archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 22:34:27 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8146293: Add support for RSASSA-PSS Signature algorithm

Browse source 
Add RSASSA-PSS key and signature support to SunRsaSign provider

Reviewed-by: wetmore
This commit is contained in:
Valerie Peng 2018-05-21 23:40:52 +00:00
parent 6216182dd1
commit 9e8d9fe1ee
79 changed files with 5489 additions and 627 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/java.base/share/classes/java/security/Signature.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -284,6 +284,7 @@ public abstract class Signature extends SignatureSpi {
signatureInfo.put("sun.security.rsa.RSASignature$SHA256withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$SHA384withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSASignature$SHA512withRSA", TRUE);
signatureInfo.put("sun.security.rsa.RSAPSSSignature", TRUE);
signatureInfo.put("com.sun.net.ssl.internal.ssl.RSASignature", TRUE);
signatureInfo.put("sun.security.pkcs11.P11Signature", TRUE);
}

25
src/java.base/share/classes/java/security/cert/X509CRL.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,14 +25,9 @@
package java.security.cert;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.InvalidKeyException;
import java.security.SignatureException;
import java.security.Principal;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.*;
import java.security.spec.*;
import javax.security.auth.x500.X500Principal;
import java.math.BigInteger;
@ -41,6 +36,7 @@ import java.util.Set;
import java.util.Arrays;
import sun.security.x509.X509CRLImpl;
import sun.security.util.SignatureUtil;
/**
* <p>
@ -246,8 +242,19 @@ public abstract class X509CRL extends CRL implements X509Extension {
Signature sig = (sigProvider == null)
? Signature.getInstance(getSigAlgName())
: Signature.getInstance(getSigAlgName(), sigProvider);
sig.initVerify(key);
// set parameters after Signature.initSign/initVerify call,
// so the deferred provider selections occur when key is set
try {
SignatureUtil.specialSetParameter(sig, getSigAlgParams());
} catch (ProviderException e) {
throw new CRLException(e.getMessage(), e.getCause());
} catch (InvalidAlgorithmParameterException e) {
throw new CRLException(e);
}
byte[] tbsCRL = getTBSCertList();
sig.update(tbsCRL, 0, tbsCRL.length);

15
src/java.base/share/classes/java/security/cert/X509Certificate.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,12 +27,14 @@ package java.security.cert;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import sun.security.x509.X509CertImpl;
import sun.security.util.SignatureUtil;
/**
* <p>
@ -677,8 +679,19 @@ implements X509Extension {
Signature sig = (sigProvider == null)
? Signature.getInstance(getSigAlgName())
: Signature.getInstance(getSigAlgName(), sigProvider);
sig.initVerify(key);
// set parameters after Signature.initSign/initVerify call,
// so the deferred provider selections occur when key is set
try {
SignatureUtil.specialSetParameter(sig, getSigAlgParams());
} catch (ProviderException e) {
throw new CertificateException(e.getMessage(), e.getCause());
} catch (InvalidAlgorithmParameterException e) {
throw new CertificateException(e);
}
byte[] tbsCert = getTBSCertificate();
sig.update(tbsCert, 0, tbsCert.length);

23
src/java.base/share/classes/java/security/interfaces/RSAKey.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,9 +26,12 @@
package java.security.interfaces;
import java.math.BigInteger;
import java.security.spec.AlgorithmParameterSpec;
/**
* The interface to an RSA public or private key.
* The interface to a public or private key in
* <a href="https://tools.ietf.org/rfc/rfc8017.txt">PKCS#1 v2.2</a> standard,
* such as those for RSA, or RSASSA-PSS algorithms.
*
* @author Jan Luehe
*
@ -46,4 +49,20 @@ public interface RSAKey {
* @return the modulus
*/
public BigInteger getModulus();
/**
* Returns the parameters associated with this key.
* The parameters are optional and may be either
* explicitly specified or implicitly created during
* key pair generation.
*
* @implSpec
* The default implementation returns {@code null}.
*
* @return the associated parameters, may be null
* @since 11
*/
default AlgorithmParameterSpec getParams() {
return null;
}
}

