|
1 /* |
|
2 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 import java.security.*; |
|
25 import java.security.spec.*; |
|
26 import java.security.interfaces.*; |
|
27 |
|
28 /* |
|
29 * @test |
|
30 * @bug 8080462 8226651 |
|
31 * @summary testing interoperability of PSS signatures of PKCS11 provider |
|
32 * against SunRsaSign provider |
|
33 * @library /test/lib .. |
|
34 * @modules jdk.crypto.cryptoki |
|
35 * @run main/othervm SigInteropPSS |
|
36 */ |
|
37 public class SigInteropPSS extends PKCS11Test { |
|
38 |
|
39 private static final byte[] MSG = |
|
40 "Interoperability test between SunRsaSign and SunPKCS11".getBytes(); |
|
41 |
|
42 private static final String[] DIGESTS = { |
|
43 "SHA-224", "SHA-256", "SHA-384", "SHA-512" |
|
44 }; |
|
45 |
|
46 public static void main(String[] args) throws Exception { |
|
47 main(new SigInteropPSS(), args); |
|
48 } |
|
49 |
|
50 @Override |
|
51 public void main(Provider p) throws Exception { |
|
52 Signature sigPkcs11; |
|
53 try { |
|
54 sigPkcs11 = Signature.getInstance("RSASSA-PSS", p); |
|
55 } catch (NoSuchAlgorithmException e) { |
|
56 System.out.println("Skip testing RSASSA-PSS" + |
|
57 " due to no support"); |
|
58 return; |
|
59 } |
|
60 |
|
61 Signature sigSunRsaSign = |
|
62 Signature.getInstance("RSASSA-PSS", "SunRsaSign"); |
|
63 |
|
64 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); |
|
65 kpg.initialize(3072); |
|
66 KeyPair kp = kpg.generateKeyPair(); |
|
67 |
|
68 runTest(sigSunRsaSign, sigPkcs11, kp); |
|
69 runTest(sigPkcs11, sigSunRsaSign, kp); |
|
70 |
|
71 System.out.println("Test passed"); |
|
72 } |
|
73 |
|
74 static void runTest(Signature signer, Signature verifier, KeyPair kp) |
|
75 throws Exception { |
|
76 System.out.println("\tSign using " + signer.getProvider().getName()); |
|
77 System.out.println("\tVerify using " + verifier.getProvider().getName()); |
|
78 |
|
79 for (String hash : DIGESTS) { |
|
80 for (String mgfHash : DIGESTS) { |
|
81 System.out.println("\tDigest = " + hash); |
|
82 System.out.println("\tMGF = MGF1_" + mgfHash); |
|
83 |
|
84 PSSParameterSpec params = new PSSParameterSpec(hash, "MGF1", |
|
85 new MGF1ParameterSpec(mgfHash), 0, 1); |
|
86 |
|
87 signer.setParameter(params); |
|
88 signer.initSign(kp.getPrivate()); |
|
89 verifier.setParameter(params); |
|
90 verifier.initVerify(kp.getPublic()); |
|
91 |
|
92 signer.update(MSG); |
|
93 byte[] sigBytes = signer.sign(); |
|
94 verifier.update(MSG); |
|
95 boolean isValid = verifier.verify(sigBytes); |
|
96 if (isValid) { |
|
97 System.out.println("\tPSS Signature verified"); |
|
98 } else { |
|
99 throw new RuntimeException("ERROR verifying PSS Signature"); |
|
100 } |
|
101 } |
|
102 } |
|
103 } |
|
104 } |