renamed variables "*EncodedKey" to "*ByteKey"; add "RSASSA-PSS" as a …

…fallback algorithm for the BC adapter (since <hash-name>WITHRSAANDMGF1 sometimes is not found)
bcgit · sergejskozlovics · Oct 25, 2023 · Oct 25, 2023 · Oct 25, 2023 · Oct 25, 2023
commit 57af27a58c1b7d44cda7a2e06a28c67a6d716c57
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCertificate.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCertificate.java
@@ -270,14 +270,20 @@ public Tls13Verifier createVerifier(int signatureScheme) throws IOException
             int cryptoHashAlgorithm = SignatureScheme.getCryptoHashAlgorithm(signatureScheme);
             String digestName = crypto.getDigestName(cryptoHashAlgorithm);
             String sigName = org.bouncycastle.tls.crypto.impl.jcajce.RSAUtil.getDigestSigAlgName(digestName)
-                //+"WITHRSA";//+
                 + "WITHRSAANDMGF1";
 
             // NOTE: We explicitly set them even though they should be the defaults, because providers vary
             AlgorithmParameterSpec pssSpec = org.bouncycastle.tls.crypto.impl.jcajce.RSAUtil
                 .getPSSParameterSpec(cryptoHashAlgorithm, digestName, crypto.getHelper());
 
-            return crypto.createTls13Verifier(sigName, pssSpec, getPubKeyRSA());
+            try {
+                return crypto.createTls13Verifier(sigName, pssSpec, getPubKeyRSA());
+            }
+            catch(Exception e) {
+                // #tls-injection fix: using the sig alg name of the SunRsaSign provider
+                sigName = "RSASSA-PSS";
+                return crypto.createTls13Verifier(sigName, pssSpec, getPubKeyRSA());
+            }
         }
 
         // TODO[RFC 8998]

diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java
@@ -492,7 +492,14 @@ public AlgorithmParameters getSignatureSchemeAlgorithmParameters(int signatureSc
 
         AlgorithmParameterSpec pssSpec = RSAUtil.getPSSParameterSpec(cryptoHashAlgorithm, digestName, getHelper());
 
-        Signature signer = getHelper().createSignature(sigName);
+        Signature signer;
+        try {
+            signer =  getHelper().createSignature(sigName);
+        }
+        catch(Exception e) {
+            signer = Signature.getInstance("RSASSA-PSS", "SunRsaSign");
+            // #tls-injection fix: using the sig alg name of the SunRsaSign provider
+        }
 
         // NOTE: We explicitly set them even though they should be the defaults, because providers vary
         signer.setParameter(pssSpec);

diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsRSAPSSSigner.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsRSAPSSSigner.java
@@ -85,6 +85,13 @@ public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm) thro
         AlgorithmParameterSpec pssSpec = RSAUtil.getPSSParameterSpec(cryptoHashAlgorithm, digestName,
             crypto.getHelper());
 
-        return crypto.createStreamSigner(sigName, pssSpec, privateKey, true);
+        try {
+            return crypto.createStreamSigner(sigName, pssSpec, privateKey, true);
+        }
+        catch(Exception e) {
+            // #tls-injection fix: using the sig alg name of the SunRsaSign provider
+            sigName = "RSASSA-PSS";
+            return crypto.createStreamSigner(sigName, pssSpec, privateKey, true);
+        }
     }
 }
diff --git a/...sigalgs/CipherParametersToEncodedKey.java → ...tion/sigalgs/CipherParametersByteKey.java b/...sigalgs/CipherParametersToEncodedKey.java → ...tion/sigalgs/CipherParametersByteKey.java
@@ -2,7 +2,7 @@
 
 import org.bouncycastle.crypto.CipherParameters;
 
-public interface CipherParametersToEncodedKey
+public interface CipherParametersByteKey
 {
-    byte[] encodedKey(CipherParameters params);
+    byte[] byteKey(CipherParameters params);
 }
diff --git a/tls/src/main/java/org/bouncycastle/tls/injection/sigalgs/InjectedSigVerifiers.java b/tls/src/main/java/org/bouncycastle/tls/injection/sigalgs/InjectedSigVerifiers.java
@@ -32,7 +32,7 @@ boolean verifySignature(
     }
 
     private final Map<Integer, VerifySignatureFunction> verifiers; // code point -> verifier fn
-    private final Map<Integer, PublicKeyToEncodedKey> converters; // code point -> encoder fn
+    private final Map<Integer, PublicKeyToByteKey> converters; // code point -> encoder fn
 
     public InjectedSigVerifiers()
     {
@@ -49,7 +49,7 @@ public InjectedSigVerifiers(InjectedSigVerifiers origin)
     public void add(
             int sigSchemeCodePoint,
             VerifySignatureFunction fn,
-            PublicKeyToEncodedKey fn2)
+            PublicKeyToByteKey fn2)
     {
         verifiers.put(sigSchemeCodePoint, fn);
         converters.put(sigSchemeCodePoint, fn2);
@@ -66,7 +66,7 @@ public TlsVerifier tlsVerifier(
             int sigSchemeCodePoint)
     {
         VerifySignatureFunction fn = verifiers.get(sigSchemeCodePoint);
-        PublicKeyToEncodedKey fn2 = converters.get(sigSchemeCodePoint);
+        PublicKeyToByteKey fn2 = converters.get(sigSchemeCodePoint);
 
