stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8208583: Better management of internal KeyStore buffers

Browse Source 
Reviewed-by: weijun
This commit is contained in:
Sean Coffey 2018-08-03 14:14:59 +01:00
parent 4555c28590
commit 7a791910c3
6 changed files with 105 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java
View File

@ -37,12 +37,15 @@ import java.security.UnrecoverableKeyException;
import java.security.AlgorithmParameters; import java.security.AlgorithmParameters;
import java.security.spec.InvalidParameterSpecException; import java.security.spec.InvalidParameterSpecException;
import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import javax.crypto.CipherSpi; import javax.crypto.CipherSpi;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.SealedObject; import javax.crypto.SealedObject;
import javax.crypto.spec.*; import javax.crypto.spec.*;
import javax.security.auth.DestroyFailedException;
import sun.security.x509.AlgorithmId; import sun.security.x509.AlgorithmId;
import sun.security.util.ObjectIdentifier; import sun.security.util.ObjectIdentifier;
@ -103,15 +106,20 @@ final class KeyProtector {
// create PBE key from password // create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES"); SecretKey sKey = null;
pbeKeySpec.clearPassword();
// encrypt private key
PBEWithMD5AndTripleDESCipher cipher; PBEWithMD5AndTripleDESCipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
// encrypt private key
cipher = new PBEWithMD5AndTripleDESCipher(); cipher = new PBEWithMD5AndTripleDESCipher();
cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null); cipher.engineInit(Cipher.ENCRYPT_MODE, sKey, pbeSpec, null);
} finally {
pbeKeySpec.clearPassword();
if (sKey != null) sKey.destroy();
}
byte[] plain = key.getEncoded(); byte[] plain = key.getEncoded();
byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length); byte[] encrKey = cipher.engineDoFinal(plain, 0, plain.length);
Arrays.fill(plain, (byte) 0x00);
// wrap encrypted private key in EncryptedPrivateKeyInfo // wrap encrypted private key in EncryptedPrivateKeyInfo
// (as defined in PKCS#8) // (as defined in PKCS#8)
@ -131,8 +139,8 @@ final class KeyProtector {
Key recover(EncryptedPrivateKeyInfo encrInfo) Key recover(EncryptedPrivateKeyInfo encrInfo)
throws UnrecoverableKeyException, NoSuchAlgorithmException throws UnrecoverableKeyException, NoSuchAlgorithmException
{ {
byte[] plain; byte[] plain = null;
SecretKey sKey = null;
try { try {
String encrAlg = encrInfo.getAlgorithm().getOID().toString(); String encrAlg = encrInfo.getAlgorithm().getOID().toString();
if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID) if (!encrAlg.equals(PBE_WITH_MD5_AND_DES3_CBC_OID)
@ -160,8 +168,7 @@ final class KeyProtector {
// create PBE key from password // create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
pbeKeySpec.clearPassword(); pbeKeySpec.clearPassword();
// decrypt private key // decrypt private key
@ -178,7 +185,6 @@ final class KeyProtector {
(new PrivateKeyInfo(plain).getAlgorithm().getOID()).getName(); (new PrivateKeyInfo(plain).getAlgorithm().getOID()).getName();
KeyFactory kFac = KeyFactory.getInstance(oidName); KeyFactory kFac = KeyFactory.getInstance(oidName);
return kFac.generatePrivate(new PKCS8EncodedKeySpec(plain)); return kFac.generatePrivate(new PKCS8EncodedKeySpec(plain));
} catch (NoSuchAlgorithmException ex) { } catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the // Note: this catch needed to be here because of the
// later catch of GeneralSecurityException // later catch of GeneralSecurityException
@ -187,6 +193,15 @@ final class KeyProtector {
throw new UnrecoverableKeyException(ioe.getMessage()); throw new UnrecoverableKeyException(ioe.getMessage());
