1
/*
2
 * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/**
25
 * @test
26
 * @bug 4815057 4839277
27
 * @summary basic test of SHA1withDSA and RawDSA signing/verifying
28
 * @author Andreas Sterbenz
29
 * @key randomness
30
 */
31

32
import java.io.*;
33
import java.util.*;
34
import java.math.BigInteger;
35

36
import java.security.*;
37
import java.security.spec.*;
38

39
public class TestDSA {
40

41
    // values of the keys we use for the tests
42

43
    private final static String ps =
44
        "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669" +
45
        "455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7" +
46
        "6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb" +
47
        "83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7";
48

49
    private final static String qs =
50
        "9760508f15230bccb292b982a2eb840bf0581cf5";
51

52
    private final static String gs =
53
        "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d078267" +
54
        "5159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e1" +
55
        "3c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243b" +
56
        "cca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a";
57

58
    private final static String xs =
59
        "2952afd9aef9527f9b40d23c8916f7d046028f9d";
60

61
    private final static String ys =
62
        "b16ddb0f9394c328c983ecf23b20014ace368a1af5728dffbf1162de9ed8ebf6" +
63
        "384f323930e091503035caa797e3674221fc16136240b5474799ede2b7b11313" +
64
        "7574a9c26bcf900940027b4bcd511ef1d1daf2e69c416aebaf3bdf39f02473b9" +
65
        "d963f99414c09d97bb0830d9fbdcf7bb9dad8a2179fcdf296838c4cfab8f4d8f";
66

67
    private final static BigInteger p = new BigInteger(ps, 16);
68
    private final static BigInteger q = new BigInteger(qs, 16);
69
    private final static BigInteger g = new BigInteger(gs, 16);
70
    private final static BigInteger x = new BigInteger(xs, 16);
71
    private final static BigInteger y = new BigInteger(ys, 16);
72

73
    // data for test 1, original and SHA-1 hashed
74
    private final static byte[] data1Raw = b("0102030405060708090a0b0c0d0e0f10111213");
75
    private final static byte[] data1SHA = b("00:e2:5f:c9:1c:8f:d6:8c:6a:dc:c6:bd:f0:46:60:5e:a2:cd:8d:ad");
76

77
    // valid signatures of data1. sig1b uses incorrect ASN.1 encoding,
78
    // which we want to accept anyway for compatibility
79
    private final static byte[] sig1a = b("30:2d:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:15:00:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13");
80
    private final static byte[] sig1b = b("30:2c:02:14:53:06:3f:7d:ec:48:3c:99:17:9a:2c:a9:4d:e8:00:da:70:fb:35:d7:02:14:92:6a:39:6b:15:63:2f:e7:32:90:35:bf:af:47:55:e7:ff:33:a5:13");
81

82
    // data for test 2 (invalid signatures)
83
    private final static byte[] data2Raw = {};
84
    private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09");
85

86
    private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception {
87
        Signature s = Signature.getInstance(alg, provider);
88
        s.initVerify(key);
89
        boolean r;
90
        s.update(data);
91
        r = s.verify(sig);
92
        if (r != result) {
93
            throw new Exception("Result mismatch, actual: " + r);
94
        }
95
        s.update(data);
96
        r = s.verify(sig);
97
        if (r != result) {
98
            throw new Exception("Result mismatch, actual: " + r);
99
        }
100
        System.out.println("Passed");
101
    }
102

103
    public static void main(String[] args) throws Exception {
104
        long start = System.currentTimeMillis();
105

106
        Provider provider = Security.getProvider("SUN");
107
        System.out.println("Testing provider " + provider + "...");
108

109
        KeyFactory kf = KeyFactory.getInstance("DSA", provider);
110
        DSAPrivateKeySpec privSpec = new DSAPrivateKeySpec(x, p, q, g);
111
        DSAPublicKeySpec pubSpec = new DSAPublicKeySpec(y, p, q, g);
112
        PrivateKey privateKey = kf.generatePrivate(privSpec);
113
        PublicKey publicKey = kf.generatePublic(pubSpec);
114

115
        // verify known-good and known-bad signatures using SHA1withDSA and RawDSA
116
        verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1a, true);
117
        verify(provider, "SHA1withDSA", publicKey, data1Raw, sig1b, true);
118
        verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1a, false);
119
        verify(provider, "SHA1withDSA", publicKey, data2Raw, sig1b, false);
120

