org.bouncycastle.crypto.fips.FipsOperationError: Module checksum failed: entry

Question

I have a sample code in which I am just decrypting data with a public key and I am getting org.bouncycastle.crypto.fips.FipsOperationError: Module checksum failed: entry error

It is throwing an exception when I am trying to create an instance of Cipher.

private static boolean checkHashPadding(PublicKey key, byte[]
        signature) {

    if (key.getAlgorithm().equalsIgnoreCase("RSA")) {
        try {
            // Unencrypt the data to get the hash (as in PKCS#1 format)
            Cipher c = Cipher.getInstance("RSA/NONE/PKCS1Padding", new
                    BouncyCastleFipsProvider()); // -- IT is Failing here
            c.init(Cipher.DECRYPT_MODE, key);
            byte[] hashDER = c.doFinal(signature);
            System.out.println(hashDER);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }
    return true;
}

public static void main(String s[]){

    byte[] signature = {
            41, 9, 86, 109, -67, 82, -61, -60, -1, -46, 26, 65, 20, -112, 23, -16, -25, 115, 21, 39, -49,
            11, -98, 44, 96, -51, 24, -97, -38, -72, 27, -119, 16, -43, 38, -49, -116, 3, 62, 12, -7, 102, 67, -37,
            -128, -10, 3, 122, -22, -2, -58, 97, 104, 74, 76, -45, 19, 50, 34, 33, -74, 54, 44, -60, 23, -109, -6,
            -3, -31, -98, -58, 12, -94, -72, -15, -72, 22, 88, -54, 5, 122, -29, -27, -74, 47, -127, 26, 120, 64,
            59, 53, -82, -97, -80, -66, 48, -16, 26, 17, 60, 104, 78, -91, 2, 78, 33, -18, -60, 30, -118, -51, 29,
            0, -48, 87, -112, 23, 70, 127, -80, 116, -93, -1, 51, -56, -110, 86, -68
    };

