[13] RFR 8225257: sun/security/tools/keytool/PSS.java timed out
Valerie Peng
valerie.peng at oracle.com
Wed Jun 19 00:16:45 UTC 2019
Hi Max,
Is this due to the RSA KeyPairGenerator impl of MSCAPI provider? Is
there documentation on how the patch version of this RSAKeyPairGenerator
class is built and why it'd be placed under
${test.classes}/patches/java.base directory?
I am somewhat unsure about this approach as this would mean that we are
not using the real default RSA key pair generator functionality for ALL
env/platforms. Is this not part of what this test is about?
I saw comments about Solaris RSA key pair gen being so slow that this
test is not run on Solaris. If this is window-specific, maybe avoid the
8192 key size or find a way to work around this. How do user generate
8192-bit RSA keys on windows? Do they just wait?
Thanks,
Valerie
On 6/18/2019 7:26 AM, Weijun Wang wrote:
> I rethink about this. Since the patched class was meant to make the
> generation faster, it should never silently fallback to "real"
> generation. Otherwise, it could be slow again unnoticed.
>
> Updated webrev at http://cr.openjdk.java.net/~weijun/8225257/webrev.01/.
>
> Thanks,
> Max
>
> p.s. Again, the difference between the original class and my patches
> one is:
>
> *diff --git
> src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
> test/jdk/sun/security/tools/keytool/pss/java.base/sun/security/rsa/RSAKeyPairGenerator.java*
> *index 07fd44f..d73308f 100644*
> *---
> src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java*
> *+++
> test/jdk/sun/security/tools/keytool/pss/java.base/sun/security/rsa/RSAKeyPairGenerator.java*
> @@ -1,12 +1,10 @@
> /*
> - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights
> reserved.
> + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
> *
> * This code is free software; you can redistribute it and/or modify it
> * under the terms of the GNU General Public License version 2 only, as
> - * published by the Free Software Foundation. Oracle designates this
> - * particular file as subject to the "Classpath" exception as provided
> - * by Oracle in the LICENSE file that accompanied this code.
> + * published by the Free Software Foundation.
> *
> * This code is distributed in the hope that it will be useful, but
> WITHOUT
> * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
> @@ -32,19 +30,11 @@ import java.security.spec.AlgorithmParameterSpec;
> import java.security.spec.RSAKeyGenParameterSpec;
>
>
> import sun.security.jca.JCAUtil;
> -import static
> sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE;
> -import static
> sun.security.util.SecurityProviderConstants.DEF_RSASSA_PSS_KEY_SIZE;
> import sun.security.x509.AlgorithmId;
> import static sun.security.rsa.RSAUtil.KeyType;
>
>
> /**
> - * RSA keypair generation. Standard algorithm, minimum key length 512
> bit.
> - * We generate two random primes until we find two where phi is relative
> - * prime to the public exponent. Default exponent is 65537. It has
> only bit 0
> - * and bit 4 set, which makes it particularly efficient.
> - *
> - * @since 1.5
> - * @author Andreas Sterbenz
> + * Fake RSA keypair generation.
