/jdk/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java --- a/test/jdk/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java Wed Oct 18 10:43:58 2017 +0800 +++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java Tue Oct 24 09:58:27 2017 -0400 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,7 +26,7 @@ * @bug 8048819 * @summary This test stressful verifies the assertion of "The secret keys generated * by all involved parties should be the same." for javax.crypto.KeyAgreement - * @run main SameDHKeyStressTest + * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true SameDHKeyStressTest */ import java.security.AlgorithmParameterGenerator; import java.security.InvalidAlgorithmParameterException; diff -r 52449da2c349 -r d4898fde8171 test/jdk/sun/security/pkcs11/KeyAgreement/TestDH.java --- a/test/jdk/sun/security/pkcs11/KeyAgreement/TestDH.java Wed Oct 18 10:43:58 2017 +0800 +++ b/test/jdk/sun/security/pkcs11/KeyAgreement/TestDH.java Tue Oct 24 09:58:27 2017 -0400 @@ -28,8 +28,8 @@ * @author Andreas Sterbenz * @library .. * @modules jdk.crypto.cryptoki - * @run main/othervm TestDH - * @run main/othervm TestDH sm + * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true TestDH + * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true TestDH sm */ import java.security.KeyPair;