stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8181048: Refactor existing providers to refer to the same constants for default values for key length

Browse Source 
Reviewed-by: mullan, ahgross
This commit is contained in:
Valerie Peng 2017-07-13 20:41:59 +00:00
parent 7cf3c0ff14
commit b3f1165f7d
16 changed files with 378 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@ import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHGenParameterSpec; import javax.crypto.spec.DHGenParameterSpec;
import sun.security.provider.ParameterCache; import sun.security.provider.ParameterCache;
import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE;
/** /**
* This class represents the key pair generator for Diffie-Hellman key pairs. * This class represents the key pair generator for Diffie-Hellman key pairs.
@ -42,8 +43,7 @@ import sun.security.provider.ParameterCache;
* <ul> * <ul>
* <li>By providing the size in bits of the prime modulus - * <li>By providing the size in bits of the prime modulus -
* This will be used to create a prime modulus and base generator, which will * This will be used to create a prime modulus and base generator, which will
* then be used to create the Diffie-Hellman key pair. The default size of the * then be used to create the Diffie-Hellman key pair.
* prime modulus is 2048 bits.
* <li>By providing a prime modulus and base generator * <li>By providing a prime modulus and base generator
* </ul> * </ul>
* *
@ -68,7 +68,7 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi {
public DHKeyPairGenerator() { public DHKeyPairGenerator() {
super(); super();
initialize(2048, null); initialize(DEF_DH_KEY_SIZE, null);
} }
private static void checkKeySize(int keysize) private static void checkKeySize(int keysize)

7
src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,8 @@ import java.security.spec.*;
import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHGenParameterSpec; import javax.crypto.spec.DHGenParameterSpec;
import static sun.security.util.SecurityProviderConstants.DEF_DH_KEY_SIZE;
/* /*
* This class generates parameters for the Diffie-Hellman algorithm. * This class generates parameters for the Diffie-Hellman algorithm.
* The parameters are a prime, a base, and optionally the length in bits of * The parameters are a prime, a base, and optionally the length in bits of
@ -38,7 +40,6 @@ import javax.crypto.spec.DHGenParameterSpec;
* *
* <p>The Diffie-Hellman parameter generation accepts the size in bits of the * <p>The Diffie-Hellman parameter generation accepts the size in bits of the
* prime modulus and the size in bits of the random exponent as input. * prime modulus and the size in bits of the random exponent as input.
* The size of the prime modulus defaults to 2048 bits.
* *
* @author Jan Luehe * @author Jan Luehe
* *
@ -50,7 +51,7 @@ import javax.crypto.spec.DHGenParameterSpec;
public final class DHParameterGenerator extends AlgorithmParameterGeneratorSpi { public final class DHParameterGenerator extends AlgorithmParameterGeneratorSpi {
// The size in bits of the prime modulus // The size in bits of the prime modulus
private int primeSize = 2048; private int primeSize = DEF_DH_KEY_SIZE;
// The size in bits of the random exponent (private value) // The size in bits of the random exponent (private value)
private int exponentSize = 0; private int exponentSize = 0;

