jdk-sandbox: comparison jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java

equal deleted inserted replaced

-:44fe768edfd2
+:b9b80421cfa7
 /*
-* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 import javax.crypto.spec.PSource;
 import javax.crypto.spec.OAEPParameterSpec;
 import sun.security.rsa.*;
 import sun.security.jca.Providers;
+import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
+import sun.security.util.KeyUtil;
 /**
 * RSA cipher implementation. Supports RSA en/decryption and signing/verifying
 * using PKCS#1 v1.5 padding and without padding (raw RSA). Note that raw RSA
 * is supported mostly for completeness and should only be used in rare cases.
 private String paddingType;
 // padding object
 private RSAPadding padding;
-// cipher parameter for OAEP padding
+// cipher parameter for OAEP padding and TLS RSA premaster secret
-private OAEPParameterSpec spec = null;
+private AlgorithmParameterSpec spec = null;
 // buffer for the data
 private byte[] buffer;
 // offset into the buffer (number of bytes buffered)
 private int bufOfs;
 // the private key, if we were initialized using a private key
 private RSAPrivateKey privateKey;
 // hash algorithm for OAEP
 private String oaepHashAlgorithm = "SHA-1";
+// the source of randomness
+private SecureRandom random;
 public RSACipher() {
 paddingType = PAD_PKCS1;
 }
 return null;
 }
 // see JCE spec
 protected AlgorithmParameters engineGetParameters() {
-if (spec != null) {
+if (spec != null && spec instanceof OAEPParameterSpec) {
 try {
 AlgorithmParameters params =
 AlgorithmParameters.getInstance("OAEP",
 SunJCE.getInstance());
 params.init(spec);
 }
 padding = RSAPadding.getInstance(RSAPadding.PAD_NONE, n, random);
 buffer = new byte[n];
 } else if (paddingType == PAD_PKCS1) {
 if (params != null) {
-throw new InvalidAlgorithmParameterException
+if (!(params instanceof TlsRsaPremasterSecretParameterSpec)) {
-("Parameters not supported");
+throw new InvalidAlgorithmParameterException(
+"Parameters not supported");
+}
+spec = params;
+this.random = random;   // for TLS RSA premaster secret
 }
 int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2
 : RSAPadding.PAD_BLOCKTYPE_1;
 padding = RSAPadding.getInstance(blockType, n, random);
 if (encrypt) {
 } else { // PAD_OAEP_MGF1
 if ((mode == MODE_SIGN) || (mode == MODE_VERIFY)) {
 throw new InvalidKeyException
 ("OAEP cannot be used to sign or verify signatures");
 }
-OAEPParameterSpec myParams;
 if (params != null) {
 if (!(params instanceof OAEPParameterSpec)) {
 throw new InvalidAlgorithmParameterException
 ("Wrong Parameters for OAEP Padding");
 }
-myParams = (OAEPParameterSpec) params;
+spec = params;
 } else {
-myParams = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1",
+spec = new OAEPParameterSpec(oaepHashAlgorithm, "MGF1",
 MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT);
 }
 padding = RSAPadding.getInstance(RSAPadding.PAD_OAEP_MGF1, n,
-random, myParams);
+random, (OAEPParameterSpec)spec);
 if (encrypt) {
 int k = padding.getMaxDataSize();
 buffer = new byte[k];
 } else {
 buffer = new byte[n];
 protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
 int type) throws InvalidKeyException, NoSuchAlgorithmException {
 if (wrappedKey.length > buffer.length) {
 throw new InvalidKeyException("Key is too long for unwrapping");
 }
+boolean isTlsRsaPremasterSecret =
+algorithm.equals("TlsRsaPremasterSecret");
+Exception failover = null;
+byte[] encoded = null;
 update(wrappedKey, 0, wrappedKey.length);
 try {
-byte[] encoded = doFinal();
+encoded = doFinal();
-return ConstructKeys.constructKey(encoded, algorithm, type);
 } catch (BadPaddingException e) {
-// should not occur
+if (isTlsRsaPremasterSecret) {
-throw new InvalidKeyException("Unwrapping failed", e);
+failover = e;
+} else {
+throw new InvalidKeyException("Unwrapping failed", e);
+}
 } catch (IllegalBlockSizeException e) {
 // should not occur, handled with length check above
 throw new InvalidKeyException("Unwrapping failed", e);
 }
+if (isTlsRsaPremasterSecret) {
+if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
+throw new IllegalStateException(
+"No TlsRsaPremasterSecretParameterSpec specified");
+}
+// polish the TLS premaster secret
+encoded = KeyUtil.checkTlsPreMasterSecretKey(
+((TlsRsaPremasterSecretParameterSpec)spec).getClientVersion(),
+((TlsRsaPremasterSecretParameterSpec)spec).getServerVersion(),
+random, encoded, (failover != null));
+}
+return ConstructKeys.constructKey(encoded, algorithm, type);
 }
 // see JCE spec
 protected int engineGetKeySize(Key key) throws InvalidKeyException {
 RSAKey rsaKey = RSAKeyFactory.toRSAKey(key);
 return rsaKey.getModulus().bitLength();
 }
 }

changeset 23733	b9b80421cfa7
parent 16909	78a1749a43e2