--- a/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/RSASignature.java Thu Sep 13 01:49:48 2018 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,805 +0,0 @@
-/*
- * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.mscapi;
-
-import java.nio.ByteBuffer;
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-import java.math.BigInteger;
-import java.security.spec.MGF1ParameterSpec;
-import java.security.spec.PSSParameterSpec;
-import java.util.Locale;
-
-import sun.security.rsa.RSAKeyFactory;
-
-/**
- * RSA signature implementation. Supports RSA signing using PKCS#1 v1.5 padding.
- *
- * Objects should be instantiated by calling Signature.getInstance() using the
- * following algorithm names:
- *
- * . "NONEwithRSA"
- * . "SHA1withRSA"
- * . "SHA256withRSA"
- * . "SHA384withRSA"
- * . "SHA512withRSA"
- * . "MD5withRSA"
- * . "MD2withRSA"
- * . "RSASSA-PSS"
- *
- * NOTE: RSA keys must be at least 512 bits long.
- *
- * NOTE: NONEwithRSA must be supplied with a pre-computed message digest.
- * Only the following digest algorithms are supported: MD5, SHA-1,
- * SHA-256, SHA-384, SHA-512 and a special-purpose digest
- * algorithm which is a concatenation of SHA-1 and MD5 digests.
- *
- * @since 1.6
- * @author Stanley Man-Kit Ho
- */
-abstract class RSASignature extends java.security.SignatureSpi
-{
- // message digest implementation we use
- protected MessageDigest messageDigest;
-
- // message digest name
- private String messageDigestAlgorithm;
-
- // flag indicating whether the digest has been reset
- protected boolean needsReset;
-
- // the signing key
- protected Key privateKey = null;
-
- // the verification key
- protected Key publicKey = null;
-
- /**
- * Constructs a new RSASignature. Used by Raw subclass.
- */
- RSASignature() {
- messageDigest = null;
- messageDigestAlgorithm = null;
- }
-
- /**
- * Constructs a new RSASignature. Used by subclasses.
- */
- RSASignature(String digestName) {
-
- try {
- messageDigest = MessageDigest.getInstance(digestName);
- // Get the digest's canonical name
- messageDigestAlgorithm = messageDigest.getAlgorithm();
-
- } catch (NoSuchAlgorithmException e) {
- throw new ProviderException(e);
- }
-
- needsReset = false;
- }
-
- // Nested class for NONEwithRSA signatures
- public static final class Raw extends RSASignature {
-
- // the longest supported digest is 512 bits (SHA-512)
- private static final int RAW_RSA_MAX = 64;
-
- private final byte[] precomputedDigest;
- private int offset = 0;
-
- public Raw() {
- precomputedDigest = new byte[RAW_RSA_MAX];
- }
-
- // Stores the precomputed message digest value.
- @Override
- protected void engineUpdate(byte b) throws SignatureException {
- if (offset >= precomputedDigest.length) {
- offset = RAW_RSA_MAX + 1;
- return;
- }
- precomputedDigest[offset++] = b;
- }
-
- // Stores the precomputed message digest value.
- @Override
- protected void engineUpdate(byte[] b, int off, int len)
- throws SignatureException {
- if (len > (precomputedDigest.length - offset)) {
- offset = RAW_RSA_MAX + 1;
- return;
- }
- System.arraycopy(b, off, precomputedDigest, offset, len);
- offset += len;
- }
-
- // Stores the precomputed message digest value.
- @Override
- protected void engineUpdate(ByteBuffer byteBuffer) {
- int len = byteBuffer.remaining();
- if (len <= 0) {
- return;
- }
- if (len > (precomputedDigest.length - offset)) {
- offset = RAW_RSA_MAX + 1;
- return;
- }
- byteBuffer.get(precomputedDigest, offset, len);
- offset += len;
- }
-
- @Override
- protected void resetDigest(){
- offset = 0;
- }
-
- // Returns the precomputed message digest value.
