Skip to content

Commit c0bf445

Browse files
seanjmullanseanjmullan
committed
SANTUARIO-604: Use PSSParameterSpec for RSASSA-PSS without parameters SignatureMethod URIs
1 parent ccac0cb commit c0bf445

6 files changed

Lines changed: 442 additions & 52 deletions

File tree

NOTICE

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,4 +11,4 @@ The development of this software was partly funded by the European
1111
Commission in the <WebSig> project in the ISIS Programme.
1212

1313
This product contains software that is
14-
copyright (c) 2021, Oracle and/or its affiliates.
14+
copyright (c) 2021, 2023, Oracle and/or its affiliates.

src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java

Lines changed: 230 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@
3636
import java.security.interfaces.DSAKey;
3737
import java.security.interfaces.ECPrivateKey;
3838
import java.security.spec.AlgorithmParameterSpec;
39+
import java.security.spec.MGF1ParameterSpec;
40+
import java.security.spec.PSSParameterSpec;
3941

4042
import javax.xml.crypto.MarshalException;
4143
import javax.xml.crypto.dsig.SignatureMethod;
@@ -108,6 +110,14 @@ public abstract class DOMSignatureMethod extends AbstractDOMSignatureMethod {
108110
"http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1";
109111
static final String RSA_RIPEMD160_MGF1 =
110112
"http://www.w3.org/2007/05/xmldsig-more#ripemd160-rsa-MGF1";
113+
static final String RSA_SHA3_224_MGF1 =
114+
"http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1";
115+
static final String RSA_SHA3_256_MGF1 =
116+
"http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1";
117+
static final String RSA_SHA3_384_MGF1 =
118+
"http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1";
119+
static final String RSA_SHA3_512_MGF1 =
120+
"http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1";
111121

112122
/**
113123
* Creates a <code>DOMSignatureMethod</code>.
@@ -199,6 +209,14 @@ static SignatureMethod unmarshal(Element smElem) throws MarshalException {
199209
return new SHA384withRSAandMGF1(smElem);
200210
} else if (alg.equals(RSA_SHA512_MGF1)) {
201211
return new SHA512withRSAandMGF1(smElem);
212+
} else if (alg.equals(RSA_SHA3_224_MGF1)) {
213+
return new SHA3_224withRSAandMGF1(smElem);
214+
} else if (alg.equals(RSA_SHA3_256_MGF1)) {
215+
return new SHA3_256withRSAandMGF1(smElem);
216+
} else if (alg.equals(RSA_SHA3_384_MGF1)) {
217+
return new SHA3_384withRSAandMGF1(smElem);
218+
} else if (alg.equals(RSA_SHA3_512_MGF1)) {
219+
return new SHA3_512withRSAandMGF1(smElem);
202220
} else if (alg.equals(DOMRSAPSSSignatureMethod.RSA_PSS)) {
203221
return new DOMRSAPSSSignatureMethod.RSAPSS(smElem);
204222
} else if (alg.equals(RSA_RIPEMD160_MGF1)) {
@@ -362,6 +380,40 @@ byte[] preVerifyFormat(Key key, byte[] sig) {
362380
}
363381
}
364382

383+
abstract static class AbstractRSAPSSSignatureMethod
384+
extends AbstractRSASignatureMethod {
385+
386+
AbstractRSAPSSSignatureMethod(AlgorithmParameterSpec params)
387+
throws InvalidAlgorithmParameterException {
388+
super(params);
389+
}
390+
391+
AbstractRSAPSSSignatureMethod(Element dmElem) throws MarshalException {
392+
super(dmElem);
393+
}
394+
395+
public abstract PSSParameterSpec getPSSParameterSpec();
396+
397+
@Override
398+
Signature getSignature(Provider p)
399+
throws NoSuchAlgorithmException {
400+
try {
401+
Signature s = (p == null)
402+
? Signature.getInstance("RSASSA-PSS")
403+
: Signature.getInstance("RSASSA-PSS", p);
404+
try {
405+
s.setParameter(getPSSParameterSpec());
406+
} catch (InvalidAlgorithmParameterException e) {
407+
throw new NoSuchAlgorithmException("Should not happen", e);
408+
}
409+
return s;
410+
} catch (NoSuchAlgorithmException nsae) {
411+
return (p == null)
412+
? Signature.getInstance(getJCAAlgorithm())
413+
: Signature.getInstance(getJCAAlgorithm(), p);
414+
}
415+
}
416+
}
365417
/**
366418
* Abstract class to support signature algorithms that sign and verify
367419
* signatures in the IEEE P1363 format. The P1363 format is the
@@ -660,7 +712,12 @@ Type getAlgorithmType() {
660712
}
661713
}
662714

663-
static final class SHA1withRSAandMGF1 extends AbstractRSASignatureMethod {
715+
static final class SHA1withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
716+
717+
private static PSSParameterSpec spec
718+
= new PSSParameterSpec("SHA-1", "MGF1", MGF1ParameterSpec.SHA1,
719+
20, PSSParameterSpec.TRAILER_FIELD_BC);
720+
664721
SHA1withRSAandMGF1(AlgorithmParameterSpec params)
665722
throws InvalidAlgorithmParameterException {
666723
super(params);
@@ -673,6 +730,10 @@ public String getAlgorithm() {
673730
return RSA_SHA1_MGF1;
674731
}
675732
@Override
733+
public PSSParameterSpec getPSSParameterSpec() {
734+
return spec;
735+
}
736+
@Override
676737
String getJCAAlgorithm() {
677738
return "SHA1withRSAandMGF1";
678739
}
@@ -682,7 +743,12 @@ Type getAlgorithmType() {
682743
}
683744
}
684745

685-
static final class SHA224withRSAandMGF1 extends AbstractRSASignatureMethod {
746+
static final class SHA224withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
747+
748+
private static PSSParameterSpec spec
749+
= new PSSParameterSpec("SHA-224", "MGF1", MGF1ParameterSpec.SHA224,
750+
28, PSSParameterSpec.TRAILER_FIELD_BC);
751+
686752
SHA224withRSAandMGF1(AlgorithmParameterSpec params)
687753
throws InvalidAlgorithmParameterException {
688754
super(params);
@@ -695,6 +761,10 @@ public String getAlgorithm() {
695761
return RSA_SHA224_MGF1;
696762
}
697763
@Override
764+
public PSSParameterSpec getPSSParameterSpec() {
765+
return spec;
766+
}
767+
@Override
698768
String getJCAAlgorithm() {
699769
return "SHA224withRSAandMGF1";
700770
}
@@ -704,7 +774,12 @@ Type getAlgorithmType() {
704774
}
705775
}
706776

707-
static final class SHA256withRSAandMGF1 extends AbstractRSASignatureMethod {
777+
static final class SHA256withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
778+
779+
private static PSSParameterSpec spec
780+
= new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256,
781+
32, PSSParameterSpec.TRAILER_FIELD_BC);
782+
708783
SHA256withRSAandMGF1(AlgorithmParameterSpec params)
709784
throws InvalidAlgorithmParameterException {
710785
super(params);
@@ -717,6 +792,10 @@ public String getAlgorithm() {
717792
return RSA_SHA256_MGF1;
718793
}
719794
@Override
795+
public PSSParameterSpec getPSSParameterSpec() {
796+
return spec;
797+
}
798+
@Override
720799
String getJCAAlgorithm() {
721800
return "SHA256withRSAandMGF1";
722801
}
@@ -726,7 +805,12 @@ Type getAlgorithmType() {
726805
}
727806
}
728807