> */
> public abstract class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
>
>
> @@ -57,9 +47,6 @@ public abstract class RSAKeyPairGenerator extends
> KeyPairGeneratorSpi {
> private final KeyType type;
> private AlgorithmId rsaId;
>
>
> - // PRNG to use
> - private SecureRandom random;
> -
> RSAKeyPairGenerator(KeyType type, int defKeySize) {
> this.type = type;
> // initialize to default in case the app does not call
> initialize()
> @@ -120,35 +107,135 @@ public abstract class RSAKeyPairGenerator
> extends KeyPairGeneratorSpi {
>
>
> this.keySize = tmpKeySize;
> this.publicExponent = tmpPublicExponent;
> - this.random = random;
> }
>
>
> // generate the keypair. See JCA doc
> public KeyPair generateKeyPair() {
> +
> // accommodate odd key sizes in case anybody wants to use them
> - int lp = (keySize + 1) >> 1;
> - int lq = keySize - lp;
> - if (random == null) {
> - random = JCAUtil.getSecureRandom();
> - }
> BigInteger e = publicExponent;
> - while (true) {
> - // generate two random primes of size lp/lq
> - BigInteger p = BigInteger.probablePrime(lp, random);
> - BigInteger q, n;
> - do {
> - q = BigInteger.probablePrime(lq, random);
> - // convention is for p > q
> - if (p.compareTo(q) < 0) {
> - BigInteger tmp = p;
> - p = q;
> - q = tmp;
> - }
> - // modulus n = p * q
> + if (!e.equals(RSAKeyGenParameterSpec.F4)) {
> + throw new AssertionError("Only support F4 now");
> + }
> + BigInteger p, q, n;
> +
> + // Pre-calculated p and q for e == RSAKeyGenParameterSpec.F4
> + switch (keySize) {
> + case 2048:
> + p = new BigInteger("1600840041787354447543653385760927"
> + + "2642568308955833364523274045522752644800599"
> + + "8669541532595690224703734511692014533312515"
> + + "1867029838883431415692353449578487671384896"
> + + "6611685764860941767986520897595108597563035"
> + + "4023785639802607792535812062420427283857665"
> + + "9883578590844700707106157871508280052743363"
> + + "65749456332400771");
> + q = new BigInteger("1303880717101677622201474394769850"
> + + "7257196073324816341282215626935164930077468"
> + + "5999131251387556761167658937349436378464220"
> + + "4831804147777472146628148336776639855791417"
> + + "3849903041999943901924899580268176393595653"
> + + "7357080543898614581363167420619163047562600"
> + + "6155574020606891195960345238780709194499010"
> + + "43652862954645301");
> + break;
> + case 4096:
> + p = new BigInteger("2985635754414679487171962796211911"
> + + "1563710734938215274736352092606404045130913"
> + + "2477365484439939846705721840432140066578525"
> + + "0762327458086280430118434094733412377416194"
> + + "8736124795243564050755767519346747209606612"
> + + "5835460937739428885308798309679495432910469"
> + + "0294757621321446003970767164933974474924664"
> + + "1513767092845098947552598109657871041666676"
> + + "2945573325433283821164032766425479703026349"
> + + "9433641551427112483593214628620450175257586"
> + + "4350119143877183562692754400346175237007314"
> + + "7121580349193179272551363894896336921717843"
> + + "3734726842184251708799134654802475890197293"
> + + "9094908310578403843742664173424031260840446"
> + + "591633359364559754200663");
> + q = new BigInteger("2279248439141087793789384816271625"
> + + "1304008816573950275844533962181244003563987"
> + + "6638461665174020058827698592331066726709304"
> + + "9231319346136709972639455506783245161859951"
> + + "6191872757335765533547033659834427437142631"
> + + "3801232751161907082392011429712327250253948"
> + + "6012497852063361866175243227579880020724881"
> + + "9393797645220239009219998518884396282407710"
> + + "7199202450846395844337846503427790307364624"
> + + "5124871273035872938616425951596065309519651"
> + + "1519189356431513094684173807318945903212527"
> + + "7712469749366620048658571121822171067675915"
> + + "5479178304648399924549334007222294762969503"
> + + "5341584429803583589276956979963609078497238"
> + + "760757619468018224491053");
> + break;
> + case 8192:
> + p = new BigInteger("9821669838446774374944535804569858"
> + + "0553278885576950130485823829973470553571905"
> + + "3014418421996241500307589880457361653957913"
> + + "9176499436767288125182942994089196450118944"
> + + "8701794862752733776161684616570463744619126"
> + + "4981622564763630694110472008409561205704867"
> + + "0221819623405201369630462487520858670679048"