139
src/java.base/share/classes/sun/security/provider/DSAKeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -35,6 +35,8 @@ import java.security.spec.InvalidParameterSpecException;
import java.security.spec.DSAParameterSpec; import java.security.spec.DSAParameterSpec;
import sun.security.jca.JCAUtil; import sun.security.jca.JCAUtil;
import static sun.security.util.SecurityProviderConstants.DEF_DSA_KEY_SIZE;
import static sun.security.util.SecurityProviderConstants.getDefDSASubprimeSize;
/** /**
* This class generates DSA key parameters and public/private key * This class generates DSA key parameters and public/private key
@ -45,15 +47,14 @@ import sun.security.jca.JCAUtil;
* @author Andreas Sterbenz * @author Andreas Sterbenz
* *
*/ */
public class DSAKeyPairGenerator extends KeyPairGenerator class DSAKeyPairGenerator extends KeyPairGenerator {
implements java.security.interfaces.DSAKeyPairGenerator {
/* Length for prime P and subPrime Q in bits */ /* Length for prime P and subPrime Q in bits */
private int plen; private int plen;
private int qlen; private int qlen;
/* whether to force new parameters to be generated for each KeyPair */ /* whether to force new parameters to be generated for each KeyPair */
private boolean forceNewParameters; boolean forceNewParameters;
/* preset algorithm parameters. */ /* preset algorithm parameters. */
private DSAParameterSpec params; private DSAParameterSpec params;
@ -61,9 +62,9 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
/* The source of random bits to use */ /* The source of random bits to use */
private SecureRandom random; private SecureRandom random;
public DSAKeyPairGenerator() { DSAKeyPairGenerator(int defaultKeySize) {
super("DSA"); super("DSA");
initialize(1024, null); initialize(defaultKeySize, null);
} }
private static void checkStrength(int sizeP, int sizeQ) { private static void checkStrength(int sizeP, int sizeQ) {
@ -84,61 +85,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
} }
public void initialize(int modlen, SecureRandom random) { public void initialize(int modlen, SecureRandom random) {
// generate new parameters when no precomputed ones available. init(modlen, random, false);
initialize(modlen, true, random);
this.forceNewParameters = false;
}
/**
* Initializes the DSA key pair generator. If <code>genParams</code>
* is false, a set of pre-computed parameters is used.
*/
@Override
public void initialize(int modlen, boolean genParams, SecureRandom random)
throws InvalidParameterException {
int subPrimeLen = -1;
if (modlen <= 1024) {
subPrimeLen = 160;
} else if (modlen == 2048) {
subPrimeLen = 224;
} else if (modlen == 3072) {
subPrimeLen = 256;
}
checkStrength(modlen, subPrimeLen);
if (genParams) {
params = null;
} else {
params = ParameterCache.getCachedDSAParameterSpec(modlen,
subPrimeLen);
if (params == null) {
throw new InvalidParameterException
("No precomputed parameters for requested modulus size "
+ "available");
}
}
this.plen = modlen;
this.qlen = subPrimeLen;
this.random = random;
this.forceNewParameters = genParams;
}
/**
* Initializes the DSA object using a DSA parameter object.
*
* @param params a fully initialized DSA parameter object.
*/
@Override
public void initialize(DSAParams params, SecureRandom random)
throws InvalidParameterException {
if (params == null) {
throw new InvalidParameterException("Params must not be null");
}
DSAParameterSpec spec = new DSAParameterSpec
(params.getP(), params.getQ(), params.getG());
initialize0(spec, random);
} }
/** /**
@ -157,10 +104,21 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
throw new InvalidAlgorithmParameterException throw new InvalidAlgorithmParameterException
("Inappropriate parameter"); ("Inappropriate parameter");
} }
initialize0((DSAParameterSpec)params, random); init((DSAParameterSpec)params, random, false);
} }
private void initialize0(DSAParameterSpec params, SecureRandom random) { void init(int modlen, SecureRandom random, boolean forceNew) {
int subPrimeLen = getDefDSASubprimeSize(modlen);
checkStrength(modlen, subPrimeLen);
this.plen = modlen;
this.qlen = subPrimeLen;
this.params = null;
this.random = random;
this.forceNewParameters = forceNew;
}
void init(DSAParameterSpec params, SecureRandom random,
boolean forceNew) {
int sizeP = params.getP().bitLength(); int sizeP = params.getP().bitLength();
int sizeQ = params.getQ().bitLength(); int sizeQ = params.getQ().bitLength();
checkStrength(sizeP, sizeQ); checkStrength(sizeP, sizeQ);
@ -168,7 +126,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
this.qlen = sizeQ; this.qlen = sizeQ;
this.params = params; this.params = params;
this.random = random; this.random = random;
this.forceNewParameters = false; this.forceNewParameters = forceNew;
} }
/** /**
@ -197,7 +155,7 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
return generateKeyPair(spec.getP(), spec.getQ(), spec.getG(), random); return generateKeyPair(spec.getP(), spec.getQ(), spec.getG(), random);
} }
public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g, private KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g,
SecureRandom random) { SecureRandom random) {
BigInteger x = generateX(random, q); BigInteger x = generateX(random, q);
@ -252,4 +210,55 @@ public class DSAKeyPairGenerator extends KeyPairGenerator
return y; return y;
} }
public static final class Current extends DSAKeyPairGenerator {
public Current() {
super(DEF_DSA_KEY_SIZE);
}
}
public static final class Legacy extends DSAKeyPairGenerator
implements java.security.interfaces.DSAKeyPairGenerator {
public Legacy() {
super(1024);
}
/**
* Initializes the DSA key pair generator. If <code>genParams</code>
* is false, a set of pre-computed parameters is used.
*/
@Override
public void initialize(int modlen, boolean genParams,
SecureRandom random) throws InvalidParameterException {
if (genParams) {
super.init(modlen, random, true);
} else {
DSAParameterSpec cachedParams =
ParameterCache.getCachedDSAParameterSpec(modlen,
getDefDSASubprimeSize(modlen));
if (cachedParams == null) {
throw new InvalidParameterException
("No precomputed parameters for requested modulus" +
" size available");
}
super.init(cachedParams, random, false);
}
}
/**
* Initializes the DSA object using a DSA parameter object.
*
* @param params a fully initialized DSA parameter object.
*/
@Override
public void initialize(DSAParams params, SecureRandom random)
throws InvalidParameterException {
if (params == null) {
throw new InvalidParameterException("Params must not be null");
}
DSAParameterSpec spec = new DSAParameterSpec
(params.getP(), params.getQ(), params.getG());
super.init(spec, random, false);
}
}
} }