121
        verify(provider, "RawDSA", publicKey, data1SHA, sig1a, true);
122
        verify(provider, "RawDSA", publicKey, data1SHA, sig1b, true);
123
        verify(provider, "RawDSA", publicKey, data2SHA, sig1a, false);
124
        verify(provider, "RawDSA", publicKey, data2SHA, sig1b, false);
125

126
        byte[] data = new byte[2048];
127
        new Random().nextBytes(data);
128

129
        // sign random data using SHA1withDSA and verify using
130
        // SHA1withDSA and RawDSA
131
        Signature s = Signature.getInstance("SHA1withDSA", provider);
132
        s.initSign(privateKey);
133
        s.update(data);
134
        byte[] s1 = s.sign();
135

136
        s.initVerify(publicKey);
137
        s.update(data);
138
        if (!s.verify(s1)) {
139
            throw new Exception("Sign/verify 1 failed");
140
        }
141

142
        s = Signature.getInstance("RawDSA", provider);
143
        MessageDigest md = MessageDigest.getInstance("SHA-1");
144
        byte[] digest = md.digest(data);
145
        s.initVerify(publicKey);
146
        s.update(digest);
147
        if (!s.verify(s1)) {
148
            throw new Exception("Sign/verify 2 failed");
149
        }
150

151
        // sign random data using RawDSA and verify using
152
        // SHA1withDSA and RawDSA
153
        s.initSign(privateKey);
154
        s.update(digest);
155
        byte[] s2 = s.sign();
156

157
        s.initVerify(publicKey);
158
        s.update(digest);
159
        if (!s.verify(s2)) {
160
            throw new Exception("Sign/verify 3 failed");
161
        }
162

163
        s = Signature.getInstance("SHA1withDSA", provider);
164
        s.initVerify(publicKey);
165
        s.update(data);
166
        if (!s.verify(s2)) {
167
            throw new Exception("Sign/verify 4 failed");
168
        }
169

170
        // test behavior if data of incorrect length is passed
171
        s = Signature.getInstance("RawDSA", provider);
172
        s.initSign(privateKey);
173
        s.update(new byte[8]);
174
        s.update(new byte[64]);
175
        try {
176
            s.sign();
177
            throw new Exception("No error RawDSA signing long data");
178
        } catch (SignatureException e) {
179
            // expected
180
        }
181

182
        long stop = System.currentTimeMillis();
183
        System.out.println("All tests passed (" + (stop - start) + " ms).");
184
    }
185

186
    private final static char[] hexDigits = "0123456789abcdef".toCharArray();
187

188
    public static String toString(byte[] b) {
189
        StringBuffer sb = new StringBuffer(b.length * 3);
190
        for (int i = 0; i < b.length; i++) {
191
            int k = b[i] & 0xff;
192
            if (i != 0) {
193
                sb.append(':');
194
            }
195
            sb.append(hexDigits[k >>> 4]);
196
            sb.append(hexDigits[k & 0xf]);
197
        }
198
        return sb.toString();
199
    }
200

201
    public static byte[] parse(String s) {
202
        try {
203
            int n = s.length();
204
            ByteArrayOutputStream out = new ByteArrayOutputStream(n / 3);
205
            StringReader r = new StringReader(s);
206
            while (true) {
207
                int b1 = nextNibble(r);
208
                if (b1 < 0) {
209
                    break;
210
                }
211
                int b2 = nextNibble(r);
212
                if (b2 < 0) {
213
                    throw new RuntimeException("Invalid string " + s);
214
                }
215
                int b = (b1 << 4) | b2;
216
                out.write(b);
217
            }
218
            return out.toByteArray();
219
        } catch (IOException e) {
220
            throw new RuntimeException(e);
221
        }
222
    }
223

224
    public static byte[] b(String s) {
225
        return parse(s);
226
    }
227

228
    private static int nextNibble(StringReader r) throws IOException {
229
        while (true) {
230
            int ch = r.read();
231
            if (ch == -1) {
232
                return -1;
233
            } else if ((ch >= '0') && (ch <= '9')) {
234
                return ch - '0';
235
            } else if ((ch >= 'a') && (ch <= 'f')) {
236
                return ch - 'a' + 10;
237
            } else if ((ch >= 'A') && (ch <= 'F')) {
238
                return ch - 'A' + 10;
239
            }
240
        }
241
    }
242

243
}
244

245