jdk-sandbox: src/java.base/share/classes/sun/security/rsa/RSAPSSSignature.java@56aaa6cb3693 (annotated)

56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	1	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	4	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	10	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	15	* accompanied this code).
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	16	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	20	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	23	* questions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	24	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	25
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	26	package sun.security.rsa;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	27
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	28	import java.io.IOException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	29	import java.nio.ByteBuffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	30
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	31	import java.security.*;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	32	import java.security.spec.AlgorithmParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	33	import java.security.spec.PSSParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	34	import java.security.spec.MGF1ParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	35	import java.security.interfaces.*;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	36
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	37	import java.util.Arrays;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	38	import java.util.Hashtable;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	39
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	40	import sun.security.util.*;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	41	import sun.security.jca.JCAUtil;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	42
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	43
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	44	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	45	* PKCS#1 v2.2 RSASSA-PSS signatures with various message digest algorithms.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	46	* RSASSA-PSS implementation takes the message digest algorithm, MGF algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	47	* and salt length values through the required signature PSS parameters.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	48	* We support SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	49	* SHA-512/256 message digest algorithms and MGF1 mask generation function.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	50	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	51	* @since 11
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	52	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	53	public class RSAPSSSignature extends SignatureSpi {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	54
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	55	private static final boolean DEBUG = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	56
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	57	// utility method for comparing digest algorithms
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	58	// NOTE that first argument is assumed to be standard digest name
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	59	private boolean isDigestEqual(String stdAlg, String givenAlg) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	60	if (stdAlg == null \|\| givenAlg == null) return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	61
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	62	if (givenAlg.indexOf("-") != -1) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	63	return stdAlg.equalsIgnoreCase(givenAlg);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	64	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	65	if (stdAlg.equals("SHA-1")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	66	return (givenAlg.equalsIgnoreCase("SHA")
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	67	\|\| givenAlg.equalsIgnoreCase("SHA1"));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	68	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	69	StringBuilder sb = new StringBuilder(givenAlg);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	70	// case-insensitive check
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	71	if (givenAlg.regionMatches(true, 0, "SHA", 0, 3)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	72	givenAlg = sb.insert(3, "-").toString();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	73	return stdAlg.equalsIgnoreCase(givenAlg);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	74	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	75	throw new ProviderException("Unsupported digest algorithm "
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	76	+ givenAlg);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	77	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	78	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	79	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	80	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	81
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	82	private static final byte[] EIGHT_BYTES_OF_ZEROS = new byte[8];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	83
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	84	private static final Hashtable<String, Integer> DIGEST_LENGTHS =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	85	new Hashtable<String, Integer>();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	86	static {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	87	DIGEST_LENGTHS.put("SHA-1", 20);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	88	DIGEST_LENGTHS.put("SHA", 20);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	89	DIGEST_LENGTHS.put("SHA1", 20);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	90	DIGEST_LENGTHS.put("SHA-224", 28);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	91	DIGEST_LENGTHS.put("SHA224", 28);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	92	DIGEST_LENGTHS.put("SHA-256", 32);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	93	DIGEST_LENGTHS.put("SHA256", 32);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	94	DIGEST_LENGTHS.put("SHA-384", 48);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	95	DIGEST_LENGTHS.put("SHA384", 48);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	96	DIGEST_LENGTHS.put("SHA-512", 64);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	97	DIGEST_LENGTHS.put("SHA512", 64);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	98	DIGEST_LENGTHS.put("SHA-512/224", 28);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	99	DIGEST_LENGTHS.put("SHA512/224", 28);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	100	DIGEST_LENGTHS.put("SHA-512/256", 32);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	101	DIGEST_LENGTHS.put("SHA512/256", 32);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	102	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	103
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	104	// message digest implementation we use for hashing the data
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	105	private MessageDigest md;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	106	// flag indicating whether the digest is reset
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	107	private boolean digestReset = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	108
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	109	// private key, if initialized for signing
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	110	private RSAPrivateKey privKey = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	111	// public key, if initialized for verifying
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	112	private RSAPublicKey pubKey = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	113	// PSS parameters from signatures and keys respectively
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	114	private PSSParameterSpec sigParams = null; // required for PSS signatures
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	115
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	116	// PRNG used to generate salt bytes if none given
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	117	private SecureRandom random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	118
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	119	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	120	* Construct a new RSAPSSSignatur with arbitrary digest algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	121	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	122	public RSAPSSSignature() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	123	this.md = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	124	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	125
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	126	// initialize for verification. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	127	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	128	protected void engineInitVerify(PublicKey publicKey)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	129	throws InvalidKeyException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	130	if (!(publicKey instanceof RSAPublicKey)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	131	throw new InvalidKeyException("key must be RSAPublicKey");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	132	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	133	this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	134	this.privKey = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	135