    byte[] signatureBytes = {48, -126, 4, 6, 6, 9, 42, -122, 72, -122, -9, 13, 1, 7, 2, -96, -126, 3, -9, 48, -126, 3, -13, 2, 1, 1, 49, 15, 48, 13, 6, 9, 96,
            -122, 72, 1, 101, 3, 4, 2, 1, 5, 0, 48, 11, 6, 9, 42, -122, 72, -122, -9, 13, 1, 7, 1, -96, -126, 2, -116, 48, -126, 2, -120, 48, -126, 1, -15, 2,
            4, 68, 42, 24, 78, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4, 5, 0, 48, -127, -118, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 11,
            48, 9, 6, 3, 85, 4, 8, 19, 2, 67, 65, 49, 17, 48, 15, 6, 3, 85, 4, 7, 19, 8, 83, 97, 110, 32, 74, 111, 115, 101, 49, 28, 48, 26, 6, 3, 85, 4, 10,
            19, 19, 65, 100, 111, 98, 101, 32, 83, 121, 115, 116, 101, 109, 115, 44, 32, 73, 110, 99, 46, 49, 17, 48, 15, 6, 3, 85, 4, 11, 19, 8, 67, 111, 114,
            101, 74, 97, 118, 97, 49, 42, 48, 40, 6, 3, 85, 4, 3, 19, 33, 74, 111, 101, 32, 67, 111, 111, 108, 32, 40, 83, 101, 108, 102, 83, 105, 103, 110, 101,
            100, 45, 49, 48, 50, 52, 66, 105, 116, 45, 82, 83, 65, 41, 48, 30, 23, 13, 48, 54, 48, 51, 50, 57, 48, 53, 49, 55, 48, 50, 90, 23, 13, 49, 54, 48,
            51, 50, 54, 48, 53, 49, 55, 48, 50, 90, 48, -127, -118, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 11, 48, 9, 6, 3, 85, 4, 8, 19, 2, 67, 65,
            49, 17, 48, 15, 6, 3, 85, 4, 7, 19, 8, 83, 97, 110, 32, 74, 111, 115, 101, 49, 28, 48, 26, 6, 3, 85, 4, 10, 19, 19, 65, 100, 111, 98, 101, 32, 83,
            121, 115, 116, 101, 109, 115, 44, 32, 73, 110, 99, 46, 49, 17, 48, 15, 6, 3, 85, 4, 11, 19, 8, 67, 111, 114, 101, 74, 97, 118, 97, 49, 42, 48, 40,
            6, 3, 85, 4, 3, 19, 33, 74, 111, 101, 32, 67, 111, 111, 108, 32, 40, 83, 101, 108, 102, 83, 105, 103, 110, 101, 100, 45, 49, 48, 50, 52, 66, 105,
            116, 45, 82, 83, 65, 41, 48, -127, -97, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -127, -115, 0, 48, -127, -119, 2, -127, -127, 0,
            -48, -82, 98, -106, -36, -91, -33, -39, 37, 83, -27, 66, -78, -31, -67, 18, 60, -108, -121, -41, 10, -70, 104, -98, -54, -93, 110, 46, 64, -10, -86,
            28, -29, 127, 4, -66, -24, 54, 38, 119, -93, 127, 107, 80, 6, 23, 115, 76, 0, 103, -127, 39, 98, -69, -36, -47, -89, -97, 73, -69, -83, 96, 68, 20, 67, 64, -39, -57, -124, 92, -77, 33, 47, 46, -4, -36, 123, 92, -117, 57, -38, -108, -16, -112, -19, 106, 87, -90, -49, -60, 18, -61, 80, 66, 78, 102, -121, -37, 31, 42, -51, 113, 24, 123, 50, 8, 41, 101, -53, 48, 89, 28, 61, 64, 104, -73, 110, -10, 125, 6, 94, -126, 101, -50, -73, 66, -119, 13, 2, 3, 1, 0, 1, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4, 5, 0, 3, -127, -127, 0, 19, 25, -55, -23, 18, -13, -64, -9, -75, 74, -106, 78, -55, 23, -29, 18, -3, -37, 30, 77, -4, -13, -120, -1, -103, 34, -12, 65, 69, 7, 94, -124, 104, 90, -4, -86, -27, 0, 16, 97, 104, 116, 118, 117, -99, 78, 75, 23, 58, -121, 66, -72, -6, -16, -21, -8, 2, -44, 22, -9, -54, 100, 104, 14, 125, 96, 37, 98, 82, -123, 109, 47, -14, -35, 114, 27, -65, 11, 28, -77, -90, 40, -112, -13, 99, 44, 125, 99, -23, -17, -77, 58, 20, 21, -98, -78, 39, -120, -103, 119, -24, 8, 123, 69, 26, -107, 65, 98, 100, 0, 20, 79, -119, 93, 29, 68, 95, 102, 19, 112, -89, 122, -47, 95, -35, -61, 35, -119, 49, -126, 1, 62, 48, -126, 1, 58, 2, 1, 1, 48, -127, -109, 48, -127, -118, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 11, 48, 9, 6, 3, 85, 4, 8, 19, 2, 67, 65, 49, 17, 48, 15, 6, 3, 85, 4, 7, 19, 8, 83, 97, 110, 32, 74, 111, 115, 101, 49, 28, 48, 26, 6, 3, 85, 4, 10, 19, 19, 65, 100, 111, 98, 101, 32, 83, 121, 115, 116, 101, 109, 115, 44, 32, 73, 110, 99, 46, 49, 17, 48, 15, 6, 3, 85, 4, 11, 19, 8, 67, 111, 114, 101, 74, 97, 118, 97, 49, 42, 48, 40, 6, 3, 85, 4, 3, 19, 33, 74, 111, 101, 32, 67, 111, 111, 108, 32, 40, 83, 101, 108, 102, 83, 105, 103, 110, 101, 100, 45, 49, 48, 50, 52, 66, 105, 116, 45, 82, 83, 65, 41, 2, 4, 68, 42, 24, 78, 48, 13, 6, 9, 96, -122, 72, 1, 101, 3, 4, 2, 1, 5, 0, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 4, -127, -128, 41, 9, 86, 109, -67, 82, -61, -60, -1, -46, 26, 65, 20, -112, 23, -16, -25, 115, 21, 39, -49, 11, -98, 5, 96, -51, 24, -97, -38, -72, 27, -119, 16, -43, 38, -49, -116, 3, 62, 12, -7, 102, 67, -37, -128, -10, 3, 122, -22, -2, -58, 97, 104, 74, 76, -45, 19, 50, 34, 33, -74, 54, 44, -60, 23, -109, -6, -3, -31, -98, -58, 12, -94, -72, -15, -72, 22, 88, -54, 5, 122, -29, -27, -74, 47, -127, 26, 120, 64, 59, 53, -82, -97, -80, -66, 48, -16, 26, 17, 60, 104, 78, -91, 2, 78, 33, -18, -60, 30, -118, -51, 29, 0, -48, 87, -112, 23, 70, 127, -80, 116, -93, -1, 51, -56, -110, 86, -68};

