Skip to content
This repository has been archived by the owner on May 29, 2024. It is now read-only.

Commit

Permalink
8286503: Enhance security classes
Browse files Browse the repository at this point in the history
Backport-of: 7f5e120a631ffda3e6d5efc03bae572b21877b69
  • Loading branch information
Yuri Nesterenko authored and RealCLanger committed Oct 11, 2023
1 parent 3256286 commit 87c0d67
Show file tree
Hide file tree
Showing 39 changed files with 955 additions and 167 deletions.
27 changes: 21 additions & 6 deletions src/java.base/share/classes/com/sun/crypto/provider/DESKey.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -25,6 +25,8 @@

package com.sun.crypto.provider;

import java.io.IOException;
import java.io.InvalidObjectException;
import java.lang.ref.Reference;
import java.security.MessageDigest;
import java.security.KeyRep;
Expand All @@ -44,7 +46,7 @@
final class DESKey implements SecretKey {

@java.io.Serial
static final long serialVersionUID = 7724971015953279128L;
private static final long serialVersionUID = 7724971015953279128L;

private byte[] key;

Expand Down Expand Up @@ -113,7 +115,7 @@ public int hashCode() {
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return(retval ^= "des".hashCode());
return(retval ^ "des".hashCode());
}

public boolean equals(Object obj) {
Expand All @@ -134,15 +136,28 @@ public boolean equals(Object obj) {
}

/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if ((key == null) || (key.length != DESKeySpec.DES_KEY_LEN)) {
throw new InvalidObjectException("Wrong key size");
}
key = key.clone();

DESKeyGenerator.setParityBit(key, 0);

// Use the cleaner to zero the key when no longer referenced
final byte[] k = key;
CleanerFactory.cleaner().register(this,
() -> java.util.Arrays.fill(k, (byte)0x00));
}

/**
Expand Down
29 changes: 23 additions & 6 deletions src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -25,6 +25,8 @@

package com.sun.crypto.provider;

import java.io.IOException;
import java.io.InvalidObjectException;
import java.lang.ref.Reference;
import java.security.MessageDigest;
import java.security.KeyRep;
Expand All @@ -44,7 +46,7 @@
final class DESedeKey implements SecretKey {

@java.io.Serial
static final long serialVersionUID = 2463986565756745178L;
private static final long serialVersionUID = 2463986565756745178L;

private byte[] key;

Expand Down Expand Up @@ -112,7 +114,7 @@ public int hashCode() {
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return(retval ^= "desede".hashCode());
return(retval ^ "desede".hashCode());
}

public boolean equals(Object obj) {
Expand All @@ -134,15 +136,30 @@ public boolean equals(Object obj) {
}

/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if ((key == null) || (key.length != DESedeKeySpec.DES_EDE_KEY_LEN)) {
throw new InvalidObjectException("Wrong key size");
}
key = key.clone();

DESKeyGenerator.setParityBit(key, 0);
DESKeyGenerator.setParityBit(key, 8);
DESKeyGenerator.setParityBit(key, 16);

// Use the cleaner to zero the key when no longer referenced
final byte[] k = key;
CleanerFactory.cleaner().register(this,
() -> java.util.Arrays.fill(k, (byte)0x00));
}

/**
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -41,16 +41,14 @@
* algorithm.
*
* @author Jan Luehe
*
*
* @see DHPublicKey
* @see java.security.KeyAgreement
*/
final class DHPrivateKey implements PrivateKey,
javax.crypto.interfaces.DHPrivateKey, Serializable {

@java.io.Serial
static final long serialVersionUID = 7565477590005668886L;
private static final long serialVersionUID = 7565477590005668886L;

// only supported version of PKCS#8 PrivateKeyInfo
private static final BigInteger PKCS8_VERSION = BigInteger.ZERO;
Expand All @@ -65,10 +63,10 @@ final class DHPrivateKey implements PrivateKey,
private byte[] encodedKey;

// the prime modulus
private BigInteger p;
private final BigInteger p;

// the base generator
private BigInteger g;
private final BigInteger g;

