1
/*
2
 * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package sun.security.rsa;
27

28
import java.io.*;
29
import sun.security.util.*;
30
import sun.security.x509.*;
31
import java.security.AlgorithmParametersSpi;
32
import java.security.NoSuchAlgorithmException;
33
import java.security.spec.AlgorithmParameterSpec;
34
import java.security.spec.InvalidParameterSpecException;
35
import java.security.spec.MGF1ParameterSpec;
36
import java.security.spec.PSSParameterSpec;
37
import static java.security.spec.PSSParameterSpec.DEFAULT;
38

39
/**
40
 * This class implements the PSS parameters used with the RSA
41
 * signatures in PSS padding. Here is its ASN.1 definition:
42
 * RSASSA-PSS-params ::= SEQUENCE {
43
 *   hashAlgorithm      [0] HashAlgorithm     DEFAULT sha1,
44
 *   maskGenAlgorithm   [1] MaskGenAlgorithm  DEFAULT mgf1SHA1,
45
 *   saltLength         [2] INTEGER           DEFAULT 20
46
 *   trailerField       [3] TrailerField      DEFAULT trailerFieldBC
47
 * }
48
 *
49
 * @author Valerie Peng
50
 *
51
 */
52

53
public final class PSSParameters extends AlgorithmParametersSpi {
54

55
    private PSSParameterSpec spec;
56

57
    public PSSParameters() {
58
    }
59

60
    @Override
61
    protected void engineInit(AlgorithmParameterSpec paramSpec)
62
            throws InvalidParameterSpecException {
63
        if (!(paramSpec instanceof PSSParameterSpec)) {
64
            throw new InvalidParameterSpecException
65
                ("Inappropriate parameter specification");
66
        }
67
        PSSParameterSpec spec = (PSSParameterSpec) paramSpec;
68

69
        String mgfName = spec.getMGFAlgorithm();
70
        if (!spec.getMGFAlgorithm().equalsIgnoreCase("MGF1")) {
71
            throw new InvalidParameterSpecException("Unsupported mgf " +
72
                mgfName + "; MGF1 only");
73
        }
74
        AlgorithmParameterSpec mgfSpec = spec.getMGFParameters();
75
        if (!(mgfSpec instanceof MGF1ParameterSpec)) {
76
            throw new InvalidParameterSpecException("Inappropriate mgf " +
77
                "parameters; non-null MGF1ParameterSpec only");
78
        }
79
        this.spec = spec;
80
    }
81

82
    @Override
83
    protected void engineInit(byte[] encoded) throws IOException {
84
        // first initialize with the DEFAULT values before
85
        // retrieving from the encoding bytes
86
        String mdName = DEFAULT.getDigestAlgorithm();
87
        MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec) DEFAULT.getMGFParameters();
88
        int saltLength = DEFAULT.getSaltLength();
89
        int trailerField = DEFAULT.getTrailerField();
90

91
        DerInputStream der = new DerInputStream(encoded);
92
        DerValue[] datum = der.getSequence(4);
93

94
        for (DerValue d : datum) {
95
            if (d.isContextSpecific((byte) 0x00)) {
96
                // hash algid
97
                mdName = AlgorithmId.parse
98
                    (d.data.getDerValue()).getName();
99
            } else if (d.isContextSpecific((byte) 0x01)) {
100
                // mgf algid
101
                AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
102
                if (!val.getOID().equals(AlgorithmId.MGF1_oid)) {
103
                    throw new IOException("Only MGF1 mgf is supported");
104
                }
105
                AlgorithmId params = AlgorithmId.parse(
106
                        new DerValue(val.getEncodedParams()));
107
                String mgfDigestName = params.getName();
108
                switch (mgfDigestName) {
109
                case "SHA-1":
110
                    mgfSpec = MGF1ParameterSpec.SHA1;
111
                    break;
112
                case "SHA-224":
113
                    mgfSpec = MGF1ParameterSpec.SHA224;
114
                    break;
115
                case "SHA-256":
116
                    mgfSpec = MGF1ParameterSpec.SHA256;
117
                    break;
118
                case "SHA-384":
119
                    mgfSpec = MGF1ParameterSpec.SHA384;
120
                    break;
121
                case "SHA-512":
122
                    mgfSpec = MGF1ParameterSpec.SHA512;
123
                    break;
124
                case "SHA-512/224":
125
                    mgfSpec = MGF1ParameterSpec.SHA512_224;
126
                    break;
127
                case "SHA-512/256":
128
                    mgfSpec = MGF1ParameterSpec.SHA512_256;
129
                    break;
130
                case "SHA3-224":
131
                    mgfSpec = MGF1ParameterSpec.SHA3_224;
132
                    break;
133
                case "SHA3-256":
134
                    mgfSpec = MGF1ParameterSpec.SHA3_256;
135
                    break;
136
                case "SHA3-384":
137
                    mgfSpec = MGF1ParameterSpec.SHA3_384;
138
                    break;
139
                case "SHA3-512":
140
                    mgfSpec = MGF1ParameterSpec.SHA3_512;
141
                    break;
142
                default:
143
                    throw new IOException
144
                        ("Unrecognized message digest algorithm " +
145
                        mgfDigestName);
146
                }
147
            } else if (d.isContextSpecific((byte) 0x02)) {
148
                // salt length
149
                saltLength = d.data.getDerValue().getInteger();
150
                if (saltLength < 0) {
151
                    throw new IOException("Negative value for saltLength");
152
                }
153
            } else if (d.isContextSpecific((byte) 0x03)) {
154
                // trailer field
155
                trailerField = d.data.getDerValue().getInteger();
156
                if (trailerField != 1) {
157
                    throw new IOException("Unsupported trailerField value " +
158
                    trailerField);
159
                }
160
            } else {
161
                throw new IOException("Invalid encoded PSSParameters");
162
            }
163
        }
164

