1 /*
   2  * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 4856966
  27  * @summary basic test of SHA1withDSA and RawDSA signing/verifying
  28  * @author Andreas Sterbenz
  29  * @library /test/lib ..
  30  * @key randomness
  31  * @modules jdk.crypto.cryptoki
  32  * @run main/othervm TestDSA
  33  * @run main/othervm TestDSA sm
  34  */
  35 
  36 import java.io.ByteArrayOutputStream;
  37 import java.io.IOException;
  38 import java.io.StringReader;
  39 import java.math.BigInteger;
  40 import java.security.KeyFactory;
  41 import java.security.MessageDigest;
  42 import java.security.PrivateKey;
  43 import java.security.Provider;
  44 import java.security.PublicKey;
  45 import java.security.Signature;
  46 import java.security.SignatureException;
  47 import java.security.spec.DSAPrivateKeySpec;
  48 import java.security.spec.DSAPublicKeySpec;
  49 import java.util.Random;
  50 
  51 public class TestDSA extends PKCS11Test {
  52 
  53     // values of the keys we use for the tests
  54 
  55     private final static String ps =
  56         "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669" +
  57         "455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7" +
  58         "6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb" +
  59         "83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7";
  60 
  61     private final static String qs =
  62         "9760508f15230bccb292b982a2eb840bf0581cf5";
  63 
  64     private final static String gs =
  65         "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d078267" +
  66         "5159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e1" +
  67         "3c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243b" +
  68         "cca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a";
  69 
  70     private final static String xs =
  71         "2952afd9aef9527f9b40d23c8916f7d046028f9d";
  72 
  73     private final static String ys =
  74         "b16ddb0f9394c328c983ecf23b20014ace368a1af5728dffbf1162de9ed8ebf6" +
  75         "384f323930e091503035caa797e3674221fc16136240b5474799ede2b7b11313" +
  76         "7574a9c26bcf900940027b4bcd511ef1d1daf2e69c416aebaf3bdf39f02473b9" +
  77         "d963f99414c09d97bb0830d9fbdcf7bb9dad8a2179fcdf296838c4cfab8f4d8f";
  78 
  79     private final static BigInteger p = new BigInteger(ps, 16);
  80     private final static BigInteger q = new BigInteger(qs, 16);
  81     private final static BigInteger g = new BigInteger(gs, 16);
  82     private final static BigInteger x = new BigInteger(xs, 16);
  83     private final static BigInteger y = new BigInteger(ys, 16);
  84 
  85     // data for test 1, original and SHA-1 hashed
  86     private final static byte[] data1Raw = b("0102030405060708090a0b0c0d0e0f10111213");
  87     private final static byte[] data1SHA = b("00:e2:5f:c9:1c:8f:d6:8c:6a:dc:c6:bd:f0:46:60:5e:a2:cd:8d:ad");
  88 
  89     // valid signatures of data1. sig1b uses incorrect ASN.1 encoding,
  90     // which we want to accept anyway for compatibility
  91     private final static byte[] sig1a = b("30:2d:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:15:00:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13");
  92     private final static byte[] sig1b = b("30:2c:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:14:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13");
  93 
  94     // data for test 2 (invalid signatures)
  95     private final static byte[] data2Raw = {};
  96     private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09");
  97 
  98     private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception {
  99         Signature s = Signature.getInstance(alg, provider);
 100         s.initVerify(key);
 101         boolean r;
 102         s.update(data);
 103         r = s.verify(sig);
 104         if (r != result) {
 105             throw new Exception("Result mismatch, actual: " + r);
 106         }
 107         s.update(data);
 108         r = s.verify(sig);
 109         if (r != result) {
 110             throw new Exception("Result mismatch, actual: " + r);
 111         }
 112         System.out.println("Passed");
 113     }
 114 
 115     public static void main(String[] args) throws Exception {
 116         main(new TestDSA(), args);
 117     }
 118 
 119     @Override
 120     public void main(Provider provider) throws Exception {
 121         long start = System.currentTimeMillis();
 122 
 123         System.out.println("Testing provider " + provider + "...");
 124 
 125         if (provider.getService("Signature", "SHA1withDSA") == null) {
 126             System.out.println("DSA not supported, skipping");
 127             return;
 128         }
 129 
 130         KeyFactory kf = KeyFactory.getInstance("DSA", provider);
 131         DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec(x, p, q, g);
 132         DSAPublicKeySpec pubSpec = new DSAPublicKeySpec(y, p, q, g);
 133         PrivateKey privateKey = kf.generatePrivate(privSpec);
 134         PublicKey publicKey = kf.generatePublic(pubSpec);
 135 
