1 /* 2 * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 import java.security.*; 24 import java.security.interfaces.RSAPrivateKey; 25 import java.security.interfaces.RSAPublicKey; 26 import java.security.spec.*; 27 import java.util.Arrays; 28 import java.util.stream.IntStream; 29 import static javax.crypto.Cipher.PRIVATE_KEY; 30 import static javax.crypto.Cipher.PUBLIC_KEY; 31 32 /** 33 * @test 34 * @bug 8146293 8238448 35 * @summary Create a signature for RSASSA-PSS and get its signed data. 36 * re-initiate the signature with the public key. The signature 37 * can be verified by acquired signed data. 38 * @run main SignatureTest2 768 39 * @run main SignatureTest2 1024 40 * @run main SignatureTest2 1025 41 * @run main SignatureTest2 2048 42 * @run main SignatureTest2 2049 43 * @run main/timeout=240 SignatureTest2 4096 44 */ 45 public class SignatureTest2 { 46 /** 47 * ALGORITHM name, fixed as RSA. 48 */ 49 private static final String KEYALG = "RSASSA-PSS"; 50 51 /** 52 * JDK default RSA Provider. 53 */ 54 private static final String PROVIDER = "SunRsaSign"; 55 56 /** 57 * How much times signature updated. 58 */ 59 private static final int UPDATE_TIMES_TWO = 2; 60 61 /** 62 * How much times signature initial updated. 63 */ 64 private static final int UPDATE_TIMES_TEN = 10; 65 66 /** 67 * Digest algorithms to test w/ RSASSA-PSS signature algorithms 68 */ 69 private static final String[] DIGEST_ALG = { 70 "SHA-1", "SHA-224", "SHA-256", "SHA-384", 71 "SHA-512", "SHA-512/224", "SHA-512/256" 72 }; 73 74 private static final String SIG_ALG = "RSASSA-PSS"; 75 76 private static PSSParameterSpec genPSSParameter(String digestAlgo, 77 int digestLen, int keySize) { 78 // pick a salt length based on the key length and digestAlgo 79 int saltLength = keySize/8 - digestLen - 2; 80 if (saltLength < 0) { 81 System.out.println("keysize: " + keySize/8 + ", digestLen: " + digestLen); 82 return null; 83 } 84 return new PSSParameterSpec(digestAlgo, "MGF1", 85 new MGF1ParameterSpec(digestAlgo), saltLength, 1); 86 } 87 88 public static void main(String[] args) throws Exception { 89 final int testSize = Integer.parseInt(args[0]); 90 91 byte[] data = new byte[100]; 92 IntStream.range(0, data.length).forEach(j -> { 93 data[j] = (byte) j; 94 }); 95 96 // create a key pair 97 KeyPair kpair = generateKeys(KEYALG, testSize); 98 Key[] privs = manipulateKey(PRIVATE_KEY, kpair.getPrivate()); 99 Key[] pubs = manipulateKey(PUBLIC_KEY, kpair.getPublic()); 100 101 // For messsage digest algorithm, create and verify a RSASSA-PSS signature 102 Arrays.stream(privs).forEach(priv 103 -> Arrays.stream(pubs).forEach(pub 104 -> Arrays.stream(DIGEST_ALG).forEach(testAlg -> { 105 checkSignature(data, (PublicKey) pub, (PrivateKey) priv, 106 testAlg, testSize); 107 } 108 ))); 109 110 } 111 112 private static KeyPair generateKeys(String keyalg, int size) 113 throws NoSuchAlgorithmException { 114 KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyalg); 115 kpg.initialize(size); 116 return kpg.generateKeyPair(); 117 } 118 119 private static Key[] manipulateKey(int type, Key key) 120 throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException { 121 KeyFactory kf = KeyFactory.getInstance(KEYALG, PROVIDER); 122 123 switch (type) { 124 case PUBLIC_KEY: 125 return new Key[]{ 126 kf.generatePublic(kf.getKeySpec(key, RSAPublicKeySpec.class)), 127 kf.generatePublic(new X509EncodedKeySpec(key.getEncoded())), 128 kf.generatePublic(new RSAPublicKeySpec( 129 ((RSAPublicKey) key).getModulus(), 130 ((RSAPublicKey) key).getPublicExponent())) 131 }; 132 case PRIVATE_KEY: 133 return new Key[]{ 134 kf.generatePrivate(kf.getKeySpec(key, 135 RSAPrivateKeySpec.class)), 136 kf.generatePrivate(new PKCS8EncodedKeySpec( 137 key.getEncoded())), 138 kf.generatePrivate(new RSAPrivateKeySpec(((RSAPrivateKey) key).getModulus(), 139 ((RSAPrivateKey) key).getPrivateExponent())) 140 }; 141 } 142 throw new RuntimeException("We shouldn't reach here"); 143 } 144 145 private static void checkSignature(byte[] data, PublicKey pub, 146 PrivateKey priv, String digestAlg, int keySize) throws RuntimeException { 147 try { 148 Signature sig = Signature.getInstance(SIG_ALG, PROVIDER); 149 int digestLen = MessageDigest.getInstance(digestAlg).getDigestLength(); 150 PSSParameterSpec params = genPSSParameter(digestAlg, digestLen, keySize); 151 if (params == null) { 152 System.out.println("Skip test due to short key size"); 153 return; 154 } 155 sig.setParameter(params); 156 sig.initSign(priv); 157 for (int i = 0; i < UPDATE_TIMES_TEN; i++) { 158 sig.update(data); 159 } 160 byte[] signedDataTen = sig.sign(); 161 162 // Make sure signature can be generated without re-init 163 sig.update(data); 164 byte[] signedDataOne = sig.sign(); 165 166 // Make sure signature verifies with original data 167 System.out.println("Verify using params " + sig.getParameters()); 168 sig.initVerify(pub); 169 sig.setParameter(params); 170 for (int i = 0; i < UPDATE_TIMES_TEN; i++) { 171 sig.update(data); 172 } 173 if (!sig.verify(signedDataTen)) { 174 throw new RuntimeException("Signature verification test#1 failed w/ " 175 + digestAlg); 176 } 177 178 // Make sure signature can verify without re-init 179 sig.update(data); 180 if (!sig.verify(signedDataOne)) { 181 throw new RuntimeException("Signature verification test#2 failed w/ " 182 + digestAlg); 183 } 184 185 // Make sure signature does NOT verify when the original data 186 // has changed 187 for (int i = 0; i < UPDATE_TIMES_TWO; i++) { 188 sig.update(data); 189 } 190 191 if (sig.verify(signedDataOne)) { 192 throw new RuntimeException("Bad signature accepted w/ " 193 + digestAlg); 194 } 195 } catch (NoSuchAlgorithmException | InvalidKeyException | 196 SignatureException | NoSuchProviderException | 197 InvalidAlgorithmParameterException e) { 198 e.printStackTrace(); 199 throw new RuntimeException(e); 200 } 201 } 202 }