1183 lines
54 KiB
Diff
1183 lines
54 KiB
Diff
commit 6e74f283739af0d867df01d20f82865f559a45ea
|
|
Author: Martin Balao <mbalao@redhat.com>
|
|
Date: Mon Feb 28 04:58:05 2022 +0000
|
|
|
|
RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
|
|
|
|
diff --git openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
|
|
index a020e1c15d8..6d459fdec01 100644
|
|
--- openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
|
|
+++ openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
|
|
@@ -31,6 +31,7 @@ import java.security.SecureRandom;
|
|
import java.security.PrivilegedAction;
|
|
import java.util.HashMap;
|
|
import java.util.List;
|
|
+import jdk.internal.access.SharedSecrets;
|
|
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
|
import static sun.security.util.SecurityProviderConstants.*;
|
|
|
|
@@ -78,6 +79,10 @@ import static sun.security.util.SecurityProviderConstants.*;
|
|
|
|
public final class SunJCE extends Provider {
|
|
|
|
+ private static final boolean systemFipsEnabled =
|
|
+ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
|
+ .isSystemFipsEnabled();
|
|
+
|
|
@java.io.Serial
|
|
private static final long serialVersionUID = 6812507587804302833L;
|
|
|
|
@@ -143,285 +148,287 @@ public final class SunJCE extends Provider {
|
|
void putEntries() {
|
|
// reuse attribute map and reset before each reuse
|
|
HashMap<String, String> attrs = new HashMap<>(3);
|
|
- attrs.put("SupportedModes", "ECB");
|
|
- attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
|
|
- + "|OAEPWITHMD5ANDMGF1PADDING"
|
|
- + "|OAEPWITHSHA1ANDMGF1PADDING"
|
|
- + "|OAEPWITHSHA-1ANDMGF1PADDING"
|
|
- + "|OAEPWITHSHA-224ANDMGF1PADDING"
|
|
- + "|OAEPWITHSHA-256ANDMGF1PADDING"
|
|
- + "|OAEPWITHSHA-384ANDMGF1PADDING"
|
|
- + "|OAEPWITHSHA-512ANDMGF1PADDING"
|
|
- + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
|
|
- + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
|
|
- attrs.put("SupportedKeyClasses",
|
|
- "java.security.interfaces.RSAPublicKey" +
|
|
- "|java.security.interfaces.RSAPrivateKey");
|
|
- ps("Cipher", "RSA",
|
|
- "com.sun.crypto.provider.RSACipher", null, attrs);
|
|
-
|
|
- // common block cipher modes, pads
|
|
- final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
|
|
- "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
|
|
- "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
|
|
- final String BLOCK_MODES128 = BLOCK_MODES +
|
|
- "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
|
|
- "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
|
|
- final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
|
|
-
|
|
- attrs.clear();
|
|
- attrs.put("SupportedModes", BLOCK_MODES);
|
|
- attrs.put("SupportedPaddings", BLOCK_PADS);
|
|
- attrs.put("SupportedKeyFormats", "RAW");
|
|
- ps("Cipher", "DES",
|
|
- "com.sun.crypto.provider.DESCipher", null, attrs);
|
|
- psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
|
|
- attrs);
|
|
- ps("Cipher", "Blowfish",
|
|
- "com.sun.crypto.provider.BlowfishCipher", null, attrs);
|
|
-
|
|
- ps("Cipher", "RC2",
|
|
- "com.sun.crypto.provider.RC2Cipher", null, attrs);
|
|
-
|
|
- attrs.clear();
|
|
- attrs.put("SupportedModes", BLOCK_MODES128);
|
|
- attrs.put("SupportedPaddings", BLOCK_PADS);
|
|
- attrs.put("SupportedKeyFormats", "RAW");
|
|
- psA("Cipher", "AES",
|
|
- "com.sun.crypto.provider.AESCipher$General", attrs);
|
|
-
|
|
- attrs.clear();
|
|
- attrs.put("SupportedKeyFormats", "RAW");
|
|
- psA("Cipher", "AES/KW/NoPadding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
|
|
- attrs);
|
|
- ps("Cipher", "AES/KW/PKCS5Padding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
|
|
- null, attrs);
|
|
- psA("Cipher", "AES/KWP/NoPadding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
|
|
- attrs);
|
|
-
|
|
- psA("Cipher", "AES_128/ECB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_128/CBC/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_128/OFB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_128/CFB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_128/KW/NoPadding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
|
|
- attrs);
|
|
- ps("Cipher", "AES_128/KW/PKCS5Padding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
|
|
- null, attrs);
|
|
- psA("Cipher", "AES_128/KWP/NoPadding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
|
|
- attrs);
|
|
-
|
|
- psA("Cipher", "AES_192/ECB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_192/CBC/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_192/OFB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_192/CFB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_192/KW/NoPadding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
|
|
- attrs);
|
|
- ps("Cipher", "AES_192/KW/PKCS5Padding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
|
|
- null, attrs);
|
|
- psA("Cipher", "AES_192/KWP/NoPadding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
|
|
- attrs);
|
|
-
|
|
- psA("Cipher", "AES_256/ECB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_256/CBC/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_256/OFB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_256/CFB/NoPadding",
|
|
