diff --git a/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java b/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
index 57261376d78..bdb1da97b63 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -40,14 +40,15 @@ import javax.crypto.spec.OAEPParameterSpec;
/**
* This class implements the OAEP parameters used with the RSA
* algorithm in OAEP padding. Here is its ASN.1 definition:
+ *
* RSAES-OAEP-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
* pSourceAlgorithm [2] PSourceAlgorithm DEFAULT pSpecifiedEmpty
* }
+ *
*
* @author Valerie Peng
- *
*/
public final class OAEPParameters extends AlgorithmParametersSpi {
@@ -91,61 +92,48 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
}
}
- protected void engineInit(byte[] encoded)
- throws IOException {
- DerInputStream der = new DerInputStream(encoded);
- mdName = "SHA-1";
- mgfSpec = MGF1ParameterSpec.SHA1;
- p = new byte[0];
- DerValue[] datum = der.getSequence(3);
- for (int i=0; i MGF1ParameterSpec.SHA1;
+ case "SHA-224" -> MGF1ParameterSpec.SHA224;
+ case "SHA-256" -> MGF1ParameterSpec.SHA256;
+ case "SHA-384" -> MGF1ParameterSpec.SHA384;
+ case "SHA-512" -> MGF1ParameterSpec.SHA512;
+ case "SHA-512/224" -> MGF1ParameterSpec.SHA512_224;
+ case "SHA-512/256" -> MGF1ParameterSpec.SHA512_256;
+ default -> throw new IOException(
+ "Unrecognized message digest algorithm");
+ };
+ } else {
+ mgfSpec = MGF1ParameterSpec.SHA1;
+ }
+ sub = der.getOptionalExplicitContextSpecific(2);
+ if (sub.isPresent()) {
+ AlgorithmId val = AlgorithmId.parse(sub.get());
+ if (!val.getOID().equals(OID_PSpecified)) {
+ throw new IOException("Wrong OID for pSpecified");
+ }
+ p = DerValue.wrap(val.getEncodedParams()).getOctetString();
+ } else {
+ p = new byte[0];
+ }
+ der.atEnd();
}
protected void engineInit(byte[] encoded, String decodingMethod)
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java b/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
index 42f6bc20903..a26c95b16d3 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
@@ -268,48 +268,34 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
}
iCount = pBKDF2_params.data.getInteger();
- DerValue prf = null;
// keyLength INTEGER (1..MAX) OPTIONAL,
- if (pBKDF2_params.data.available() > 0) {
- DerValue keyLength = pBKDF2_params.data.getDerValue();
- if (keyLength.tag == DerValue.tag_Integer) {
- keysize = keyLength.getInteger() * 8; // keysize (in bits)
- } else {
- // Should be the prf
- prf = keyLength;
- }
+ var ksDer = pBKDF2_params.data.getOptional(DerValue.tag_Integer);
+ if (ksDer.isPresent()) {
+ keysize = ksDer.get().getInteger() * 8; // keysize (in bits)
}
+
// prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1
- String kdfAlgo = "HmacSHA1";
- if (prf == null) {
- if (pBKDF2_params.data.available() > 0) {
- prf = pBKDF2_params.data.getDerValue();
- }
- }
- if (prf != null) {
+ String kdfAlgo;
+ var prfDer = pBKDF2_params.data.getOptional(DerValue.tag_Sequence);
+ if (prfDer.isPresent()) {
+ DerValue prf = prfDer.get();
kdfAlgo_OID = prf.data.getOID();
KnownOIDs o = KnownOIDs.findMatch(kdfAlgo_OID.toString());
if (o == null || (!o.stdName().equals("HmacSHA1") &&
- !o.stdName().equals("HmacSHA224") &&
- !o.stdName().equals("HmacSHA256") &&
- !o.stdName().equals("HmacSHA384") &&
- !o.stdName().equals("HmacSHA512"))) {
+ !o.stdName().equals("HmacSHA224") &&
+ !o.stdName().equals("HmacSHA256") &&
+ !o.stdName().equals("HmacSHA384") &&
+ !o.stdName().equals("HmacSHA512"))) {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key "
+ "derivation function");
}
kdfAlgo = o.stdName();
-
- if (prf.data.available() != 0) {
- // parameter is 'NULL' for all HmacSHA KDFs
- DerValue parameter = prf.data.getDerValue();
- if (parameter.tag != DerValue.tag_Null) {
- throw new IOException("PBE parameter parsing error: "
- + "not an ASN.1 NULL tag");
- }
- }
+ prf.data.getOptional(DerValue.tag_Null);
+ prf.data.atEnd();
+ } else {
+ kdfAlgo = "HmacSHA1";
}
-
return kdfAlgo;
}
diff --git a/src/java.base/share/classes/sun/security/pkcs/PKCS7.java b/src/java.base/share/classes/sun/security/pkcs/PKCS7.java
index a068c9e0023..63d1451148f 100644
--- a/src/java.base/share/classes/sun/security/pkcs/PKCS7.java
+++ b/src/java.base/share/classes/sun/security/pkcs/PKCS7.java
@@ -255,6 +255,16 @@ public class PKCS7 {
}
}
+ // SignedData ::= SEQUENCE {
+ // version Version,
+ // digestAlgorithms DigestAlgorithmIdentifiers,
+ // contentInfo ContentInfo,
+ // certificates
+ // [0] IMPLICIT ExtendedCertificatesAndCertificates
+ // OPTIONAL,
+ // crls
