Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec #214

Closed
wants to merge 2 commits into from
Closed

8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec #214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e74daf4
Backport a777e82cd81fb5f02b09c4917b2a44f94c603939
Dec 14, 2022
c5b08d4
Backport a5d7de235101696463dba22792703c6809ff7fc4
Dec 16, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions jdk/src/share/classes/com/sun/crypto/provider/DESKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -106,7 +106,7 @@ protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec)

// Check if requested key spec is amongst the valid ones
if ((keySpec != null) &&
DESKeySpec.class.isAssignableFrom(keySpec)) {
keySpec.isAssignableFrom(DESKeySpec.class)) {
return new DESKeySpec(key.getEncoded());

} else {
Expand Down
4 changes: 2 additions & 2 deletions jdk/src/share/classes/com/sun/crypto/provider/DESedeKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -102,7 +102,7 @@ protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec)
&& (key.getFormat().equalsIgnoreCase("RAW"))) {

// Check if requested key spec is amongst the valid ones
if (DESedeKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DESedeKeySpec.class)) {
return new DESedeKeySpec(key.getEncoded());

} else {
Expand Down
10 changes: 5 additions & 5 deletions jdk/src/share/classes/com/sun/crypto/provider/DHKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -145,15 +145,15 @@ T engineGetKeySpec(Key key, Class<T> keySpec)

if (key instanceof javax.crypto.interfaces.DHPublicKey) {

if (DHPublicKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DHPublicKeySpec.class)) {
javax.crypto.interfaces.DHPublicKey dhPubKey
= (javax.crypto.interfaces.DHPublicKey) key;
params = dhPubKey.getParams();
return keySpec.cast(new DHPublicKeySpec(dhPubKey.getY(),
params.getP(),
params.getG()));

} else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
} else if (keySpec.isAssignableFrom(X509EncodedKeySpec.class)) {
return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));

} else {
Expand All @@ -163,15 +163,15 @@ T engineGetKeySpec(Key key, Class<T> keySpec)

} else if (key instanceof javax.crypto.interfaces.DHPrivateKey) {

if (DHPrivateKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DHPrivateKeySpec.class)) {
javax.crypto.interfaces.DHPrivateKey dhPrivKey
= (javax.crypto.interfaces.DHPrivateKey)key;
params = dhPrivKey.getParams();
return keySpec.cast(new DHPrivateKeySpec(dhPrivKey.getX(),
params.getP(),
params.getG()));

} else if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
} else if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)) {
return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));

} else {
Expand Down
10 changes: 5 additions & 5 deletions jdk/src/share/classes/sun/security/ec/ECKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -256,22 +256,22 @@ protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
}
if (key instanceof ECPublicKey) {
ECPublicKey ecKey = (ECPublicKey)key;
if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(ECPublicKeySpec.class)) {
return keySpec.cast(new ECPublicKeySpec(
ecKey.getW(),
ecKey.getParams()
));
} else if (X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
} else if (keySpec.isAssignableFrom(X509EncodedKeySpec.class)) {
return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));
} else {
throw new InvalidKeySpecException
("KeySpec must be ECPublicKeySpec or "
+ "X509EncodedKeySpec for EC public keys");
}
} else if (key instanceof ECPrivateKey) {
if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)) {
return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
} else if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) {
} else if (keySpec.isAssignableFrom(ECPrivateKeySpec.class)) {
ECPrivateKey ecKey = (ECPrivateKey)key;
return keySpec.cast(new ECPrivateKeySpec(
ecKey.getS(),
Expand Down
6 changes: 3 additions & 3 deletions jdk/src/share/classes/sun/security/pkcs11/P11DHKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -214,7 +214,7 @@ private PrivateKey generatePrivate(BigInteger x, BigInteger p,

<T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
Session[] session) throws PKCS11Exception, InvalidKeySpecException {
if (DHPublicKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DHPublicKeySpec.class)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_VALUE),
Expand All @@ -241,7 +241,7 @@ <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,

<T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
Session[] session) throws PKCS11Exception, InvalidKeySpecException {
if (DHPrivateKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DHPrivateKeySpec.class)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_VALUE),
Expand Down
6 changes: 3 additions & 3 deletions jdk/src/share/classes/sun/security/pkcs11/P11DSAKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -210,7 +210,7 @@ private PrivateKey generatePrivate(BigInteger x, BigInteger p,

<T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
Session[] session) throws PKCS11Exception, InvalidKeySpecException {
if (DSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DSAPublicKeySpec.class)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_VALUE),
Expand Down Expand Up @@ -239,7 +239,7 @@ <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,

