Bug ID: JDK-8242556 Cannot load RSASSA-PSS public key with non-null params from byte array

JDK-8242556 : Cannot load RSASSA-PSS public key with non-null params from byte array

Type: Bug
Component: security-libs
Sub-Component: java.security
Affected Version: 8,11,15

Priority: P3
Status: Closed
Resolution: Fixed

Submitted: 2020-04-13
Updated: 2022-09-28
Resolved: 2020-04-14

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 15	JDK 8	Other
11.0.9-oracleFixed	15 b19Fixed	8u271Fixed	openjdk8u272Fixed

Related Reports

Blocks :	JDK-8242335 - Additional Tests for RSASSA-PSS
Duplicate :	JDK-8242620 - Cannot serialize RSASSA-PSS keys with non-null params
Relates :	JDK-8278027 - X509Key.decode exception while using JSafeJCE FIPS provider
Relates :	JDK-8146293 - Add support for RSASSA-PSS Signature algorithm

Description

The following piece of code fails with an InvalidKeySpecException:

-------------
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSASSA-PSS");
        KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
        kpg.initialize(new RSAKeyGenParameterSpec(2048,
                RSAKeyGenParameterSpec.F4,
                new PSSParameterSpec(
                        "SHA-384", "MGF1",
                        new MGF1ParameterSpec("SHA-384"),
                        48, PSSParameterSpec.TRAILER_FIELD_BC)));
        kf.generatePublic(new X509EncodedKeySpec(
                kpg.generateKeyPair().getPublic().getEncoded()));
---------------

Caused by: java.security.ProviderException: Unsupported algorithm 1.2.840.113549.1.1.10
	at java.base/sun.security.rsa.RSAUtil$KeyType.lookup(RSAUtil.java:66)
	at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:142)
	at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:133)
	at java.base/sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:130)

Cause
=====

This is because when the key is read, the parameters of the AlgorithmId is instantiated with the OID (in AlgorithmId::decodeParams, algParams = AlgorithmParameters.getInstance(algidString)), so its getAlgorithm() always returns the OID string, and cannot be recognized by RSAUtil::lookup.

Suggested fix:
===========

diff --git a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
--- a/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
+++ b/src/java.base/share/classes/sun/security/rsa/RSAUtil.java
@@ -63,6 +63,9 @@
                 }
             }
             // no match
+            if (name.equals(AlgorithmId.RSASSA_PSS_oid.toString())) {
+                return PSS;
+            }
             throw new ProviderException("Unsupported algorithm " + name);
         }
     }

Comments

Fix Request (8u) I would like to backport this to 8u for parity with Oracle 8u271. The original patch does not apply cleanly. The only conflicts are copyright lines of PSSParametersTest.java and TestPSSKeySupport.java, where they are already up-to-date. Code review thread: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-July/012279.html (reviewed)
28-07-2020
jdk11 backport request I would like to have the patch in openjdk11 as well (for better parity with 11.0.9-oracle). The patch applies cleanly.
21-07-2020
URL: https://hg.openjdk.java.net/jdk/jdk/rev/9eea66de64df User: valeriep Date: 2020-04-14 22:12:59 +0000
14-04-2020
When decoding the DER encoding, AlgorithmId class should check its own internal oid-name mapping first before directly using the oid string (x.y.z) for getInstance() calls.
14-04-2020
It also fails for private key too with similar exception as it can be seen with the following sample code. The Keys generated through commented line[new PKCS8EncodedKeySpec(key.getEncoded())] is only the failure case while it pass for others, kf.generatePrivate(kf.getKeySpec(key, RSAPrivateKeySpec.class)), //kf.generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())), kf.generatePrivate(new RSAPrivateKeySpec(((RSAPrivateKey) key).getModulus(), ((RSAPrivateKey) key).getPrivateExponent())), kf.translateKey(key) The following Test Fails for CASE#2 and CASE#3. import java.lang.reflect.Constructor; import java.math.BigInteger; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.MessageDigest; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.MGF1ParameterSpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.PSSParameterSpec; import java.security.spec.RSAKeyGenParameterSpec; /* * @test * @bug 8242335 * @summary Test RSASSA-PSS keys * @run main Test */ public class Test { private static final int K_SIZE = 2048; private static final String DIGEST = "SHA-256"; public static void main(String[] args) throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSASSA-PSS", "SunRsaSign"); KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS", "SunRsaSign"); boolean pass = true; // CASE#1 Pass try { kpg.initialize(K_SIZE); KeyPair kp = kpg.generateKeyPair(); kf.generatePrivate(new PKCS8EncodedKeySpec(kp.getPrivate().getEncoded())); } catch (Exception e) { pass = false; System.out.println("####### CASE#1 FAILED #########"); e.printStackTrace(System.out); } //CASE#2 Fails int dgLen = MessageDigest.getInstance(DIGEST).getDigestLength(); int saltLength = K_SIZE / 8 - dgLen - 2; PSSParameterSpec params = new PSSParameterSpec(DIGEST, "MGF1", new MGF1ParameterSpec(DIGEST), saltLength, PSSParameterSpec.TRAILER_FIELD_BC); try { kpg.initialize(new RSAKeyGenParameterSpec(K_SIZE, RSAKeyGenParameterSpec.F4, params)); KeyPair kp2 = kpg.generateKeyPair(); kf.generatePrivate(new PKCS8EncodedKeySpec(kp2.getPrivate().getEncoded())); } catch (Exception e) { pass = false; System.out.println("####### CASE#2 FAILED #########"); e.printStackTrace(System.out); } //Case#3 Fails try { Constructor<RSAKeyGenParameterSpec> c = RSAKeyGenParameterSpec.class.getConstructor(int.class, BigInteger.class, AlgorithmParameterSpec.class); kpg.initialize(c.newInstance(K_SIZE, RSAKeyGenParameterSpec.F4, params)); KeyPair kp3 = kpg.generateKeyPair(); kf.generatePrivate(new PKCS8EncodedKeySpec(kp3.getPrivate().getEncoded())); } catch (Exception e) { pass = false; System.out.println("####### CASE#3 FAILED #########"); e.printStackTrace(System.out); } if(!pass) { throw new RuntimeException("Some case failed. Check log for more detail."); } } } ################## Sample LOG ################ java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: java.security.ProviderException: Unsupported algorithm 1.2.840.113549.1.1.10 at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:251) at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:384) at Test.main(Test.java:48) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:564) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) at java.base/java.lang.Thread.run(Thread.java:832) Caused by: java.security.InvalidKeyException: java.security.ProviderException: Unsupported algorithm 1.2.840.113549.1.1.10 at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:138) at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:82) at java.base/sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:356) at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:247) ... 8 more Caused by: java.security.ProviderException: Unsupported algorithm 1.2.840.113549.1.1.10 at java.base/sun.security.rsa.RSAUtil$KeyType.lookup(RSAUtil.java:66) at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:142) at java.base/sun.security.rsa.RSAUtil.getParamSpec(RSAUtil.java:133) at java.base/sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:136) ... 11 more
14-04-2020