8172366: Support SHA-3 based signatures

Enhance default JDK providers including SUN, SunRsaSign, and SunEC, with signatures using SHA-3 family of digests.

Reviewed-by: xuelei
This commit is contained in:
Valerie Peng 2020-09-15 20:28:48 +00:00
parent 46598c8644
commit 40206822f4
20 changed files with 673 additions and 95 deletions

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -108,6 +108,34 @@ public class MGF1ParameterSpec implements AlgorithmParameterSpec {
public static final MGF1ParameterSpec SHA512_256 = public static final MGF1ParameterSpec SHA512_256 =
new MGF1ParameterSpec("SHA-512/256"); new MGF1ParameterSpec("SHA-512/256");
/**
* The MGF1ParameterSpec which uses SHA3-224 message digest
* @since 16
*/
public static final MGF1ParameterSpec SHA3_224 =
new MGF1ParameterSpec("SHA3-224");
/**
* The MGF1ParameterSpec which uses SHA3-256 message digest
* @since 16
*/
public static final MGF1ParameterSpec SHA3_256 =
new MGF1ParameterSpec("SHA3-256");
/**
* The MGF1ParameterSpec which uses SHA3-384 message digest
* @since 16
*/
public static final MGF1ParameterSpec SHA3_384 =
new MGF1ParameterSpec("SHA3-384");
/**
* The MGF1ParameterSpec which uses SHA3-512 message digest
* @since 16
*/
public static final MGF1ParameterSpec SHA3_512 =
new MGF1ParameterSpec("SHA3-512");
private String mdName; private String mdName;
/** /**

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -47,11 +47,16 @@ import sun.security.jca.JCAUtil;
* Standards and Technology (NIST), using SHA digest algorithms * Standards and Technology (NIST), using SHA digest algorithms
* from FIPS180-3. * from FIPS180-3.
* *
* This file contains both the signature implementation for the * This file contains the signature implementation for the
* commonly used SHA1withDSA (DSS), SHA224withDSA, SHA256withDSA, * SHA1withDSA (DSS), SHA224withDSA, SHA256withDSA, SHA384withDSA,
* as well as RawDSA, used by TLS among others. RawDSA expects * SHA512withDSA, SHA3-224withDSA, SHA3-256withDSA, SHA3-384withDSA,
* the 20 byte SHA-1 digest as input via update rather than the * SHA3-512withDSA, as well as RawDSA, used by TLS among others.
* original data like other signature implementations. * RawDSA expects the 20 byte SHA-1 digest as input via update rather
* than the original data like other signature implementations.
*
* In addition, IEEE P1363 signature format is supported. The
* corresponding implementation is registered under <sig>inP1363Format,
* e.g. SHA256withDSAinP1363Format.
* *
* @author Benjamin Renaud * @author Benjamin Renaud
* *
@ -504,6 +509,78 @@ abstract class DSA extends SignatureSpi {
return printable; return printable;
} }
/**
* SHA3-224withDSA implementation.
*/
public static final class SHA3_224withDSA extends DSA {
public SHA3_224withDSA() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA3-224"));
}
}
/**
* SHA3-224withDSA implementation that uses the IEEE P1363 format.
*/
public static final class SHA3_224withDSAinP1363Format extends DSA {
public SHA3_224withDSAinP1363Format() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA3-224"), true);
}
}
/**
* Standard SHA3-256withDSA implementation.
*/
public static final class SHA3_256withDSA extends DSA {
public SHA3_256withDSA() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA3-256"));
}
}
/**
* Standard SHA3-256withDSA implementation that uses the IEEE P1363 format.
*/
public static final class SHA3_256withDSAinP1363Format extends DSA {
public SHA3_256withDSAinP1363Format() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA3-256"), true);
}
}
/**
* Standard SHA3-384withDSA implementation.
*/
public static final class SHA3_384withDSA extends DSA {
public SHA3_384withDSA() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA3-384"));
}
}
/**
* Standard SHA3-384withDSA implementation that uses the IEEE P1363 format.
*/
public static final class SHA3_384withDSAinP1363Format extends DSA {
public SHA3_384withDSAinP1363Format() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA3-384"), true);
}
}
/**
* Standard SHA3-512withDSA implementation.
*/
public static final class SHA3_512withDSA extends DSA {
public SHA3_512withDSA() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA3-512"));
}
}
/**
* Standard SHA3-512withDSA implementation that uses the IEEE P1363 format.
*/
public static final class SHA3_512withDSAinP1363Format extends DSA {
public SHA3_512withDSAinP1363Format() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA3-512"), true);
}
}
/** /**
* Standard SHA224withDSA implementation as defined in FIPS186-3. * Standard SHA224withDSA implementation as defined in FIPS186-3.
*/ */
@ -540,6 +617,42 @@ abstract class DSA extends SignatureSpi {
} }
} }
/**
* Standard SHA384withDSA implementation as defined in FIPS186-3.
*/
public static final class SHA384withDSA extends DSA {
public SHA384withDSA() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA-384"));
}
}
/**
* SHA384withDSA implementation that uses the IEEE P1363 format.
*/
public static final class SHA384withDSAinP1363Format extends DSA {
public SHA384withDSAinP1363Format() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA-384"), true);
}
}
/**
* Standard SHA512withDSA implementation as defined in FIPS186-3.
*/
public static final class SHA512withDSA extends DSA {
public SHA512withDSA() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA-512"));
}
}
/**
* SHA512withDSA implementation that uses the IEEE P1363 format.
*/
public static final class SHA512withDSAinP1363Format extends DSA {
public SHA512withDSAinP1363Format() throws NoSuchAlgorithmException {
super(MessageDigest.getInstance("SHA-512"), true);
}
}
/** /**
* Standard SHA1withDSA implementation. * Standard SHA1withDSA implementation.
*/ */