<T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
Session[] session) throws PKCS11Exception, InvalidKeySpecException {
if (DSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DSAPrivateKeySpec.class)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_VALUE),
Expand Down
6 changes: 3 additions & 3 deletions jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -284,7 +284,7 @@ private PrivateKey generatePrivate(BigInteger s, ECParameterSpec params)

<T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
Session[] session) throws PKCS11Exception, InvalidKeySpecException {
if (ECPublicKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(ECPublicKeySpec.class)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_EC_POINT),
Expand All @@ -309,7 +309,7 @@ <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,

<T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
Session[] session) throws PKCS11Exception, InvalidKeySpecException {
if (ECPrivateKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(ECPrivateKeySpec.class)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_VALUE),
Expand Down
6 changes: 3 additions & 3 deletions jdk/src/share/classes/sun/security/pkcs11/P11KeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -73,8 +73,8 @@ protected final <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec
("key and keySpec must not be null");
}
// delegate to our Java based providers for PKCS#8 and X.509
if (PKCS8EncodedKeySpec.class.isAssignableFrom(keySpec)
|| X509EncodedKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(PKCS8EncodedKeySpec.class)
|| keySpec.isAssignableFrom(X509EncodedKeySpec.class)) {
try {
return implGetSoftwareFactory().getKeySpec(key, keySpec);
} catch (GeneralSecurityException e) {
Expand Down
91 changes: 44 additions & 47 deletions jdk/src/share/classes/sun/security/pkcs11/P11RSAKeyFactory.java
View file
Open in desktop
Expand Up @@ -257,7 +257,7 @@ private PrivateKey generatePrivate(BigInteger n, BigInteger e,

<T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,
Session[] session) throws PKCS11Exception, InvalidKeySpecException {
if (RSAPublicKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(RSAPublicKeySpec.class)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_MODULUS),
Expand All @@ -282,54 +282,51 @@ <T extends KeySpec> T implGetPublicKeySpec(P11Key key, Class<T> keySpec,

<T extends KeySpec> T implGetPrivateKeySpec(P11Key key, Class<T> keySpec,
Session[] session) throws PKCS11Exception, InvalidKeySpecException {
if (RSAPrivateCrtKeySpec.class.isAssignableFrom(keySpec)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_MODULUS),
new CK_ATTRIBUTE(CKA_PUBLIC_EXPONENT),
new CK_ATTRIBUTE(CKA_PRIVATE_EXPONENT),
new CK_ATTRIBUTE(CKA_PRIME_1),
new CK_ATTRIBUTE(CKA_PRIME_2),
new CK_ATTRIBUTE(CKA_EXPONENT_1),
new CK_ATTRIBUTE(CKA_EXPONENT_2),
new CK_ATTRIBUTE(CKA_COEFFICIENT),
};
long keyID = key.getKeyID();
try {
token.p11.C_GetAttributeValue(session[0].id(), keyID, attributes);
} finally {
key.releaseKeyID();
}
if (key.sensitive || !key.extractable) {
throw new InvalidKeySpecException("Key is sensitive or not extractable");
}
// If the key is both extractable and not sensitive, then when it was converted into a P11Key
// it was also converted into subclass of RSAPrivateKey which encapsulates all of the logic
// necessary to retrieve the attributes we need. This sub-class will also cache these attributes
// so that we do not need to query them more than once.
// Rather than rewrite this logic and make possibly slow calls to the token, we'll just use
// that existing logic.
if (keySpec.isAssignableFrom(RSAPrivateCrtKeySpec.class)) {
// All supported keyspecs (other than PKCS8EncodedKeySpec) descend from RSAPrivateCrtKeySpec
if (key instanceof RSAPrivateCrtKey) {
RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)key;
return keySpec.cast(new RSAPrivateCrtKeySpec(
crtKey.getModulus(),
crtKey.getPublicExponent(),
crtKey.getPrivateExponent(),
crtKey.getPrimeP(),
crtKey.getPrimeQ(),
crtKey.getPrimeExponentP(),
crtKey.getPrimeExponentQ(),
crtKey.getCrtCoefficient(),
crtKey.getParams()
));
} else { // RSAPrivateKey (non-CRT)
if (!keySpec.isAssignableFrom(RSAPrivateKeySpec.class)) {
throw new InvalidKeySpecException
("RSAPrivateCrtKeySpec can only be used with CRT keys");
}