- @Override
- protected byte[] getDigestValue() throws SignatureException {
- if (offset > RAW_RSA_MAX) {
- throw new SignatureException("Message digest is too long");
- }
-
- // Determine the digest algorithm from the digest length
- if (offset == 20) {
- setDigestName("SHA1");
- } else if (offset == 36) {
- setDigestName("SHA1+MD5");
- } else if (offset == 32) {
- setDigestName("SHA-256");
- } else if (offset == 48) {
- setDigestName("SHA-384");
- } else if (offset == 64) {
- setDigestName("SHA-512");
- } else if (offset == 16) {
- setDigestName("MD5");
- } else {
- throw new SignatureException(
- "Message digest length is not supported");
- }
-
- byte[] result = new byte[offset];
- System.arraycopy(precomputedDigest, 0, result, 0, offset);
- offset = 0;
-
- return result;
- }
- }
-
- public static final class SHA1 extends RSASignature {
- public SHA1() {
- super("SHA1");
- }
- }
-
- public static final class SHA256 extends RSASignature {
- public SHA256() {
- super("SHA-256");
- }
- }
-
- public static final class SHA384 extends RSASignature {
- public SHA384() {
- super("SHA-384");
- }
- }
-
- public static final class SHA512 extends RSASignature {
- public SHA512() {
- super("SHA-512");
- }
- }
-
- public static final class MD5 extends RSASignature {
- public MD5() {
- super("MD5");
- }
- }
-
- public static final class MD2 extends RSASignature {
- public MD2() {
- super("MD2");
- }
- }
-
- public static final class PSS extends RSASignature {
-
- private PSSParameterSpec pssParams = null;
-
- // Workaround: Cannot import raw public key to CNG. This signature
- // will be used for verification if key is not from MSCAPI.
- private Signature fallbackSignature;
-
- @Override
- protected void engineInitSign(PrivateKey key) throws InvalidKeyException {
- super.engineInitSign(key);
- fallbackSignature = null;
- }
-
- @Override
- protected void engineInitVerify(PublicKey key) throws InvalidKeyException {
- // This signature accepts only RSAPublicKey
- if ((key instanceof java.security.interfaces.RSAPublicKey) == false) {
- throw new InvalidKeyException("Key type not supported");
- }
-
- this.privateKey = null;
-
- if (key instanceof sun.security.mscapi.RSAPublicKey) {
- fallbackSignature = null;
- publicKey = (sun.security.mscapi.RSAPublicKey) key;
- } else {
- if (fallbackSignature == null) {
- try {
- fallbackSignature = Signature.getInstance(
- "RSASSA-PSS", "SunRsaSign");
- } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
- throw new InvalidKeyException("Invalid key", e);
- }
- }
- fallbackSignature.initVerify(key);
- if (pssParams != null) {
- try {
- fallbackSignature.setParameter(pssParams);
- } catch (InvalidAlgorithmParameterException e) {
- throw new InvalidKeyException("Invalid params", e);
- }
- }
- publicKey = null;
- }
- resetDigest();
- }
-
- @Override
- protected void engineUpdate(byte b) throws SignatureException {
- ensureInit();
- if (fallbackSignature != null) {
- fallbackSignature.update(b);
- } else {
- messageDigest.update(b);
- }
- needsReset = true;
- }
-
- @Override
- protected void engineUpdate(byte[] b, int off, int len) throws SignatureException {
- ensureInit();
- if (fallbackSignature != null) {
- fallbackSignature.update(b, off, len);
- } else {
- messageDigest.update(b, off, len);
- }
- needsReset = true;
- }
-
- @Override
- protected void engineUpdate(ByteBuffer input) {
- try {
- ensureInit();
- } catch (SignatureException se) {
- // hack for working around API bug
- throw new RuntimeException(se.getMessage());
- }
- if (fallbackSignature != null) {
- try {
- fallbackSignature.update(input);
- } catch (SignatureException se) {
- // hack for working around API bug
- throw new RuntimeException(se.getMessage());
- }
- } else {
- messageDigest.update(input);
- }
- needsReset = true;
- }
-
- @Override
- protected byte[] engineSign() throws SignatureException {
- ensureInit();
- byte[] hash = getDigestValue();
- return signPssHash(hash, hash.length,
- pssParams.getSaltLength(),
- ((MGF1ParameterSpec)
- pssParams.getMGFParameters()).getDigestAlgorithm(),
- privateKey.getHCryptProvider(), privateKey.getHCryptKey());
- }
-
- @Override
- protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
- ensureInit();
- if (fallbackSignature != null) {
- needsReset = false;
- return fallbackSignature.verify(sigBytes);
- } else {
- byte[] hash = getDigestValue();
- return verifyPssSignedHash(
- hash, hash.length,
- sigBytes, sigBytes.length,
- pssParams.getSaltLength(),
- ((MGF1ParameterSpec)
- pssParams.getMGFParameters()).getDigestAlgorithm(),
- publicKey.getHCryptProvider(),
- publicKey.getHCryptKey()
- );
- }
- }
-
- @Override
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
- if (needsReset) {
- throw new ProviderException
- ("Cannot set parameters during operations");
- }
- this.pssParams = validateSigParams(params);
- if (fallbackSignature != null) {
- fallbackSignature.setParameter(params);
- }
- }
-
- @Override
- protected AlgorithmParameters engineGetParameters() {
- AlgorithmParameters ap = null;
- if (this.pssParams != null) {
- try {
- ap = AlgorithmParameters.getInstance("RSASSA-PSS");
- ap.init(this.pssParams);
- } catch (GeneralSecurityException gse) {
- throw new ProviderException(gse.getMessage());
- }
- }
- return ap;
- }
-
- private void ensureInit() throws SignatureException {
- if (this.privateKey == null && this.publicKey == null
- && fallbackSignature == null) {
- throw new SignatureException("Missing key");
- }
- if (this.pssParams == null) {
- // Parameters are required for signature verification
- throw new SignatureException
- ("Parameters required for RSASSA-PSS signatures");
- }
- if (fallbackSignature == null && messageDigest == null) {
- // This could happen if initVerify(softKey), setParameter(),
- // and initSign() were called. No messageDigest. Create it.