         return new MyTlsVerifier(crypto, publicKey, sigSchemeCodePoint, fn, fn2);
     }
@@ -79,14 +79,14 @@ private class MyTlsVerifier
         private final PublicKey publicKey;
         private final int signatureScheme;
         private final VerifySignatureFunction fn;
-        private final PublicKeyToEncodedKey fn2;
+        private final PublicKeyToByteKey fn2;
 
         public MyTlsVerifier(
                 JcaTlsCrypto crypto,
                 PublicKey publicKey,
                 int signatureSchemeCodePoint,
                 VerifySignatureFunction fn,
-                PublicKeyToEncodedKey fn2)
+                PublicKeyToByteKey fn2)
         {
             if (null == crypto)
             {
@@ -112,7 +112,7 @@ public boolean verifyRawSignature(
                 DigitallySigned signature,
                 byte[] hash) throws IOException
         {
-            byte[] encoded = fn2.encodedKey(publicKey);
+            byte[] encoded = fn2.byteKey(publicKey);
             boolean b = fn.verifySignature(hash, encoded, signature);
             return b;
         }

diff --git a/tls/src/main/java/org/bouncycastle/tls/injection/sigalgs/InjectedSigners.java b/tls/src/main/java/org/bouncycastle/tls/injection/sigalgs/InjectedSigners.java
@@ -63,17 +63,10 @@ public TlsSigner tlsSigner(
             throw new RuntimeException("Algorithm " + algorithmFullName + " not found among signers.");
         }
 
-        byte[] sk = privateKey.getEncoded();
-        PrivateKeyInfo info = PrivateKeyInfo.getInstance(sk);
+        byte[] skEncoded = privateKey.getEncoded();
+        PrivateKeyInfo info = PrivateKeyInfo.getInstance(skEncoded);
 
-        byte[] sk2;
-        try
-        {
-            sk2 = info.getPrivateKey().getEncoded();
-        } catch (IOException e)
-        {
-            throw new RuntimeException(e);
-        }
-        return new MyTlsSigner(crypto, sk2, (SignerFunction) fn);
+        byte[] skBytes = info.getPrivateKey().getOctets();
+        return new MyTlsSigner(crypto, skBytes, (SignerFunction) fn);
     }
 }
diff --git a/tls/src/main/java/org/bouncycastle/tls/injection/sigalgs/MyMessageSigner.java b/tls/src/main/java/org/bouncycastle/tls/injection/sigalgs/MyMessageSigner.java
@@ -12,7 +12,7 @@ public class MyMessag
93D4
eSigner
     private SignatureAndHashAlgorithm algorithm;
     private SignerFunction fnSign;
     private VerifierFunction fnVerify;
-    private CipherParametersToEncodedKey paramsToPublicKey, paramsToPrivateKey;
+    private CipherParametersByteKey paramsToPublicKey, paramsToPrivateKey;
 
     // the following fields are initialized by BC by invoking init():
     private CipherParameters params;
@@ -21,8 +21,8 @@ public MyMessageSigner(
             int signatureSchemeCodePoint,
             SignerFunction fnSign,
             VerifierFunction fnVerify,
-            CipherParametersToEncodedKey paramsToPublicKey,
-            CipherParametersToEncodedKey paramsToPrivateKey)
+            CipherParametersByteKey paramsToPublicKey,
+            CipherParametersByteKey paramsToPrivateKey)
     {
         this.algorithm = new SignatureAndHashAlgorithm((short) (signatureSchemeCodePoint >> 8), (short) (signatureSchemeCodePoint & 0xFF));
         this.fnSign = fnSign;
@@ -43,7 +43,7 @@ public void init(
     @Override
     public byte[] generateSignature(byte[] message)
     {
-        byte[] sk = this.paramsToPrivateKey.encodedKey(params); //skParams.getEncoded();
+        byte[] sk = this.paramsToPrivateKey.byteKey(params); //skParams.getEncoded();
 
         byte[] bcSignature = new byte[0];
         try
@@ -61,7 +61,8 @@ public boolean verifySignature(
             byte[] message,
             byte[] signature)
     {
-        byte[] pk = this.paramsToPublicKey.encodedKey(params);
-        return fnVerify.verify(message, pk, new DigitallySigned(algorithm, signature));
+        byte[] pk = this.paramsToPublicKey.byteKey(params);
+        boolean isValid = fnVerify.verify(message, pk, new DigitallySigned(algorithm, signature));
+        return isValid;
     }
 }
diff --git a/...ection/sigalgs/PublicKeyToEncodedKey.java → ...injection/sigalgs/PublicKeyToByteKey.java b/...ection/sigalgs/PublicKeyToEncodedKey.java → ...injection/sigalgs/PublicKeyToByteKey.java
@@ -2,7 +2,7 @@
 
 import java.security.PublicKey;
 
-public interface PublicKeyToEncodedKey
+public interface PublicKeyToByteKey
 {
-    byte[] encodedKey(PublicKey key);
+    byte[] byteKey(PublicKey key);
 }