|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
|
|
package sun.security.util; |
|
|
|
import java.security.AlgorithmParameters; |
|
import java.security.Key; |
|
import java.security.InvalidKeyException; |
|
import java.security.interfaces.ECKey; |
|
import java.security.interfaces.EdECKey; |
|
import java.security.interfaces.EdECPublicKey; |
|
import java.security.interfaces.RSAKey; |
|
import java.security.interfaces.DSAKey; |
|
import java.security.interfaces.DSAParams; |
|
import java.security.interfaces.XECKey; |
|
import java.security.SecureRandom; |
|
import java.security.spec.AlgorithmParameterSpec; |
|
import java.security.spec.KeySpec; |
|
import java.security.spec.ECParameterSpec; |
|
import java.security.spec.InvalidParameterSpecException; |
|
import javax.crypto.SecretKey; |
|
import javax.crypto.interfaces.DHKey; |
|
import javax.crypto.interfaces.DHPublicKey; |
|
import javax.crypto.spec.DHParameterSpec; |
|
import javax.crypto.spec.DHPublicKeySpec; |
|
import java.math.BigInteger; |
|
import java.security.spec.NamedParameterSpec; |
|
import java.util.Arrays; |
|
|
|
import sun.security.jca.JCAUtil; |
|
|
|
|
|
|
|
*/ |
|
public final class KeyUtil { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
public static final int getKeySize(Key key) { |
|
int size = -1; |
|
|
|
if (key instanceof Length) { |
|
try { |
|
Length ruler = (Length)key; |
|
size = ruler.length(); |
|
} catch (UnsupportedOperationException usoe) { |
|
// ignore the exception |
|
} |
|
|
|
if (size >= 0) { |
|
return size; |
|
} |
|
} |
|
|
|
|
|
if (key instanceof SecretKey) { |
|
SecretKey sk = (SecretKey)key; |
|
String format = sk.getFormat(); |
|
if ("RAW".equals(format)) { |
|
byte[] encoded = sk.getEncoded(); |
|
if (encoded != null) { |
|
size = (encoded.length * 8); |
|
Arrays.fill(encoded, (byte)0); |
|
} |
|
} // Otherwise, it may be a unextractable key of PKCS#11, or |
|
// a key we are not able to handle. |
|
} else if (key instanceof RSAKey) { |
|
RSAKey pubk = (RSAKey)key; |
|
size = pubk.getModulus().bitLength(); |
|
} else if (key instanceof ECKey) { |
|
ECKey pubk = (ECKey)key; |
|
size = pubk.getParams().getOrder().bitLength(); |
|
} else if (key instanceof DSAKey) { |
|
DSAKey pubk = (DSAKey)key; |
|
DSAParams params = pubk.getParams(); |
|
size = (params != null) ? params.getP().bitLength() : -1; |
|
} else if (key instanceof DHKey) { |
|
DHKey pubk = (DHKey)key; |
|
size = pubk.getParams().getP().bitLength(); |
|
} else if (key instanceof XECKey) { |
|
XECKey pubk = (XECKey)key; |
|
AlgorithmParameterSpec params = pubk.getParams(); |
|
if (params instanceof NamedParameterSpec) { |
|
String name = ((NamedParameterSpec) params).getName(); |
|
if (name.equalsIgnoreCase(NamedParameterSpec.X25519.getName())) { |
|
size = 255; |
|
} else if (name.equalsIgnoreCase(NamedParameterSpec.X448.getName())) { |
|
size = 448; |
|
} else { |
|
size = -1; |
|
} |
|
} else { |
|
size = -1; |
|
} |
|
} else if (key instanceof EdECKey) { |
|
String nc = ((EdECKey) key).getParams().getName(); |
|
if (nc.equalsIgnoreCase(NamedParameterSpec.ED25519.getName())) { |
|
size = 255; |
|
} else if (nc.equalsIgnoreCase( |
|
NamedParameterSpec.ED448.getName())) { |
|
size = 448; |
|
} else { |
|
size = -1; |
|
} |
|
} // Otherwise, it may be a unextractable key of PKCS#11, or |
|
// a key we are not able to handle. |
|
|
|
return size; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
public static final int getKeySize(AlgorithmParameters parameters) { |
|
|
|
String algorithm = parameters.getAlgorithm(); |
|
switch (algorithm) { |
|
case "EC": |
|
try { |
|
ECKeySizeParameterSpec ps = parameters.getParameterSpec( |
|
ECKeySizeParameterSpec.class); |
|
if (ps != null) { |
|
return ps.getKeySize(); |
|
} |
|
} catch (InvalidParameterSpecException ipse) { |
|
// ignore |
|
} |
|
|
|
try { |
|
ECParameterSpec ps = parameters.getParameterSpec( |
|
ECParameterSpec.class); |
|
if (ps != null) { |
|
return ps.getOrder().bitLength(); |
|
} |
|
} catch (InvalidParameterSpecException ipse) { |
|
// ignore |
|
} |
|
|
|
// Note: the ECGenParameterSpec case should be covered by the |
|
