Projects
Mega:24.03:SP1:Everything
openjdk-1.8.0
_service:tar_scm:Revert-backport-8035986-Kerber...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:Revert-backport-8035986-KerberosKey-algorithm-names-are-not-specified.patch of Package openjdk-1.8.0
From 46b7cb7838a2de1a6463ddf17edefef73ec1217f Mon Sep 17 00:00:00 2001 Date: Thu, 3 Aug 2023 10:03:27 +0800 Subject: [PATCH] Revert-backport-8035986-KerberosKey-algorithm-names-are-not-specified --- .../security/auth/kerberos/KerberosKey.java | 46 ++------ .../javax/security/auth/kerberos/KeyImpl.java | 26 ++--- .../sun/security/krb5/EncryptionKey.java | 17 +-- .../security/auth/kerberos/StandardNames.java | 108 ------------------ 4 files changed, 28 insertions(+), 169 deletions(-) delete mode 100644 jdk/test/javax/security/auth/kerberos/StandardNames.java diff --git a/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java b/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java index a8d12131a..5c8b65f27 100644 --- a/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java +++ b/jdk/src/share/classes/javax/security/auth/kerberos/KerberosKey.java @@ -52,20 +52,7 @@ import javax.security.auth.DestroyFailedException; * application depends on the default JGSS Kerberos mechanism to access the * KerberosKey. In that case, however, the application will need an * appropriate - * {@link javax.security.auth.kerberos.ServicePermission ServicePermission}.<p> - * - * When creating a {@code KerberosKey} using the - * {@link #KerberosKey(KerberosPrincipal, char[], String)} constructor, - * an implementation may accept non-IANA algorithm names (For example, - * "ArcFourMac" for "rc4-hmac"), but the {@link #getAlgorithm} method - * must always return the IANA algorithm name.<p> - * - * @implNote Old algorithm names used before JDK 9 are supported in the - * {@link #KerberosKey(KerberosPrincipal, char[], String)} constructor in this - * implementation for compatibility reasons, which are "DES" (and null) for - * "des-cbc-md5", "DESede" for "des3-cbc-sha1-kd", "ArcFourHmac" for "rc4-hmac", - * "AES128" for "aes128-cts-hmac-sha1-96", and "AES256" for - * "aes256-cts-hmac-sha1-96". + * {@link javax.security.auth.kerberos.ServicePermission ServicePermission}. * * @author Mayank Upadhyay * @since 1.4 @@ -86,7 +73,7 @@ public class KerberosKey implements SecretKey, Destroyable { * * @serial */ - private final int versionNum; + private int versionNum; /** * {@code KeyImpl} is serialized by writing out the ASN1 Encoded bytes @@ -126,16 +113,13 @@ public class KerberosKey implements SecretKey, Destroyable { } /** - * Constructs a KerberosKey from a principal's password using the specified - * algorithm name. The algorithm name (case insensitive) should be provided - * as the encryption type string defined on the IANA - * <a href="https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1">Kerberos Encryption Type Numbers</a> - * page. The version number of the key generated will be 0. + * Constructs a KerberosKey from a principal's password. * * @param principal the principal that this password belongs to * @param password the password that should be used to compute the key * @param algorithm the name for the algorithm that this key will be - * used for + * used for. This parameter may be null in which case the default + * algorithm "DES" will be assumed. * @throws IllegalArgumentException if the name of the * algorithm passed is unsupported. */ @@ -144,7 +128,6 @@ public class KerberosKey implements SecretKey, Destroyable { String algorithm) { this.principal = principal; - this.versionNum = 0; // Pass principal in for salt key = new KeyImpl(principal, password, algorithm); } @@ -187,18 +170,13 @@ public class KerberosKey implements SecretKey, Destroyable { */ /** - * Returns the standard algorithm name for this key. The algorithm names - * are the encryption type string