Produced by Araxis Merge on 9/25/2018 2:13:25 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\ssl | DHCrypt.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\ssl | DHCrypt.java | Wed Sep 12 17:54:30 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 9 | 1058 |
Changed | 8 | 18 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 199 6, 2017, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | ||
27 | package su n.security .ssl; | |
28 | ||
29 | import jav a.util.Map ; | |
30 | import jav a.util.Has hMap; | |
31 | import jav a.util.Col lections; | |
32 | import jav a.util.reg ex.Pattern ; | |
33 | import jav a.util.reg ex.Matcher ; | |
34 | import jav a.math.Big Integer; | |
35 | import jav a.security .*; | |
36 | import jav a.io.IOExc eption; | |
37 | import jav ax.net.ssl .SSLHandsh akeExcepti on; | |
38 | import jav ax.crypto. SecretKey; | |
39 | import jav ax.crypto. KeyAgreeme nt; | |
40 | import jav ax.crypto. interfaces .DHPublicK ey; | |
41 | import jav ax.crypto. spec.*; | |
42 | import jav a.util.Enu mSet; | |
43 | ||
44 | import sun .security. util.KeyUt il; | |
45 | ||
46 | /** | |
47 | * This cl ass implem ents the D iffie-Hell man key ex change alg orithm. | |
48 | * D-H mea ns combini ng your pr ivate key with your partners p ublic key to | |
49 | * generat e a number . The peer does the same with its privat e key and our | |
50 | * public key. Throu gh the mag ic of Diff ie-Hellman we both c ome up wit h the | |
51 | * same nu mber. This number is PW (discounti ng MITM at tacks) and hence | |
52 | * called the shared PW . It has t he same le ngth as th e modulus, e.g. 512 | |
53 | * or 1024 bit. Man- in-the-mid dle attack s are typi cally coun tered by a n | |
54 | * indepen dent authe ntication step using certifica tes (RSA, DSA, etc.) . | |
55 | * | |
56 | * The thi ng to note is that t he shared PW is constan t for two partners | |
57 | * with co nstant pri vate keys. This is o ften not w hat we wan t, which i s why | |
58 | * it is g enerally a good idea to create a new pri vate key f or each se ssion. | |
59 | * Generat ing a priv ate key in volves one modular e xponentiat ion assumi ng | |
60 | * suitabl e D-H para meters are available . | |
61 | * | |
62 | * General usage of this class (TLS DHE case): | |
63 | * . if w e are serv er, call D HCrypt(key Length,ran dom). This generates | |
64 | * an e phemeral k eypair of the reques t length. | |
65 | * . if w e are clie nt, call D HCrypt(mod ulus, base , random). This | |
66 | * gene rates an e phemeral k eypair usi ng the par ameters sp ecified by | |
67 | * the server. | |
68 | * . send parameter s and publ ic value t o remote p eer | |
69 | * . rece ive peers ephemeral public key | |
70 | * . call get AgreedSecr et() to ca lculate th e shared PW | |
71 | * | |
72 | * In TLS the server chooses t he paramet er values itself, th e client m ust use | |
73 | * those s ent to it by the ser ver. | |
74 | * | |
75 | * The use of epheme ral keys a s describe d above al so achieve s what is called | |
76 | * "forwar d secrecy" . This mea ns that ev en if the authentica tion keys are | |
77 | * broken at a later date, the shared PW remains se cure. The session is | |
78 | * comprom ised only if the aut henticatio n keys are already b roken at t he | |