    InputStream signatureStream = null;
    signatureStream = new ByteArrayInputStream(signatureBytes, 0,signatureBytes.length);
    CMSSignedData signedData = new CMSSignedData(signatureStream);
    JcaCertStoreBuilder storeBuilder = new JcaCertStoreBuilder();
    storeBuilder.addCertificates(signedData.getCertificates());
    storeBuilder.addCRLs(signedData.getCRLs());
    CertStore certStore = storeBuilder.build();
    SignerInformationStore signers = signedData.getSignerInfos();
    Iterator it = signers.getSigners().iterator();
    SignerInformation signer = (SignerInformation) it.next();
    SignerId signer_id = signer.getSID();
    JcaX509CertSelectorConverter conv = new JcaX509CertSelectorConverter();
    X509CertificateHolderSelector sel = new X509CertificateHolderSelector(signer_id.getIssuer(),
            signer_id.getSerialNumber());
    X509CertSelector signerConstraints = conv.getCertSelector(sel);

    X509Certificate cert = (X509Certificate) certStore.getCertificates(signerConstraints).iterator().next();
    PublicKey key = cert.getPublicKey();

    checkHashPadding(key, signature);
}

stack trace:

Exception in thread "main" org.bouncycastle.crypto.fips.FipsOperationError: Module checksum failed: entry
    at org.bouncycastle.crypto.fips.FipsStatus.checksumValidate(Unknown Source)
    at org.bouncycastle.crypto.fips.FipsStatus.isReady(Unknown Source)
    at org.bouncycastle.crypto.CryptoServicesRegistrar.getDefaultMode(Unknown Source)
    at org.bouncycastle.crypto.CryptoServicesRegistrar.<clinit>(Unknown Source)
    at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init> (Unknown Source)
    at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init> (Unknown Source)
    at org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider.<init> (Unknown Source)
    at ...    
Caused by: java.lang.NullPointerException: entry
    at java.util.zip.ZipFile.getInputStream(ZipFile.java:342)
    at java.util.jar.JarFile.getInputStream(JarFile.java:412)
    ... 9 more

Answer 1

For users of eclipse, use the "package required libraries" rather than the default "extract required libraries" option when generating a jar file. For Intellij users, use the non-default "copy to the output directory".

I prefer eclipse in this regard as it packages the libraries within the target jar archive meaning the result is more portable.

Answer 2

The exception is thrown:

1. When BC FIPS jar is corrupt as there is a method to calculate the checksum of jar and validate it with META-INF/HMAC.SHA256;

2. When it is used with some other jars for example, in my case I had bc-fips-source.jar. When I removed it from build path in eclipse my sample code started working.