46
src/java.base/share/classes/sun/security/provider/DSAParameterGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -34,15 +34,18 @@ import java.security.NoSuchProviderException;
import java.security.InvalidParameterException; import java.security.InvalidParameterException;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec; import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException; import java.security.spec.InvalidParameterSpecException;
import java.security.spec.DSAParameterSpec; import java.security.spec.DSAParameterSpec;
import java.security.spec.DSAGenParameterSpec; import java.security.spec.DSAGenParameterSpec;
import static sun.security.util.SecurityProviderConstants.DEF_DSA_KEY_SIZE;
import static sun.security.util.SecurityProviderConstants.getDefDSASubprimeSize;
/** /**
* This class generates parameters for the DSA algorithm. It uses a default * This class generates parameters for the DSA algorithm.
* prime modulus size of 1024 bits, which can be overwritten during
* initialization.
* *
* @author Jan Luehe * @author Jan Luehe
* *
@ -56,10 +59,6 @@ import java.security.spec.DSAGenParameterSpec;
public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi { public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
// the default parameters
private static final DSAGenParameterSpec DEFAULTS =
new DSAGenParameterSpec(1024, 160, 160);
// the length of prime P, subPrime Q, and seed in bits // the length of prime P, subPrime Q, and seed in bits
private int valueL = -1; private int valueL = -1;
private int valueN = -1; private int valueN = -1;
@ -80,18 +79,14 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
*/ */
@Override @Override
protected void engineInit(int strength, SecureRandom random) { protected void engineInit(int strength, SecureRandom random) {
if ((strength >= 512) && (strength <= 1024) && (strength % 64 == 0)) { if ((strength != 2048) && (strength != 3072) &&
this.valueN = 160; ((strength < 512) || (strength > 1024) || (strength % 64 != 0))) {
} else if (strength == 2048) {
this.valueN = 224;
} else if (strength == 3072) {
this.valueN = 256;
} else {
throw new InvalidParameterException( throw new InvalidParameterException(
"Unexpected strength (size of prime): " + strength + ". " + "Unexpected strength (size of prime): " + strength +
"Prime size should be 512 - 1024, or 2048, 3072"); ". Prime size should be 512-1024, 2048, or 3072");
} }
this.valueL = strength; this.valueL = strength;
this.valueN = getDefDSASubprimeSize(strength);
this.seedLen = valueN; this.seedLen = valueN;
this.random = random; this.random = random;
} }
@ -110,7 +105,6 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
@Override @Override
protected void engineInit(AlgorithmParameterSpec genParamSpec, protected void engineInit(AlgorithmParameterSpec genParamSpec,
SecureRandom random) throws InvalidAlgorithmParameterException { SecureRandom random) throws InvalidAlgorithmParameterException {
if (!(genParamSpec instanceof DSAGenParameterSpec)) { if (!(genParamSpec instanceof DSAGenParameterSpec)) {
throw new InvalidAlgorithmParameterException("Invalid parameter"); throw new InvalidAlgorithmParameterException("Invalid parameter");
} }
@ -136,11 +130,7 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
this.random = new SecureRandom(); this.random = new SecureRandom();
} }
if (valueL == -1) { if (valueL == -1) {
try { engineInit(DEF_DSA_KEY_SIZE, this.random);
engineInit(DEFAULTS, this.random);
} catch (InvalidAlgorithmParameterException iape) {
// should never happen
}
} }
BigInteger[] pAndQ = generatePandQ(this.random, valueL, BigInteger[] pAndQ = generatePandQ(this.random, valueL,
valueN, seedLen); valueN, seedLen);
@ -206,13 +196,17 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
int b = (valueL - 1) % outLen; int b = (valueL - 1) % outLen;
byte[] seedBytes = new byte[seedLen/8]; byte[] seedBytes = new byte[seedLen/8];
BigInteger twoSl = BigInteger.TWO.pow(seedLen); BigInteger twoSl = BigInteger.TWO.pow(seedLen);
int primeCertainty = 80; // for 1024-bit prime P int primeCertainty = -1;
if (valueL == 2048) { if (valueL <= 1024) {
primeCertainty = 80;
} else if (valueL == 2048) {
primeCertainty = 112; primeCertainty = 112;
} else if (valueL == 3072) { } else if (valueL == 3072) {
primeCertainty = 128; primeCertainty = 128;
} }
if (primeCertainty < 0) {
throw new ProviderException("Invalid valueL: " + valueL);
}
BigInteger resultP, resultQ, seed = null; BigInteger resultP, resultQ, seed = null;
int counter; int counter;
while (true) { while (true) {

