8185292: Stricter key generation

Reviewed-by: mullan

8185292: Stricter key generation
Reviewed-by: mullan
cb7ceb93 · igerasim · 3761204b · cb7ceb93 · cb7ceb93 · cb7ceb93
6 changed file
--- a/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
+++ b/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -28,11 +28,13 @@ package com.sun.crypto.provider;
 import java.util.*;
 import java.lang.*;
 import java.math.BigInteger;
+import java.security.AccessController;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.PrivilegedAction;
 import java.security.ProviderException;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidKeySpecException;
@@ -60,6 +62,17 @@ extends KeyAgreementSpi {
    private BigInteger x = BigInteger.ZERO; // the private value
    private BigInteger y = BigInteger.ZERO;
+    private static class AllowKDF {
+        private static final boolean VALUE = getValue();
+        private static boolean getValue() {
+            return AccessController.doPrivileged(
+                (PrivilegedAction<Boolean>)
+                () -> Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF"));
+        }
+    }
    /**
     * Empty constructor
     */
@@ -367,6 +380,14 @@ extends KeyAgreementSpi {
        if (algorithm == null) {
            throw new NoSuchAlgorithmException("null algorithm");
        }
+        if (!algorithm.equalsIgnoreCase("TlsPremasterSecret") &&
+            !AllowKDF.VALUE) {
+            throw new NoSuchAlgorithmException("Unsupported secret key "
+                                               + "algorithm: " + algorithm);
+        }
        byte[] secret = engineGenerateSecret();
        if (algorithm.equalsIgnoreCase("DES")) {
            // DES

--- a/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java
+++ b/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -69,6 +69,17 @@ final class P11KeyAgreement extends KeyAgreementSpi {
    // KeyAgreement from SunJCE as fallback for > 2 party agreement
    private KeyAgreement multiPartyAgreement;
+    private static class AllowKDF {
+        private static final boolean VALUE = getValue();
+        private static boolean getValue() {
+            return AccessController.doPrivileged(
+                (PrivilegedAction<Boolean>)
+                () -> Boolean.getBoolean("jdk.crypto.KeyAgreement.legacyKDF"));
+        }
+    }
    P11KeyAgreement(Token token, String algorithm, long mechanism) {
        super();
        this.token = token;
@@ -260,6 +271,7 @@ final class P11KeyAgreement extends KeyAgreementSpi {
        if (algorithm == null) {
            throw new NoSuchAlgorithmException("Algorithm must not be null");
        }
        if (algorithm.equals("TlsPremasterSecret")) {
            // For now, only perform native derivation for TlsPremasterSecret
            // as that is required for FIPS compliance.
@@ -268,6 +280,14 @@ final class P11KeyAgreement extends KeyAgreementSpi {
            // (bug not yet filed).
            return nativeGenerateSecret(algorithm);
        }
+        if (!algorithm.equalsIgnoreCase("TlsPremasterSecret") &&
+            !AllowKDF.VALUE) {
+            throw new NoSuchAlgorithmException("Unsupported secret key "
+                                               + "algorithm: " + algorithm);
+        }
        byte[] secret = engineGenerateSecret();
        // Maintain compatibility for SunJCE:
        // verify secret length is sensible for algorithm / truncate

--- a/test/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
+++ b/test/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
 /*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
 * @summary Verify that DHKeyAgreement can generate secret key
 * objects for AES algorithm
 * @author Valerie Peng
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHGenSecretKey
 */
 import java.security.*;
 import java.security.interfaces.*;

--- a/test/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
+++ b/test/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 * @bug 7146728
 * @summary DHKeyAgreement2
 * @author Jan Luehe
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHKeyAgreement2
 */
 import java.io.*;

--- a/test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java
+++ b/test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java
 /*
- * Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,7 @@
 * @bug 8048819
 * @summary This test stressful verifies the assertion of "The secret keys generated
 * by all involved parties should be the same." for javax.crypto.KeyAgreement
- * @run main SameDHKeyStressTest
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true SameDHKeyStressTest
 */
 import java.security.AlgorithmParameterGenerator;
 import java.security.InvalidAlgorithmParameterException;

--- a/test/sun/security/pkcs11/KeyAgreement/TestDH.java
+++ b/test/sun/security/pkcs11/KeyAgreement/TestDH.java
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,8 @@
 * @summary Verify that DH works properly
 * @author Andreas Sterbenz
 * @library ..
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true TestDH
+ * @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true TestDH sm
 */
 import java.io.*;