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	136	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	137
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	138	// initialize for signing. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	139	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	140	protected void engineInitSign(PrivateKey privateKey)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	141	throws InvalidKeyException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	142	engineInitSign(privateKey, null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	143	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	144
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	145	// initialize for signing. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	146	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	147	protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	148	throws InvalidKeyException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	149	if (!(privateKey instanceof RSAPrivateKey)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	150	throw new InvalidKeyException("key must be RSAPrivateKey");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	151	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	152	this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	153	this.pubKey = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	154	this.random =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	155	(random == null? JCAUtil.getSecureRandom() : random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	156	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	157
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	158	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	159	* Utility method for checking the key PSS parameters against signature
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	160	* PSS parameters.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	161	* Returns false if any of the digest/MGF algorithms and trailerField
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	162	* values does not match or if the salt length in key parameters is
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	163	* larger than the value in signature parameters.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	164	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	165	private static boolean isCompatible(AlgorithmParameterSpec keyParams,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	166	PSSParameterSpec sigParams) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	167	if (keyParams == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	168	// key with null PSS parameters means no restriction
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	169	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	170	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	171	if (!(keyParams instanceof PSSParameterSpec)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	172	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	173	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	174	// nothing to compare yet, defer the check to when sigParams is set
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	175	if (sigParams == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	176	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	177	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	178	PSSParameterSpec pssKeyParams = (PSSParameterSpec) keyParams;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	179	// first check the salt length requirement
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	180	if (pssKeyParams.getSaltLength() > sigParams.getSaltLength()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	181	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	182	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	183
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	184	// compare equality of the rest of fields based on DER encoding
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	185	PSSParameterSpec keyParams2 =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	186	new PSSParameterSpec(pssKeyParams.getDigestAlgorithm(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	187	pssKeyParams.getMGFAlgorithm(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	188	pssKeyParams.getMGFParameters(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	189	sigParams.getSaltLength(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	190	pssKeyParams.getTrailerField());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	191	PSSParameters ap = new PSSParameters();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	192	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	193	ap.engineInit(keyParams2);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	194	byte[] encoded = ap.engineGetEncoded();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	195	ap.engineInit(sigParams);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	196	byte[] encoded2 = ap.engineGetEncoded();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	197	return Arrays.equals(encoded, encoded2);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	198	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	199	if (DEBUG) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	200	e.printStackTrace();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	201	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	202	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	203	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	204	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	205
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	206	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	207	* Validate the specified RSAKey and its associated parameters against
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	208	* internal signature parameters.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	209	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	210	private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	211	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	212	AlgorithmParameterSpec keyParams = rsaKey.getParams();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	213	// validate key parameters
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	214	if (!isCompatible(rsaKey.getParams(), this.sigParams)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	215	throw new InvalidKeyException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	216	("Key contains incompatible PSS parameter values");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	217	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	218	// validate key length
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	219	if (this.sigParams != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	220	Integer hLen =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	221	DIGEST_LENGTHS.get(this.sigParams.getDigestAlgorithm());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	222	if (hLen == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	223	throw new ProviderException("Unsupported digest algo: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	224	this.sigParams.getDigestAlgorithm());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	225	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	226	checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	227	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	228	return rsaKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	229	} catch (SignatureException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	230	throw new InvalidKeyException(e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	231	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	232	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	233
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	234	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	235	* Validate the specified Signature PSS parameters.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	236	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	237	private PSSParameterSpec validateSigParams(AlgorithmParameterSpec p)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	238	throws InvalidAlgorithmParameterException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	239	if (p == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	240	throw new InvalidAlgorithmParameterException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	241	("Parameters cannot be null");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	242	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	243	if (!(p instanceof PSSParameterSpec)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	244	throw new InvalidAlgorithmParameterException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	245	("parameters must be type PSSParameterSpec");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	246	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	247	// no need to validate again if same as current signature parameters
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	248	PSSParameterSpec params = (PSSParameterSpec) p;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	249	if (params == this.sigParams) return params;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	250
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	251	RSAKey key = (this.privKey == null? this.pubKey : this.privKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	252	// check against keyParams if set
