Skip to content

Commit

Permalink
Use OpenSSL for the ECDH key agreement
Browse files Browse the repository at this point in the history 
Signed-off-by: Zainab Fatmi <zainab@ibm.com>
  • Loading branch information
Zainab Fatmi committed Jun 7, 2022
1 parent 001be57 commit d24df55
Show file tree
Hide file tree
Showing 10 changed files with 1,194 additions and 29 deletions.
62 changes: 62 additions & 0 deletions closed/adds/jdk/src/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@

import com.ibm.oti.vm.VM;

import sun.misc.Cleaner;
import sun.misc.Unsafe;
import sun.reflect.Reflection;
import sun.reflect.CallerSensitive;
Expand Down Expand Up @@ -79,6 +80,15 @@ public static NativeCrypto getNativeCrypto() {
return new NativeCrypto();
}

public void createECKeyCleaner(Object owner, long key) {
Cleaner.create(owner, new Runnable() {
@Override
public void run() {
NativeCrypto.this.ECDestroyKey(key);
}
});
}

/* Native digest interfaces */
private static final native int loadCrypto(boolean traceEnabled);

Expand Down Expand Up @@ -191,4 +201,56 @@ public final native int RSAEP(byte[] k,
byte[] m,
long RSAPublicKey);

/* Native EC interfaces */
public final native int ECCreatePublicKey(long key,
byte[] x,
int xLen,
byte[] y,
int yLen,
int field);

public final native int ECCreatePrivateKey(long key,
byte[] s,
int sLen);

public final native long ECEncodeGFp(byte[] a,
int aLen,
byte[] b,
int bLen,
byte[] p,
int pLen,
byte[] x,
int xLen,
byte[] y,
int yLen,
byte[] n,
int nLen,
byte[] h,
int hLen);

public final native long ECEncodeGF2m(byte[] a,
int aLen,
byte[] b,
int bLen,
byte[] p,
int pLen,
byte[] x,
int xLen,
byte[] y,
int yLen,
byte[] n,
int nLen,
byte[] h,
int hLen);

public final native int ECDestroyKey(long key);

public final native int ECDeriveKey(long publicKey,
long privateKey,
byte[] secret,
int secretOffset,
int secretLen);

public final native boolean ECNoGF2m();

}
268 changes: 268 additions & 0 deletions closed/adds/jdk/src/share/classes/sun/security/ec/NativeECDHKeyAgreement.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,268 @@
/*
* Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* ===========================================================================
* (c) Copyright IBM Corp. 2022, 2022 All Rights Reserved
* ===========================================================================
*/

package sun.security.ec;

import java.lang.reflect.Method;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.ECKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.HashMap;

import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;

import jdk.crypto.jniprovider.NativeCrypto;

import sun.security.action.GetPropertyAction;
import sun.security.util.NamedCurve;

/**
* Native KeyAgreement implementation for ECDH.
*/
public final class NativeECDHKeyAgreement extends KeyAgreementSpi {

private static final NativeCrypto nativeCrypto = NativeCrypto.getNativeCrypto();
private static final String nativeCryptTrace = GetPropertyAction.privilegedGetProperty("jdk.nativeCryptoTrace");

/* true if OPENSSL_NO_EC2M is defined */
private static final boolean noGF2m = nativeCrypto.ECNoGF2m();

/* stores whether a curve is supported by OpenSSL (true) or not (false) */
private static final HashMap<String, Boolean> curveSupported = new HashMap<>();

/* private key, if initialized */
private ECPrivateKeyImpl privateKey;

/* public key, non-null between doPhase() & generateSecret() only */
private ECPublicKeyImpl publicKey;

/* the type of EC curve */
private String curve;

/* length of the secret to be derived */
private int secretLen;

/* true if noGF2m and ECFieldF2m is used */
private boolean useJavaImplementation;

/* the java implementation, initialized if needed */
private ECDHKeyAgreement javaImplementation;

/**
* Constructs a new NativeECDHKeyAgreement.
*/
public NativeECDHKeyAgreement() {
}

@Override
protected void engineInit(Key key, SecureRandom random)
throws InvalidKeyException {
if (!(key instanceof PrivateKey)) {
throw new InvalidKeyException
("Key must be an instance of PrivateKey");
}
/* attempt to translate the key if it is not an ECKey */
this.privateKey = (ECPrivateKeyImpl) ECKeyFactory.toECKey(key);
this.publicKey = null;

ECParameterSpec params = this.privateKey.getParams();
if (params instanceof NamedCurve) {
this.curve = ((NamedCurve) params).getName();
} else {
/* use the OID */
try {
AlgorithmParameters algParams = AlgorithmParameters.getInstance("EC");
algParams.init(this.privateKey.getParams());
this.curve = algParams.getParameterSpec(ECGenParameterSpec.class).getName();
} catch (NoSuchAlgorithmException e) {
/* should not happen */
} catch (InvalidParameterSpecException e) {
System.out.println(e.toString());
}
}

if (noGF2m && this.privateKey.isECFieldF2m()) {
if (curveSupported.containsKey("EC2m")) {
this.useJavaImplementation(key, random, null);
} else {
curveSupported.put("EC2m", false);
this.useJavaImplementation(key, random, "EC2m");
}
} else if (curveSupported.containsKey(this.curve) && curveSupported.get(this.curve).equals(false)) {
this.useJavaImplementation(key, random, null);
} else {
this.useJavaImplementation = false;
}
}

