Skip to content
Permalink
Browse files
8223940: Private key not supported by chosen signature algorithm
Backport-of: b7f557e
  • Loading branch information
Yuri Nesterenko committed Nov 27, 2020
1 parent 80be64a commit c6f81a591dc5942f02e00467daedeb8149294a75
Showing 4 changed files with 102 additions and 77 deletions.
@@ -31,6 +31,7 @@
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Locale;
import java.util.Map;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.X509Authentication.X509Credentials;
import sun.security.ssl.X509Authentication.X509Possession;
@@ -585,31 +586,28 @@ static final class T12CertificateVerifyMessage extends HandshakeMessage {

// This happens in client side only.
ClientHandshakeContext chc = (ClientHandshakeContext)context;
this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
chc.algorithmConstraints,
chc.peerRequestedSignatureSchemes,
x509Possession,
chc.negotiatedProtocol);
if (signatureScheme == null) {
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
"No preferred signature algorithm for CertificateVerify");
"No supported CertificateVerify signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
}

this.signatureScheme = schemeAndSigner.getKey();
byte[] temproary = null;
try {
Signature signer =
signatureScheme.getSignature(x509Possession.popPrivateKey);
Signature signer = schemeAndSigner.getValue();
signer.update(chc.handshakeHash.archived());
temproary = signer.sign();
} catch (NoSuchAlgorithmException |
InvalidAlgorithmParameterException nsae) {
throw chc.conContext.fatal(Alert.INTERNAL_ERROR,
"Unsupported signature algorithm (" +
signatureScheme.name +
") used in CertificateVerify handshake message", nsae);
} catch (InvalidKeyException | SignatureException ikse) {
} catch (SignatureException ikse) {
throw chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"Cannot produce CertificateVerify signature", ikse);
}
@@ -669,7 +667,7 @@ static final class T12CertificateVerifyMessage extends HandshakeMessage {
this.signature = Record.getBytes16(m);
try {
Signature signer =
signatureScheme.getSignature(x509Credentials.popPublicKey);
signatureScheme.getVerifier(x509Credentials.popPublicKey);
signer.update(shc.handshakeHash.archived());
if (!signer.verify(signature)) {
throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
@@ -898,18 +896,23 @@ static final class T13CertificateVerifyMessage extends HandshakeMessage {
X509Possession x509Possession) throws IOException {
super(context);

this.signatureScheme = SignatureScheme.getPreferableAlgorithm(
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
context.algorithmConstraints,
context.peerRequestedSignatureSchemes,
x509Possession,
context.negotiatedProtocol);
if (signatureScheme == null) {
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw context.conContext.fatal(Alert.INTERNAL_ERROR,
"No preferred signature algorithm for CertificateVerify");
"No supported CertificateVerify signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
}

this.signatureScheme = schemeAndSigner.getKey();

byte[] hashValue = context.handshakeHash.digest();
byte[] contentCovered;
if (context.sslConfig.isClientMode) {
@@ -926,17 +929,10 @@ static final class T13CertificateVerifyMessage extends HandshakeMessage {

byte[] temproary = null;
try {
Signature signer =
signatureScheme.getSignature(x509Possession.popPrivateKey);
Signature signer = schemeAndSigner.getValue();
signer.update(contentCovered);
temproary = signer.sign();
} catch (NoSuchAlgorithmException |
InvalidAlgorithmParameterException nsae) {
throw context.conContext.fatal(Alert.INTERNAL_ERROR,
"Unsupported signature algorithm (" +
signatureScheme.name +
") used in CertificateVerify handshake message", nsae);
} catch (InvalidKeyException | SignatureException ikse) {
} catch (SignatureException ikse) {
throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
"Cannot produce CertificateVerify signature", ikse);
}
@@ -1007,7 +1003,7 @@ static final class T13CertificateVerifyMessage extends HandshakeMessage {