- "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
|
|
- attrs);
|
|
- psA("Cipher", "AES_256/KW/NoPadding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
|
|
- attrs);
|
|
- ps("Cipher", "AES_256/KW/PKCS5Padding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
|
|
- null, attrs);
|
|
- psA("Cipher", "AES_256/KWP/NoPadding",
|
|
- "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
|
|
- attrs);
|
|
-
|
|
- attrs.clear();
|
|
- attrs.put("SupportedModes", "GCM");
|
|
- attrs.put("SupportedKeyFormats", "RAW");
|
|
-
|
|
- ps("Cipher", "AES/GCM/NoPadding",
|
|
- "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
|
|
- attrs);
|
|
- psA("Cipher", "AES_128/GCM/NoPadding",
|
|
- "com.sun.crypto.provider.GaloisCounterMode$AES128",
|
|
- attrs);
|
|
- psA("Cipher", "AES_192/GCM/NoPadding",
|
|
- "com.sun.crypto.provider.GaloisCounterMode$AES192",
|
|
- attrs);
|
|
- psA("Cipher", "AES_256/GCM/NoPadding",
|
|
- "com.sun.crypto.provider.GaloisCounterMode$AES256",
|
|
- attrs);
|
|
-
|
|
- attrs.clear();
|
|
- attrs.put("SupportedModes", "CBC");
|
|
- attrs.put("SupportedPaddings", "NOPADDING");
|
|
- attrs.put("SupportedKeyFormats", "RAW");
|
|
- ps("Cipher", "DESedeWrap",
|
|
- "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
|
|
-
|
|
- attrs.clear();
|
|
- attrs.put("SupportedModes", "ECB");
|
|
- attrs.put("SupportedPaddings", "NOPADDING");
|
|
- attrs.put("SupportedKeyFormats", "RAW");
|
|
- psA("Cipher", "ARCFOUR",
|
|
- "com.sun.crypto.provider.ARCFOURCipher", attrs);
|
|
-
|
|
- attrs.clear();
|
|
- attrs.put("SupportedKeyFormats", "RAW");
|
|
- ps("Cipher", "ChaCha20",
|
|
- "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
|
|
- null, attrs);
|
|
- psA("Cipher", "ChaCha20-Poly1305",
|
|
- "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
|
|
- attrs);
|
|
-
|
|
- // PBES1
|
|
- psA("Cipher", "PBEWithMD5AndDES",
|
|
- "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
|
|
- null);
|
|
- ps("Cipher", "PBEWithMD5AndTripleDES",
|
|
- "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
|
|
- psA("Cipher", "PBEWithSHA1AndDESede",
|
|
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
|
|
- null);
|
|
- psA("Cipher", "PBEWithSHA1AndRC2_40",
|
|
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
|
|
- null);
|
|
- psA("Cipher", "PBEWithSHA1AndRC2_128",
|
|
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
|
|
- null);
|
|
- psA("Cipher", "PBEWithSHA1AndRC4_40",
|
|
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
|
|
- null);
|
|
-
|
|
- psA("Cipher", "PBEWithSHA1AndRC4_128",
|
|
- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
|
|
- null);
|
|
-
|
|
- // PBES2
|
|
- ps("Cipher", "PBEWithHmacSHA1AndAES_128",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA224AndAES_128",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA256AndAES_128",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA384AndAES_128",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA512AndAES_128",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA1AndAES_256",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA224AndAES_256",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA256AndAES_256",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA384AndAES_256",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
|
|
-
|
|
- ps("Cipher", "PBEWithHmacSHA512AndAES_256",
|
|
- "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
|
|
-
|
|
- /*
|
|
- * Key(pair) Generator engines
|
|
- */
|
|
- ps("KeyGenerator", "DES",
|
|
- "com.sun.crypto.provider.DESKeyGenerator");
|
|
- psA("KeyGenerator", "DESede",
|
|
- "com.sun.crypto.provider.DESedeKeyGenerator",
|
|
- null);
|
|
- ps("KeyGenerator", "Blowfish",
|
|
- "com.sun.crypto.provider.BlowfishKeyGenerator");
|
|
- psA("KeyGenerator", "AES",
|
|
- "com.sun.crypto.provider.AESKeyGenerator",
|
|
- null);
|
|
- ps("KeyGenerator", "RC2",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
|
|
- psA("KeyGenerator", "ARCFOUR",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
|
|
- null);
|
|
- ps("KeyGenerator", "ChaCha20",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
|
|
- ps("KeyGenerator", "HmacMD5",
|
|
- "com.sun.crypto.provider.HmacMD5KeyGenerator");
|
|
-
|
|
- psA("KeyGenerator", "HmacSHA1",
|
|
- "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
|
|
- psA("KeyGenerator", "HmacSHA224",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
|
|
- null);
|
|
- psA("KeyGenerator", "HmacSHA256",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
|
|
- null);
|
|
- psA("KeyGenerator", "HmacSHA384",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
|
|
- null);
|
|
- psA("KeyGenerator", "HmacSHA512",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
|
|
- null);
|
|
- psA("KeyGenerator", "HmacSHA512/224",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
|
|
- null);
|
|
- psA("KeyGenerator", "HmacSHA512/256",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
|
|
- null);
|
|
-
|
|
- psA("KeyGenerator", "HmacSHA3-224",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
|
|
- null);
|
|
- psA("KeyGenerator", "HmacSHA3-256",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
|
|
- null);
|
|