// the private-value length (optional)
private int l;
Expand Down Expand Up @@ -336,4 +334,28 @@ private Object writeReplace() throws java.io.ObjectStreamException {
getFormat(),
encodedKey);
}

/**
* Restores the state of this object from the stream.
* <p>
* JDK 1.5+ objects use <code>KeyRep</code>s instead.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((key == null) || (key.length == 0)) {
throw new InvalidObjectException("key not deserializable");
}
this.key = key.clone();
if ((encodedKey == null) || (encodedKey.length == 0)) {
throw new InvalidObjectException(
"encoded key not deserializable");
}
this.encodedKey = encodedKey.clone();
}
}
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -40,16 +40,14 @@
* A public key in X.509 format for the Diffie-Hellman key agreement algorithm.
*
* @author Jan Luehe
*
*
* @see DHPrivateKey
* @see javax.crypto.KeyAgreement
*/
final class DHPublicKey implements PublicKey,
javax.crypto.interfaces.DHPublicKey, Serializable {

@java.io.Serial
static final long serialVersionUID = 7647557958927458271L;
private static final long serialVersionUID = 7647557958927458271L;

// the public key
private BigInteger y;
Expand All @@ -61,10 +59,10 @@ final class DHPublicKey implements PublicKey,
private byte[] encodedKey;

// the prime modulus
private BigInteger p;
private final BigInteger p;

// the base generator
private BigInteger g;
private final BigInteger g;

// the private-value length (optional)
private int l;
Expand Down Expand Up @@ -324,4 +322,28 @@ private Object writeReplace() throws java.io.ObjectStreamException {
getFormat(),
getEncoded());
}

/**
* Restores the state of this object from the stream.
* <p>
* JDK 1.5+ objects use <code>KeyRep</code>s instead.
*
* @param stream the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject();
if ((key == null) || (key.length == 0)) {
throw new InvalidObjectException("key not deserializable");
}
this.key = key.clone();
if ((encodedKey == null) || (encodedKey.length == 0)) {
throw new InvalidObjectException(
"encoded key not deserializable");
}
this.encodedKey = encodedKey.clone();
}
}
39 changes: 32 additions & 7 deletions src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -25,6 +25,8 @@

package com.sun.crypto.provider;

import java.io.IOException;
import java.io.InvalidObjectException;
import java.lang.ref.Reference;
import java.security.MessageDigest;
import java.security.KeyRep;
Expand All @@ -45,11 +47,11 @@
final class PBEKey implements SecretKey {

@java.io.Serial
static final long serialVersionUID = -2234768909660948176L;
private static final long serialVersionUID = -2234768909660948176L;

private byte[] key;

private String type;
private final String type;

/**
* Creates a PBE key from a given PBE key specification.
Expand Down Expand Up @@ -110,7 +112,7 @@ public int hashCode() {
for (int i = 1; i < this.key.length; i++) {
retval += this.key[i] * i;
}
return(retval ^= getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
return(retval ^ getAlgorithm().toLowerCase(Locale.ENGLISH).hashCode());
}

public boolean equals(Object obj) {
Expand Down Expand Up @@ -144,15 +146,38 @@ public void destroy() {
}

/**
* readObject is called to restore the state of this key from
* a stream.
* Restores the state of this object from the stream.
*
* @param s the {@code ObjectInputStream} from which data is read
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a serialized class cannot be loaded
*/
@java.io.Serial
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException, ClassNotFoundException
throws IOException, ClassNotFoundException
{
s.defaultReadObject();
if (key == null) {
throw new InvalidObjectException(
"PBEKey couldn't be deserialized");
}
key = key.clone();

// Accept "\0" to signify "zero-length password with no terminator".
if (!(key.length == 1 && key[0] == 0)) {
for (int i = 0; i < key.length; i++) {
if ((key[i] < '\u0020') || (key[i] > '\u007E')) {
throw new InvalidObjectException(
"PBEKey had non-ASCII chars");
}
}
}

// Use the cleaner to zero the key when no longer referenced
final byte[] k = this.key;
CleanerFactory.cleaner().register(this,
() -> Arrays.fill(k, (byte) 0x00));

}


Expand Down
Loading

0 comments on commit 87c0d67

Please sign in to comment.