@ -54,9 +54,13 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
* SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384, * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
* and SHA-512. * and SHA-512.
* *
* - SHA-224withDSA/SHA-256withDSA are the signature schemes * - [SHA-224|SHA-256|SHA-384|SHA-512]withDSA are the signature schemes
* described in FIPS 186-3. The associated object identifiers are * described in FIPS 186-3. The associated object identifiers are
* "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2". * "OID.2.16.840.1.101.3.4.3.[1|2|3|4]" respectively.
*
* - [SHA3-224|SHA3-256|SHA3-384|SHA3-512]withDSA are the signature schemes
* using SHA-3 family of digests with DSA. The associated object identifiers
* are "OID.2.16.840.1.101.3.4.3.[5|6|7|8]" respectively.
* *
* - DSA is the key generation scheme as described in FIPS 186. * - DSA is the key generation scheme as described in FIPS 186.
* Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
@ -127,13 +131,30 @@ public final class SunEntries {
addWithAlias(p, "Signature", "NONEwithDSA", addWithAlias(p, "Signature", "NONEwithDSA",
"sun.security.provider.DSA$RawDSA", attrs); "sun.security.provider.DSA$RawDSA", attrs);
attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures // for DSA signatures with 224/256-bit digests
attrs.put("KeySize", "2048");
addWithAlias(p, "Signature", "SHA224withDSA", addWithAlias(p, "Signature", "SHA224withDSA",
"sun.security.provider.DSA$SHA224withDSA", attrs); "sun.security.provider.DSA$SHA224withDSA", attrs);
addWithAlias(p, "Signature", "SHA256withDSA", addWithAlias(p, "Signature", "SHA256withDSA",
"sun.security.provider.DSA$SHA256withDSA", attrs); "sun.security.provider.DSA$SHA256withDSA", attrs);
addWithAlias(p, "Signature", "SHA3-224withDSA",
"sun.security.provider.DSA$SHA3_224withDSA", attrs);
addWithAlias(p, "Signature", "SHA3-256withDSA",
"sun.security.provider.DSA$SHA3_256withDSA", attrs);
attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
addWithAlias(p, "Signature", "SHA384withDSA",
"sun.security.provider.DSA$SHA384withDSA", attrs);
addWithAlias(p, "Signature", "SHA512withDSA",
"sun.security.provider.DSA$SHA512withDSA", attrs);
addWithAlias(p, "Signature", "SHA3-384withDSA",
"sun.security.provider.DSA$SHA3_384withDSA", attrs);
addWithAlias(p, "Signature", "SHA3-512withDSA",
"sun.security.provider.DSA$SHA3_512withDSA", attrs);
attrs.remove("KeySize"); attrs.remove("KeySize");
add(p, "Signature", "SHA1withDSAinP1363Format", add(p, "Signature", "SHA1withDSAinP1363Format",
@ -144,7 +165,18 @@ public final class SunEntries {
"sun.security.provider.DSA$SHA224withDSAinP1363Format"); "sun.security.provider.DSA$SHA224withDSAinP1363Format");
add(p, "Signature", "SHA256withDSAinP1363Format", add(p, "Signature", "SHA256withDSAinP1363Format",
"sun.security.provider.DSA$SHA256withDSAinP1363Format"); "sun.security.provider.DSA$SHA256withDSAinP1363Format");
add(p, "Signature", "SHA384withDSAinP1363Format",
"sun.security.provider.DSA$SHA384withDSAinP1363Format");
add(p, "Signature", "SHA512withDSAinP1363Format",
"sun.security.provider.DSA$SHA512withDSAinP1363Format");
add(p, "Signature", "SHA3-224withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
add(p, "Signature", "SHA3-256withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
add(p, "Signature", "SHA3-384withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
add(p, "Signature", "SHA3-512withDSAinP1363Format",
"sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
/* /*
* Key Pair Generator engines * Key Pair Generator engines
*/ */

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -103,7 +103,7 @@ public final class PSSParameters extends AlgorithmParametersSpi {
throw new IOException("Only MGF1 mgf is supported"); throw new IOException("Only MGF1 mgf is supported");
} }
AlgorithmId params = AlgorithmId.parse( AlgorithmId params = AlgorithmId.parse(
new DerValue(val.getEncodedParams())); new DerValue(val.getEncodedParams()));
String mgfDigestName = params.getName(); String mgfDigestName = params.getName();
switch (mgfDigestName) { switch (mgfDigestName) {
case "SHA-1": case "SHA-1":
@ -127,6 +127,18 @@ public final class PSSParameters extends AlgorithmParametersSpi {
case "SHA-512/256": case "SHA-512/256":
mgfSpec = MGF1ParameterSpec.SHA512_256; mgfSpec = MGF1ParameterSpec.SHA512_256;
break; break;
case "SHA3-224":
mgfSpec = MGF1ParameterSpec.SHA3_224;
break;
case "SHA3-256":
mgfSpec = MGF1ParameterSpec.SHA3_256;
break;
case "SHA3-384":
mgfSpec = MGF1ParameterSpec.SHA3_384;
break;
case "SHA3-512":
mgfSpec = MGF1ParameterSpec.SHA3_512;
break;
default: default:
throw new IOException throw new IOException
("Unrecognized message digest algorithm " + ("Unrecognized message digest algorithm " +