- psA("KeyGenerator", "HmacSHA3-384",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
|
|
- null);
|
|
- psA("KeyGenerator", "HmacSHA3-512",
|
|
- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
|
|
- null);
|
|
-
|
|
- psA("KeyPairGenerator", "DiffieHellman",
|
|
- "com.sun.crypto.provider.DHKeyPairGenerator",
|
|
- null);
|
|
+ if (!systemFipsEnabled) {
|
|
+ attrs.put("SupportedModes", "ECB");
|
|
+ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
|
|
+ + "|OAEPWITHMD5ANDMGF1PADDING"
|
|
+ + "|OAEPWITHSHA1ANDMGF1PADDING"
|
|
+ + "|OAEPWITHSHA-1ANDMGF1PADDING"
|
|
+ + "|OAEPWITHSHA-224ANDMGF1PADDING"
|
|
+ + "|OAEPWITHSHA-256ANDMGF1PADDING"
|
|
+ + "|OAEPWITHSHA-384ANDMGF1PADDING"
|
|
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
|
|
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
|
|
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
|
|
+ attrs.put("SupportedKeyClasses",
|
|
+ "java.security.interfaces.RSAPublicKey" +
|
|
+ "|java.security.interfaces.RSAPrivateKey");
|
|
+ ps("Cipher", "RSA",
|
|
+ "com.sun.crypto.provider.RSACipher", null, attrs);
|
|
+
|
|
+ // common block cipher modes, pads
|
|
+ final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
|
|
+ "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
|
|
+ "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
|
|
+ final String BLOCK_MODES128 = BLOCK_MODES +
|
|
+ "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
|
|
+ "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
|
|
+ final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
|
|
+
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedModes", BLOCK_MODES);
|
|
+ attrs.put("SupportedPaddings", BLOCK_PADS);
|
|
+ attrs.put("SupportedKeyFormats", "RAW");
|
|
+ ps("Cipher", "DES",
|
|
+ "com.sun.crypto.provider.DESCipher", null, attrs);
|
|
+ psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
|
|
+ attrs);
|
|
+ ps("Cipher", "Blowfish",
|
|
+ "com.sun.crypto.provider.BlowfishCipher", null, attrs);
|
|
+
|
|
+ ps("Cipher", "RC2",
|
|
+ "com.sun.crypto.provider.RC2Cipher", null, attrs);
|
|
+
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedModes", BLOCK_MODES128);
|
|
+ attrs.put("SupportedPaddings", BLOCK_PADS);
|
|
+ attrs.put("SupportedKeyFormats", "RAW");
|
|
+ psA("Cipher", "AES",
|
|
+ "com.sun.crypto.provider.AESCipher$General", attrs);
|
|
+
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedKeyFormats", "RAW");
|
|
+ psA("Cipher", "AES/KW/NoPadding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
|
|
+ attrs);
|
|
+ ps("Cipher", "AES/KW/PKCS5Padding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
|
|
+ null, attrs);
|
|
+ psA("Cipher", "AES/KWP/NoPadding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
|
|
+ attrs);
|
|
+
|
|
+ psA("Cipher", "AES_128/ECB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_128/CBC/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_128/OFB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_128/CFB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_128/KW/NoPadding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
|
|
+ attrs);
|
|
+ ps("Cipher", "AES_128/KW/PKCS5Padding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
|
|
+ null, attrs);
|
|
+ psA("Cipher", "AES_128/KWP/NoPadding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
|
|
+ attrs);
|
|
+
|
|
+ psA("Cipher", "AES_192/ECB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_192/CBC/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_192/OFB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_192/CFB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_192/KW/NoPadding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
|
|
+ attrs);
|
|
+ ps("Cipher", "AES_192/KW/PKCS5Padding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
|
|
+ null, attrs);
|
|
+ psA("Cipher", "AES_192/KWP/NoPadding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
|
|
+ attrs);
|
|
+
|
|
+ psA("Cipher", "AES_256/ECB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_256/CBC/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_256/OFB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_256/CFB/NoPadding",
|
|
+ "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_256/KW/NoPadding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
|
|
+ attrs);
|
|
+ ps("Cipher", "AES_256/KW/PKCS5Padding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
|
|
+ null, attrs);
|
|
+ psA("Cipher", "AES_256/KWP/NoPadding",
|
|
+ "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
|
|
+ attrs);
|
|
+
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedModes", "GCM");
|
|
+ attrs.put("SupportedKeyFormats", "RAW");
|
|
+
|
|
+ ps("Cipher", "AES/GCM/NoPadding",
|
|
+ "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_128/GCM/NoPadding",
|
|
+ "com.sun.crypto.provider.GaloisCounterMode$AES128",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_192/GCM/NoPadding",
|
|
+ "com.sun.crypto.provider.GaloisCounterMode$AES192",
|
|
+ attrs);
|
|
+ psA("Cipher", "AES_256/GCM/NoPadding",
|
|
+ "com.sun.crypto.provider.GaloisCounterMode$AES256",
|
|
+ attrs);
|
|
+
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedModes", "CBC");
|
|
+ attrs.put("SupportedPaddings", "NOPADDING");
