Mercurial > hg > icedtea7-forest > jdk
changeset 8541:fd0139b86bc1 jdk7u79-b11
8071726: Better RSA optimizations
Summary: Added a check when RSA signature is generated with a RSAPrivateCRTKey object.
Reviewed-by: mullan
author | igerasim |
---|---|
date | Wed, 18 Feb 2015 15:13:02 +0300 |
parents | 994e555b3160 |
children | 643166b10b98 |
files | src/share/classes/com/sun/crypto/provider/RSACipher.java src/share/classes/sun/security/rsa/RSACore.java src/share/classes/sun/security/rsa/RSASignature.java |
diffstat | 3 files changed, 27 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java Thu Apr 09 17:19:52 2015 -0700 +++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java Wed Feb 18 15:13:02 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -351,7 +351,7 @@ switch (mode) { case MODE_SIGN: data = padding.pad(buffer, 0, bufOfs); - return RSACore.rsa(data, privateKey); + return RSACore.rsa(data, privateKey, true); case MODE_VERIFY: byte[] verifyBuffer = RSACore.convert(buffer, 0, bufOfs); data = RSACore.rsa(verifyBuffer, publicKey); @@ -361,7 +361,7 @@ return RSACore.rsa(data, publicKey); case MODE_DECRYPT: byte[] decryptBuffer = RSACore.convert(buffer, 0, bufOfs); - data = RSACore.rsa(decryptBuffer, privateKey); + data = RSACore.rsa(decryptBuffer, privateKey, false); return padding.unpad(data); default: throw new AssertionError("Internal error");
--- a/src/share/classes/sun/security/rsa/RSACore.java Thu Apr 09 17:19:52 2015 -0700 +++ b/src/share/classes/sun/security/rsa/RSACore.java Wed Feb 18 15:13:02 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -102,12 +102,24 @@ /** * Perform an RSA private key operation. Uses CRT if the key is a - * CRT key. + * CRT key with additional verification check after the signature + * is computed. */ + @Deprecated public static byte[] rsa(byte[] msg, RSAPrivateKey key) throws BadPaddingException { + return rsa(msg, key, true); + } + + /** + * Perform an RSA private key operation. Uses CRT if the key is a + * CRT key. Set 'verify' to true if this function is used for + * generating a signature. + */ + public static byte[] rsa(byte[] msg, RSAPrivateKey key, boolean verify) + throws BadPaddingException { if (key instanceof RSAPrivateCrtKey) { - return crtCrypt(msg, (RSAPrivateCrtKey)key); + return crtCrypt(msg, (RSAPrivateCrtKey)key, verify); } else { return priCrypt(msg, key.getModulus(), key.getPrivateExponent()); } @@ -148,10 +160,11 @@ * RSA private key operations with CRT. Algorithm and variable naming * are taken from PKCS#1 v2.1, section 5.1.2. */ - private static byte[] crtCrypt(byte[] msg, RSAPrivateCrtKey key) - throws BadPaddingException { + private static byte[] crtCrypt(byte[] msg, RSAPrivateCrtKey key, + boolean verify) throws BadPaddingException { BigInteger n = key.getModulus(); - BigInteger c = parseMsg(msg, n); + BigInteger c0 = parseMsg(msg, n); + BigInteger c = c0; BigInteger p = key.getPrimeP(); BigInteger q = key.getPrimeQ(); BigInteger dP = key.getPrimeExponentP(); @@ -184,6 +197,9 @@ if (ENABLE_BLINDING) { m = m.multiply(brp.v).mod(n); } + if (verify && !c0.equals(m.modPow(e, n))) { + throw new BadPaddingException("RSA private key operation failed"); + } return toByteArray(m, getByteLength(n)); }
--- a/src/share/classes/sun/security/rsa/RSASignature.java Thu Apr 09 17:19:52 2015 -0700 +++ b/src/share/classes/sun/security/rsa/RSASignature.java Wed Feb 18 15:13:02 2015 +0300 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -174,7 +174,7 @@ try { byte[] encoded = encodeSignature(digestOID, digest); byte[] padded = padding.pad(encoded); - byte[] encrypted = RSACore.rsa(padded, privateKey); + byte[] encrypted = RSACore.rsa(padded, privateKey, true); return encrypted; } catch (GeneralSecurityException e) { throw new SignatureException("Could not sign data", e);