@ -45,8 +45,8 @@ import sun.security.jca.JCAUtil;
* PKCS#1 v2.2 RSASSA-PSS signatures with various message digest algorithms. * PKCS#1 v2.2 RSASSA-PSS signatures with various message digest algorithms.
* RSASSA-PSS implementation takes the message digest algorithm, MGF algorithm, * RSASSA-PSS implementation takes the message digest algorithm, MGF algorithm,
* and salt length values through the required signature PSS parameters. * and salt length values through the required signature PSS parameters.
* We support SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and * We support SHA-1, SHA-2 family and SHA3 family of message digest algorithms,
* SHA-512/256 message digest algorithms and MGF1 mask generation function. * and MGF1 mask generation function.
* *
* @since 11 * @since 11
*/ */
@ -81,24 +81,20 @@ public class RSAPSSSignature extends SignatureSpi {
private static final byte[] EIGHT_BYTES_OF_ZEROS = new byte[8]; private static final byte[] EIGHT_BYTES_OF_ZEROS = new byte[8];
private static final Hashtable<String, Integer> DIGEST_LENGTHS = private static final Hashtable<KnownOIDs, Integer> DIGEST_LENGTHS =
new Hashtable<String, Integer>(); new Hashtable<KnownOIDs, Integer>();
static { static {
DIGEST_LENGTHS.put("SHA-1", 20); DIGEST_LENGTHS.put(KnownOIDs.SHA_1, 20);
DIGEST_LENGTHS.put("SHA", 20); DIGEST_LENGTHS.put(KnownOIDs.SHA_224, 28);
DIGEST_LENGTHS.put("SHA1", 20); DIGEST_LENGTHS.put(KnownOIDs.SHA_256, 32);
DIGEST_LENGTHS.put("SHA-224", 28); DIGEST_LENGTHS.put(KnownOIDs.SHA_384, 48);
DIGEST_LENGTHS.put("SHA224", 28); DIGEST_LENGTHS.put(KnownOIDs.SHA_512, 64);
DIGEST_LENGTHS.put("SHA-256", 32); DIGEST_LENGTHS.put(KnownOIDs.SHA_512$224, 28);
DIGEST_LENGTHS.put("SHA256", 32); DIGEST_LENGTHS.put(KnownOIDs.SHA_512$256, 32);
DIGEST_LENGTHS.put("SHA-384", 48); DIGEST_LENGTHS.put(KnownOIDs.SHA3_224, 28);
DIGEST_LENGTHS.put("SHA384", 48); DIGEST_LENGTHS.put(KnownOIDs.SHA3_256, 32);
DIGEST_LENGTHS.put("SHA-512", 64); DIGEST_LENGTHS.put(KnownOIDs.SHA3_384, 48);
DIGEST_LENGTHS.put("SHA512", 64); DIGEST_LENGTHS.put(KnownOIDs.SHA3_512, 64);
DIGEST_LENGTHS.put("SHA-512/224", 28);
DIGEST_LENGTHS.put("SHA512/224", 28);
DIGEST_LENGTHS.put("SHA-512/256", 32);
DIGEST_LENGTHS.put("SHA512/256", 32);
} }
// message digest implementation we use for hashing the data // message digest implementation we use for hashing the data
@ -210,27 +206,33 @@ public class RSAPSSSignature extends SignatureSpi {
* internal signature parameters. * internal signature parameters.
*/ */
private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException { private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
try { AlgorithmParameterSpec keyParams = rsaKey.getParams();
AlgorithmParameterSpec keyParams = rsaKey.getParams(); // validate key parameters
// validate key parameters if (!isCompatible(rsaKey.getParams(), this.sigParams)) {
if (!isCompatible(rsaKey.getParams(), this.sigParams)) { throw new InvalidKeyException
throw new InvalidKeyException ("Key contains incompatible PSS parameter values");
("Key contains incompatible PSS parameter values");
}
// validate key length
if (this.sigParams != null) {
Integer hLen =
DIGEST_LENGTHS.get(this.sigParams.getDigestAlgorithm());
if (hLen == null) {
throw new ProviderException("Unsupported digest algo: " +
this.sigParams.getDigestAlgorithm());
}
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
}
return rsaKey;
} catch (SignatureException e) {
throw new InvalidKeyException(e);
} }
// validate key length
if (this.sigParams != null) {
String digestAlgo = this.sigParams.getDigestAlgorithm();
KnownOIDs ko = KnownOIDs.findMatch(digestAlgo);
if (ko != null) {
Integer hLen = DIGEST_LENGTHS.get(ko);
if (hLen != null) {
checkKeyLength(rsaKey, hLen,
this.sigParams.getSaltLength());
} else {
// should never happen; checked in validateSigParams()
throw new ProviderException
("Unsupported digest algo: " + digestAlgo);
}
} else {
// should never happen; checked in validateSigParams()
throw new ProviderException
("Unrecognized digest algo: " + digestAlgo);
}
}
return rsaKey;
} }
/** /**
@ -268,14 +270,26 @@ public class RSAPSSSignature extends SignatureSpi {
("Only supports TrailerFieldBC(1)"); ("Only supports TrailerFieldBC(1)");
} }
String digestAlgo = params.getDigestAlgorithm();
// check key length again // check key length again
if (key != null) { if (key != null) {
try { String digestAlgo = params.getDigestAlgorithm();
int hLen = DIGEST_LENGTHS.get(digestAlgo); KnownOIDs ko = KnownOIDs.findMatch(digestAlgo);
checkKeyLength(key, hLen, params.getSaltLength()); if (ko != null) {
} catch (SignatureException e) { Integer hLen = DIGEST_LENGTHS.get(ko);
throw new InvalidAlgorithmParameterException(e); if (hLen != null) {
try {
checkKeyLength(key, hLen, params.getSaltLength());
} catch (InvalidKeyException e) {
throw new InvalidAlgorithmParameterException(e);
}
} else {
throw new InvalidAlgorithmParameterException
("Unsupported digest algo: " + digestAlgo);
}
} else {
throw new InvalidAlgorithmParameterException
("Unrecognized digest algo: " + digestAlgo);
} }
} }
return params; return params;
@ -302,12 +316,12 @@ public class RSAPSSSignature extends SignatureSpi {
* salt length * salt length
*/ */
private static void checkKeyLength(RSAKey key, int digestLen, private static void checkKeyLength(RSAKey key, int digestLen,
int saltLen) throws SignatureException { int saltLen) throws InvalidKeyException {
if (key != null) { if (key != null) {
int keyLength = (getKeyLengthInBits(key) + 7) >> 3; int keyLength = (getKeyLengthInBits(key) + 7) >> 3;
int minLength = Math.addExact(Math.addExact(digestLen, saltLen), 2); int minLength = Math.addExact(Math.addExact(digestLen, saltLen), 2);
if (keyLength < minLength) { if (keyLength < minLength) {
throw new SignatureException throw new InvalidKeyException
("Key is too short, need min " + minLength + " bytes"); ("Key is too short, need min " + minLength + " bytes");
} }
} }

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -40,8 +40,9 @@ import sun.security.x509.AlgorithmId;
* PKCS#1 v1.5 RSA signatures with the various message digest algorithms. * PKCS#1 v1.5 RSA signatures with the various message digest algorithms.
* This file contains an abstract base class with all the logic plus * This file contains an abstract base class with all the logic plus
* a nested static class for each of the message digest algorithms * a nested static class for each of the message digest algorithms
* (see end of the file). We support MD2, MD5, SHA-1, SHA-224, SHA-256, * (see end of the file). We support MD2, MD5, SHA-1, SHA2 family (
* SHA-384, SHA-512, SHA-512/224, and SHA-512/256. * SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256),
* and SHA3 family (SHA3-224, SHA3-256, SHA3-384, SHA3-512) of digests.
* *
* @since 1.5 * @since 1.5
* @author Andreas Sterbenz * @author Andreas Sterbenz
@ -360,4 +361,32 @@ public abstract class RSASignature extends SignatureSpi {
super("SHA-512/256", AlgorithmId.SHA512_256_oid, 11); super("SHA-512/256", AlgorithmId.SHA512_256_oid, 11);
} }
} }
// Nested class for SHA3-224withRSA signatures
public static final class SHA3_224withRSA extends RSASignature {
public SHA3_224withRSA() {
super("SHA3-224", AlgorithmId.SHA3_224_oid, 11);
}
}
// Nested class for SHA3-256withRSA signatures
public static final class SHA3_256withRSA extends RSASignature {
public SHA3_256withRSA() {
super("SHA3-256", AlgorithmId.SHA3_256_oid, 11);
}
}
// Nested class for SHA3-384withRSA signatures
public static final class SHA3_384withRSA extends RSASignature {
public SHA3_384withRSA() {
super("SHA3-384", AlgorithmId.SHA3_384_oid, 11);
}
}
// Nested class for SHA3-512withRSA signatures
public static final class SHA3_512withRSA extends RSASignature {
public SHA3_512withRSA() {
super("SHA3-512", AlgorithmId.SHA3_512_oid, 11);
}
}
} }

