stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8183107: PKCS11 regression regarding checkKeySize

Browse Source 
Changed key size check in PKCS11 provider to only enforce positive return values

Reviewed-by: jnimeh
This commit is contained in:
Valerie Peng 2019-02-27 19:37:51 +00:00
parent 847ba6becb
commit 67ca52873f
4 changed files with 71 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -119,11 +119,13 @@ final class P11KeyGenerator extends KeyGeneratorSpi {
// RC4 which is in bits. However, some PKCS#11 impls still use // RC4 which is in bits. However, some PKCS#11 impls still use
// bytes for all mechs, e.g. NSS. We try to detect this // bytes for all mechs, e.g. NSS. We try to detect this
// inconsistency if the minKeySize seems unreasonably small. // inconsistency if the minKeySize seems unreasonably small.
int minKeySize = (int)info.ulMinKeySize; int minKeySize = info.iMinKeySize;
int maxKeySize = (int)info.ulMaxKeySize; int maxKeySize = info.iMaxKeySize;
if (keyGenMech != CKM_RC4_KEY_GEN || minKeySize < 8) { if (keyGenMech != CKM_RC4_KEY_GEN || minKeySize < 8) {
minKeySize = (int)info.ulMinKeySize << 3; minKeySize = Math.multiplyExact(minKeySize, 8);
maxKeySize = (int)info.ulMaxKeySize << 3; if (maxKeySize != Integer.MAX_VALUE) {
maxKeySize = Math.multiplyExact(maxKeySize, 8);
}
} }
// Explicitly disallow keys shorter than 40-bits for security // Explicitly disallow keys shorter than 40-bits for security
if (minKeySize < 40) minKeySize = 40; if (minKeySize < 40) minKeySize = 40;

44
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -73,7 +73,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
private BigInteger rsaPublicExponent = RSAKeyGenParameterSpec.F4; private BigInteger rsaPublicExponent = RSAKeyGenParameterSpec.F4;
// the supported keysize range of the native PKCS11 library // the supported keysize range of the native PKCS11 library
// if the value cannot be retrieved or unspecified, -1 is used. // if mechanism info is unavailable, 0/Integer.MAX_VALUE is used
private final int minKeySize; private final int minKeySize;
private final int maxKeySize; private final int maxKeySize;
@ -83,13 +83,13 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
P11KeyPairGenerator(Token token, String algorithm, long mechanism) P11KeyPairGenerator(Token token, String algorithm, long mechanism)
throws PKCS11Exception { throws PKCS11Exception {
super(); super();
int minKeyLen = -1; int minKeyLen = 0;
int maxKeyLen = -1; int maxKeyLen = Integer.MAX_VALUE;
try { try {
CK_MECHANISM_INFO mechInfo = token.getMechanismInfo(mechanism); CK_MECHANISM_INFO mechInfo = token.getMechanismInfo(mechanism);
if (mechInfo != null) { if (mechInfo != null) {
minKeyLen = (int) mechInfo.ulMinKeySize; minKeyLen = mechInfo.iMinKeySize;
maxKeyLen = (int) mechInfo.ulMaxKeySize; maxKeyLen = mechInfo.iMaxKeySize;
} }
} catch (PKCS11Exception p11e) { } catch (PKCS11Exception p11e) {
// Should never happen // Should never happen
@ -101,10 +101,10 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
// override upper limit to deter DOS attack // override upper limit to deter DOS attack
if (algorithm.equals("EC")) { if (algorithm.equals("EC")) {
keySize = DEF_EC_KEY_SIZE; keySize = DEF_EC_KEY_SIZE;
if ((minKeyLen == -1) || (minKeyLen < 112)) { if (minKeyLen < 112) {
minKeyLen = 112; minKeyLen = 112;
} }
if ((maxKeyLen == -1) || (maxKeyLen > 2048)) { if (maxKeyLen > 2048) {
maxKeyLen = 2048; maxKeyLen = 2048;
} }
} else { } else {
@ -112,24 +112,22 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
keySize = DEF_DSA_KEY_SIZE; keySize = DEF_DSA_KEY_SIZE;
} else if (algorithm.equals("RSA")) { } else if (algorithm.equals("RSA")) {
keySize = DEF_RSA_KEY_SIZE; keySize = DEF_RSA_KEY_SIZE;
if (maxKeyLen > 64 * 1024) {
maxKeyLen = 64 * 1024;
}
} else { } else {
keySize = DEF_DH_KEY_SIZE; keySize = DEF_DH_KEY_SIZE;
} }
if ((minKeyLen == -1) || (minKeyLen < 512)) { if (minKeyLen < 512) {
minKeyLen = 512; minKeyLen = 512;
} }
if (algorithm.equals("RSA")) {
if ((maxKeyLen == -1) || (maxKeyLen > 64 * 1024)) {
maxKeyLen = 64 * 1024;
}
}
} }
// auto-adjust default keysize in case it's out-of-range // auto-adjust default keysize in case it's out-of-range
if ((minKeyLen != -1) && (keySize < minKeyLen)) { if (keySize < minKeyLen) {
keySize = minKeyLen; keySize = minKeyLen;
} }
if ((maxKeyLen != -1) && (keySize > maxKeyLen)) { if (keySize > maxKeyLen) {
keySize = maxKeyLen; keySize = maxKeyLen;
} }
this.token = token; this.token = token;
@ -233,13 +231,17 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
private void checkKeySize(int keySize, AlgorithmParameterSpec params) private void checkKeySize(int keySize, AlgorithmParameterSpec params)
throws InvalidAlgorithmParameterException { throws InvalidAlgorithmParameterException {
if (keySize <= 0) {
throw new InvalidAlgorithmParameterException
("key size must be positive, got " + keySize);
}
// check native range first // check native range first
if ((minKeySize != -1) && (keySize < minKeySize)) { if (keySize < minKeySize) {
throw new InvalidAlgorithmParameterException(algorithm + throw new InvalidAlgorithmParameterException(algorithm +
" key must be at least " + minKeySize + " bits. " + " key must be at least " + minKeySize + " bits. " +
"The specific key size " + keySize + " is not supported"); "The specific key size " + keySize + " is not supported");
} }
if ((maxKeySize != -1) && (keySize > maxKeySize)) { if (keySize > maxKeySize) {
throw new InvalidAlgorithmParameterException(algorithm + throw new InvalidAlgorithmParameterException(algorithm +
" key must be at most " + maxKeySize + " bits. " + " key must be at most " + maxKeySize + " bits. " +
"The specific key size " + keySize + " is not supported"); "The specific key size " + keySize + " is not supported");
@ -272,12 +274,8 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
((RSAKeyGenParameterSpec)params).getPublicExponent(); ((RSAKeyGenParameterSpec)params).getPublicExponent();
} }
try { try {
// Reuse the checking in SunRsaSign provider.
// If maxKeySize is -1, then replace it with
// Integer.MAX_VALUE to indicate no limit.
RSAKeyFactory.checkKeyLengths(keySize, tmpExponent, RSAKeyFactory.checkKeyLengths(keySize, tmpExponent,
minKeySize, minKeySize, maxKeySize);
(maxKeySize==-1? Integer.MAX_VALUE:maxKeySize));
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
throw new InvalidAlgorithmParameterException(e); throw new InvalidAlgorithmParameterException(e);
} }