defined on the IANA - * <a href="https://www.iana.org/assignments/kerberos-parameters/kerberos-parameters.xhtml#kerberos-parameters-1">Kerberos Encryption Type Numbers</a> - * page. - * <p> - * This method can return the following value not defined on the IANA page: - * <ol> - * <li>none: for etype equal to 0</li> - * <li>unknown: for etype greater than 0 but unsupported by - * the implementation</li> - * <li>private: for etype smaller than 0</li> - * </ol> + * Returns the standard algorithm name for this key. For + * example, "DES" would indicate that this key is a DES key. + * See Appendix A in the <a href= + * "../../../../../technotes/guides/security/crypto/CryptoSpec.html#AppA"> + * Java Cryptography Architecture API Specification & Reference + * </a> + * for information about standard algorithm names. * * @return the name of the algorithm associated with this key. */ diff --git a/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java b/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java index 571387e0c..6791c42f0 100644 --- a/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java +++ b/jdk/src/share/classes/javax/security/auth/kerberos/KeyImpl.java @@ -36,6 +36,7 @@ import sun.security.krb5.PrincipalName; import sun.security.krb5.EncryptionKey; import sun.security.krb5.EncryptedData; import sun.security.krb5.KrbException; +import sun.security.krb5.KrbCryptoException; import sun.security.util.DerValue; /** @@ -85,12 +86,8 @@ class KeyImpl implements SecretKey, Destroyable, Serializable { try { PrincipalName princ = new PrincipalName(principal.getName()); - EncryptionKey key; - if ("none".equalsIgnoreCase(algorithm)) { - key = EncryptionKey.NULL_KEY; - } else { - key = new EncryptionKey(password, princ.getSalt(), algorithm); - } + EncryptionKey key = + new EncryptionKey(password, princ.getSalt(), algorithm); this.keyBytes = key.getBytes(); this.keyType = key.getEType(); } catch (KrbException e) { @@ -121,22 +118,20 @@ class KeyImpl implements SecretKey, Destroyable, Serializable { switch (eType) { case EncryptedData.ETYPE_DES_CBC_CRC: - return "des-cbc-crc"; - case EncryptedData.ETYPE_DES_CBC_MD5: - return "des-cbc-md5"; + return "DES"; case EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD: - return "des3-cbc-sha1-kd"; + return "DESede"; case EncryptedData.ETYPE_ARCFOUR_HMAC: - return "rc4-hmac"; + return "ArcFourHmac"; case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96: - return "aes128-cts-hmac-sha1-96"; + return "AES128"; case EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96: - return "aes256-cts-hmac-sha1-96"; + return "AES256"; case EncryptedData.ETYPE_AES128_CTS_HMAC_SHA256_128: return "aes128-cts-hmac-sha256-128"; @@ -145,10 +140,11 @@ class KeyImpl implements SecretKey, Destroyable, Serializable { return "aes256-cts-hmac-sha384-192"; case EncryptedData.ETYPE_NULL: - return "none"; + return "NULL"; default: - return eType > 0 ? "unknown" : "private"; + throw new IllegalArgumentException( + "Unsupported encryption type: " + eType); } } diff --git a/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java b/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java index 627168e70..71e667028 100644 --- a/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java +++ b/jdk/src/share/classes/sun/security/krb5/EncryptionKey.java @@ -277,22 +277,15 @@ public class EncryptionKey String salt, String algorithm) throws KrbCryptoException { - if (algorithm == null || algorithm.equalsIgnoreCase("DES") - || algorithm.equalsIgnoreCase("des-cbc-md5")) { + if (algorithm == null || algorithm.equalsIgnoreCase("DES")) { keyType = EncryptedData.ETYPE_DES_CBC_MD5; - } else if (algorithm.equalsIgnoreCase("des-cbc-crc")) { - keyType = EncryptedData.ETYPE_DES_CBC_CRC; - } else if (algorithm.equalsIgnoreCase("DESede") - || algorithm.equalsIgnoreCase("des3-cbc-sha1-kd")) { + } else if (algorithm.equalsIgnoreCase("DESede")) { keyType = EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD; - } else if (algorithm.equalsIgnoreCase("AES128") - || algorithm.equalsIgnoreCase("aes128-cts-hmac-sha1-96")) { + } else if (algorithm.equalsIgnoreCase("AES128")) { keyType = EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96; - } else if (algorithm.equalsIgnoreCase("ArcFourHmac") - || algorithm.equalsIgnoreCase("rc4-hmac")) { + } else if (algorithm.equalsIgnoreCase("ArcFourHmac")) { keyType = EncryptedData.ETYPE_ARCFOUR_HMAC; - } else if (algorithm.equalsIgnoreCase("AES256") - || algorithm.equalsIgnoreCase("aes256-cts-hmac-sha1-96")) { + } else if (algorithm.equalsIgnoreCase("AES256")) { keyType = EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96; // validate if AES256 is enabled if (!EType.isSupported(keyType)) { diff --git a/jdk/test/javax/security/auth/kerberos/StandardNames.java b/jdk/test/javax/security/auth/kerberos/StandardNames.java deleted file mode 100644 index 40590f6d0..000000000 --- a/jdk/test/javax/security/auth/kerberos/StandardNames.java +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -/* - * @test - * @bug 8035986 - * @summary KerberosKey algorithm names are not specified - */ - -import sun.security.krb5.EncryptedData; - -import javax.crypto.Cipher; -import javax.security.auth.kerberos.KerberosKey; -import javax.security.auth.kerberos.KerberosPrincipal; -import java.util.Locale; - -public class StandardNames { - static KerberosPrincipal kp = new KerberosPrincipal("user@REALM"); - static char[] pass = "secret".toCharArray(); - static byte[] keyBytes = new byte[1]; - - public static void main(String[] args) throws Exception { - for (EncType e: EncType.values()) { - if (e == EncType.e18) { - if (Cipher.getMaxAllowedKeyLength("AES") < 256) { - System.out.println("Skipping aes256-cts-hmac-sha1-96"); - continue; - } - } - checkByName(e.name, e); - checkByName(e.name.toUpperCase(Locale.US), e); - for (String n: e.oldnames) { - checkByName(n, e); - if (n != null) { - checkByName(n.toLowerCase(Locale.US), e); - } - } - checkByEType(e.etype, e.name); - } - checkByEType(100, "unknown"); - checkByEType(-1, "private"); - - try { - System.out.println("unsupported"); - new KerberosKey(kp, pass, "unsupported"); - throw new Exception("unsupported"); - } catch (IllegalArgumentException iae) { - // Expected - } - } - - private static void checkByName(String n, EncType e) throws Exception { - System.out.println("CheckByName " + n); - KerberosKey k = new KerberosKey(kp, pass, n); - if (!k.getAlgorithm().equals(e.name)) throw new Exception(n); - if (k.getKeyType() != e.etype) throw new Exception(n); - if (k.getVersionNumber() != 0) throw new Exception(n); - } - - private static void checkByEType(int i, String n) throws Exception { - System.out.println("CheckByInt " + i); - KerberosKey k = new KerberosKey(kp, keyBytes, i, 13); - if (!k.getAlgorithm().equals(n)) throw new Exception("" + i); - if (k.getKeyType() != i) throw new Exception("" + i); - if (k.getVersionNumber() != 13) throw new Exception("" + i); - } -} - -enum EncType { - e0("none", EncryptedData.ETYPE_NULL), - e1("des-cbc-crc", EncryptedData.ETYPE_DES_CBC_CRC), - e3("des-cbc-md5", EncryptedData.ETYPE_DES_CBC_MD5, "DES", null), - e16("des3-cbc-sha1-kd", EncryptedData.ETYPE_DES3_CBC_HMAC_SHA1_KD, "DESede"), - e17("aes128-cts-hmac-sha1-96", EncryptedData.ETYPE_AES128_CTS_HMAC_SHA1_96, "AES128"), - e18("aes256-cts-hmac-sha1-96", EncryptedData.ETYPE_AES256_CTS_HMAC_SHA1_96, "AES256"), - e23("rc4-hmac", EncryptedData.ETYPE_ARCFOUR_HMAC, "ArcFourHmac"), - ; - - final String name; - final int etype; - final String[] oldnames; - - EncType(String name, int etype, String... oldnames) { - this.name = name; - this.etype = etype; - this.oldnames = oldnames; - } -} -- 2.22.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2