< prev index next >
src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java
Print this page
rev 54061 : 8226374: Restrict TLS signature schemes and named groups
Reviewed-by: mullan
@@ -39,11 +39,11 @@
import java.security.spec.InvalidKeySpecException;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import sun.security.action.GetPropertyAction;
-import sun.security.ssl.NamedGroup.NamedGroupType;
+import sun.security.ssl.NamedGroup.NamedGroupSpec;
import sun.security.ssl.SupportedGroupsExtension.SupportedGroups;
import sun.security.ssl.X509Authentication.X509Possession;
import sun.security.util.KeyUtil;
final class DHKeyExchange {
@@ -74,24 +74,20 @@
}
static DHECredentials valueOf(NamedGroup ng,
byte[] encodedPublic) throws IOException, GeneralSecurityException {
- if (ng.type != NamedGroupType.NAMED_GROUP_FFDHE) {
+ if (ng.spec != NamedGroupSpec.NAMED_GROUP_FFDHE) {
throw new RuntimeException(
"Credentials decoding: Not FFDHE named group");
}
if (encodedPublic == null || encodedPublic.length == 0) {
return null;
}
- DHParameterSpec params = (DHParameterSpec)ng.getParameterSpec();
- if (params == null) {
- return null;
- }
-
+ DHParameterSpec params = (DHParameterSpec)ng.keAlgParamSpec;
KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
DHPublicKeySpec spec = new DHPublicKeySpec(
new BigInteger(1, encodedPublic),
params.getP(), params.getG());
DHPublicKey publicKey =
@@ -108,13 +104,11 @@
DHEPossession(NamedGroup namedGroup, SecureRandom random) {
try {
KeyPairGenerator kpg =
JsseJce.getKeyPairGenerator("DiffieHellman");
- DHParameterSpec params =
- (DHParameterSpec)namedGroup.getParameterSpec();
- kpg.initialize(params, random);
+ kpg.initialize(namedGroup.keAlgParamSpec, random);
KeyPair kp = generateDHKeyPair(kpg);
if (kp == null) {
throw new RuntimeException("Could not generate DH keypair");
}
privateKey = kp.getPrivate();
@@ -319,15 +313,14 @@
NamedGroup preferableNamedGroup;
if (!useLegacyEphemeralDHKeys &&
(context.clientRequestedNamedGroups != null) &&
(!context.clientRequestedNamedGroups.isEmpty())) {
preferableNamedGroup =
- SupportedGroups.getPreferredGroup(
- context.negotiatedProtocol,
+ SupportedGroups.getPreferredGroup(context.negotiatedProtocol,
context.algorithmConstraints,
- new NamedGroupType [] {
- NamedGroupType.NAMED_GROUP_FFDHE },
+ new NamedGroupSpec [] {
+ NamedGroupSpec.NAMED_GROUP_FFDHE },
context.clientRequestedNamedGroups);
if (preferableNamedGroup != null) {
return new DHEPossession(preferableNamedGroup,
context.sslContext.getSecureRandom());
}
< prev index next >