From ec5bc9595f9f7b2f0e741eed1dd24bc8b2cfd933 Mon Sep 17 00:00:00 2001 From: coffeys Date: Mon, 23 Oct 2017 02:28:19 -0700 Subject: [PATCH] 8072452: Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits 8154344: sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java fails on solaris Reviewed-by: xuelei --- .../crypto/provider/DHKeyPairGenerator.java | 17 +- .../crypto/provider/DHParameterGenerator.java | 80 +++--- .../security/pkcs11/P11KeyPairGenerator.java | 58 ++-- .../provider/DSAKeyPairGenerator.java | 2 + .../provider/DSAParameterGenerator.java | 35 ++- .../sun/security/provider/ParameterCache.java | 255 +++++++++++++++++- .../classes/sun/security/ssl/DHCrypt.java | 134 ++++++++- .../sun/security/ssl/ServerHandshaker.java | 33 ++- .../KeyAgreement/SupportedDHKeys.java | 110 ++++++++ .../KeyAgreement/SupportedDHParamGens.java | 98 +++++++ .../KeyAgreement/UnsupportedDHKeys.java | 73 +++++ .../pkcs11/KeyAgreement/SupportedDHKeys.java | 131 +++++++++ .../KeyAgreement/UnsupportedDHKeys.java | 85 ++++++ .../pkcs11/KeyPairGenerator/TestDH2048.java | 48 +++- .../provider/DSA/SupportedDSAParamGen.java | 83 ++++++ .../provider/DSA/TestKeyPairGenerator.java | 20 +- 16 files changed, 1142 insertions(+), 120 deletions(-) create mode 100644 test/com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java create mode 100644 test/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java create mode 100644 test/com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java create mode 100644 test/sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java create mode 100644 test/sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java create mode 100644 test/sun/security/provider/DSA/SupportedDSAParamGen.java diff --git a/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java b/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java index a355a5f0d..09b132e92 100644 --- a/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java +++ b/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java @@ -74,10 +74,10 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi { private static void checkKeySize(int keysize) throws InvalidParameterException { - if ((keysize < 512) || (keysize > 2048) || ((keysize & 0x3F) != 0)) { + if ((keysize < 512) || (keysize > 8192) || ((keysize & 0x3F) != 0)) { throw new InvalidParameterException( "DH key size must be multiple of 64, and can only range " + - "from 512 to 2048 (inclusive). " + + "from 512 to 8192 (inclusive). " + "The specific key size " + keysize + " is not supported"); } } @@ -91,12 +91,23 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi { * @param random the source of randomness */ public void initialize(int keysize, SecureRandom random) { + checkKeySize(keysize); + // Use the built-in parameters (ranging from 512 to 8192) + // when available. + this.params = ParameterCache.getCachedDHParameterSpec(keysize); + + // Due to performance issue, only support DH parameters generation + // up to 1024 bits. + if ((this.params == null) && (keysize > 1024)) { + throw new InvalidParameterException( + "Unsupported " + keysize + "-bit DH parameter generation"); + } + this.pSize = keysize; this.lSize = 0; this.random = random; - this.params = null; } /** diff --git a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java index 5d8ed3d2b..70d31f1dc 100644 --- a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java +++ b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java @@ -25,6 +25,7 @@ package com.sun.crypto.provider; +import java.math.BigInteger; import java.security.*; import java.security.spec.*; import javax.crypto.spec.DHParameterSpec; @@ -47,8 +48,7 @@ import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE; * @see java.security.spec.AlgorithmParameterSpec * @see DHParameters */ -public final class DHParameterGenerator -extends AlgorithmParameterGeneratorSpi { +public final class DHParameterGenerator extends AlgorithmParameterGeneratorSpi { // The size in bits of the prime modulus private int primeSize = DEF_DH_KEY_SIZE; @@ -61,11 +61,13 @@ extends AlgorithmParameterGeneratorSpi { private static void checkKeySize(int keysize) throws InvalidParameterException { - if ((keysize != 2048) && - ((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0))) { + boolean supported = ((keysize == 2048) || (keysize == 3072) || + ((keysize >= 512) && (keysize <= 1024) && ((keysize & 0x3F) == 0))); + + if (!supported) { throw new InvalidParameterException( "DH key size must be multiple of 64 and range " + - "from 512 to 1024 (inclusive), or 2048. " + + "from 512 to 1024 (inclusive), or 2048, 3072. " + "The specific key size " + keysize + " is not supported"); } } @@ -78,8 +80,8 @@ extends AlgorithmParameterGeneratorSpi { * @param keysize the keysize (size of prime modulus) in bits * @param random the source of randomness */ + @Override protected void engineInit(int keysize, SecureRandom random) { - // Re-uses DSA parameters and thus have the same range checkKeySize(keysize); this.primeSize = keysize; this.random = random; @@ -96,36 +98,31 @@ extends AlgorithmParameterGeneratorSpi { * @exception InvalidAlgorithmParameterException if the given parameter * generation values are inappropriate for this parameter generator */ + @Override protected void engineInit(AlgorithmParameterSpec genParamSpec, - SecureRandom random) - throws InvalidAlgorithmParameterException { + SecureRandom random) throws InvalidAlgorithmParameterException { + if (!(genParamSpec instanceof DHGenParameterSpec)) { throw new InvalidAlgorithmParameterException ("Inappropriate parameter type"); } DHGenParameterSpec dhParamSpec = (DHGenParameterSpec)genParamSpec; - primeSize = dhParamSpec.getPrimeSize(); - - // Re-uses DSA parameters and thus have the same range + exponentSize = dhParamSpec.getExponentSize(); + if ((exponentSize <= 0) || (exponentSize >= primeSize)) { + throw new InvalidAlgorithmParameterException( + "Exponent size (" + exponentSize + + ") must be positive and less than modulus size (" + + primeSize + ")"); + } try { checkKeySize(primeSize); } catch (InvalidParameterException ipe) { throw new InvalidAlgorithmParameterException(ipe.getMessage()); } - exponentSize = dhParamSpec.getExponentSize(); - if (exponentSize <= 0) { - throw new InvalidAlgorithmParameterException - ("Exponent size must be greater than zero"); - } - - // Require exponentSize < primeSize - if (exponentSize >= primeSize) { - throw new InvalidAlgorithmParameterException - ("Exponent size must be less than modulus size"); - } + this.random = random; } /** @@ -133,24 +130,22 @@ extends AlgorithmParameterGeneratorSpi { * * @return the new AlgorithmParameters object */ + @Override protected AlgorithmParameters engineGenerateParameters() { - AlgorithmParameters algParams = null; - if (this.exponentSize == 0) { - this.exponentSize = this.primeSize - 1; + if (random == null) { + random = SunJCE.getRandom(); } - if (this.random == null) - this.random = SunJCE.getRandom(); - + BigInteger paramP = null; + BigInteger paramG = null; try { - AlgorithmParameterGenerator paramGen; - DSAParameterSpec dsaParamSpec; - - paramGen = AlgorithmParameterGenerator.getInstance("DSA"); - paramGen.init(this.primeSize, random); - algParams = paramGen.generateParameters(); - dsaParamSpec = algParams.getParameterSpec(DSAParameterSpec.class); + AlgorithmParameterGenerator dsaParamGen = + AlgorithmParameterGenerator.getInstance("DSA"); + dsaParamGen.init(primeSize, random); + AlgorithmParameters dsaParams = dsaParamGen.generateParameters(); + DSAParameterSpec dsaParamSpec = + dsaParams.getParameterSpec(DSAParameterSpec.class); DHParameterSpec dhParamSpec; if (this.exponentSize > 0) { @@ -161,16 +156,13 @@ extends AlgorithmParameterGeneratorSpi { dhParamSpec = new DHParameterSpec(dsaParamSpec.getP(), dsaParamSpec.getG()); } - algParams = AlgorithmParameters.getInstance("DH", - SunJCE.getInstance()); + AlgorithmParameters algParams = + AlgorithmParameters.getInstance("DH", SunJCE.getInstance()); algParams.init(dhParamSpec); - } catch (InvalidParameterSpecException e) { - // this should never happen - throw new RuntimeException(e.getMessage()); - } catch (NoSuchAlgorithmException e) { - // this should never happen, because we provide it - throw new RuntimeException(e.getMessage()); + + return algParams; + } catch (Exception ex) { + throw new ProviderException("Unexpected exception", ex); } - return algParams; } } diff --git a/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java b/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java index 3c9b12e0f..1a7185116 100644 --- a/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java +++ b/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java @@ -141,6 +141,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { } // see JCA spec + @Override public void initialize(int keySize, SecureRandom random) { token.ensureValid(); try { @@ -162,6 +163,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { } // see JCA spec + @Override public void initialize(AlgorithmParameterSpec params, SecureRandom random) throws InvalidAlgorithmParameterException { token.ensureValid(); @@ -173,7 +175,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { } DHParameterSpec dhParams = (DHParameterSpec) params; tmpKeySize = dhParams.getP().bitLength(); - checkKeySize(tmpKeySize, null); + checkKeySize(tmpKeySize, dhParams); // XXX sanity check params } else if (algorithm.equals("RSA")) { if (params instanceof RSAKeyGenParameterSpec == false) { @@ -195,7 +197,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { } DSAParameterSpec dsaParams = (DSAParameterSpec) params; tmpKeySize = dsaParams.getP().bitLength(); - checkKeySize(tmpKeySize, null); + checkKeySize(tmpKeySize, dsaParams); // XXX sanity check params } else if (algorithm.equals("EC")) { ECParameterSpec ecParams; @@ -220,7 +222,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { ("ECParameterSpec or ECGenParameterSpec required for EC"); } tmpKeySize = ecParams.getCurve().getField().getFieldSize(); - checkKeySize(tmpKeySize, null); + checkKeySize(tmpKeySize, ecParams); } else { throw new ProviderException("Unknown algorithm: " + algorithm); } @@ -229,8 +231,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { this.random = random; } - // NOTE: 'params' is only used for checking RSA keys currently. - private void checkKeySize(int keySize, RSAKeyGenParameterSpec params) + private void checkKeySize(int keySize, AlgorithmParameterSpec params) throws InvalidAlgorithmParameterException { // check native range first if ((minKeySize != -1) && (keySize < minKeySize)) { @@ -267,7 +268,8 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { if (algorithm.equals("RSA")) { BigInteger tmpExponent = rsaPublicExponent; if (params != null) { - tmpExponent = params.getPublicExponent(); + tmpExponent = + ((RSAKeyGenParameterSpec)params).getPublicExponent(); } try { // Reuse the checking in SunRsaSign provider. @@ -277,10 +279,10 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { minKeySize, (maxKeySize==-1? Integer.MAX_VALUE:maxKeySize)); } catch (InvalidKeyException e) { - throw new InvalidAlgorithmParameterException(e.getMessage()); + throw new InvalidAlgorithmParameterException(e); } - } else { - if (algorithm.equals("DH") && (params != null)) { + } else if (algorithm.equals("DH")) { + if (params != null) { // initialized with specified parameters // sanity check, nobody really wants keys this large if (keySize > 64 * 1024) { throw new InvalidAlgorithmParameterException( @@ -288,24 +290,44 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi { "The specific key size " + keySize + " is not supported"); } - } else { - // this restriction is in the spec for DSA - // since we currently use DSA parameters for DH as well, - // it also applies to DH if no parameters are specified - if ((keySize != 2048) && - ((keySize > 1024) || ((keySize & 0x3f) != 0))) { - throw new InvalidAlgorithmParameterException(algorithm + - " key must be multiples of 64 if less than 1024 bits" + - ", or 2048 bits. " + + } else { // default parameters will be used. + // Range is based on the values in + // sun.security.provider.ParameterCache class. + if ((keySize > 8192) || (keySize < 512) || + ((keySize & 0x3f) != 0)) { + throw new InvalidAlgorithmParameterException( + "DH key size must be multiple of 64, and can " + + "only range from 512 to 8192 (inclusive). " + "The specific key size " + keySize + " is not supported"); } + + DHParameterSpec cache = + ParameterCache.getCachedDHParameterSpec(keySize); + // Except 2048 and 3072, not yet support generation of + // parameters bigger than 1024 bits. + if ((cache == null) && (keySize > 1024)) { + throw new InvalidAlgorithmParameterException( + "Unsupported " + keySize + + "-bit DH parameter generation"); + } + } + } else { + // this restriction is in the spec for DSA + if ((keySize != 3072) && (keySize != 2048) && + ((keySize > 1024) || ((keySize & 0x3f) != 0))) { + throw new InvalidAlgorithmParameterException( + "DSA key must be multiples of 64 if less than " + + "1024 bits, or 2048, 3072 bits. " + + "The specific key size " + + keySize + " is not supported"); } } } } // see JCA spec + @Override public KeyPair generateKeyPair() { token.ensureValid(); CK_ATTRIBUTE[] publicKeyTemplate; diff --git a/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java b/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java index 4a5123c0a..50d9bcc2b 100644 --- a/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java +++ b/src/share/classes/sun/security/provider/DSAKeyPairGenerator.java @@ -75,6 +75,8 @@ class DSAKeyPairGenerator extends KeyPairGenerator { // N=160 } else if (sizeP == 2048 && (sizeQ == 224 || sizeQ == 256)) { // L=2048, N=224 or 256 + } else if (sizeP == 3072 && sizeQ == 256) { + // L=3072, N=256 } else { throw new InvalidParameterException ("Unsupported prime and subprime size combination: " + diff --git a/src/share/classes/sun/security/provider/DSAParameterGenerator.java