8138653: Default key sizes for the AlgorithmParameterGenerator and KeyPairGenerator implementations should be upgraded

Reviewed-by: coffeys, vinnie

jdk/src/java.base/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,7 +43,7 @@ import sun.security.provider.ParameterCache;
  * <li>By providing the size in bits of the prime modulus -
  * This will be used to create a prime modulus and base generator, which will
  * then be used to create the Diffie-Hellman key pair. The default size of the
- * prime modulus is 1024 bits.
+ * prime modulus is 2048 bits.
  * <li>By providing a prime modulus and base generator
  * </ul>
  *
@@ -68,7 +68,7 @@ public final class DHKeyPairGenerator extends KeyPairGeneratorSpi {
 
     public DHKeyPairGenerator() {
         super();
-        initialize(1024, null);
+        initialize(2048, null);
     }
 
     /**

jdk/src/java.base/share/classes/com/sun/crypto/provider/DHParameterGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -37,7 +37,7 @@ import javax.crypto.spec.DHGenParameterSpec;
  *
  * <p>The Diffie-Hellman parameter generation accepts the size in bits of the
  * prime modulus and the size in bits of the random exponent as input.
- * The size of the prime modulus defaults to 1024 bits.
+ * The size of the prime modulus defaults to 2048 bits.
  *
  * @author Jan Luehe
  *
@@ -50,7 +50,7 @@ public final class DHParameterGenerator
 extends AlgorithmParameterGeneratorSpi {
 
     // The size in bits of the prime modulus
-    private int primeSize = 1024;
+    private int primeSize = 2048;
 
     // The size in bits of the random exponent (private value)
     private int exponentSize = 0;

jdk/src/java.base/share/classes/java/security/KeyPairGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -71,7 +71,7 @@ import sun.security.util.Debug;
  * associated with each of the keys.
  *
  * <p>If the algorithm is the <i>DSA</i> algorithm, and the keysize (modulus
- * size) is 512, 768, or 1024, then the <i>Sun</i> provider uses a set of
+ * size) is 512, 768, 1024, or 2048, then the <i>Sun</i> provider uses a set of
  * precomputed values for the {@code p}, {@code q}, and
  * {@code g} parameters. If the modulus size is not one of the above
  * values, the <i>Sun</i> provider creates a new set of parameters. Other
@@ -96,7 +96,7 @@ import sun.security.util.Debug;
  * (via a call to an {@code initialize} method), each provider must
  * supply (and document) a default initialization.
  * For example, the <i>Sun</i> provider uses a default modulus size (keysize)
- * of 1024 bits.
+ * of 1024 bits for DSA key pairs.
  *
  * <p>Note that this class is abstract and extends from
  * {@code KeyPairGeneratorSpi} for historical reasons.

jdk/src/java.base/share/classes/sun/security/rsa/RSAKeyPairGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,7 +55,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
 
     public RSAKeyPairGenerator() {
         // initialize to default in case the app does not call initialize()
-        initialize(1024, null);
+        initialize(2048, null);
     }
 
     // initialize the generator. See JCA doc

jdk/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,7 +46,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
     // Supported by Microsoft Base, Strong and Enhanced Cryptographic Providers
     static final int KEY_SIZE_MIN = 512; // disallow MSCAPI min. of 384
     static final int KEY_SIZE_MAX = 16384;
-    private static final int KEY_SIZE_DEFAULT = 1024;
+    private static final int KEY_SIZE_DEFAULT = 2048;
 
     // size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX
     private int keySize;

jdk/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -182,7 +182,7 @@ public final class SunMSCAPI extends Provider {
                  * Key Pair Generator engines
                  */
                 attrs.clear();
-                attrs.put("KeySize", "1024");
+                attrs.put("KeySize", "16384");
                 putService(new ProviderService(p, "KeyPairGenerator",
                            "RSA", "sun.security.mscapi.RSAKeyPairGenerator",
                            null, attrs));

jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -106,8 +106,15 @@ final class P11KeyPairGenerator extends KeyPairGeneratorSpi {
                 maxKeyLen = 2048;
             }
         } else {
-            // RSA, DH, and DSA
-            keySize = 1024;
+            if (algorithm.equals("DSA")) {
+                // keep default keysize at 1024 since larger keysizes may be
+                // incompatible with SHA1withDSA and SHA-2 Signature algs
+                // may not be supported by native pkcs11 implementations
+                keySize = 1024;
+            } else {
+                // RSA and DH
+                keySize = 2048;
+            }
             if ((minKeyLen == -1) || (minKeyLen < 512)) {
                 minKeyLen = 512;
             }

jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -83,10 +83,10 @@ public class TestExponentSize {
         KeyPair kp;
         KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", "SunJCE");
 
-        // Sun's default uses a default psize of 1024 and
+        // Sun's default uses a default psize of 2048 and
         // lsize of (pSize / 2) but at least 384 bits
         kp = kpg.generateKeyPair();
-        checkKeyPair(kp, Sizes.ten24, Sizes.five12);
+        checkKeyPair(kp, Sizes.twenty48, Sizes.ten24);
 
         DHPublicKey publicKey = (DHPublicKey)kp.getPublic();
         BigInteger p = publicKey.getParams().getP();
@@ -98,15 +98,15 @@ public class TestExponentSize {
 
         kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
         kp = kpg.generateKeyPair();
-        checkKeyPair(kp, Sizes.ten24, Sizes.ten24);
+        checkKeyPair(kp, Sizes.twenty48, Sizes.ten24);
 
         kpg.initialize(new DHParameterSpec(p, g, Sizes.five12.getIntSize()));
         kp = kpg.generateKeyPair();
-        checkKeyPair(kp, Sizes.ten24, Sizes.five12);
+        checkKeyPair(kp, Sizes.twenty48, Sizes.five12);
 
         kpg.initialize(new DHParameterSpec(p, g, Sizes.two56.getIntSize()));
         kp = kpg.generateKeyPair();
-        checkKeyPair(kp, Sizes.ten24, Sizes.two56);
+        checkKeyPair(kp, Sizes.twenty48, Sizes.two56);
 
         kpg.initialize(Sizes.five12.getIntSize());
         kp = kpg.generateKeyPair();

jdk/test/sun/security/pkcs11/PKCS11Test.java

@@ -380,7 +380,9 @@ public abstract class PKCS11Test {
     }
 
     static double getNSSInfo(String library) {
-        String nssHeader = "$Header: NSS";
+        // look for two types of headers in NSS libraries
+        String nssHeader1 = "$Header: NSS";
+        String nssHeader2 = "Version: NSS";
         boolean found = false;
         String s = null;
         int i = 0;
@@ -408,7 +410,8 @@ public abstract class PKCS11Test {
                     }
 
                     s = new String(data, 0, read);
-                    if ((i = s.indexOf(nssHeader)) > 0) {
+                    i = s.indexOf(nssHeader1);
+                    if (i > 0 || (i = s.indexOf(nssHeader2)) > 0) {
                         found = true;
                         // If the nssHeader is before 920 we can break, otherwise
                         // we may not have the whole header so do another read.  If