+ // [1] IMPLICIT CertificateRevocationLists OPTIONAL,
+ // signerInfos SignerInfos }
private void parseSignedData(DerValue val)
throws ParsingException, IOException {
@@ -294,9 +304,9 @@ public class PKCS7 {
* check if certificates (implicit tag) are provided
* (certificates are OPTIONAL)
*/
- if ((byte)(dis.peekByte()) == (byte)0xA0) {
- DerValue[] certVals = dis.getSet(2, true);
-
+ var certDer = dis.getOptionalImplicitContextSpecific(0, DerValue.tag_SetOf);
+ if (certDer.isPresent()) {
+ DerValue[] certVals = certDer.get().subs(DerValue.tag_SetOf, 2);
len = certVals.length;
certificates = new X509Certificate[len];
int count = 0;
@@ -339,9 +349,9 @@ public class PKCS7 {
}
// check if crls (implicit tag) are provided (crls are OPTIONAL)
- if ((byte)(dis.peekByte()) == (byte)0xA1) {
- DerValue[] crlVals = dis.getSet(1, true);
-
+ var crlsDer = dis.getOptionalImplicitContextSpecific(1, DerValue.tag_SetOf);
+ if (crlsDer.isPresent()) {
+ DerValue[] crlVals = crlsDer.get().subs(DerValue.tag_SetOf, 1);
len = crlVals.length;
crls = new X509CRL[len];
diff --git a/src/java.base/share/classes/sun/security/util/DerInputStream.java b/src/java.base/share/classes/sun/security/util/DerInputStream.java
index d937cf1ec2b..f10be6a3540 100644
--- a/src/java.base/share/classes/sun/security/util/DerInputStream.java
+++ b/src/java.base/share/classes/sun/security/util/DerInputStream.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,8 @@ import java.io.IOException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.Date;
+import java.util.Optional;
+import java.util.function.Predicate;
/**
* A DER input stream, used for parsing ASN.1 DER-encoded data such as
@@ -53,7 +55,6 @@ import java.util.Date;
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
-
public class DerInputStream {
// The static part
@@ -305,4 +306,105 @@ public class DerInputStream {
* empty.
*/
public int available() { return end - pos; }
+
+ /**
+ * Ensures there is no more data. This can be called when the last
+ * expected field is parsed, and we need to make sure no unread is left.
+ *
+ * @throws IOException if the end is NOT reached yet
+ */
+ public void atEnd() throws IOException {
+ if (available() != 0) {
+ throw new IOException("Extra unused bytes");
+ }
+ }
+
+ /**
+ * Checks if the tag of the next DerValue matches the rule.
+ *
+ * @param rule the rule to check for the tag.
+ * @return true if matches, false if not or stream is at end.
+ * @throws IOException if an I/O error happens while peeking the byte
+ */
+ private boolean checkNextTag(Predicate rule) {
+ return available() > 0 && rule.test(data[pos]);
+ }
+
+ /**
+ * Detect if the tag of the next DerValue is the specified one.
+ *
+ * @param tag the expected tag
+ * @return true if matches, false if not or stream is at end.
+ * @throws IOException if an I/O error happens while peeking the byte
+ */
+ private boolean checkNextTag(byte tag) {
+ return checkNextTag(t -> t == tag);
+ }
+
+ /**
+ * Returns the next DerValue if its tag is the given one.
+ *
+ * @param tag the expected tag
+ * @return the next DerValue, or empty if not found or stream at end
+ * @throws IOException if an I/O error happens
+ */
+ public Optional getOptional(byte tag) throws IOException {
+ if (checkNextTag(tag)) {
+ return Optional.of(getDerValue());
+ } else {
+ return Optional.empty();
+ }
+ }
+
+ /**
+ * Detect if the next DerValue is a context-specific value
+ * tagged by {@code n}.
+ *
+ * @param n the expected tag
+ * @return true if matches, false if not or stream is at end.
+ * @throws IOException if an I/O error happens while peeking the byte
+ */
+ public boolean seeOptionalContextSpecific(int n) throws IOException {
+ return checkNextTag(t -> (t & 0x0c0) == 0x080 && (t & 0x01f) == n);
+ }
+
+ /**
+ * Returns the inner DerValue if the next DerValue is
+ * an EXPLICIT context-specific value tagged by {@code n}.
+ *
+ * @param n the expected tag
+ * @return the inner DerValue, or empty if not found or stream at end
+ * @throws IOException if an I/O error happens
+ */
+ public Optional getOptionalExplicitContextSpecific(int n)
+ throws IOException {
+ if (seeOptionalContextSpecific(n)) {
+ DerInputStream sub = getDerValue().data(); // stream inside [n]
+ DerValue inner = sub.getDerValue(); // inside [n]
+ sub.atEnd(); // make sure there is only one inner value
+ return Optional.of(inner);
+ } else {
+ return Optional.empty();
+ }
+ }
+
+ /**
+ * Returns the restored DerValue if the next DerValue is
+ * an IMPLICIT context-specific value tagged by {@code n}.
