Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
8244565: Accept PKCS #8 with version number 1
Reviewed-by: valeriep
  • Loading branch information
wangweij committed Jun 4, 2020
1 parent 0db1be2 commit 507816d550bc69b1a66da9874cd997ccaaf73784

Large diffs are not rendered by default.

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,22 +25,18 @@

package sun.security.provider;

import java.util.*;
import java.io.*;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.ProviderException;
import java.security.AlgorithmParameters;
import java.security.spec.DSAParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.interfaces.DSAParams;

import sun.security.x509.AlgIdDSA;
import sun.security.pkcs.PKCS8Key;
import sun.security.util.Debug;
import sun.security.util.DerValue;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;

/**
* A PKCS#8 private key for the Digital Signature Algorithm.
@@ -54,7 +50,7 @@
*/

public final class DSAPrivateKey extends PKCS8Key
implements java.security.interfaces.DSAPrivateKey, Serializable {
implements java.security.interfaces.DSAPrivateKey, Serializable {

/** use serialVersionUID from JDK 1.1. for interoperability */
@java.io.Serial
@@ -63,39 +59,33 @@ public final class DSAPrivateKey extends PKCS8Key
/* the private key */
private BigInteger x;

/*
* Keep this constructor for backwards compatibility with JDK1.1.
*/
public DSAPrivateKey() {
}

/**
* Make a DSA private key out of a private key and three parameters.
*/
public DSAPrivateKey(BigInteger x, BigInteger p,
BigInteger q, BigInteger g)
throws InvalidKeyException {
BigInteger q, BigInteger g) {
this.x = x;
algid = new AlgIdDSA(p, q, g);

try {
key = new DerValue(DerValue.tag_Integer,
x.toByteArray()).toByteArray();
encode();
} catch (IOException e) {
InvalidKeyException ike = new InvalidKeyException(
"could not DER encode x: " + e.getMessage());
ike.initCause(e);
throw ike;
throw new AssertionError("Should not happen", e);
}
}

/**
* Make a DSA private key from its DER encoding (PKCS #8).
*/
public DSAPrivateKey(byte[] encoded) throws InvalidKeyException {
clearOldKey();
decode(encoded);
super(encoded);
try {
DerInputStream in = new DerInputStream(key);
x = in.getBigInteger();
} catch (IOException e) {
throw new InvalidKeyException(e.getMessage(), e);
}
}

/**
@@ -113,7 +103,7 @@ public DSAParams getParams() {
return null;
}
paramSpec = algParams.getParameterSpec(DSAParameterSpec.class);
return (DSAParams)paramSpec;
return paramSpec;
}
} catch (InvalidParameterSpecException e) {
return null;
@@ -122,35 +112,8 @@ public DSAParams getParams() {

/**
* Get the raw private key, x, without the parameters.
*
* @see getParameters
*/
public BigInteger getX() {
return x;
}

private void clearOldKey() {
int i;
if (this.encodedKey != null) {
for (i = 0; i < this.encodedKey.length; i++) {
this.encodedKey[i] = (byte)0x00;
}
}
if (this.key != null) {
for (i = 0; i < this.key.length; i++) {
this.key[i] = (byte)0x00;
}
}
}

protected void parseKeyBits() throws InvalidKeyException {
try {
DerInputStream in = new DerInputStream(key);
x = in.getBigInteger();
} catch (IOException e) {
InvalidKeyException ike = new InvalidKeyException(e.getMessage());
ike.initCause(e);
throw ike;
}
}
}
@@ -79,6 +79,9 @@
*/
public static RSAPrivateKey newKey(byte[] encoded)
throws InvalidKeyException {
if (encoded == null || encoded.length == 0) {
throw new InvalidKeyException("Missing key encoding");
}
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
// check all CRT-specific components are available, if any one
// missing, return a non-CRT key instead
@@ -124,11 +127,8 @@ public static RSAPrivateKey newKey(KeyType type,
* Construct a key from its encoding. Called from newKey above.
*/
RSAPrivateCrtKeyImpl(byte[] encoded) throws InvalidKeyException {
if (encoded == null || encoded.length == 0) {
throw new InvalidKeyException("Missing key encoding");
}

decode(encoded);
super(encoded);
parseKeyBits();
RSAKeyFactory.checkRSAProviderKeyLengths(n.bitLength(), e);
try {
// check the validity of oid and params
@@ -258,10 +258,7 @@ public String toString() {
+ "\n modulus: " + n + "\n private exponent: " + d;
}

/**
* Parse the key. Called by PKCS8Key.
*/
protected void parseKeyBits() throws InvalidKeyException {
private void parseKeyBits() throws InvalidKeyException {
try {
DerInputStream in = new DerInputStream(key);
DerValue derValue = in.getDerValue();
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -807,13 +807,9 @@ synchronized byte[] getEncodedInternal() {
token.ensureValid();
if (encoded == null) {
fetchValues();
try {
Key key = new sun.security.provider.DSAPrivateKey
(x, params.getP(), params.getQ(), params.getG());
encoded = key.getEncoded();
} catch (InvalidKeyException e) {
throw new ProviderException(e);
}
Key key = new sun.security.provider.DSAPrivateKey
(x, params.getP(), params.getQ(), params.getG());
encoded = key.getEncoded();
}
return encoded;
}
@@ -71,7 +71,8 @@ public final class ECPrivateKeyImpl extends PKCS8Key implements ECPrivateKey {
* Construct a key from its encoding. Called by the ECKeyFactory.
*/
ECPrivateKeyImpl(byte[] encoded) throws InvalidKeyException {
decode(encoded);
super(encoded);
parseKeyBits();
}