b/src/share/classes/sun/security/provider/DSAParameterGenerator.java index af8fb7b19..f4214fec9 100644 --- a/src/share/classes/sun/security/provider/DSAParameterGenerator.java +++ b/src/share/classes/sun/security/provider/DSAParameterGenerator.java @@ -68,7 +68,6 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { private SecureRandom random; // useful constants - private static final BigInteger ZERO = BigInteger.valueOf(0); private static final BigInteger ONE = BigInteger.valueOf(1); private static final BigInteger TWO = BigInteger.valueOf(2); @@ -84,11 +83,16 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { */ @Override protected void engineInit(int strength, SecureRandom random) { - if ((strength != 2048) && - ((strength < 512) || (strength > 1024) || (strength % 64 != 0))) { + if ((strength >= 512) && (strength <= 1024) && (strength % 64 == 0)) { + this.valueN = 160; + } else if (strength == 2048) { + this.valueN = 224; + } else if (strength == 3072) { + this.valueN = 256; + } else { throw new InvalidParameterException( - "Unexpected strength (size of prime): " + strength + - ". Prime size should be 512-1024, or 2048"); + "Unexpected strength (size of prime): " + strength + ". " + + "Prime size should be 512 - 1024, or 2048, 3072"); } this.valueL = strength; this.valueN = getDefDSASubprimeSize(strength); @@ -114,13 +118,9 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { throw new InvalidAlgorithmParameterException("Invalid parameter"); } DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec)genParamSpec; - int primePLen = dsaGenParams.getPrimePLength(); - if (primePLen > 2048) { - throw new InvalidParameterException - ("No support for prime size " + primePLen); - } + // directly initialize using the already validated values - this.valueL = primePLen; + this.valueL = dsaGenParams.getPrimePLength(); this.valueN = dsaGenParams.getSubprimeQLength(); this.seedLen = dsaGenParams.getSeedLength(); this.random = random; @@ -131,6 +131,7 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { * * @return the new AlgorithmParameters object */ + @Override protected AlgorithmParameters engineGenerateParameters() { AlgorithmParameters algParams = null; try { @@ -204,11 +205,13 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { int b = (valueL - 1) % outLen; byte[] seedBytes = new byte[seedLen/8]; BigInteger twoSl = TWO.pow(seedLen); - int primeCertainty = -1; + int primeCertainty = 80; // for 1024-bit prime P if (valueL <= 1024) { primeCertainty = 80; } else if (valueL == 2048) { primeCertainty = 112; + } else if (valueL == 3072) { + primeCertainty = 128; } if (primeCertainty < 0) { @@ -227,7 +230,10 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { mod(TWO.pow(valueN - 1)); /* Step 7 */ - resultQ = TWO.pow(valueN - 1).add(U).add(ONE). subtract(U.mod(TWO)); + resultQ = TWO.pow(valueN - 1) + .add(U) + .add(ONE) + .subtract(U.mod(TWO)); } while (!resultQ.isProbablePrime(primeCertainty)); /* Step 10 */ @@ -247,7 +253,8 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { for (int i = 1; i < n; i++) { W = W.add(V[i].multiply(TWO.pow(i * outLen))); } - W = W.add((V[n].mod(TWO.pow(b))).multiply(TWO.pow(n * outLen))); + W = W.add((V[n].mod(TWO.pow(b))) + .multiply(TWO.pow(n * outLen))); /* Step 11.3 */ BigInteger twoLm1 = TWO.pow(valueL - 1); BigInteger X = W.add(twoLm1); diff --git a/src/share/classes/sun/security/provider/ParameterCache.java b/src/share/classes/sun/security/provider/ParameterCache.java index 0edff492d..0aad0d93d 100644 --- a/src/share/classes/sun/security/provider/ParameterCache.java +++ b/src/share/classes/sun/security/provider/ParameterCache.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -65,7 +65,7 @@ public final class ParameterCache { // case#1: (512 <= p <= 1024) AND q=160 // case#2: p=2048 AND q=224 // case#3: p=2048 AND q=256 - // (NOT-YET-SUPPORTED)case#4: p=3072 AND q=256 + // case#4: p=3072 AND q=256 return dsaCache.get(Integer.valueOf(primeLen+subprimeLen)); } @@ -90,6 +90,8 @@ public final class ParameterCache { return getDSAParameterSpec(primeLen, 160, random); } else if (primeLen == 2048) { return getDSAParameterSpec(primeLen, 224, random); + } else if (primeLen == 3072) { + return getDSAParameterSpec(primeLen, 256, random); } else { return null; } @@ -165,8 +167,8 @@ public final class ParameterCache { /* * We support precomputed parameter for legacy 512, 768 bit moduli, - * and (L, N) combinations of (1024, 160), (2048, 224), (2048, 256). - * In this file we provide both the seed and counter + * and (L, N) combinations of (1024, 160), (2048, 224), (2048, 256), + * (3072, 256). In this file we provide both the seed and counter * value of the generation process for each of these seeds, * for validation purposes. We also include the test vectors * from the DSA specification, FIPS 186, and the FIPS 186 @@ -288,12 +290,14 @@ public final class ParameterCache { "af02112b0d1f02da30973224fe27aeda8b9d4b2922" + "d9ba8be39ed9e103a63c52810bc688b7e2ed4316e1" + "ef17dbde", 16); + dsaCache.put(Integer.valueOf(2048+224), new DSAParameterSpec(p2048_224, q2048_224, g2048_224)); /* * L = 2048, N = 256 - * SEED = b0b4417601b59cbc9d8ac8f935cadaec4f5fbb2f23785609ae466748d9b5a536 + * SEED = b0b4417601b59cbc9d8ac8f935cadaec \ + * 4f5fbb2f23785609ae466748d9b5a536 * counter = 497 */ BigInteger p2048_256 = @@ -329,14 +333,245 @@ public final class ParameterCache { "8d15bbac65212a55239cfc7e58fae38d7250ab9991" + "ffbc97134025fe8ce04c4399ad96569be91a546f49" + "78693c7a", 16); + dsaCache.put(Integer.valueOf(2048+256), new DSAParameterSpec(p2048_256, q2048_256, g2048_256)); - // use DSA parameters for DH as well + + /* + * L = 3072, N = 256 + * SEED = 9fe304be4d6b9919559f39d5911d12e9 \ + * 5158d6946598cd59775b8f3b8fff3a3f + * counter = 1186 + */ + BigInteger p3072_256 = new BigInteger( + "ea9cda9f5fbda66dd830494609405687ab7cf38538e058d1" + + "e2f68dea95364866e1c05beacded24227edee28cad80bcec" + + "ad39913be3b713267b3b96c8d9f0f6a03b5dfc9222d5cfe4" + + "afcc9982f33784f760c3b759aebe3bbe9098a6b84c96f1fd" + + "e44ce11c084c2a082c7a76a0ef142928b4f328406ab9beb2" + + "4f84577dd0f46ce86fd8f08488269998bf4742d6425f7a0e" + + "c75d8660c5dd6f4e3b3d3bee81b2c21afe8c9e8b84b87192" + + "e2cc20f961d2bcd8133afcf3675ab80681cb374c78f33e29" + + "d1011083d89f9c5728b94676fccb1b57bc60288c15d85ae8" + + "38ae1941c5a20ae2b2049b3583fe30da455ddb3e6ad9b995" + + "5cd9bb5681431622beb0f92da533fcab496cebc447aa1bb5" + + "a8039522f2da98ff416289323a64df626ab6881870927dce" + + "e387f13b5c9d24d6cba1d82ed375a082506ee87bc7ae3006" + + "7f4a94e2ee363d992c40f2725b5db4b3525ebde22bbbfd0f" + + "a124a588b0f5a4acb3a86951aff09f8c8198fb5b53da0c93" + + "1cedc598b4f835b779d04d99026c7ba08c4b27f118ac1e3d", 16); + + BigInteger q3072_256 = new BigInteger( + "c4eeac2bbab79bd831946d717a56a6e687547aa8e9c5494a" + + "5a4b2f4ca13d6c11", 16); + + BigInteger g3072_256 = new