Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8264329: Z cannot be 1 for Diffie-Hellman key agreement #3232

Closed
wants to merge 2 commits into from

Conversation

XueleiFan
Copy link
Member

@XueleiFan XueleiFan commented Mar 28, 2021

Per NIST SP 800-56A Rev 3 (section 5.7.1), the shared secret cannot be 1 or (p - 1). This update adds this validation in the JDK provider implementation.

No new regression test, simple update and hard to construct a shared secret of 1 or (p - 1).


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed

Issue

  • JDK-8264329: Z cannot be 1 for Diffie-Hellman key agreement

Reviewers

Download

To checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/3232/head:pull/3232
$ git checkout pull/3232

To update a local copy of the PR:
$ git checkout pull/3232
$ git pull https://git.openjdk.java.net/jdk pull/3232/head

@bridgekeeper
Copy link

bridgekeeper bot commented Mar 28, 2021

👋 Welcome back xuelei! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot added the rfr Pull request is ready for review label Mar 28, 2021
@openjdk
Copy link

openjdk bot commented Mar 28, 2021

@XueleiFan The following label will be automatically applied to this pull request:

  • security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@openjdk openjdk bot added the security security-dev@openjdk.org label Mar 28, 2021
@mlbridge
Copy link

mlbridge bot commented Mar 28, 2021

Webrevs

if ((z.compareTo(BigInteger.ONE) <= 0) ||
z.equals(modulus.subtract(BigInteger.ONE))) {
throw new ProviderException(
"Generated secret is out-of-rang of (1, p -1)");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: rang -> range

@@ -313,6 +313,14 @@ protected int engineGenerateSecret(byte[] sharedSecret, int offset)
// above, so user can recover w/o losing internal state
generateSecret = false;

// No further process if z <= 1 or z == (p - 1).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could mention the spec somewhere in this file. Always nice to have the spec mentioned that we have impl'd. Up to you.

@openjdk
Copy link

openjdk bot commented Mar 28, 2021

@XueleiFan This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8264329: Z cannot be 1 for Diffie-Hellman key agreement

Reviewed-by: wetmore

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been no new commits pushed to the master branch. If another commit should be pushed before you perform the /integrate command, your PR will be automatically rebased. If you prefer to avoid any potential automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Mar 28, 2021
@bradfordwetmore
Copy link
Contributor

Same comment for the bug report itself.

@XueleiFan
Copy link
Member Author

XueleiFan commented Mar 28, 2021

/integrate

@openjdk openjdk bot closed this Mar 28, 2021
@openjdk openjdk bot added integrated Pull request has been integrated and removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Mar 28, 2021
@openjdk
Copy link

openjdk bot commented Mar 28, 2021

@XueleiFan Pushed as commit c986457.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

@XueleiFan XueleiFan deleted the JDK-8264329 branch March 28, 2021 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
integrated Pull request has been integrated security security-dev@openjdk.org
2 participants