// ECParameterSpec case above. |
|
// See ECUtil.getECParameterSpec(Provider, String). |
|
|
|
break; |
|
case "DiffieHellman": |
|
try { |
|
DHParameterSpec ps = parameters.getParameterSpec( |
|
DHParameterSpec.class); |
|
if (ps != null) { |
|
return ps.getP().bitLength(); |
|
} |
|
} catch (InvalidParameterSpecException ipse) { |
|
// ignore |
|
} |
|
break; |
|
|
|
// May support more AlgorithmParameters algorithms in the future. |
|
} |
|
|
|
return -1; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
public static final void validate(Key key) |
|
throws InvalidKeyException { |
|
if (key == null) { |
|
throw new NullPointerException( |
|
"The key to be validated cannot be null"); |
|
} |
|
|
|
if (key instanceof DHPublicKey) { |
|
validateDHPublicKey((DHPublicKey)key); |
|
} |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
public static final void validate(KeySpec keySpec) |
|
throws InvalidKeyException { |
|
if (keySpec == null) { |
|
throw new NullPointerException( |
|
"The key spec to be validated cannot be null"); |
|
} |
|
|
|
if (keySpec instanceof DHPublicKeySpec) { |
|
validateDHPublicKey((DHPublicKeySpec)keySpec); |
|
} |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
public static final boolean isOracleJCEProvider(String providerName) { |
|
return providerName != null && |
|
(providerName.equals("SunJCE") || |
|
providerName.equals("SunMSCAPI") || |
|
providerName.startsWith("SunPKCS11")); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
public static byte[] checkTlsPreMasterSecretKey( |
|
int clientVersion, int serverVersion, SecureRandom random, |
|
byte[] encoded, boolean isFailOver) { |
|
|
|
if (random == null) { |
|
random = JCAUtil.getSecureRandom(); |
|
} |
|
byte[] replacer = new byte[48]; |
|
random.nextBytes(replacer); |
|
|
|
if (!isFailOver && (encoded != null)) { |
|
|
|
if (encoded.length != 48) { |
|
|
|
return replacer; |
|
} |
|
|
|
int encodedVersion = |
|
((encoded[0] & 0xFF) << 8) | (encoded[1] & 0xFF); |
|
if (clientVersion != encodedVersion) { |
|
if (clientVersion > 0x0301 || |
|
serverVersion != encodedVersion) { |
|
encoded = replacer; |
|
} // Otherwise, For compatibility, we maintain the behavior |
|
// that the version in pre_master_secret can be the |
|
// negotiated version for TLS v1.0 and SSL v3.0. |
|
} |
|
|
|
|
|
return encoded; |
|
} |
|
|
|
|
|
return replacer; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
private static void validateDHPublicKey(DHPublicKey publicKey) |
|
throws InvalidKeyException { |
|
DHParameterSpec paramSpec = publicKey.getParams(); |
|
|
|
BigInteger p = paramSpec.getP(); |
|
BigInteger g = paramSpec.getG(); |
|
BigInteger y = publicKey.getY(); |
|
|
|
validateDHPublicKey(p, g, y); |
|
} |
|
|
|
private static void validateDHPublicKey(DHPublicKeySpec publicKeySpec) |
|
throws InvalidKeyException { |
|
validateDHPublicKey(publicKeySpec.getP(), |
|
publicKeySpec.getG(), publicKeySpec.getY()); |
|
} |
|
|
|
private static void validateDHPublicKey(BigInteger p, |
|
BigInteger g, BigInteger y) throws InvalidKeyException { |
|
|
|
|
|
BigInteger leftOpen = BigInteger.ONE; |
|
BigInteger rightOpen = p.subtract(BigInteger.ONE); |
|
if (y.compareTo(leftOpen) <= 0) { |
|
throw new InvalidKeyException( |
|
"Diffie-Hellman public key is too small"); |
|
} |
|
if (y.compareTo(rightOpen) >= 0) { |
|
throw new InvalidKeyException( |
|
"Diffie-Hellman public key is too large"); |
|
} |
|
|
|
// y^q mod p == 1? |
|
// Unable to perform this check as q is unknown in this circumstance. |
|
|
|
// p is expected to be prime. However, it is too expensive to check |
|
// that p is prime. Instead, in order to mitigate the impact of |
|
|
|
BigInteger r = p.remainder(y); |
|
if (r.equals(BigInteger.ZERO)) { |
|
throw new InvalidKeyException("Invalid Diffie-Hellman parameters"); |
|
} |
|
} |
|
|
|
|
|
|
|
|
|
|
|
*/ |
|
public static byte[] trimZeroes(byte[] b) { |
|
int i = 0; |
|
while ((i < b.length - 1) && (b[i] == 0)) { |
|
i++; |
|
} |
|
if (i == 0) { |
|
return b; |
|
} |
|
byte[] t = new byte[b.length - i]; |
|
System.arraycopy(b, i, t, 0, t.length); |
|
return t; |
|
} |
|
|
|
} |
|
|