RFR: 8264329: Z cannot be 1 for Diffie-Hellman key agreement

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

RFR: 8264329: Z cannot be 1 for Diffie-Hellman key agreement

Xue-Lei Andrew Fan
Per NIST SP 800-56A Rev 3 (section 5.7.1), the shared secret cannot be 1 or (p - 1).  This update adds this validation in the JDK provider implementation.

No new regression test, simple update and hard to construct a shared secret of 1 or (p - 1).

-------------

Commit messages:
 - 8264329: Z cannot be 1 for Diffie-Hellman key agreement

Changes: https://git.openjdk.java.net/jdk/pull/3232/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=3232&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8264329
  Stats: 10 lines in 1 file changed: 8 ins; 0 del; 2 mod
  Patch: https://git.openjdk.java.net/jdk/pull/3232.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/3232/head:pull/3232

PR: https://git.openjdk.java.net/jdk/pull/3232
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8264329: Z cannot be 1 for Diffie-Hellman key agreement

Bradford Wetmore-2
On Sun, 28 Mar 2021 04:09:38 GMT, Xue-Lei Andrew Fan <[hidden email]> wrote:

> Per NIST SP 800-56A Rev 3 (section 5.7.1), the shared secret cannot be 1 or (p - 1).  This update adds this validation in the JDK provider implementation.
>
> No new regression test, simple update and hard to construct a shared secret of 1 or (p - 1).

src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java line 321:

> 319:                 z.equals(modulus.subtract(BigInteger.ONE))) {
> 320:             throw new ProviderException(
> 321:                     "Generated secret is out-of-rang of (1, p -1)");

typo:  rang -> range

-------------

PR: https://git.openjdk.java.net/jdk/pull/3232
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8264329: Z cannot be 1 for Diffie-Hellman key agreement

Bradford Wetmore-2
In reply to this post by Xue-Lei Andrew Fan
On Sun, 28 Mar 2021 04:09:38 GMT, Xue-Lei Andrew Fan <[hidden email]> wrote:

> Per NIST SP 800-56A Rev 3 (section 5.7.1), the shared secret cannot be 1 or (p - 1).  This update adds this validation in the JDK provider implementation.
>
> No new regression test, simple update and hard to construct a shared secret of 1 or (p - 1).

Marked as reviewed by wetmore (Reviewer).

src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java line 316:

> 314:         generateSecret = false;
> 315:
> 316:         // No further process if z <= 1 or z == (p - 1).

You could mention the spec somewhere in this file.  Always nice to have the spec mentioned that we have impl'd.  Up to you.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3232
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8264329: Z cannot be 1 for Diffie-Hellman key agreement

Bradford Wetmore-2
On Sun, 28 Mar 2021 06:07:39 GMT, Bradford Wetmore <[hidden email]> wrote:

>> Per NIST SP 800-56A Rev 3 (section 5.7.1), the shared secret cannot be 1 or (p - 1).  This update adds this validation in the JDK provider implementation.
>>
>> No new regression test, simple update and hard to construct a shared secret of 1 or (p - 1).
>
> Marked as reviewed by wetmore (Reviewer).

Same comment for the bug report itself.

-------------

PR: https://git.openjdk.java.net/jdk/pull/3232
Reply | Threaded
Open this post in threaded view
|

Re: RFR: 8264329: Z cannot be 1 for Diffie-Hellman key agreement [v2]

Xue-Lei Andrew Fan
In reply to this post by Xue-Lei Andrew Fan
> Per NIST SP 800-56A Rev 3 (section 5.7.1), the shared secret cannot be 1 or (p - 1).  This update adds this validation in the JDK provider implementation.
>
> No new regression test, simple update and hard to construct a shared secret of 1 or (p - 1).

Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:

  typo correction and more

-------------

Changes:
  - all: https://git.openjdk.java.net/jdk/pull/3232/files
  - new: https://git.openjdk.java.net/jdk/pull/3232/files/7b05c3a2..0dc833ce

Webrevs:
 - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=3232&range=01
 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=3232&range=00-01

  Stats: 3 lines in 1 file changed: 1 ins; 0 del; 2 mod
  Patch: https://git.openjdk.java.net/jdk/pull/3232.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/3232/head:pull/3232

PR: https://git.openjdk.java.net/jdk/pull/3232
Reply | Threaded
Open this post in threaded view
|

Integrated: 8264329: Z cannot be 1 for Diffie-Hellman key agreement

Xue-Lei Andrew Fan
In reply to this post by Xue-Lei Andrew Fan
On Sun, 28 Mar 2021 04:09:38 GMT, Xue-Lei Andrew Fan <[hidden email]> wrote:

> Per NIST SP 800-56A Rev 3 (section 5.7.1), the shared secret cannot be 1 or (p - 1).  This update adds this validation in the JDK provider implementation.
>
> No new regression test, simple update and hard to construct a shared secret of 1 or (p - 1).

This pull request has now been integrated.

Changeset: c986457f
Author:    Xue-Lei Andrew Fan <[hidden email]>
URL:       https://git.openjdk.java.net/jdk/commit/c986457f
Stats:     11 lines in 1 file changed: 9 ins; 0 del; 2 mod

8264329: Z cannot be 1 for Diffie-Hellman key agreement

Reviewed-by: wetmore

-------------

PR: https://git.openjdk.java.net/jdk/pull/3232