12
src/java.base/share/classes/sun/security/provider/SunEntries.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -29,6 +29,7 @@ import java.io.*;
import java.net.*; import java.net.*;
import java.util.Map; import java.util.Map;
import java.security.*; import java.security.*;
import sun.security.action.GetPropertyAction;
/** /**
* Defines the entries of the SUN provider. * Defines the entries of the SUN provider.
@ -74,6 +75,10 @@ import java.security.*;
final class SunEntries { final class SunEntries {
private static final boolean useLegacyDSA =
Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
("jdk.security.legacyDSAKeyPairGenerator"));
private SunEntries() { private SunEntries() {
// empty // empty
} }
@ -174,8 +179,9 @@ final class SunEntries {
/* /*
* Key Pair Generator engines * Key Pair Generator engines
*/ */
map.put("KeyPairGenerator.DSA", String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
"sun.security.provider.DSAKeyPairGenerator"); dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
map.put("KeyPairGenerator.DSA", dsaKPGImplClass);
map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");

5
src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -32,6 +32,7 @@ import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec; import java.security.spec.RSAKeyGenParameterSpec;
import sun.security.jca.JCAUtil; import sun.security.jca.JCAUtil;
import static sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE;
/** /**
* RSA keypair generation. Standard algorithm, minimum key length 512 bit. * RSA keypair generation. Standard algorithm, minimum key length 512 bit.
@ -55,7 +56,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
public RSAKeyPairGenerator() { public RSAKeyPairGenerator() {
// initialize to default in case the app does not call initialize() // initialize to default in case the app does not call initialize()
initialize(2048, null); initialize(DEF_RSA_KEY_SIZE, null);
} }
// initialize the generator. See JCA doc // initialize the generator. See JCA doc

10
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View File

@ -74,6 +74,7 @@ import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory; import sun.security.provider.X509Factory;
import sun.security.provider.certpath.ssl.SSLServerCertStore; import sun.security.provider.certpath.ssl.SSLServerCertStore;
import sun.security.util.Password; import sun.security.util.Password;
import sun.security.util.SecurityProviderConstants;
import javax.crypto.KeyGenerator; import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey; import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory; import javax.crypto.SecretKeyFactory;
@ -1817,9 +1818,12 @@ public final class Main {
{ {
if (keysize == -1) { if (keysize == -1) {
if ("EC".equalsIgnoreCase(keyAlgName)) { if ("EC".equalsIgnoreCase(keyAlgName)) {
keysize = 256; keysize = SecurityProviderConstants.DEF_EC_KEY_SIZE;
} else { } else if ("RSA".equalsIgnoreCase(keyAlgName)) {
keysize = 2048; // RSA and DSA keysize = SecurityProviderConstants.DEF_RSA_KEY_SIZE;
} else if ("DSA".equalsIgnoreCase(keyAlgName)) {
// hardcode for now as DEF_DSA_KEY_SIZE is still 1024
keysize = 2048; // SecurityProviderConstants.DEF_DSA_KEY_SIZE;
} }
} }