6
src/java.base/share/classes/java/security/interfaces/RSAMultiPrimePrivateCrtKey.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,8 +30,8 @@ import java.security.spec.RSAOtherPrimeInfo;
/**
* The interface to an RSA multi-prime private key, as defined in the
* PKCS#1 v2.1, using the <i>Chinese Remainder Theorem</i>
* (CRT) information values.
* <a href="https://tools.ietf.org/rfc/rfc8017.txt">PKCS#1 v2.2</a> standard,
* using the <i>Chinese Remainder Theorem</i> (CRT) information values.
*
* @author Valerie Peng
*

5
src/java.base/share/classes/java/security/interfaces/RSAPrivateCrtKey.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,7 +28,8 @@ package java.security.interfaces;
import java.math.BigInteger;
/**
* The interface to an RSA private key, as defined in the PKCS#1 standard,
* The interface to an RSA private key, as defined in the
* <a href="https://tools.ietf.org/rfc/rfc8017.txt">PKCS#1 v2.2</a> standard,
* using the <i>Chinese Remainder Theorem</i> (CRT) information values.
*
* @author Jan Luehe

4
src/java.base/share/classes/java/security/interfaces/package-info.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -51,7 +51,7 @@
* <h2>Package Specification</h2>
*
* <ul>
* <li>PKCS #1: RSA Encryption Standard, Version 1.5, November 1993 </li>
* <li>PKCS #1: RSA Cryptography Specifications, Version 2.2 (RFC 8017)</li>
* <li>Federal Information Processing Standards Publication (FIPS PUB) 186:
* Digital Signature Standard (DSS) </li>
* </ul>

54
src/java.base/share/classes/java/security/spec/MGF1ParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,23 +29,31 @@ import java.security.spec.AlgorithmParameterSpec;
/**
* This class specifies the set of parameters used with mask generation
* function MGF1 in OAEP Padding and RSA-PSS signature scheme, as
* function MGF1 in OAEP Padding and RSASSA-PSS signature scheme, as
* defined in the
* <a href="http://www.ietf.org/rfc/rfc3447.txt">PKCS #1 v2.1</a>
* standard.
* <a href="https://tools.ietf.org/rfc/rfc8017.txt">PKCS#1 v2.2</a> standard.
*
* <p>Its ASN.1 definition in PKCS#1 standard is described below:
* <pre>
* MGF1Parameters ::= OAEP-PSSDigestAlgorthms
* PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
* { OID id-mgf1 PARAMETERS HashAlgorithm },
* ... -- Allows for future expansion --
* }
* </pre>
* where
* <pre>
* HashAlgorithm ::= AlgorithmIdentifier {
* {OAEP-PSSDigestAlgorithms}
* }
*
* OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
* { OID id-sha1 PARAMETERS NULL }|
* { OID id-sha224 PARAMETERS NULL }|
* { OID id-sha256 PARAMETERS NULL }|
* { OID id-sha384 PARAMETERS NULL }|
* { OID id-sha512 PARAMETERS NULL },
* { OID id-sha1 PARAMETERS NULL }|
* { OID id-sha224 PARAMETERS NULL }|
* { OID id-sha256 PARAMETERS NULL }|
* { OID id-sha384 PARAMETERS NULL }|
* { OID id-sha512 PARAMETERS NULL }|
* { OID id-sha512-224 PARAMETERS NULL }|
* { OID id-sha512-256 PARAMETERS NULL },
* ... -- Allows for future expansion --
* }
* </pre>
@ -59,31 +67,47 @@ import java.security.spec.AlgorithmParameterSpec;
public class MGF1ParameterSpec implements AlgorithmParameterSpec {
/**
* The MGF1ParameterSpec which uses "SHA-1" message digest.
* The MGF1ParameterSpec which uses "SHA-1" message digest
*/
public static final MGF1ParameterSpec SHA1 =
new MGF1ParameterSpec("SHA-1");
/**
* The MGF1ParameterSpec which uses "SHA-224" message digest.
* The MGF1ParameterSpec which uses "SHA-224" message digest
*/
public static final MGF1ParameterSpec SHA224 =
new MGF1ParameterSpec("SHA-224");
/**
* The MGF1ParameterSpec which uses "SHA-256" message digest.
* The MGF1ParameterSpec which uses "SHA-256" message digest
*/
public static final MGF1ParameterSpec SHA256 =
new MGF1ParameterSpec("SHA-256");
/**
* The MGF1ParameterSpec which uses "SHA-384" message digest.
* The MGF1ParameterSpec which uses "SHA-384" message digest
*/
public static final MGF1ParameterSpec SHA384 =
new MGF1ParameterSpec("SHA-384");
/**
* The MGF1ParameterSpec which uses SHA-512 message digest.
* The MGF1ParameterSpec which uses SHA-512 message digest
*/
public static final MGF1ParameterSpec SHA512 =
new MGF1ParameterSpec("SHA-512");
/**
* The MGF1ParameterSpec which uses SHA-512/224 message digest
*/
public static final MGF1ParameterSpec SHA512_224 =
new MGF1ParameterSpec("SHA-512/224");
/**
* The MGF1ParameterSpec which uses SHA-512/256 message digest
*/
public static final MGF1ParameterSpec SHA512_256 =
new MGF1ParameterSpec("SHA-512/256");
private String mdName;
/**

