infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-03-15 10:23:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

8184744: Replace finalizer in crypto classes with Cleaner

Browse Source 
Reviewed-by: mchung
This commit is contained in:
Roger Riggs 2017-08-07 14:14:03 -04:00
parent df5b632f58
commit 15ebee5d38
7 changed files with 221 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
jdk/src/java.base/share/classes/com/sun/crypto/provider/DESKey.java
View File

@ -31,6 +31,8 @@ import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
import javax.crypto.spec.DESKeySpec;
import jdk.internal.ref.CleanerFactory;
/**
* This class represents a DES key.
*
@ -74,6 +76,11 @@ final class DESKey implements SecretKey {
this.key = new byte[DESKeySpec.DES_KEY_LEN];
System.arraycopy(key, offset, this.key, 0, DESKeySpec.DES_KEY_LEN);
DESKeyGenerator.setParityBit(this.key, 0);
// Use the cleaner to zero the key when no longer referenced
final byte[] k = this.key;
CleanerFactory.cleaner().register(this,
() -> java.util.Arrays.fill(k, (byte)0x00));
}
public byte[] getEncoded() {
@ -144,20 +151,4 @@ final class DESKey implements SecretKey {
getFormat(),
getEncoded());
}
/**
* Ensures that the bytes of this key are
* set to zero when there are no more references to it.
*/
@SuppressWarnings("deprecation")
protected void finalize() throws Throwable {
try {
if (this.key != null) {
java.util.Arrays.fill(this.key, (byte)0x00);
this.key = null;
}
} finally {
super.finalize();
}
}
}

23
jdk/src/java.base/share/classes/com/sun/crypto/provider/DESedeKey.java
View File

@ -31,6 +31,8 @@ import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
import javax.crypto.spec.DESedeKeySpec;
import jdk.internal.ref.CleanerFactory;
/**
* This class represents a DES-EDE key.
*
@ -76,6 +78,11 @@ final class DESedeKey implements SecretKey {
DESKeyGenerator.setParityBit(this.key, 0);
DESKeyGenerator.setParityBit(this.key, 8);
DESKeyGenerator.setParityBit(this.key, 16);
// Use the cleaner to zero the key when no longer referenced
final byte[] k = this.key;
CleanerFactory.cleaner().register(this,
() -> java.util.Arrays.fill(k, (byte)0x00));
}
public byte[] getEncoded() {
@ -145,20 +152,4 @@ final class DESedeKey implements SecretKey {
getFormat(),
getEncoded());
}
/**
* Ensures that the bytes of this key are
* set to zero when there are no more references to it.
*/
@SuppressWarnings("deprecation")
protected void finalize() throws Throwable {
try {
if (this.key != null) {
java.util.Arrays.fill(this.key, (byte)0x00);
this.key = null;
}
} finally {
super.finalize();
}
}
}

25
jdk/src/java.base/share/classes/com/sun/crypto/provider/PBEKey.java
View File

@ -32,6 +32,8 @@ import java.util.Locale;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import jdk.internal.ref.CleanerFactory;
/**
* This class represents a PBE key.
*
@ -49,7 +51,7 @@ final class PBEKey implements SecretKey {
/**
* Creates a PBE key from a given PBE key specification.
*
* @param key the given PBE key specification
* @param keytype the given PBE key specification
*/
PBEKey(PBEKeySpec keySpec, String keytype) throws InvalidKeySpecException {
char[] passwd = keySpec.getPassword();
@ -70,6 +72,11 @@ final class PBEKey implements SecretKey {
this.key[i] = (byte) (passwd[i] & 0x7f);
java.util.Arrays.fill(passwd, ' ');
type = keytype;
// Use the cleaner to zero the key when no longer referenced
final byte[] k = this.key;
CleanerFactory.cleaner().register(this,
() -> java.util.Arrays.fill(k, (byte)0x00));
}
public byte[] getEncoded() {
@ -140,20 +147,4 @@ final class PBEKey implements SecretKey {
getFormat(),
getEncoded());
}
/**
* Ensures that the password bytes of this key are
* set to zero when there are no more references to it.
*/
@SuppressWarnings("deprecation")
protected void finalize() throws Throwable {
try {
if (this.key != null) {
java.util.Arrays.fill(this.key, (byte)0x00);
this.key = null;
}
} finally {
super.finalize();
}
}
}

34
jdk/src/java.base/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
View File

@ -40,6 +40,8 @@ import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.PBEKeySpec;
import jdk.internal.ref.CleanerFactory;
/**
* This class represents a PBE key derived using PBKDF2 defined
* in PKCS#5 v2.0. meaning that
@ -76,7 +78,8 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
/**
* Creates a PBE key from a given PBE key specification.
*
* @param key the given PBE key specification
* @param keySpec the given PBE key specification
* @param prfAlgo the given PBE key algorithm
*/
PBKDF2KeyImpl(PBEKeySpec keySpec, String prfAlgo)
throws InvalidKeySpecException {
@ -120,6 +123,15 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
throw ike;
}
this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
// Use the cleaner to zero the key when no longer referenced
final byte[] k = this.key;
final char[] p = this.passwd;
CleanerFactory.cleaner().register(this,
() -> {
java.util.Arrays.fill(k, (byte)0x00);
java.util.Arrays.fill(p, '0');
});
}
private static byte[] deriveKey(final Mac prf, final byte[] password,
@ -262,24 +274,4 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(),
getFormat(), getEncoded());
}
/**
* Ensures that the password bytes of this key are
* erased when there are no more references to it.
*/
@SuppressWarnings("deprecation")
protected void finalize() throws Throwable {
try {
if (this.passwd != null) {
java.util.Arrays.fill(this.passwd, '0');
this.passwd = null;
}
if (this.key != null) {
java.util.Arrays.fill(this.key, (byte)0x00);
this.key = null;
}
} finally {
super.finalize();
}
}
}

