archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-19 18:44:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8255494: PKCS7 should use digest algorithm to verify the signature

Browse source 
Reviewed-by: valeriep
This commit is contained in:
Weijun Wang 2020-10-31 03:22:35 +00:00
parent 9d5c9cc78b
commit 80380d51d2
3 changed files with 124 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
View file

@ -260,8 +260,6 @@ public class SignerInfo implements DerEncoder {
out.write(tmp.toByteArray());
}
/*
* Returns the (user) certificate pertaining to this SignerInfo.
*/
@ -503,24 +501,27 @@ public class SignerInfo implements DerEncoder {
/**
* Derives the signature algorithm name from the digest algorithm
* name and the encryption algorithm name inside a PKCS7 SignerInfo.
* and the encryption algorithm inside a PKCS7 SignerInfo.
*
* For old style PKCS7 files where we use RSA, DSA, EC as encAlgId
* a DIGESTwithENC algorithm is returned. For new style RSASSA-PSS
* and EdDSA encryption, this method ensures digAlgId is compatible
* with the algorithm.
* The digest algorithm is in the form "DIG", and the encryption
* algorithm can be in any of the 3 forms:
*
* 1. Old style key algorithm like RSA, DSA, EC, this method returns
* DIGwithKEY.
* 2. New style signature algorithm in the form of HASHwithKEY, this
* method returns DIGwithKEY. Please note this is not HASHwithKEY.
* 3. Modern signature algorithm like RSASSA-PSS and EdDSA, this method
* returns the signature algorithm itself but ensures digAlgId is
* compatible with the algorithm as described in RFC 4056 and 8419.
*
* @param digAlgId the digest algorithm
* @param encAlgId the encryption or signature algorithm
* @param encAlgId the encryption algorithm
* @param directSign whether the signature is calculated on the content
* directly. This makes difference for Ed448.
*/
public static String makeSigAlg(AlgorithmId digAlgId, AlgorithmId encAlgId,
boolean directSign) throws NoSuchAlgorithmException {
String encAlg = encAlgId.getName();
if (encAlg.contains("with")) {
return encAlg;
}
switch (encAlg) {
case "RSASSA-PSS":
PSSParameterSpec spec = (PSSParameterSpec)
@ -547,11 +548,16 @@ public class SignerInfo implements DerEncoder {
return encAlg;
default:
String digAlg = digAlgId.getName();
String keyAlg = SignatureUtil.extractKeyAlgFromDwithE(encAlg);
if (keyAlg == null) {
// The encAlg used to be only the key alg
keyAlg = encAlg;
}
if (digAlg.startsWith("SHA-")) {
digAlg = "SHA" + digAlg.substring(4);
}
if (encAlg.equals("EC")) encAlg = "ECDSA";
return digAlg + "with" + encAlg;
if (keyAlg.equals("EC")) keyAlg = "ECDSA";
return digAlg + "with" + keyAlg;
}
}

26
src/java.base/share/classes/sun/security/util/SignatureUtil.java
View file

@ -282,6 +282,32 @@ public class SignatureUtil {
}
}
/**
* Extracts the key algorithm name from a signature
* algorithm name in either the "DIGESTwithENCRYPTION" or the
* "DIGESTwithENCRYPTIONandWHATEVER" format.
*
* @return the key algorithm name, or null if the input
* is not in either of the formats.
*/
public static String extractKeyAlgFromDwithE(String signatureAlgorithm) {
signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH);
int with = signatureAlgorithm.indexOf("WITH");
String keyAlgorithm = null;
if (with > 0) {
int and = signatureAlgorithm.indexOf("AND", with + 4);
if (and > 0) {
keyAlgorithm = signatureAlgorithm.substring(with + 4, and);
} else {
keyAlgorithm = signatureAlgorithm.substring(with + 4);
}
if (keyAlgorithm.equalsIgnoreCase("ECDSA")) {
keyAlgorithm = "EC";
}
}
return keyAlgorithm;
}
/**
* Returns default AlgorithmParameterSpec for a key used in a signature.
* This is only useful for RSASSA-PSS now, which is the only algorithm