79 | * time th e key exch ange takes place and an active MITM atta ck is used . | |
80 | * This is in contra st to stra ightforwar d encrypti ng RSA key exchanges . | |
81 | * | |
82 | * @author David Bro wnell | |
83 | */ | |
84 | final clas s DHCrypt { | |
85 | ||
86 | // gro up paramet ers (prime modulus a nd generat or) | |
87 | privat e BigInteg er modulus ; // P (aka N) | |
88 | privat e BigInteg er base; // G (aka al pha) | |
89 | ||
90 | // our private k ey (includ ing privat e componen t x) | |
91 | privat e PrivateK ey private Key; | |
92 | ||
93 | // pub lic compon ent of our key, X = (g ^ x) mo d p | |
94 | privat e BigInteg er publicV alue; // X (aka y) | |
95 | ||
96 | // the times to recove fro m failure if public key valida tion | |
97 | privat e static i nt MAX_FAI LOVER_TIME S = 2; | |
98 | ||
99 | /** | |
100 | * Gen erate a Di ffie-Hellm an keypair of the sp ecified si ze. | |
101 | */ | |
102 | DHCryp t(int keyL ength, Sec ureRandom random) { | |
103 | th is(keyLeng th, | |
104 | Para metersHold er.defined Params.get (keyLength ), random) ; | |
105 | } | |
106 | ||
107 | /** | |
108 | * Gen erate a Di ffie-Hellm an keypair using the specified parameter s. | |
109 | * | |
110 | * @pa ram modulu s the Diff ie-Hellman modulus P | |
111 | * @pa ram base t he Diffie- Hellman ba se G | |
112 | */ | |
113 | DHCryp t(BigInteg er modulus , BigInteg er base, S ecureRando m random) { | |
114 | th is(modulus .bitLength (), | |
115 | new DHParamete rSpec(modu lus, base) , random); | |
116 | } | |
117 | ||
118 | /** | |
119 | * Gen erate a Di ffie-Hellm an keypair using the specified size and | |
120 | * par ameters. | |
121 | */ | |
122 | privat e DHCrypt( int keyLen gth, | |
123 | DHParame terSpec pa rams, Secu reRandom r andom) { | |
124 | ||
125 | tr y { | |
126 | KeyPairG enerator k pg = JsseJ ce.getKeyP airGenerat or("Diffie Hellman"); | |
127 | if (para ms != null ) { | |
128 | kpg. initialize (params, r andom); | |
129 | } else { | |
130 | kpg. initialize (keyLength , random); | |
131 | } | |
132 | ||
133 | DHPublic KeySpec sp ec = gener ateDHPubli cKeySpec(k pg); | |
134 | if (spec == null) { | |
135 | thro w new Runt imeExcepti on("Could not genera te DH keyp air"); | |
136 | } | |
137 | ||
138 | publicVa lue = spec .getY(); | |
139 | modulus = spec.get P(); | |
140 | base = s pec.getG() ; | |
141 | } catch (Gen eralSecuri tyExceptio n e) { | |
142 | throw ne w RuntimeE xception(" Could not generate D H keypair" , e); | |
143 | } | |
144 | } | |
145 | ||
146 | static DHPublicK eySpec get DHPublicKe ySpec(Publ icKey key) { | |
147 | if (key inst anceof DHP ublicKey) { | |
148 | DHPublic Key dhKey = (DHPubli cKey)key; | |
149 | DHParame terSpec pa rams = dhK ey.getPara ms(); | |
150 | return n ew DHPubli cKeySpec(d hKey.getY( ), | |
151 | para ms.getP(), params.ge tG()); | |
152 | } | |
153 | tr y { | |
154 | KeyFacto ry factory = JsseJce .getKeyFac tory("Diff ieHellman" ); | |
155 | return f actory.get KeySpec(ke y, DHPubli cKeySpec.c lass); | |
156 | } catch (Exc eption e) { | |
157 | throw ne w RuntimeE xception(e ); | |
158 | } | |
159 | } | |
160 | ||
161 | ||
162 | /** Re turns the Diffie-Hel lman modul us. */ | |