> + + "5854008441429858453634949980424333056803703"
> + + "1205609490778445762604050796894221725977551"
> + + "1428887194691696420765173256600200430067305"
> + + "4364524177041858044598166859757042904625691"
> + + "4292728453597609683799189454690202563236931"
> + + "8171122071288244573793276051041975005528757"
> + + "0228306442708182141334279133965507583927772"
> + + "9244311696220253059281524393613278272067808"
> + + "7017494446447670799055720358621918361716353"
> + + "5018317015764698318012095108914870478138809"
> + + "8204738169777192718869484177321870413838036"
> + + "8149216482968887382371881239714335470844573"
> + + "1862934371951394070111726593305334971041399"
> + + "5517260339034138718517336990212463882142363"
> + + "9154412320743552301967162100734381046548816"
> + + "3883737645359595416600487444018399886391071"
> + + "3777667222706059170707223589163679915863781"
> + + "4662302526078720977228426750718207481384357"
> + + "7918717041190413457052439016978578217755022"
> + + "7370720979516554707297685239584071755267452"
> + + "6021894842754355160100506065457679069228273"
> + + "95209345267367982516553449135291473361");
> + q = new BigInteger("7902448465953646210110784092684896"
> + + "0265474424590294110174550047938700740921014"
> + + "1981650823416127449143596912363210790070524"
> + + "2903784112701128957948996730263815210531364"
> + + "0489145287401377007608600217628773627723381"
> + + "1194123533939872283952535576847014977682278"
> + + "9332064706645169741712060131540562788886577"
> + + "3762235020990267901959745687867018811088495"
> + + "3716021011509120447248882358515954471433808"
> + + "2782236662758287959413069553620728137831579"
> + + "2321174813204514354999978428741310035945405"
> + + "0226661395731921098764192439072425262100813"
> + + "9732949866553839713092238096261034339815187"
> + + "2832617055364163276140160068136296115910569"
> + + "9466440903693740716929166334256441926903849"
> + + "1082968246155177124035336609654226388424434"
> + + "5775783323612758615407928446164631651292743"
> + + "8428509642959278732826297890909454571009075"
> + + "7836191622138731918099379467912681177757761"
> + + "6141378131042432093843778753846726589215845"
> + + "7402160146427434508515156204064224022904659"
> + + "8645441448874409852211668374267341177082462"
> + + "7341410218867175406105046487057429530801973"
> + + "0931082058719258230993681115780999537424968"
> + + "2385515792331573549935317407789344892257264"
> + + "7464569110078675090194686816764429827739815"
> + + "0566036514181547634372488184242167294602000"
> + + "8232780963578241583529875079397308150506597"
> + + "37190564909892937290776929541076192569");
> + break;
> + default:
> + throw new AssertionError("Unknown keySize " + keySize);
> + }
> +
> n = p.multiply(q);
> - // even with correctly sized p and q, there is a
> chance that
> - // n will be one bit short. re-generate the smaller
> prime if so
> - } while (n.bitLength() < keySize);
>
>
> // phi = (p - 1) * (q - 1) must be relative prime to e
> // otherwise RSA just won't work ;-)
> @@ -158,7 +245,7 @@ public abstract class RSAKeyPairGenerator extends
> KeyPairGeneratorSpi {
> // generate new p and q until they work. typically
> // the first try will succeed when using F4
> if (e.gcd(phi).equals(BigInteger.ONE) == false) {
> - continue;
> + throw new AssertionError("Should not happen");
> }
>
>
> // private exponent d is the inverse of e mod phi
> @@ -184,16 +271,3 @@ public abstract class RSAKeyPairGenerator extends
> KeyPairGeneratorSpi {
> }
> }
> }
> -
> - public static final class Legacy extends RSAKeyPairGenerator {
> - public Legacy() {
> - super(KeyType.RSA, DEF_RSA_KEY_SIZE);
> - }
> - }
> -
> - public static final class PSS extends RSAKeyPairGenerator {
> - public PSS() {
> - super(KeyType.PSS, DEF_RSASSA_PSS_KEY_SIZE);
> - }
> - }
> -}
>
>
>> On Jun 18, 2019, at 12:58 PM, Weijun Wang <weijun.wang at oracle.com
>> <mailto:weijun.wang at oracle.com>> wrote:
>>
>> Please take a review at
>>
>> http://cr.openjdk.java.net/~weijun/8225257/webrev.00/
>>
>> I've patched the internal
>> java.base/sun.security.rsa.RSAKeyPairGenerator class so it returns
>> hardcoded pre-calculated key pairs.
>>
>> Thanks,
>> Max
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190618/fce22606/attachment.htm>
More information about the security-dev
mailing list