1 /*
2  * Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package sun.security.util;
27 
28 import java.util.regex.PatternSyntaxException;
29 import java.security.InvalidParameterException;
30 import sun.security.action.GetPropertyAction;
31 
32 /**
33  * Various constants such as version number, default key length, used by
34  * the JDK security/crypto providers.
35  */
36 public final class SecurityProviderConstants {
37     private static final Debug debug =
38         Debug.getInstance("jca", "ProviderConfig");
39 
40     // Cannot create one of these
SecurityProviderConstants()41     private SecurityProviderConstants () {
42     }
43 
getDefDSASubprimeSize(int primeSize)44     public static final int getDefDSASubprimeSize(int primeSize) {
45         if (primeSize <= 1024) {
46             return 160;
47         } else if (primeSize == 2048) {
48             return 224;
49         } else if (primeSize == 3072) {
50             return 256;
51         } else {
52             throw new InvalidParameterException("Invalid DSA Prime Size: " +
53                 primeSize);
54         }
55     }
56 
57     public static final int DEF_DSA_KEY_SIZE;
58     public static final int DEF_RSA_KEY_SIZE;
59     public static final int DEF_RSASSA_PSS_KEY_SIZE;
60     public static final int DEF_DH_KEY_SIZE;
61     public static final int DEF_EC_KEY_SIZE;
62 
63     private static final String KEY_LENGTH_PROP =
64         "jdk.security.defaultKeySize";
65     static {
66         String keyLengthStr = GetPropertyAction.privilegedGetProperty
67             (KEY_LENGTH_PROP);
68         int dsaKeySize = 2048;
69         int rsaKeySize = 2048;
70         int rsaSsaPssKeySize = rsaKeySize; // default to same value as RSA
71         int dhKeySize = 2048;
72         int ecKeySize = 256;
73 
74         if (keyLengthStr != null) {
75             try {
76                 String[] pairs = keyLengthStr.split(",");
77                 for (String p : pairs) {
78                     String[] algoAndValue = p.split(":");
79                     if (algoAndValue.length != 2) {
80                         // invalid pair, skip to next pair
81                         if (debug != null) {
82                             debug.println("Ignoring invalid pair in " +
83                                 KEY_LENGTH_PROP + " property: " + p);
84                         }
85                         continue;
86                     }
87                     String algoName = algoAndValue[0].trim().toUpperCase();
88                     int value = -1;
89                     try {
90                         value = Integer.parseInt(algoAndValue[1].trim());
91                     } catch (NumberFormatException nfe) {
92                         // invalid value, skip to next pair
93                         if (debug != null) {
94                             debug.println("Ignoring invalid value in " +
95                                 KEY_LENGTH_PROP + " property: " + p);
96                         }
97                         continue;
98                     }
99                     if (algoName.equals("DSA")) {
100                         dsaKeySize = value;
101                     } else if (algoName.equals("RSA")) {
102                         rsaKeySize = value;
103                     } else if (algoName.equals("RSASSA-PSS")) {
104                         rsaSsaPssKeySize = value;
105                     } else if (algoName.equals("DH")) {
106                         dhKeySize = value;
107                     } else if (algoName.equals("EC")) {
108                         ecKeySize = value;
109                     } else {
110                         if (debug != null) {
111                             debug.println("Ignoring unsupported algo in " +
112                                 KEY_LENGTH_PROP + " property: " + p);
113                         }
114                         continue;
115                     }
116                     if (debug != null) {
117                         debug.println("Overriding default " + algoName +
118                             " keysize with value from " +
119                             KEY_LENGTH_PROP + " property: " + value);
120                     }
121                 }
122             } catch (PatternSyntaxException pse) {
123                 // if property syntax is not followed correctly
124                 if (debug != null) {
125                     debug.println("Unexpected exception while parsing " +
126                         KEY_LENGTH_PROP + " property: " + pse);
127                 }
128             }
129         }
130         DEF_DSA_KEY_SIZE = dsaKeySize;
131         DEF_RSA_KEY_SIZE = rsaKeySize;
132         DEF_RSASSA_PSS_KEY_SIZE = rsaSsaPssKeySize;
133         DEF_DH_KEY_SIZE = dhKeySize;
134         DEF_EC_KEY_SIZE = ecKeySize;
135     }
136 }
137