Skip to content
Permalink
Browse files

8216012: Infinite loop in RSA KeyPairGenerator

Check and error out on even RSA public exponents

Reviewed-by: valeriep
  • Loading branch information
Masanori Yano Valerie Peng
Masanori Yano authored and Valerie Peng committed Jan 17, 2020
1 parent 0b2da9e commit 567465c62c0f0a41b3ca8b979013e92bf368a8d3
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -96,6 +96,10 @@ public void initialize(AlgorithmParameterSpec params, SecureRandom random)
throw new InvalidAlgorithmParameterException
("Public exponent must be 3 or larger");
}
if (!tmpPublicExponent.testBit(0)) {
throw new InvalidAlgorithmParameterException
("Public exponent must be an odd number");
}
if (tmpPublicExponent.bitLength() > tmpKeySize) {
throw new InvalidAlgorithmParameterException
("Public exponent must be smaller than key size");
@@ -0,0 +1,94 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/**
* @test
* @bug 8216012
* @summary Tests the RSA public key exponent for KeyPairGenerator
* @run main/timeout=60 TestKeyPairGeneratorExponent
*/

import java.math.BigInteger;

import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;

public class TestKeyPairGeneratorExponent {
private static int keyLen = 512;

private static BigInteger[] validExponents = new BigInteger[] {
RSAKeyGenParameterSpec.F0,
RSAKeyGenParameterSpec.F4,
BigInteger.ONE.shiftLeft(keyLen - 1).subtract(BigInteger.ONE)
};

private static BigInteger[] invalidExponents = new BigInteger[] {
BigInteger.valueOf(-1),
BigInteger.ZERO,
BigInteger.ONE,
// without this fix, an even value causes an infinite loop
BigInteger.valueOf(4)
};

public static void testValidExponents(KeyPairGenerator kpg,
BigInteger exponent) {
System.out.println("Testing exponent = " + exponent.toString(16));
try {
kpg.initialize(new RSAKeyGenParameterSpec(keyLen, exponent));
kpg.generateKeyPair();
System.out.println("OK, key pair generated");
} catch(InvalidAlgorithmParameterException iape){
throw new RuntimeException("Error: Unexpected Exception: " + iape);
}
}

public static void testInvalidExponents(KeyPairGenerator kpg,
BigInteger exponent) {
System.out.println("Testing exponent = " + exponent.toString(16));
try {
kpg.initialize(new RSAKeyGenParameterSpec(keyLen, exponent));
kpg.generateKeyPair();
throw new RuntimeException("Error: Expected IAPE not thrown.");
} catch(InvalidAlgorithmParameterException iape){
// Expected InvalidAlgorithmParameterException was thrown
System.out.println("OK, expected IAPE thrown");
} catch(Exception e) {
e.printStackTrace();
throw new RuntimeException("Error: unexpected exception " + e);
}
}

public static void main(String[] args) throws Exception {
KeyPairGenerator kpg =
KeyPairGenerator.getInstance("RSA", "SunRsaSign");

for(BigInteger validExponent : validExponents) {
testValidExponents(kpg, validExponent);
}

for(BigInteger invalidExponent : invalidExponents) {
testInvalidExponents(kpg, invalidExponent);
}
}
}

0 comments on commit 567465c

Please sign in to comment.
You can’t perform that action at this time.