BigInteger( + "42e5fa7844f8fa9d8998d830d004e7b15b1d276bcbe5f12c" + + "35ec90c1a25f5832018a6724bd9cdbe803b675509bed167f" + + "3d7cf8599fc865c6d5a0f79158c1bc918f00a944d0ad0f38" + + "f520fb91d85d82674d0d5f874faa5fcdfe56cd178c1afdc7" + + "ce8795727b7dee966ed0b3c5cedcef8aca628befebf2d105" + + "c7aff8eb0da9c9610737dd64dce1237b82c1b2bc8608d55f" + + "fda98d7189444e65883315669c05716bde36c78b130aa3df" + + "2e4d609914c7c8dc470f4e300187c775f81e7b1a9c0dce40" + + "5d6eab2cbb9d9c4ef44412ba573dd403c4ed7bc2364772f5" + + "6a30c48de78f5003f9371c55262d2c8ac2246ade3b02fdcf" + + "cf5cbfde74fbcbfe6e0e0fdf3160764f84d311c179a40af6" + + "79a8f47ab13c8f706893245eb11edcce451fa2ab98001998" + + "7f125d8dc96622d419ba0d71f16c6024dce9d364c3b26d8e" + + "c1a3c828f6c9d14b1d0333b95db77bfdbe3c6bce5337a1a5" + + "a7ace10111219448447197e2a344cc423be768bb89e27be6" + + "cbd22085614a5a3360be23b1bfbb6e6e6471363d32c85d31", 16); + + dsaCache.put(Integer.valueOf(3072+256), + new DSAParameterSpec(p3072_256, q3072_256, g3072_256)); + + // + // Diffie-Hellman Groups + // + + // the common generator + BigInteger dhG = BigInteger.valueOf(2); + + // + // From RFC 7296 + + // The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } + BigInteger dhP768 = new BigInteger( + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF", 16); + + // The prime is 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 } + BigInteger dhP1024 = new BigInteger( + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" + + "FFFFFFFFFFFFFFFF", 16); + + // + // From RFC 3526 + + // The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } + BigInteger dhP1536 = new BigInteger( + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + + "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", 16); + + // This prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } + BigInteger dhP2048 = new BigInteger( + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" + + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + + "15728E5A8AACAA68FFFFFFFFFFFFFFFF", 16); + + // This prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } + BigInteger dhP3072 = new BigInteger( + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" + + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" + + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" + + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" + + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" + + "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF", 16); + + // This prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } + BigInteger dhP4096 = new BigInteger( + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" + + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" + + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" + + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" + + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" + + "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" + + "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" + + "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" + + "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" + + "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" + + "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" + + "FFFFFFFFFFFFFFFF", 16); + + // This prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } + BigInteger dhP6144 = new BigInteger( + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08" + + "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B" + + "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9" + + "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6" + + "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8" + + "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D" + + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C" + + "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718" + + "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D" + + "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D" + + "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226" + + "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC" + + "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26" + + "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB" + + "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2" + + "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127" + + "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" + + "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406" + + "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918" + + "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151" + + "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03" + + "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F" + + "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" + + "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B" + + "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632" + + "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E" + + "6DCC4024FFFFFFFFFFFFFFFF", 16); + + // This prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } + BigInteger dhP8192 = new BigInteger( + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + + "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" + + "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" + + "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + + "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" + + "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" + + "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" + + "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" + + "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" + + "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" + + "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" + + "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" + + "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" + + "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" + + "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" + + "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" + + "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831" + + "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" + + "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF" + + "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" + + "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3" + + "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" + + "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328" + + "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" + + "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE" + + "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4" + + "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300" + + "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568" + + "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9" + + "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B" + + "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A" + + "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36" + + "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1" + + "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92" + + "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47" + + "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" + + "60C980DD98EDD3DFFFFFFFFFFFFFFFFF", 