8071726: Better RSA optimizations

Summary: Added a check when RSA signature is generated with a RSAPrivateCRTKey object. Reviewed-by: mullan

8071726: Better RSA optimizations
Summary: Added a check when RSA signature is generated with a RSAPrivateCRTKey object. Reviewed-by: mullan
21b1fcb4 · valeriep · 8f35916e · 21b1fcb4 · 21b1fcb4 · 21b1fcb4
3 changed file
--- a/src/share/classes/com/sun/crypto/provider/RSACipher.java
+++ b/src/share/classes/com/sun/crypto/provider/RSACipher.java
 /*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -349,7 +349,7 @@ public final class RSACipher extends CipherSpi {
            switch (mode) {
            case MODE_SIGN:
                data = padding.pad(buffer, 0, bufOfs);
-                return RSACore.rsa(data, privateKey);
+                return RSACore.rsa(data, privateKey, true);
            case MODE_VERIFY:
                byte[] verifyBuffer = RSACore.convert(buffer, 0, bufOfs);
                data = RSACore.rsa(verifyBuffer, publicKey);
@@ -359,7 +359,7 @@ public final class RSACipher extends CipherSpi {
                return RSACore.rsa(data, publicKey);
            case MODE_DECRYPT:
                byte[] decryptBuffer = RSACore.convert(buffer, 0, bufOfs);
-                data = RSACore.rsa(decryptBuffer, privateKey);
+                data = RSACore.rsa(decryptBuffer, privateKey, false);
                return padding.unpad(data);
            default:
                throw new AssertionError("Internal error");

--- a/src/share/classes/sun/security/rsa/RSACore.java
+++ b/src/share/classes/sun/security/rsa/RSACore.java
 /*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -102,12 +102,24 @@ public final class RSACore {
    /**
     * Perform an RSA private key operation. Uses CRT if the key is a
-     * CRT key.
+     * CRT key with additional verification check after the signature
+     * is computed.
     */
+    @Deprecated
    public static byte[] rsa(byte[] msg, RSAPrivateKey key)
            throws BadPaddingException {
+        return rsa(msg, key, true);
+    }
+    /**
+     * Perform an RSA private key operation. Uses CRT if the key is a
+     * CRT key. Set 'verify' to true if this function is used for
+     * generating a signature.
+     */
+    public static byte[] rsa(byte[] msg, RSAPrivateKey key, boolean verify)
+            throws BadPaddingException {
        if (key instanceof RSAPrivateCrtKey) {
-            return crtCrypt(msg, (RSAPrivateCrtKey)key);
+            return crtCrypt(msg, (RSAPrivateCrtKey)key, verify);
        } else {
            return priCrypt(msg, key.getModulus(), key.getPrivateExponent());
        }
@@ -148,10 +160,11 @@ public final class RSACore {
     * RSA private key operations with CRT. Algorithm and variable naming
     * are taken from PKCS#1 v2.1, section 5.1.2.
     */
-    private static byte[] crtCrypt(byte[] msg, RSAPrivateCrtKey key)
+    private static byte[] crtCrypt(byte[] msg, RSAPrivateCrtKey key,
-            throws BadPaddingException {
+            boolean verify) throws BadPaddingException {
        BigInteger n = key.getModulus();
-        BigInteger c = parseMsg(msg, n);
+        BigInteger c0 = parseMsg(msg, n);
+        BigInteger c = c0;
        BigInteger p = key.getPrimeP();
        BigInteger q = key.getPrimeQ();
        BigInteger dP = key.getPrimeExponentP();
@@ -184,6 +197,9 @@ public final class RSACore {
        if (ENABLE_BLINDING) {
            m = m.multiply(brp.v).mod(n);
        }
+        if (verify && !c0.equals(m.modPow(e, n))) {
+            throw new BadPaddingException("RSA private key operation failed");
+        }
        return toByteArray(m, getByteLength(n));
    }

--- a/src/share/classes/sun/security/rsa/RSASignature.java
+++ b/src/share/classes/sun/security/rsa/RSASignature.java
 /*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -173,7 +173,7 @@ public abstract class RSASignature extends SignatureSpi {
        try {
            byte[] encoded = encodeSignature(digestOID, digest);
            byte[] padded = padding.pad(encoded);
-            byte[] encrypted = RSACore.rsa(padded, privateKey);
+            byte[] encrypted = RSACore.rsa(padded, privateKey, true);
            return encrypted;
        } catch (GeneralSecurityException e) {
            throw new SignatureException("Could not sign data", e);