135
src/java.base/share/classes/java/security/spec/PSSParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,37 +25,43 @@
package java.security.spec;
import java.math.BigInteger;
import java.util.Objects;
import java.security.spec.MGF1ParameterSpec;
/**
* This class specifies a parameter spec for RSA-PSS signature scheme,
* This class specifies a parameter spec for RSASSA-PSS signature scheme,
* as defined in the
* <a href="http://www.ietf.org/rfc/rfc3447.txt">PKCS#1 v2.1</a>
* standard.
* <a href="https://tools.ietf.org/rfc/rfc8017.txt">PKCS#1 v2.2</a> standard.
*
* <p>Its ASN.1 definition in PKCS#1 standard is described below:
* <pre>
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] OAEP-PSSDigestAlgorithms DEFAULT sha1,
* maskGenAlgorithm [1] PKCS1MGFAlgorithms DEFAULT mgf1SHA1,
* saltLength [2] INTEGER DEFAULT 20,
* trailerField [3] INTEGER DEFAULT 1
* hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
* saltLength [2] INTEGER DEFAULT 20,
* trailerField [3] TrailerField DEFAULT trailerFieldBC(1)
* }
* </pre>
* where
* <pre>
* HashAlgorithm ::= AlgorithmIdentifier {
* {OAEP-PSSDigestAlgorithms}
* }
* MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} }
* TrailerField ::= INTEGER { trailerFieldBC(1) }
*
* OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= {
* { OID id-sha1 PARAMETERS NULL }|
* { OID id-sha224 PARAMETERS NULL }|
* { OID id-sha256 PARAMETERS NULL }|
* { OID id-sha384 PARAMETERS NULL }|
* { OID id-sha512 PARAMETERS NULL },
* { OID id-sha1 PARAMETERS NULL }|
* { OID id-sha224 PARAMETERS NULL }|
* { OID id-sha256 PARAMETERS NULL }|
* { OID id-sha384 PARAMETERS NULL }|
* { OID id-sha512 PARAMETERS NULL }|
* { OID id-sha512-224 PARAMETERS NULL }|
* { OID id-sha512-256 PARAMETERS NULL },
* ... -- Allows for future expansion --
* }
*
* PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
* { OID id-mgf1 PARAMETERS OAEP-PSSDigestAlgorithms },
* { OID id-mgf1 PARAMETERS HashAlgorithm },
* ... -- Allows for future expansion --
* }
* </pre>
@ -78,55 +84,62 @@ import java.security.spec.MGF1ParameterSpec;
public class PSSParameterSpec implements AlgorithmParameterSpec {
private String mdName = "SHA-1";
private String mgfName = "MGF1";
private AlgorithmParameterSpec mgfSpec = MGF1ParameterSpec.SHA1;
private int saltLen = 20;
private int trailerField = 1;
private final String mdName;
private final String mgfName;
private final AlgorithmParameterSpec mgfSpec;
private final int saltLen;
private final int trailerField;
/**
* The PSS parameter set with all default values.
* The {@code TrailerFieldBC} constant as defined in PKCS#1
*
* @since 11
*/
public static final int TRAILER_FIELD_BC = 1;
/**
* The PSS parameter set with all default values
*
* @since 1.5
*/
public static final PSSParameterSpec DEFAULT = new PSSParameterSpec();
public static final PSSParameterSpec DEFAULT = new PSSParameterSpec
("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, 20, TRAILER_FIELD_BC);
/**
* Constructs a new {@code PSSParameterSpec} as defined in
* the PKCS #1 standard using the default values.
*/
// disallowed
private PSSParameterSpec() {
throw new RuntimeException("default constructor not allowed");
}
/**
* Creates a new {@code PSSParameterSpec} as defined in
* the PKCS #1 standard using the specified message digest,
* mask generation function, parameters for mask generation
* function, salt length, and trailer field values.
*
* @param mdName the algorithm name of the hash function.
* @param mgfName the algorithm name of the mask generation
* function.