@ -84,6 +84,14 @@ public final class SunRsaSignEntries {
"sun.security.rsa.RSASignature$SHA512_224withRSA", attrs); "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
addA(p, "Signature", "SHA512/256withRSA", addA(p, "Signature", "SHA512/256withRSA",
"sun.security.rsa.RSASignature$SHA512_256withRSA", attrs); "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
addA(p, "Signature", "SHA3-224withRSA",
"sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
addA(p, "Signature", "SHA3-256withRSA",
"sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
addA(p, "Signature", "SHA3-384withRSA",
"sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
addA(p, "Signature", "SHA3-512withRSA",
"sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
addA(p, "KeyFactory", "RSASSA-PSS", addA(p, "KeyFactory", "RSASSA-PSS",
"sun.security.rsa.RSAKeyFactory$PSS", attrs); "sun.security.rsa.RSAKeyFactory$PSS", attrs);
@ -92,7 +100,7 @@ public final class SunRsaSignEntries {
addA(p, "Signature", "RSASSA-PSS", addA(p, "Signature", "RSASSA-PSS",
"sun.security.rsa.RSAPSSSignature", attrs); "sun.security.rsa.RSAPSSSignature", attrs);
addA(p, "AlgorithmParameters", "RSASSA-PSS", addA(p, "AlgorithmParameters", "RSASSA-PSS",
"sun.security.rsa.PSSParameters", attrs); "sun.security.rsa.PSSParameters", null);
} }
public Iterator<Provider.Service> iterator() { public Iterator<Provider.Service> iterator() {

@ -154,6 +154,14 @@ public enum KnownOIDs {
SHA256withDSA("2.16.840.1.101.3.4.3.2"), SHA256withDSA("2.16.840.1.101.3.4.3.2"),
SHA384withDSA("2.16.840.1.101.3.4.3.3"), SHA384withDSA("2.16.840.1.101.3.4.3.3"),
SHA512withDSA("2.16.840.1.101.3.4.3.4"), SHA512withDSA("2.16.840.1.101.3.4.3.4"),
SHA3_224withDSA("2.16.840.1.101.3.4.3.5", "SHA3-224withDSA"),
SHA3_256withDSA("2.16.840.1.101.3.4.3.6", "SHA3-256withDSA"),
SHA3_384withDSA("2.16.840.1.101.3.4.3.7", "SHA3-384withDSA"),
SHA3_512withDSA("2.16.840.1.101.3.4.3.8", "SHA3-512withDSA"),
SHA3_224withECDSA("2.16.840.1.101.3.4.3.9", "SHA3-224withECDSA"),
SHA3_256withECDSA("2.16.840.1.101.3.4.3.10", "SHA3-256withECDSA"),
SHA3_384withECDSA("2.16.840.1.101.3.4.3.11", "SHA3-384withECDSA"),
SHA3_512withECDSA("2.16.840.1.101.3.4.3.12", "SHA3-512withECDSA"),
SHA3_224withRSA("2.16.840.1.101.3.4.3.13", "SHA3-224withRSA"), SHA3_224withRSA("2.16.840.1.101.3.4.3.13", "SHA3-224withRSA"),
SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"), SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"),
SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"), SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
@ -429,9 +437,9 @@ public enum KnownOIDs {
if (debug != null) { if (debug != null) {
debug.println("Setting up name2enum:"); debug.println("Setting up name2enum:");
} }
List.of(KnownOIDs.values()).forEach(o -> { for (KnownOIDs o : KnownOIDs.values()) {
register(o); register(o);
}); };
} }
private static void register(KnownOIDs o) { private static void register(KnownOIDs o) {

@ -196,6 +196,10 @@ public class AlgorithmId implements Serializable, DerEncoder {
algid.equals((Object)SHA512_oid) || algid.equals((Object)SHA512_oid) ||
algid.equals((Object)SHA512_224_oid) || algid.equals((Object)SHA512_224_oid) ||
algid.equals((Object)SHA512_256_oid) || algid.equals((Object)SHA512_256_oid) ||
algid.equals((Object)SHA3_224_oid) ||
algid.equals((Object)SHA3_256_oid) ||
algid.equals((Object)SHA3_384_oid) ||
algid.equals((Object)SHA3_512_oid) ||
algid.equals((Object)DSA_oid) || algid.equals((Object)DSA_oid) ||
algid.equals((Object)sha1WithDSA_oid)) { algid.equals((Object)sha1WithDSA_oid)) {
; // no parameter part encoded ; // no parameter part encoded
@ -608,6 +612,18 @@ public class AlgorithmId implements Serializable, DerEncoder {
public static final ObjectIdentifier SHA512_256_oid = public static final ObjectIdentifier SHA512_256_oid =
ObjectIdentifier.of(KnownOIDs.SHA_512$256); ObjectIdentifier.of(KnownOIDs.SHA_512$256);
public static final ObjectIdentifier SHA3_224_oid =
ObjectIdentifier.of(KnownOIDs.SHA3_224);
public static final ObjectIdentifier SHA3_256_oid =
ObjectIdentifier.of(KnownOIDs.SHA3_256);
public static final ObjectIdentifier SHA3_384_oid =
ObjectIdentifier.of(KnownOIDs.SHA3_384);
public static final ObjectIdentifier SHA3_512_oid =
ObjectIdentifier.of(KnownOIDs.SHA3_512);
public static final ObjectIdentifier DSA_oid = public static final ObjectIdentifier DSA_oid =
ObjectIdentifier.of(KnownOIDs.DSA); ObjectIdentifier.of(KnownOIDs.DSA);