|
|
+ attrs.put("SupportedKeyFormats", "RAW");
|
|
+ ps("Cipher", "DESedeWrap",
|
|
+ "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
|
|
+
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedModes", "ECB");
|
|
+ attrs.put("SupportedPaddings", "NOPADDING");
|
|
+ attrs.put("SupportedKeyFormats", "RAW");
|
|
+ psA("Cipher", "ARCFOUR",
|
|
+ "com.sun.crypto.provider.ARCFOURCipher", attrs);
|
|
+
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedKeyFormats", "RAW");
|
|
+ ps("Cipher", "ChaCha20",
|
|
+ "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
|
|
+ null, attrs);
|
|
+ psA("Cipher", "ChaCha20-Poly1305",
|
|
+ "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
|
|
+ attrs);
|
|
+
|
|
+ // PBES1
|
|
+ psA("Cipher", "PBEWithMD5AndDES",
|
|
+ "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
|
|
+ null);
|
|
+ ps("Cipher", "PBEWithMD5AndTripleDES",
|
|
+ "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
|
|
+ psA("Cipher", "PBEWithSHA1AndDESede",
|
|
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
|
|
+ null);
|
|
+ psA("Cipher", "PBEWithSHA1AndRC2_40",
|
|
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
|
|
+ null);
|
|
+ psA("Cipher", "PBEWithSHA1AndRC2_128",
|
|
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
|
|
+ null);
|
|
+ psA("Cipher", "PBEWithSHA1AndRC4_40",
|
|
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
|
|
+ null);
|
|
+
|
|
+ psA("Cipher", "PBEWithSHA1AndRC4_128",
|
|
+ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
|
|
+ null);
|
|
+
|
|
+ // PBES2
|
|
+ ps("Cipher", "PBEWithHmacSHA1AndAES_128",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA224AndAES_128",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA256AndAES_128",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA384AndAES_128",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA512AndAES_128",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA1AndAES_256",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA224AndAES_256",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA256AndAES_256",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA384AndAES_256",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
|
|
+
|
|
+ ps("Cipher", "PBEWithHmacSHA512AndAES_256",
|
|
+ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
|
|
+
|
|
+ /*
|
|
+ * Key(pair) Generator engines
|
|
+ */
|
|
+ ps("KeyGenerator", "DES",
|
|
+ "com.sun.crypto.provider.DESKeyGenerator");
|
|
+ psA("KeyGenerator", "DESede",
|
|
+ "com.sun.crypto.provider.DESedeKeyGenerator",
|
|
+ null);
|
|
+ ps("KeyGenerator", "Blowfish",
|
|
+ "com.sun.crypto.provider.BlowfishKeyGenerator");
|
|
+ psA("KeyGenerator", "AES",
|
|
+ "com.sun.crypto.provider.AESKeyGenerator",
|
|
+ null);
|
|
+ ps("KeyGenerator", "RC2",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
|
|
+ psA("KeyGenerator", "ARCFOUR",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
|
|
+ null);
|
|
+ ps("KeyGenerator", "ChaCha20",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
|
|
+ ps("KeyGenerator", "HmacMD5",
|
|
+ "com.sun.crypto.provider.HmacMD5KeyGenerator");
|
|
+
|
|
+ psA("KeyGenerator", "HmacSHA1",
|
|
+ "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
|
|
+ psA("KeyGenerator", "HmacSHA224",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
|
|
+ null);
|
|
+ psA("KeyGenerator", "HmacSHA256",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
|
|
+ null);
|
|
+ psA("KeyGenerator", "HmacSHA384",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
|
|
+ null);
|
|
+ psA("KeyGenerator", "HmacSHA512",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
|
|
+ null);
|
|
+ psA("KeyGenerator", "HmacSHA512/224",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
|
|
+ null);
|
|
+ psA("KeyGenerator", "HmacSHA512/256",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
|
|
+ null);
|
|
+
|
|
+ psA("KeyGenerator", "HmacSHA3-224",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
|
|
+ null);
|
|
+ psA("KeyGenerator", "HmacSHA3-256",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
|
|
+ null);
|
|
+ psA("KeyGenerator", "HmacSHA3-384",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
|
|
+ null);
|
|
+ psA("KeyGenerator", "HmacSHA3-512",
|
|
+ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
|
|
+ null);
|
|
+
|
|
+ psA("KeyPairGenerator", "DiffieHellman",
|
|
+ "com.sun.crypto.provider.DHKeyPairGenerator",
|
|
+ null);
|
|
+ }
|
|
|
|
/*
|
|
* Algorithm parameter generation engines
|
|
@@ -430,15 +437,17 @@ public final class SunJCE extends Provider {
|
|
"DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
|
|
null);
|
|
|
|
- /*
|
|
- * Key Agreement engines
|
|
- */
|
|
- attrs.clear();
|
|
- attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
|
|
- "|javax.crypto.interfaces.DHPrivateKey");
|
|
- psA("KeyAgreement", "DiffieHellman",
|
|
- "com.sun.crypto.provider.DHKeyAgreement",
|
|
- attrs);
|
|
+ if (!systemFipsEnabled) {
|
|
+ /*
|
|
+ * Key Agreement engines
|
|
+ */
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
|
|
+ "|javax.crypto.interfaces.DHPrivateKey");
|
|
+ psA("KeyAgreement", "DiffieHellman",
|
|
+ "com.sun.crypto.provider.DHKeyAgreement",
|
|
