1/* 2 * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/* 25 * @test 26 * @bug 4856966 27 * @summary basic test of SHA1withDSA and RawDSA signing/verifying 28 * @author Andreas Sterbenz 29 * @library .. 30 * @key randomness 31 * @modules jdk.crypto.cryptoki 32 * @run main/othervm TestDSA 33 * @run main/othervm TestDSA sm 34 */ 35 36import java.io.ByteArrayOutputStream; 37import java.io.IOException; 38import java.io.StringReader; 39import java.math.BigInteger; 40import java.security.KeyFactory; 41import java.security.MessageDigest; 42import java.security.PrivateKey; 43import java.security.Provider; 44import java.security.PublicKey; 45import java.security.Signature; 46import java.security.SignatureException; 47import java.security.spec.DSAPrivateKeySpec; 48import java.security.spec.DSAPublicKeySpec; 49import java.util.Random; 50 51public class TestDSA extends PKCS11Test { 52 53 // values of the keys we use for the tests 54 55 private final static String ps = 56 "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669" + 57 "455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7" + 58 "6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb" + 59 "83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"; 60 61 private final static String qs = 62 "9760508f15230bccb292b982a2eb840bf0581cf5"; 63 64 private final static String gs = 65 "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d078267" + 66 "5159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e1" + 67 "3c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243b" + 68 "cca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"; 69 70 private final static String xs = 71 "2952afd9aef9527f9b40d23c8916f7d046028f9d"; 72 73 private final static String ys = 74 "b16ddb0f9394c328c983ecf23b20014ace368a1af5728dffbf1162de9ed8ebf6" + 75 "384f323930e091503035caa797e3674221fc16136240b5474799ede2b7b11313" + 76 "7574a9c26bcf900940027b4bcd511ef1d1daf2e69c416aebaf3bdf39f02473b9" + 77 "d963f99414c09d97bb0830d9fbdcf7bb9dad8a2179fcdf296838c4cfab8f4d8f"; 78 79 private final static BigInteger p = new BigInteger(ps, 16); 80 private final static BigInteger q = new BigInteger(qs, 16); 81 private final static BigInteger g = new BigInteger(gs, 16); 82 private final static BigInteger x = new BigInteger(xs, 16); 83 private final static BigInteger y = new BigInteger(ys, 16); 84 85 // data for test 1, original and SHA-1 hashed 86 private final static byte[] data1Raw = b("0102030405060708090a0b0c0d0e0f10111213"); 87 private final static byte[] data1SHA = b("00:e2:5f:c9:1c:8f:d6:8c:6a:dc:c6:bd:f0:46:60:5e:a2:cd:8d:ad"); 88 89 // valid signatures of data1. sig1b uses incorrect ASN.1 encoding, 90 // which we want to accept anyway for compatibility 91 private final static byte[] sig1a = b("30:2d:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:15:00:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13"); 92 private final static byte[] sig1b = b("30:2c:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:14:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13"); 93 94 // data for test 2 (invalid signatures) 95 private final static byte[] data2Raw = {}; 96 private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09"); 97 98 private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception { 99 Signature s = Signature.getInstance(alg, provider); 100 s.initVerify(key); 101 boolean r; 102 s.update(data); 103 r = s.verify(sig); 104 if (r != result) { 105 throw new Exception("Result mismatch, actual: " + r); 106 } 107 s.update(data); 108 r = s.verify(sig); 109 if (r != result) { 110 throw new Exception("Result mismatch, actual: " + r); 111 } 112 System.out.println("Passed"); 113 } 114 115 public static void main(String[] args) throws Exception { 116 main(new TestDSA(), args); 117 } 118 119 @Override 120 public void main(Provider provider) throws Exception { 121 long start = System.currentTimeMillis(); 122 123 System.out.println("Testing provider " + provider + "..."); 124 125 /* 126 * Use Solaris SPARC 11.2 or later to avoid an intermittent failure 127 * when running SunPKCS11-Solaris (8044554) 128 */ 129 if (provider.getName().equals("SunPKCS11-Solaris") && 130 props.getProperty("os.name").equals("SunOS") && 131 props.getProperty("os.arch").equals("sparcv9") && 132 props.getProperty("os.version").compareTo("5.11") <= 0 && 133 getDistro().compareTo("11.2") < 0) { 134 135 System.out.println("SunPKCS11-Solaris provider