1 /* 2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8161571 27 * @summary Reject signatures presented for verification that contain extra 28 * bytes. 29 * @modules jdk.crypto.ec 30 * @run main SignatureLength 31 */ 32 33 import java.security.KeyPair; 34 import java.security.KeyPairGenerator; 35 import java.security.Signature; 36 import java.security.SignatureException; 37 38 public class SignatureLength { 39 40 public static void main(String[] args) throws Exception { 41 main0("EC", 256, "SHA256withECDSA", "SunEC"); 42 main0("RSA", 2048, "SHA256withRSA", "SunRsaSign"); 43 main0("DSA", 2048, "SHA256withDSA", "SUN"); 44 45 if (System.getProperty("os.name").equals("SunOS")) { 46 main0("EC", 256, "SHA256withECDSA", null); 47 main0("RSA", 2048, "SHA256withRSA", null); 48 } 49 } 50 51 private static void main0(String keyAlgorithm, int keysize, 52 String signatureAlgorithm, String provider) throws Exception { 53 byte[] plaintext = "aaa".getBytes("UTF-8"); 54 55 // Generate 56 KeyPairGenerator generator = 57 provider == null ? 58 (KeyPairGenerator) KeyPairGenerator.getInstance(keyAlgorithm) : 59 (KeyPairGenerator) KeyPairGenerator.getInstance( 60 keyAlgorithm, provider); 61 generator.initialize(keysize); 62 System.out.println("Generating " + keyAlgorithm + " keypair using " + 63 generator.getProvider().getName() + " JCE provider"); 64 KeyPair keypair = generator.generateKeyPair(); 65 66 // Sign 67 Signature signer = 68 provider == null ? 69 Signature.getInstance(signatureAlgorithm) : 70 Signature.getInstance(signatureAlgorithm, provider); 71 signer.initSign(keypair.getPrivate()); 72 signer.update(plaintext); 73 System.out.println("Signing using " + signer.getProvider().getName() + 74 " JCE provider"); 75 byte[] signature = signer.sign(); 76 77 // Invalidate 78 System.out.println("Invalidating signature ..."); 79 byte[] badSignature = new byte[signature.length + 5]; 80 System.arraycopy(signature, 0, badSignature, 0, signature.length); 81 badSignature[signature.length] = 0x01; 82 badSignature[signature.length + 1] = 0x01; 83 badSignature[signature.length + 2] = 0x01; 84 badSignature[signature.length + 3] = 0x01; 85 badSignature[signature.length + 4] = 0x01; 86 87 // Verify 88 Signature verifier = 89 provider == null ? 90 Signature.getInstance(signatureAlgorithm) : 91 Signature.getInstance(signatureAlgorithm, provider); 92 verifier.initVerify(keypair.getPublic()); 93 verifier.update(plaintext); 94 System.out.println("Verifying using " + 95 verifier.getProvider().getName() + " JCE provider"); 96 97 try { 98 System.out.println("Valid? " + verifier.verify(badSignature)); 99 throw new Exception( 100 "ERROR: expected a SignatureException but none was thrown"); 101 } catch (SignatureException e) { 102 System.out.println("OK: caught expected exception: " + e); 103 } 104 System.out.println(); 105 } 106 }