KeySpec spec = new RSAPrivateCrtKeySpec(
attributes[0].getBigInteger(),
attributes[1].getBigInteger(),
attributes[2].getBigInteger(),
attributes[3].getBigInteger(),
attributes[4].getBigInteger(),
attributes[5].getBigInteger(),
attributes[6].getBigInteger(),
attributes[7].getBigInteger()
);
return keySpec.cast(spec);
} else if (RSAPrivateKeySpec.class.isAssignableFrom(keySpec)) {
session[0] = token.getObjSession();
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_MODULUS),
new CK_ATTRIBUTE(CKA_PRIVATE_EXPONENT),
};
long keyID = key.getKeyID();
try {
token.p11.C_GetAttributeValue(session[0].id(), keyID, attributes);
} finally {
key.releaseKeyID();
}
if (!(key instanceof RSAPrivateKey)) {
// We should never reach here as P11Key.privateKey() should always produce an instance
// of RSAPrivateKey when the RSA key is both extractable and non-sensitive.
throw new InvalidKeySpecException
("Key must be an instance of RSAPrivateKeySpec. Was " + key.getClass());
}

KeySpec spec = new RSAPrivateKeySpec(
attributes[0].getBigInteger(),
attributes[1].getBigInteger()
);
return keySpec.cast(spec);
// fall through to RSAPrivateKey (non-CRT)
RSAPrivateKey rsaKey = (RSAPrivateKey) key;
return keySpec.cast(new RSAPrivateKeySpec(
rsaKey.getModulus(),
rsaKey.getPrivateExponent(),
rsaKey.getParams()
));
}
} else { // PKCS#8 handled in superclass
throw new InvalidKeySpecException("Only RSAPrivate(Crt)KeySpec "
+ "and PKCS8EncodedKeySpec supported for RSA private keys");
Expand Down
8 changes: 4 additions & 4 deletions jdk/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -330,19 +330,19 @@ protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec)
throw new InvalidKeySpecException
("key and keySpec must not be null");
}
if (SecretKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(SecretKeySpec.class)) {
return new SecretKeySpec(getKeyBytes(key), algorithm);
} else if (algorithm.equalsIgnoreCase("DES")) {
try {
if (DESKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DESKeySpec.class)) {
return new DESKeySpec(getKeyBytes(key));
}
} catch (InvalidKeyException e) {
throw new InvalidKeySpecException(e);
}
} else if (algorithm.equalsIgnoreCase("DESede")) {
try {
if (DESedeKeySpec.class.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(DESedeKeySpec.class)) {
return new DESedeKeySpec(getKeyBytes(key));
}
} catch (InvalidKeyException e) {
Expand Down
10 changes: 5 additions & 5 deletions jdk/src/share/classes/sun/security/provider/DSAKeyFactory.java
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -187,7 +187,7 @@ T engineGetKeySpec(Key key, Class<T> keySpec)
Class<?> x509KeySpec = Class.forName
("java.security.spec.X509EncodedKeySpec");

if (dsaPubKeySpec.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(dsaPubKeySpec)) {
java.security.interfaces.DSAPublicKey dsaPubKey
= (java.security.interfaces.DSAPublicKey)key;
params = dsaPubKey.getParams();
Expand All @@ -196,7 +196,7 @@ T engineGetKeySpec(Key key, Class<T> keySpec)
params.getQ(),
params.getG()));

} else if (x509KeySpec.isAssignableFrom(keySpec)) {
} else if (keySpec.isAssignableFrom(x509KeySpec)) {
return keySpec.cast(new X509EncodedKeySpec(key.getEncoded()));

} else {
Expand All @@ -212,7 +212,7 @@ T engineGetKeySpec(Key key, Class<T> keySpec)
Class<?> pkcs8KeySpec = Class.forName
("java.security.spec.PKCS8EncodedKeySpec");

if (dsaPrivKeySpec.isAssignableFrom(keySpec)) {
if (keySpec.isAssignableFrom(dsaPrivKeySpec)) {
java.security.interfaces.DSAPrivateKey dsaPrivKey
= (java.security.interfaces.DSAPrivateKey)key;
params = dsaPrivKey.getParams();
Expand All @@ -221,7 +221,7 @@ T engineGetKeySpec(Key key, Class<T> keySpec)
params.getQ(),
params.getG()));

} else if (pkcs8KeySpec.isAssignableFrom(keySpec)) {
} else if (keySpec.isAssignableFrom(pkcs8KeySpec)) {
return keySpec.cast(new PKCS8EncodedKeySpec(key.getEncoded()));

} else {
Expand Down