165
        this.spec = new PSSParameterSpec(mdName, "MGF1", mgfSpec,
166
                saltLength, trailerField);
167
    }
168

169
    @Override
170
    protected void engineInit(byte[] encoded, String decodingMethod)
171
            throws IOException {
172
        if ((decodingMethod != null) &&
173
            (!decodingMethod.equalsIgnoreCase("ASN.1"))) {
174
            throw new IllegalArgumentException("Only support ASN.1 format");
175
        }
176
        engineInit(encoded);
177
    }
178

179
    @Override
180
    protected <T extends AlgorithmParameterSpec>
181
            T engineGetParameterSpec(Class<T> paramSpec)
182
            throws InvalidParameterSpecException {
183
        if (PSSParameterSpec.class.isAssignableFrom(paramSpec)) {
184
            return paramSpec.cast(spec);
185
        } else {
186
            throw new InvalidParameterSpecException
187
                ("Inappropriate parameter specification");
188
        }
189
    }
190

191
    @Override
192
    protected byte[] engineGetEncoded() throws IOException {
193
        return getEncoded(spec);
194
    }
195

196
    @Override
197
    protected byte[] engineGetEncoded(String encMethod) throws IOException {
198
        if ((encMethod != null) &&
199
            (!encMethod.equalsIgnoreCase("ASN.1"))) {
200
            throw new IllegalArgumentException("Only support ASN.1 format");
201
        }
202
        return engineGetEncoded();
203
    }
204

205
    @Override
206
    protected String engineToString() {
207
        return spec.toString();
208
    }
209

210
    /**
211
     * Returns the encoding of a {@link PSSParameterSpec} object. This method
212
     * is used in this class and {@link AlgorithmId}.
213
     *
214
     * @param spec a {@code PSSParameterSpec} object
215
     * @return its DER encoding
216
     * @throws IOException if the name of a MessageDigest or MaskGenAlgorithm
217
     *          is unsupported
218
     */
219
    public static byte[] getEncoded(PSSParameterSpec spec) throws IOException {
220

221
        AlgorithmParameterSpec mgfSpec = spec.getMGFParameters();
222
        if (!(mgfSpec instanceof MGF1ParameterSpec)) {
223
            throw new IOException("Cannot encode " + mgfSpec);
224
        }
225

226
        MGF1ParameterSpec mgf1Spec = (MGF1ParameterSpec)mgfSpec;
227

228
        DerOutputStream tmp = new DerOutputStream();
229
        DerOutputStream tmp2, tmp3;
230

231
        // MD
232
        AlgorithmId mdAlgId;
233
        try {
234
            mdAlgId = AlgorithmId.get(spec.getDigestAlgorithm());
235
        } catch (NoSuchAlgorithmException nsae) {
236
            throw new IOException("AlgorithmId " + spec.getDigestAlgorithm() +
237
                    " impl not found");
238
        }
239
        if (!mdAlgId.getOID().equals(AlgorithmId.SHA_oid)) {
240
            tmp2 = new DerOutputStream();
241
            mdAlgId.derEncode(tmp2);
242
            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0),
243
                    tmp2);
244
        }
245

246
        // MGF
247
        AlgorithmId mgfDigestId;
248
        try {
249
            mgfDigestId = AlgorithmId.get(mgf1Spec.getDigestAlgorithm());
250
        } catch (NoSuchAlgorithmException nase) {
251
            throw new IOException("AlgorithmId " +
252
                    mgf1Spec.getDigestAlgorithm() + " impl not found");
253
        }
254

255
        if (!mgfDigestId.getOID().equals(AlgorithmId.SHA_oid)) {
256
            tmp2 = new DerOutputStream();
257
            tmp2.putOID(AlgorithmId.MGF1_oid);
258
            mgfDigestId.encode(tmp2);
259
            tmp3 = new DerOutputStream();
260
            tmp3.write(DerValue.tag_Sequence, tmp2);
261
            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 1),
262
                    tmp3);
263
        }
264

265
        // SaltLength
266
        if (spec.getSaltLength() != 20) {
267
            tmp2 = new DerOutputStream();
268
            tmp2.putInteger(spec.getSaltLength());
269
            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 2),
270
                    tmp2);
271
        }
272

273
        // TrailerField
274
        if (spec.getTrailerField() != PSSParameterSpec.TRAILER_FIELD_BC) {
275
            tmp2 = new DerOutputStream();
276
            tmp2.putInteger(spec.getTrailerField());
277
            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 3),
278
                    tmp2);
279
        }
280

281
        // Put all together under a SEQUENCE tag
282
        DerOutputStream out = new DerOutputStream();
283
        out.write(DerValue.tag_Sequence, tmp);
284
        return out.toByteArray();
285
    }
286
}
287

288