archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8146293: Add support for RSASSA-PSS Signature algorithm

Browse source 
Add RSASSA-PSS key and signature support to SunRsaSign provider

Reviewed-by: wetmore
This commit is contained in:
Valerie Peng 2018-05-21 23:40:52 +00:00
parent 6216182dd1
commit 9e8d9fe1ee
79 changed files with 5489 additions and 627 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/java.base/share/classes/sun/security/util/SecurityProviderConstants.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -56,6 +56,7 @@ public final class SecurityProviderConstants {
public static final int DEF_DSA_KEY_SIZE;
public static final int DEF_RSA_KEY_SIZE;
public static final int DEF_RSASSA_PSS_KEY_SIZE;
public static final int DEF_DH_KEY_SIZE;
public static final int DEF_EC_KEY_SIZE;
@ -66,6 +67,7 @@ public final class SecurityProviderConstants {
(KEY_LENGTH_PROP);
int dsaKeySize = 2048;
int rsaKeySize = 2048;
int rsaSsaPssKeySize = rsaKeySize; // default to same value as RSA
int dhKeySize = 2048;
int ecKeySize = 256;
@ -98,6 +100,8 @@ public final class SecurityProviderConstants {
dsaKeySize = value;
} else if (algoName.equals("RSA")) {
rsaKeySize = value;
} else if (algoName.equals("RSASSA-PSS")) {
rsaSsaPssKeySize = value;
} else if (algoName.equals("DH")) {
dhKeySize = value;
} else if (algoName.equals("EC")) {
@ -125,6 +129,7 @@ public final class SecurityProviderConstants {
}
DEF_DSA_KEY_SIZE = dsaKeySize;
DEF_RSA_KEY_SIZE = rsaKeySize;
DEF_RSASSA_PSS_KEY_SIZE = rsaSsaPssKeySize;
DEF_DH_KEY_SIZE = dhKeySize;
DEF_EC_KEY_SIZE = ecKeySize;
}

115
src/java.base/share/classes/sun/security/util/SignatureUtil.java Normal file
View file

@ -0,0 +1,115 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.util;
import java.io.IOException;
import java.security.*;
import java.security.spec.*;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.AlgorithmId;
import sun.security.rsa.RSAUtil;
/**
* Utility class for Signature related operations. Currently used by various
* internal PKI classes such as sun.security.x509.X509CertImpl,
* sun.security.pkcs.SignerInfo, for setting signature parameters.
*
* @since 11
*/
public class SignatureUtil {
// Utility method of creating an AlgorithmParameters object with
// the specified algorithm name and encoding
private static AlgorithmParameters createAlgorithmParameters(String algName,
byte[] paramBytes) throws ProviderException {
try {
AlgorithmParameters result =
AlgorithmParameters.getInstance(algName);
result.init(paramBytes);
return result;
} catch (NoSuchAlgorithmException | IOException e) {
throw new ProviderException(e);
}
}
private static AlgorithmParameterSpec getParamSpec(String sigName,
AlgorithmParameters params)
throws InvalidAlgorithmParameterException, ProviderException {
if (params == null) return null;
if (sigName.toUpperCase().indexOf("RSA") == -1) {
throw new ProviderException
("Unrecognized algorithm for signature parameters " +
sigName);
}
// AlgorithmParameters.getAlgorithm() may returns oid if it's
// created during DER decoding. Convert to use the standard name
// before passing it to RSAUtil
String alg = params.getAlgorithm();
if (alg.equalsIgnoreCase(sigName) || alg.indexOf(".") != -1) {
try {
params = createAlgorithmParameters(sigName,
params.getEncoded());
} catch (IOException e) {
throw new ProviderException(e);
}
}
return RSAUtil.getParamSpec(params);
}
// Special method for setting the specified parameter bytes into the
// specified Signature object as signature parameters.
public static void specialSetParameter(Signature sig, byte[] paramBytes)
throws InvalidAlgorithmParameterException, ProviderException {
AlgorithmParameters params = null;
if (paramBytes != null) {
String sigName = sig.getAlgorithm();
params = createAlgorithmParameters(sigName, paramBytes);
}
specialSetParameter(sig, params);
}
// Special method for setting the specified AlgorithmParameter object
// into the specified Signature object as signature parameters.
public static void specialSetParameter(Signature sig,
AlgorithmParameters params)
throws InvalidAlgorithmParameterException, ProviderException {
String sigName = sig.getAlgorithm();
if (params != null) {
sig.setParameter(getParamSpec(sigName, params));
} else {
try {
sig.setParameter(null);
} catch (UnsupportedOperationException e) {
// ignore for maintaining backward compatibility
}
}
}
}