131
src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java Normal file
View File

@ -0,0 +1,131 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.util;
import java.util.regex.PatternSyntaxException;
import java.security.InvalidParameterException;
import sun.security.action.GetPropertyAction;
/**
* Various constants such as version number, default key length, used by
* the JDK security/crypto providers.
*/
public final class SecurityProviderConstants {
private static final Debug debug =
Debug.getInstance("jca", "ProviderConfig");
// Cannot create one of these
private SecurityProviderConstants () {
}
public static final int getDefDSASubprimeSize(int primeSize) {
if (primeSize <= 1024) {
return 160;
} else if (primeSize == 2048) {
return 224;
} else if (primeSize == 3072) {
return 256;
} else {
throw new InvalidParameterException("Invalid DSA Prime Size: " +
primeSize);
}
}
public static final int DEF_DSA_KEY_SIZE;
public static final int DEF_RSA_KEY_SIZE;
public static final int DEF_DH_KEY_SIZE;
public static final int DEF_EC_KEY_SIZE;
private static final String KEY_LENGTH_PROP =
"jdk.security.defaultKeySize";
static {
String keyLengthStr = GetPropertyAction.privilegedGetProperty
(KEY_LENGTH_PROP);
int dsaKeySize = 1024;
int rsaKeySize = 2048;
int dhKeySize = 2048;
int ecKeySize = 256;
if (keyLengthStr != null) {
try {
String[] pairs = keyLengthStr.split(",");
for (String p : pairs) {
String[] algoAndValue = p.split(":");
if (algoAndValue.length != 2) {
// invalid pair, skip to next pair
if (debug != null) {
debug.println("Ignoring invalid pair in " +
KEY_LENGTH_PROP + " property: " + p);
}
continue;
}
String algoName = algoAndValue[0].trim().toUpperCase();
int value = -1;
try {
value = Integer.parseInt(algoAndValue[1].trim());
} catch (NumberFormatException nfe) {
// invalid value, skip to next pair
if (debug != null) {
debug.println("Ignoring invalid value in " +
KEY_LENGTH_PROP + " property: " + p);
}
continue;
}
if (algoName.equals("DSA")) {
dsaKeySize = value;
} else if (algoName.equals("RSA")) {
rsaKeySize = value;
} else if (algoName.equals("DH")) {
dhKeySize = value;
} else if (algoName.equals("EC")) {
ecKeySize = value;
} else {
if (debug != null) {
debug.println("Ignoring unsupported algo in " +
KEY_LENGTH_PROP + " property: " + p);
}
continue;
}
if (debug != null) {
debug.println("Overriding default " + algoName +
" keysize with value from " +
KEY_LENGTH_PROP + " property: " + value);
}
}
} catch (PatternSyntaxException pse) {
// if property syntax is not followed correctly
if (debug != null) {
debug.println("Unexpected exception while parsing " +
KEY_LENGTH_PROP + " property: " + pse);
}
}
}
DEF_DSA_KEY_SIZE = dsaKeySize;
DEF_RSA_KEY_SIZE = rsaKeySize;
DEF_DH_KEY_SIZE = dhKeySize;
DEF_EC_KEY_SIZE = ecKeySize;
}
}

16
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -33,11 +33,13 @@ import java.security.spec.*;
import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHParameterSpec;
import sun.security.provider.ParameterCache; import sun.security.provider.ParameterCache;
import static sun.security.util.SecurityProviderConstants.*;
import static sun.security.pkcs11.TemplateManager.*; import static sun.security.pkcs11.TemplateManager.*;
import sun.security.pkcs11.wrapper.*; import sun.security.pkcs11.wrapper.*;
import static sun.security.pkcs11.wrapper.PKCS11Constants.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
import sun.security.rsa.RSAKeyFactory; import sun.security.rsa.RSAKeyFactory;
/** /**
@ -98,7 +100,7 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
// override lower limit to disallow unsecure keys being generated // override lower limit to disallow unsecure keys being generated
// override upper limit to deter DOS attack // override upper limit to deter DOS attack
if (algorithm.equals("EC")) { if (algorithm.equals("EC")) {
keySize = 256; keySize = DEF_EC_KEY_SIZE;
if ((minKeyLen == -1) || (minKeyLen < 112)) { if ((minKeyLen == -1) || (minKeyLen < 112)) {
minKeyLen = 112; minKeyLen = 112;
} }
@ -107,13 +109,11 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
} }
} else { } else {
if (algorithm.equals("DSA")) { if (algorithm.equals("DSA")) {
// keep default keysize at 1024 since larger keysizes may be keySize = DEF_DSA_KEY_SIZE;
// incompatible with SHA1withDSA and SHA-2 Signature algs } else if (algorithm.equals("RSA")) {
// may not be supported by native pkcs11 implementations keySize = DEF_RSA_KEY_SIZE;
keySize = 1024;
} else { } else {
// RSA and DH keySize = DEF_DH_KEY_SIZE;
keySize = 2048;
} }
if ((minKeyLen == -1) || (minKeyLen < 512)) { if ((minKeyLen == -1) || (minKeyLen < 512)) {
minKeyLen = 512; minKeyLen = 512;

4
src/jdk.crypto.ec/share/classes/sun/security/ec/ECKeyPairGenerator.java
View File

@ -39,6 +39,7 @@ import sun.security.ec.ECPublicKeyImpl;
import sun.security.jca.JCAUtil; import sun.security.jca.JCAUtil;
import sun.security.util.ECParameters; import sun.security.util.ECParameters;
import sun.security.util.ECUtil; import sun.security.util.ECUtil;
import static sun.security.util.SecurityProviderConstants.DEF_EC_KEY_SIZE;
/** /**
* EC keypair generator. * EC keypair generator.
@ -50,7 +51,6 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
private static final int KEY_SIZE_MIN = 112; // min bits (see ecc_impl.h) private static final int KEY_SIZE_MIN = 112; // min bits (see ecc_impl.h)
private static final int KEY_SIZE_MAX = 571; // max bits (see ecc_impl.h) private static final int KEY_SIZE_MAX = 571; // max bits (see ecc_impl.h)
private static final int KEY_SIZE_DEFAULT = 256;
// used to seed the keypair generator // used to seed the keypair generator
private SecureRandom random; private SecureRandom random;
@ -66,7 +66,7 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
*/ */
public ECKeyPairGenerator() { public ECKeyPairGenerator() {
// initialize to default in case the app does not call initialize() // initialize to default in case the app does not call initialize()
initialize(KEY_SIZE_DEFAULT, null); initialize(DEF_EC_KEY_SIZE, null);
} }
// initialize the generator. See JCA doc // initialize the generator. See JCA doc

8
src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,7 @@ import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec; import java.security.spec.RSAKeyGenParameterSpec;
import sun.security.rsa.RSAKeyFactory; import sun.security.rsa.RSAKeyFactory;
import static sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE;
/** /**
* RSA keypair generator. * RSA keypair generator.
@ -45,14 +46,13 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
// Supported by Microsoft Base, Strong and Enhanced Cryptographic Providers // Supported by Microsoft Base, Strong and Enhanced Cryptographic Providers
static final int KEY_SIZE_MIN = 512; // disallow MSCAPI min. of 384 static final int KEY_SIZE_MIN = 512; // disallow MSCAPI min. of 384
static final int KEY_SIZE_MAX = 16384; static final int KEY_SIZE_MAX = 16384;
private static final int KEY_SIZE_DEFAULT = 2048;
// size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX // size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX
private int keySize; private int keySize;
public RSAKeyPairGenerator() { public RSAKeyPairGenerator() {
// initialize to default in case the app does not call initialize() // initialize to default in case the app does not call initialize()
initialize(KEY_SIZE_DEFAULT, null); initialize(DEF_RSA_KEY_SIZE, null);
} }
// initialize the generator. See JCA doc // initialize the generator. See JCA doc
@ -76,7 +76,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
int tmpSize; int tmpSize;
if (params == null) { if (params == null) {
tmpSize = KEY_SIZE_DEFAULT; tmpSize = DEF_RSA_KEY_SIZE;
} else if (params instanceof RSAKeyGenParameterSpec) { } else if (params instanceof RSAKeyGenParameterSpec) {
if (((RSAKeyGenParameterSpec) params).getPublicExponent() != null) { if (((RSAKeyGenParameterSpec) params).getPublicExponent() != null) {