+ attrs);
|
|
+ }
|
|
|
|
/*
|
|
* Algorithm Parameter engines
|
|
@@ -531,197 +540,199 @@ public final class SunJCE extends Provider {
|
|
psA("AlgorithmParameters", "ChaCha20-Poly1305",
|
|
"com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
|
|
|
|
- /*
|
|
- * Key factories
|
|
- */
|
|
- psA("KeyFactory", "DiffieHellman",
|
|
- "com.sun.crypto.provider.DHKeyFactory",
|
|
- null);
|
|
-
|
|
- /*
|
|
- * Secret-key factories
|
|
- */
|
|
- ps("SecretKeyFactory", "DES",
|
|
- "com.sun.crypto.provider.DESKeyFactory");
|
|
-
|
|
- psA("SecretKeyFactory", "DESede",
|
|
- "com.sun.crypto.provider.DESedeKeyFactory", null);
|
|
-
|
|
- psA("SecretKeyFactory", "PBEWithMD5AndDES",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
|
|
- null);
|
|
-
|
|
- /*
|
|
- * Internal in-house crypto algorithm used for
|
|
- * the JCEKS keystore type. Since this was developed
|
|
- * internally, there isn't an OID corresponding to this
|
|
- * algorithm.
|
|
- */
|
|
- ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
|
|
-
|
|
- psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
|
|
- null);
|
|
-
|
|
- psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
|
|
- null);
|
|
-
|
|
- psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
|
|
- null);
|
|
-
|
|
- psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
|
|
- null);
|
|
-
|
|
- psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
|
|
- null);
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
|
|
-
|
|
- ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
|
|
- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
|
|
-
|
|
- // PBKDF2
|
|
- psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
|
|
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
|
|
- null);
|
|
- ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
|
|
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
|
|
- ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
|
|
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
|
|
- ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
|
|
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
|
|
- ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
|
|
- "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
|
|
-
|
|
- /*
|
|
- * MAC
|
|
- */
|
|
- attrs.clear();
|
|
- attrs.put("SupportedKeyFormats", "RAW");
|
|
- ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
|
|
- psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
|
|
- attrs);
|
|
- psA("Mac", "HmacSHA224",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
|
|
- psA("Mac", "HmacSHA256",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
|
|
- psA("Mac", "HmacSHA384",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
|
|
- psA("Mac", "HmacSHA512",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
|
|
- psA("Mac", "HmacSHA512/224",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
|
|
- psA("Mac", "HmacSHA512/256",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
|
|
- psA("Mac", "HmacSHA3-224",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
|
|
- psA("Mac", "HmacSHA3-256",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
|
|
- psA("Mac", "HmacSHA3-384",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
|
|
- psA("Mac", "HmacSHA3-512",
|
|
- "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
|
|
-
|
|
- ps("Mac", "HmacPBESHA1",
|
|
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
|
|
- null, attrs);
|
|
- ps("Mac", "HmacPBESHA224",
|
|
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
|
|
- null, attrs);
|
|
- ps("Mac", "HmacPBESHA256",
|
|
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
|
|
- null, attrs);
|
|
- ps("Mac", "HmacPBESHA384",
|
|
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
|
|
- null, attrs);
|
|
- ps("Mac", "HmacPBESHA512",
|
|
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
|
|
- null, attrs);
|
|
- ps("Mac", "HmacPBESHA512/224",
|
|
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
|
|
- null, attrs);
|
|
- ps("Mac", "HmacPBESHA512/256",
|
|
- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
|
|
- null, attrs);
|
|
-
|
|
-
|
|
- // PBMAC1
|
|
- ps("Mac", "PBEWithHmacSHA1",
|
|
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
|
|
- ps("Mac", "PBEWithHmacSHA224",
|
|
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
|
|
- ps("Mac", "PBEWithHmacSHA256",
|
|
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
|
|
- ps("Mac", "PBEWithHmacSHA384",
|
|
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
|
|
- ps("Mac", "PBEWithHmacSHA512",
|
|
- "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
|
|
- ps("Mac", "SslMacMD5",
|
|
- "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
|
|
- ps("Mac", "SslMacSHA1",
|
|
- "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
|
|
-
|
|
- /*
|
|
- * KeyStore
|
|
- */
|
|
- ps("KeyStore", "JCEKS",
|
|
- "com.sun.crypto.provider.JceKeyStore");
|
|
-
|
|
- /*
|
|
- * SSL/TLS mechanisms
|
|
- *
|
|
- * These are strictly internal implementations and may
|
|
- * be changed at any time. These names were chosen
|
|
- * because PKCS11/SunPKCS11 does not yet have TLS1.2
|
|
- * mechanisms, and it will cause calls to come here.
|
|
- */
|
|
- ps("KeyGenerator", "SunTlsPrf",
|
|
- "com.sun.crypto.provider.TlsPrfGenerator$V10");
|
|
- ps("KeyGenerator", "SunTls12Prf",
|
|
- "com.sun.crypto.provider.TlsPrfGenerator$V12");
|
|
-
|
|
- ps("KeyGenerator", "SunTlsMasterSecret",
|
|
- "com.sun.crypto.provider.TlsMasterSecretGenerator",
|
|
- List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
|
|
- null);
|
|
-
|
|
- ps("KeyGenerator", "SunTlsKeyMaterial",
|
|
- "com.sun.crypto.provider.TlsKeyMaterialGenerator",
|
|
- List.of("SunTls12KeyMaterial"), null);
|
|
-
|
|
- ps("KeyGenerator", "SunTlsRsaPremasterSecret",
|
|
- "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
|
|
- List.of("SunTls12RsaPremasterSecret"), null);
|
|
+ if (!systemFipsEnabled) {
|
|
+ /*
|
|
+ * Key factories
|
|
+ */
|
|
+ psA("KeyFactory", "DiffieHellman",
|
|
+ "com.sun.crypto.provider.DHKeyFactory",
|
|
+ null);
|
|
+
|
|
+ /*
|
|
+ * Secret-key factories
|
|
+ */
|
|
+ ps("SecretKeyFactory", "DES",
|
|
+ "com.sun.crypto.provider.DESKeyFactory");
|
|
+
|
|
+ psA("SecretKeyFactory", "DESede",
|
|
+ "com.sun.crypto.provider.DESedeKeyFactory", null);
|
|
+
|
|
+ psA("SecretKeyFactory", "PBEWithMD5AndDES",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
|
|
+ null);
|
|
+
|
|
+ /*
|
|
+ * Internal in-house crypto algorithm used for
|
|
+ * the JCEKS keystore type. Since this was developed
|
|
+ * internally, there isn't an OID corresponding to this
|
|
+ * algorithm.
|
|
+ */
|
|
+ ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
|
|
+
|
|
+ psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
|
|
+ null);
|
|
+
|
|
+ psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
|
|
+ null);
|
|
+
|
|
+ psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
|
|
+ null);
|
|
+
|
|
+ psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
|
|
+ null);
|
|
+
|
|
+ psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
|
|
+ null);
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
|
|
+
|
|
+ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
|
|
+ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
|
|
+
|
|
+ // PBKDF2
|
|
+ psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
|
|
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
|
|
+ null);
|
|
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
|
|
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
|
|
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
|
|
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
|
|
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
|
|
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
|
|
+ ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
|
|
+ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
|
|
+
|
|
+ /*
|
|
+ * MAC
|
|
+ */
|
|
+ attrs.clear();
|
|
+ attrs.put("SupportedKeyFormats", "RAW");
|
|
+ ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
|
|
+ psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
|
|
+ attrs);
|
|
+ psA("Mac", "HmacSHA224",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
|
|
+ psA("Mac", "HmacSHA256",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
|
|
+ psA("Mac", "HmacSHA384",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
|
|
+ psA("Mac", "HmacSHA512",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
|
|
+ psA("Mac", "HmacSHA512/224",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
|
|
+ psA("Mac", "HmacSHA512/256",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
|
|
+ psA("Mac", "HmacSHA3-224",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
|
|
+ psA("Mac", "HmacSHA3-256",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
|
|
+ psA("Mac", "HmacSHA3-384",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
|
|
+ psA("Mac", "HmacSHA3-512",
|
|
+ "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
|
|
+
|
|
+ ps("Mac", "HmacPBESHA1",
|
|
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
|
|
+ null, attrs);
|
|
+ ps("Mac", "HmacPBESHA224",
|
|
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
|
|
+ null, attrs);
|
|
+ ps("Mac", "HmacPBESHA256",
|
|
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
|
|
+ null, attrs);
|
|
+ ps("Mac", "HmacPBESHA384",
|
|
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
|
|
+ null, attrs);
|
|
+ ps("Mac", "HmacPBESHA512",
|
|
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
|
|
+ null, attrs);
|
|
+ ps("Mac", "HmacPBESHA512/224",
|
|
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
|
|
+ null, attrs);
|
|
+ ps("Mac", "HmacPBESHA512/256",
|
|
+ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
|
|
+ null, attrs);
|
|
+
|
|
+
|
|
+ // PBMAC1
|
|
+ ps("Mac", "PBEWithHmacSHA1",
|
|
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
|
|
+ ps("Mac", "PBEWithHmacSHA224",
|
|
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
|
|
+ ps("Mac", "PBEWithHmacSHA256",
|
|
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
|
|
+ ps("Mac", "PBEWithHmacSHA384",
|
|
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
|
|
+ ps("Mac", "PBEWithHmacSHA512",
|
|
+ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
|
|
+ ps("Mac", "SslMacMD5",
|
|
+ "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
|
|
+ ps("Mac", "SslMacSHA1",
|
|
+ "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
|
|
+
|
|
+ /*
|
|
+ * KeyStore
|
|
+ */
|
|
+ ps("KeyStore", "JCEKS",
|
|
+ "com.sun.crypto.provider.JceKeyStore");
|
|
+
|
|
+ /*
|
|
+ * SSL/TLS mechanisms
|
|
+ *
|
|
+ * These are strictly internal implementations and may
|
|
+ * be changed at any time. These names were chosen
|
|
+ * because PKCS11/SunPKCS11 does not yet have TLS1.2
|
|
+ * mechanisms, and it will cause calls to come here.
|
|
+ */
|
|
+ ps("KeyGenerator", "SunTlsPrf",
|
|
+ "com.sun.crypto.provider.TlsPrfGenerator$V10");
|
|
+ ps("KeyGenerator", "SunTls12Prf",
|
|
+ "com.sun.crypto.provider.TlsPrfGenerator$V12");
|
|
+
|
|
+ ps("KeyGenerator", "SunTlsMasterSecret",
|
|
+ "com.sun.crypto.provider.TlsMasterSecretGenerator",
|
|
+ List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
|
|
+ null);
|
|
+
|
|
+ ps("KeyGenerator", "SunTlsKeyMaterial",
|
|
+ "com.sun.crypto.provider.TlsKeyMaterialGenerator",
|
|
+ List.of("SunTls12KeyMaterial"), null);
|
|
+
|
|
+ ps("KeyGenerator", "SunTlsRsaPremasterSecret",
|
|
+ "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
|
|
+ List.of("SunTls12RsaPremasterSecret"), null);
|
|
+ }
|
|
}
|
|
|
|
// Return the instance of this class or create one if needed.
|
|
diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
|
|
index 7cb5ebcde51..709d32912ca 100644
|
|
--- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java
|
|
+++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
|
|
@@ -193,20 +193,22 @@ public final class SunEntries {
|
|
String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
|
|
dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
|
|
addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
|
|
+ }
|
|
|
|
- /*
|
|
- * Algorithm Parameter Generator engines
|
|
- */
|
|
- addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
|
|
- "sun.security.provider.DSAParameterGenerator", attrs);
|
|
- attrs.remove("KeySize");
|
|
+ /*
|
|
+ * Algorithm Parameter Generator engines
|
|
+ */
|
|
+ addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
|
|
+ "sun.security.provider.DSAParameterGenerator", attrs);
|
|
+ attrs.remove("KeySize");
|
|
|
|
- /*
|
|
- * Algorithm Parameter engines
|
|
- */
|
|
- addWithAlias(p, "AlgorithmParameters", "DSA",
|
|
- "sun.security.provider.DSAParameters", attrs);
|
|
+ /*
|
|
+ * Algorithm Parameter engines
|
|
+ */
|
|
+ addWithAlias(p, "AlgorithmParameters", "DSA",
|
|
+ "sun.security.provider.DSAParameters", attrs);
|
|
|
|
+ if (!systemFipsEnabled) {
|
|
/*
|
|
* Key factories
|
|
*/
|
|
diff --git openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
|
|
index ca79f25cc44..16c5ad2e227 100644
|
|
--- openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
|
|
+++ openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
|
|
@@ -27,6 +27,7 @@ package sun.security.rsa;
|
|
|
|
import java.util.*;
|
|
import java.security.Provider;
|
|
+import jdk.internal.access.SharedSecrets;
|
|
import static sun.security.util.SecurityProviderConstants.getAliases;
|
|
|
|
/**
|
|
@@ -36,6 +37,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
|
|
*/
|
|
public final class SunRsaSignEntries {
|
|
|
|
+ private static final boolean systemFipsEnabled =
|
|
+ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
|
+ .isSystemFipsEnabled();
|
|
+
|
|
private void add(Provider p, String type, String algo, String cn,
|
|
List<String> aliases, HashMap<String, String> attrs) {
|
|
services.add(new Provider.Service(p, type, algo, cn,
|
|
@@ -56,49 +61,52 @@ public final class SunRsaSignEntries {
|
|
// start populating content using the specified provider
|
|
// common attribute map
|
|
HashMap<String, String> attrs = new HashMap<>(3);
|
|
- attrs.put("SupportedKeyClasses",
|
|
- "java.security.interfaces.RSAPublicKey" +
|
|
- "|java.security.interfaces.RSAPrivateKey");
|
|
+ if (!systemFipsEnabled) {
|
|
+ attrs.put("SupportedKeyClasses",
|
|
+ "java.security.interfaces.RSAPublicKey" +
|
|
+ "|java.security.interfaces.RSAPrivateKey");
|
|
+
|
|
+ add(p, "KeyFactory", "RSA",
|
|
+ "sun.security.rsa.RSAKeyFactory$Legacy",
|
|
+ getAliases("PKCS1"), null);
|
|
+ add(p, "KeyPairGenerator", "RSA",
|
|
+ "sun.security.rsa.RSAKeyPairGenerator$Legacy",
|
|
+ getAliases("PKCS1"), null);
|
|
+ addA(p, "Signature", "MD2withRSA",
|
|
+ "sun.security.rsa.RSASignature$MD2withRSA", attrs);
|
|
+ addA(p, "Signature", "MD5withRSA",
|
|
+ "sun.security.rsa.RSASignature$MD5withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA1withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA224withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA256withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA384withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA512withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA512/224withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA512/256withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA3-224withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA3-256withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA3-384withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
|
|
+ addA(p, "Signature", "SHA3-512withRSA",
|
|
+ "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
|
|
|
|
- add(p, "KeyFactory", "RSA",
|
|
- "sun.security.rsa.RSAKeyFactory$Legacy",
|
|
- getAliases("PKCS1"), null);
|
|
- add(p, "KeyPairGenerator", "RSA",
|
|
- "sun.security.rsa.RSAKeyPairGenerator$Legacy",
|
|
- getAliases("PKCS1"), null);
|
|
- addA(p, "Signature", "MD2withRSA",
|
|
- "sun.security.rsa.RSASignature$MD2withRSA", attrs);
|
|
- addA(p, "Signature", "MD5withRSA",
|
|
- "sun.security.rsa.RSASignature$MD5withRSA", attrs);
|
|
- addA(p, "Signature", "SHA1withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
|
|
- addA(p, "Signature", "SHA224withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
|
|
- addA(p, "Signature", "SHA256withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
|
|
- addA(p, "Signature", "SHA384withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
|
|
- addA(p, "Signature", "SHA512withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
|
|
- addA(p, "Signature", "SHA512/224withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
|
|
- addA(p, "Signature", "SHA512/256withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
|
|
- addA(p, "Signature", "SHA3-224withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
|
|
- addA(p, "Signature", "SHA3-256withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
|
|
- addA(p, "Signature", "SHA3-384withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
|
|
- addA(p, "Signature", "SHA3-512withRSA",
|
|
- "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
|
|
+ addA(p, "KeyFactory", "RSASSA-PSS",
|
|
+ "sun.security.rsa.RSAKeyFactory$PSS", attrs);
|
|
+ addA(p, "KeyPairGenerator", "RSASSA-PSS",
|
|
+ "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
|
|
+ addA(p, "Signature", "RSASSA-PSS",
|
|
+ "sun.security.rsa.RSAPSSSignature", attrs);
|
|
+ }
|
|
|
|
- addA(p, "KeyFactory", "RSASSA-PSS",
|
|
- "sun.security.rsa.RSAKeyFactory$PSS", attrs);
|
|
- addA(p, "KeyPairGenerator", "RSASSA-PSS",
|
|
- "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
|
|
- addA(p, "Signature", "RSASSA-PSS",
|
|
- "sun.security.rsa.RSAPSSSignature", attrs);
|
|
addA(p, "AlgorithmParameters", "RSASSA-PSS",
|
|
"sun.security.rsa.PSSParameters", null);
|
|
}
|
|
diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
|
|
index 3a322854204..5a355e70cae 100644
|
|
--- openjdk.orig/src/java.base/share/conf/security/java.security
|
|
+++ openjdk/src/java.base/share/conf/security/java.security
|
|
@@ -86,6 +86,8 @@ fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
|
|
fips.provider.2=SUN
|
|
fips.provider.3=SunEC
|
|
fips.provider.4=SunJSSE
|
|
+fips.provider.5=SunJCE
|
|
+fips.provider.6=SunRsaSign
|
|
|
|
#
|
|
# A list of preferred providers for specific algorithms. These providers will
|