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	253	if (key != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	254	if (!isCompatible(key.getParams(), params)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	255	throw new InvalidAlgorithmParameterException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	256	("Signature parameters does not match key parameters");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	257	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	258	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	259	// now sanity check the parameter values
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	260	if (!(params.getMGFAlgorithm().equalsIgnoreCase("MGF1"))) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	261	throw new InvalidAlgorithmParameterException("Only supports MGF1");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	262
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	263	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	264	if (params.getTrailerField() != 1) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	265	throw new InvalidAlgorithmParameterException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	266	("Only supports TrailerFieldBC(1)");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	267
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	268	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	269	String digestAlgo = params.getDigestAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	270	// check key length again
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	271	if (key != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	272	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	273	int hLen = DIGEST_LENGTHS.get(digestAlgo);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	274	checkKeyLength(key, hLen, params.getSaltLength());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	275	} catch (SignatureException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	276	throw new InvalidAlgorithmParameterException(e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	277	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	278	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	279	return params;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	280	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	281
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	282	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	283	* Ensure the object is initialized with key and parameters and
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	284	* reset digest
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	285	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	286	private void ensureInit() throws SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	287	RSAKey key = (this.privKey == null? this.pubKey : this.privKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	288	if (key == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	289	throw new SignatureException("Missing key");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	290	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	291	if (this.sigParams == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	292	// Parameters are required for signature verification
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	293	throw new SignatureException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	294	("Parameters required for RSASSA-PSS signatures");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	295	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	296	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	297
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	298	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	299	* Utility method for checking key length against digest length and
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	300	* salt length
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	301	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	302	private static void checkKeyLength(RSAKey key, int digestLen,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	303	int saltLen) throws SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	304	if (key != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	305	int keyLength = getKeyLengthInBits(key) >> 3;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	306	int minLength = Math.addExact(Math.addExact(digestLen, saltLen), 2);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	307	if (keyLength < minLength) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	308	throw new SignatureException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	309	("Key is too short, need min " + minLength);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	310	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	311	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	312	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	313
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	314	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	315	* Reset the message digest if it is not already reset.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	316	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	317	private void resetDigest() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	318	if (digestReset == false) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	319	this.md.reset();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	320	digestReset = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	321	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	322	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	323
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	324	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	325	* Return the message digest value.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	326	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	327	private byte[] getDigestValue() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	328	digestReset = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	329	return this.md.digest();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	330	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	331
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	332	// update the signature with the plaintext data. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	333	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	334	protected void engineUpdate(byte b) throws SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	335	ensureInit();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	336	this.md.update(b);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	337	digestReset = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	338	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	339
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	340	// update the signature with the plaintext data. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	341	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	342	protected void engineUpdate(byte[] b, int off, int len)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	343	throws SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	344	ensureInit();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	345	this.md.update(b, off, len);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	346	digestReset = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	347	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	348
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	349	// update the signature with the plaintext data. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	350	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	351	protected void engineUpdate(ByteBuffer b) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	352	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	353	ensureInit();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	354	} catch (SignatureException se) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	355	// hack for working around API bug
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	356	throw new RuntimeException(se.getMessage());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	357	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	358	this.md.update(b);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	359	digestReset = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	360	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	361
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	362	// sign the data and return the signature. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	363	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	364	protected byte[] engineSign() throws SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	365	ensureInit();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	366	byte[] mHash = getDigestValue();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	367	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	368	byte[] encoded = encodeSignature(mHash);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	369	byte[] encrypted = RSACore.rsa(encoded, privKey, true);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	370	return encrypted;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	371	} catch (GeneralSecurityException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	372	throw new SignatureException("Could not sign data", e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	373	} catch (IOException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	374	throw new SignatureException("Could not encode data", e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	375	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	376	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	377
