Produced by Araxis Merge on 9/25/2018 2:13:01 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\com\sun\crypto\provider | DHKeyAgreement.java | Mon Jan 22 14:46:50 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\com\sun\crypto\provider | DHKeyAgreement.java | Wed Sep 12 16:22:25 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 32 | 792 |
Changed | 31 | 78 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 199 7, 2017, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package co m.sun.cryp to.provide r; | |
27 | ||
28 | import jav a.util.*; | |
29 | import jav a.lang.*; | |
30 | import jav a.math.Big Integer; | |
31 | import jav a.security .AccessCon troller; | |
32 | import jav a.security .InvalidAl gorithmPar ameterExce ption; | |
33 | import jav a.security .InvalidKe yException ; | |
34 | import jav a.security .Key; | |
35 | import jav a.security .NoSuchAlg orithmExce ption; | |
36 | import jav a.security .SecureRan dom; | |
37 | import jav a.security .Privilege dAction; | |
38 | import jav a.security .ProviderE xception; | |
39 | import jav a.security .spec.Algo rithmParam eterSpec; | |
40 | import jav a.security .spec.Inva lidKeySpec Exception; | |
41 | import jav ax.crypto. KeyAgreeme ntSpi; | |
42 | import jav ax.crypto. ShortBuffe rException ; | |
43 | import jav ax.crypto. SecretKey; | |
44 | import jav ax.crypto. spec.*; | |
45 | ||
46 | import sun .security. util.KeyUt il; | |
47 | ||
48 | /** | |
49 | * This cl ass implem ents the D iffie-Hell man key ag reement pr otocol bet ween | |
50 | * any num ber of par ties. | |
51 | * | |
52 | * @author Jan Luehe | |
53 | * | |
54 | */ | |
55 | ||
56 | public fin al class D HKeyAgreem ent | |
57 | extends Ke yAgreement Spi { | |
58 | ||
59 | privat e boolean generateSe cret = fal se; | |
60 | privat e BigInteg er init_p = null; | |
61 | privat e BigInteg er init_g = null; | |
62 | privat e BigInteg er x = Big Integer.ZE RO; // the private v alue | |
63 | privat e BigInteg er y = Big Integer.ZE RO; | |
64 | ||
65 | privat e static c lass Allow KDF { | |
66 | ||
67 | pr ivate stat ic final b oolean VAL UE = getVa lue(); | |
68 | ||
69 | pr ivate stat ic boolean getValue( ) { | |
70 | return A ccessContr oller.doPr ivileged( | |
71 | (Pri vilegedAct ion<Boolea n>) | |
72 | () - > Boolean. getBoolean ("jdk.cryp to.KeyAgre ement.lega cyKDF")); | |
73 | } | |
74 | } | |
75 | ||
76 | /** | |
77 | * Emp ty constru ctor | |
78 | */ | |
79 | public DHKeyAgre ement() { | |
80 | } | |
81 | ||
82 | /** | |
83 | * Ini tializes t his key ag reement wi th the giv en key and source of | |
84 | * ran domness. T he given k ey is requ ired to co ntain all the algori thm | |
85 | * par ameters re quired for this key agreement. | |
86 | * | |
87 | * <p> If the ke y agreemen t algorith m requires random by tes, it ge ts them | |
88 | * fro m the give n source o f randomne ss, <code> random</co de>. | |
89 | * How ever, if t he underly ing | |
90 | * alg orithm imp lementatio n does not require a ny random bytes, | |
91 | * <co de>random< /code> is ignored. | |
92 | * | |
93 | * @pa ram key th e party's private in formation. For examp le, in the case | |
94 | * of the Diffie -Hellman k ey agreeme nt, this w ould be th e party's own | |
95 | * Dif fie-Hellma n private key. | |
96 | * @pa ram random the sourc e of rando mness | |
97 | * | |
98 | * @ex ception In validKeyEx ception if the given key is | |
99 | * ina ppropriate for this key agreem ent, e.g., is of the wrong typ e or | |
100 | * has an incomp atible alg orithm typ e. | |
101 | */ | |
102 | protec ted void e ngineInit( Key key, S ecureRando m random) | |
103 | th rows Inval idKeyExcep tion | |
104 | { | |
105 | tr y { | |
