< prev index next >

src/java.base/share/classes/sun/security/x509/AlgorithmId.java

Print this page
rev 51972 : 8215694: keytool cannot generate RSASSA-PSS certificates
Reviewed-by: xuelei

*** 1,7 **** /* ! * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this --- 1,7 ---- /* ! * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this
*** 24,36 **** --- 24,41 ---- */ package sun.security.x509; import java.io.*; + import java.security.spec.AlgorithmParameterSpec; + import java.security.spec.InvalidParameterSpecException; + import java.security.spec.MGF1ParameterSpec; + import java.security.spec.PSSParameterSpec; import java.util.*; import java.security.*; + import sun.security.rsa.PSSParameters; import sun.security.util.*; /** * This class identifies algorithms, such as cryptographic transforms, each
*** 188,198 **** algid.equals((Object)sha1WithDSA_oid)) { ; // no parameter part encoded } else { bytes.putNull(); }*/ ! bytes.putNull(); } else { bytes.putDerValue(params); } tmp.write(DerValue.tag_Sequence, bytes); out.write(tmp.toByteArray()); --- 193,208 ---- algid.equals((Object)sha1WithDSA_oid)) { ; // no parameter part encoded } else { bytes.putNull(); }*/ ! if (algid.equals(RSASSA_PSS_oid)) { ! // RFC 4055 3.3: when an RSASSA-PSS key does not require ! // parameter validation, field is absent. ! } else { ! bytes.putNull(); ! } } else { bytes.putDerValue(params); } tmp.write(DerValue.tag_Sequence, bytes); out.write(tmp.toByteArray());
*** 687,696 **** --- 697,708 ---- public static final ObjectIdentifier RSA_oid; public static final ObjectIdentifier RSAEncryption_oid = oid(1, 2, 840, 113549, 1, 1, 1); public static final ObjectIdentifier RSAES_OAEP_oid = oid(1, 2, 840, 113549, 1, 1, 7); + public static final ObjectIdentifier mgf1_oid = + oid(1, 2, 840, 113549, 1, 1, 8); public static final ObjectIdentifier RSASSA_PSS_oid = oid(1, 2, 840, 113549, 1, 1, 10); /* * COMMON SECRET KEY TYPES
*** 1052,1061 **** --- 1064,1148 ---- default: return null; } } + // Most commonly used PSSParameterSpec and AlgorithmId + private static class PSSParamsHolder { + + final static PSSParameterSpec PSS_256_SPEC = new PSSParameterSpec( + "SHA-256", "MGF1", + new MGF1ParameterSpec("SHA-256"), + 32, PSSParameterSpec.TRAILER_FIELD_BC); + final static PSSParameterSpec PSS_384_SPEC = new PSSParameterSpec( + "SHA-384", "MGF1", + new MGF1ParameterSpec("SHA-384"), + 48, PSSParameterSpec.TRAILER_FIELD_BC); + final static PSSParameterSpec PSS_512_SPEC = new PSSParameterSpec( + "SHA-512", "MGF1", + new MGF1ParameterSpec("SHA-512"), + 64, PSSParameterSpec.TRAILER_FIELD_BC); + + final static AlgorithmId PSS_256_ID; + final static AlgorithmId PSS_384_ID; + final static AlgorithmId PSS_512_ID; + + static { + try { + PSS_256_ID = new AlgorithmId(RSASSA_PSS_oid, + new DerValue(PSSParameters.getEncoded(PSS_256_SPEC))); + PSS_384_ID = new AlgorithmId(RSASSA_PSS_oid, + new DerValue(PSSParameters.getEncoded(PSS_384_SPEC))); + PSS_512_ID = new AlgorithmId(RSASSA_PSS_oid, + new DerValue(PSSParameters.getEncoded(PSS_512_SPEC))); + } catch (IOException e) { + throw new AssertionError("Should not happen", e); + } + } + } + + public static AlgorithmId getWithParameterSpec(String algName, + AlgorithmParameterSpec spec) throws NoSuchAlgorithmException { + + if (spec == null) { + return AlgorithmId.get(algName); + } else if (spec == PSSParamsHolder.PSS_256_SPEC) { + return PSSParamsHolder.PSS_256_ID; + } else if (spec == PSSParamsHolder.PSS_384_SPEC) { + return PSSParamsHolder.PSS_384_ID; + } else if (spec == PSSParamsHolder.PSS_512_SPEC) { + return PSSParamsHolder.PSS_512_ID; + } else { + try { + AlgorithmParameters result = + AlgorithmParameters.getInstance(algName); + result.init(spec); + return get(result); + } catch (InvalidParameterSpecException | NoSuchAlgorithmException e) { + throw new ProviderException(e); + } + } + } + + public static PSSParameterSpec getDefaultAlgorithmParameterSpec( + String sigAlg, PrivateKey k) { + if (sigAlg.equalsIgnoreCase("RSASSA-PSS")) { + switch (ifcFfcStrength(KeyUtil.getKeySize(k))) { + case "SHA256": + return PSSParamsHolder.PSS_256_SPEC; + case "SHA384": + return PSSParamsHolder.PSS_384_SPEC; + case "SHA512": + return PSSParamsHolder.PSS_512_SPEC; + default: + throw new AssertionError("Should not happen"); + } + } else { + return null; + } + } + // Values from SP800-57 part 1 rev 4 tables 2 and 3 private static String ecStrength (int bitLength) { if (bitLength >= 512) { // 256 bits of strength return "SHA512"; } else if (bitLength >= 384) { // 192 bits of strength
< prev index next >