 136         // verify known-good and known-bad signatures using SHA1withDSA and RawDSA
 137         verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1a, true);
 138         verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1b, true);
 139         verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1a, false);
 140         verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1b, false);
 141 
 142         verify(provider, "RawDSA", publicKey, data1SHA, sig1a, true);
 143         verify(provider, "RawDSA", publicKey, data1SHA, sig1b, true);
 144         verify(provider, "RawDSA", publicKey, data2SHA, sig1a, false);
 145         verify(provider, "RawDSA", publicKey, data2SHA, sig1b, false);
 146 
 147         testSigning(provider, privateKey, publicKey);
 148 
 149         long stop = System.currentTimeMillis();
 150         System.out.println("All tests passed (" + (stop - start) + " ms).");
 151     }
 152 
 153     private void testSigning(Provider provider, PrivateKey privateKey,
 154             PublicKey publicKey) throws Exception {
 155         byte[] data = new byte[2048];
 156         new Random().nextBytes(data);
 157 
 158         // sign random data using SHA1withDSA and verify using
 159         // SHA1withDSA and RawDSA
 160         Signature s = Signature.getInstance("SHA1withDSA", provider);
 161         s.initSign(privateKey);
 162         s.update(data);
 163         byte[] s1 = s.sign();
 164 
 165         s.initVerify(publicKey);
 166         s.update(data);
 167         if (!s.verify(s1)) {
 168             throw new Exception("Sign/verify 1 failed");
 169         }
 170 
 171         s = Signature.getInstance("RawDSA", provider);
 172         MessageDigest md = MessageDigest.getInstance("SHA-1");
 173         byte[] digest = md.digest(data);
 174         s.initVerify(publicKey);
 175         s.update(digest);
 176         if (!s.verify(s1)) {
 177             throw new Exception("Sign/verify 2 failed");
 178         }
 179 
 180         // sign random data using RawDSA and verify using
 181         // SHA1withDSA and RawDSA
 182         s.initSign(privateKey);
 183         s.update(digest);
 184         byte[] s2 = s.sign();
 185 
 186         s.initVerify(publicKey);
 187         s.update(digest);
 188         if (!s.verify(s2)) {
 189             throw new Exception("Sign/verify 3 failed");
 190         }
 191 
 192         s = Signature.getInstance("SHA1withDSA", provider);
 193         s.initVerify(publicKey);
 194         s.update(data);
 195         if (!s.verify(s2)) {
 196             throw new Exception("Sign/verify 4 failed");
 197         }
 198 
 199         // test behavior if data of incorrect length is passed
 200         s = Signature.getInstance("RawDSA", provider);
 201         s.initSign(privateKey);
 202         s.update(new byte[8]);
 203         s.update(new byte[64]);
 204         try {
 205             s.sign();
 206             throw new Exception("No error RawDSA signing long data");
 207         } catch (SignatureException e) {
 208             // expected
 209         }
 210     }
 211 
 212     private final static char[] hexDigits = "0123456789abcdef".toCharArray();
 213 
 214     public static String toString(byte[] b) {
 215         StringBuffer sb = new StringBuffer(b.length * 3);
 216         for (int i = 0; i < b.length; i++) {
 217             int k = b[i] & 0xff;
 218             if (i != 0) {
 219                 sb.append(':');
 220             }
 221             sb.append(hexDigits[k >>> 4]);
 222             sb.append(hexDigits[k & 0xf]);
 223         }
 224         return sb.toString();
 225     }
 226 
 227     public static byte[] parse(String s) {
 228         try {
 229             int n = s.length();
 230             ByteArrayOutputStream out = new ByteArrayOutputStream(n / 3);
 231             StringReader r = new StringReader(s);
 232             while (true) {
 233                 int b1 = nextNibble(r);
 234                 if (b1 < 0) {
 235                     break;
 236                 }
 237                 int b2 = nextNibble(r);
 238                 if (b2 < 0) {
 239                     throw new RuntimeException("Invalid string " + s);
 240                 }
 241                 int b = (b1 << 4) | b2;
 242                 out.write(b);
 243             }
 244             return out.toByteArray();
 245         } catch (IOException e) {
 246             throw new RuntimeException(e);
 247         }
 248     }
 249 
 250     public static byte[] b(String s) {
 251         return parse(s);
 252     }
 253 
 254     private static int nextNibble(StringReader r) throws IOException {
 255         while (true) {
 256             int ch = r.read();
 257             if (ch == -1) {
 258                 return -1;
 259             } else if ((ch >= '0') && (ch <= '9')) {
 260                 return ch - '0';
 261             } else if ((ch >= 'a') && (ch <= 'f')) {
 262                 return ch - 'a' + 10;
 263             } else if ((ch >= 'A') && (ch <= 'F')) {
 264                 return ch - 'A' + 10;
 265             }
 266         }
 267     }
 268 
 269 }