21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.security.AlgorithmConstraints;
29 import java.security.CryptoPrimitive;
30 import java.security.PrivateKey;
31
32 import java.util.Set;
33 import java.util.HashSet;
34 import java.util.Map;
35 import java.util.EnumSet;
36 import java.util.TreeMap;
37 import java.util.Collection;
38 import java.util.Collections;
39 import java.util.ArrayList;
40
41 import sun.security.util.KeyLength;
42
43 /**
44 * Signature and hash algorithm.
45 *
46 * [RFC5246] The client uses the "signature_algorithms" extension to
47 * indicate to the server which signature/hash algorithm pairs may be
48 * used in digital signatures. The "extension_data" field of this
49 * extension contains a "supported_signature_algorithms" value.
50 *
51 * enum {
52 * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
53 * sha512(6), (255)
54 * } HashAlgorithm;
55 *
56 * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
57 * SignatureAlgorithm;
58 *
59 * struct {
60 * HashAlgorithm hash;
61 * SignatureAlgorithm signature;
262 int maxDigestLength = Integer.MAX_VALUE;
263 if (signingKey != null &&
264 "rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
265 expected.equalsIgnoreCase("rsa")) {
266 /*
267 * RSA keys of 512 bits have been shown to be practically
268 * breakable, it does not make much sense to use the strong
269 * hash algorithm for keys whose key size less than 512 bits.
270 * So it is not necessary to caculate the required max digest
271 * length exactly.
272 *
273 * If key size is greater than or equals to 768, there is no max
274 * digest length limitation in currect implementation.
275 *
276 * If key size is greater than or equals to 512, but less than
277 * 768, the digest length should be less than or equal to 32 bytes.
278 *
279 * If key size is less than 512, the digest length should be
280 * less than or equal to 20 bytes.
281 */
282 int keySize = KeyLength.getKeySize(signingKey);
283 if (keySize >= 768) {
284 maxDigestLength = HashAlgorithm.SHA512.length;
285 } else if ((keySize >= 512) && (keySize < 768)) {
286 maxDigestLength = HashAlgorithm.SHA256.length;
287 } else if ((keySize > 0) && (keySize < 512)) {
288 maxDigestLength = HashAlgorithm.SHA1.length;
289 } // Otherwise, cannot determine the key size, prefer the most
290 // perferable hash algorithm.
291 }
292
293 for (SignatureAndHashAlgorithm algorithm : algorithms) {
294 int signValue = algorithm.id & 0xFF;
295 if (expected.equalsIgnoreCase("rsa") &&
296 signValue == SignatureAlgorithm.RSA.value) {
297 if (algorithm.hash.length <= maxDigestLength) {
298 return algorithm;
299 }
300 } else if (
301 (expected.equalsIgnoreCase("dsa") &&
302 signValue == SignatureAlgorithm.DSA.value) ||
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.ssl;
27
28 import java.security.AlgorithmConstraints;
29 import java.security.CryptoPrimitive;
30 import java.security.PrivateKey;
31
32 import java.util.Set;
33 import java.util.HashSet;
34 import java.util.Map;
35 import java.util.EnumSet;
36 import java.util.TreeMap;
37 import java.util.Collection;
38 import java.util.Collections;
39 import java.util.ArrayList;
40
41 import sun.security.util.KeyUtil;
42
43 /**
44 * Signature and hash algorithm.
45 *
46 * [RFC5246] The client uses the "signature_algorithms" extension to
47 * indicate to the server which signature/hash algorithm pairs may be
48 * used in digital signatures. The "extension_data" field of this
49 * extension contains a "supported_signature_algorithms" value.
50 *
51 * enum {
52 * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5),
53 * sha512(6), (255)
54 * } HashAlgorithm;
55 *
56 * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
57 * SignatureAlgorithm;
58 *
59 * struct {
60 * HashAlgorithm hash;
61 * SignatureAlgorithm signature;
262 int maxDigestLength = Integer.MAX_VALUE;
263 if (signingKey != null &&
264 "rsa".equalsIgnoreCase(signingKey.getAlgorithm()) &&
265 expected.equalsIgnoreCase("rsa")) {
266 /*
267 * RSA keys of 512 bits have been shown to be practically
268 * breakable, it does not make much sense to use the strong
269 * hash algorithm for keys whose key size less than 512 bits.
270 * So it is not necessary to caculate the required max digest
271 * length exactly.
272 *
273 * If key size is greater than or equals to 768, there is no max
274 * digest length limitation in currect implementation.
275 *
276 * If key size is greater than or equals to 512, but less than
277 * 768, the digest length should be less than or equal to 32 bytes.
278 *
279 * If key size is less than 512, the digest length should be
280 * less than or equal to 20 bytes.
281 */
282 int keySize = KeyUtil.getKeySize(signingKey);
283 if (keySize >= 768) {
284 maxDigestLength = HashAlgorithm.SHA512.length;
285 } else if ((keySize >= 512) && (keySize < 768)) {
286 maxDigestLength = HashAlgorithm.SHA256.length;
287 } else if ((keySize > 0) && (keySize < 512)) {
288 maxDigestLength = HashAlgorithm.SHA1.length;
289 } // Otherwise, cannot determine the key size, prefer the most
290 // perferable hash algorithm.
291 }
292
293 for (SignatureAndHashAlgorithm algorithm : algorithms) {
294 int signValue = algorithm.id & 0xFF;
295 if (expected.equalsIgnoreCase("rsa") &&
296 signValue == SignatureAlgorithm.RSA.value) {
297 if (algorithm.hash.length <= maxDigestLength) {
298 return algorithm;
299 }
300 } else if (
301 (expected.equalsIgnoreCase("dsa") &&
302 signValue == SignatureAlgorithm.DSA.value) ||
|