9
test/jdk/java/security/Signature/Offsets.java
View File

@ -34,7 +34,7 @@ import jdk.test.lib.RandomFactory;
/* /*
* @test * @test
* @bug 8050374 * @bug 8050374 8181048
* @key randomness * @key randomness
* @summary This test validates signature verification * @summary This test validates signature verification
* Signature.verify(byte[], int, int). The test uses RandomFactory to * Signature.verify(byte[], int, int). The test uses RandomFactory to
@ -106,18 +106,25 @@ public class Offsets {
Signature signature = Signature.getInstance(algorithm, provider); Signature signature = Signature.getInstance(algorithm, provider);
String keyAlgo; String keyAlgo;
int keySize = 2048;
if (algorithm.contains("RSA")) { if (algorithm.contains("RSA")) {
keyAlgo = "RSA"; keyAlgo = "RSA";
} else if (algorithm.contains("ECDSA")) { } else if (algorithm.contains("ECDSA")) {
keyAlgo = "EC"; keyAlgo = "EC";
keySize = 256;
} else if (algorithm.contains("DSA")) { } else if (algorithm.contains("DSA")) {
keyAlgo = "DSA"; keyAlgo = "DSA";
if (algorithm.startsWith("SHAwith") ||
algorithm.startsWith("SHA1with")) {
keySize = 1024;
}
} else { } else {
throw new RuntimeException("Test doesn't support this signature " throw new RuntimeException("Test doesn't support this signature "
+ "algorithm: " + algorithm); + "algorithm: " + algorithm);
} }
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider); KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair(); KeyPair kp = kpg.generateKeyPair();
PublicKey pubkey = kp.getPublic(); PublicKey pubkey = kp.getPublic();
PrivateKey privkey = kp.getPrivate(); PrivateKey privkey = kp.getPrivate();

23
test/jdk/java/security/SignedObject/Chain.java
View File

@ -32,7 +32,7 @@ import java.util.Arrays;
/* /*
* @test * @test
* @bug 8050374 * @bug 8050374 8181048
* @summary Verify a chain of signed objects * @summary Verify a chain of signed objects
*/ */
public class Chain { public class Chain {
@ -97,22 +97,28 @@ public class Chain {
final Provider provider; final Provider provider;
final KeyAlg keyAlg; final KeyAlg keyAlg;
final SigAlg sigAlg; final SigAlg sigAlg;
final int keySize;
Test(SigAlg sigAlg, KeyAlg keyAlg, Provider privider) { Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider) {
this.provider = privider; this(sigAlg, keyAlg, provider, -1);
}
Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider, int keySize) {
this.provider = provider;
this.keyAlg = keyAlg; this.keyAlg = keyAlg;
this.sigAlg = sigAlg; this.sigAlg = sigAlg;
this.keySize = keySize;
} }
} }
private static final Test[] tests = { private static final Test[] tests = {
new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default), new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024),
new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA1withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.SHA1withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun), new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun, 1024),
new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun), new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun, 2048),
new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun), new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun, 2048),
}; };
private static final String str = "to-be-signed"; private static final String str = "to-be-signed";
@ -148,6 +154,9 @@ public class Chain {
kpg = KeyPairGenerator.getInstance(test.keyAlg.name); kpg = KeyPairGenerator.getInstance(test.keyAlg.name);
} }
for (int j=0; j < N; j++) { for (int j=0; j < N; j++) {
if (test.keySize != -1) {
kpg.initialize(test.keySize);
}
KeyPair kp = kpg.genKeyPair(); KeyPair kp = kpg.genKeyPair();
KeyPair anotherKp = kpg.genKeyPair(); KeyPair anotherKp = kpg.genKeyPair();
privKeys[j] = kp.getPrivate(); privKeys[j] = kp.getPrivate();

5
test/jdk/sun/security/provider/DSA/TestAlgParameterGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 7044060 8055351 * @bug 7044060 8055351 8181048
* @summary verify that DSA parameter generation works * @summary verify that DSA parameter generation works
* @run main/timeout=600 TestAlgParameterGenerator * @run main/timeout=600 TestAlgParameterGenerator
*/ */
@ -81,7 +81,6 @@ public class TestAlgParameterGenerator {
AlgorithmParameters param = apg.generateParameters(); AlgorithmParameters param = apg.generateParameters();
stop = System.currentTimeMillis(); stop = System.currentTimeMillis();
System.out.println("Time: " + (stop - start) + " ms."); System.out.println("Time: " + (stop - start) + " ms.");
checkParamStrength(param, 1024);
// make sure the old model works // make sure the old model works
int[] strengths = {512, 768, 1024}; int[] strengths = {512, 768, 1024};