requires " + 136 "Solaris SPARC 11.2 or later, skipping"); 137 return; 138 } 139 140 if (provider.getService("Signature", "SHA1withDSA") == null) { 141 System.out.println("DSA not supported, skipping"); 142 return; 143 } 144 145 KeyFactory kf = KeyFactory.getInstance("DSA", provider); 146 DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec(x, p, q, g); 147 DSAPublicKeySpec pubSpec = new DSAPublicKeySpec(y, p, q, g); 148 PrivateKey privateKey = kf.generatePrivate(privSpec); 149 PublicKey publicKey = kf.generatePublic(pubSpec); 150 151 // verify known-good and known-bad signatures using SHA1withDSA and RawDSA 152 verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1a, true); 153 verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1b, true); 154 verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1a, false); 155 verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1b, false); 156 157 verify(provider, "RawDSA", publicKey, data1SHA, sig1a, true); 158 verify(provider, "RawDSA", publicKey, data1SHA, sig1b, true); 159 verify(provider, "RawDSA", publicKey, data2SHA, sig1a, false); 160 verify(provider, "RawDSA", publicKey, data2SHA, sig1b, false); 161 162 testSigning(provider, privateKey, publicKey); 163 164 long stop = System.currentTimeMillis(); 165 System.out.println("All tests passed (" + (stop - start) + " ms)."); 166 } 167 168 private void testSigning(Provider provider, PrivateKey privateKey, 169 PublicKey publicKey) throws Exception { 170 byte[] data = new byte[2048]; 171 new Random().nextBytes(data); 172 173 // sign random data using SHA1withDSA and verify using 174 // SHA1withDSA and RawDSA 175 Signature s = Signature.getInstance("SHA1withDSA", provider); 176 s.initSign(privateKey); 177 s.update(data); 178 byte[] s1 = s.sign(); 179 180 s.initVerify(publicKey); 181 s.update(data); 182 if (!s.verify(s1)) { 183 throw new Exception("Sign/verify 1 failed"); 184 } 185 186 s = Signature.getInstance("RawDSA", provider); 187 MessageDigest md = MessageDigest.getInstance("SHA-1"); 188 byte[] digest = md.digest(data); 189 s.initVerify(publicKey); 190 s.update(digest); 191 if (!s.verify(s1)) { 192 throw new Exception("Sign/verify 2 failed"); 193 } 194 195 // sign random data using RawDSA and verify using 196 // SHA1withDSA and RawDSA 197 s.initSign(privateKey); 198 s.update(digest); 199 byte[] s2 = s.sign(); 200 201 s.initVerify(publicKey); 202 s.update(digest); 203 if (!s.verify(s2)) { 204 throw new Exception("Sign/verify 3 failed"); 205 } 206 207 s = Signature.getInstance("SHA1withDSA", provider); 208 s.initVerify(publicKey); 209 s.update(data); 210 if (!s.verify(s2)) { 211 throw new Exception("Sign/verify 4 failed"); 212 } 213 214 // test behavior if data of incorrect length is passed 215 s = Signature.getInstance("RawDSA", provider); 216 s.initSign(privateKey); 217 s.update(new byte[8]); 218 s.update(new byte[64]); 219 try { 220 s.sign(); 221 throw new Exception("No error RawDSA signing long data"); 222 } catch (SignatureException e) { 223 // expected 224 } 225 } 226 227 private final static char[] hexDigits = "0123456789abcdef".toCharArray(); 228 229 public static String toString(byte[] b) { 230 StringBuffer sb = new StringBuffer(b.length * 3); 231 for (int i = 0; i < b.length; i++) { 232 int k = b[i] & 0xff; 233 if (i != 0) { 234 sb.append(':'); 235 } 236 sb.append(hexDigits[k >>> 4]); 237 sb.append(hexDigits[k & 0xf]); 238 } 239 return sb.toString(); 240 } 241 242 public static byte[] parse(String s) { 243 try { 244 int n = s.length(); 245 ByteArrayOutputStream out = new ByteArrayOutputStream(n / 3); 246 StringReader r = new StringReader(s); 247 while (true) { 248 int b1 = nextNibble(r); 249 if (b1 < 0) { 250 break; 251 } 252 int b2 = nextNibble(r); 253 if (b2 < 0) { 254 throw new RuntimeException("Invalid string " + s); 255 } 256 int b = (b1 << 4) | b2; 257 out.write(b); 258 } 259 return out.toByteArray(); 260 } catch (IOException e) { 261 throw new RuntimeException(e); 262 } 263 } 264 265 public static byte[] b(String s) { 266 return parse(s); 267 } 268 269 private static int nextNibble(StringReader r) throws IOException { 270 while (true) { 271 int ch = r.read(); 272 if (ch == -1) { 273 return -1; 274 } else if ((ch >= '0') && (ch <= '9')) { 275 return ch - '0'; 276 } else if ((ch >= 'a') && (ch <= 'f')) { 277 return ch - 'a' + 10; 278 } else if ((ch >= 'A') && (ch <= 'F')) { 279 return ch - 'A' + 10; 280 } 281 } 282 } 283 284} 285