11
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -394,8 +394,9 @@ final class P11Signature extends SignatureSpi {
// skip the check if no native info available // skip the check if no native info available
return; return;
} }
int minKeySize = (int) mechInfo.ulMinKeySize; int minKeySize = mechInfo.iMinKeySize;
int maxKeySize = (int) mechInfo.ulMaxKeySize; int maxKeySize = mechInfo.iMaxKeySize;
// need to override the MAX keysize for SHA1withDSA // need to override the MAX keysize for SHA1withDSA
if (md != null && mechanism == CKM_DSA && maxKeySize > 1024) { if (md != null && mechanism == CKM_DSA && maxKeySize > 1024) {
maxKeySize = 1024; maxKeySize = 1024;
@ -419,11 +420,11 @@ final class P11Signature extends SignatureSpi {
" key must be the right type", cce); " key must be the right type", cce);
} }
} }
if ((minKeySize != -1) && (keySize < minKeySize)) { if (keySize < minKeySize) {
throw new InvalidKeyException(keyAlgo + throw new InvalidKeyException(keyAlgo +
" key must be at least " + minKeySize + " bits"); " key must be at least " + minKeySize + " bits");
} }
if ((maxKeySize != -1) && (keySize > maxKeySize)) { if (keySize > maxKeySize) {
throw new InvalidKeyException(keyAlgo + throw new InvalidKeyException(keyAlgo +
" key must be at most " + maxKeySize + " bits"); " key must be at most " + maxKeySize + " bits");
} }

38
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_MECHANISM_INFO.java
View File

@ -1,3 +1,27 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* /*
* reserved comment block * reserved comment block
* DO NOT REMOVE OR ALTER! * DO NOT REMOVE OR ALTER!
@ -47,7 +71,7 @@
package sun.security.pkcs11.wrapper; package sun.security.pkcs11.wrapper;
import java.security.ProviderException;
/** /**
* class CK_MECHANISM_INFO provides information about a particular mechanism. * class CK_MECHANISM_INFO provides information about a particular mechanism.
@ -74,6 +98,10 @@ public class CK_MECHANISM_INFO {
*/ */
public long ulMinKeySize; public long ulMinKeySize;
// the integer version of ulMinKeySize for doing the actual range
// check in SunPKCS11 provider, defaults to 0
public final int iMinKeySize;
/** /**
* <B>PKCS#11:</B> * <B>PKCS#11:</B>
* <PRE> * <PRE>
@ -82,6 +110,10 @@ public class CK_MECHANISM_INFO {
*/ */
public long ulMaxKeySize; public long ulMaxKeySize;
// the integer version of ulMaxKeySize for doing the actual range
// check in SunPKCS11 provider, defaults to Integer.MAX_VALUE
public final int iMaxKeySize;
/** /**
* <B>PKCS#11:</B> * <B>PKCS#11:</B>
* <PRE> * <PRE>
@ -94,6 +126,10 @@ public class CK_MECHANISM_INFO {
long flags) { long flags) {
this.ulMinKeySize = minKeySize; this.ulMinKeySize = minKeySize;
this.ulMaxKeySize = maxKeySize; this.ulMaxKeySize = maxKeySize;
this.iMinKeySize = ((minKeySize < Integer.MAX_VALUE && minKeySize > 0)?
(int)minKeySize : 0);
this.iMaxKeySize = ((maxKeySize < Integer.MAX_VALUE && maxKeySize > 0)?
(int)maxKeySize : Integer.MAX_VALUE);
this.flags = flags; this.flags = flags;
} }