Feedback and solution to support RSASSA-PSS

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Feedback and solution to support RSASSA-PSS

Vasilij A Burmistrov
Hello!

I use Bouncy Castle library in my various tasks on Java.
Bouncy Castle library is awesome! Thank You for your great job!

I faced the issue several days ago.
We have Microsoft CA Server with  root and sub certificates based on RSASSA-PSS PKCS #1 Version 2.1 signature algorithm.
Of cause, clients certificates, issued by this CA have the same algorithm.
I have read this https://pkisolutions.com/pkcs1v2-1rsassa-pss/ about PKCS #1 Version 2.1, but migration of CA to RSAwithSHA with re-issue certificates is impossible for now.
Task is to build certifications path. I found this topic with the same question: http://bouncy-castle.1462172.n4.nabble.com/Using-RSASSA-PSS-signature-algorithm-to-verify-a-certificate-in-Java-td4658632.html

  Method  cert.verify(key) throws <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava">java.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security">security.SignatureException on RSASSA-PSS certificates

I use this code to verify cert:

Signature signature = Signature.getInstance(RSASSA_PSS, BC);
                signature.setParameter(new PSSParameterSpec(SHA_512, MGF1,
                        new MGF1ParameterSpec(SHA_512), 64, 1));
                signature.initVerify(cert.getPublicKey());
                signature.update(cert.getTBSCertificate());
                return signature.verify(cert.getSignature());

And it work. But it is only one third of the solution. Because SUN provider and BC use cert.verify(key) in their CertPathBuilder implementations.

I took source of bcprov-ext-jdk15on_1.59 and made the following changes in <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg">org.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle">bouncycastle.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle.jce">jce.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle.jce.provider">provider.CertPathValidatorUtilities
        Method  protected static void verifyX509Certificate(X509Certificate cert, PublicKey publicKey,
            String sigProvider)
            throws GeneralSecurityException

Then I built bcprov-ext-jdk15on-1.59-hotfix.jar,
naturally already without electronic signature on jar from Bouncy Castle.


I added this bcprov-ext-jdk15on-1.59-hotfix.jar to my project and it started to build certification path from client to trust anchor.

CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");        
        PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);

It WORKS!

I have put edited <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg">org.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle">bouncycastle.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle.jce">jce.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle.jce.provider">provider.CertPathValidatorUtilities to GitHub https://github.com/VBurmistrov/Bouncy-Castle-RSASSA-PSS-PKCS-1-Version-2.1-
See verifyWithRSASSA_PSS method.

Could you please provide me some answers.

Do you know about this issue with PKCS #1 Version 2.1?
Have you planned to add support this algorithm  in your  PKIXCertPathBuilder implementation?
Could you take my solution with some your own edits to bring more universality in new version of library?
For example, <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security.spec(PSSParameterSpec.class%E2%98%83PSSParameterSpec~PSSParameterSpec~Ljava.lang.String;~Ljava.lang.String;~Ljava.security.spec.AlgorithmParameterSpec;~I~I%E2%98%82java.lang.String">String mdName and int saltLen  parameters for  <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava">java.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security">security.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security.spec">spec.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security.spec(PSSParameterSpec.class%E2%98%83PSSParameterSpec">PSSParameterSpec.PSSParameterSpec   can be made customizable.

I wrote to [hidden email] but did not get an answer.
 
Thank you!

Best Regards,
Vasiliy Burmistrov
vburmistrov@...
vburmistrov80@...
Reply | Threaded
Open this post in threaded view
|

RE: Feedback and solution to support RSASSA-PSS

Eckenfels. Bernd

Hello,

 

Not sure how far the progress is in BC, but just a pointer:

 

RSAPSS Support is upcoming in OpenJDK for TLS and certchain (SunRsaSign):  https://bugs.openjdk.java.net/browse/JDK-8146293 targeted for 11.

 

Gruss

Bernd

 

 

From: Vasilij A Burmistrov [mailto:[hidden email]]
Sent: Monday, April 9, 2018 3:34 PM
To: [hidden email]
Subject: [dev-crypto] Feedback and solution to support RSASSA-PSS

 

Hello!

I use Bouncy Castle library in my various tasks on Java.
Bouncy Castle library is awesome! Thank You for your great job!

I faced the issue several days ago.
We have Microsoft CA Server with  root and sub certificates based on RSASSA-PSS PKCS #1 Version 2.1 signature algorithm.
Of cause, clients certificates, issued by this CA have the same algorithm.
I have read this https://pkisolutions.com/pkcs1v2-1rsassa-pss/ about PKCS #1 Version 2.1, but migration of CA to RSAwithSHA with re-issue certificates is impossible for now.
Task is to build certifications path. I found this topic with the same question: http://bouncy-castle.1462172.n4.nabble.com/Using-RSASSA-PSS-signature-algorithm-to-verify-a-certificate-in-Java-td4658632.html

  Method  cert.verify(key) throws <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava">java.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security">security.SignatureException on RSASSA-PSS certificates

I use this code to verify cert:

Signature signature = Signature.getInstance(RSASSA_PSS, BC);
                signature.setParameter(new PSSParameterSpec(SHA_512, MGF1,
                        new MGF1ParameterSpec(SHA_512), 64, 1));
                signature.initVerify(cert.getPublicKey());
                signature.update(cert.getTBSCertificate());
                return signature.verify(cert.getSignature());

And it work. But it is only one third of the solution. Because SUN provider and BC use cert.verify(key) in their CertPathBuilder implementations.

I took source of bcprov-ext-jdk15on_1.59 and made the following changes in <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg">org.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle">bouncycastle.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle.jce">jce.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle.jce.provider">provider.CertPathValidatorUtilities
        Method  protected static void verifyX509Certificate(X509Certificate cert, PublicKey publicKey,
            String sigProvider)
            throws GeneralSecurityException

Then I built bcprov-ext-jdk15on-1.59-hotfix.jar,
naturally already without electronic signature on jar from Bouncy Castle.


I added this bcprov-ext-jdk15on-1.59-hotfix.jar to my project and it started to build certification path from client to trust anchor.

CertPathBuilder builder = CertPathBuilder.getInstance("PKIX", "BC");        
        PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) builder.build(pkixParams);

It WORKS!

I have put edited <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg">org.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle">bouncycastle.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle.jce">jce.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/src%5C/main%5C/java%3Corg.bouncycastle.jce.provider">provider.CertPathValidatorUtilities to GitHub https://github.com/VBurmistrov/Bouncy-Castle-RSASSA-PSS-PKCS-1-Version-2.1-
See verifyWithRSASSA_PSS method.

Could you please provide me some answers.

Do you know about this issue with PKCS #1 Version 2.1?
Have you planned to add support this algorithm  in your  PKIXCertPathBuilder implementation?
Could you take my solution with some your own edits to bring more universality in new version of library?
For example, <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security.spec(PSSParameterSpec.class%E2%98%83PSSParameterSpec~PSSParameterSpec~Ljava.lang.String;~Ljava.lang.String;~Ljava.security.spec.AlgorithmParameterSpec;~I~I%E2%98%82java.lang.String">String mdName and int saltLen  parameters for  <a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava">java.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security">security.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security.spec">spec.<a href="eclipse-javadoc:%E2%98%82=trustcorersa_wild/C:%5C/Program%20Files%5C/Java%5C/jdk1.8.0_111%5C/jre%5C/lib%5C/rt.jar%3Cjava.security.spec(PSSParameterSpec.class%E2%98%83PSSParameterSpec">PSSParameterSpec.PSSParameterSpec   can be made customizable.

I wrote to [hidden email] but did not get an answer.
 
Thank you!

Best Regards,
Vasiliy Burmistrov
[hidden email]
[hidden email]






     


SEEBURGER AG   Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:   Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1  
D-75015 Bretten Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0 Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de Registergericht/Commercial Register:
e-mail: [hidden email] HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.