* @param mgfSpec the parameters for the mask generation
* function. If null is specified, null will be returned by
* getMGFParameters().
* @param saltLen the length of salt.
* @param trailerField the value of the trailer field.
* @exception NullPointerException if {@code mdName},
* or {@code mgfName} is null.
* @exception IllegalArgumentException if {@code saltLen}
* or {@code trailerField} is less than 0.
* @param mdName the algorithm name of the hash function
* @param mgfName the algorithm name of the mask generation function
* @param mgfSpec the parameters for the mask generation function.
* If null is specified, null will be returned by
* getMGFParameters().
* @param saltLen the length of salt
* @param trailerField the value of the trailer field
* @exception NullPointerException if {@code mdName}, or {@code mgfName}
* is null
* @exception IllegalArgumentException if {@code saltLen} or
* {@code trailerField} is less than 0
* @since 1.5
*/
public PSSParameterSpec(String mdName, String mgfName,
AlgorithmParameterSpec mgfSpec,
int saltLen, int trailerField) {
if (mdName == null) {
throw new NullPointerException("digest algorithm is null");
}
if (mgfName == null) {
throw new NullPointerException("mask generation function " +
"algorithm is null");
}
AlgorithmParameterSpec mgfSpec, int saltLen, int trailerField) {
Objects.requireNonNull(mdName, "digest algorithm is null");
Objects.requireNonNull(mgfName,
"mask generation function algorithm is null");
if (saltLen < 0) {
throw new IllegalArgumentException("negative saltLen value: " +
saltLen);
@ -147,23 +160,19 @@ public class PSSParameterSpec implements AlgorithmParameterSpec {
* using the specified salt length and other default values as
* defined in PKCS#1.
*
* @param saltLen the length of salt in bits to be used in PKCS#1
* PSS encoding.
* @param saltLen the length of salt in bytes to be used in PKCS#1
* PSS encoding
* @exception IllegalArgumentException if {@code saltLen} is
* less than 0.
* less than 0
*/
public PSSParameterSpec(int saltLen) {
if (saltLen < 0) {
throw new IllegalArgumentException("negative saltLen value: " +
saltLen);
}
this.saltLen = saltLen;
this("SHA-1", "MGF1", MGF1ParameterSpec.SHA1, saltLen, TRAILER_FIELD_BC);
}
/**
* Returns the message digest algorithm name.
*
* @return the message digest algorithm name.
* @return the message digest algorithm name
* @since 1.5
*/
public String getDigestAlgorithm() {
@ -173,7 +182,7 @@ public class PSSParameterSpec implements AlgorithmParameterSpec {
/**
* Returns the mask generation function algorithm name.
*
* @return the mask generation function algorithm name.
* @return the mask generation function algorithm name
*
* @since 1.5
*/
@ -184,7 +193,7 @@ public class PSSParameterSpec implements AlgorithmParameterSpec {
/**
* Returns the parameters for the mask generation function.
*
* @return the parameters for the mask generation function.
* @return the parameters for the mask generation function
* @since 1.5
*/
public AlgorithmParameterSpec getMGFParameters() {
@ -192,18 +201,18 @@ public class PSSParameterSpec implements AlgorithmParameterSpec {
}
/**
* Returns the salt length in bits.
* Returns the salt length in bytes.
*
* @return the salt length.
* @return the salt length
*/
public int getSaltLength() {
return saltLen;
}
/**
* Returns the value for the trailer field, i.e. bc in PKCS#1 v2.1.
* Returns the value for the trailer field.
*
* @return the value for the trailer field, i.e. bc in PKCS#1 v2.1.
* @return the value for the trailer field
* @since 1.5
*/
public int getTrailerField() {

33
src/java.base/share/classes/java/security/spec/RSAKeyGenParameterSpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -43,6 +43,7 @@ public class RSAKeyGenParameterSpec implements AlgorithmParameterSpec {
private int keysize;
private BigInteger publicExponent;
private AlgorithmParameterSpec keyParams;
/**
* The public-exponent value F0 = 3.
@ -55,15 +56,30 @@ public class RSAKeyGenParameterSpec implements AlgorithmParameterSpec {
public static final BigInteger F4 = BigInteger.valueOf(65537);
/**
* Constructs a new {@code RSAParameterSpec} object from the
* given keysize and public-exponent value.
* Constructs a new {@code RSAKeyGenParameterSpec} object from the
* given keysize, public-exponent value, and null key parameters.
*
* @param keysize the modulus size (specified in number of bits)
* @param publicExponent the public exponent
*/
public RSAKeyGenParameterSpec(int keysize, BigInteger publicExponent) {
this(keysize, publicExponent, null);
}
/**
* Constructs a new {@code RSAKeyGenParameterSpec} object from the
* given keysize, public-exponent value, and key parameters.
*
* @param keysize the modulus size (specified in number of bits)
* @param publicExponent the public exponent
* @param keyParams the key parameters, may be null
* @since 11
*/
public RSAKeyGenParameterSpec(int keysize, BigInteger publicExponent,
AlgorithmParameterSpec keyParams) {
this.keysize = keysize;
this.publicExponent = publicExponent;
this.keyParams = keyParams;
}
/**
@ -83,4 +99,15 @@ public class RSAKeyGenParameterSpec implements AlgorithmParameterSpec {
public BigInteger getPublicExponent() {
return publicExponent;
}
/**
* Returns the parameters to be associated with key.
*
* @return the associated parameters, may be null if
* not present
* @since 11
*/
public AlgorithmParameterSpec getKeyParams() {
return keyParams;
}
}

152
src/java.base/share/classes/java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,11 +26,13 @@
package java.security.spec;
import java.math.BigInteger;
import java.util.Objects;
/**
* This class specifies an RSA multi-prime private key, as defined in the
* PKCS#1 v2.1, using the Chinese Remainder Theorem (CRT) information
* values for efficiency.
* <a href="https://tools.ietf.org/rfc/rfc8017.txt">PKCS#1 v2.2</a> standard
* using the Chinese Remainder Theorem (CRT) information values
* for efficiency.
*
* @author Valerie Peng
*
@ -57,34 +59,28 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec {
private final RSAOtherPrimeInfo[] otherPrimeInfo;
/**
* Creates a new {@code RSAMultiPrimePrivateCrtKeySpec}
* given the modulus, publicExponent, privateExponent,
* primeP, primeQ, primeExponentP, primeExponentQ,
* crtCoefficient, and otherPrimeInfo as defined in PKCS#1 v2.1.
* Creates a new {@code RSAMultiPrimePrivateCrtKeySpec}.
*
* <p>Note that the contents of {@code otherPrimeInfo}
* are copied to protect against subsequent modification when
* constructing this object.
*
* @param modulus the modulus n.
* @param publicExponent the public exponent e.
* @param privateExponent the private exponent d.
* @param primeP the prime factor p of n.
* @param primeQ the prime factor q of n.
* @param primeExponentP this is d mod (p-1).
* @param primeExponentQ this is d mod (q-1).
* @param crtCoefficient the Chinese Remainder Theorem
* coefficient q-1 mod p.
* @param otherPrimeInfo triplets of the rest of primes, null can be
* specified if there are only two prime factors (p and q).
* @exception NullPointerException if any of the parameters, i.e.
* {@code modulus},
* {@code publicExponent}, {@code privateExponent},
* {@code primeP}, {@code primeQ},
* {@code primeExponentP}, {@code primeExponentQ},
* {@code crtCoefficient}, is null.
* @exception IllegalArgumentException if an empty, i.e. 0-length,
* {@code otherPrimeInfo} is specified.
* @param modulus the modulus n
* @param publicExponent the public exponent e
* @param privateExponent the private exponent d
* @param primeP the prime factor p of n
* @param primeQ the prime factor q of q
* @param primeExponentP this is d mod (p-1)
* @param primeExponentQ this is d mod (q-1)
* @param crtCoefficient the Chinese Remainder Theorem
* coefficient q-1 mod p
* @param otherPrimeInfo triplets of the rest of primes, null can be
* specified if there are only two prime factors
* (p and q)
* @throws NullPointerException if any of the specified parameters
* with the exception of {@code otherPrimeInfo} is null
* @throws IllegalArgumentException if an empty, i.e. 0-length,
* {@code otherPrimeInfo} is specified
*/
public RSAMultiPrimePrivateCrtKeySpec(BigInteger modulus,
BigInteger publicExponent,
@ -95,45 +91,67 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec {
BigInteger primeExponentQ,
BigInteger crtCoefficient,
RSAOtherPrimeInfo[] otherPrimeInfo) {
super(modulus, privateExponent);
if (modulus == null) {
throw new NullPointerException("the modulus parameter must be " +
"non-null");
}
if (publicExponent == null) {
throw new NullPointerException("the publicExponent parameter " +
"must be non-null");
}
if (privateExponent == null) {
throw new NullPointerException("the privateExponent parameter " +
"must be non-null");
}
if (primeP == null) {
throw new NullPointerException("the primeP parameter " +
"must be non-null");
}
if (primeQ == null) {
throw new NullPointerException("the primeQ parameter " +
"must be non-null");
}
if (primeExponentP == null) {
throw new NullPointerException("the primeExponentP parameter " +
"must be non-null");
}
if (primeExponentQ == null) {
throw new NullPointerException("the primeExponentQ parameter " +
"must be non-null");
}
if (crtCoefficient == null) {
throw new NullPointerException("the crtCoefficient parameter " +
"must be non-null");
}
this.publicExponent = publicExponent;
this.primeP = primeP;
this.primeQ = primeQ;
this.primeExponentP = primeExponentP;
this.primeExponentQ = primeExponentQ;
this.crtCoefficient = crtCoefficient;
this(modulus, publicExponent, privateExponent, primeP, primeQ,
primeExponentP, primeExponentQ, crtCoefficient, otherPrimeInfo,
null);
}
/**
* Creates a new {@code RSAMultiPrimePrivateCrtKeySpec} with additional
* key parameters.
*
* <p>Note that the contents of {@code otherPrimeInfo}
* are copied to protect against subsequent modification when
* constructing this object.
*
* @param modulus the modulus n
* @param publicExponent the public exponent e
* @param privateExponent the private exponent d
* @param primeP the prime factor p of n
* @param primeQ the prime factor q of n
* @param primeExponentP this is d mod (p-1)
* @param primeExponentQ this is d mod (q-1)
* @param crtCoefficient the Chinese Remainder Theorem coefficient
* q-1 mod p
* @param otherPrimeInfo triplets of the rest of primes, null can be
* specified if there are only two prime factors
* (p and q)
* @param keyParams the parameters associated with key
* @throws NullPointerException if any of the specified parameters
* with the exception of {@code otherPrimeInfo} and {@code keyParams}
* is null
* @throws IllegalArgumentException if an empty, i.e. 0-length,
* {@code otherPrimeInfo} is specified
* @since 11
*/
public RSAMultiPrimePrivateCrtKeySpec(BigInteger modulus,
BigInteger publicExponent,
BigInteger privateExponent,
BigInteger primeP,
BigInteger primeQ,
BigInteger primeExponentP,
BigInteger primeExponentQ,
BigInteger crtCoefficient,
RSAOtherPrimeInfo[] otherPrimeInfo,
AlgorithmParameterSpec keyParams) {
super(modulus, privateExponent, keyParams);
Objects.requireNonNull(modulus,
"the modulus parameter must be non-null");
Objects.requireNonNull(privateExponent,
"the privateExponent parameter must be non-null");
this.publicExponent = Objects.requireNonNull(publicExponent,
"the publicExponent parameter must be non-null");
this.primeP = Objects.requireNonNull(primeP,
"the primeP parameter must be non-null");
this.primeQ = Objects.requireNonNull(primeQ,
"the primeQ parameter must be non-null");
this.primeExponentP = Objects.requireNonNull(primeExponentP,
"the primeExponentP parameter must be non-null");
this.primeExponentQ = Objects.requireNonNull(primeExponentQ,
"the primeExponentQ parameter must be non-null");
this.crtCoefficient = Objects.requireNonNull(crtCoefficient,
"the crtCoefficient parameter must be non-null");
if (otherPrimeInfo == null) {
this.otherPrimeInfo = null;
} else if (otherPrimeInfo.length == 0) {
@ -202,8 +220,8 @@ public class RSAMultiPrimePrivateCrtKeySpec extends RSAPrivateKeySpec {
* Returns a copy of the otherPrimeInfo or null if there are
* only two prime factors (p and q).
*
* @return the otherPrimeInfo. Returns a new array each
* time this method is called.
* @return the otherPrimeInfo. Returns a new array each time this method
* is called.
*/
public RSAOtherPrimeInfo[] getOtherPrimeInfo() {
if (otherPrimeInfo == null) return null;

13
src/java.base/share/classes/java/security/spec/RSAOtherPrimeInfo.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,15 +29,16 @@ import java.math.BigInteger;
/**
* This class represents the triplet (prime, exponent, and coefficient)
* inside RSA's OtherPrimeInfo structure, as defined in the PKCS#1 v2.1.
* inside RSA's OtherPrimeInfo structure, as defined in the
* <a href="https://tools.ietf.org/rfc/rfc8017.txt">PKCS#1 v2.2</a> standard.
* The ASN.1 syntax of RSA's OtherPrimeInfo is as follows:
*
* <pre>
* OtherPrimeInfo ::= SEQUENCE {
* prime INTEGER,
* exponent INTEGER,
* coefficient INTEGER
* }
* prime INTEGER,
* exponent INTEGER,
* coefficient INTEGER
* }
*
* </pre>
*

46
src/java.base/share/classes/java/security/spec/RSAPrivateCrtKeySpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,9 +28,9 @@ package java.security.spec;
import java.math.BigInteger;
/**
* This class specifies an RSA private key, as defined in the PKCS#1
* standard, using the Chinese Remainder Theorem (CRT) information values for
* efficiency.
* This class specifies an RSA private key, as defined in the
* <a href="https://tools.ietf.org/rfc/rfc8017.txt">PKCS#1 v2.2</a> standard,
* using the Chinese Remainder Theorem (CRT) information values for efficiency.
*
* @author Jan Luehe
* @since 1.2
@ -53,13 +53,8 @@ public class RSAPrivateCrtKeySpec extends RSAPrivateKeySpec {
private final BigInteger primeExponentQ;
private final BigInteger crtCoefficient;
/**
* Creates a new {@code RSAPrivateCrtKeySpec}
* given the modulus, publicExponent, privateExponent,
* primeP, primeQ, primeExponentP, primeExponentQ, and
* crtCoefficient as defined in PKCS#1.
* Creates a new {@code RSAPrivateCrtKeySpec}.
*
* @param modulus the modulus n
* @param publicExponent the public exponent e
@ -79,7 +74,36 @@ public class RSAPrivateCrtKeySpec extends RSAPrivateKeySpec {
BigInteger primeExponentP,
BigInteger primeExponentQ,
BigInteger crtCoefficient) {
super(modulus, privateExponent);
this(modulus, publicExponent, privateExponent, primeP, primeQ,
primeExponentP, primeExponentQ, crtCoefficient, null);
}
/**
* Creates a new {@code RSAPrivateCrtKeySpec} with additional
* key parameters.
*
* @param modulus the modulus n
* @param publicExponent the public exponent e
* @param privateExponent the private exponent d
* @param primeP the prime factor p of n
* @param primeQ the prime factor q of n
* @param primeExponentP this is d mod (p-1)
* @param primeExponentQ this is d mod (q-1)
* @param crtCoefficient the Chinese Remainder Theorem
* coefficient q-1 mod p
* @param keyParams the parameters associated with key
* @since 11
*/
public RSAPrivateCrtKeySpec(BigInteger modulus,
BigInteger publicExponent,
BigInteger privateExponent,
BigInteger primeP,
BigInteger primeQ,
BigInteger primeExponentP,
BigInteger primeExponentQ,
BigInteger crtCoefficient,
AlgorithmParameterSpec keyParams) {
super(modulus, privateExponent, keyParams);
this.publicExponent = publicExponent;
this.primeP = primeP;
this.primeQ = primeQ;

32
src/java.base/share/classes/java/security/spec/RSAPrivateKeySpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2001, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -44,8 +44,9 @@ import java.math.BigInteger;
public class RSAPrivateKeySpec implements KeySpec {
private BigInteger modulus;
private BigInteger privateExponent;
private final BigInteger modulus;
private final BigInteger privateExponent;
private final AlgorithmParameterSpec params;
/**
* Creates a new RSAPrivateKeySpec.
@ -54,8 +55,22 @@ public class RSAPrivateKeySpec implements KeySpec {
* @param privateExponent the private exponent
*/
public RSAPrivateKeySpec(BigInteger modulus, BigInteger privateExponent) {
this(modulus, privateExponent, null);
}
/**
* Creates a new RSAPrivateKeySpec with additional key parameters.
*
* @param modulus the modulus
* @param privateExponent the private exponent
* @param params the parameters associated with this key, may be null
* @since 11
*/
public RSAPrivateKeySpec(BigInteger modulus, BigInteger privateExponent,
AlgorithmParameterSpec params) {
this.modulus = modulus;
this.privateExponent = privateExponent;
this.params = params;
}
/**
@ -75,4 +90,15 @@ public class RSAPrivateKeySpec implements KeySpec {
public BigInteger getPrivateExponent() {
return this.privateExponent;
}
/**
* Returns the parameters associated with this key, may be null if not
* present.
*
* @return the parameters associated with this key
* @since 11
*/
public AlgorithmParameterSpec getParams() {
return this.params;
}
}

34
src/java.base/share/classes/java/security/spec/RSAPublicKeySpec.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2001, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -44,8 +44,9 @@ import java.math.BigInteger;
public class RSAPublicKeySpec implements KeySpec {
private BigInteger modulus;
private BigInteger publicExponent;
private final BigInteger modulus;
private final BigInteger publicExponent;
private final AlgorithmParameterSpec params;
/**
* Creates a new RSAPublicKeySpec.
@ -54,10 +55,25 @@ public class RSAPublicKeySpec implements KeySpec {
* @param publicExponent the public exponent
*/
public RSAPublicKeySpec(BigInteger modulus, BigInteger publicExponent) {
this(modulus, publicExponent, null);
}
/**
* Creates a new RSAPublicKeySpec with additional key parameters.
*
* @param modulus the modulus
* @param publicExponent the public exponent
* @param params the parameters associated with this key, may be null
* @since 11
*/
public RSAPublicKeySpec(BigInteger modulus, BigInteger publicExponent,
AlgorithmParameterSpec params) {
this.modulus = modulus;
this.publicExponent = publicExponent;
this.params = params;
}
/**
* Returns the modulus.
*
@ -75,4 +91,16 @@ public class RSAPublicKeySpec implements KeySpec {
public BigInteger getPublicExponent() {
return this.publicExponent;
}
/**
* Returns the parameters associated with this key, may be null if not
* present.
*
* @return the parameters associated with this key
* @since 11
*/
public AlgorithmParameterSpec getParams() {
return this.params;
}
}

4
src/java.base/share/classes/java/security/spec/package-info.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -42,7 +42,7 @@
* <h2>Package Specification</h2>
*
* <ul>
* <li>PKCS #1: RSA Encryption Standard, Version 1.5, November 1993</li>
* <li>PKCS #1: RSA Cryptography Specifications, Version 2.2 (RFC 8017)</li>
* <li>PKCS #8: Private-Key Information Syntax Standard,
* Version 1.2, November 1993</li>
* <li>Federal Information Processing Standards Publication (FIPS PUB) 186: