1
/*
2
 * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
package sun.security.rsa;
27

28
import java.io.*;
29
import sun.security.util.*;
30
import sun.security.x509.*;
31
import java.security.AlgorithmParametersSpi;
32
import java.security.NoSuchAlgorithmException;
33
import java.security.spec.AlgorithmParameterSpec;
34
import java.security.spec.InvalidParameterSpecException;
35
import java.security.spec.MGF1ParameterSpec;
36
import java.security.spec.PSSParameterSpec;
37
import static java.security.spec.PSSParameterSpec.DEFAULT;
38

39
/**
40
 * This class implements the PSS parameters used with the RSA
41
 * signatures in PSS padding. Here is its ASN.1 definition:
42
 * RSASSA-PSS-params ::= SEQUENCE {
43
 *   hashAlgorithm      [0] HashAlgorithm     DEFAULT sha1,
44
 *   maskGenAlgorithm   [1] MaskGenAlgorithm  DEFAULT mgf1SHA1,
45
 *   saltLength         [2] INTEGER           DEFAULT 20
46
 *   trailerField       [3] TrailerField      DEFAULT trailerFieldBC
47
 * }
48
 *
49
 * @author Valerie Peng
50
 *
51
 */
52

53
public final class PSSParameters extends AlgorithmParametersSpi {
54

55
    private PSSParameterSpec spec;
56

57
    public PSSParameters() {
58
    }
59

60
    @Override
61
    protected void engineInit(AlgorithmParameterSpec paramSpec)
62
            throws InvalidParameterSpecException {
63
        if (!(paramSpec instanceof PSSParameterSpec)) {
64
            throw new InvalidParameterSpecException
65
                ("Inappropriate parameter specification");
66
        }
67
        PSSParameterSpec spec = (PSSParameterSpec) paramSpec;
68

69
        String mgfName = spec.getMGFAlgorithm();
70
        if (!spec.getMGFAlgorithm().equalsIgnoreCase("MGF1")) {
71
            throw new InvalidParameterSpecException("Unsupported mgf " +
72
                mgfName + "; MGF1 only");
73
        }
74
        AlgorithmParameterSpec mgfSpec = spec.getMGFParameters();
75
        if (!(mgfSpec instanceof MGF1ParameterSpec)) {
76
            throw new InvalidParameterSpecException("Inappropriate mgf " +
77
                "parameters; non-null MGF1ParameterSpec only");
78
        }
79
        this.spec = spec;
80
    }
81

82
    @Override
83
    protected void engineInit(byte[] encoded) throws IOException {
84
        // first initialize with the DEFAULT values before
85
        // retrieving from the encoding bytes
86
        String mdName = DEFAULT.getDigestAlgorithm();
87
        MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec) DEFAULT.getMGFParameters();
88
        int saltLength = DEFAULT.getSaltLength();
89
        int trailerField = DEFAULT.getTrailerField();
90

91
        DerInputStream der = new DerInputStream(encoded);
92
        DerValue[] datum = der.getSequence(4);
93

94
        for (DerValue d : datum) {
95
            if (d.isContextSpecific((byte) 0x00)) {
96
                // hash algid
97
                mdName = AlgorithmId.parse
98
                    (d.data.getDerValue()).getName();
99
            } else if (d.isContextSpecific((byte) 0x01)) {
100
                // mgf algid
101
                AlgorithmId val = AlgorithmId.parse(d.data.getDerValue());
102
                if (!val.getOID().equals(AlgorithmId.MGF1_oid)) {
103
                    throw new IOException("Only MGF1 mgf is supported");
104
                }
105

106
                byte[] encodedParams = val.getEncodedParams();
107
                if (encodedParams == null) {
108
                    throw new IOException("Missing MGF1 parameters");
109
                }
110
                AlgorithmId params = AlgorithmId.parse(
111
                        new DerValue(encodedParams));
112
                String mgfDigestName = params.getName();
113
                switch (mgfDigestName) {
114
                case "SHA-1":
115
                    mgfSpec = MGF1ParameterSpec.SHA1;
116
                    break;
117
                case "SHA-224":
118
                    mgfSpec = MGF1ParameterSpec.SHA224;
119
                    break;
120
                case "SHA-256":
121
                    mgfSpec = MGF1ParameterSpec.SHA256;
122
                    break;
123
                case "SHA-384":
124
                    mgfSpec = MGF1ParameterSpec.SHA384;
125
                    break;
126
                case "SHA-512":
127
                    mgfSpec = MGF1ParameterSpec.SHA512;
128
                    break;
129
                case "SHA-512/224":
130
                    mgfSpec = MGF1ParameterSpec.SHA512_224;
131
                    break;
132
                case "SHA-512/256":
133
                    mgfSpec = MGF1ParameterSpec.SHA512_256;
134
                    break;
135
                case "SHA3-224":
136
                    mgfSpec = MGF1ParameterSpec.SHA3_224;
137
                    break;
138
                case "SHA3-256":
139
                    mgfSpec = MGF1ParameterSpec.SHA3_256;
140
                    break;
141
                case "SHA3-384":
142
                    mgfSpec = MGF1ParameterSpec.SHA3_384;
143
                    break;
144
                case "SHA3-512":
145
                    mgfSpec = MGF1ParameterSpec.SHA3_512;
146
                    break;
147
                default:
148
                    throw new IOException
149
                        ("Unrecognized message digest algorithm " +
150
                        mgfDigestName);
151
                }
152
            } else if (d.isContextSpecific((byte) 0x02)) {
153
                // salt length
154
                saltLength = d.data.getDerValue().getInteger();
155
                if (saltLength < 0) {
156
                    throw new IOException("Negative value for saltLength");
157
                }
158
            } else if (d.isContextSpecific((byte) 0x03)) {
159
                // trailer field
160
                trailerField = d.data.getDerValue().getInteger();
161
                if (trailerField != 1) {
162
                    throw new IOException("Unsupported trailerField value " +
163
                    trailerField);
164
                }
165
            } else {
166
                throw new IOException("Invalid encoded PSSParameters");
167
            }
168
        }
169

170
        this.spec = new PSSParameterSpec(mdName, "MGF1", mgfSpec,
171
                saltLength, trailerField);
172
    }
173

174
    @Override
175
    protected void engineInit(byte[] encoded, String decodingMethod)
176
            throws IOException {
177
        if ((decodingMethod != null) &&
178
            (!decodingMethod.equalsIgnoreCase("ASN.1"))) {
179
            throw new IllegalArgumentException("Only support ASN.1 format");
180
        }
181
        engineInit(encoded);
182
    }
183

184
    @Override
185
    protected <T extends AlgorithmParameterSpec>
186
            T engineGetParameterSpec(Class<T> paramSpec)
187
            throws InvalidParameterSpecException {
188
        if (PSSParameterSpec.class.isAssignableFrom(paramSpec)) {
189
            return paramSpec.cast(spec);
190
        } else {
191
            throw new InvalidParameterSpecException
192
                ("Inappropriate parameter specification");
193
        }
194
    }
195

196
    @Override
197
    protected byte[] engineGetEncoded() throws IOException {
198
        return getEncoded(spec);
199
    }
200

201
    @Override
202
    protected byte[] engineGetEncoded(String encMethod) throws IOException {
203
        if ((encMethod != null) &&
204
            (!encMethod.equalsIgnoreCase("ASN.1"))) {
205
            throw new IllegalArgumentException("Only support ASN.1 format");
206
        }
207
        return engineGetEncoded();
208
    }
209

210
    @Override
211
    protected String engineToString() {
212
        return spec.toString();
213
    }
214

215
    /**
216
     * Returns the encoding of a {@link PSSParameterSpec} object. This method
217
     * is used in this class and {@link AlgorithmId}.
218
     *
219
     * @param spec a {@code PSSParameterSpec} object
220
     * @return its DER encoding
221
     * @throws IOException if the name of a MessageDigest or MaskGenAlgorithm
222
     *          is unsupported
223
     */
224
    public static byte[] getEncoded(PSSParameterSpec spec) throws IOException {
225

226
        AlgorithmParameterSpec mgfSpec = spec.getMGFParameters();
227
        if (!(mgfSpec instanceof MGF1ParameterSpec)) {
228
            throw new IOException("Cannot encode " + mgfSpec);
229
        }
230

231
        MGF1ParameterSpec mgf1Spec = (MGF1ParameterSpec)mgfSpec;
232

233
        DerOutputStream tmp = new DerOutputStream();
234
        DerOutputStream tmp2, tmp3;
235

236
        // MD
237
        AlgorithmId mdAlgId;
238
        try {
239
            mdAlgId = AlgorithmId.get(spec.getDigestAlgorithm());
240
        } catch (NoSuchAlgorithmException nsae) {
241
            throw new IOException("AlgorithmId " + spec.getDigestAlgorithm() +
242
                    " impl not found");
243
        }
244
        if (!mdAlgId.getOID().equals(AlgorithmId.SHA_oid)) {
245
            tmp2 = new DerOutputStream();
246
            mdAlgId.derEncode(tmp2);
247
            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 0),
248
                    tmp2);
249
        }
250

251
        // MGF
252
        AlgorithmId mgfDigestId;
253
        try {
254
            mgfDigestId = AlgorithmId.get(mgf1Spec.getDigestAlgorithm());
255
        } catch (NoSuchAlgorithmException nase) {
256
            throw new IOException("AlgorithmId " +
257
                    mgf1Spec.getDigestAlgorithm() + " impl not found");
258
        }
259

260
        if (!mgfDigestId.getOID().equals(AlgorithmId.SHA_oid)) {
261
            tmp2 = new DerOutputStream();
262
            tmp2.putOID(AlgorithmId.MGF1_oid);
263
            mgfDigestId.encode(tmp2);
264
            tmp3 = new DerOutputStream();
265
            tmp3.write(DerValue.tag_Sequence, tmp2);
266
            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 1),
267
                    tmp3);
268
        }
269

270
        // SaltLength
271
        if (spec.getSaltLength() != 20) {
272
            tmp2 = new DerOutputStream();
273
            tmp2.putInteger(spec.getSaltLength());
274
            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 2),
275
                    tmp2);
276
        }
277

278
        // TrailerField
279
        if (spec.getTrailerField() != PSSParameterSpec.TRAILER_FIELD_BC) {
280
            tmp2 = new DerOutputStream();
281
            tmp2.putInteger(spec.getTrailerField());
282
            tmp.write(DerValue.createTag(DerValue.TAG_CONTEXT, true, (byte) 3),
283
                    tmp2);
284
        }
285

286
        // Put all together under a SEQUENCE tag
287
        DerOutputStream out = new DerOutputStream();
288
        out.write(DerValue.tag_Sequence, tmp);
289
        return out.toByteArray();
290
    }
291
}
292

293