JCE: add RSA exponent sanitization in KeyPairGenerator

cconlon · cconlon · commit 68516357a640 · 2025-09-09T15:19:43.000-06:00
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyPairGenerator.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyPairGenerator.java
@@ -156,8 +156,13 @@ public synchronized void initialize(AlgorithmParameterSpec params,
                 RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec)params;
                 this.keysize = rsaSpec.getKeysize();
 
-                this.publicExponent =
-                    rsaSpec.getPublicExponent().longValue();
+                /* Exponent should be larger than 1 and odd */
+                long exp = rsaSpec.getPublicExponent().longValue();
+                if ((exp <= 1) || (exp % 2 == 0)) {
+                    throw new InvalidAlgorithmParameterException(
+                        "RSA public exponent must be positive and odd" );
+                }
+                this.publicExponent = exp;
 
                 /* Double check longValue() converted correctly. Some platforms
                  * do not have longValueExact() */
diff --git a/src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyPairGeneratorTest.java b/src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyPairGeneratorTest.java
@@ -632,5 +632,59 @@ public void testKeyPairGeneratorRsassaPssKeyGeneration()
             }
         }
     }
+
+    @Test
+    public void testKeyPairGenerationInvalidExponent()
+        throws NoSuchProviderException, NoSuchAlgorithmException,
+               InvalidAlgorithmParameterException {
+
+        if (testedRSAKeySizes.size() > 0) {
+
+            KeyPairGenerator kpg =
+                KeyPairGenerator.getInstance("RSA", "wolfJCE");
+
+            /* Negative exponent */
+            try {
+                RSAKeyGenParameterSpec rsaSpec =
+                    new RSAKeyGenParameterSpec(testedRSAKeySizes.get(0),
+                            BigInteger.valueOf(-1));
+                kpg.initialize(rsaSpec);
+                fail("KeyPairGenerator.initialize() should throw " +
+                     "InvalidAlgorithmParameterException when given " +
+                     "invalid negative RSA public exponent");
+
+            } catch (InvalidAlgorithmParameterException e) {
+                /* expected */
+            }
+
+            /* Zero exponent */
+            try {
+                RSAKeyGenParameterSpec rsaSpec =
+                    new RSAKeyGenParameterSpec(testedRSAKeySizes.get(0),
+                            BigInteger.valueOf(0));
+                kpg.initialize(rsaSpec);
+                fail("KeyPairGenerator.initialize() should throw " +
+                     "InvalidAlgorithmParameterException when given " +
+                     "invalid RSA public exponent of zero");
+
+            } catch (InvalidAlgorithmParameterException e) {
+                /* expected */
+            }
+
+            /* Even exponent */
+            try {
+                RSAKeyGenParameterSpec rsaSpec =
+                    new RSAKeyGenParameterSpec(testedRSAKeySizes.get(0),
+                            BigInteger.valueOf(4));
+                kpg.initialize(rsaSpec);
+                fail("KeyPairGenerator.initialize() should throw " +
+                     "InvalidAlgorithmParameterException when given " +
+                     "invalid even RSA public exponent");
+
+            } catch (InvalidAlgorithmParameterException e) {
+                /* expected */
+            }
+        }
+    }
 }
 
