Skip to content

Commit

Permalink
Followup changes for custom DH groups
Browse files Browse the repository at this point in the history
  • Loading branch information
peterdettman committed May 30, 2024
1 parent 22513e7 commit 80f81a5
Show file tree
Hide file tree
Showing 4 changed files with 89 additions and 36 deletions.
1 change: 1 addition & 0 deletions CONTRIBUTORS.html
Original file line number Diff line number Diff line change
Expand Up @@ -547,6 +547,7 @@
<li>Seung Yeon &lt;https://github.com/seungyeonpark&gt; - addition of Memoable method implementations to CertPathValidationContext and CertificatePoliciesValidation.</li>
<li>yuhh0328 &lt;https://github.com/yuhh0328&gt; - initial patch for adding ML-KEM support to TLS.</li>
<li>Jan Oupick&yacute; &lt;https://github.com/Honzaik&gt; - update to draft 13 of composite PQC signatures.</li>
<li>Karsten Otto &lt;https://github.com/ottoka&gt; - finished the support for jdk.tls.server.defaultDHEParameters.</li>
</ul>
</body>
</html>
6 changes: 6 additions & 0 deletions docs/releasenotes.html
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,18 @@ <h2>1.0 Introduction</h2>
<h2>2.0 Release History</h2>

<a id="r1rv79"><h3>2.1.1 Version</h3></a>
Release: 1.79<br/>
Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2024, TBD.
<h3>2.1.2 Defects Fixed</h3>
<ul>
</ul>
<h3>2.1.3 Additional Features and Functionality</h3>
<ul>
<li>BCJSSE: Added support for security property "jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode).</li>
</ul>

<a id="r1rv78d1"><h3>2.2.1 Version</h3></a>
Release: 1.78.1<br/>
Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2024, 18th April.
<h3>2.2.2 Defects Fixed</h3>
<ul>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,28 @@ static class PerContext
}
}

static class DefaultedResult
{
private final int result;
private final boolean defaulted;

DefaultedResult(int result, boolean defaulted)
{
this.result = result;
this.defaulted = defaulted;
}

int getResult()
{
return result;
}

boolean isDefaulted()
{
return defaulted;
}
}

static PerConnection createPerConnectionClient(PerContext perContext, ProvSSLParameters sslParameters,
ProtocolVersion[] activeProtocolVersions)
{
Expand Down Expand Up @@ -227,7 +249,7 @@ static PerContext createPerContext(boolean isFipsContext, JcaTlsCrypto crypto)
return new PerContext(index, candidates);
}

static int getMaximumBitsServerECDH(PerConnection perConnection)
static DefaultedResult getMaximumBitsServerECDH(PerConnection perConnection)
{
int maxBits = 0;
List<NamedGroupInfo> peer = perConnection.getPeer();
Expand Down Expand Up @@ -257,10 +279,10 @@ static int getMaximumBitsServerECDH(PerConnection perConnection)
maxBits = Math.max(maxBits, namedGroupInfo.getBitsECDH());
}
}
return maxBits;
return new DefaultedResult(maxBits, peer == null);
}

static int getMaximumBitsServerFFDHE(PerConnection perConnection)
static DefaultedResult getMaximumBitsServerFFDHE(PerConnection perConnection)
{
int maxBits = 0;
boolean anyPeerFF = false;
Expand Down Expand Up @@ -294,7 +316,7 @@ static int getMaximumBitsServerFFDHE(PerConnection perConnection)
maxBits = Math.max(maxBits, namedGroupInfo.getBitsFFDHE());
}
}
return maxBits;
return new DefaultedResult(maxBits, !anyPeerFF);
}

static NamedGroupInfo getNamedGroup(PerContext perContext, int namedGroup)
Expand Down Expand Up @@ -329,7 +351,7 @@ static boolean hasLocal(PerConnection perConnection, int namedGroup)
return perConnection.local.containsKey(namedGroup);
}