17
jdk/src/java.base/share/classes/sun/security/provider/KeyProtector.java
View File

@ -35,6 +35,7 @@ import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.util.*;
import jdk.internal.ref.CleanerFactory;
import sun.security.pkcs.PKCS8Key;
import sun.security.pkcs.EncryptedPrivateKeyInfo;
import sun.security.x509.AlgorithmId;
@ -141,18 +142,10 @@ final class KeyProtector {
passwdBytes[j++] = (byte)(password[i] >> 8);
passwdBytes[j++] = (byte)password[i];
}
}
/**
* Ensures that the password bytes of this key protector are
* set to zero when there are no more references to it.
*/
@SuppressWarnings("deprecation")
protected void finalize() {
if (passwdBytes != null) {
Arrays.fill(passwdBytes, (byte)0x00);
passwdBytes = null;
}
// Use the cleaner to zero the password when no longer referenced
final byte[] k = this.passwdBytes;
CleanerFactory.cleaner().register(this,
() -> java.util.Arrays.fill(k, (byte)0x00));
}
/*

78
jdk/test/com/sun/crypto/provider/Cipher/DES/DESKeyCleanupTest.java Normal file
View File

@ -0,0 +1,78 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @modules java.base/com.sun.crypto.provider:+open
* @run main/othervm DESKeyCleanupTest
* @summary Verify that key storage is cleared
*/
import java.lang.ref.PhantomReference;
import java.lang.ref.Reference;
import java.lang.ref.ReferenceQueue;
import java.lang.reflect.Field;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
/**
* Test that the array holding the key bytes is cleared when it is
* no longer referenced by the key.
*/
public class DESKeyCleanupTest {
private final static String SunJCEProvider = "SunJCE";
public static void main(String[] args) throws Exception {
testCleanupSecret("DES");
testCleanupSecret("DESede");
}
static void testCleanupSecret(String algorithm) throws Exception {
KeyGenerator desGen = KeyGenerator.getInstance(algorithm, SunJCEProvider);
SecretKey key = desGen.generateKey();
// Break into the implementation to observe the key byte array.
Class<?> keyClass = key.getClass();
Field keyField = keyClass.getDeclaredField("key");
keyField.setAccessible(true);
byte[] array = (byte[])keyField.get(key);
byte[] zeros = new byte[array.length];
do {
// Wait for array to be cleared; if not cleared test will timeout
System.out.printf("%s array: %s%n", algorithm, Arrays.toString(array));
key = null;
System.gc(); // attempt to reclaim the key
} while (Arrays.compare(zeros, array) != 0);
System.out.printf("%s array: %s%n", algorithm, Arrays.toString(array));
Reference.reachabilityFence(key); // Keep key alive
Reference.reachabilityFence(array); // Keep array alive
}
}

103
jdk/test/com/sun/crypto/provider/Cipher/PBE/PBEKeyCleanupTest.java Normal file
View File

@ -0,0 +1,103 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @modules java.base/com.sun.crypto.provider:+open
* @run main/othervm PBEKeyCleanupTest
* @summary Verify that key storage is cleared
*/
import java.lang.ref.PhantomReference;
import java.lang.ref.Reference;
import java.lang.ref.ReferenceQueue;
import java.lang.reflect.Field;
import java.util.Arrays;
import java.util.Random;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
/**
* Test that the array holding the key bytes is cleared when it is
* no longer referenced by the key.
*/
public class PBEKeyCleanupTest {
private final static String SunJCEProvider = "SunJCE";
private static final String PASS_PHRASE = "some hidden string";
private static final int ITERATION_COUNT = 1000;
private static final int KEY_SIZE = 128;
public static void main(String[] args) throws Exception {
testPBESecret("PBEWithMD5AndDES");
testPBKSecret("PBKDF2WithHmacSHA1");
}
private static void testPBESecret(String algorithm) throws Exception {
char[] password = new char[] {'f', 'o', 'o'};
PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
SecretKeyFactory keyFac =
SecretKeyFactory.getInstance(algorithm, SunJCEProvider);
testCleanupSecret(algorithm, keyFac.generateSecret(pbeKeySpec));
}
private static void testPBKSecret(String algorithm) throws Exception {
byte[] salt = new byte[8];
new Random().nextBytes(salt);
char[] password = new char[] {'f', 'o', 'o'};
PBEKeySpec pbeKeySpec = new PBEKeySpec(PASS_PHRASE.toCharArray(), salt,
ITERATION_COUNT, KEY_SIZE);
SecretKeyFactory keyFac =
SecretKeyFactory.getInstance(algorithm, SunJCEProvider);
testCleanupSecret(algorithm, keyFac.generateSecret(pbeKeySpec));
}
static void testCleanupSecret(String algorithm, SecretKey key) throws Exception {
// Break into the implementation to observe the key byte array.
Class<?> keyClass = key.getClass();
Field keyField = keyClass.getDeclaredField("key");
keyField.setAccessible(true);
byte[] array = (byte[])keyField.get(key);
byte[] zeros = new byte[array.length];
do {
// Wait for array to be cleared; if not cleared test will timeout
System.out.printf("%s array: %s%n", algorithm, Arrays.toString(array));
key = null;
System.gc(); // attempt to reclaim the key
} while (Arrays.compare(zeros, array) != 0);
System.out.printf("%s array: %s%n", algorithm, Arrays.toString(array));
Reference.reachabilityFence(key); // Keep key alive
Reference.reachabilityFence(array); // Keep array alive
}
}