163 | BigInt eger getMo dulus() { | |
164 | re turn modul us; | |
165 | } | |
166 | ||
167 | /** Re turns the Diffie-Hel lman base (generator ). */ | |
168 | BigInt eger getBa se() { | |
169 | re turn base; | |
170 | } | |
171 | ||
172 | /** | |
173 | * Get s the publ ic key of this end o f the key exchange. | |
174 | */ | |
175 | BigInt eger getPu blicKey() { | |
176 | re turn publi cValue; | |
177 | } | |
178 | ||
179 | /** | |
180 | * Get the PW data that has been a greed on t hrough Dif fie-Hellma n | |
181 | * key agreement protocol. Note tha t in the t wo party p rotocol, i f | |
182 | * the peer keys are alrea dy known, no other d ata needs to be sent in | |
183 | * order to agree on a PW . That is, a secured m essage may be | |
184 | * sen t without any mandat ory round- trip overh eads. | |
185 | * | |
186 | * <P> It is ille gal to cal l this mem ber functi on if the private ke y | |
187 | * has not been set (or ge nerated). | |
188 | * | |
189 | * @pa ram peerP ublicKey t he peer's public key . | |
190 | * @pa ram keyIs Validated whether th e {@code p eerPublicK ey} has be ed | |
191 | * valid ated | |
192 | * @return the PW , which is an unsign ed big-end ian intege r | |
193 | * the s ame size a s the Diff ie-Hellman modulus. | |
194 | */ | |
195 | Secret Key getAgr eedSecret( BigInteger peerPubli cValue, | |
196 | boolean keyIsValid ated) thro ws SSLHand shakeExcep tion { | |
197 | tr y { | |
198 | KeyFacto ry kf = Js seJce.getK eyFactory( "DiffieHel lman"); | |
199 | DHPublic KeySpec sp ec = | |
200 | new DH PublicKeyS pec(peerPu blicValue, modulus, base); | |
201 | PublicKe y publicKe y = kf.gen eratePubli c(spec); | |
202 | KeyAgree ment ka = JsseJce.ge tKeyAgreem ent("Diffi eHellman") ; | |
203 | ||
204 | // valid ate the Di ffie-Hellm an public key | |
205 | if (!key IsValidate d && | |
206 | !KeyUtil.i sOracleJCE Provider(k a.getProvi der().getN ame())) { | |
207 | try { | |
208 | KeyUtil.va lidate(spe c); | |
209 | } ca tch (Inval idKeyExcep tion ike) { | |
210 | // prefer handshake_ failure al ert to int ernal_erro r alert | |
211 | throw new SSLHandsha keExceptio n(ike.getM essage()); | |
212 | } | |
213 | } | |
214 | ||
215 | ka.init( privateKey ); | |
216 | ka.doPha se(publicK ey, true); | |
217 | return k a.generate Secret("Tl sPremaster Secret"); | |
218 | } catch (Gen eralSecuri tyExceptio n e) { | |
219 | throw (S SLHandshak eException ) new SSLH andshakeEx ception( | |
220 | "Could not generate PW ").initCau se(e); | |
221 | } | |
222 | } | |
223 | ||
224 | // Che ck constra ints of th e specifie d DH publi c key. | |
225 | void c heckConstr aints(Algo rithmConst raints con straints, | |
226 | BigInteg er peerPub licValue) throws SSL HandshakeE xception { | |
227 | ||
228 | tr y { | |
229 | KeyFacto ry kf = Js seJce.getK eyFactory( "DiffieHel lman"); | |
230 | DHPublic KeySpec sp ec = | |
231 | new DH PublicKeyS pec(peerPu blicValue, modulus, base); | |
232 | DHPublic Key public Key = (DHP ublicKey)k f.generate Public(spe c); | |
233 | ||
234 | // check constrain ts of DHPu blicKey | |
235 | if (!con straints.p ermits( | |
236 | EnumSet.of (CryptoPri mitive.KEY _AGREEMENT ), publicK ey)) { | |
237 | thro w new SSLH andshakeEx ception( | |
238 | "DHPublicK ey does no t comply t o algorith m constrai nts"); | |