16); + + // use DSA parameters for DH for sizes not defined in RFC 7296, 3526 dhCache.put(Integer.valueOf(512), new DHParameterSpec(p512, g512)); - dhCache.put(Integer.valueOf(768), new DHParameterSpec(p768, g768)); - dhCache.put(Integer.valueOf(1024), new DHParameterSpec(p1024, g1024)); - dhCache.put(Integer.valueOf(2048), new DHParameterSpec(p2048_224, g2048_224)); - } + dhCache.put(Integer.valueOf(768), new DHParameterSpec(dhP768, dhG)); + dhCache.put(Integer.valueOf(1024), new DHParameterSpec(dhP1024, dhG)); + dhCache.put(Integer.valueOf(1536), new DHParameterSpec(dhP1536, dhG)); + dhCache.put(Integer.valueOf(2048), new DHParameterSpec(dhP2048, dhG)); + dhCache.put(Integer.valueOf(3072), new DHParameterSpec(dhP3072, dhG)); + dhCache.put(Integer.valueOf(4096), new DHParameterSpec(dhP4096, dhG)); + dhCache.put(Integer.valueOf(6144), new DHParameterSpec(dhP6144, dhG)); + dhCache.put(Integer.valueOf(8192), new DHParameterSpec(dhP8192, dhG)); + } } diff --git a/src/share/classes/sun/security/ssl/DHCrypt.java b/src/share/classes/sun/security/ssl/DHCrypt.java index 4fd224bee..d51e8f433 100644 --- a/src/share/classes/sun/security/ssl/DHCrypt.java +++ b/src/share/classes/sun/security/ssl/DHCrypt.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -151,7 +151,7 @@ final class DHCrypt { params.getP(), params.getG()); } try { - KeyFactory factory = JsseJce.getKeyFactory("DH"); + KeyFactory factory = JsseJce.getKeyFactory("DiffieHellman"); return factory.getKeySpec(key, DHPublicKeySpec.class); } catch (Exception e) { throw new RuntimeException(e); @@ -302,7 +302,16 @@ final class DHCrypt { "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" + "FFFFFFFFFFFFFFFF", 16); - private static final BigInteger p2048 = new BigInteger( // TLS FEDHE + private static final BigInteger p1536 = new BigInteger( // RFC 3526 + "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" + + "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" + + "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" + + "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" + + "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" + + "83655D23DCA3AD961C62F356208552BB9ED529077096966D" + + "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", 16); + private static final BigInteger p2048 = new BigInteger( // TLS FFDHE "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + @@ -314,9 +323,126 @@ final class DHCrypt { "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + "886B423861285C97FFFFFFFFFFFFFFFF", 16); + private static final BigInteger p3072 = new BigInteger( // TLS FFDHE + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" + + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" + + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" + + "3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF", 16); + private static final BigInteger p4096 = new BigInteger( // TLS FFDHE + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" + + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" + + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" + + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" + + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + + "A907600A918130C46DC778F971AD0038092999A333CB8B7A" + + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A" + + "FFFFFFFFFFFFFFFF", 16); + private static final BigInteger p6144 = new BigInteger( // TLS FFDHE + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" + + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" + + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" + + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" + + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + + "A907600A918130C46DC778F971AD0038092999A333CB8B7A" + + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" + + "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" + + "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" + + "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" + + "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" + + "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" + + "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" + + "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" + + "D72B03746AE77F5E62292C311562A846505DC82DB854338A" + + "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" + + "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" + + "A41D570D7938DAD4A40E329CD0E40E65FFFFFFFFFFFFFFFF", 16); + private static final BigInteger p8192 = new BigInteger( // TLS FFDHE + "FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" + + "D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" + + "7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" + + "2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" + + "984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" + + "30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" + + "B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" + + "0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" + + "9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" + + "3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" + + "886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" + + "61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" + + "AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" + + "64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" + + "ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" + + "3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" + + "7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" + + "87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" + + "A907600A918130C46DC778F971AD0038092999A333CB8B7A" + + "1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" + + "8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E0DD902" + + "0BFD64B645036C7A4E677D2C38532A3A23BA4442CAF53EA6" + + "3BB454329B7624C8917BDD64B1C0FD4CB38E8C334C701C3A" + + "CDAD0657FCCFEC719B1F5C3E4E46041F388147FB4CFDB477" + + "A52471F7A9A96910B855322EDB6340D8A00EF092350511E3" + + "0ABEC1FFF9E3A26E7FB29F8C183023C3587E38DA0077D9B4" + + "763E4E4B94B2BBC194C6651E77CAF992EEAAC0232A281BF6" + + "B3A739C1226116820AE8DB5847A67CBEF9C9091B462D538C" + + "D72B03746AE77F5E62292C311562A846505DC82DB854338A" + + "E49F5235C95B91178CCF2DD5CACEF403EC9D1810C6272B04" + + "5B3B71F9DC6B80D63FDD4A8E9ADB1E6962A69526D43161C1" + + "A41D570D7938DAD4A40E329CCFF46AAA36AD004CF600C838" + + "1E425A31D951AE64FDB23FCEC9509D43687FEB69EDD1CC5E" + + "0B8CC3BDF64B10EF86B63142A3AB8829555B2F747C932665" + + "CB2C0F1CC01BD70229388839D2AF05E454504AC78B758282" + + "2846C0BA35C35F5C59160CC046FD8251541FC68C9C86B022" + + "BB7099876A460E7451A8A93109703FEE1C217E6C3826E52C" + + "51AA691E0E423CFC99E9E31650C1217B624816CDAD9A95F9" + + "D5B8019488D9C0A0A1FE3075A577E23183F81D4A3F2FA457" + + "1EFC8CE0BA8A4FE8B6855DFE72B0A66EDED2FBABFBE58A30" + + "FAFABE1C5D71A87E2F741EF8C1FE86FEA6BBFDE530677F0D" + + "97D11D49F7A8443D0822E506A9F4614E011E2A94838FF88C" + + "D68C8BB7C5C6424CFFFFFFFFFFFFFFFF", 