1 /*
2 * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 4856966
27 * @summary basic test of SHA1withDSA and RawDSA signing/verifying
28 * @author Andreas Sterbenz
29 * @library /test/lib ..
30 * @key randomness
31 * @modules jdk.crypto.cryptoki
32 * @run main/othervm TestDSA
33 * @run main/othervm TestDSA sm
34 */
35
36 import java.io.ByteArrayOutputStream;
37 import java.io.IOException;
38 import java.io.StringReader;
39 import java.math.BigInteger;
40 import java.security.KeyFactory;
41 import java.security.MessageDigest;
42 import java.security.PrivateKey;
43 import java.security.Provider;
44 import java.security.PublicKey;
45 import java.security.Signature;
46 import java.security.SignatureException;
47 import java.security.spec.DSAPrivateKeySpec;
48 import java.security.spec.DSAPublicKeySpec;
49 import java.util.Random;
50
51 public class TestDSA extends PKCS11Test {
52
53 // values of the keys we use for the tests
54
55 private final static String ps =
56 "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669" +
57 "455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7" +
58 "6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb" +
59 "83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7";
60
61 private final static String qs =
62 "9760508f15230bccb292b982a2eb840bf0581cf5";
63
64 private final static String gs =
65 "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d078267" +
66 "5159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e1" +
67 "3c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243b" +
68 "cca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a";
69
70 private final static String xs =
71 "2952afd9aef9527f9b40d23c8916f7d046028f9d";
72
73 private final static String ys =
74 "b16ddb0f9394c328c983ecf23b20014ace368a1af5728dffbf1162de9ed8ebf6" +
75 "384f323930e091503035caa797e3674221fc16136240b5474799ede2b7b11313" +
76 "7574a9c26bcf900940027b4bcd511ef1d1daf2e69c416aebaf3bdf39f02473b9" +
77 "d963f99414c09d97bb0830d9fbdcf7bb9dad8a2179fcdf296838c4cfab8f4d8f";
78
79 private final static BigInteger p = new BigInteger(ps, 16);
80 private final static BigInteger q = new BigInteger(qs, 16);
81 private final static BigInteger g = new BigInteger(gs, 16);
82 private final static BigInteger x = new BigInteger(xs, 16);
83 private final static BigInteger y = new BigInteger(ys, 16);
84
85 // data for test 1, original and SHA-1 hashed
86 private final static byte[] data1Raw = b("0102030405060708090a0b0c0d0e0f10111213");
87 private final static byte[] data1SHA = b("00:e2:5f:c9:1c:8f:d6:8c:6a:dc:c6:bd:f0:46:60:5e:a2:cd:8d:ad");
88
89 // valid signatures of data1. sig1b uses incorrect ASN.1 encoding,
90 // which we want to accept anyway for compatibility
91 private final static byte[] sig1a = b("30:2d:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:15:00:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13");
92 private final static byte[] sig1b = b("30:2c:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:14:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13");
93
94 // data for test 2 (invalid signatures)
95 private final static byte[] data2Raw = {};
96 private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09");
97
98 private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception {
99 Signature s = Signature.getInstance(alg, provider);
100 s.initVerify(key);
101 boolean r;
102 s.update(data);
103 r = s.verify(sig);
104 if (r != result) {
105 throw new Exception("Result mismatch, actual: " + r);
106 }
107 s.update(data);
108 r = s.verify(sig);
109 if (r != result) {
110 throw new Exception("Result mismatch, actual: " + r);
111 }
112 System.out.println("Passed");
113 }
114
115 public static void main(String[] args) throws Exception {
116 main(new TestDSA(), args);
117 }
118
119 @Override
120 public void main(Provider provider) throws Exception {
121 long start = System.currentTimeMillis();
122
123 System.out.println("Testing provider " + provider + "...");
124
125 /*
126 * Use Solaris SPARC 11.2 or later to avoid an intermittent failure
127 * when running SunPKCS11-Solaris (8044554)
128 */
129 if (provider.getName().equals("SunPKCS11-Solaris") &&
130 props.getProperty("os.name").equals("SunOS") &&
131 props.getProperty("os.arch").equals("sparcv9") &&
132 props.getProperty("os.version").compareTo("5.11") <= 0 &&
133 getDistro().compareTo("11.2") < 0) {
134
135 System.out.println("SunPKCS11-Solaris provider requires " +
136 "Solaris SPARC 11.2 or later, skipping");
137 return;
138 }
139
140 if (provider.getService("Signature", "SHA1withDSA") == null) {
141 System.out.println("DSA not supported, skipping");
142 return;
143 }
144
145 KeyFactory kf = KeyFactory.getInstance("DSA", provider);
146 DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec(x, p, q, g);
147 DSAPublicKeySpec pubSpec = new DSAPublicKeySpec(y, p, q, g);
148 PrivateKey privateKey = kf.generatePrivate(privSpec);
149 PublicKey publicKey = kf.generatePublic(pubSpec);
150
151 // verify known-good and known-bad signatures using SHA1withDSA and RawDSA
152 verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1a, true);
153 verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1b, true);
154 verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1a, false);
155 verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1b, false);
156
157 verify(provider, "RawDSA", publicKey, data1SHA, sig1a, true);
158 verify(provider, "RawDSA", publicKey, data1SHA, sig1b, true);
159 verify(provider, "RawDSA", publicKey, data2SHA, sig1a, false);
160 verify(provider, "RawDSA", publicKey, data2SHA, sig1b, false);
161
162 testSigning(provider, privateKey, publicKey);
163
164 long stop = System.currentTimeMillis();
165 System.out.println("All tests passed (" + (stop - start) + " ms).");
166 }
167
168 private void testSigning(Provider provider, PrivateKey privateKey,
169 PublicKey publicKey) throws Exception {
170 byte[] data = new byte[2048];
171 new Random().nextBytes(data);
172
173 // sign random data using SHA1withDSA and verify using
174 // SHA1withDSA and RawDSA
175 Signature s = Signature.getInstance("SHA1withDSA", provider);
176 s.initSign(privateKey);
177 s.update(data);
178 byte[] s1 = s.sign();
179
180 s.initVerify(publicKey);
181 s.update(data);
182 if (!s.verify(s1)) {
183 throw new Exception("Sign/verify 1 failed");
184 }
185
186 s = Signature.getInstance("RawDSA", provider);
187 MessageDigest md = MessageDigest.getInstance("SHA-1");
188 byte[] digest = md.digest(data);
189 s.initVerify(publicKey);
190 s.update(digest);
191 if (!s.verify(s1)) {
192 throw new Exception("Sign/verify 2 failed");
193 }
194
195 // sign random data using RawDSA and verify using
196 // SHA1withDSA and RawDSA
197 s.initSign(privateKey);
198 s.update(digest);
199 byte[] s2 = s.sign();
200
201 s.initVerify(publicKey);
202 s.update(digest);
203 if (!s.verify(s2)) {
204 throw new Exception("Sign/verify 3 failed");
205 }
206
207 s = Signature.getInstance("SHA1withDSA", provider);
208 s.initVerify(publicKey);
209 s.update(data);
210 if (!s.verify(s2)) {
211 throw new Exception("Sign/verify 4 failed");
212 }
213
214 // test behavior if data of incorrect length is passed
215 s = Signature.getInstance("RawDSA", provider);
216 s.initSign(privateKey);
217 s.update(new byte[8]);
218 s.update(new byte[64]);
219 try {
220 s.sign();
221 throw new Exception("No error RawDSA signing long data");
222 } catch (SignatureException e) {
223 // expected
224 }
225 }
226
227 private final static char[] hexDigits = "0123456789abcdef".toCharArray();
228
229 public static String toString(byte[] b) {
230 StringBuffer sb = new StringBuffer(b.length * 3);
231 for (int i = 0; i < b.length; i++) {
232 int k = b[i] & 0xff;
233 if (i != 0) {
234 sb.append(':');
235 }
236 sb.append(hexDigits[k >>> 4]);
237 sb.append(hexDigits[k & 0xf]);
238 }
239 return sb.toString();
240 }
241
242 public static byte[] parse(String s) {
243 try {
244 int n = s.length();
245 ByteArrayOutputStream out = new ByteArrayOutputStream(n / 3);
246 StringReader r = new StringReader(s);
247 while (true) {
248 int b1 = nextNibble(r);
249 if (b1 < 0) {
250 break;
251 }
252 int b2 = nextNibble(r);
253 if (b2 < 0) {
254 throw new RuntimeException("Invalid string " + s);
255 }
256 int b = (b1 << 4) | b2;
257 out.write(b);
258 }
259 return out.toByteArray();
260 } catch (IOException e) {
261 throw new RuntimeException(e);
262 }
263 }
264
265 public static byte[] b(String s) {
266 return parse(s);
267 }
268
269 private static int nextNibble(StringReader r) throws IOException {
270 while (true) {
271 int ch = r.read();
272 if (ch == -1) {
273 return -1;
274 } else if ((ch >= '0') && (ch <= '9')) {
275 return ch - '0';
276 } else if ((ch >= 'a') && (ch <= 'f')) {
277 return ch - 'a' + 10;
278 } else if ((ch >= 'A') && (ch <= 'F')) {
279 return ch - 'A' + 10;
280 }
281 }
282 }
283
284 }