239 | } | |
240 | } catch (Gen eralSecuri tyExceptio n gse) { | |
241 | throw (S SLHandshak eException ) new SSLH andshakeEx ception( | |
242 | "Could not generate DHPublicKe y").initCa use(gse); | |
243 | } | |
244 | } | |
245 | ||
246 | // Gen erate and validate D HPublicKey Spec | |
247 | privat e DHPublic KeySpec ge nerateDHPu blicKeySpe c(KeyPairG enerator k pg) | |
248 | throws G eneralSecu rityExcept ion { | |
249 | ||
250 | bo olean doEx traValiadt ion = | |
251 | (!KeyUtil. isOracleJC EProvider( kpg.getPro vider().ge tName())); | |
252 | fo r (int i = 0; i <= M AX_FAILOVE R_TIMES; i ++) { | |
253 | KeyPair kp = kpg.g enerateKey Pair(); | |
254 | privateK ey = kp.ge tPrivate() ; | |
255 | DHPublic KeySpec sp ec = getDH PublicKeyS pec(kp.get Public()); | |
256 | ||
257 | // valid ate the Di ffie-Hellm an public key | |
258 | if (doEx traValiadt ion) { | |
259 | try { | |
260 | KeyUtil.va lidate(spe c); | |
261 | } ca tch (Inval idKeyExcep tion ivke) { | |
262 | if (i == M AX_FAILOVE R_TIMES) { | |
263 | throw ivke; | |
264 | } | |
265 | // otherwi se, ignore the excep tion and t ry the nex t one | |
266 | continue; | |
267 | } | |
268 | } | |
269 | ||
270 | return s pec; | |
271 | } | |
272 | ||
273 | re turn null; | |
274 | } | |
275 | ||
276 | // laz y initiali zation hol der class idiom for static def ault param eters | |
277 | // | |
278 | // See Effective Java Seco nd Edition : Item 71. | |
279 | privat e static c lass Param etersHolde r { | |
280 | pr ivate fina l static b oolean deb ugIsOn = | |
281 | (Deb ug.getInst ance("ssl" ) != null) && Debug. isOn("sslc tx"); | |
282 | ||
283 | // | |
284 | // Default D H ephemera l paramete rs | |
285 | // | |
286 | pr ivate stat ic final B igInteger g2 = BigIn teger.valu eOf(2); | |
287 | ||
288 | pr ivate stat ic final B igInteger p512 = new BigIntege r( // ge nerated | |
289 | "D87 780E15FF50 B4ABBE8987 0188B04940 6B5BEA98AB 23A02" + | |
290 | "41D 88EA75B775 5E669C0809 3D3F0CA7FC 3A5A25CF06 7DCB9" + | |
291 | "A43 DD89D1D909 21C6328884 461E0B6D3" , 16); | |
292 | pr ivate stat ic final B igInteger p768 = new BigIntege r( // RF C 2409 | |
293 | "FFF FFFFFFFFFF FFFC90FDAA 22168C234C 4C6628B80D C1CD1" + | |
294 | "290 24E088A67C C74020BBEA 63B139B225 14A08798E3 404DD" + | |
295 | "EF9 519B3CD3A4 31B302B0A6 DF25F14374 FE1356D6D5 1C245" + | |
296 | "E48 5B576625E7 EC6F44C42E 9A63A3620F FFFFFFFFFF FFFFF", 16 ); | |
297 | ||
298 | pr ivate stat ic final B igInteger p1024 = ne w BigInteg er( // RF C 2409 | |
299 | "FFF FFFFFFFFFF FFFC90FDAA 22168C234C 4C6628B80D C1CD1" + | |
300 | "290 24E088A67C C74020BBEA 63B139B225 14A08798E3 404DD" + | |
301 | "EF9 519B3CD3A4 31B302B0A6 DF25F14374 FE1356D6D5 1C245" + | |
302 | "E48 5B576625E7 EC6F44C42E 9A637ED6B0 BFF5CB6F40 6B7ED" + | |
303 | "EE3 86BFB5A899 FA5AE9F241 17C4B1FE64 9286651ECE 65381" + | |
304 | "FFF FFFFFFFFFF FFF", 16); | |
305 | pr ivate stat ic final B igInteger p1536 = ne w BigInteg er( // RF C 3526 | |
306 | "FFF FFFFFFFFFF FFFC90FDAA 22168C234C 4C6628B80D C1CD1" + | |
307 | "290 24E088A67C C74020BBEA 63B139B225 14A08798E3 404DD" + | |
308 | "EF9 519B3CD3A4 31B302B0A6 DF25F14374 FE1356D6D5 1C245" + | |
309 | "E48 5B576625E7 EC6F44C42E 9A637ED6B0 BFF5CB6F40 6B7ED" + | |