/**
@@ -112,8 +113,8 @@ private void makeEncoding(byte[] s) throws InvalidKeyException {
}

private void makeEncoding(BigInteger s) throws InvalidKeyException {
algid = new AlgorithmId
(AlgorithmId.EC_oid, ECParameters.getAlgorithmParameters(params));
algid = new AlgorithmId(AlgorithmId.EC_oid,
ECParameters.getAlgorithmParameters(params));
try {
byte[] sArr = s.toByteArray();
// convert to fixed-length array
@@ -131,8 +132,7 @@ private void makeEncoding(BigInteger s) throws InvalidKeyException {
new DerValue(DerValue.tag_Sequence, out.toByteArray());
key = val.toByteArray();
} catch (IOException exc) {
// should never occur
throw new InvalidKeyException(exc);
throw new AssertionError("Should not happen", exc);
}
}

@@ -163,10 +163,7 @@ public ECParameterSpec getParams() {
return params;
}

/**
* Parse the key. Called by PKCS8Key.
*/
protected void parseKeyBits() throws InvalidKeyException {
private void parseKeyBits() throws InvalidKeyException {
try {
DerInputStream in = new DerInputStream(key);
DerValue derValue = in.getDerValue();
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,45 +43,34 @@ public final class XDHPrivateKeyImpl extends PKCS8Key implements XECPrivateKey {
private byte[] k;

XDHPrivateKeyImpl(XECParameters params, byte[] k)
throws InvalidKeyException {
throws InvalidKeyException {

this.paramSpec = new NamedParameterSpec(params.getName());
this.k = k.clone();

this.algid = new AlgorithmId(params.getOid());
encodeKey();

DerOutputStream derKey = new DerOutputStream();
try {
derKey.putOctetString(k);
this.key = derKey.toByteArray();
} catch (IOException ex) {
throw new AssertionError("Should not happen", ex);
}
checkLength(params);
}

XDHPrivateKeyImpl(byte[] encoded) throws InvalidKeyException {

decode(encoded);
super(encoded);
XECParameters params = XECParameters.get(
InvalidKeyException::new, algid);
paramSpec = new NamedParameterSpec(params.getName());
decodeKey();

checkLength(params);
}

private void decodeKey() throws InvalidKeyException {
try {
DerInputStream derStream = new DerInputStream(key);
k = derStream.getOctetString();
} catch (IOException ex) {
throw new InvalidKeyException(ex);
}
}

private void encodeKey() {
DerOutputStream derKey = new DerOutputStream();
try {
derKey.putOctetString(k);
this.key = derKey.toByteArray();
} catch (IOException ex) {
throw new ProviderException(ex);
}
checkLength(params);
}

void checkLength(XECParameters params) throws InvalidKeyException {
@@ -37,54 +37,44 @@
import sun.security.util.*;

public final class EdDSAPrivateKeyImpl
extends PKCS8Key implements EdECPrivateKey {
extends PKCS8Key implements EdECPrivateKey {

private static final long serialVersionUID = 1L;

private final NamedParameterSpec paramSpec;
private byte[] h;

EdDSAPrivateKeyImpl(EdDSAParameters params, byte[] h)
throws InvalidKeyException {
throws InvalidKeyException {

this.paramSpec = new NamedParameterSpec(params.getName());
this.algid = new AlgorithmId(params.getOid());
this.h = h.clone();

encodeKey();

DerOutputStream derKey = new DerOutputStream();
try {
derKey.putOctetString(h);
this.key = derKey.toByteArray();
} catch (IOException ex) {
throw new AssertionError("Should not happen", ex);
}
checkLength(params);
}

EdDSAPrivateKeyImpl(byte[] encoded) throws InvalidKeyException {

decode(encoded);
super(encoded);
EdDSAParameters params = EdDSAParameters.get(
InvalidKeyException::new, algid);
paramSpec = new NamedParameterSpec(params.getName());

decodeKey();

checkLength(params);
}

private void decodeKey() throws InvalidKeyException {
try {
DerInputStream derStream = new DerInputStream(key);
h = derStream.getOctetString();
} catch (IOException ex) {
throw new InvalidKeyException(ex);
}
}

private void encodeKey() {
DerOutputStream derKey = new DerOutputStream();
try {
derKey.putOctetString(h);
this.key = derKey.toByteArray();
} catch (IOException ex) {
throw new ProviderException(ex);
}
checkLength(params);
}

void checkLength(EdDSAParameters params) throws InvalidKeyException {

0 comments on commit 507816d

Please sign in to comment.