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	378	// verify the data and return the result. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	379	// should be reset to the state after engineInitVerify call.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	380	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	381	protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	382	ensureInit();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	383	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	384	if (sigBytes.length != RSACore.getByteLength(this.pubKey)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	385	throw new SignatureException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	386	("Signature length not correct: got "
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	387	+ sigBytes.length + " but was expecting "
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	388	+ RSACore.getByteLength(this.pubKey));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	389	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	390	byte[] mHash = getDigestValue();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	391	byte[] decrypted = RSACore.rsa(sigBytes, this.pubKey);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	392	return decodeSignature(mHash, decrypted);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	393	} catch (javax.crypto.BadPaddingException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	394	// occurs if the app has used the wrong RSA public key
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	395	// or if sigBytes is invalid
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	396	// return false rather than propagating the exception for
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	397	// compatibility/ease of use
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	398	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	399	} catch (IOException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	400	throw new SignatureException("Signature encoding error", e);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	401	} finally {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	402	resetDigest();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	403	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	404	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	405
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	406	// return the modulus length in bits
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	407	private static int getKeyLengthInBits(RSAKey k) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	408	if (k != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	409	return k.getModulus().bitLength();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	410	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	411	return -1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	412	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	413
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	414	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	415	* Encode the digest 'mHash', return the to-be-signed data.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	416	* Also used by the PKCS#11 provider.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	417	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	418	private byte[] encodeSignature(byte[] mHash)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	419	throws IOException, DigestException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	420	AlgorithmParameterSpec mgfParams = this.sigParams.getMGFParameters();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	421	String mgfDigestAlgo;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	422	if (mgfParams != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	423	mgfDigestAlgo =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	424	((MGF1ParameterSpec) mgfParams).getDigestAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	425	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	426	mgfDigestAlgo = this.md.getAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	427	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	428	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	429	int emBits = getKeyLengthInBits(this.privKey) - 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	430	int emLen =(emBits + 7) >> 3;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	431	int hLen = this.md.getDigestLength();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	432	int dbLen = emLen - hLen - 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	433	int sLen = this.sigParams.getSaltLength();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	434
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	435	// maps DB into the corresponding region of EM and
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	436	// stores its bytes directly into EM
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	437	byte[] em = new byte[emLen];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	438
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	439	// step7 and some of step8
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	440	em[dbLen - sLen - 1] = (byte) 1; // set DB's padding2 into EM
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	441	em[em.length - 1] = (byte) 0xBC; // set trailer field of EM
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	442
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	443	if (!digestReset) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	444	throw new ProviderException("Digest should be reset");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	445	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	446	// step5: generates M' using padding1, mHash, and salt
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	447	this.md.update(EIGHT_BYTES_OF_ZEROS);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	448	digestReset = false; // mark digest as it now has data
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	449	this.md.update(mHash);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	450	if (sLen != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	451	// step4: generate random salt
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	452	byte[] salt = new byte[sLen];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	453	this.random.nextBytes(salt);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	454	this.md.update(salt);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	455
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	456	// step8: set DB's salt into EM
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	457	System.arraycopy(salt, 0, em, dbLen - sLen, sLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	458	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	459	// step6: generate H using M'
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	460	this.md.digest(em, dbLen, hLen); // set H field of EM
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	461	digestReset = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	462
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	463	// step7 and 8 are already covered by the code which setting up
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	464	// EM as above
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	465
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	466	// step9 and 10: feed H into MGF and xor with DB in EM
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	467	MGF1 mgf1 = new MGF1(mgfDigestAlgo);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	468	mgf1.generateAndXor(em, dbLen, hLen, dbLen, em, 0);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	469
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	470	// step11: set the leftmost (8emLen - emBits) bits of the leftmost
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	471	// octet to 0
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	472	int numZeroBits = (emLen << 3) - emBits;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	473	if (numZeroBits != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	474	byte MASK = (byte) (0xff >>> numZeroBits);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	475	em[0] = (byte) (em[0] & MASK);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	476	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	477
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	478	// step12: em should now holds maskedDB \|\| hash h \|\| 0xBC
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	479	return em;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	480	} catch (NoSuchAlgorithmException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	481	throw new IOException(e.toString());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	482	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	483	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	484
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	485	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	486	* Decode the signature data. Verify that the object identifier matches
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	487	* and return the message digest.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	488	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	489	private boolean decodeSignature(byte[] mHash, byte[] em)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	490	throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	491	int hLen = mHash.length;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	492	int sLen = this.sigParams.getSaltLength();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	493	int emLen = em.length;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	494	int emBits = getKeyLengthInBits(this.pubKey) - 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	495
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	496	// step3
