Skip to content

Commit

Permalink
8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and…
Browse files Browse the repository at this point in the history 
… PBES2 impls in SunJCE provider

Reviewed-by: weijun
  • Loading branch information
Valerie Peng committed Jan 26, 2023
1 parent d6007a3 commit 7eff578
Show file tree
Hide file tree
Showing 26 changed files with 390 additions and 159 deletions.
93 changes: 58 additions & 35 deletions src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -70,135 +70,158 @@ private PBEKeyFactory(String keytype) {
validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512/224AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512/256AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512/224AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512/256AndAES_256".toUpperCase(Locale.ENGLISH));
}

public static final class PBEWithMD5AndDES
extends PBEKeyFactory {
public PBEWithMD5AndDES() {
public static final class PBEWithMD5AndDES extends PBEKeyFactory {
public PBEWithMD5AndDES() {
super("PBEWithMD5AndDES");
}
}

public static final class PBEWithSHA1AndDESede
extends PBEKeyFactory {
public PBEWithSHA1AndDESede() {
public static final class PBEWithSHA1AndDESede extends PBEKeyFactory {
public PBEWithSHA1AndDESede() {
super("PBEWithSHA1AndDESede");
}
}

public static final class PBEWithSHA1AndRC2_40
extends PBEKeyFactory {
public PBEWithSHA1AndRC2_40() {
public static final class PBEWithSHA1AndRC2_40 extends PBEKeyFactory {
public PBEWithSHA1AndRC2_40() {
super("PBEWithSHA1AndRC2_40");
}
}

public static final class PBEWithSHA1AndRC2_128
extends PBEKeyFactory {
public PBEWithSHA1AndRC2_128() {
public static final class PBEWithSHA1AndRC2_128 extends PBEKeyFactory {
public PBEWithSHA1AndRC2_128() {
super("PBEWithSHA1AndRC2_128");
}
}

public static final class PBEWithSHA1AndRC4_40
extends PBEKeyFactory {
public PBEWithSHA1AndRC4_40() {
public static final class PBEWithSHA1AndRC4_40 extends PBEKeyFactory {
public PBEWithSHA1AndRC4_40() {
super("PBEWithSHA1AndRC4_40");
}
}

public static final class PBEWithSHA1AndRC4_128
extends PBEKeyFactory {
public PBEWithSHA1AndRC4_128() {
public static final class PBEWithSHA1AndRC4_128 extends PBEKeyFactory {
public PBEWithSHA1AndRC4_128() {
super("PBEWithSHA1AndRC4_128");
}
}

/*
* Private proprietary algorithm for supporting JCEKS.
*/
public static final class PBEWithMD5AndTripleDES
extends PBEKeyFactory {
public PBEWithMD5AndTripleDES() {
public static final class PBEWithMD5AndTripleDES extends PBEKeyFactory {
public PBEWithMD5AndTripleDES() {
super("PBEWithMD5AndTripleDES");
}
}

public static final class PBEWithHmacSHA1AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_128() {
public static final class PBEWithHmacSHA1AndAES_128 extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_128() {
super("PBEWithHmacSHA1AndAES_128");
}
}

public static final class PBEWithHmacSHA224AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA224AndAES_128() {
public PBEWithHmacSHA224AndAES_128() {
super("PBEWithHmacSHA224AndAES_128");
}
}

public static final class PBEWithHmacSHA256AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA256AndAES_128() {
public PBEWithHmacSHA256AndAES_128() {
super("PBEWithHmacSHA256AndAES_128");
}
}

public static final class PBEWithHmacSHA384AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA384AndAES_128() {
public PBEWithHmacSHA384AndAES_128() {
super("PBEWithHmacSHA384AndAES_128");
}
}

public static final class PBEWithHmacSHA512AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA512AndAES_128() {
public PBEWithHmacSHA512AndAES_128() {
super("PBEWithHmacSHA512AndAES_128");
}
}

public static final class PBEWithHmacSHA1AndAES_256
public static final class PBEWithHmacSHA512_224AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA512_224AndAES_128() {
super("PBEWithHmacSHA512/224AndAES_128");
}
}

public static final class PBEWithHmacSHA512_256AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_256() {
public PBEWithHmacSHA512_256AndAES_128() {
super("PBEWithHmacSHA512/256AndAES_128");
}
}

public static final class PBEWithHmacSHA1AndAES_256 extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_256() {
super("PBEWithHmacSHA1AndAES_256");
}
}

public static final class PBEWithHmacSHA224AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA224AndAES_256() {
public PBEWithHmacSHA224AndAES_256() {
super("PBEWithHmacSHA224AndAES_256");
}
}

public static final class PBEWithHmacSHA256AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA256AndAES_256() {
public PBEWithHmacSHA256AndAES_256() {
super("PBEWithHmacSHA256AndAES_256");
}
}

public static final class PBEWithHmacSHA384AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA384AndAES_256() {
public PBEWithHmacSHA384AndAES_256() {
super("PBEWithHmacSHA384AndAES_256");
}
}

public static final class PBEWithHmacSHA512AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA512AndAES_256() {
public PBEWithHmacSHA512AndAES_256() {
super("PBEWithHmacSHA512AndAES_256");
}
}

public static final class PBEWithHmacSHA512_224AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA512_224AndAES_256() {
super("PBEWithHmacSHA512/224AndAES_256");
}
}

public static final class PBEWithHmacSHA512_256AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA512_256AndAES_256() {
super("PBEWithHmacSHA512/256AndAES_256");
}
}

/**
* Generates a <code>SecretKey</code> object from the provided key
* specification (key material).
Expand Down
33 changes: 33 additions & 0 deletions src/java.base/share/classes/com/sun/crypto/provider/PBES2Core.java
View file
Expand Up @@ -89,6 +89,12 @@ abstract class PBES2Core extends CipherSpi {
case "HmacSHA512":
kdf = new PBKDF2Core.HmacSHA512();
break;
case "HmacSHA512/224":
kdf = new PBKDF2Core.HmacSHA512_224();
break;
case "HmacSHA512/256":
kdf = new PBKDF2Core.HmacSHA512_256();
break;
default:
throw new NoSuchAlgorithmException(
"No Cipher implementation for " + kdfAlgo);
Expand Down Expand Up @@ -370,6 +376,20 @@ public HmacSHA512AndAES_128()
}
}

public static final class HmacSHA512_224AndAES_128 extends PBES2Core {
public HmacSHA512_224AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512/224", "AES", 16);
}
}

public static final class HmacSHA512_256AndAES_128 extends PBES2Core {
public HmacSHA512_256AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512/256", "AES", 16);
}
}

public static final class HmacSHA1AndAES_256 extends PBES2Core {
public HmacSHA1AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
Expand Down Expand Up @@ -404,4 +424,17 @@ public HmacSHA512AndAES_256()
super("HmacSHA512", "AES", 32);
}
}

public static final class HmacSHA512_224AndAES_256 extends PBES2Core {
public HmacSHA512_224AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512/224", "AES", 32);
}
}
public static final class HmacSHA512_256AndAES_256 extends PBES2Core {
public HmacSHA512_256AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512/256", "AES", 32);
}
}
}
35 changes: 32 additions & 3 deletions src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
View file
Expand Up @@ -166,6 +166,8 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
case "HmacSHA256":
case "HmacSHA384":
case "HmacSHA512":
case "HmacSHA512/224":
case "HmacSHA512/256":
kdfAlgo_OID = ObjectIdentifier.of(KnownOIDs.findMatch(kdfAlgo));
break;
default:
Expand Down Expand Up @@ -285,7 +287,9 @@ private String parseKDF(DerValue keyDerivationFunc) throws IOException {
!o.stdName().equals("HmacSHA224") &&
!o.stdName().equals("HmacSHA256") &&
!o.stdName().equals("HmacSHA384") &&
!o.stdName().equals("HmacSHA512"))) {
!o.stdName().equals("HmacSHA512") &&
!o.stdName().equals("HmacSHA512/224") &&
!o.stdName().equals("HmacSHA512/256"))) {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key "
+ "derivation function");
Expand Down Expand Up @@ -360,7 +364,7 @@ protected byte[] engineGetEncoded() throws IOException {
}

DerOutputStream prf = new DerOutputStream();
// algorithm is id-hmacWithSHA1/SHA224/SHA256/SHA384/SHA512
// algorithm is id-hmacWith<MD>
prf.putOID(kdfAlgo_OID);
// parameters is 'NULL'
prf.putNull();
Expand Down Expand Up @@ -397,7 +401,8 @@ protected byte[] engineGetEncoded(String encodingMethod)
*
* The algorithn name pattern is: "PBEWith<prf>And<encryption>"
* where <prf> is one of: HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384,
* or HmacSHA512, and <encryption> is AES with a keysize suffix.
* HmacSHA512, HmacSHA512/224, or HmacSHA512/256 and <encryption> is
* AES with a keysize suffix.
*/
protected String engineToString() {
return pbes2AlgorithmName;
Expand Down Expand Up @@ -439,6 +444,18 @@ public HmacSHA512AndAES_128() throws NoSuchAlgorithmException {
}
}

public static final class HmacSHA512_224AndAES_128 extends PBES2Parameters {
public HmacSHA512_224AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512/224AndAES_128");
}
}

public static final class HmacSHA512_256AndAES_128 extends PBES2Parameters {
public HmacSHA512_256AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512/256AndAES_128");
}
}

public static final class HmacSHA1AndAES_256 extends PBES2Parameters {
public HmacSHA1AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA1AndAES_256");
Expand Down Expand Up @@ -468,4 +485,16 @@ public HmacSHA512AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512AndAES_256");
}
}

public static final class HmacSHA512_224AndAES_256 extends PBES2Parameters {
public HmacSHA512_224AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512/224AndAES_256");
}
}

public static final class HmacSHA512_256AndAES_256 extends PBES2Parameters {
public HmacSHA512_256AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512/256AndAES_256");
}
}
}
17 changes: 15 additions & 2 deletions src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java
View file
Expand Up @@ -35,8 +35,9 @@

/**
* This class implements a key factory for PBE keys derived using
* PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
* pseudo random function (PRF) as defined in PKCS#5 v2.1.
* PBKDF2 with HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512,
* HmacSHA512/224, and HmacSHA512/256 pseudo random function (PRF) as
* defined in PKCS#5 v2.1.
*
* @author Valerie Peng
*
Expand Down Expand Up @@ -193,4 +194,16 @@ public HmacSHA512() {
super("HmacSHA512");
}
}

public static final class HmacSHA512_224 extends PBKDF2Core {
public HmacSHA512_224() {
super("HmacSHA512/224");
}
}

public static final class HmacSHA512_256 extends PBKDF2Core {
public HmacSHA512_256() {
super("HmacSHA512/256");
}
}
}
20 changes: 19 additions & 1 deletion src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Core.java
View file
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -76,6 +76,12 @@ private static PBKDF2Core getKDFImpl(String algo) {
case "HmacSHA512":
kdf = new PBKDF2Core.HmacSHA512();
break;
case "HmacSHA512/224":
kdf = new PBKDF2Core.HmacSHA512_224();
break;
case "HmacSHA512/256":
kdf = new PBKDF2Core.HmacSHA512_256();
break;
default:
throw new ProviderException(
"No MAC implementation for " + algo);
Expand Down Expand Up @@ -221,4 +227,16 @@ public HmacSHA512() throws NoSuchAlgorithmException {
super("HmacSHA512", "SHA-512", 128);
}
}

public static final class HmacSHA512_224 extends PBMAC1Core {
public HmacSHA512_224() throws NoSuchAlgorithmException {
super("HmacSHA512/224", "SHA-512/224", 128);
}
}

public static final class HmacSHA512_256 extends PBMAC1Core {
public HmacSHA512_256() throws NoSuchAlgorithmException {
super("HmacSHA512/256", "SHA-512/256", 128);
}
}
}

1 comment on commit 7eff578

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Issues

Please sign in to comment.