diff -r 39d88709b138 -r 3195a713e24d src/java.base/share/classes/sun/security/rsa/RSASignature.java --- a/src/java.base/share/classes/sun/security/rsa/RSASignature.java Mon May 21 17:17:24 2018 -0400 +++ b/src/java.base/share/classes/sun/security/rsa/RSASignature.java Mon May 21 23:40:52 2018 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,16 +30,18 @@ import java.security.*; import java.security.interfaces.*; +import java.security.spec.AlgorithmParameterSpec; +import sun.security.rsa.RSAUtil.KeyType; import sun.security.util.*; import sun.security.x509.AlgorithmId; /** - * PKCS#1 RSA signatures with the various message digest algorithms. + * PKCS#1 v1.5 RSA signatures with the various message digest algorithms. * This file contains an abstract base class with all the logic plus * a nested static class for each of the message digest algorithms * (see end of the file). We support MD2, MD5, SHA-1, SHA-224, SHA-256, - * SHA-384, and SHA-512. + * SHA-384, SHA-512, SHA-512/224, and SHA-512/256. * * @since 1.5 * @author Andreas Sterbenz @@ -85,6 +87,7 @@ } // initialize for verification. See JCA doc + @Override protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException { RSAPublicKey rsaKey = (RSAPublicKey)RSAKeyFactory.toRSAKey(publicKey); @@ -94,12 +97,14 @@ } // initialize for signing. See JCA doc + @Override protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException { engineInitSign(privateKey, null); } // initialize for signing. See JCA doc + @Override protected void engineInitSign(PrivateKey privateKey, SecureRandom random) throws InvalidKeyException { RSAPrivateKey rsaKey = @@ -114,6 +119,11 @@ */ private void initCommon(RSAKey rsaKey, SecureRandom random) throws InvalidKeyException { + try { + RSAUtil.checkParamsAgainstType(KeyType.RSA, rsaKey.getParams()); + } catch (ProviderException e) { + throw new InvalidKeyException("Invalid key for RSA signatures", e); + } resetDigest(); int keySize = RSACore.getByteLength(rsaKey); try { @@ -148,12 +158,14 @@ } // update the signature with the plaintext data. See JCA doc + @Override protected void engineUpdate(byte b) throws SignatureException { md.update(b); digestReset = false; } // update the signature with the plaintext data. See JCA doc + @Override protected void engineUpdate(byte[] b, int off, int len) throws SignatureException { md.update(b, off, len); @@ -161,13 +173,18 @@ } // update the signature with the plaintext data. See JCA doc + @Override protected void engineUpdate(ByteBuffer b) { md.update(b); digestReset = false; } // sign the data and return the signature. See JCA doc + @Override protected byte[] engineSign() throws SignatureException { + if (privateKey == null) { + throw new SignatureException("Missing private key"); + } byte[] digest = getDigestValue(); try { byte[] encoded = encodeSignature(digestOID, digest); @@ -183,7 +200,11 @@ // verify the data and return the result. See JCA doc // should be reset to the state after engineInitVerify call. + @Override protected boolean engineVerify(byte[] sigBytes) throws SignatureException { + if (publicKey == null) { + throw new SignatureException("Missing public key"); + } try { if (sigBytes.length != RSACore.getByteLength(publicKey)) { throw new SignatureException("Signature length not correct: got " + @@ -248,18 +269,35 @@ // set parameter, not supported. See JCA doc @Deprecated + @Override protected void engineSetParameter(String param, Object value) throws InvalidParameterException { throw new UnsupportedOperationException("setParameter() not supported"); } + // See JCA doc + @Override + protected void engineSetParameter(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + if (params != null) { + throw new InvalidAlgorithmParameterException("No parameters accepted"); + } + } + // get parameter, not supported. See JCA doc @Deprecated + @Override protected Object engineGetParameter(String param) throws InvalidParameterException { throw new UnsupportedOperationException("getParameter() not supported"); } + // See JCA doc + @Override + protected AlgorithmParameters engineGetParameters() { + return null; + } + // Nested class for MD2withRSA signatures public static final class MD2withRSA extends RSASignature { public MD2withRSA() { @@ -309,4 +347,17 @@ } } + // Nested class for SHA512/224withRSA signatures + public static final class SHA512_224withRSA extends RSASignature { + public SHA512_224withRSA() { + super("SHA-512/224", AlgorithmId.SHA512_224_oid, 11); + } + } + + // Nested class for SHA512/256withRSA signatures + public static final class SHA512_256withRSA extends RSASignature { + public SHA512_256withRSA() { + super("SHA-512/256", AlgorithmId.SHA512_256_oid, 11); + } + } }