16); private static final BigInteger[] supportedPrimes = { - p512, p768, p1024, p2048}; + p512, p768, p1024, p1536, p2048, p3072, p4096, p6144, p8192}; // a measure of the uncertainty that prime modulus p is not a prime // diff --git a/src/share/classes/sun/security/ssl/ServerHandshaker.java b/src/share/classes/sun/security/ssl/ServerHandshaker.java index d9f5e35d8..b863db3ff 100644 --- a/src/share/classes/sun/security/ssl/ServerHandshaker.java +++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -135,13 +135,17 @@ final class ServerHandshaker extends Handshaker { useSmartEphemeralDHKeys = false; try { + // DH parameter generation can be extremely slow, best to + // use one of the supported pre-computed DH parameters + // (see DHCrypt class). customizedDHKeySize = Integer.parseUnsignedInt(property); - if (customizedDHKeySize < 1024 || customizedDHKeySize > 2048) { + if (customizedDHKeySize < 1024 || customizedDHKeySize > 8192 || + (customizedDHKeySize & 0x3f) != 0) { throw new IllegalArgumentException( "Unsupported customized DH key size: " + customizedDHKeySize + ". " + - "The key size can only range from 1024" + - " to 2048 (inclusive)"); + "The key size must be multiple of 64, " + + "and can only range from 1024 to 8192 (inclusive)"); } } catch (NumberFormatException nfe) { throw new IllegalArgumentException( @@ -1377,15 +1381,11 @@ final class ServerHandshaker extends Handshaker { * Applications may also want to customize the ephemeral DH key size * to a fixed length for non-exportable cipher suites. This can be * approached by setting system property "jdk.tls.ephemeralDHKeySize" - * to a valid positive integer between 1024 and 2048 bits, inclusive. + * to a valid positive integer between 1024 and 8192 bits, inclusive. * * Note that the minimum acceptable key size is 1024 bits except * exportable cipher suites or legacy mode. * - * Note that the maximum acceptable key size is 2048 bits because - * DH keys bigger than 2048 are not always supported by underlying - * JCE providers. - * * Note that per RFC 2246, the key size limit of DH is 512 bits for * exportable cipher suites. Because of the weakness, exportable * cipher suites are deprecated since TLS v1.1 and they are not @@ -1400,10 +1400,17 @@ final class ServerHandshaker extends Handshaker { } else if (useSmartEphemeralDHKeys) { // matched mode if (key != null) { int ks = KeyUtil.getKeySize(key); - // Note that SunJCE provider only supports 2048 bits DH - // keys bigger than 1024. Please DON'T use value other - // than 1024 and 2048 at present. We may improve the - // underlying providers and key size here in the future. + + // DH parameter generation can be extremely slow, make + // sure to use one of the supported pre-computed DH + // parameters (see DHCrypt class). + // + // Old deployed applications may not be ready to support + // DH key sizes bigger than 2048 bits. Please DON'T use + // value other than 1024 and 2048 at present. May improve + // the underlying providers and key size limit in the + // future when the compatibility and interoperability + // impact is limited. // // keySize = ks <= 1024 ? 1024 : (ks >= 2048 ? 2048 : ks); keySize = ks <= 1024 ? 1024 : 2048; diff --git a/test/com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java b/test/com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java new file mode 100644 index 000000000..ca707c3c4 --- /dev/null +++ b/test/com/sun/crypto/provider/KeyAgreement/SupportedDHKeys.java @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8072452 + * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits + */ + +import java.math.BigInteger; + +import java.security.*; +import javax.crypto.*; +import javax.crypto.interfaces.*; +import javax.crypto.spec.*; + +public class SupportedDHKeys { + + /* + * Sizes and values for various lengths. + */ + private enum SupportedKeySize { + dhp512(512), dhp768(768), dhp832(832), + dhp1024(1024), dhp1536(1536), dhp2048(2048), + dhp3072(3072), dhp4096(4096), dhp6144(6144), + dhp8192(8192); + + final int primeSize; + + SupportedKeySize(int primeSize) { + this.primeSize = primeSize; + } + } + + public static void main(String[] args) throws Exception { + for (SupportedKeySize keySize : SupportedKeySize.values()) { + System.out.println("Checking " + keySize.primeSize + " ..."); + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", "SunJCE"); + kpg.initialize(keySize.primeSize); + KeyPair kp = kpg.generateKeyPair(); + checkKeyPair(kp, keySize.primeSize); + + DHPublicKey publicKey = (DHPublicKey)kp.getPublic(); + BigInteger p = publicKey.getParams().getP(); + BigInteger g = publicKey.getParams().getG(); + kpg.initialize(new DHParameterSpec(p, g)); + kp = kpg.generateKeyPair(); + checkKeyPair(kp, keySize.primeSize); + } + } + + private static void checkKeyPair(KeyPair kp, int pSize) throws Exception { + + DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate(); + BigInteger p = privateKey.getParams().getP(); + if (p.bitLength() != pSize) { + throw new Exception( + "Invalid modulus size: " + p.bitLength() + "/" + pSize); + } + + // System.out.println("P(" + pSize + "): " + p.toString()); + if (!p.isProbablePrime(128)) { + throw new Exception("Good luck, the modulus is composite!"); + } + + DHPublicKey publicKey = (DHPublicKey)kp.getPublic(); + p = publicKey.getParams().getP(); + if (p.bitLength() != pSize) { + throw new Exception( + "Invalid modulus size: " + p.bitLength() + "/" + pSize); + } + + BigInteger leftOpen = BigInteger.ONE; + BigInteger rightOpen = p.subtract(BigInteger.ONE); + + BigInteger x = privateKey.getX(); + if ((x.compareTo(leftOpen) <= 0) || + (x.compareTo(rightOpen) >= 0)) { + throw new Exception( + "X outside range [2, p - 2]: x: " + x + " p: " + p); + } + + BigInteger y = publicKey.getY(); + if ((y.compareTo(leftOpen) <= 0) || + (y.compareTo(rightOpen) >= 0)) { + throw new Exception( + "Y outside range [2, p - 2]: x: " + x + " p: " + p); + } + } +} diff --git a/test/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java b/test/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java new file mode 100644 index 000000000..ef1b3cd5c --- /dev/null +++ b/test/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8072452 + * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits + * @run main/timeout=300 SupportedDHParamGens 512 + * @run main/timeout=300 SupportedDHParamGens 768 + * @run main/timeout=300 SupportedDHParamGens 832 + * @run main/timeout=300 SupportedDHParamGens 1024 + * @run main/timeout=300 SupportedDHParamGens 2048 + * @run main/timeout=450 SupportedDHParamGens 3072 + */ + +import java.math.BigInteger; + +import java.security.*; +import javax.crypto.*; +import javax.crypto.interfaces.*; +import javax.crypto.spec.