search

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.31k stars 1.14k forks source link

RSA DigestSignatureSpi returns true from supportsParameter for PKCS#8 encoded ECPrivateKey #1679

Open rogermap opened 5 months ago

rogermap commented 5 months ago

In JDK 21 java.security.Signature method the provider chooser algorithm contains this code:

 // if provider says it does not support this key, ignore it
  if (key != null && s.supportsParameter(key) == false) {
      continue;
  }

org.bouncycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi$SHA1 returns true for PKCS#8 encoded ECPrivateKey

The algorithm choose that provider and in the provider init method throws an exception because it is not a RSAPrivateKey

    protected void engineInitSign(
        PrivateKey privateKey)
        throws InvalidKeyException
    {
        if (!(privateKey instanceof RSAPrivateKey))
        {
            throw new InvalidKeyException("Supplied key (" + getType(privateKey) + ") is not a RSAPrivateKey instance");
        }
        CipherParameters param = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey);
        digest.reset();
        cipher.init(true, param);
    }

Edited for formatting by @cipherboy.

dghgit commented 2 months ago

Yes, it appears the default implementation checks the format before it checks the key class, returning true if it matches. I don't think it makes sense for the JVM to be doing a format check here, all PrivateKeys will have the format PKCS#8, it should only be checking the key class.