7
test/jdk/sun/security/provider/DSA/TestKeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 4800108 8072452 * @bug 4800108 8072452 8181048
* @summary verify that precomputed DSA parameters are always used (512, 768, * @summary verify that precomputed DSA parameters are always used (512, 768,
* 1024, 2048, 3072 bit) * 1024, 2048, 3072 bit)
* @run main/othervm/timeout=15 TestKeyPairGenerator * @run main/othervm/timeout=15 TestKeyPairGenerator
@ -59,15 +59,12 @@ public class TestKeyPairGenerator {
// on JDKs that do not have the fix // on JDKs that do not have the fix
kpg = KeyPairGenerator.getInstance("DSA", "SUN"); kpg = KeyPairGenerator.getInstance("DSA", "SUN");
kp = kpg.generateKeyPair(); kp = kpg.generateKeyPair();
checkKeyLength(kp, 1024);
kpg = KeyPairGenerator.getInstance("DSA", "SUN"); kpg = KeyPairGenerator.getInstance("DSA", "SUN");
kp = kpg.generateKeyPair(); kp = kpg.generateKeyPair();
checkKeyLength(kp, 1024);
// some other basic tests // some other basic tests
kp = kpg.generateKeyPair(); kp = kpg.generateKeyPair();
checkKeyLength(kp, 1024);
kpg.initialize(1024); kpg.initialize(1024);
kp = kpg.generateKeyPair(); kp = kpg.generateKeyPair();

84
test/jdk/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java Normal file
View File

@ -0,0 +1,84 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8181048
* @summary verify that when the returned DSA KeyPairGenerator is
* an instance of java.security.interfaces.DSAKeyPairGenerator,
* the behavior is compliant with the javadoc spec.
* @run main/othervm -Djdk.security.legacyDSAKeyPairGenerator=tRUe TestLegacyDSAKeyPairGenerator
*/
import java.security.*;
import java.security.interfaces.*;
public class TestLegacyDSAKeyPairGenerator {
private static void checkKeyLength(KeyPair kp, int len) throws Exception {
DSAPublicKey key = (DSAPublicKey)kp.getPublic();
int n = key.getParams().getP().bitLength();
System.out.println("Key length: " + n);
if (len != n) {
throw new Exception("Wrong key length");
}
}
public static void main(String[] args) throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", "SUN");
// check the returned object implements the legacy interface
if (!(kpg instanceof DSAKeyPairGenerator)) {
throw new Exception("Should be an instance of DSAKeyPairGenerator");
}
System.out.println("Returned an instance of DSAKeyPairGenerator");
// check the default key size is 1024 when initiaize(..) is not called
KeyPair kp1 = kpg.generateKeyPair();
checkKeyLength(kp1, 1024);
KeyPair kp2 = kpg.generateKeyPair();
checkKeyLength(kp2, 1024);
System.out.println("Used 1024 default key size");
// check kp1 and kp2 uses the same DSA parameters p, q, g
DSAParams param1 = ((DSAPublicKey)kp1.getPublic()).getParams();
DSAParams param2 = ((DSAPublicKey)kp2.getPublic()).getParams();
if ((param1.getP().compareTo(param2.getP()) != 0) ||
(param1.getQ().compareTo(param2.getQ()) != 0) ||
(param1.getG().compareTo(param2.getG()) != 0)) {
throw new RuntimeException("Key params mismatch");
}
System.out.println("Used same default params");
// check that the documented exception is thrown if no cached parameters
int sizeNotInCache = (1024 - 64);
try {
((DSAKeyPairGenerator)kpg).initialize(sizeNotInCache, false, null);
throw new RuntimeException("Expected IPE not thrown");
} catch (InvalidParameterException ipe) {
System.out.println("Throwed expected IPE");
}
((DSAKeyPairGenerator)kpg).initialize(sizeNotInCache, true, null);
KeyPair kp = kpg.generateKeyPair();
checkKeyLength(kp, sizeNotInCache);
System.out.println("Generated requested key size");
}
}