Quantcast

RSA PSS TrailerField

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RSA PSS TrailerField

Neil Sikka
Hello, I am using BouncyCastle to verify an RSA signature on a file using the following tuning parameters:

      1. RSA-3072 with PSS

      2. PSS is using SaltLength=0, trailerField=0

      3. PSS is using SHA-256

However, when I pass 0 as the trailerField argument in the call to the constructor as below:

PSSParameterSpec spec = new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 0, 0);

I get an exception:

Exception in thread "main" java.lang.IllegalArgumentException: unknown trailer field
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.getTrailer(Unknown Source)
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineSetParameter(Unknown Source)
    at java.security.Signature$Delegate.engineSetParameter(Signature.java:1237)
    at java.security.Signature.setParameter(Signature.java:867)
    at BCTest.verifySignature(BCTest.java:49)
    at BCTest.main(BCTest.java:62)

The Java 8 documentation here (https://docs.oracle.com/javase/8/docs/api/java/security/spec/PSSParameterSpec.html#PSSParameterSpec-java.lang.String-java.lang.String-java.security.spec.AlgorithmParameterSpec-int-int-) says that the constructor throws an  IllegalArgumentException - if saltLen or trailerField is less than 0.

However, when i looked at the code (https://github.com/bcgit/bc-java/blob/ae63147936376e85e068c7b63373d4e930c3fe58/prov/src/main/jdk1.3/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java#L47), it looks like it is only throwing an exception when TrailerField is not 1.

Is this a bug?

Thanks in Advance.

--
Twitter: @neilsikka
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: RSA PSS TrailerField

David Hook-3

It's not a bug, although perhaps we're a bit overzealous - the only defined value for the trailer field in a PKCS#1 PSS signature is the nine bits long, starting with 0 and finishing with 0xbc. Because of the way the PSSParameters are defined this equates to a value of 1 for the trailer field, any other value is undefined as there's no mapping from the parameters to what would appear in the signature (as far as we can tell...) See also PSSParameterSpec.DEFAULT.

Regards,

David

On 17/03/17 03:41, Neil Sikka wrote:
Hello, I am using BouncyCastle to verify an RSA signature on a file using the following tuning parameters:

      1. RSA-3072 with PSS

      2. PSS is using SaltLength=0, trailerField=0

      3. PSS is using SHA-256

However, when I pass 0 as the trailerField argument in the call to the constructor as below:

PSSParameterSpec spec = new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 0, 0);

I get an exception:

Exception in thread "main" java.lang.IllegalArgumentException: unknown trailer field
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.getTrailer(Unknown Source)
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineSetParameter(Unknown Source)
    at java.security.Signature$Delegate.engineSetParameter(Signature.java:1237)
    at java.security.Signature.setParameter(Signature.java:867)
    at BCTest.verifySignature(BCTest.java:49)
    at BCTest.main(BCTest.java:62)

The Java 8 documentation here (https://docs.oracle.com/javase/8/docs/api/java/security/spec/PSSParameterSpec.html#PSSParameterSpec-java.lang.String-java.lang.String-java.security.spec.AlgorithmParameterSpec-int-int-) says that the constructor throws an  IllegalArgumentException - if saltLen or trailerField is less than 0.

However, when i looked at the code (https://github.com/bcgit/bc-java/blob/ae63147936376e85e068c7b63373d4e930c3fe58/prov/src/main/jdk1.3/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java#L47), it looks like it is only throwing an exception when TrailerField is not 1.

Is this a bug?

Thanks in Advance.

--
Twitter: @neilsikka


Loading...