- try {
- messageDigest = MessageDigest
- .getInstance(pssParams.getDigestAlgorithm());
- } catch (NoSuchAlgorithmException e) {
- throw new SignatureException(e);
- }
- }
- }
-
- /**
- * Validate the specified Signature PSS parameters.
- */
- private PSSParameterSpec validateSigParams(AlgorithmParameterSpec p)
- throws InvalidAlgorithmParameterException {
-
- if (p == null) {
- throw new InvalidAlgorithmParameterException
- ("Parameters cannot be null");
- }
-
- if (!(p instanceof PSSParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("parameters must be type PSSParameterSpec");
- }
-
- // no need to validate again if same as current signature parameters
- PSSParameterSpec params = (PSSParameterSpec) p;
- if (params == this.pssParams) return params;
-
- // now sanity check the parameter values
- if (!(params.getMGFAlgorithm().equalsIgnoreCase("MGF1"))) {
- throw new InvalidAlgorithmParameterException("Only supports MGF1");
-
- }
-
- if (params.getTrailerField() != PSSParameterSpec.TRAILER_FIELD_BC) {
- throw new InvalidAlgorithmParameterException
- ("Only supports TrailerFieldBC(1)");
- }
-
- AlgorithmParameterSpec algSpec = params.getMGFParameters();
- if (!(algSpec instanceof MGF1ParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("Only support MGF1ParameterSpec");
- }
-
- MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)algSpec;
-
- String msgHashAlg = params.getDigestAlgorithm()
- .toLowerCase(Locale.ROOT).replaceAll("-", "");
- if (msgHashAlg.equals("sha")) {
- msgHashAlg = "sha1";
- }
- String mgf1HashAlg = mgfSpec.getDigestAlgorithm()
- .toLowerCase(Locale.ROOT).replaceAll("-", "");
- if (mgf1HashAlg.equals("sha")) {
- mgf1HashAlg = "sha1";
- }
-
- if (!mgf1HashAlg.equals(msgHashAlg)) {
- throw new InvalidAlgorithmParameterException
- ("MGF1 hash must be the same as message hash");
- }
-
- return params;
- }
-
- /**
- * Sign hash using CNG API with HCRYPTKEY. Used by RSASSA-PSS.
- */
- private native static byte[] signPssHash(byte[] hash,
- int hashSize, int saltLength, String hashAlgorithm,
- long hCryptProv, long nCryptKey)
- throws SignatureException;
-
- /**
- * Verify a signed hash using CNG API with HCRYPTKEY. Used by RSASSA-PSS.
- * This method is not used now. See {@link #fallbackSignature}.
- */
- private native static boolean verifyPssSignedHash(byte[] hash, int hashSize,
- byte[] signature, int signatureSize,
- int saltLength, String hashAlgorithm,
- long hCryptProv, long hKey) throws SignatureException;
- }
-
- // initialize for signing. See JCA doc
- @Override
- protected void engineInitVerify(PublicKey key)
- throws InvalidKeyException
- {
- // This signature accepts only RSAPublicKey
- if ((key instanceof java.security.interfaces.RSAPublicKey) == false) {
- throw new InvalidKeyException("Key type not supported");
- }
-
- java.security.interfaces.RSAPublicKey rsaKey =
- (java.security.interfaces.RSAPublicKey) key;
-
- if ((key instanceof sun.security.mscapi.RSAPublicKey) == false) {
-
- // convert key to MSCAPI format
-
- BigInteger modulus = rsaKey.getModulus();
- BigInteger exponent = rsaKey.getPublicExponent();
-
- // Check against the local and global values to make sure
- // the sizes are ok. Round up to the nearest byte.
