1
/*
2
 * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 8161571 8178370
27
 * @summary Reject signatures presented for verification that contain extra
28
 *          bytes.
29
 * @modules jdk.crypto.ec
30
 * @run main SignatureLength
31
 */
32

33
import java.security.KeyPair;
34
import java.security.KeyPairGenerator;
35
import java.security.NoSuchAlgorithmException;
36
import java.security.Provider;
37
import java.security.Security;
38
import java.security.Signature;
39
import java.security.SignatureException;
40

41
public class SignatureLength {
42

43
    public static void main(String[] args) throws Exception {
44
        for (Provider p0 : Security.getProviders()) {
45
            for (Provider p1 : Security.getProviders()) {
46
                for (Provider p2 : Security.getProviders()) {
47
                    // SunMSCAPI signer can only be initialized with
48
                    // a key generated with SunMSCAPI
49
                    if (!p0.getName().equals("SunMSCAPI")
50
                            && p1.getName().equals("SunMSCAPI")) continue;
51

52
                    // SunMSCAPI generated key can only be signed
53
                    // with SunMSCAPI signer
54
                    if (p0.getName().equals("SunMSCAPI")
55
                            && !p1.getName().equals("SunMSCAPI")) continue;
56

57
                    // SunMSCAPI and SunPKCS11 verifiers may return false
58
                    // instead of throwing SignatureException
59
                    boolean mayNotThrow = p2.getName().equals("SunMSCAPI")
60
                            || p2.getName().startsWith("SunPKCS11");
61

62
                    main0("EC", 256, "SHA256withECDSA", p0, p1, p2, mayNotThrow);
63
                    main0("RSA", 2048, "SHA256withRSA", p0, p1, p2, mayNotThrow);
64
                    main0("DSA", 2048, "SHA256withDSA", p0, p1, p2, mayNotThrow);
65
                }
66
            }
67
        }
68
    }
69

70
    private static void main0(String keyAlgorithm, int keysize,
71
            String signatureAlgorithm, Provider generatorProvider,
72
            Provider signerProvider, Provider verifierProvider,
73
            boolean mayNotThrow) throws Exception {
74

75
        KeyPairGenerator generator;
76
        Signature signer;
77
        Signature verifier;
78

79
        try {
80
            generator = KeyPairGenerator.getInstance(keyAlgorithm,
81
                    generatorProvider);
82
            signer = Signature.getInstance(signatureAlgorithm,
83
                    signerProvider);
84
            verifier = Signature.getInstance(signatureAlgorithm,
85
                    verifierProvider);
86
        } catch (NoSuchAlgorithmException nsae) {
87
            // ignore this set of providers
88
            return;
89
        }
90

91
        byte[] plaintext = "aaa".getBytes("UTF-8");
92

93
        // Generate
94
        generator.initialize(keysize);
95
        System.out.println("Generating " + keyAlgorithm + " keypair using " +
96
            generator.getProvider().getName() + " JCE provider");
97
        KeyPair keypair = generator.generateKeyPair();
98

99
        // Sign
100
        signer.initSign(keypair.getPrivate());
101
        signer.update(plaintext);
102
        System.out.println("Signing using " + signer.getProvider().getName() +
103
            " JCE provider");
104
        byte[] signature = signer.sign();
105

106
        // Invalidate
107
        System.out.println("Invalidating signature ...");
108
        byte[] badSignature = new byte[signature.length + 5];
109
        System.arraycopy(signature, 0, badSignature, 0, signature.length);
110
        badSignature[signature.length] = 0x01;
111
        badSignature[signature.length + 1] = 0x01;
112
        badSignature[signature.length + 2] = 0x01;
113
        badSignature[signature.length + 3] = 0x01;
114
        badSignature[signature.length + 4] = 0x01;
115

116
        // Verify
117
        verifier.initVerify(keypair.getPublic());
118
        verifier.update(plaintext);
119
        System.out.println("Verifying using " +
120
            verifier.getProvider().getName() + " JCE provider");
121

122
        try {
123
            boolean valid = verifier.verify(badSignature);
124
            System.out.println("Valid? " + valid);
125
            if (mayNotThrow) {
126
                if (valid) {
127
                    throw new Exception(
128
                        "ERROR: expected a SignatureException but none was thrown"
129
                        + " and invalid signature was verified");
130
                } else {
131
                    System.out.println("OK: verification failed as expected");
132
                }
133
            } else {
134
                throw new Exception(
135
                    "ERROR: expected a SignatureException but none was thrown");
136
            }
137
        } catch (SignatureException e) {
138
            System.out.println("OK: caught expected exception: " + e);
139
        }
140
        System.out.println();
141
    }
142
}
143

144