*; + +public class SupportedDHParamGens { + + public static void main(String[] args) throws Exception { + int primeSize = Integer.valueOf(args[0]).intValue(); + + System.out.println("Checking " + primeSize + " ..."); + AlgorithmParameterGenerator apg = + AlgorithmParameterGenerator.getInstance("DH", "SunJCE"); + apg.init(primeSize); + AlgorithmParameters ap = apg.generateParameters(); + DHParameterSpec spec = ap.getParameterSpec(DHParameterSpec.class); + + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", "SunJCE"); + kpg.initialize(spec); + KeyPair kp = kpg.generateKeyPair(); + checkKeyPair(kp, primeSize); + } + + private static void checkKeyPair(KeyPair kp, int pSize) throws Exception { + + DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate(); + BigInteger p = privateKey.getParams().getP(); + if (p.bitLength() != pSize) { + throw new Exception( + "Invalid modulus size: " + p.bitLength() + "/" + pSize); + } + + if (!p.isProbablePrime(128)) { + throw new Exception("Good luck, the modulus is composite!"); + } + + DHPublicKey publicKey = (DHPublicKey)kp.getPublic(); + p = publicKey.getParams().getP(); + if (p.bitLength() != pSize) { + throw new Exception( + "Invalid modulus size: " + p.bitLength() + "/" + pSize); + } + + BigInteger leftOpen = BigInteger.ONE; + BigInteger rightOpen = p.subtract(BigInteger.ONE); + + BigInteger x = privateKey.getX(); + if ((x.compareTo(leftOpen) <= 0) || + (x.compareTo(rightOpen) >= 0)) { + throw new Exception( + "X outside range [2, p - 2]: x: " + x + " p: " + p); + } + + BigInteger y = publicKey.getY(); + if ((y.compareTo(leftOpen) <= 0) || + (y.compareTo(rightOpen) >= 0)) { + throw new Exception( + "Y outside range [2, p - 2]: x: " + x + " p: " + p); + } + } +} diff --git a/test/com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java b/test/com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java new file mode 100644 index 000000000..46f1b965b --- /dev/null +++ b/test/com/sun/crypto/provider/KeyAgreement/UnsupportedDHKeys.java @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8072452 + * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits + */ + +import java.math.BigInteger; + +import java.security.*; +import javax.crypto.*; +import javax.crypto.interfaces.*; +import javax.crypto.spec.*; + +public class UnsupportedDHKeys { + + /* + * Sizes and values for various lengths. + */ + private enum UnsupportedKeySize { + // not multiple of 64 + dhp513(513), dhp769(769), dhp895(895), + dhp1023(1023), dhp1535(1535), dhp2047(2047), + + // unsupported + dhp2176(2176), dhp3008(3008), dhp4032(4032), + dhp5120(5120), dhp6400(6400), dhp7680(7680), + dhp8191(8191), dhp8128(8128), dhp8260(8260); + + final int primeSize; + + UnsupportedKeySize(int primeSize) { + this.primeSize = primeSize; + } + } + + public static void main(String[] args) throws Exception { + for (UnsupportedKeySize keySize : UnsupportedKeySize.values()) { + try { + System.out.println("Checking " + keySize.primeSize + " ..."); + KeyPairGenerator kpg = + KeyPairGenerator.getInstance("DH", "SunJCE"); + kpg.initialize(keySize.primeSize); + + throw new Exception("Should not support " + keySize.primeSize); + } catch (InvalidParameterException ipe) { + System.out.println("\tOk, unsupported"); + } + } + } +} diff --git a/test/sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java b/test/sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java new file mode 100644 index 000000000..f554bfbda --- /dev/null +++ b/test/sun/security/pkcs11/KeyAgreement/SupportedDHKeys.java @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8072452 + * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits + * @library .. + * @run main/othervm SupportedDHKeys + */ + +import java.math.BigInteger; + +import java.security.*; +import javax.crypto.*; +import javax.crypto.interfaces.*; +import javax.crypto.spec.*; + +public class SupportedDHKeys extends PKCS11Test { + + /* + * Sizes and values for various lengths. + */ + private enum SupportedKeySize { + dhp512(512), dhp768(768), dhp832(832), + dhp1024(1024), dhp1536(1536), dhp2048(2048); + + // the underlying pkcs11 may not support the following sizes yet + // + // dhp3072(3072), dhp4096(4096), dhp6144(6144), + // dhp8192(8192); + + final int primeSize; + + SupportedKeySize(int primeSize) { + this.primeSize = primeSize; + } + } + + @Override + public void main(Provider provider) throws Exception { + if (provider.getService("KeyPairGenerator", "DiffieHellman") == null) { + System.out.println("No support of DH KeyPairGenerator, skipping"); + return; + } + + for (SupportedKeySize keySize : SupportedKeySize.values()) { + System.out.println("Checking " + keySize.primeSize + " ..."); + KeyPairGenerator kpg = + KeyPairGenerator.getInstance("DiffieHellman", provider); + kpg.initialize(keySize.primeSize); + KeyPair kp = kpg.generateKeyPair(); + checkKeyPair(kp, keySize.primeSize, provider); + + DHPublicKey publicKey = (DHPublicKey)kp.getPublic(); + BigInteger p = publicKey.getParams().getP(); + BigInteger g = publicKey.getParams().getG(); + kpg.initialize(new DHParameterSpec(p, g)); + kp = kpg.generateKeyPair(); + checkKeyPair(kp, keySize.primeSize, provider); + } + } + + private static void checkKeyPair(KeyPair kp, int pSize, + Provider provider) throws Exception { + + DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate(); + BigInteger p = privateKey.getParams().getP(); + if (p.bitLength() != pSize) { + throw new Exception( + "Invalid modulus size: " + p.bitLength() + "/" + pSize); + } + + // System.out.println("P(" + pSize + "): " + p.toString()); + if (!p.isProbablePrime(128)) { + throw new Exception("Good luck, the modulus is composite!"); + } + + DHPublicKey publicKey = (DHPublicKey)kp.getPublic(); + p = publicKey.getParams().getP(); + if (p.bitLength() != pSize) { + throw new Exception( + "Invalid modulus size: " + p.bitLength() + "/" + pSize); + } + + BigInteger leftOpen = BigInteger.ONE; + BigInteger rightOpen = p.subtract(BigInteger.ONE); + + // ignore the private key range checking on Solaris at present + if (provider.getName().equals("SunPKCS11-Solaris") && + !System.getProperty("os.name").equals("SunOS")) { + BigInteger x = privateKey.getX(); + if ((x.compareTo(leftOpen) <= 0) || + (x.compareTo(rightOpen) >= 0)) { + throw new Exception( + "X outside range [2, p - 2]: x: " + x + " p: " + p); + } + } + + BigInteger y = publicKey.getY(); + if ((y.compareTo(leftOpen) <= 0) || + (y.compareTo(rightOpen) >= 0)) { + throw new Exception( + "Y outside range [2, p - 2]: y: " + y + " p: " + p); + } + } + + public static void main(String[] args) throws Exception { + main(new SupportedDHKeys()); + } +} diff --git a/test/sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java b/test/sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java new file mode 100644 index 000000000..5b29028a8 --- /dev/null +++ b/test/sun/security/pkcs11/KeyAgreement/UnsupportedDHKeys.java @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8072452 + * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits + * @library .. + * @run main/othervm UnsupportedDHKeys + */ + +import java.math.BigInteger; + +import java.security.*; +import javax.crypto.*; +import javax.crypto.interfaces.*; +import javax.crypto.spec.*; + +public class UnsupportedDHKeys extends PKCS11Test { + + /* + * Sizes and values for various lengths. + */ + private enum UnsupportedKeySize { + // not multiple of 64 + dhp513(513), dhp769(769), dhp895(895), + dhp1023(1023), dhp1535(1535), dhp2047(2047), + + // unsupported + dhp2176(2176), dhp3008(3008), dhp4032(4032), + dhp5120(5120), dhp6400(6400), dhp7680(7680), + dhp8191(8191), dhp8128(8128), dhp8260(8260); + + final int primeSize; + + UnsupportedKeySize(int primeSize) { + this.primeSize = primeSize; + } + } + + @Override + public void main(Provider provider) throws Exception { + if (provider.getService("KeyPairGenerator", "DiffieHellman") == null) { + System.out.println("No supported of DH KeyPairGenerator, skipping"); + return; + } + + for (UnsupportedKeySize keySize : UnsupportedKeySize.values()) { + try { + System.out.println("Checking " + keySize.primeSize + " ..."); + KeyPairGenerator kpg = + KeyPairGenerator.getInstance("DiffieHellman", provider); + kpg.initialize(keySize.primeSize); + + throw new Exception("Should not support " + keySize.primeSize); + } catch (InvalidParameterException ipe) { + System.out.println("\tOk, unsupported"); + } + } + } + + public static void main(String[] args) throws Exception { + main(new UnsupportedDHKeys()); + } +} diff --git a/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java b/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java index c11911a12..dda3ce0e0 100644 --- a/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java +++ b/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,8 +23,8 @@ /** * @test - * @bug 7196382 - * @summary Ensure that 2048-bit DH key pairs can be generated + * @bug 7196382 8072452 + * @summary Ensure that DH key pairs can be generated for 512 - 8192 bits * @author Valerie Peng * @library .. */ @@ -53,11 +53,45 @@ public class TestDH2048 extends PKCS11Test { return; } KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", p); - kpg.initialize(2048); + kpg.initialize(512); KeyPair kp1 = kpg.generateKeyPair(); - checkUnsupportedKeySize(kpg, 1536); - checkUnsupportedKeySize(kpg, 2176); - checkUnsupportedKeySize(kpg, 3072); + + kpg.initialize(768); + kp1 = kpg.generateKeyPair(); + + kpg.initialize(1024); + kp1 = kpg.generateKeyPair(); + + kpg.initialize(1536); + kp1 = kpg.generateKeyPair(); + + kpg.initialize(2048); + kp1 = kpg.generateKeyPair(); + + try { + kpg.initialize(3072); + kp1 = kpg.generateKeyPair(); + + kpg.initialize(4096); + kp1 = kpg.generateKeyPair(); + + kpg.initialize(6144); + kp1 = kpg.generateKeyPair(); + + kpg.initialize(8192); + kp1 = kpg.generateKeyPair(); + } catch (InvalidParameterException ipe) { + // NSS (as of version 3.13) has a hard coded maximum limit + // of 2236 or 3072 bits for DHE keys. + System.out.println("4096-bit DH key pair generation: " + ipe); + if (!p.getName().equals("SunPKCS11-NSS")) { + throw ipe; + } + } + + // key size must be multiples of 64 though + checkUnsupportedKeySize(kpg, 2048 + 63); + checkUnsupportedKeySize(kpg, 3072 + 32); } public static void main(String[] args) throws Exception { diff --git a/test/sun/security/provider/DSA/SupportedDSAParamGen.java b/test/sun/security/provider/DSA/SupportedDSAParamGen.java new file mode 100644 index 000000000..04dd5befe --- /dev/null +++ b/test/sun/security/provider/DSA/SupportedDSAParamGen.java @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 8072452 + * @key intermittent + * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits + * @run main/timeout=300 SupportedDSAParamGen 1024 160 + * @run main/timeout=300 SupportedDSAParamGen 2048 224 + * @run main/timeout=300 SupportedDSAParamGen 2048 256 + * @run main/timeout=450 SupportedDSAParamGen 3072 256 + */ +import java.security.*; +import java.security.spec.*; +import java.security.interfaces.*; + +public class SupportedDSAParamGen { + + public static void main(String[] args) throws Exception { + AlgorithmParameterGenerator apg = + AlgorithmParameterGenerator.getInstance("DSA", "SUN"); + + DSAGenParameterSpec spec = new DSAGenParameterSpec( + Integer.valueOf(args[0]).intValue(), + Integer.valueOf(args[1]).intValue()); + + System.out.println("Generating (" + spec.getPrimePLength() + + ", " + spec.getSubprimeQLength() + ") DSA Parameters"); + long start = System.currentTimeMillis(); + apg.init(spec, null); + AlgorithmParameters param = apg.generateParameters(); + long stop = System.currentTimeMillis(); + System.out.println("Time: " + (stop - start) + " ms."); + checkParamStrength(param, spec); + } + + private static void checkParamStrength(AlgorithmParameters param, + DSAGenParameterSpec genParam) throws Exception { + + String algo = param.getAlgorithm(); + if (!algo.equalsIgnoreCase("DSA")) { + throw new Exception("Unexpected type of parameters: " + algo); + } + + DSAParameterSpec spec = param.getParameterSpec(DSAParameterSpec.class); + int valueL = spec.getP().bitLength(); + int strength = genParam.getPrimePLength(); + if (strength != valueL) { + System.out.println( + "P: Expected " + strength + " but actual " + valueL); + throw new Exception("Wrong P strength"); + } + + int valueN = spec.getQ().bitLength(); + strength = genParam.getSubprimeQLength(); + if (strength != valueN) { + System.out.println( + "Q: Expected " + strength + " but actual " + valueN); + throw new Exception("Wrong Q strength"); + } + } +} diff --git a/test/sun/security/provider/DSA/TestKeyPairGenerator.java b/test/sun/security/provider/DSA/TestKeyPairGenerator.java index 79f669fc0..cfb829617 100644 --- a/test/sun/security/provider/DSA/TestKeyPairGenerator.java +++ b/test/sun/security/provider/DSA/TestKeyPairGenerator.java @@ -23,15 +23,18 @@ /* * @test - * @bug 4800108 8181048 - * @summary verify that precomputed DSA parameters are always used (512, 768, 1024, 2048 bit) + * @bug 4800108 8181048 8072452 + * @summary verify that precomputed DSA parameters are always used (512, 768, + * 1024, 2048, 3072 bit) * @run main/othervm/timeout=15 TestKeyPairGenerator */ -// this fix is really a performance fix, so this test is not foolproof -// without it, it will take a minute or more (unless you have a very fast machine) -// with the fix, the test should complete in <2 seconds -// use 15 second timeout to leave some room +// +// This fix is really a performance fix, so this test is not foolproof. +// Without the precomputed parameters, it will take a minute or more +// (unless you have a very fast machine). With the fix, the test should +// complete in less than 2 seconds. Use 15 second timeout to leave some room. +// import java.security.*; import java.security.interfaces.*; @@ -79,8 +82,11 @@ public class TestKeyPairGenerator { kp = kpg.generateKeyPair(); checkKeyLength(kp, 2048); + kpg.initialize(3072); + kp = kpg.generateKeyPair(); + checkKeyLength(kp, 3072); + long stop = System.currentTimeMillis(); System.out.println("Time: " + (stop - start) + " ms."); } - } -- GitLab