J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. |
| 8 | * |
| 9 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 12 | * version 2 for more details (a copy is included in the LICENSE file that |
| 13 | * accompanied this code). |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License version |
| 16 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 17 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 18 | * |
| 19 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 20 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 21 | * have any questions. |
| 22 | */ |
| 23 | |
| 24 | /** |
| 25 | * @test |
| 26 | * @bug 4815057 4839277 |
| 27 | * @summary basic test of SHA1withDSA and RawDSA signing/verifying |
| 28 | * @author Andreas Sterbenz |
| 29 | */ |
| 30 | |
| 31 | import java.io.*; |
| 32 | import java.util.*; |
| 33 | import java.math.BigInteger; |
| 34 | |
| 35 | import java.security.*; |
| 36 | import java.security.spec.*; |
| 37 | |
| 38 | public class TestDSA { |
| 39 | |
| 40 | // values of the keys we use for the tests |
| 41 | |
| 42 | private final static String ps = |
| 43 | "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669" + |
| 44 | "455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7" + |
| 45 | "6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb" + |
| 46 | "83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"; |
| 47 | |
| 48 | private final static String qs = |
| 49 | "9760508f15230bccb292b982a2eb840bf0581cf5"; |
| 50 | |
| 51 | private final static String gs = |
| 52 | "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d078267" + |
| 53 | "5159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e1" + |
| 54 | "3c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243b" + |
| 55 | "cca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"; |
| 56 | |
| 57 | private final static String xs = |
| 58 | "2952afd9aef9527f9b40d23c8916f7d046028f9d"; |
| 59 | |
| 60 | private final static String ys = |
| 61 | "b16ddb0f9394c328c983ecf23b20014ace368a1af5728dffbf1162de9ed8ebf6" + |
| 62 | "384f323930e091503035caa797e3674221fc16136240b5474799ede2b7b11313" + |
| 63 | "7574a9c26bcf900940027b4bcd511ef1d1daf2e69c416aebaf3bdf39f02473b9" + |
| 64 | "d963f99414c09d97bb0830d9fbdcf7bb9dad8a2179fcdf296838c4cfab8f4d8f"; |
| 65 | |
| 66 | private final static BigInteger p = new BigInteger(ps, 16); |
| 67 | private final static BigInteger q = new BigInteger(qs, 16); |
| 68 | private final static BigInteger g = new BigInteger(gs, 16); |
| 69 | private final static BigInteger x = new BigInteger(xs, 16); |
| 70 | private final static BigInteger y = new BigInteger(ys, 16); |
| 71 | |
| 72 | // data for test 1, original and SHA-1 hashed |
| 73 | private final static byte[] data1Raw = b("0102030405060708090a0b0c0d0e0f10111213"); |
| 74 | private final static byte[] data1SHA = b("00:e2:5f:c9:1c:8f:d6:8c:6a:dc:c6:bd:f0:46:60:5e:a2:cd:8d:ad"); |
| 75 | |
| 76 | // valid signatures of data1. sig1b uses incorrect ASN.1 encoding, |
| 77 | // which we want to accept anyway for compatibility |
| 78 | private final static byte[] sig1a = b("30:2d:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:15:00:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13"); |
| 79 | private final static byte[] sig1b = b("30:2c:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:14:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13"); |
| 80 | |
| 81 | // data for test 2 (invalid signatures) |
| 82 | private final static byte[] data2Raw = {}; |
| 83 | private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09"); |
| 84 | |
| 85 | private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception { |
| 86 | Signature s = Signature.getInstance(alg, provider); |
| 87 | s.initVerify(key); |
| 88 | boolean r; |
| 89 | s.update(data); |
| 90 | r = s.verify(sig); |
| 91 | if (r != result) { |
| 92 | throw new Exception("Result mismatch, actual: " + r); |
| 93 | } |
| 94 | s.update(data); |
| 95 | r = s.verify(sig); |
| 96 | if (r != result) { |
| 97 | throw new Exception("Result mismatch, actual: " + r); |
| 98 | } |
| 99 | System.out.println("Passed"); |
| 100 | } |
| 101 | |
| 102 | public static void main(String[] args) throws Exception { |
| 103 | long start = System.currentTimeMillis(); |
| 104 | |
| 105 | Provider provider = Security.getProvider("SUN"); |
| 106 | System.out.println("Testing provider " + provider + "..."); |
| 107 | |
| 108 | KeyFactory kf = KeyFactory.getInstance("DSA", provider); |
| 109 | DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec(x, p, q, g); |
| 110 | DSAPublicKeySpec pubSpec = new DSAPublicKeySpec(y, p, q, g); |
| 111 | PrivateKey privateKey = kf.generatePrivate(privSpec); |
| 112 | PublicKey publicKey = kf.generatePublic(pubSpec); |
| 113 | |
| 114 | // verify known-good and known-bad signatures using SHA1withDSA and RawDSA |
| 115 | verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1a, true); |
| 116 | verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1b, true); |
| 117 | verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1a, false); |
| 118 | verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1b, false); |
| 119 | |
| 120 | verify(provider, "RawDSA", publicKey, data1SHA, sig1a, true); |
| 121 | verify(provider, "RawDSA", publicKey, data1SHA, sig1b, true); |
| 122 | verify(provider, "RawDSA", publicKey, data2SHA, sig1a, false); |
| 123 | verify(provider, "RawDSA", publicKey, data2SHA, sig1b, false); |
| 124 | |
| 125 | byte[] data = new byte[2048]; |
| 126 | new Random().nextBytes(data); |
| 127 | |
| 128 | // sign random data using SHA1withDSA and verify using |
| 129 | // SHA1withDSA and RawDSA |
| 130 | Signature s = Signature.getInstance("SHA1withDSA", provider); |
| 131 | s.initSign(privateKey); |
| 132 | s.update(data); |
| 133 | byte[] s1 = s.sign(); |
| 134 | |
| 135 | s.initVerify(publicKey); |
| 136 | s.update(data); |
| 137 | if (!s.verify(s1)) { |
| 138 | throw new Exception("Sign/verify 1 failed"); |
| 139 | } |
| 140 | |
| 141 | s = Signature.getInstance("RawDSA", provider); |
| 142 | MessageDigest md = MessageDigest.getInstance("SHA-1"); |
| 143 | byte[] digest = md.digest(data); |
| 144 | s.initVerify(publicKey); |
| 145 | s.update(digest); |
| 146 | if (!s.verify(s1)) { |
| 147 | throw new Exception("Sign/verify 2 failed"); |
| 148 | } |
| 149 | |
| 150 | // sign random data using RawDSA and verify using |
| 151 | // SHA1withDSA and RawDSA |
| 152 | s.initSign(privateKey); |
| 153 | s.update(digest); |
| 154 | byte[] s2 = s.sign(); |
| 155 | |
| 156 | s.initVerify(publicKey); |
| 157 | s.update(digest); |
| 158 | if (!s.verify(s2)) { |
| 159 | throw new Exception("Sign/verify 3 failed"); |
| 160 | } |
| 161 | |
| 162 | s = Signature.getInstance("SHA1withDSA", provider); |
| 163 | s.initVerify(publicKey); |
| 164 | s.update(data); |
| 165 | if (!s.verify(s2)) { |
| 166 | throw new Exception("Sign/verify 4 failed"); |
| 167 | } |
| 168 | |
| 169 | // test behavior if data of incorrect length is passed |
| 170 | s = Signature.getInstance("RawDSA", provider); |
| 171 | s.initSign(privateKey); |
| 172 | s.update(new byte[8]); |
| 173 | s.update(new byte[64]); |
| 174 | try { |
| 175 | s.sign(); |
| 176 | throw new Exception("No error RawDSA signing long data"); |
| 177 | } catch (SignatureException e) { |
| 178 | // expected |
| 179 | } |
| 180 | |
| 181 | long stop = System.currentTimeMillis(); |
| 182 | System.out.println("All tests passed (" + (stop - start) + " ms)."); |
| 183 | } |
| 184 | |
| 185 | private final static char[] hexDigits = "0123456789abcdef".toCharArray(); |
| 186 | |
| 187 | public static String toString(byte[] b) { |
| 188 | StringBuffer sb = new StringBuffer(b.length * 3); |
| 189 | for (int i = 0; i < b.length; i++) { |
| 190 | int k = b[i] & 0xff; |
| 191 | if (i != 0) { |
| 192 | sb.append(':'); |
| 193 | } |
| 194 | sb.append(hexDigits[k >>> 4]); |
| 195 | sb.append(hexDigits[k & 0xf]); |
| 196 | } |
| 197 | return sb.toString(); |
| 198 | } |
| 199 | |
| 200 | public static byte[] parse(String s) { |
| 201 | try { |
| 202 | int n = s.length(); |
| 203 | ByteArrayOutputStream out = new ByteArrayOutputStream(n / 3); |
| 204 | StringReader r = new StringReader(s); |
| 205 | while (true) { |
| 206 | int b1 = nextNibble(r); |
| 207 | if (b1 < 0) { |
| 208 | break; |
| 209 | } |
| 210 | int b2 = nextNibble(r); |
| 211 | if (b2 < 0) { |
| 212 | throw new RuntimeException("Invalid string " + s); |
| 213 | } |
| 214 | int b = (b1 << 4) | b2; |
| 215 | out.write(b); |
| 216 | } |
| 217 | return out.toByteArray(); |
| 218 | } catch (IOException e) { |
| 219 | throw new RuntimeException(e); |
| 220 | } |
| 221 | } |
| 222 | |
| 223 | public static byte[] b(String s) { |
| 224 | return parse(s); |
| 225 | } |
| 226 | |
| 227 | private static int nextNibble(StringReader r) throws IOException { |
| 228 | while (true) { |
| 229 | int ch = r.read(); |
| 230 | if (ch == -1) { |
| 231 | return -1; |
| 232 | } else if ((ch >= '0') && (ch <= '9')) { |
| 233 | return ch - '0'; |
| 234 | } else if ((ch >= 'a') && (ch <= 'f')) { |
| 235 | return ch - 'a' + 10; |
| 236 | } else if ((ch >= 'A') && (ch <= 'F')) { |
| 237 | return ch - 'A' + 10; |
| 238 | } |
| 239 | } |
| 240 | } |
| 241 | |
| 242 | } |