static int selectServerECDH(PerConnection perConnection, int minimumBitsECDH)
static DefaultedResult selectServerECDH(PerConnection perConnection, int minimumBitsECDH)
{
List<NamedGroupInfo> peer = perConnection.getPeer();
if (peer != null)
Expand All @@ -341,7 +363,7 @@ static int selectServerECDH(PerConnection perConnection, int minimumBitsECDH)
int namedGroup = namedGroupInfo.getNamedGroup();
if (perConnection.local.containsKey(namedGroup))
{
return namedGroup;
return new DefaultedResult(namedGroup, false);
}
}
}
Expand All @@ -357,14 +379,14 @@ static int selectServerECDH(PerConnection perConnection, int minimumBitsECDH)
{
if (namedGroupInfo.getBitsECDH() >= minimumBitsECDH)
{
return namedGroupInfo.getNamedGroup();
return new DefaultedResult(namedGroupInfo.getNamedGroup(), true);
}
}
}
return -1;
return new DefaultedResult(-1, peer == null);
}

static int selectServerFFDHE(PerConnection perConnection, int minimumBitsFFDHE)
static DefaultedResult selectServerFFDHE(PerConnection perConnection, int minimumBitsFFDHE)
{
boolean anyPeerFF = false;
List<NamedGroupInfo> peer = perConnection.getPeer();
Expand All @@ -379,7 +401,7 @@ static int selectServerFFDHE(PerConnection perConnection, int minimumBitsFFDHE)
{
if (perConnection.local.containsKey(namedGroup))
{
return namedGroup;
return new DefaultedResult(namedGroup, false);
}
}
}
Expand All @@ -395,11 +417,11 @@ static int selectServerFFDHE(PerConnection perConnection, int minimumBitsFFDHE)
{
if (namedGroupInfo.getBitsFFDHE() >= minimumBitsFFDHE)
{
return namedGroupInfo.getNamedGroup();
return new DefaultedResult(namedGroupInfo.getNamedGroup(), true);
}
}
}
return -1;
return new DefaultedResult(-1, !anyPeerFF);
}

private static void addNamedGroup(boolean isFipsContext, JcaTlsCrypto crypto, boolean disableChar2,
Expand Down
72 changes: 48 additions & 24 deletions tls/src/main/java/org/bouncycastle/jsse/provider/ProvTlsServer.java
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import org.bouncycastle.tls.ClientCertificateType;
import org.bouncycastle.tls.DefaultTlsServer;
import org.bouncycastle.tls.KeyExchangeAlgorithm;
import org.bouncycastle.tls.NamedGroup;
import org.bouncycastle.tls.ProtocolName;
import org.bouncycastle.tls.ProtocolVersion;
import org.bouncycastle.tls.SecurityParameters;
Expand Down Expand Up @@ -62,10 +63,6 @@ class ProvTlsServer
// TODO[jsse] Integrate this into NamedGroupInfo
private static final int provEphemeralDHKeySize = PropertyUtils.getIntegerSystemProperty("jdk.tls.ephemeralDHKeySize", 2048, 1024, 8192);

/*
* TODO[jsse] Does this selection override the restriction from 'jdk.tls.ephemeralDHKeySize'?
* TODO[fips] Probably should be ignored in fips mode?
*/
private static final DHGroup[] provServerDefaultDHEParameters = getDefaultDHEParameters();

private static final boolean provServerEnableCA = PropertyUtils
Expand Down Expand Up @@ -100,7 +97,7 @@ private static DHGroup[] getDefaultDHEParameters()
return null;
}

ArrayList<DHGroup> result = new ArrayList<DHGroup>();
ArrayList<DHGroup> dhGroups = new ArrayList<DHGroup>();
int outerComma = -1;
do
{
Expand Down Expand Up @@ -134,7 +131,7 @@ private static DHGroup[] getDefaultDHEParameters()
DHGroup dhGroup = TlsDHUtils.getStandardGroupForDHParameters(p, g);
if (null != dhGroup)
{
result.add(dhGroup);
dhGroups.add(dhGroup);
}
else if (!p.isProbablePrime(120))
{
Expand All @@ -143,7 +140,7 @@ else if (!p.isProbablePrime(120))
}
else
{
result.add(new DHGroup(p, null, g, 0));
dhGroups.add(new DHGroup(p, null, g, 0));
}
}
catch (Exception e)
Expand All @@ -154,15 +151,15 @@ else if (!p.isProbablePrime(120))
outerComma = closeBrace + 1;
if (outerComma >= limit)
{
result.sort(new Comparator<DHGroup>()
DHGroup[] result = dhGroups.toArray(new DHGroup[dhGroups.size()]);
java.util.Arrays.sort(result, new Comparator<DHGroup>()
{
@Override
public int compare(DHGroup a, DHGroup b)
{
return a.getP().bitLength() - b.getP().bitLength();
}
});
return result.toArray(new DHGroup[result.size()]);
return result;
}
}
while (',' == input.charAt(outerComma));
Expand Down Expand Up @@ -268,13 +265,29 @@ protected String getDetailMessageNoCipherSuite()
@Override
protected int getMaximumNegotiableCurveBits()
{
return NamedGroupInfo.getMaximumBitsServerECDH(jsseSecurityParameters.namedGroups);
NamedGroupInfo.DefaultedResult maxBitsResult = NamedGroupInfo.getMaximumBitsServerECDH(
jsseSecurityParameters.namedGroups);

int maxBits = maxBitsResult.getResult();

return maxBits;
}

@Override
protected int getMaximumNegotiableFiniteFieldBits()
{
int maxBits = NamedGroupInfo.getMaximumBitsServerFFDHE(jsseSecurityParameters.namedGroups);
NamedGroupInfo.DefaultedResult maxBitsResult = NamedGroupInfo.getMaximumBitsServerFFDHE(
jsseSecurityParameters.namedGroups);

int maxBits = maxBitsResult.getResult();

if (maxBitsResult.isDefaulted() &&
!TlsUtils.isNullOrEmpty(provServerDefaultDHEParameters) &&
!manager.getContextData().getContext().isFips())
{
DHGroup largest = provServerDefaultDHEParameters[provServerDefaultDHEParameters.length - 1];
maxBits = Math.max(maxBits, largest.getP().bitLength());
}

return maxBits >= provEphemeralDHKeySize ? maxBits : 0;
}
Expand Down Expand Up @@ -336,28 +349,39 @@ protected boolean selectCipherSuite(int cipherSuite) throws IOException
@Override
public TlsDHConfig getDHConfig() throws IOException
{
if (provServerDefaultDHEParameters != null)
{
int minimumFiniteFieldBits = Math.max(
TlsDHUtils.getMinimumFiniteFieldBits(selectedCipherSuite), provEphemeralDHKeySize);
int minimumFiniteFieldBits = TlsDHUtils.getMinimumFiniteFieldBits(selectedCipherSuite);
minimumFiniteFieldBits = Math.max(minimumFiniteFieldBits, provEphemeralDHKeySize);

NamedGroupInfo.DefaultedResult namedGroupResult = NamedGroupInfo.selectServerFFDHE(
jsseSecurityParameters.namedGroups, minimumFiniteFieldBits);

for (DHGroup group: provServerDefaultDHEParameters)
int namedGroup = namedGroupResult.getResult();

if (namedGroupResult.isDefaulted() &&
!TlsUtils.isNullOrEmpty(provServerDefaultDHEParameters) &&
!manager.getContextData().getContext().isFips())
{
for (DHGroup dhGroup : provServerDefaultDHEParameters)
{
if (group.getP().bitLength() >= minimumFiniteFieldBits)
int bits = dhGroup.getP().bitLength();
if (bits >= minimumFiniteFieldBits)
{
return new TlsDHConfig(group);
if (namedGroup < 0 || bits <= NamedGroup.getFiniteFieldBits(namedGroup))
{
return new TlsDHConfig(dhGroup);
}
break;
}
}
}
return super.getDHConfig();

return TlsDHUtils.createNamedDHConfig(context, namedGroup);
}

@Override
protected int selectDH(int minimumFiniteFieldBits)
{
minimumFiniteFieldBits = Math.max(minimumFiniteFieldBits, provEphemeralDHKeySize);

return NamedGroupInfo.selectServerFFDHE(jsseSecurityParameters.namedGroups, minimumFiniteFieldBits);
throw new UnsupportedOperationException();
}

@Override
Expand All @@ -369,7 +393,7 @@ protected int selectDHDefault(int minimumFiniteFieldBits)
@Override
protected int selectECDH(int minimumCurveBits)
{
return NamedGroupInfo.selectServerECDH(jsseSecurityParameters.namedGroups, minimumCurveBits);
return NamedGroupInfo.selectServerECDH(jsseSecurityParameters.namedGroups, minimumCurveBits).getResult();
}

@Override
Expand Down

0 comments on commit 80f81a5

Please sign in to comment.