- RSAKeyFactory.checkKeyLengths(((modulus.bitLength() + 7) & ~7),
- exponent, -1, RSAKeyPairGenerator.KEY_SIZE_MAX);
-
- byte[] modulusBytes = modulus.toByteArray();
- byte[] exponentBytes = exponent.toByteArray();
-
- // Adjust key length due to sign bit
- int keyBitLength = (modulusBytes[0] == 0)
- ? (modulusBytes.length - 1) * 8
- : modulusBytes.length * 8;
-
- byte[] keyBlob = generatePublicKeyBlob(
- keyBitLength, modulusBytes, exponentBytes);
-
- try {
- publicKey = importPublicKey(keyBlob, keyBitLength);
-
- } catch (KeyStoreException e) {
- throw new InvalidKeyException(e);
- }
-
- } else {
- publicKey = (sun.security.mscapi.RSAPublicKey) key;
- }
-
- this.privateKey = null;
- resetDigest();
- }
-
- // initialize for signing. See JCA doc
- @Override
- protected void engineInitSign(PrivateKey key) throws InvalidKeyException
- {
- // This signature accepts only RSAPrivateKey
- if ((key instanceof sun.security.mscapi.RSAPrivateKey) == false) {
- throw new InvalidKeyException("Key type not supported");
- }
- privateKey = (sun.security.mscapi.RSAPrivateKey) key;
-
- // Check against the local and global values to make sure
- // the sizes are ok. Round up to nearest byte.
- RSAKeyFactory.checkKeyLengths(((privateKey.length() + 7) & ~7),
- null, RSAKeyPairGenerator.KEY_SIZE_MIN,
- RSAKeyPairGenerator.KEY_SIZE_MAX);
-
- this.publicKey = null;
- resetDigest();
- }
-
- /**
- * Resets the message digest if needed.
- */
- protected void resetDigest() {
- if (needsReset) {
- if (messageDigest != null) {
- messageDigest.reset();
- }
- needsReset = false;
- }
- }
-
- protected byte[] getDigestValue() throws SignatureException {
- needsReset = false;
- return messageDigest.digest();
- }
-
- protected void setDigestName(String name) {
- messageDigestAlgorithm = name;
- }
-
- /**
- * Updates the data to be signed or verified
- * using the specified byte.
- *
- * @param b the byte to use for the update.
- *
- * @exception SignatureException if the engine is not initialized
- * properly.
- */
- @Override
- protected void engineUpdate(byte b) throws SignatureException
- {
- messageDigest.update(b);
- needsReset = true;
- }
-
- /**
- * Updates the data to be signed or verified, using the
- * specified array of bytes, starting at the specified offset.
- *
- * @param b the array of bytes
- * @param off the offset to start from in the array of bytes
- * @param len the number of bytes to use, starting at offset
- *
- * @exception SignatureException if the engine is not initialized
- * properly
- */
- @Override
- protected void engineUpdate(byte[] b, int off, int len)
- throws SignatureException
- {
- messageDigest.update(b, off, len);
- needsReset = true;
- }
-
- /**
- * Updates the data to be signed or verified, using the
- * specified ByteBuffer.
- *
- * @param input the ByteBuffer
- */
- @Override
- protected void engineUpdate(ByteBuffer input)
- {
- messageDigest.update(input);
- needsReset = true;
- }
-
- /**
- * Returns the signature bytes of all the data
- * updated so far.
- * The format of the signature depends on the underlying
- * signature scheme.
- *
- * @return the signature bytes of the signing operation's result.
- *
- * @exception SignatureException if the engine is not
- * initialized properly or if this signature algorithm is unable to
- * process the input data provided.
- */
- @Override
- protected byte[] engineSign() throws SignatureException {
-
- byte[] hash = getDigestValue();
-
- // Omit the hash OID when generating a Raw signature
- boolean noHashOID = this instanceof Raw;
-
- // Sign hash using MS Crypto APIs
-
- byte[] result = signHash(noHashOID, hash, hash.length,
- messageDigestAlgorithm, privateKey.getHCryptProvider(),
- privateKey.getHCryptKey());
-
- // Convert signature array from little endian to big endian
- return convertEndianArray(result);
- }
-
- /**
- * Convert array from big endian to little endian, or vice versa.
- */
- private byte[] convertEndianArray(byte[] byteArray)
- {
- if (byteArray == null || byteArray.length == 0)
- return byteArray;
-
- byte [] retval = new byte[byteArray.length];
-
- // make it big endian
- for (int i=0;i < byteArray.length;i++)
- retval[i] = byteArray[byteArray.length - i - 1];
-
- return retval;
- }
-
- /**
- * Sign hash using Microsoft Crypto API with HCRYPTKEY.
