Skip to content

RSASSA-PSS key pairs do not expose PSS params via RSAKey.getParams() #219

Description

@MarkAtwood

Summary

KeyPairGenerator for RSASSA-PSS ignores the AlgorithmParameterSpec embedded in RSAKeyGenParameterSpec.getKeyParams() (Java 11+). The generated public key's getParams() returns null instead of the PSS parameters the key was generated with.

Expected behavior (per Java spec)

java.security.interfaces.RSAKey.getParams() (Java 11+) should return the PSSParameterSpec for RSASSA-PSS keys. This is how a verifier obtains the correct hash algorithm and salt length from the key, avoiding the need for out-of-band parameter negotiation.

Impact

The following idiomatic verification pattern fails with wolfJCE:

verifier.initVerify(pub);
verifier.setParameter(pub.getParams());  // returns null → hash never initialized
verifier.update(msg);
verifier.verify(sig);  // throws "Parameters must be set before updating with RSASSA-PSS"

Additionally, Signature.initVerify(pub) cannot auto-initialize PSS parameters from the key, so callers must always call setParameter explicitly with externally-obtained params.

Fix

  • In WolfCryptKeyPairGenerator.initialize(), store RSAKeyGenParameterSpec.getKeyParams() when generating RSASSA-PSS keys.
  • Wrap the generated public key so getParams() returns the stored PSSParameterSpec.
  • In WolfCryptSignature.engineInitVerify(), if the padding is WC_RSA_PSS and the public key returns a PSSParameterSpec from getParams(), use it to initialize the digest automatically.

Discovered by

Wycheproof RsaPssTest.testSignVerifyWithParameters, testEncodeDecodePublic, testEncodeDecodePublicWithParameters.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions