Skip to main content

developerWorks >  Java technology  >  Forums  >  Java security  >  developerWorks

Code runs correctly with SUN JRE 1.6.0.16 but not with IBM Java60 Bug?    Point your RSS reader here for a feed of the latest messages in this thread


Tags for this thread: 

     
 
 
My developerWorks
 Welcome, Guest
Sign in or register
This question is not answered.

Reply to this Thread Reply to this Thread Post New Thread Post New Thread Watch list Watch list Forum settings Forum settings Help Help
Permlink Replies: 1 - Pages: 1 - Last Post: Nov 11, 2009 7:26 AM Last Post By: CampbellAllan
jan_desy

Posts: 1
Registered: Sep 10, 2009 11:02:06 AM
Code runs correctly with SUN JRE 1.6.0.16 but not with IBM Java60 Bug?
Posted: Sep 10, 2009 11:25:52 AM 		 
Click to report abuse...   Click to reply to this thread Reply
Attachment test.jar (1.0 MB)
Hello I am new here and have a problem concerning cryptography-provider.

Following coding runs perfectly well on SUNs JRE and not on the IBM implementation. Since we use PowerPCs on another Site we have to use the IBM version:

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;

class RSATest {
private static final byte[] testString = { 0x01, 0x02, 0x03, 0x04, 0x05,
0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
0x07, 0x08 };

public static void main(String[] args) throws NoSuchAlgorithmException {
/* Test generating and verifying a DSA signature */
try {
/* generate a key pair */
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024, new SecureRandom());
KeyPair pair = keyGen.generateKeyPair();

MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(testString);

PrivateKey priv = pair.getPrivate();

byte[] digest = md.digest();

Signature rsaSign = Signature.getInstance("RawRSA");
Signature rsaVerify = Signature.getInstance("RawRSA");

rsaSign.initSign(priv);
rsaSign.update(digest);
byte[] sig = rsaSign.sign();

PublicKey pub = pair.getPublic();

rsaVerify.initVerify(pub);
rsaVerify.update(digest);
boolean verifies = rsaVerify.verify(sig);

if (verifies)
System.out.println("Verifies with our implementation");
else
System.out.println("Failed our verify. (WRONG!)");

rsaVerify = Signature.getInstance("RawRSA");
digest[0]++;
rsaVerify.initVerify(pub);
rsaVerify.update(digest);
verifies = rsaVerify.verify(sig);

if (verifies)
System.out.println("Bad signature verifies (WRONG!)");
else
System.out.println("Bad signature doesn't verify (OK)");

} catch (Exception e) {
System.err.println("Caught exception " + e.toString());
e.printStackTrace(System.out);
}
}
}

the java.security File contains the following entries for SUN:
security.provider.1=cryptix.provider.Cryptix
security.provider.2=COM.claymoresystems.provider.ClaymoreProvider

For IBM its:
security.provider.1=cryptix.provider.Cryptix
security.provider.2=COM.claymoresystems.provider.ClaymoreProvider
security.provider.3=com.ibm.crypto.provider.IBMJCE
the third one is needed to let the KeyPair be generated properly in the IBM Version. No clue why...

zitpcx6053 ~ $ ~/tmp/ibm-java-i386-60/jre/bin/java -jar test.jar
Caught exception java.security.SignatureException: RawRSAPKCS#1: Not initialized
java.security.SignatureException: RawRSAPKCS#1: Not initialized
at COM.claymoresystems.provider.RSASignature.engineUpdate(RSASignature.java:152)
at java.security.Signature$SignatureImpl.engineUpdate(Signature.java:469)
at java.security.Signature.update(Signature.java:325)
at RSATest.main(RSATest.java:36)
zitpcx6053 ~ $ java -jar test.jar
Verifies with our implementation
Bad signature doesn't verify (OK)
zitpcx6053 ~ $

The used provider-libraries are:
puretls.jar
cryptix32.jar
cryptix-asn1.jar

I did my testing on a Linux machine (SL5), but similar Problem occurs on the PowerPC.

If annyone can help -- please do so :)

Regards,
Jan
CampbellAllan

Posts: 1
Registered: Jul 15, 2005 09:06:18 AM
Re: Code runs correctly with SUN JRE 1.6.0.16 but not with IBM Java60 Bug?
Posted: Nov 11, 2009 07:26:31 AM   in response to: jan_desy in response to: jan_desy's post 		 
Click to report abuse...   Click to reply to this thread Reply
I had a similar problem when upgrading and tried a few things to fix it. The problem is to do with the java.security.Signature class in the IBM JRE using a delegation model to wrap the real signature implementation. It seems sensible initially as the wrapper class can take care of checking if the appropriate init method has been called before update() is called. The problem comes when the real signature implementation also makes the same check as only the wrapper class has the correct state set.

Initially I tried to bypass the wrapping of the signature by using similar code to the IBM implementation of Signature.getInstance() but that uses a third party library that isn't available on Sun JRE's and I need it to work there as well. In the end I chose to construct the class directly, e.g. new SHA1_RSA_PKCS1Signature() but I think it would also work if you were to update the source in cryptix to set the state when initSign or initVerify is called.

Hope that helps.
Pages: 1
Go Back Back to Thread List
 Tags
Help

Use the search field to find all types of content in My developerWorks with that tag.

Use the slider bar to see more or fewer tags.

Popular tags shows the top tags for this particular type of content or application that you're viewing.

My tags shows your tags for this particular type of content or application that you're viewing.

 
MoreLess 

Update your My developerWorks profile and start connecting with others.

Point your RSS reader here for a feed of the latest messages in all forums