Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SignatureTests: ignore SunMSCAPI EC algorithms missing KeyPairGenerator #37

Merged
merged 1 commit into from
Feb 17, 2023
Merged

SignatureTests: ignore SunMSCAPI EC algorithms missing KeyPairGenerator #37

merged 1 commit into from
Feb 17, 2023

Conversation

zzambers
Copy link
Collaborator

Problem:
SunMSCAPI provider does not have KeyPairGenerators for EC keys [1] (and does not accept keys generated by generators from other providers).

 java.lang.Exception: 141)	SunMSCAPI: 	SHA224withECDSA~SHA224withECDSA	 (Signature)
	at cryptotest.utils.AlgorithmTest.mainLoop(AlgorithmTest.java:85)
	at cryptotest.utils.AlgorithmTest.doTest(AlgorithmTest.java:58)
	at cryptotest.CryptoTest.main(CryptoTest.java:128)
Caused by: cryptotest.utils.AlgorithmRunException: java.security.InvalidKeyException: Key type not supported: class sun.security.ec.ECPrivateKeyImpl EC
	at cryptotest.tests.SignatureTests.checkAlgorithm(SignatureTests.java:156)
	at cryptotest.utils.AlgorithmTest.mainLoop(AlgorithmTest.java:79)
	... 2 more
Caused by: java.security.InvalidKeyException: Key type not supported: class sun.security.ec.ECPrivateKeyImpl EC
	at jdk.crypto.mscapi/sun.security.mscapi.CSignature$ECDSA.engineInitSign(CSignature.java:442)
	at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1370)
	at java.base/java.security.Signature.initSign(Signature.java:635)
	at cryptotest.tests.SignatureTests.checkAlgorithm(SignatureTests.java:134)
	... 3 more

Fix:
Ignore Signature algorithms, where we don't have generators.

[1] https://github.com/openjdk/jdk/blob/master/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/CKeyPairGenerator.java

@zzambers zzambers mentioned this pull request Feb 16, 2023
Open
@judovana
Copy link
Collaborator

weird. Do you know how to generate key pair for it?

@zzambers
Copy link
Collaborator Author

zzambers commented Feb 17, 2023
edited
Loading

Well, I don't think it is currently possible to create compatible EC key from java. CSignature class from SunMSCAPI requires EC key to be instance of CPrivateKey. That in turn is some kind of handle to native key in MS API. There is no KeyPairGenerator for EC and SunMSCAPI does not implement KeyFactory to convert from java-side keys.

I think it could be possible to sign with EC keys present in Windows keystore, if put there by other means. I see no way create them from java.

@judovana
Copy link
Collaborator

fair enough., ty!

@judovana judovana merged commit 09e8c5c into rh-openjdk:master Feb 17, 2023
@pshipton pshipton mentioned this pull request Mar 13, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zzambers @judovana