729-
static final class SHA384withRSAandMGF1 extends AbstractRSASignatureMethod {
808+
static final class SHA384withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
809+
810+
private static PSSParameterSpec spec
811+
= new PSSParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384,
812+
48, PSSParameterSpec.TRAILER_FIELD_BC);
813+
730814
SHA384withRSAandMGF1(AlgorithmParameterSpec params)
731815
throws InvalidAlgorithmParameterException {
732816
super(params);
@@ -739,6 +823,10 @@ public String getAlgorithm() {
739823
return RSA_SHA384_MGF1;
740824
}
741825
@Override
826+
public PSSParameterSpec getPSSParameterSpec() {
827+
return spec;
828+
}
829+
@Override
742830
String getJCAAlgorithm() {
743831
return "SHA384withRSAandMGF1";
744832
}
@@ -748,7 +836,12 @@ Type getAlgorithmType() {
748836
}
749837
}
750838

751-
static final class SHA512withRSAandMGF1 extends AbstractRSASignatureMethod {
839+
static final class SHA512withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
840+
841+
private static PSSParameterSpec spec
842+
= new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512,
843+
64, PSSParameterSpec.TRAILER_FIELD_BC);
844+
752845
SHA512withRSAandMGF1(AlgorithmParameterSpec params)
753846
throws InvalidAlgorithmParameterException {
754847
super(params);
@@ -761,6 +854,10 @@ public String getAlgorithm() {
761854
return RSA_SHA512_MGF1;
762855
}
763856
@Override
857+
public PSSParameterSpec getPSSParameterSpec() {
858+
return spec;
859+
}
860+
@Override
764861
String getJCAAlgorithm() {
765862
return "SHA512withRSAandMGF1";
766863
}
@@ -770,6 +867,134 @@ Type getAlgorithmType() {
770867
}
771868
}
772869