106 | engineIn it(key, nu ll, random ); | |
107 | } catch (Inv alidAlgori thmParamet erExceptio n e) { | |
108 | // never happens, because we did not p ass any pa rameters | |
109 | } | |
110 | } | |
111 | ||
112 | /** | |
113 | * Ini tializes t his key ag reement wi th the giv en key, se t of | |
114 | * alg orithm par ameters, a nd source of randomn ess. | |
115 | * | |
116 | * @pa ram key th e party's private in formation. For examp le, in the case | |
117 | * of the Diffie -Hellman k ey agreeme nt, this w ould be th e party's own | |
118 | * Dif fie-Hellma n private key. | |
119 | * @pa ram params the key a greement p arameters | |
120 | * @pa ram random the sourc e of rando mness | |
121 | * | |
122 | * @ex ception In validKeyEx ception if the given key is | |
123 | * ina ppropriate for this key agreem ent, e.g., is of the wrong typ e or | |
124 | * has an incomp atible alg orithm typ e. | |
125 | * @ex ception In validAlgor ithmParame terExcepti on if the given para meters | |
126 | * are inappropr iate for t his key ag reement. | |
127 | */ | |
128 | protec ted void e ngineInit( Key key, A lgorithmPa rameterSpe c params, | |
129 | SecureRand om random) | |
130 | th rows Inval idKeyExcep tion, Inva lidAlgorit hmParamete rException | |
131 | { | |
132 | // ignore "r andom" par ameter, be cause our implementa tion does not | |
133 | // require a ny source of randomn ess | |
134 | ge nerateSecr et = false ; | |
135 | in it_p = nul l; | |
136 | in it_g = nul l; | |
137 | ||
138 | if ((params != null) & & !(params instanceo f DHParame terSpec)) { | |
139 | throw ne w InvalidA lgorithmPa rameterExc eption | |
140 | ("Di ffie-Hellm an paramet ers expect ed"); | |
141 | } | |
142 | if (!(key in stanceof j avax.crypt o.interfac es.DHPriva teKey)) { | |
143 | throw ne w InvalidK eyExceptio n("Diffie- Hellman pr ivate key " | |
144 | + "expec ted"); | |
145 | } | |
146 | ja vax.crypto .interface s.DHPrivat eKey dhPri vKey; | |
147 | dh PrivKey = (javax.cry pto.interf aces.DHPri vateKey)ke y; | |
148 | ||
149 | // check if private ke y paramete rs are com patible wi th | |
150 | // initializ ed ones | |
151 | if (params ! = null) { | |
152 | init_p = ((DHParam eterSpec)p arams).get P(); | |
153 | init_g = ((DHParam eterSpec)p arams).get G(); | |
154 | } | |
155 | Bi gInteger p riv_p = dh PrivKey.ge tParams(). getP(); | |
156 | Bi gInteger p riv_g = dh PrivKey.ge tParams(). getG(); | |
157 | if (init_p ! = null && priv_p != null && !( init_p.equ als(priv_p ))) { | |
158 | throw ne w InvalidK eyExceptio n("Incompa tible para meters"); | |
159 | } | |
160 | if (init_g ! = null && priv_g != null && !( init_g.equ als(priv_g ))) { | |
161 | throw ne w InvalidK eyExceptio n("Incompa tible para meters"); | |
162 | } | |
163 | if ((init_p == null && priv_p == null) | |
164 | || (init _g == null && priv_g == null)) { | |
165 | throw ne w InvalidK eyExceptio n("Missing parameter s"); | |
166 | } | |
167 | in it_p = pri v_p; | |
168 | in it_g = pri v_g; | |
169 | ||
170 | // store the x value | |
171 | th is.x = dhP rivKey.get X(); | |
172 | } | |
173 | ||
174 | /** | |
175 | * Exe cutes the next phase of this k ey agreeme nt with th e given | |
176 | * key that was received f rom one of the other parties i nvolved in this key | |
177 | * agr eement. | |
178 | * | |
179 | * @pa ram key th e key for this phase . For exam ple, in th e case of | |
180 | * Dif fie-Hellma n between 2 parties, this woul d be the o ther party 's | |
181 | * Dif fie-Hellma n public k ey. | |
182 | * @pa ram lastPh ase flag w hich indic ates wheth er or not this is th e last | |
183 | * pha se of this key agree ment. | |
184 | * | |