@ -46,12 +46,20 @@ import static sun.security.ec.ECOperations.IntermediateValueException;
* . "SHA256withECDSA" * . "SHA256withECDSA"
* . "SHA384withECDSA" * . "SHA384withECDSA"
* . "SHA512withECDSA" * . "SHA512withECDSA"
* . "SHA3-224withECDSA"
* . "SHA3-256withECDSA"
* . "SHA3-384withECDSA"
* . "SHA3-512withECDSA"
* . "NONEwithECDSAinP1363Format" * . "NONEwithECDSAinP1363Format"
* . "SHA1withECDSAinP1363Format" * . "SHA1withECDSAinP1363Format"
* . "SHA224withECDSAinP1363Format" * . "SHA224withECDSAinP1363Format"
* . "SHA256withECDSAinP1363Format" * . "SHA256withECDSAinP1363Format"
* . "SHA384withECDSAinP1363Format" * . "SHA384withECDSAinP1363Format"
* . "SHA512withECDSAinP1363Format" * . "SHA512withECDSAinP1363Format"
* . "SHA3-224withECDSAinP1363Format"
* . "SHA3-256withECDSAinP1363Format"
* . "SHA3-384withECDSAinP1363Format"
* . "SHA3-512withECDSAinP1363Format"
* *
* @since 1.7 * @since 1.7
*/ */
@ -278,6 +286,62 @@ abstract class ECDSASignature extends SignatureSpi {
} }
} }
// Nested class for SHA3_224withECDSA signatures
public static final class SHA3_224 extends ECDSASignature {
public SHA3_224() {
super("SHA3-224");
}
}
// Nested class for SHA3_224withECDSAinP1363Format signatures
public static final class SHA3_224inP1363Format extends ECDSASignature {
public SHA3_224inP1363Format() {
super("SHA3-224", true);
}
}
// Nested class for SHA3_256withECDSA signatures
public static final class SHA3_256 extends ECDSASignature {
public SHA3_256() {
super("SHA3-256");
}
}
// Nested class for SHA3_256withECDSAinP1363Format signatures
public static final class SHA3_256inP1363Format extends ECDSASignature {
public SHA3_256inP1363Format() {
super("SHA3-256", true);
}
}
// Nested class for SHA3_384withECDSA signatures
public static final class SHA3_384 extends ECDSASignature {
public SHA3_384() {
super("SHA3-384");
}
}
// Nested class for SHA3_384withECDSAinP1363Format signatures
public static final class SHA3_384inP1363Format extends ECDSASignature {
public SHA3_384inP1363Format() {
super("SHA3-384", true);
}
}
// Nested class for SHA3_512withECDSA signatures
public static final class SHA3_512 extends ECDSASignature {
public SHA3_512() {
super("SHA3-512");
}
}
// Nested class for SHA3_512withECDSAinP1363Format signatures
public static final class SHA3_512inP1363Format extends ECDSASignature {
public SHA3_512inP1363Format() {
super("SHA3-512", true);
}
}
// initialize for verification. See JCA doc // initialize for verification. See JCA doc
@Override @Override
protected void engineInitVerify(PublicKey publicKey) protected void engineInitVerify(PublicKey publicKey)

@ -157,8 +157,20 @@ public final class SunEC extends Provider {
} else if (algo.equals("NONEwithECDSA")) { } else if (algo.equals("NONEwithECDSA")) {
return (inP1363? new ECDSASignature.RawinP1363Format() : return (inP1363? new ECDSASignature.RawinP1363Format() :
new ECDSASignature.Raw()); new ECDSASignature.Raw());
} } else if (algo.equals("SHA3-224withECDSA")) {
} else if (type.equals("KeyFactory")) { return (inP1363? new ECDSASignature.SHA3_224inP1363Format() :
new ECDSASignature.SHA3_224());
} else if (algo.equals("SHA3-256withECDSA")) {
return (inP1363? new ECDSASignature.SHA3_256inP1363Format() :
new ECDSASignature.SHA3_256());
} else if (algo.equals("SHA3-384withECDSA")) {
return (inP1363? new ECDSASignature.SHA3_384inP1363Format() :
new ECDSASignature.SHA3_384());
} else if (algo.equals("SHA3-512withECDSA")) {
return (inP1363? new ECDSASignature.SHA3_512inP1363Format() :
new ECDSASignature.SHA3_512());
}
} else if (type.equals("KeyFactory")) {
if (algo.equals("EC")) { if (algo.equals("EC")) {
return new ECKeyFactory(); return new ECKeyFactory();
} else if (algo.equals("XDH")) { } else if (algo.equals("XDH")) {
@ -304,6 +316,18 @@ public final class SunEC extends Provider {
putService(new ProviderServiceA(this, "Signature", putService(new ProviderServiceA(this, "Signature",
"SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512", "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
ATTRS)); ATTRS));
putService(new ProviderServiceA(this, "Signature",
"SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224",
ATTRS));
putService(new ProviderServiceA(this, "Signature",
"SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256",
ATTRS));
putService(new ProviderServiceA(this, "Signature",
"SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384",
ATTRS));
putService(new ProviderServiceA(this, "Signature",
"SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512",
ATTRS));
putService(new ProviderService(this, "Signature", putService(new ProviderService(this, "Signature",
"NONEwithECDSAinP1363Format", "NONEwithECDSAinP1363Format",
@ -324,6 +348,19 @@ public final class SunEC extends Provider {
"SHA512withECDSAinP1363Format", "SHA512withECDSAinP1363Format",
"sun.security.ec.ECDSASignature$SHA512inP1363Format")); "sun.security.ec.ECDSASignature$SHA512inP1363Format"));
putService(new ProviderService(this, "Signature",
"SHA3-224withECDSAinP1363Format",
"sun.security.ec.ECDSASignature$SHA3_224inP1363Format"));
putService(new ProviderService(this, "Signature",
"SHA3-256withECDSAinP1363Format",
"sun.security.ec.ECDSASignature$SHA3_256inP1363Format"));
putService(new ProviderService(this, "Signature",
"SHA3-384withECDSAinP1363Format",
"sun.security.ec.ECDSASignature$SHA3_384inP1363Format"));
putService(new ProviderService(this, "Signature",
"SHA3-512withECDSAinP1363Format",
"sun.security.ec.ECDSASignature$SHA3_512inP1363Format"));
/* /*
* Key Pair Generator engine * Key Pair Generator engine
*/ */

