1 /*
2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 8161571
27 * @summary Reject signatures presented for verification that contain extra
28 * bytes.
29 * @modules jdk.crypto.ec
30 * @run main SignatureLength
31 */
32
33 import java.security.KeyPair;
34 import java.security.KeyPairGenerator;
35 import java.security.Signature;
36 import java.security.SignatureException;
37
38 public class SignatureLength {
39
40 public static void main(String[] args) throws Exception {
41 main0("EC", 256, "SHA256withECDSA", "SunEC");
42 main0("RSA", 2048, "SHA256withRSA", "SunRsaSign");
43 main0("DSA", 2048, "SHA256withDSA", "SUN");
44
45 if (System.getProperty("os.name").equals("SunOS")) {
46 main0("EC", 256, "SHA256withECDSA", null);
47 main0("RSA", 2048, "SHA256withRSA", null);
48 }
49 }
50
51 private static void main0(String keyAlgorithm, int keysize,
52 String signatureAlgorithm, String provider) throws Exception {
53 byte[] plaintext = "aaa".getBytes("UTF-8");
54
55 // Generate
56 KeyPairGenerator generator =
57 provider == null ?
58 (KeyPairGenerator) KeyPairGenerator.getInstance(keyAlgorithm) :
59 (KeyPairGenerator) KeyPairGenerator.getInstance(
60 keyAlgorithm, provider);
61 generator.initialize(keysize);
62 System.out.println("Generating " + keyAlgorithm + " keypair using " +
63 generator.getProvider().getName() + " JCE provider");
64 KeyPair keypair = generator.generateKeyPair();
65
66 // Sign
67 Signature signer =
68 provider == null ?
69 Signature.getInstance(signatureAlgorithm) :
70 Signature.getInstance(signatureAlgorithm, provider);
71 signer.initSign(keypair.getPrivate());
72 signer.update(plaintext);
73 System.out.println("Signing using " + signer.getProvider().getName() +
74 " JCE provider");
75 byte[] signature = signer.sign();
76
77 // Invalidate
78 System.out.println("Invalidating signature ...");
79 byte[] badSignature = new byte[signature.length + 5];
80 System.arraycopy(signature, 0, badSignature, 0, signature.length);
81 badSignature[signature.length] = 0x01;
82 badSignature[signature.length + 1] = 0x01;
83 badSignature[signature.length + 2] = 0x01;
84 badSignature[signature.length + 3] = 0x01;
85 badSignature[signature.length + 4] = 0x01;
86
87 // Verify
88 Signature verifier =
89 provider == null ?
90 Signature.getInstance(signatureAlgorithm) :
91 Signature.getInstance(signatureAlgorithm, provider);
92 verifier.initVerify(keypair.getPublic());
93 verifier.update(plaintext);
94 System.out.println("Verifying using " +
95 verifier.getProvider().getName() + " JCE provider");
96
97 try {
98 System.out.println("Valid? " + verifier.verify(badSignature));
99 throw new Exception(
100 "ERROR: expected a SignatureException but none was thrown");
101 } catch (SignatureException e) {
102 System.out.println("OK: caught expected exception: " + e);
103 }
104 System.out.println();
105 }
106 }