870+
static final class SHA3_224withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
871+
872+
private static PSSParameterSpec spec
873+
= new PSSParameterSpec("SHA3-224", "MGF1",
874+
new MGF1ParameterSpec("SHA3-224"), 28,
875+
PSSParameterSpec.TRAILER_FIELD_BC);
876+
877+
SHA3_224withRSAandMGF1(AlgorithmParameterSpec params)
878+
throws InvalidAlgorithmParameterException {
879+
super(params);
880+
}
881+
SHA3_224withRSAandMGF1(Element dmElem) throws MarshalException {
882+
super(dmElem);
883+
}
884+
@Override
885+
public String getAlgorithm() {
886+
return RSA_SHA3_224_MGF1;
887+
}
888+
@Override
889+
public PSSParameterSpec getPSSParameterSpec() {
890+
return spec;
891+
}
892+
@Override
893+
String getJCAAlgorithm() {
894+
return "SHA3-224withRSAandMGF1";
895+
}
896+
@Override
897+
Type getAlgorithmType() {
898+
return Type.RSA;
899+
}
900+
}
901+
902+
static final class SHA3_256withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
903+
904+
private static PSSParameterSpec spec
905+
= new PSSParameterSpec("SHA3-256", "MGF1",
906+
new MGF1ParameterSpec("SHA3-256"), 32,
907+
PSSParameterSpec.TRAILER_FIELD_BC);
908+
909+
SHA3_256withRSAandMGF1(AlgorithmParameterSpec params)
910+
throws InvalidAlgorithmParameterException {
911+
super(params);
912+
}
913+
SHA3_256withRSAandMGF1(Element dmElem) throws MarshalException {
914+
super(dmElem);
915+
}
916+
@Override
917+
public String getAlgorithm() {
918+
return RSA_SHA3_256_MGF1;
919+
}
920+
@Override
921+
public PSSParameterSpec getPSSParameterSpec() {
922+
return spec;
923+
}
924+
@Override
925+
String getJCAAlgorithm() {
926+
return "SHA3-256withRSAandMGF1";
927+
}
928+
@Override
929+
Type getAlgorithmType() {
930+
return Type.RSA;
931+
}
932+
}
933+
934+
static final class SHA3_384withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
935+
936+
private static PSSParameterSpec spec
937+
= new PSSParameterSpec("SHA3-384", "MGF1",
938+
new MGF1ParameterSpec("SHA3-384"), 48,
939+
PSSParameterSpec.TRAILER_FIELD_BC);
940+
941+
SHA3_384withRSAandMGF1(AlgorithmParameterSpec params)
942+
throws InvalidAlgorithmParameterException {
943+
super(params);
944+
}
945+
SHA3_384withRSAandMGF1(Element dmElem) throws MarshalException {
946+
super(dmElem);
947+
}
948+
@Override
949+
public String getAlgorithm() {
950+
return RSA_SHA3_384_MGF1;
951+
}
952+
@Override
953+
public PSSParameterSpec getPSSParameterSpec() {
954+
return spec;
955+
}
956+
@Override
957+
String getJCAAlgorithm() {
958+
return "SHA3-384withRSAandMGF1";
959+
}
960+
@Override
961+
Type getAlgorithmType() {
962+
return Type.RSA;
963+
}
964+
}
965+
966+
static final class SHA3_512withRSAandMGF1 extends AbstractRSAPSSSignatureMethod {
967+
968+
private static PSSParameterSpec spec
969+
= new PSSParameterSpec("SHA3-512", "MGF1",
970+
new MGF1ParameterSpec("SHA3-512"), 64,
971+
PSSParameterSpec.TRAILER_FIELD_BC);
972+
973+
SHA3_512withRSAandMGF1(AlgorithmParameterSpec params)
974+
throws InvalidAlgorithmParameterException {
975+
super(params);
976+
}
977+
SHA3_512withRSAandMGF1(Element dmElem) throws MarshalException {
978+
super(dmElem);
979+
}
980+
@Override
981+
public String getAlgorithm() {
982+
return RSA_SHA3_512_MGF1;
983+
}
984+
@Override
985+
public PSSParameterSpec getPSSParameterSpec() {
986+
return spec;
987+
}
988+
@Override
989+
String getJCAAlgorithm() {
990+
return "SHA3-512withRSAandMGF1";
991+
}
992+
@Override
993+
Type getAlgorithmType() {
994+
return Type.RSA;
995+
}
996+
}
997+
773998
static final class RIPEMD160withRSAandMGF1 extends AbstractRSASignatureMethod {
774999
RIPEMD160withRSAandMGF1(AlgorithmParameterSpec params)
7751000
throws InvalidAlgorithmParameterException {

src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignatureFactory.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -303,6 +303,14 @@ public SignatureMethod newSignatureMethod(String algorithm,
303303
return new DOMSignatureMethod.SHA384withRSAandMGF1(params);
304304
} else if (algorithm.equals(DOMSignatureMethod.RSA_SHA512_MGF1)) {
305305
return new DOMSignatureMethod.SHA512withRSAandMGF1(params);
306+
} else if (algorithm.equals(DOMSignatureMethod.RSA_SHA3_224_MGF1)) {
307+
return new DOMSignatureMethod.SHA3_224withRSAandMGF1(params);
308+
} else if (algorithm.equals(DOMSignatureMethod.RSA_SHA3_256_MGF1)) {
309+
return new DOMSignatureMethod.SHA3_256withRSAandMGF1(params);
310+
} else if (algorithm.equals(DOMSignatureMethod.RSA_SHA3_384_MGF1)) {
311+
return new DOMSignatureMethod.SHA3_384withRSAandMGF1(params);
312+
} else if (algorithm.equals(DOMSignatureMethod.RSA_SHA3_512_MGF1)) {
313+
return new DOMSignatureMethod.SHA3_512withRSAandMGF1(params);
306314
} else if (algorithm.equals(DOMRSAPSSSignatureMethod.RSA_PSS)) {
307315
return new DOMRSAPSSSignatureMethod.RSAPSS(params);
308316
} else if (algorithm.equals(DOMSignatureMethod.RSA_RIPEMD160_MGF1)) {

0 commit comments

Comments
 (0)