@ -1,5 +1,5 @@
/** /*
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -71,6 +71,13 @@ public class Chain {
SHA1withDSA("SHA1withDSA"), SHA1withDSA("SHA1withDSA"),
SHA224withDSA("SHA224withDSA"), SHA224withDSA("SHA224withDSA"),
SHA256withDSA("SHA256withDSA"), SHA256withDSA("SHA256withDSA"),
SHA384withDSA("SHA384withDSA"),
SHA512withDSA("SHA512withDSA"),
SHA3_224withDSA("SHA3-224withDSA"),
SHA3_256withDSA("SHA3-256withDSA"),
SHA3_384withDSA("SHA3-384withDSA"),
SHA3_512withDSA("SHA3-512withDSA"),
SHA1withRSA("Sha1withrSA"), SHA1withRSA("Sha1withrSA"),
SHA224withRSA("SHA224withRSA"), SHA224withRSA("SHA224withRSA"),
@ -79,12 +86,20 @@ public class Chain {
SHA512withRSA("SHA512withRSA"), SHA512withRSA("SHA512withRSA"),
SHA512_224withRSA("SHA512/224withRSA"), SHA512_224withRSA("SHA512/224withRSA"),
SHA512_256withRSA("SHA512/256withRSA"), SHA512_256withRSA("SHA512/256withRSA"),
SHA3_224withRSA("SHA3-224withRSA"),
SHA3_256withRSA("SHA3-256withRSA"),
SHA3_384withRSA("SHA3-384withRSA"),
SHA3_512withRSA("SHA3-512withRSA"),
SHA1withECDSA("SHA1withECDSA"), SHA1withECDSA("SHA1withECDSA"),
SHA256withECDSA("SHA256withECDSA"),
SHA224withECDSA("SHA224withECDSA"), SHA224withECDSA("SHA224withECDSA"),
SHA256withECDSA("SHA256withECDSA"),
SHA384withECDSA("SHA384withECDSA"), SHA384withECDSA("SHA384withECDSA"),
SHA512withECDSA("SHA512withECDSA"), SHA512withECDSA("SHA512withECDSA"),
SHA3_224withECDSA("SHA3-224withECDSA"),
SHA3_256withECDSA("SHA3-256withECDSA"),
SHA3_384withECDSA("SHA3-384withECDSA"),
SHA3_512withECDSA("SHA3-512withECDSA"),
MD5andSHA1withRSA("MD5andSHA1withRSA"), MD5andSHA1withRSA("MD5andSHA1withRSA"),
@ -147,7 +162,10 @@ public class Chain {
new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024), new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024),
new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA1withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.SHA3_224withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA3_256withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA3_384withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA3_512withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun, 1024), new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun, 1024),
new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun, 2048), new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun, 2048),
new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun, 2048), new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun, 2048),

@ -0,0 +1,173 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import jdk.test.lib.Convert;
import java.security.*;
import java.security.spec.*;
import java.math.*;
import java.util.*;
/*
* @test
* @bug 8172366
* @summary Known Answer Test for ECDSA signature
* @library /test/lib
* @build jdk.test.lib.Convert
* @run main/othervm SignatureKAT
*/
public class SignatureKAT {
private static String checkHex(String hex) {
// if hex length is odd, need to prepend 0
if (hex.length() % 2 != 0) {
hex = "0" + hex;
}
return hex;
}
private static class CurveData {
private String name;
private byte[] msgBytes;
private BigInteger priv;
private BigInteger pubX;
private BigInteger pubY;
private static BigInteger toBigInteger(String hex) {
byte[] bytes = Convert.hexStringToByteArray(checkHex(hex));
return new BigInteger(1, bytes);
}
CurveData(String name, String msg, String priv, String pubX,
String pubY) {
this.name = name;
this.msgBytes = msg.getBytes();
this.priv = toBigInteger(priv);
this.pubX = toBigInteger(pubX);
this.pubY = toBigInteger(pubY);
}
}
private static class TestData {
private String sigName;
private CurveData cd;
private byte[] expSig;
TestData(String sigName, CurveData cd, String r, String s) {
this.sigName = sigName;
this.cd = cd;
if (r.length() != s.length() || r != checkHex(r) ||
s != checkHex(s)) {
throw new RuntimeException("Error: invalid r, s");
}
this.expSig = Convert.hexStringToByteArray(r + s);
}
}
// These test values are from the examples shown in the page below:
// https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
private static final CurveData P_256 = new CurveData(
"secp256r1", "Example of ECDSA with P-256",
"C477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96",
"B7E08AFDFE94BAD3F1DC8C734798BA1C62B3A0AD1E9EA2A38201CD0889BC7A19",
"3603F747959DBF7A4BB226E41928729063ADC7AE43529E61B563BBC606CC5E09"
);
private static final CurveData P_384 = new CurveData(
"secp384r1", "Example of ECDSA with P-384",
"F92C02ED629E4B48C0584B1C6CE3A3E3B4FAAE4AFC6ACB0455E73DFC392E6A0AE393A8565E6B9714D1224B57D83F8A08",
"3BF701BC9E9D36B4D5F1455343F09126F2564390F2B487365071243C61E6471FB9D2AB74657B82F9086489D9EF0F5CB5",
"D1A358EAFBF952E68D533855CCBDAA6FF75B137A5101443199325583552A6295FFE5382D00CFCDA30344A9B5B68DB855"
);
private static final CurveData P_521 = new CurveData(
"secp521r1", "Example of ECDSA with P-521",
"100085F47B8E1B8B11B7EB33028C0B2888E304BFC98501955B45BBA1478DC184EEEDF09B86A5F7C21994406072787205E69A63709FE35AA93BA333514B24F961722",
"98E91EEF9A68452822309C52FAB453F5F117C1DA8ED796B255E9AB8F6410CCA16E59DF403A6BDC6CA467A37056B1E54B3005D8AC030DECFEB68DF18B171885D5C4",
"164350C321AECFC1CCA1BA4364C9B15656150B4B78D6A48D7D28E7F31985EF17BE8554376B72900712C4B83AD668327231526E313F5F092999A4632FD50D946BC2E"
);
private static TestData[] TEST_DATUM = {
// secp256r1, secp384r1, and secp521r1 remain enabled
new TestData("SHA256withECDSAinP1363Format", P_256,
"2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F",
"DC42C2122D6392CD3E3A993A89502A8198C1886FE69D262C4B329BDB6B63FAF1"),
new TestData("SHA3-256withECDSAinP1363Format", P_256,
"2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F",
"0A861C2526900245C73BACB9ADAEC1A5ACB3BA1F7114A3C334FDCD5B7690DADD"),
new TestData("SHA384withECDSAinP1363Format", P_384,
"30EA514FC0D38D8208756F068113C7CADA9F66A3B40EA3B313D040D9B57DD41A332795D02CC7D507FCEF9FAF01A27088",
"CC808E504BE414F46C9027BCBF78ADF067A43922D6FCAA66C4476875FBB7B94EFD1F7D5DBE620BFB821C46D549683AD8"),
new TestData("SHA3-384withECDSAinP1363Format", P_384,
"30EA514FC0D38D8208756F068113C7CADA9F66A3B40EA3B313D040D9B57DD41A332795D02CC7D507FCEF9FAF01A27088",
"691B9D4969451A98036D53AA725458602125DE74881BBC333012CA4FA55BDE39D1BF16A6AAE3FE4992C567C6E7892337"),
new TestData("SHA512withECDSAinP1363Format", P_521,
"0140C8EDCA57108CE3F7E7A240DDD3AD74D81E2DE62451FC1D558FDC79269ADACD1C2526EEEEF32F8C0432A9D56E2B4A8A732891C37C9B96641A9254CCFE5DC3E2BA",
"00D72F15229D0096376DA6651D9985BFD7C07F8D49583B545DB3EAB20E0A2C1E8615BD9E298455BDEB6B61378E77AF1C54EEE2CE37B2C61F5C9A8232951CB988B5B1"),
new TestData("SHA3-512withECDSAinP1363Format", P_521,
"0140C8EDCA57108CE3F7E7A240DDD3AD74D81E2DE62451FC1D558FDC79269ADACD1C2526EEEEF32F8C0432A9D56E2B4A8A732891C37C9B96641A9254CCFE5DC3E2BA",
"00B25188492D58E808EDEBD7BF440ED20DB771CA7C618595D5398E1B1C0098E300D8C803EC69EC5F46C84FC61967A302D366C627FCFA56F87F241EF921B6E627ADBF"),
};
private static void runTest(TestData td) throws Exception {
System.out.println("Testing " + td.sigName + " with " + td.cd.name);
AlgorithmParameters params =
AlgorithmParameters.getInstance("EC", "SunEC");
params.init(new ECGenParameterSpec(td.cd.name));
ECParameterSpec ecParams =
params.getParameterSpec(ECParameterSpec.class);
KeyFactory kf = KeyFactory.getInstance("EC", "SunEC");
PrivateKey privKey = kf.generatePrivate
(new ECPrivateKeySpec(td.cd.priv, ecParams));
Signature sig = Signature.getInstance(td.sigName, "SunEC");
sig.initSign(privKey);
sig.update(td.cd.msgBytes);
// NOTE: there is no way to set the nonce value into current SunEC
// ECDSA signature, thus the output signature bytes likely won't
// match the expected signature bytes
byte[] ov = sig.sign();
ECPublicKeySpec pubKeySpec = new ECPublicKeySpec
(new ECPoint(td.cd.pubX, td.cd.pubY), ecParams);
PublicKey pubKey = kf.generatePublic(pubKeySpec);
sig.initVerify(pubKey);
sig.update(td.cd.msgBytes);
if (!sig.verify(ov)) {
throw new RuntimeException("Error verifying actual sig bytes");
}
sig.update(td.cd.msgBytes);
if (!sig.verify(td.expSig)) {
throw new RuntimeException("Error verifying expected sig bytes");
}
}
public static void main(String[] args) throws Exception {
for (TestData td : TEST_DATUM) {
runTest(td);
}
}
}

