1
/*
2
 * Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
import java.security.InvalidKeyException;
25
import java.security.InvalidParameterException;
26
import java.security.KeyFactory;
27
import java.security.KeyPair;
28
import java.security.KeyPairGenerator;
29
import java.security.NoSuchAlgorithmException;
30
import java.security.PrivateKey;
31
import java.security.PublicKey;
32
import java.security.Signature;
33
import java.security.interfaces.EdECPrivateKey;
34
import java.security.interfaces.EdECPublicKey;
35
import java.security.spec.EdDSAParameterSpec;
36
import java.util.Arrays;
37
import java.util.HexFormat;
38

39
/*
40
 * @test
41
 * @bug 8209632
42
 * @summary Negative cases for EDDSA.
43
 * @library /test/lib
44
 * @run main EdDSANegativeTest
45
 */
46
public class EdDSANegativeTest {
47

48
    private static final String EDDSA = "EdDSA";
49
    private static final String ED25519 = "Ed25519";
50
    private static final String ED448 = "Ed448";
51
    private static final String PROVIDER = "SunEC";
52
    private static final String OTHER = "other";
53
    private static final byte[] MSG = "TEST".getBytes();
54

55
    public static void main(String[] args) throws Exception {
56
        byName();
57
        byParam();
58
        byInvalidKey();
59
        byInvalidKeyType();
60
    }
61

62
    private static void byName() throws Exception {
63

64
        for (String name : new String[]{null, "", "EDDSA", "eddsa", "EDdsa",
65
            EDDSA, ED25519, "ed25519", "ED25519", ED448, "eD448", "ED448",
66
            "ed448", OTHER}) {
67
            try {
68
                KeyPair kp = genKeyPair(name);
69
                KeyFactory kf = KeyFactory.getInstance(name, PROVIDER);
70
                EdECPrivateKey edPri
71
                        = (EdECPrivateKey) kf.translateKey(kp.getPrivate());
72
                EdECPublicKey edPub
73
                        = (EdECPublicKey) kf.translateKey(kp.getPublic());
74
                Signature sig = Signature.getInstance(name, PROVIDER);
75
                byte[] computedSig = sign(sig, edPri, MSG);
76
                if (!verify(sig, edPub, MSG, computedSig)) {
77
                    throw new RuntimeException("Signature verification failed");
78
                }
79
                if (name == null || "".equals(name)) {
80
                    throw new RuntimeException(
81
                            "Should not reach here for algo: " + name);
82
                }
83
                System.out.println("Passed: byName: " + name);
84
            } catch (NullPointerException e) {
85
                if (name != null) {
86
                    throw new RuntimeException(
87
                            "Unknown issue with algo name: " + name, e);
88
                }
89
            } catch (NoSuchAlgorithmException e) {
90
                if (!("".equals(name) || OTHER.equals(name))) {
91
                    throw new RuntimeException(
92
                            "Unknown issue with algo name: " + name, e);
93
                }
94
            }
95
        }
96
    }
97

98
    private static void byParam() throws Exception {
99
        testParam(EDDSA);
100
        testParam(ED25519);
101
        testParam(ED448);
102
    }
103

104
    private static void byInvalidKey() throws Exception {
105
        testInvalidKey(EDDSA);
106
        testInvalidKey(ED25519);
107
        testInvalidKey(ED448);
108
    }
109

110
    private static void byInvalidKeyType() throws Exception {
111
        testInvalidKeyType(EDDSA);
112
        testInvalidKeyType(ED25519);
113
        testInvalidKeyType(ED448);
114
    }
115

116
    /**
117
     * Test Signature.
118
     */
119
    private static void testParam(String name) throws Exception {
120

121
        KeyPair kp = genKeyPair(name);
122
        Signature sig = Signature.getInstance(name, PROVIDER);
123
        // Set initial paramter to generate a signature
124
        EdDSAParameterSpec initParam
125
                = new EdDSAParameterSpec(true, "testContext".getBytes());
126
        sig.setParameter(initParam);
127
        byte[] computedSig = sign(sig, kp.getPrivate(), MSG);
128
        // Signature should not get verified other than same parameter
129
        // which is set through the signature instance.
130
        for (boolean preHash : new boolean[]{true, false}) {
131
            // Test case with prehash as parameter without context set.
132
            verify(sig, kp.getPublic(), MSG, new EdDSAParameterSpec(preHash),
133
                    initParam, computedSig);
134
            // Test Case with Context combined of different sizes.
135
            // As per rfc8032, value of context is maximum of 255 octet
136
            for (byte[] context : new byte[][]{{}, "other".getBytes(),
137
            new byte[255], new byte[500]}) {
138
                System.out.printf("Testing signature for name: %s, algorithm "
139
                        + "spec: (prehash:%s, context:%s)%n", name, preHash,
140
                        HexFormat.of().withUpperCase().formatHex(context));
141
                try {
142
                    verify(sig, kp.getPublic(), MSG,
143
                            new EdDSAParameterSpec(preHash, context),
144
                            initParam, computedSig);
145
                } catch (InvalidParameterException e) {
146
                    if (context.length <= 255) {
147
                        throw new RuntimeException("Should not throw exception "
148
                                + "when context size <= 255 octet: "
149
                                + context.length);
150
                    }
151
                }
152
            }
153
        }
154
    }
155

156
    private static void testInvalidKey(String name) throws Exception {
157
        KeyPair kp = genKeyPair(name);
158
        KeyPair kp1 = genKeyPair(name);
159
        Signature sig = Signature.getInstance(name, PROVIDER);
160
        byte[] computedSig = sign(sig, kp.getPrivate(), MSG);
161
        if (verify(sig, kp1.getPublic(), MSG, computedSig)) {
162
            throw new RuntimeException("Signature verification failed "
163
                    + "for unpaired key.");
164
        }
165
        System.out.println("Passed: testInvalidKey: " + name);
166
    }
167

168
    private static void testInvalidKeyType(String name) throws Exception {
169

170
        KeyFactory kf = KeyFactory.getInstance(name, PROVIDER);
171
        try {
172
            kf.translateKey(new InvalidPrivateKey());
173
        } catch (InvalidKeyException e) {
174
            // Expected exception and not to be handled
175
        }
176
        try {
177
            kf.translateKey(new InvalidPublicKey());
178
        } catch (InvalidKeyException e) {
179
            // Expected exception and not to be handled
180
        }
181
        System.out.println("Passed: testInvalidKeyType: " + name);
182
    }
183

184
    private static KeyPair genKeyPair(String name) throws Exception {
185
        KeyPairGenerator kpg = KeyPairGenerator.getInstance(name, PROVIDER);
186
        return kpg.generateKeyPair();
187
    }
188

189
    private static byte[] sign(Signature sig, PrivateKey priKey, byte[] msg)
190
            throws Exception {
191
        sig.initSign(priKey);
192
        sig.update(msg);
193
        return sig.sign();
194
    }
195

196
    private static boolean verify(Signature sig, PublicKey pubKey, byte[] msg,
197
            byte[] sign) throws Exception {
198
        sig.initVerify(pubKey);
199
        sig.update(msg);
200
        return sig.verify(sign);
201
    }
202

203
    private static void verify(Signature sig, PublicKey pubKey, byte[] msg,
204
            EdDSAParameterSpec params, EdDSAParameterSpec initParam,
205
            byte[] computedSig) throws Exception {
206

207
        sig.setParameter(params);
208
        if (verify(sig, pubKey, msg, computedSig)) {
209
            byte[] context = params.getContext().isPresent()
210
                    ? params.getContext().get() : null;
211
            byte[] initContext = initParam.getContext().isPresent()
212
                    ? initParam.getContext().get() : null;
213
            boolean preHash = params.isPrehash();
214
            boolean initPreHash = initParam.isPrehash();
215
            // The signature should not get verified with other parameters
216
            // set through signature instance.
217
            if (!(equals(context, initContext) && equals(preHash, initPreHash))) {
218
                throw new RuntimeException(String.format("Signature verification"
219
                        + " success with different param context(actual:%s, "
220
                        + "expected:%s), Prehash(actual:%s, expected:%s)",
221
                        HexFormat.of().withUpperCase().formatHex(context),
222
                        HexFormat.of().withUpperCase().formatHex(initContext),
223
                        preHash, initPreHash));
224
            } else {
225
                System.out.println("Atleast a case matched");
226
            }
227
        }
228
    }
229

230
    private static boolean equals(Object actual, Object expected) {
231
        if (actual == expected) {
232
            return true;
233
        }
234
        if (actual == null || expected == null) {
235
            return false;
236
        }
237
        boolean equals = actual.equals(expected);
238
        if (!equals) {
239
            throw new RuntimeException(String.format("Actual: %s, Expected: %s",
240
                    actual, expected));
241
        }
242
        return equals;
243
    }
244

245
    private static boolean equals(byte[] actual, byte[] expected) {
246
        if (actual == expected) {
247
            return true;
248
        }
249
        if (actual == null || expected == null) {
250
            return false;
251
        }
252
        boolean equals = Arrays.equals(actual, expected);
253
        if (!equals) {
254
            throw new RuntimeException(String.format("Actual array: %s, "
255
                    + "Expected array:%s", HexFormat.of().withUpperCase().formatHex(actual),
256
                    HexFormat.of().withUpperCase().formatHex(expected)));
257
        }
258
        return equals;
259
    }
260

261
    private static class InvalidPrivateKey implements PrivateKey {
262

263
        @Override
264
        public String getAlgorithm() {
265
            return "test";
266
        }
267

268
        @Override
269
        public String getFormat() {
270
            return "test";
271
        }
272

273
        @Override
274
        public byte[] getEncoded() {
275
            return "test".getBytes();
276
        }
277

278
    }
279

280
    private static class InvalidPublicKey implements PublicKey {
281

282
        @Override
283
        public String getAlgorithm() {
284
            return "test";
285
        }
286

287
        @Override
288
        public String getFormat() {
289
            return "test";
290
        }
291

292
        @Override
293
        public byte[] getEncoded() {
294
            return "test".getBytes();
295
        }
296

297
    }
298
}
299

300