+ *
+ * @param n the expected tag
+ * @param tag the real tag for the IMPLICIT type
+ * @return the restored DerValue, or empty if not found or stream at end
+ * @throws IOException if an I/O error happens
+ */
+ public Optional getOptionalImplicitContextSpecific(int n, byte tag)
+ throws IOException {
+ if (seeOptionalContextSpecific(n)) {
+ DerValue v = getDerValue(); // [n]
+ // restore tag because IMPLICIT has overwritten it
+ return Optional.of(v.withTag(tag));
+ } else {
+ return Optional.empty();
+ }
+ }
}
diff --git a/src/java.base/share/classes/sun/security/util/DerValue.java b/src/java.base/share/classes/sun/security/util/DerValue.java
index 25eeab8c7c2..4eb3190b0e4 100644
--- a/src/java.base/share/classes/sun/security/util/DerValue.java
+++ b/src/java.base/share/classes/sun/security/util/DerValue.java
@@ -290,7 +290,7 @@ public class DerValue {
}
/**
- * Wraps an DerOutputStream. All bytes currently written
+ * Wraps a DerOutputStream. All bytes currently written
* into the stream will become the content of the newly
* created DerValue.
*
@@ -305,6 +305,34 @@ public class DerValue {
return new DerValue(tag, out.buf(), 0, out.size(), false);
}
+ /**
+ * Wraps a byte array as a single DerValue.
+ *
+ * Attention: no cloning is made.
+ *
+ * @param buf the byte array containing the DER-encoded datum
+ * @returns a new DerValue
+ */
+ public static DerValue wrap(byte[] buf)
+ throws IOException {
+ return wrap(buf, 0, buf.length);
+ }
+
+ /**
+ * Wraps a byte array as a single DerValue.
+ *
+ * Attention: no cloning is made.
+ *
+ * @param buf the byte array containing the DER-encoded datum
+ * @param offset where the encoded datum starts inside {@code buf}
+ * @param len length of bytes to parse inside {@code buf}
+ * @returns a new DerValue
+ */
+ public static DerValue wrap(byte[] buf, int offset, int len)
+ throws IOException {
+ return new DerValue(buf, offset, len, true, false);
+ }
+
/**
* Parse an ASN.1/BER encoded datum. The entire encoding must hold exactly
* one datum, including its tag and length.
@@ -1229,7 +1257,7 @@ public class DerValue {
* @param startLen estimated number of sub-values
* @return the sub-values in an array
*/
- DerValue[] subs(byte expectedTag, int startLen) throws IOException {
+ public DerValue[] subs(byte expectedTag, int startLen) throws IOException {
if (expectedTag != 0 && expectedTag != tag) {
throw new IOException("Not the correct tag");
}
diff --git a/test/jdk/com/sun/crypto/provider/AlgorithmParameters/OAEPOrder.java b/test/jdk/com/sun/crypto/provider/AlgorithmParameters/OAEPOrder.java
new file mode 100644
index 00000000000..1f4697bfd1e
--- /dev/null
+++ b/test/jdk/com/sun/crypto/provider/AlgorithmParameters/OAEPOrder.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import javax.crypto.spec.OAEPParameterSpec;
+import javax.crypto.spec.PSource;
+import java.io.IOException;
+import java.security.AlgorithmParameters;
+import java.security.spec.MGF1ParameterSpec;
+import java.util.Arrays;
+
+/**
+ * @test
+ * @bug 8246797
+ * @summary Ensures OAEPParameters read correct encoding and
+ * reject encoding with invalid ordering
+ */
+
+public class OAEPOrder {
+ public static void main(String[] args) throws Exception {
+ // Do not use default fields
+ OAEPParameterSpec spec = new OAEPParameterSpec(
+ "SHA-384", "MGF1", MGF1ParameterSpec.SHA384,
+ new PSource.PSpecified(new byte[10]));
+ AlgorithmParameters alg = AlgorithmParameters.getInstance("OAEP");
+ alg.init(spec);
+ byte[] encoded = alg.getEncoded();
+
+ // Extract the fields inside encoding
+ // [0] HashAlgorithm
+ byte[] a0 = Arrays.copyOfRange(encoded, 2, encoded[3] + 4);
+ // [1] MaskGenAlgorithm + [2] PSourceAlgorithm
+ byte[] a12 = Arrays.copyOfRange(encoded, 2 + a0.length, encoded.length);
+
+ // and rearrange [1] and [2] before [0]
+ System.arraycopy(a12, 0, encoded, 2, a12.length);
+ System.arraycopy(a0, 0, encoded, 2 + a12.length, a0.length);
+
+ AlgorithmParameters alg2 = AlgorithmParameters.getInstance("OAEP");
+ try {
+ alg2.init(encoded);
+ throw new RuntimeException("Should fail");
+ } catch (IOException ioe) {
+ // expected
+ }
+ }
+}