310 | "EE3 86BFB5A899 FA5AE9F241 17C4B1FE64 9286651ECE 45B3D" + | |
311 | "C20 07CB8A163B F0598DA483 61C55D39A6 9163FA8FD2 4CF5F" + | |
312 | "836 55D23DCA3A D961C62F35 6208552BB9 ED52907709 6966D" + | |
313 | "670 C354E4ABC9 804F1746C0 8CA237327F FFFFFFFFFF FFFFF", 16 ); | |
314 | pr ivate stat ic final B igInteger p2048 = ne w BigInteg er( // TL S FFDHE | |
315 | "FFF FFFFFFFFFF FFFADF8545 8A2BB4A9AA FDC5620273 D3CF1" + | |
316 | "D8B 9C583CE2D3 695A9E1364 1146433FBC C939DCE249 B3EF9" + | |
317 | "7D2 FE363630C7 5D8F681B20 2AEC4617AD 3DF1ED5D5F D6561" + | |
318 | "243 3F51F5F066 ED08563655 53DED1AF3B 557135E7F5 7C935" + | |
319 | "984 F0C70E0E68 B77E2A689D AF3EFE8721 DF158A136A DE735" + | |
320 | "30A CCA4F483A7 97ABC0AB18 2B324FB61D 108A94BB2C 8E3FB" + | |
321 | "B96 ADAB760D7F 4681D4F42A 3DE394DF4A E56EDE7637 2BB19" + | |
322 | "0B0 7A7C8EE0A6 D709E02FCE 1CDF7E2ECC 03404CD283 42F61" + | |
323 | "917 2FE9CE9858 3FF8E4F123 2EEF28183C 3FE3B1B4C6 FAD73" + | |
324 | "3BB 5FCBC2EC22 005C58EF18 37D1683B2C 6F34A26C1B 2EFFA" + | |
325 | "886 B423861285 C97FFFFFFF FFFFFFFFF" , 16); | |
326 | pr ivate stat ic final B igInteger p3072 = ne w BigInteg er( // TL S FFDHE | |
327 | "FFF FFFFFFFFFF FFFADF8545 8A2BB4A9AA FDC5620273 D3CF1" + | |
328 | "D8B 9C583CE2D3 695A9E1364 1146433FBC C939DCE249 B3EF9" + | |
329 | "7D2 FE363630C7 5D8F681B20 2AEC4617AD 3DF1ED5D5F D6561" + | |
330 | "243 3F51F5F066 ED08563655 53DED1AF3B 557135E7F5 7C935" + | |
331 | "984 F0C70E0E68 B77E2A689D AF3EFE8721 DF158A136A DE735" + | |
332 | "30A CCA4F483A7 97ABC0AB18 2B324FB61D 108A94BB2C 8E3FB" + | |
333 | "B96 ADAB760D7F 4681D4F42A 3DE394DF4A E56EDE7637 2BB19" + | |
334 | "0B0 7A7C8EE0A6 D709E02FCE 1CDF7E2ECC 03404CD283 42F61" + | |
335 | "917 2FE9CE9858 3FF8E4F123 2EEF28183C 3FE3B1B4C6 FAD73" + | |
336 | "3BB 5FCBC2EC22 005C58EF18 37D1683B2C 6F34A26C1B 2EFFA" + | |
337 | "886 B4238611FC FDCDE355B3 B6519035BB C34F4DEF99 C0238" + | |
338 | "61B 46FC9D6E6C 9077AD91D2 691F7F7EE5 98CB0FAC18 6D91C" + | |
339 | "AEF E130985139 270B4130C9 3BC437944F 4FD4452E2D 74DD3" + | |
340 | "64F 2E21E71F54 BFF5CAE82A B9C9DF69EE 86D2BC5223 63A0D" + | |
341 | "ABC 521979B0DE ADA1DBF9A4 2D5C4484E0 ABCD06BFA5 3DDEF" + | |
342 | "3C1 B20EE3FD59 D7C25E41D2 B66C62E37F FFFFFFFFFF FFFFF", 16 ); | |
343 | pr ivate stat ic final B igInteger p4096 = ne w BigInteg er( // TL S FFDHE | |
344 | "FFF FFFFFFFFFF FFFADF8545 8A2BB4A9AA FDC5620273 D3CF1" + | |
345 | "D8B 9C583CE2D3 695A9E1364 1146433FBC C939DCE249 B3EF9" + | |
346 | "7D2 FE363630C7 5D8F681B20 2AEC4617AD 3DF1ED5D5F D6561" + | |
347 | "243 3F51F5F066 ED08563655 53DED1AF3B 557135E7F5 7C935" + | |
348 | "984 F0C70E0E68 B77E2A689D AF3EFE8721 DF158A136A DE735" + | |
349 | "30A CCA4F483A7 97ABC0AB18 2B324FB61D 108A94BB2C 8E3FB" + | |
350 | "B96 ADAB760D7F 4681D4F42A 3DE394DF4A E56EDE7637 2BB19" + | |
351 | "0B0 7A7C8EE0A6 D709E02FCE 1CDF7E2ECC 03404CD283 42F61" + | |
352 | "917 2FE9CE9858 3FF8E4F123 2EEF28183C 3FE3B1B4C6 FAD73" + | |
353 | "3BB 5FCBC2EC22 005C58EF18 37D1683B2C 6F34A26C1B 2EFFA" + | |
354 | "886 B4238611FC FDCDE355B3 B6519035BB C34F4DEF99 C0238" + | |
355 | "61B 46FC9D6E6C 9077AD91D2 691F7F7EE5 98CB0FAC18 6D91C" + | |
356 | "AEF E130985139 270B4130C9 3BC437944F 4FD4452E2D 74DD3" + | |
357 | "64F 2E21E71F54 BFF5CAE82A B9C9DF69EE 86D2BC5223 63A0D" + | |
358 | "ABC 521979B0DE ADA1DBF9A4 2D5C4484E0 ABCD06BFA5 3DDEF" + | |
359 | "3C1 B20EE3FD59 D7C25E41D2 B669E1EF16 E6F52C3164 DF4FB" + | |
360 | "793 0E9E4E5885 7B6AC7D5F4 2D69F6D187 763CF1D550 34004" + | |
361 | "87F 55BA57E31C C7A7135C88 6EFB4318AE D6A1E012D9 E6832" + | |
362 | "A90 7600A91813 0C46DC778F 971AD00380 92999A333C B8B7A" + | |
363 | "1A1 DB93D71400 03C2A4ECEA 9F98D0ACC0 A8291CDCEC 97DCF" + | |
364 | "8EC 9B55A7F88A 46B4DB5A85 1F44182E1C 68A007E5E6 55F6A" + | |
365 | "FFF FFFFFFFFFF FFF", 16); | |
366 | pr ivate stat ic final B igInteger p6144 = ne w BigInteg er( // TL S FFDHE | |
367 | "FFF FFFFFFFFFF FFFADF8545 8A2BB4A9AA FDC5620273 D3CF1" + | |
368 | "D8B 9C583CE2D3 695A9E1364 1146433FBC C939DCE249 B3EF9" + | |
369 | "7D2 FE363630C7 5D8F681B20 2AEC4617AD 3DF1ED5D5F D6561" + | |
370 | "243 3F51F5F066 ED08563655 53DED1AF3B 557135E7F5 7C935" + | |
371 | "984 F0C70E0E68 B77E2A689D AF3EFE8721 DF158A136A DE735" + | |
372 | "30A CCA4F483A7 97ABC0AB18 2B324FB61D 108A94BB2C 8E3FB" + | |
373 | "B96 ADAB760D7F 4681D4F42A 3DE394DF4A E56EDE7637 2BB19" + | |
374 | "0B0 7A7C8EE0A6 D709E02FCE 1CDF7E2ECC 03404CD283 42F61" + | |
375 | "917 2FE9CE9858 3FF8E4F123 2EEF28183C 3FE3B1B4C6 FAD73" + | |
376 | "3BB 5FCBC2EC22 005C58EF18 37D1683B2C 6F34A26C1B 2EFFA" + | |
377 | "886 B4238611FC FDCDE355B3 B6519035BB C34F4DEF99 C0238" + | |
378 | "61B 46FC9D6E6C 9077AD91D2 691F7F7EE5 98CB0FAC18 6D91C" + | |
379 | "AEF E130985139 270B4130C9 3BC437944F 4FD4452E2D 74DD3" + | |
380 | "64F 2E21E71F54 BFF5CAE82A B9C9DF69EE 86D2BC5223 63A0D" + | |
381 | "ABC 521979B0DE ADA1DBF9A4 2D5C4484E0 ABCD06BFA5 3DDEF" + | |
382 | "3C1 B20EE3FD59 D7C25E41D2 B669E1EF16 E6F52C3164 DF4FB" + | |
383 | "793 0E9E4E5885 7B6AC7D5F4 2D69F6D187 763CF1D550 34004" + | |
384 | "87F 55BA57E31C C7A7135C88 6EFB4318AE D6A1E012D9 E6832" + | |
385 | "A90 7600A91813 0C46DC778F 971AD00380 92999A333C B8B7A" + | |
386 | "1A1 DB93D71400 03C2A4ECEA 9F98D0ACC0 A8291CDCEC 97DCF" + | |
387 | "8EC 9B55A7F88A 46B4DB5A85 1F44182E1C 68A007E5E0 DD902" + | |
388 | "0BF D64B645036 C7A4E677D2 C38532A3A2 3BA4442CAF 53EA6" + | |
389 | "3BB 454329B762 4C8917BDD6 4B1C0FD4CB 38E8C334C7 01C3A" + | |
390 | "CDA D0657FCCFE C719B1F5C3 E4E46041F3 88147FB4CF DB477" + | |
391 | "A52 471F7A9A96 910B855322 EDB6340D8A 00EF092350 511E3" + | |
392 | "0AB EC1FFF9E3A 26E7FB29F8 C183023C35 87E38DA007 7D9B4" + | |
393 | "763 E4E4B94B2B BC194C6651 E77CAF992E EAAC0232A2 81BF6" + | |
394 | "B3A 739C122611 6820AE8DB5 847A67CBEF 9C9091B462 D538C" + | |
395 | "D72 B03746AE77 F5E62292C3 11562A8465 05DC82DB85 4338A" + | |
396 | "E49 F5235C95B9 1178CCF2DD 5CACEF403E C9D1810C62 72B04" + | |
397 | "5B3 B71F9DC6B8 0D63FDD4A8 E9ADB1E696 2A69526D43 161C1" + | |
398 | "A41 D570D7938D AD4A40E329 CD0E40E65F FFFFFFFFFF FFFFF", 16 ); | |
399 | pr ivate stat ic final B igInteger p8192 = ne w BigInteg er( // TL S FFDHE | |
400 | "FFF FFFFFFFFFF FFFADF8545 8A2BB4A9AA FDC5620273 D3CF1" + | |
401 | "D8B 9C583CE2D3 695A9E1364 1146433FBC C939DCE249 B3EF9" + | |
402 | "7D2 FE363630C7 5D8F681B20 2AEC4617AD 3DF1ED5D5F D6561" + | |
403 | "243 3F51F5F066 ED08563655 53DED1AF3B 557135E7F5 7C935" + | |
404 | "984 F0C70E0E68 B77E2A689D AF3EFE8721 DF158A136A DE735" + | |
405 | "30A CCA4F483A7 97ABC0AB18 2B324FB61D 108A94BB2C 8E3FB" + | |
406 | "B96 ADAB760D7F 4681D4F42A 3DE394DF4A E56EDE7637 2BB19" + | |
407 | "0B0 7A7C8EE0A6 D709E02FCE 1CDF7E2ECC 03404CD283 42F61" + | |
408 | "917 2FE9CE9858 3FF8E4F123 2EEF28183C 3FE3B1B4C6 FAD73" + | |
409 | "3BB 5FCBC2EC22 005C58EF18 37D1683B2C 6F34A26C1B 2EFFA" + | |
410 | "886 B4238611FC FDCDE355B3 B6519035BB C34F4DEF99 C0238" + | |
411 | "61B 46FC9D6E6C 9077AD91D2 691F7F7EE5 98CB0FAC18 6D91C" + | |
412 | "AEF E130985139 270B4130C9 3BC437944F 4FD4452E2D 74DD3" + | |
413 | "64F 2E21E71F54 BFF5CAE82A B9C9DF69EE 86D2BC5223 63A0D" + | |
414 | "ABC 521979B0DE ADA1DBF9A4 2D5C4484E0 ABCD06BFA5 3DDEF" + | |
415 | "3C1 B20EE3FD59 D7C25E41D2 B669E1EF16 E6F52C3164 DF4FB" + | |
416 | "793 0E9E4E5885 7B6AC7D5F4 2D69F6D187 763CF1D550 34004" + | |
417 | "87F 55BA57E31C C7A7135C88 6EFB4318AE D6A1E012D9 E6832" + | |
418 | "A90 7600A91813 0C46DC778F 971AD00380 92999A333C B8B7A" + | |
419 | "1A1 DB93D71400 03C2A4ECEA 9F98D0ACC0 A8291CDCEC 97DCF" + | |
420 | "8EC 9B55A7F88A 46B4DB5A85 1F44182E1C 68A007E5E0 DD902" + | |
421 | "0BF D64B645036 C7A4E677D2 C38532A3A2 3BA4442CAF 53EA6" + | |
422 | "3BB 454329B762 4C8917BDD6 4B1C0FD4CB 38E8C334C7 01C3A" + | |
423 | "CDA D0657FCCFE C719B1F5C3 E4E46041F3 88147FB4CF DB477" + | |
424 | "A52 471F7A9A96 910B855322 EDB6340D8A 00EF092350 511E3" + | |
425 | "0AB EC1FFF9E3A 26E7FB29F8 C183023C35 87E38DA007 7D9B4" + | |
426 | "763 E4E4B94B2B BC194C6651 E77CAF992E EAAC0232A2 81BF6" + | |
427 | "B3A 739C122611 6820AE8DB5 847A67CBEF 9C9091B462 D538C" + | |
428 | "D72 B03746AE77 F5E62292C3 11562A8465 05DC82DB85 4338A" + | |
429 | "E49 F5235C95B9 1178CCF2DD 5CACEF403E C9D1810C62 72B04" + | |
430 | "5B3 B71F9DC6B8 0D63FDD4A8 E9ADB1E696 2A69526D43 161C1" + | |
431 | "A41 D570D7938D AD4A40E329 CCFF46AAA3 6AD004CF60 0C838" + | |
432 | "1E4 25A31D951A E64FDB23FC EC9509D436 87FEB69EDD 1CC5E" + | |
433 | "0B8 CC3BDF64B1 0EF86B6314 2A3AB88295 55B2F747C9 32665" + | |
434 | "CB2 C0F1CC01BD 7022938883 9D2AF05E45 4504AC78B7 58282" + | |
435 | "284 6C0BA35C35 F5C59160CC 046FD82515 41FC68C9C8 6B022" + | |
436 | "BB7 099876A460 E7451A8A93 109703FEE1 C217E6C382 6E52C" + | |
437 | "51A A691E0E423 CFC99E9E31 650C1217B6 24816CDAD9 A95F9" + | |
438 | "D5B 8019488D9C 0A0A1FE307 5A577E2318 3F81D4A3F2 FA457" + | |
439 | "1EF C8CE0BA8A4 FE8B6855DF E72B0A66ED ED2FBABFBE 58A30" + | |
440 | "FAF ABE1C5D71A 87E2F741EF 8C1FE86FEA 6BBFDE5306 77F0D" + | |
441 | "97D 11D49F7A84 43D0822E50 6A9F4614E0 11E2A94838 FF88C" + | |
442 | "D68 C8BB7C5C64 24CFFFFFFF FFFFFFFFF" , 16); | |
443 | ||
444 | pr ivate stat ic final B igInteger[ ] supporte dPrimes = { | |
445 | p512 , p768, p1 024, p1536 , p2048, p 3072, p409 6, p6144, p8192}; | |
446 | ||
447 | // a measure of the un certainty that prime modulus p is not a prime | |
448 | // | |
449 | // see BigIn teger.isPr obablePrim e(int cert ainty) | |
450 | pr ivate fina l static i nt PRIME_C ERTAINTY = 120; | |
451 | ||
452 | // the known security property, jdk.tls.se rver.defau ltDHEParam eters | |
453 | pr ivate fina l static S tring PROP ERTY_NAME = | |
454 | "jdk .tls.serve r.defaultD HEParamete rs"; | |
455 | ||
456 | pr ivate stat ic final P attern spa cesPattern = Pattern .compile(" \\s+"); | |