@Override
protected void engineInit(Key key, AlgorithmParameterSpec params, SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
if (params != null) {
throw new InvalidAlgorithmParameterException
("Parameters not supported");
}
engineInit(key, random);
}

@Override
protected Key engineDoPhase(Key key, boolean lastPhase)
throws InvalidKeyException, IllegalStateException {
if (this.useJavaImplementation) {
return this.javaImplementation.engineDoPhase(key, lastPhase);
}
if (this.privateKey == null) {
throw new IllegalStateException("Not initialized");
}
if (this.publicKey != null) {
throw new IllegalStateException("Phase already executed");
}
if (!lastPhase) {
throw new IllegalStateException
("Only two party agreement supported, lastPhase must be true");
}
if (!(key instanceof PublicKey)) {
throw new InvalidKeyException
("Key must be an instance of PublicKey");
}
/* attempt to translate the key if it is not an ECKey */
this.publicKey = (ECPublicKeyImpl) ECKeyFactory.toECKey(key);

ECParameterSpec params = this.publicKey.getParams();
int keyLenBits = params.getCurve().getField().getFieldSize();
this.secretLen = (keyLenBits + 7) >> 3;

return null;
}

@Override
protected byte[] engineGenerateSecret() throws IllegalStateException {
if (this.useJavaImplementation) {
return this.javaImplementation.engineGenerateSecret();
}
byte[] secret = new byte[this.secretLen];
try {
engineGenerateSecret(secret, 0);
} catch (ShortBufferException e) {
/* should not happen */
}
return secret;
}

@Override
protected int engineGenerateSecret(byte[] sharedSecret, int offset)
throws IllegalStateException, ShortBufferException {
if (this.useJavaImplementation) {
return this.javaImplementation.engineGenerateSecret(sharedSecret, offset);
}
if ((offset + this.secretLen) > sharedSecret.length) {
throw new ShortBufferException("Need " + this.secretLen
+ " bytes, only " + (sharedSecret.length - offset)
+ " available");
}
if ((this.privateKey == null) || (this.publicKey == null)) {
throw new IllegalStateException("Not initialized correctly");
}
long nativePublicKey = this.publicKey.getNativePtr();
long nativePrivateKey = this.privateKey.getNativePtr();
if ((nativePublicKey == -1) || (nativePrivateKey == -1)) {
if (curveSupported.containsKey(this.curve)) {
throw new ProviderException("Could not convert keys to native format");
} else {
curveSupported.put(this.curve, false);
try {
this.useJavaImplementation(this.privateKey, null, this.curve);
this.javaImplementation.engineDoPhase(this.publicKey, true);
} catch (InvalidKeyException e) {
System.out.println(e.toString());
}
return this.javaImplementation.engineGenerateSecret(sharedSecret, offset);
}
} else if (!curveSupported.containsKey(this.curve)) {
curveSupported.put(this.curve, true);
if (nativeCryptTrace != null) {
System.err.println(this.curve + " is supported by OpenSSL, using native crypto implementation.");
}
}
int ret;
synchronized (this.privateKey) {
ret = nativeCrypto.ECDeriveKey(nativePublicKey, nativePrivateKey, sharedSecret, offset, this.secretLen);
}
if (ret == -1) {
throw new ProviderException("Could not derive key");
}
return this.secretLen;
}

@Override
protected SecretKey engineGenerateSecret(String algorithm)
throws IllegalStateException, NoSuchAlgorithmException,
InvalidKeyException {
if (algorithm == null) {
throw new NoSuchAlgorithmException("Algorithm must not be null");
}
if (!(algorithm.equals("TlsPremasterSecret"))) {
throw new NoSuchAlgorithmException
("Only supported for algorithm TlsPremasterSecret");
}
return new SecretKeySpec(engineGenerateSecret(), "TlsPremasterSecret");
}

/**
* Initializes the java implementation and prints to the console.
*
* @param key the private key
* @param random source of randomness
* @param type the type of key that is not supported
*/
private void useJavaImplementation (Key key, SecureRandom random, String type) throws InvalidKeyException {
this.useJavaImplementation = true;
this.javaImplementation = new ECDHKeyAgreement();
this.javaImplementation.engineInit(key, random);
if ((type != null) && (nativeCryptTrace != null)) {
System.err.println(type + " is not supported by OpenSSL, using Java crypto implementation.");
}
}
}
Loading

0 comments on commit d24df55

Please sign in to comment.