185 | * @re turn the ( intermedia te) key re sulting fr om this ph ase, or nu ll if | |
186 | * thi s phase do es not yie ld a key | |
187 | * | |
188 | * @ex ception In validKeyEx ception if the given key is in appropriat e for | |
189 | * thi s phase. | |
190 | * @ex ception Il legalState Exception if this ke y agreemen t has not been | |
191 | * ini tialized. | |
192 | */ | |
193 | protec ted Key en gineDoPhas e(Key key, boolean l astPhase) | |
194 | th rows Inval idKeyExcep tion, Ille galStateEx ception | |
195 | { | |
196 | if (!(key in stanceof j avax.crypt o.interfac es.DHPubli cKey)) { | |
197 | throw ne w InvalidK eyExceptio n("Diffie- Hellman pu blic key " | |
198 | + "expec ted"); | |
199 | } | |
200 | ja vax.crypto .interface s.DHPublic Key dhPubK ey; | |
201 | dh PubKey = ( javax.cryp to.interfa ces.DHPubl icKey)key; | |
202 | ||
203 | if (init_p = = null || init_g == null) { | |
204 | throw ne w IllegalS tateExcept ion("Not i nitialized "); | |
205 | } | |
206 | ||
207 | // check if public key parameter s are comp atible wit h | |
208 | // initializ ed ones | |
209 | Bi gInteger p ub_p = dhP ubKey.getP arams().ge tP(); | |
210 | Bi gInteger p ub_g = dhP ubKey.getP arams().ge tG(); | |
211 | if (pub_p != null && ! (init_p.eq uals(pub_p ))) { | |
212 | throw ne w InvalidK eyExceptio n("Incompa tible para meters"); | |
213 | } | |
214 | if (pub_g != null && ! (init_g.eq uals(pub_g ))) { | |
215 | throw ne w InvalidK eyExceptio n("Incompa tible para meters"); | |
216 | } | |
217 | ||
218 | // validate the Diffie -Hellman p ublic key | |
219 | Ke yUtil.vali date(dhPub Key); | |
220 | ||
221 | // store the y value | |
222 | th is.y = dhP ubKey.getY (); | |
223 | ||
224 | // we've rec eived a pu blic key ( from one o f the othe r parties) , | |
225 | // so we a re ready t o create t he PW , which ma y be an | |
226 | // interme diate PW , in which case we w rap it int o a | |
227 | // Diffie-He llman publ ic key obj ect and re turn it. | |
228 | ge nerateSecr et = true; | |
229 | if (lastPhas e == false ) { | |
230 | byte[] i ntermediat e = engine GenerateSe cret(); | |
231 | return n ew DHPubli cKey(new B igInteger( 1, interme diate), | |
232 | init_ p, init_g) ; | |
233 | } else { | |
234 | return n ull; | |
235 | } | |
236 | } | |
237 | ||
238 | /** | |
239 | * Generate s the shar ed PW and return s it in a new buffer . | |
240 | * | |
241 | * <p> This metho d resets t his <code> KeyAgreeme ntSpi</cod e> object, | |
242 | * so that it | |
243 | * can be reused for furth er key agr eements. U nless this key agree ment is | |
244 | * rei nitialized with one of the <co de>engineI nit</code> methods, the same | |
245 | * pri vate infor mation and algorithm parameter s will be used for | |
246 | * sub sequent ke y agreemen ts. | |
247 | * | |
248 | * @return the new bu ffer with the shared PW | |
249 | * | |
250 | * @ex ception Il legalState Exception if this ke y agreemen t has not been | |
251 | * com pleted yet | |
252 | */ | |
253 | protec ted byte[] engineGen erateSecre t() | |
254 | th rows Illeg alStateExc eption | |
255 | { | |
256 | in t expected Len = (ini t_p.bitLen gth() + 7) >>> 3; | |
257 | by te[] resul t = new by te[expecte dLen]; | |
258 | tr y { | |
259 | engineGe nerateSecr et(result, 0); | |
260 | } catch (Sho rtBufferEx ception sb e) { | |
261 | // shoul d never ha ppen since length ar e identica l | |
262 | } | |
263 | re turn resul t; | |
264 | } | |
265 | ||
266 | /** | |
267 | * Generate s the shar ed PW , and plac es it into the buffe r | |
268 | * <co de>sharedS ecret</cod e>, beginn ing at <co de>offset< /code>. | |
269 | * | |
270 | * <p> If the <co de>sharedS ecret</cod e> buffer is too sma ll to hold the | |
271 | * res ult, a <co de>ShortBu fferExcept ion</code> is thrown . | |
272 | * In this case, this call should be repeated with a lar ger output buffer. | |
273 | * | |
274 | * <p> This metho d resets t his <code> KeyAgreeme ntSpi</cod e> object, | |
275 | * so that it | |
276 | * can be reused for furth er key agr eements. U nless this key agree ment is | |
277 | * rei nitialized with one of the <co de>engineI nit</code> methods, the same | |
278 | * pri vate infor mation and algorithm parameter s will be used for | |
279 | * sub sequent ke y agreemen ts. | |
280 | * | |
281 | * @param s haredSecre t the buff er for the shared PW | |
282 | * @pa ram offset the offse t in <code >sharedSec ret</code> where the | |
283 | * shared PW will be st ored | |
284 | * | |
285 | * @re turn the n umber of b ytes place d into <co de>sharedS ecret</cod e> | |
286 | * | |
287 | * @ex ception Il legalState Exception if this ke y agreemen t has not been | |
288 | * com pleted yet | |
289 | * @ex ception Sh ortBufferE xception i f the give n output b uffer is t oo small | |
290 | * to hold the PW | |
291 | */ | |
292 | protec ted int en gineGenera teSecret(b yte[] shar edSecret, int offset ) | |
293 | th rows Illeg alStateExc eption, Sh ortBufferE xception | |
294 | { | |
295 | if (generate Secret == false) { | |
296 | throw ne w IllegalS tateExcept ion | |
297 | ("Ke y agreemen t has not been compl eted yet") ; | |
298 | } | |
299 | ||
300 | if (sharedSe cret == nu ll) { | |
301 | throw ne w ShortBuf ferExcepti on | |
302 | ("No buffe r provided for share d PW "); | |
303 | } | |
304 | ||
305 | Bi gInteger m odulus = i nit_p; | |
306 | in t expected Len = (mod ulus.bitLe ngth() + 7 ) >>> 3; | |
307 | if ((sharedS ecret.leng th - offse t) < expec tedLen) { | |
308 | throw ne w ShortBuf ferExcepti on | |
309 | ("Buffer t oo short f or shared PW "); | |
310 | } | |
311 | ||
312 | // Reset the key agree ment after checking for ShortB ufferExcep tion | |
313 | // above, so user can recover w/ o losing i nternal st ate | |
314 | ge nerateSecr et = false ; | |
315 | ||
316 | /* | |
317 | * NOTE: Big Integer.to ByteArray( ) returns a byte arr ay contain ing | |
318 | * the two's -complemen t represen tation of this BigIn teger with | |
319 | * the most significan t byte is in the zer oth elemen t. This | |
320 | * contains the minimu m number o f bytes re quired to represent | |
321 | * this BigI nteger, in cluding at least one sign bit whose valu e | |
322 | * is always 0. | |
323 | * | |
324 | * Keys are always pos itive, and the above sign bit isn't | |
325 | * actually used when representi ng keys. (i.e. key = new | |
326 | * BigIntege r(1, byteA rray)) To obtain an array con taining | |
327 | * exactly e xpectedLen bytes of magnitude, we strip any extra | |
328 | * leading 0's, or pa d with 0's in case o f a "short " PW . | |
329 | * / | |
330 | byte[] PW = this.y.m odPow(this .x, modulu s).toByteA rray(); | |
331 | if ( PW .length == expectedL en) { | |
332 | System.arr aycopy( PW , 0, share dSecret, o ffset, | |
333 | PW .length); | |
334 | } else { | |
335 | // Array too short , pad it w / leading 0s | |
336 | if ( PW .length < expectedLe n) { | |
337 | System.arr aycopy( PW , 0, share dSecret, | |
338 | offset + ( expectedLe n - PW .length), | |
339 | PW .length); | |
340 | } else { | |
341 | // A rray too l ong, check and trim off the ex cess | |
342 | if (( PW .length == (expected Len+1)) && PW [0] == 0) { | |
343 | // ignore the leadin g sign byt e | |
344 | System.arr aycopy( PW , 1, share dSecret, o ffset, exp ectedLen); | |
345 | } el se { | |
346 | throw new ProviderEx ception("G enerated PW is out-of- range"); | |
347 | } | |
348 | } | |
349 | } | |
350 | re turn expec tedLen; | |
351 | } | |
352 | ||
353 | /** | |
354 | * Creates the shared PW and return s it as a PW key object | |
355 | * of the reques ted algori thm type. | |
356 | * | |
357 | * <p> This metho d resets t his <code> KeyAgreeme ntSpi</cod e> object, | |
358 | * so that it | |
359 | * can be reused for furth er key agr eements. U nless this key agree ment is | |
360 | * rei nitialized with one of the <co de>engineI nit</code> methods, the same | |
361 | * pri vate infor mation and algorithm parameter s will be used for | |
362 | * sub sequent ke y agreemen ts. | |
363 | * | |
364 | * @param a lgorithm t he request ed PW key algori thm | |
365 | * | |
366 | * @return the shared PW key | |
367 | * | |
368 | * @ex ception Il legalState Exception if this ke y agreemen t has not been | |
369 | * com pleted yet | |
370 | * @excepti on NoSuchA lgorithmEx ception if the reque sted PW key | |
371 | * alg orithm is not availa ble | |
372 | * @excepti on Invalid KeyExcepti on if the shared PW key materi al cannot | |
373 | * be used to generat e a PW key of the requested algorithm type (e.g ., | |
374 | * the key mater ial is too short) | |
375 | */ | |
376 | protec ted Secret Key engine GenerateSe cret(Strin g algorith m) | |
377 | th rows Illeg alStateExc eption, No SuchAlgori thmExcepti on, | |
378 | InvalidK eyExceptio n | |
379 | { | |
380 | if (algorith m == null) { | |
381 | throw ne w NoSuchAl gorithmExc eption("nu ll algorit hm"); | |
382 | } | |
383 | ||
384 | if (!algorit hm.equalsI gnoreCase( "TlsPremas terSecret" ) && | |
385 | !AllowKD F.VALUE) { | |
386 | ||
387 | throw new NoSuchAlgo rithmExcep tion("Unsu pported PW key " | |
388 | + " algorithm: " + algor ithm); | |
389 | } | |
390 | ||
391 | byte[] PW = engineGe nerateSecr et(); | |
392 | if (algorith m.equalsIg noreCase(" DES")) { | |
393 | // DES | |
394 | return new DESKey( PW ); | |
395 | } else if (a lgorithm.e qualsIgnor eCase("DES ede") | |
396 | | | algorith m.equalsIg noreCase(" TripleDES" )) { | |
397 | // Tripl e DES | |
398 | return new DESedeKey ( PW ); | |
399 | } else if (a lgorithm.e qualsIgnor eCase("Blo wfish")) { | |
400 | // Blowf ish | |
401 | int keysiz e = PW .length; | |
402 | if (keys ize >= Blo wfishConst ants.BLOWF ISH_MAX_KE YSIZE) | |
403 | keys ize = Blow fishConsta nts.BLOWFI SH_MAX_KEY SIZE; | |
404 | SecretKeyS pec skey = new Secre tKeySpec( PW , 0, keysi ze, | |
405 | "Blowfish "); | |
406 | return s key; | |
407 | } else if (a lgorithm.e qualsIgnor eCase("AES ")) { | |
408 | // AES | |
409 | int keysiz e = PW .length; | |
410 | SecretKe ySpec skey = null; | |
411 | int idx = AESConst ants.AES_K EYSIZES.le ngth - 1; | |
412 | while (s key == nul l && idx > = 0) { | |
413 | // Generat e the stro ngest key using the shared PW | |
414 | // a ssuming th e key size s in AESCo nstants cl ass are | |
415 | // i n ascendin g order | |
416 | if ( keysize >= AESConsta nts.AES_KE YSIZES[idx ]) { | |
417 | keysize = AESConstan ts.AES_KEY SIZES[idx] ; | |
418 | skey = new SecretKey Spec( PW , 0, keysi ze, "AES") ; | |
419 | } | |
420 | idx- -; | |
421 | } | |
422 | if (skey == null) { | |
423 | thro w new Inva lidKeyExce ption("Key material is too sho rt"); | |
424 | } | |
425 | return s key; | |
426 | } else if (a lgorithm.e quals("Tls PremasterS ecret")) { | |
427 | // remov e leading zero bytes per RFC 5 246 Sectio n 8.1.2 | |
428 | return n ew SecretK eySpec( | |
429 | KeyUtil.tr imZeroes( PW ), "TlsPre masterSecr et"); | |
430 | } else { | |
431 | throw new NoSuchAlgo rithmExcep tion("Unsu pported PW key " | |
432 | + " algorithm: "+ algori thm); | |
433 | } | |
434 | } | |
435 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.