@ -43,6 +43,10 @@ import java.security.SignatureException;
* @run main SignatureOffsets SunEC SHA224withECDSA * @run main SignatureOffsets SunEC SHA224withECDSA
* @run main SignatureOffsets SunEC SHA384withECDSA * @run main SignatureOffsets SunEC SHA384withECDSA
* @run main SignatureOffsets SunEC SHA512withECDSA * @run main SignatureOffsets SunEC SHA512withECDSA
* @run main SignatureOffsets SunEC SHA3-256withECDSA
* @run main SignatureOffsets SunEC SHA3-224withECDSA
* @run main SignatureOffsets SunEC SHA3-384withECDSA
* @run main SignatureOffsets SunEC SHA3-512withECDSA
*/ */
public class SignatureOffsets { public class SignatureOffsets {

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -23,7 +23,7 @@
/* /*
* @test * @test
* @bug 8050374 8146293 * @bug 8050374 8146293 8172366
* @summary Verify a chain of signed objects * @summary Verify a chain of signed objects
* @library /test/lib * @library /test/lib
* @build jdk.test.lib.SigTestUtil * @build jdk.test.lib.SigTestUtil
@ -41,10 +41,14 @@ public class SignedObjectChain {
private static final Test[] tests = { private static final Test[] tests = {
new Test(Chain.SigAlg.SHA1withECDSA), new Test(Chain.SigAlg.SHA1withECDSA),
new Test(Chain.SigAlg.SHA256withECDSA),
new Test(Chain.SigAlg.SHA224withECDSA), new Test(Chain.SigAlg.SHA224withECDSA),
new Test(Chain.SigAlg.SHA256withECDSA),
new Test(Chain.SigAlg.SHA384withECDSA), new Test(Chain.SigAlg.SHA384withECDSA),
new Test(Chain.SigAlg.SHA512withECDSA), new Test(Chain.SigAlg.SHA512withECDSA),
new Test(Chain.SigAlg.SHA3_224withECDSA),
new Test(Chain.SigAlg.SHA3_256withECDSA),
new Test(Chain.SigAlg.SHA3_384withECDSA),
new Test(Chain.SigAlg.SHA3_512withECDSA),
}; };
public static void main(String argv[]) { public static void main(String argv[]) {

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -27,7 +27,7 @@ import java.security.SignatureException;
/* /*
* @test * @test
* @bug 8050374 8146293 * @bug 8050374 8146293 8172366
* @key randomness * @key randomness
* @summary This test validates signature verification * @summary This test validates signature verification
* Signature.verify(byte[], int, int). The test uses RandomFactory to * Signature.verify(byte[], int, int). The test uses RandomFactory to
@ -46,6 +46,10 @@ import java.security.SignatureException;
* @run main SignatureOffsets SunRsaSign SHA512withRSA * @run main SignatureOffsets SunRsaSign SHA512withRSA
* @run main SignatureOffsets SunRsaSign SHA512/224withRSA * @run main SignatureOffsets SunRsaSign SHA512/224withRSA
* @run main SignatureOffsets SunRsaSign SHA512/256withRSA * @run main SignatureOffsets SunRsaSign SHA512/256withRSA
* @run main SignatureOffsets SunRsaSign SHA3-224withRSA
* @run main SignatureOffsets SunRsaSign SHA3-256withRSA
* @run main SignatureOffsets SunRsaSign SHA3-384withRSA
* @run main SignatureOffsets SunRsaSign SHA3-512withRSA
*/ */
public class SignatureOffsets { public class SignatureOffsets {