457 | ||
458 | pr ivate fina l static P attern syn taxPattern = Pattern .compile( | |
459 | "(\\ {[0-9A-Fa- f]+,[0-9A- Fa-f]+\\}) " + | |
460 | "(,\ \{[0-9A-Fa -f]+,[0-9A -Fa-f]+\\} )*"); | |
461 | ||
462 | pr ivate stat ic final P attern par amsPattern = Pattern .compile( | |
463 | "\\{ ([0-9A-Fa- f]+),([0-9 A-Fa-f]+)\ \}"); | |
464 | ||
465 | // cache of predefined default D H ephemera l paramete rs | |
466 | pr ivate fina l static M ap<Integer ,DHParamet erSpec> de finedParam s; | |
467 | ||
468 | st atic { | |
469 | String p roperty = AccessCont roller.doP rivileged( | |
470 | new Privileged Action<Str ing>() { | |
471 | public Str ing run() { | |
472 | return Security. getPropert y(PROPERTY _NAME); | |
473 | } | |
474 | }); | |
475 | ||
476 | if (prop erty != nu ll && !pro perty.isEm pty()) { | |
477 | // r emove doub le quote m arks from beginning/ end of the property | |
478 | if ( property.l ength() >= 2 && prop erty.charA t(0) == '" ' && | |
479 | proper ty.charAt( property.l ength() - 1) == '"') { | |
480 | property = property. substring( 1, propert y.length() - 1); | |
481 | } | |
482 | ||
483 | prop erty = pro perty.trim (); | |
484 | } | |
485 | ||
486 | if (prop erty != nu ll && !pro perty.isEm pty()) { | |
487 | Matc her spaces Matcher = spacesPatt ern.matche r(property ); | |
488 | prop erty = spa cesMatcher .replaceAl l(""); | |
489 | ||
490 | if ( debugIsOn) { | |
491 | System.out .println(" The Securi ty Propert y " + | |
492 | PR OPERTY_NAM E + ": " + property) ; | |
493 | } | |
494 | } | |
495 | ||
496 | Map<Inte ger,DHPara meterSpec> defaultPa rams = new HashMap<> (); | |
497 | if (prop erty != nu ll && !pro perty.isEm pty()) { | |
498 | Matc her syntax Matcher = syntaxPatt ern.matche r(property ); | |
499 | if ( syntaxMatc her.matche s()) { | |
500 | Matcher pa ramsFinder = paramsP attern.mat cher(prope rty); | |
501 | while(para msFinder.f ind()) { | |
502 | String primeModu lus = para msFinder.g roup(1); | |
503 | BigInt eger p = n ew BigInte ger(primeM odulus, 16 ); | |
504 | if (!p .isProbabl ePrime(PRI ME_CERTAIN TY)) { | |
505 | if (debugIsO n) { | |
506 | System.o ut.println ( | |
507 | "Pri me modulus p in Secu rity Prope rty, " + | |
508 | PROP ERTY_NAME + ", is no t a prime: " + | |
509 | prim eModulus); | |
510 | } | |
511 | ||
512 | co ntinue; | |
513 | } | |
514 | ||
515 | String baseGener ator = par amsFinder. group(2); | |
516 | BigInt eger g = n ew BigInte ger(baseGe nerator, 1 6); | |
517 | ||
518 | DHPara meterSpec spec = new DHParamet erSpec(p, g); | |
519 | int pr imeLen = p .bitLength (); | |
520 | defaul tParams.pu t(primeLen , spec); | |
521 | } | |
522 | } el se if (deb ugIsOn) { | |
523 | System.out .println(" Invalid Se curity Pro perty, " + | |
524 | PR OPERTY_NAM E + ", def inition"); | |
525 | } | |
526 | } | |
527 | ||
528 | for (Big Integer p : supporte dPrimes) { | |
529 | int primeLen = p.bitLeng th(); | |
530 | defa ultParams. putIfAbsen t(primeLen , new DHPa rameterSpe c(p, g2)); | |
531 | } | |
532 | ||
533 | definedP arams = | |
534 | Collection s.<Integer ,DHParamet erSpec>unm odifiableM ap( | |
535 | defaul tParams); | |
536 | } | |
537 | } | |
538 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.