- * The returned data is in little-endian.
- */
- private native static byte[] signHash(boolean noHashOID, byte[] hash,
- int hashSize, String hashAlgorithm, long hCryptProv, long hCryptKey)
- throws SignatureException;
-
- /**
- * Verify a signed hash using Microsoft Crypto API with HCRYPTKEY.
- */
- private native static boolean verifySignedHash(byte[] hash, int hashSize,
- String hashAlgorithm, byte[] signature, int signatureSize,
- long hCryptProv, long hCryptKey) throws SignatureException;
-
- /**
- * Verifies the passed-in signature.
- *
- * @param sigBytes the signature bytes to be verified.
- *
- * @return true if the signature was verified, false if not.
- *
- * @exception SignatureException if the engine is not
- * initialized properly, the passed-in signature is improperly
- * encoded or of the wrong type, if this signature algorithm is unable to
- * process the input data provided, etc.
- */
- @Override
- protected boolean engineVerify(byte[] sigBytes)
- throws SignatureException
- {
- byte[] hash = getDigestValue();
-
- return verifySignedHash(hash, hash.length,
- messageDigestAlgorithm, convertEndianArray(sigBytes),
- sigBytes.length, publicKey.getHCryptProvider(),
- publicKey.getHCryptKey());
- }
-
- /**
- * Sets the specified algorithm parameter to the specified
- * value. This method supplies a general-purpose mechanism through
- * which it is possible to set the various parameters of this object.
- * A parameter may be any settable parameter for the algorithm, such as
- * a parameter size, or a source of random bits for signature generation
- * (if appropriate), or an indication of whether or not to perform
- * a specific but optional computation. A uniform algorithm-specific
- * naming scheme for each parameter is desirable but left unspecified
- * at this time.
- *
- * @param param the string identifier of the parameter.
- *
- * @param value the parameter value.
- *
- * @exception InvalidParameterException if <code>param</code> is an
- * invalid parameter for this signature algorithm engine,
- * the parameter is already set
- * and cannot be set again, a security exception occurs, and so on.
- *
- * @deprecated Replaced by {@link
- * #engineSetParameter(java.security.spec.AlgorithmParameterSpec)
- * engineSetParameter}.
- */
- @Override
- @Deprecated
- protected void engineSetParameter(String param, Object value)
- throws InvalidParameterException
- {
- throw new InvalidParameterException("Parameter not supported");
- }
-
- /**
- * Sets this signature engine with the specified algorithm parameter.
- *
- * @param params the parameters
- *
- * @exception InvalidAlgorithmParameterException if the given
- * parameter is invalid
- */
- @Override
- protected void engineSetParameter(AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException
- {
- if (params != null) {
- throw new InvalidAlgorithmParameterException("No parameter accepted");
- }
- }
-
- /**
- * Gets the value of the specified algorithm parameter.
- * This method supplies a general-purpose mechanism through which it
- * is possible to get the various parameters of this object. A parameter
- * may be any settable parameter for the algorithm, such as a parameter
- * size, or a source of random bits for signature generation (if
- * appropriate), or an indication of whether or not to perform a
- * specific but optional computation. A uniform algorithm-specific
- * naming scheme for each parameter is desirable but left unspecified
- * at this time.
- *
- * @param param the string name of the parameter.
- *
- * @return the object that represents the parameter value, or null if
- * there is none.
- *
- * @exception InvalidParameterException if <code>param</code> is an
- * invalid parameter for this engine, or another exception occurs while
- * trying to get this parameter.
- *
- * @deprecated
- */
- @Override
- @Deprecated
- protected Object engineGetParameter(String param)
- throws InvalidParameterException
- {
- throw new InvalidParameterException("Parameter not supported");
- }
-
- /**
- * Gets the algorithm parameter from this signature engine.
- *
- * @return the parameter, or null if no parameter is used.
- */
- @Override
- protected AlgorithmParameters engineGetParameters() {
- return null;
- }
-
- /**
- * Generates a public-key BLOB from a key's components.
- */
- // used by RSACipher
- static native byte[] generatePublicKeyBlob(
- int keyBitLength, byte[] modulus, byte[] publicExponent)
- throws InvalidKeyException;
-
- /**
- * Imports a public-key BLOB.
- */
- // used by RSACipher
- static native RSAPublicKey importPublicKey(byte[] keyBlob, int keySize)
- throws KeyStoreException;
-}