try {
Signature signer =
signatureScheme.getSignature(x509Credentials.popPublicKey);
signatureScheme.getVerifier(x509Credentials.popPublicKey);
signer.update(contentCovered);
if (!signer.verify(signature)) {
throw context.conContext.fatal(Alert.HANDSHAKE_FAILURE,
@@ -42,6 +42,7 @@
import java.text.MessageFormat;
import java.util.EnumSet;
import java.util.Locale;
import java.util.Map;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
@@ -124,25 +125,22 @@ class DHServerKeyExchangeMessage extends HandshakeMessage {
shc.negotiatedProtocol.useTLS12PlusSpec();
Signature signer = null;
if (useExplicitSigAlgorithm) {
signatureScheme = SignatureScheme.getPreferableAlgorithm(
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);
if (signatureScheme == null) {
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"No preferred signature algorithm");
}
try {
signer = signatureScheme.getSignature(
x509Possession.popPrivateKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"Unsupported signature algorithm: " +
signatureScheme.name, nsae);
"No supported signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
} else {
signatureScheme = schemeAndSigner.getKey();
signer = schemeAndSigner.getValue();
}
} else {
signatureScheme = null;
@@ -241,7 +239,7 @@ class DHServerKeyExchangeMessage extends HandshakeMessage {
Signature signer;
if (useExplicitSigAlgorithm) {
try {
signer = signatureScheme.getSignature(
signer = signatureScheme.getVerifier(
x509Credentials.popPublicKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
@@ -38,7 +38,7 @@
import java.security.SignatureException;
import java.text.MessageFormat;
import java.util.Locale;
import sun.security.ssl.NamedGroup.NamedGroupSpec;
import java.util.Map;
import sun.security.ssl.SSLHandshake.HandshakeMessage;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Credentials;
@@ -135,27 +135,22 @@ class ECDHServerKeyExchangeMessage extends HandshakeMessage {
shc.negotiatedProtocol.useTLS12PlusSpec();
Signature signer = null;
if (useExplicitSigAlgorithm) {
signatureScheme = SignatureScheme.getPreferableAlgorithm(
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);
if (signatureScheme == null) {
Map.Entry<SignatureScheme, Signature> schemeAndSigner =
SignatureScheme.getSignerOfPreferableAlgorithm(
shc.algorithmConstraints,
shc.peerRequestedSignatureSchemes,
x509Possession,
shc.negotiatedProtocol);
if (schemeAndSigner == null) {
// Unlikely, the credentials generator should have
// selected the preferable signature algorithm properly.
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"No preferred signature algorithm for " +
"No supported signature algorithm for " +
x509Possession.popPrivateKey.getAlgorithm() +
" key");
}
try {
signer = signatureScheme.getSignature(
x509Possession.popPrivateKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
throw shc.conContext.fatal(Alert.INTERNAL_ERROR,
"Unsupported signature algorithm: " +
signatureScheme.name, nsae);
} else {
signatureScheme = schemeAndSigner.getKey();
signer = schemeAndSigner.getValue();
}
} else {
signatureScheme = null;
@@ -276,7 +271,7 @@ class ECDHServerKeyExchangeMessage extends HandshakeMessage {
Signature signer;
if (useExplicitSigAlgorithm) {
try {
signer = signatureScheme.getSignature(
signer = signatureScheme.getVerifier(
x509Credentials.popPublicKey);
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
@@ -30,13 +30,15 @@
import java.security.spec.ECParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.AbstractMap.SimpleImmutableEntry;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import sun.security.ssl.NamedGroup.NamedGroupSpec;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
@@ -458,7 +460,7 @@ static SignatureScheme getPreferableAlgorithm(
return null;
}

static SignatureScheme getPreferableAlgorithm(
static Map.Entry<SignatureScheme, Signature> getSignerOfPreferableAlgorithm(
AlgorithmConstraints constraints,
List<SignatureScheme> schemes,
X509Possession x509Possession,
@@ -485,7 +487,10 @@ static SignatureScheme getPreferableAlgorithm(
x509Possession.getECParameterSpec();
if (params != null &&
ss.namedGroup == NamedGroup.valueOf(params)) {
return ss;
Signature signer = ss.getSigner(signingKey);
if (signer != null) {
return new SimpleImmutableEntry<>(ss, signer);
}
}

if (SSLLogger.isOn &&
@@ -510,7 +515,10 @@ static SignatureScheme getPreferableAlgorithm(
NamedGroup keyGroup = NamedGroup.valueOf(params);
if (keyGroup != null &&
SupportedGroups.isSupported(keyGroup)) {
return ss;
Signature signer = ss.getSigner(signingKey);
if (signer != null) {
return new SimpleImmutableEntry<>(ss, signer);
}
}
}

@@ -521,7 +529,10 @@ static SignatureScheme getPreferableAlgorithm(
"), unsupported EC parameter spec: " + params);
}
} else {
return ss;
Signature signer = ss.getSigner(signingKey);
if (signer != null) {
return new SimpleImmutableEntry<>(ss, signer);
}
}
}
}
@@ -542,24 +553,49 @@ static String[] getAlgorithmNames(Collection<SignatureScheme> schemes) {
return new String[0];
}

Signature getSignature(Key key) throws NoSuchAlgorithmException,
// This method is used to get the signature instance of this signature
// scheme for the specific public key. Unlike getSigner(), the exception
// is bubbled up. If the public key does not support this signature
// scheme, it normally means the TLS handshaking cannot continue and
// the connection should be terminated.
Signature getVerifier(PublicKey publicKey) throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, InvalidKeyException {
if (!isAvailable) {
return null;
}

Signature signer = Signature.getInstance(algorithm);
if (key instanceof PublicKey) {
SignatureUtil.initVerifyWithParam(signer, (PublicKey)key,
(signAlgParams != null ?
signAlgParams.parameterSpec : null));
} else {
SignatureUtil.initSignWithParam(signer, (PrivateKey)key,
(signAlgParams != null ?
signAlgParams.parameterSpec : null),
null);
Signature verifier = Signature.getInstance(algorithm);
SignatureUtil.initVerifyWithParam(verifier, publicKey,
(signAlgParams != null ? signAlgParams.parameterSpec : null));

return verifier;
}

// This method is also used to choose preferable signature scheme for the
// specific private key. If the private key does not support the signature
// scheme, {@code null} is returned, and the caller may fail back to next
// available signature scheme.
private Signature getSigner(PrivateKey privateKey) {
if (!isAvailable) {
return null;
}

return signer;
try {
Signature signer = Signature.getInstance(algorithm);
SignatureUtil.initSignWithParam(signer, privateKey,
(signAlgParams != null ? signAlgParams.parameterSpec : null),
null);
return signer;
} catch (NoSuchAlgorithmException | InvalidKeyException |
InvalidAlgorithmParameterException nsae) {
if (SSLLogger.isOn &&
SSLLogger.isOn("ssl,handshake,verbose")) {
SSLLogger.finest(
"Ignore unsupported signature algorithm (" +
this.name + ")", nsae);
}
}

return null;
}
}

1 comment on commit c6f81a5

@openjdk-notifier
Copy link

@openjdk-notifier openjdk-notifier bot commented on c6f81a5 Nov 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.