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	497	if (emLen < (hLen + sLen + 2)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	498	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	499	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	500
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	501	// step4
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	502	if (em[emLen - 1] != (byte) 0xBC) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	503	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	504	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	505
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	506	// step6: check if the leftmost (8emLen - emBits) bits of the leftmost
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	507	// octet are 0
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	508	int numZeroBits = (emLen << 3) - emBits;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	509	if (numZeroBits != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	510	byte MASK = (byte) (0xff << (8 - numZeroBits));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	511	if ((em[0] & MASK) != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	512	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	513	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	514	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	515	String mgfDigestAlgo;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	516	AlgorithmParameterSpec mgfParams = this.sigParams.getMGFParameters();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	517	if (mgfParams != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	518	mgfDigestAlgo =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	519	((MGF1ParameterSpec) mgfParams).getDigestAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	520	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	521	mgfDigestAlgo = this.md.getAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	522	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	523	// step 7 and 8
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	524	int dbLen = emLen - hLen - 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	525	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	526	MGF1 mgf1 = new MGF1(mgfDigestAlgo);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	527	mgf1.generateAndXor(em, dbLen, hLen, dbLen, em, 0);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	528	} catch (NoSuchAlgorithmException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	529	throw new IOException(nsae.toString());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	530	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	531
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	532	// step9: set the leftmost (8emLen - emBits) bits of the leftmost
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	533	// octet to 0
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	534	if (numZeroBits != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	535	byte MASK = (byte) (0xff >>> numZeroBits);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	536	em[0] = (byte) (em[0] & MASK);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	537	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	538
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	539	// step10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	540	int i = 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	541	for (; i < dbLen - sLen - 1; i++) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	542	if (em[i] != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	543	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	544	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	545	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	546	if (em[i] != 0x01) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	547	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	548	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	549	// step12 and 13
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	550	this.md.update(EIGHT_BYTES_OF_ZEROS);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	551	digestReset = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	552	this.md.update(mHash);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	553	if (sLen > 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	554	this.md.update(em, (dbLen - sLen), sLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	555	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	556	byte[] digest2 = this.md.digest();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	557	digestReset = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	558
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	559	// step14
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	560	byte[] digestInEM = Arrays.copyOfRange(em, dbLen, emLen - 1);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	561	return MessageDigest.isEqual(digest2, digestInEM);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	562	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	563
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	564	// set parameter, not supported. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	565	@Deprecated
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	566	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	567	protected void engineSetParameter(String param, Object value)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	568	throws InvalidParameterException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	569	throw new UnsupportedOperationException("setParameter() not supported");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	570	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	571
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	572	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	573	protected void engineSetParameter(AlgorithmParameterSpec params)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	574	throws InvalidAlgorithmParameterException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	575	this.sigParams = validateSigParams(params);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	576	// disallow changing parameters when digest has been used
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	577	if (!digestReset) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	578	throw new ProviderException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	579	("Cannot set parameters during operations");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	580	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	581	String newHashAlg = this.sigParams.getDigestAlgorithm();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	582	// re-allocate md if not yet assigned or algorithm changed
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	583	if ((this.md == null) \|\|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	584	!(this.md.getAlgorithm().equalsIgnoreCase(newHashAlg))) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	585	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	586	this.md = MessageDigest.getInstance(newHashAlg);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	587	} catch (NoSuchAlgorithmException nsae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	588	// should not happen as we pick default digest algorithm
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	589	throw new InvalidAlgorithmParameterException
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	590	("Unsupported digest algorithm " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	591	newHashAlg, nsae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	592	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	593	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	594	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	595
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	596	// get parameter, not supported. See JCA doc
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	597	@Deprecated
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	598	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	599	protected Object engineGetParameter(String param)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	600	throws InvalidParameterException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	601	throw new UnsupportedOperationException("getParameter() not supported");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	602	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	603
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	604	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	605	protected AlgorithmParameters engineGetParameters() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	606	if (this.sigParams == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	607	throw new ProviderException("Missing required PSS parameters");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	608	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	609	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	610	AlgorithmParameters ap =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	611	AlgorithmParameters.getInstance("RSASSA-PSS");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	612	ap.init(this.sigParams);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	613	return ap;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	614	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	615	throw new ProviderException(gse.getMessage());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	616	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	617	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: diff changeset	618	}

author	wetmore
	Fri, 11 May 2018 15:53:12 -0700
branch	JDK-8145252-TLS13-branch
changeset 56542	56aaa6cb3693
child 56592	b1902b22005e
permissions	-rw-r--r--