} catch (GeneralSecurityException gse) { } catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage()); throw new UnrecoverableKeyException(gse.getMessage());
} finally {
if (plain != null) Arrays.fill(plain, (byte) 0x00);
if (sKey != null) {
try {
sKey.destroy();
} catch (DestroyFailedException e) {
//shouldn't happen
}
}
} }
} }
@ -262,7 +277,7 @@ final class KeyProtector {
// of <code>protectedKey</code>. If the two digest values are // of <code>protectedKey</code>. If the two digest values are
// different, throw an exception. // different, throw an exception.
md.update(passwdBytes); md.update(passwdBytes);
java.util.Arrays.fill(passwdBytes, (byte)0x00); Arrays.fill(passwdBytes, (byte)0x00);
passwdBytes = null; passwdBytes = null;
md.update(plainKey); md.update(plainKey);
digest = md.digest(); digest = md.digest();
@ -291,17 +306,21 @@ final class KeyProtector {
// create PBE key from password // create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES"); SecretKey sKey = null;
Cipher cipher;
try {
sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES", false);
pbeKeySpec.clearPassword(); pbeKeySpec.clearPassword();
// seal key // seal key
Cipher cipher;
PBEWithMD5AndTripleDESCipher cipherSpi; PBEWithMD5AndTripleDESCipher cipherSpi;
cipherSpi = new PBEWithMD5AndTripleDESCipher(); cipherSpi = new PBEWithMD5AndTripleDESCipher();
cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(), cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
"PBEWithMD5AndTripleDES"); "PBEWithMD5AndTripleDES");
cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec); cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
} finally {
if (sKey != null) sKey.destroy();
}
return new SealedObjectForKeyProtector(key, cipher); return new SealedObjectForKeyProtector(key, cipher);
} }
@ -309,12 +328,13 @@ final class KeyProtector {
* Unseals the sealed key. * Unseals the sealed key.
*/ */
Key unseal(SealedObject so) Key unseal(SealedObject so)
throws NoSuchAlgorithmException, UnrecoverableKeyException throws NoSuchAlgorithmException, UnrecoverableKeyException {
{ SecretKey sKey = null;
try { try {
// create PBE key from password // create PBE key from password
PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password); PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
SecretKey skey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES"); sKey = new PBEKey(pbeKeySpec,
"PBEWithMD5AndTripleDES", false);
pbeKeySpec.clearPassword(); pbeKeySpec.clearPassword();
SealedObjectForKeyProtector soForKeyProtector = null; SealedObjectForKeyProtector soForKeyProtector = null;
@ -342,7 +362,7 @@ final class KeyProtector {
Cipher cipher = new CipherForKeyProtector(cipherSpi, Cipher cipher = new CipherForKeyProtector(cipherSpi,
SunJCE.getInstance(), SunJCE.getInstance(),
"PBEWithMD5AndTripleDES"); "PBEWithMD5AndTripleDES");
cipher.init(Cipher.DECRYPT_MODE, skey, params); cipher.init(Cipher.DECRYPT_MODE, sKey, params);
return soForKeyProtector.getKey(cipher); return soForKeyProtector.getKey(cipher);
} catch (NoSuchAlgorithmException ex) { } catch (NoSuchAlgorithmException ex) {
// Note: this catch needed to be here because of the // Note: this catch needed to be here because of the
@ -354,6 +374,14 @@ final class KeyProtector {
throw new UnrecoverableKeyException(cnfe.getMessage()); throw new UnrecoverableKeyException(cnfe.getMessage());
} catch (GeneralSecurityException gse) { } catch (GeneralSecurityException gse) {
throw new UnrecoverableKeyException(gse.getMessage()); throw new UnrecoverableKeyException(gse.getMessage());
} finally {
if (sKey != null) {
try {
sKey.destroy();
} catch (DestroyFailedException e) {
//shouldn't happen
}
}
} }
} }
} }

26
src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -29,6 +29,7 @@ import java.lang.ref.Reference;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.KeyRep; import java.security.KeyRep;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Locale; import java.util.Locale;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEKeySpec;
@ -54,7 +55,8 @@ final class PBEKey implements SecretKey {
* *
* @param keytype the given PBE key specification * @param keytype the given PBE key specification
*/ */
PBEKey(PBEKeySpec keySpec, String keytype) throws InvalidKeySpecException { PBEKey(PBEKeySpec keySpec, String keytype, boolean useCleaner)
throws InvalidKeySpecException {
char[] passwd = keySpec.getPassword(); char[] passwd = keySpec.getPassword();
if (passwd == null) { if (passwd == null) {
// Should allow an empty password. // Should allow an empty password.
@ -71,13 +73,15 @@ final class PBEKey implements SecretKey {
this.key = new byte[passwd.length]; this.key = new byte[passwd.length];
for (int i=0; i<passwd.length; i++) for (int i=0; i<passwd.length; i++)
this.key[i] = (byte) (passwd[i] & 0x7f); this.key[i] = (byte) (passwd[i] & 0x7f);
java.util.Arrays.fill(passwd, ' '); Arrays.fill(passwd, ' ');
type = keytype; type = keytype;
// Use the cleaner to zero the key when no longer referenced // Use the cleaner to zero the key when no longer referenced
if (useCleaner) {
final byte[] k = this.key; final byte[] k = this.key;
CleanerFactory.cleaner().register(this, CleanerFactory.cleaner().register(this,
() -> java.util.Arrays.fill(k, (byte)0x00)); () -> Arrays.fill(k, (byte) 0x00));
}
} }
public byte[] getEncoded() { public byte[] getEncoded() {
@ -122,10 +126,22 @@ final class PBEKey implements SecretKey {
byte[] thatEncoded = that.getEncoded(); byte[] thatEncoded = that.getEncoded();
boolean ret = MessageDigest.isEqual(this.key, thatEncoded); boolean ret = MessageDigest.isEqual(this.key, thatEncoded);
java.util.Arrays.fill(thatEncoded, (byte)0x00); Arrays.fill(thatEncoded, (byte)0x00);
return ret; return ret;
} }
/**
* Clears the internal copy of the key.
*
*/
@Override
public void destroy() {
if (key != null) {
Arrays.fill(key, (byte) 0x00);
key = null;
}
}
/** /**
* readObject is called to restore the state of this key from * readObject is called to restore the state of this key from
* a stream. * a stream.

4
src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -216,7 +216,7 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
if (!(keySpec instanceof PBEKeySpec)) { if (!(keySpec instanceof PBEKeySpec)) {
throw new InvalidKeySpecException("Invalid key spec"); throw new InvalidKeySpecException("Invalid key spec");
} }
return new PBEKey((PBEKeySpec)keySpec, type); return new PBEKey((PBEKeySpec)keySpec, type, true);
} }
/** /**

7
src/java.base/share/classes/javax/crypto/spec/PBEKeySpec.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,7 @@
package javax.crypto.spec; package javax.crypto.spec;
import java.security.spec.KeySpec; import java.security.spec.KeySpec;
import java.util.Arrays;
/** /**
* A user-chosen password that can be used with password-based encryption * A user-chosen password that can be used with password-based encryption
@ -174,9 +175,7 @@ public class PBEKeySpec implements KeySpec {
*/ */
public final void clearPassword() { public final void clearPassword() {
if (password != null) { if (password != null) {
for (int i = 0; i < password.length; i++) { Arrays.fill(password, ' ');
password[i] = ' ';
}
password = null; password = null;
} }
} }

39
src/java.base/share/classes/sun/security/provider/JavaKeyStore.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -133,18 +133,20 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
throw new UnrecoverableKeyException("Password must not be null"); throw new UnrecoverableKeyException("Password must not be null");
} }
KeyProtector keyProtector = new KeyProtector(password); byte[] passwordBytes = convertToBytes(password);
KeyProtector keyProtector = new KeyProtector(passwordBytes);
byte[] encrBytes = ((KeyEntry)entry).protectedPrivKey; byte[] encrBytes = ((KeyEntry)entry).protectedPrivKey;
EncryptedPrivateKeyInfo encrInfo; EncryptedPrivateKeyInfo encrInfo;
byte[] plain;
try { try {
encrInfo = new EncryptedPrivateKeyInfo(encrBytes); encrInfo = new EncryptedPrivateKeyInfo(encrBytes);
return keyProtector.recover(encrInfo);
} catch (IOException ioe) { } catch (IOException ioe) {
throw new UnrecoverableKeyException("Private key not stored as " throw new UnrecoverableKeyException("Private key not stored as "
+ "PKCS #8 " + "PKCS #8 "
+ "EncryptedPrivateKeyInfo"); + "EncryptedPrivateKeyInfo");
} finally {
Arrays.fill(passwordBytes, (byte) 0x00);
} }
return keyProtector.recover(encrInfo);
} }
/** /**
@ -253,7 +255,8 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
Certificate[] chain) Certificate[] chain)
throws KeyStoreException throws KeyStoreException
{ {
KeyProtector keyProtector = null; KeyProtector keyProtector;
byte[] passwordBytes = null;
if (!(key instanceof java.security.PrivateKey)) { if (!(key instanceof java.security.PrivateKey)) {
throw new KeyStoreException("Cannot store non-PrivateKeys"); throw new KeyStoreException("Cannot store non-PrivateKeys");
@ -264,7 +267,8 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
entry.date = new Date(); entry.date = new Date();
// Protect the encoding of the key // Protect the encoding of the key
keyProtector = new KeyProtector(password); passwordBytes = convertToBytes(password);
keyProtector = new KeyProtector(passwordBytes);
entry.protectedPrivKey = keyProtector.protect(key); entry.protectedPrivKey = keyProtector.protect(key);
// clone the chain // clone the chain
@ -280,7 +284,8 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
} catch (NoSuchAlgorithmException nsae) { } catch (NoSuchAlgorithmException nsae) {
throw new KeyStoreException("Key protection algorithm not found"); throw new KeyStoreException("Key protection algorithm not found");
} finally { } finally {
keyProtector = null; if (passwordBytes != null)
Arrays.fill(passwordBytes, (byte) 0x00);
} }
} }
@ -793,19 +798,27 @@ public abstract class JavaKeyStore extends KeyStoreSpi {
private MessageDigest getPreKeyedHash(char[] password) private MessageDigest getPreKeyedHash(char[] password)
throws NoSuchAlgorithmException, UnsupportedEncodingException throws NoSuchAlgorithmException, UnsupportedEncodingException
{ {
int i, j;
MessageDigest md = MessageDigest.getInstance("SHA"); MessageDigest md = MessageDigest.getInstance("SHA");
byte[] passwdBytes = convertToBytes(password);
md.update(passwdBytes);
Arrays.fill(passwdBytes, (byte) 0x00);
md.update("Mighty Aphrodite".getBytes("UTF8"));
return md;
}
/**
* Helper method to convert char[] to byte[]
*/
private byte[] convertToBytes(char[] password) {
int i, j;
byte[] passwdBytes = new byte[password.length * 2]; byte[] passwdBytes = new byte[password.length * 2];
for (i=0, j=0; i<password.length; i++) { for (i=0, j=0; i<password.length; i++) {
passwdBytes[j++] = (byte)(password[i] >> 8); passwdBytes[j++] = (byte)(password[i] >> 8);
passwdBytes[j++] = (byte)password[i]; passwdBytes[j++] = (byte)password[i];
} }
md.update(passwdBytes); return passwdBytes;
for (i=0; i<passwdBytes.length; i++)
passwdBytes[i] = 0;
md.update("Mighty Aphrodite".getBytes("UTF8"));
return md;
} }
/** /**

26
src/java.base/share/classes/sun/security/provider/KeyProtector.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -35,7 +35,6 @@ import java.security.SecureRandom;
import java.security.UnrecoverableKeyException; import java.security.UnrecoverableKeyException;
import java.util.*; import java.util.*;
import jdk.internal.ref.CleanerFactory;
import sun.security.pkcs.PKCS8Key; import sun.security.pkcs.PKCS8Key;
import sun.security.pkcs.EncryptedPrivateKeyInfo; import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.x509.AlgorithmId; import sun.security.x509.AlgorithmId;
@ -120,32 +119,15 @@ final class KeyProtector {
/** /**
* Creates an instance of this class, and initializes it with the given * Creates an instance of this class, and initializes it with the given
* password. * password.
*
* <p>The password is expected to be in printable ASCII.
* Normal rules for good password selection apply: at least
* seven characters, mixed case, with punctuation encouraged.
* Phrases or words which are easily guessed, for example by
* being found in dictionaries, are bad.
*/ */
public KeyProtector(char[] password) public KeyProtector(byte[] passwordBytes)
throws NoSuchAlgorithmException throws NoSuchAlgorithmException
{ {
int i, j; if (passwordBytes == null) {
if (password == null) {
throw new IllegalArgumentException("password can't be null"); throw new IllegalArgumentException("password can't be null");
} }
md = MessageDigest.getInstance(DIGEST_ALG); md = MessageDigest.getInstance(DIGEST_ALG);
// Convert password to byte array, so that it can be digested this.passwdBytes = passwordBytes;
passwdBytes = new byte[password.length * 2];
for (i=0, j=0; i<password.length; i++) {
passwdBytes[j++] = (byte)(password[i] >> 8);
passwdBytes[j++] = (byte)password[i];
}
// Use the cleaner to zero the password when no longer referenced
final byte[] k = this.passwdBytes;
CleanerFactory.cleaner().register(this,
() -> java.util.Arrays.fill(k, (byte)0x00));
} }
/* /*