@ -31,7 +31,7 @@ import static javax.crypto.Cipher.PUBLIC_KEY;
/** /**
* @test * @test
* @bug 8146293 8242556 * @bug 8146293 8242556 8172366
* @summary Test RSASSA-PSS AlgorithmParameters impl of SunRsaSign provider. * @summary Test RSASSA-PSS AlgorithmParameters impl of SunRsaSign provider.
* @run main PSSParametersTest * @run main PSSParametersTest
*/ */
@ -50,6 +50,8 @@ public class PSSParametersTest {
System.out.println("Testing against custom parameters"); System.out.println("Testing against custom parameters");
test(new PSSParameterSpec("SHA-512/224", "MGF1", test(new PSSParameterSpec("SHA-512/224", "MGF1",
MGF1ParameterSpec.SHA384, 100, 1)); MGF1ParameterSpec.SHA384, 100, 1));
test(new PSSParameterSpec("SHA3-256", "MGF1",
new MGF1ParameterSpec("SHA3-256"), 256>>3, 1));
System.out.println("Test Passed"); System.out.println("Test Passed");
} }
@ -57,6 +59,7 @@ public class PSSParametersTest {
// bytes, then initialize w/ the DER bytes, retrieve the spec. // bytes, then initialize w/ the DER bytes, retrieve the spec.
// compare both spec for equality and throw exception if the check failed. // compare both spec for equality and throw exception if the check failed.
private static void test(PSSParameterSpec spec) throws Exception { private static void test(PSSParameterSpec spec) throws Exception {
System.out.println("Testing PSS spec: " + spec);
String ALGORITHMS[] = { PSS_ALGO, PSS_OID }; String ALGORITHMS[] = { PSS_ALGO, PSS_OID };
for (String alg : ALGORITHMS) { for (String alg : ALGORITHMS) {
AlgorithmParameters params = AlgorithmParameters.getInstance AlgorithmParameters params = AlgorithmParameters.getInstance
@ -67,9 +70,9 @@ public class PSSParametersTest {
(alg, PROVIDER); (alg, PROVIDER);
params2.init(encoded); params2.init(encoded);
PSSParameterSpec spec2 = params2.getParameterSpec PSSParameterSpec spec2 = params2.getParameterSpec
(PSSParameterSpec.class); (PSSParameterSpec.class);
if (!isEqual(spec, spec2)) { if (!isEqual(spec, spec2)) {
throw new RuntimeException("Spec check Failed for " + alg); throw new RuntimeException("Spec check Failed for " + alg);
} }
} }
} }

@ -31,7 +31,7 @@ import static javax.crypto.Cipher.PUBLIC_KEY;
/** /**
* @test * @test
* @bug 8146293 8238448 * @bug 8146293 8238448 8172366
* @summary Create a signature for RSASSA-PSS and get its signed data. * @summary Create a signature for RSASSA-PSS and get its signed data.
* re-initiate the signature with the public key. The signature * re-initiate the signature with the public key. The signature
* can be verified by acquired signed data. * can be verified by acquired signed data.
@ -68,7 +68,8 @@ public class SignatureTest2 {
*/ */
private static final String[] DIGEST_ALG = { private static final String[] DIGEST_ALG = {
"SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-1", "SHA-224", "SHA-256", "SHA-384",
"SHA-512", "SHA-512/224", "SHA-512/256" "SHA-512", "SHA-512/224", "SHA-512/256",
"SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512"
}; };
private static final String SIG_ALG = "RSASSA-PSS"; private static final String SIG_ALG = "RSASSA-PSS";

@ -23,7 +23,7 @@
/** /**
* @test * @test
* @bug 8146293 8242556 * @bug 8146293 8242556 8172366
* @summary Test RSASSA-PSS Key related support such as KeyPairGenerator * @summary Test RSASSA-PSS Key related support such as KeyPairGenerator
* and KeyFactory of the SunRsaSign provider * and KeyFactory of the SunRsaSign provider
*/ */
@ -145,11 +145,18 @@ public class TestPSSKeySupport {
KeyPair kp2 = kpg.generateKeyPair(); KeyPair kp2 = kpg.generateKeyPair();
checkKeyPair(kp2); checkKeyPair(kp2);
params = new PSSParameterSpec("SHA3-256", "MGF1",
new MGF1ParameterSpec("SHA3-256"), 32, 1);
kpg.initialize(new RSAKeyGenParameterSpec(2048, pubExp, params));
KeyPair kp3 = kpg.generateKeyPair();
checkKeyPair(kp3);
KeyFactory kf = KeyFactory.getInstance(ALGO, "SunRsaSign"); KeyFactory kf = KeyFactory.getInstance(ALGO, "SunRsaSign");
test(kf, kp.getPublic()); test(kf, kp.getPublic());
test(kf, kp.getPrivate()); test(kf, kp.getPrivate());
test(kf, kp2.getPublic()); test(kf, kp2.getPublic());
test(kf, kp2.getPrivate()); test(kf, kp2.getPrivate());
test(kf, kp3.getPublic());
test(kf, kp3.getPrivate());
} }
} }

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -54,10 +54,14 @@ public class SigTestUtil {
// collection of all supported digest algorithms // collection of all supported digest algorithms
// note that the entries are ordered by required key sizes // note that the entries are ordered by required key sizes
private static final String[] DIGEST_ALGS = { private static final String[] DIGEST_ALGS = {
"SHA3-512",
"SHA-512", "SHA-512",
"SHA3-384",
"SHA-384", "SHA-384",
"SHA3-256",
"SHA-256", "SHA-256",
"SHA-512/256", "SHA-512/256",
"SHA3-224",
"SHA-224", "SHA-224",
"SHA-512/224", "SHA-512/224",
"SHA-1", "SHA-1",
@ -66,14 +70,14 @@ public class SigTestUtil {
// indice for message digest algorithms lookup // indice for message digest algorithms lookup
// may need to be adjusted if new algorithms are added // may need to be adjusted if new algorithms are added
private static final int PKCS1_5_INDEX_768 = 0; private static final int PKCS1_5_INDEX_768 = 0; // 512, 384-bit digests
private static final int PKCS1_5_INDEX_512 = 2; private static final int PKCS1_5_INDEX_512 = 4; // 256-bit digests
private static final int PKCS1_5_INDEX_END = DIGEST_ALGS.length; private static final int PKCS1_5_INDEX_END = DIGEST_ALGS.length;
private static final int PSS_INDEX_2048 = 0; private static final int PSS_INDEX_2048 = 0; // 512-bit digests
private static final int PSS_INDEX_1024 = 1; private static final int PSS_INDEX_1024 = 2; // 384-bit digests
private static final int PSS_INDEX_768 = 2; private static final int PSS_INDEX_768 = 4; // 256-bit digests
private static final int PSS_INDEX_512 = 4; private static final int PSS_INDEX_512 = 7; // 224-bit digests
private static final int PSS_INDEX_END = 7; private static final int PSS_INDEX_END = DIGEST_ALGS.length - 2;
public static Iterable<String> getDigestAlgorithms(SignatureType type, public static Iterable<String> getDigestAlgorithms(SignatureType type,
int keysize) throws RuntimeException { int keysize) throws RuntimeException {
@ -135,9 +139,8 @@ public class SigTestUtil {
String mdAlg) throws RuntimeException { String mdAlg) throws RuntimeException {
switch (type) { switch (type) {
case RSA: case RSA:
int idx = mdAlg.indexOf("-"); if (mdAlg.startsWith("SHA-")) {
if (idx != -1) { mdAlg = mdAlg.substring(0, 3) + mdAlg.substring(4);
mdAlg = mdAlg.substring(0, idx) + mdAlg.substring(idx+1);
} }
return mdAlg + "with" + type.toString(); return mdAlg + "with" + type.toString();
case RSASSA_PSS: case RSASSA_PSS: