001: package org.bouncycastle.crypto.test;
002:
003: import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
004: import org.bouncycastle.crypto.digests.SHA1Digest;
005: import org.bouncycastle.crypto.engines.RSABlindingEngine;
006: import org.bouncycastle.crypto.engines.RSAEngine;
007: import org.bouncycastle.crypto.generators.RSABlindingFactorGenerator;
008: import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
009: import org.bouncycastle.crypto.params.ParametersWithRandom;
010: import org.bouncycastle.crypto.params.RSABlindingParameters;
011: import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
012: import org.bouncycastle.crypto.params.RSAKeyParameters;
013: import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
014: import org.bouncycastle.crypto.signers.PSSSigner;
015: import org.bouncycastle.util.encoders.Hex;
016: import org.bouncycastle.util.test.SimpleTest;
017:
018: import java.math.BigInteger;
019: import java.security.SecureRandom;
020:
021: /*
022: * RSA PSS test vectors for PKCS#1 V2.1 with blinding
023: */
024: public class PSSBlindTest extends SimpleTest {
025: private final int DATA_LENGTH = 1000;
026: private final int NUM_TESTS = 50;
027: private final int NUM_TESTS_WITH_KEY_GENERATION = 10;
028:
029: private class FixedRandom extends SecureRandom {
030: byte[] vals;
031:
032: FixedRandom(byte[] vals) {
033: this .vals = vals;
034: }
035:
036: public void nextBytes(byte[] bytes) {
037: System.arraycopy(vals, 0, bytes, 0, vals.length);
038: }
039: }
040:
041: //
042: // Example 1: A 1024-bit RSA keypair
043: //
044: private RSAKeyParameters pub1 = new RSAKeyParameters(
045: false,
046: new BigInteger(
047: "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",
048: 16), new BigInteger("010001", 16));
049:
050: private RSAKeyParameters prv1 = new RSAPrivateCrtKeyParameters(
051: new BigInteger(
052: "a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137",
053: 16),
054: new BigInteger("010001", 16),
055: new BigInteger(
056: "33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325",
057: 16),
058: new BigInteger(
059: "e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443",
060: 16),
061: new BigInteger(
062: "b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd",
063: 16),
064: new BigInteger(
065: "28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979",
066: 16),
067: new BigInteger(
068: "1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729",
069: 16),
070: new BigInteger(
071: "27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d",
072: 16));
073:
074: // PSSExample1.1
075:
076: private byte[] msg1a = Hex
077: .decode("cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b62371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb769757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb061a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d6193c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0");
078:
079: private byte[] slt1a = Hex
080: .decode("dee959c7e06411361420ff80185ed57f3e6776af");
081:
082: private byte[] sig1a = Hex
083: .decode("9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c");
084:
085: // PSSExample1.2
086:
087: private byte[] msg1b = Hex
088: .decode("851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f71a1cca582d43ecc72b1bca16dfc7013226b9e");
089:
090: private byte[] slt1b = Hex
091: .decode("ef2869fa40c346cb183dab3d7bffc98fd56df42d");
092:
093: private byte[] sig1b = Hex
094: .decode("3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843");
095:
096: //
097: // Example 2: A 1025-bit RSA keypair
098: //
099:
100: private RSAKeyParameters pub2 = new RSAKeyParameters(
101: false,
102: new BigInteger(
103: "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9",
104: 16), new BigInteger("010001", 16));
105:
106: private RSAKeyParameters prv2 = new RSAPrivateCrtKeyParameters(
107: new BigInteger(
108: "01d40c1bcf97a68ae7cdbd8a7bf3e34fa19dcca4ef75a47454375f94514d88fed006fb829f8419ff87d6315da68a1ff3a0938e9abb3464011c303ad99199cf0c7c7a8b477dce829e8844f625b115e5e9c4a59cf8f8113b6834336a2fd2689b472cbb5e5cabe674350c59b6c17e176874fb42f8fc3d176a017edc61fd326c4b33c9",
109: 16),
110: new BigInteger("010001", 16),
111: new BigInteger(
112: "027d147e4673057377fd1ea201565772176a7dc38358d376045685a2e787c23c15576bc16b9f444402d6bfc5d98a3e88ea13ef67c353eca0c0ddba9255bd7b8bb50a644afdfd1dd51695b252d22e7318d1b6687a1c10ff75545f3db0fe602d5f2b7f294e3601eab7b9d1cecd767f64692e3e536ca2846cb0c2dd486a39fa75b1",
113: 16),
114: new BigInteger(
115: "016601e926a0f8c9e26ecab769ea65a5e7c52cc9e080ef519457c644da6891c5a104d3ea7955929a22e7c68a7af9fcad777c3ccc2b9e3d3650bce404399b7e59d1",
116: 16),
117: new BigInteger(
118: "014eafa1d4d0184da7e31f877d1281ddda625664869e8379e67ad3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8a01f35ff89e56c079",
119: 16),
120: new BigInteger(
121: "e247cce504939b8f0a36090de200938755e2444b29539a7da7a902f6056835c0db7b52559497cfe2c61a8086d0213c472c78851800b171f6401de2e9c2756f31",
122: 16),
123: new BigInteger(
124: "b12fba757855e586e46f64c38a70c68b3f548d93d787b399999d4c8f0bbd2581c21e19ed0018a6d5d3df86424b3abcad40199d31495b61309f27c1bf55d487c1",
125: 16),
126: new BigInteger(
127: "564b1e1fa003bda91e89090425aac05b91da9ee25061e7628d5f51304a84992fdc33762bd378a59f030a334d532bd0dae8f298ea9ed844636ad5fb8cbdc03cad",
128: 16));
129:
130: // PSS Example 2.1
131:
132: private byte[] msg2a = Hex
133: .decode("daba032066263faedb659848115278a52c44faa3a76f37515ed336321072c40a9d9b53bc05014078adf520875146aae70ff060226dcb7b1f1fc27e9360");
134: private byte[] slt2a = Hex
135: .decode("57bf160bcb02bb1dc7280cf0458530b7d2832ff7");
136: private byte[] sig2a = Hex
137: .decode("014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3");
138:
139: // PSS Example 2.2
140:
141: private byte[] msg2b = Hex
142: .decode("e4f8601a8a6da1be34447c0959c058570c3668cfd51dd5f9ccd6ad4411fe8213486d78a6c49f93efc2ca2288cebc2b9b60bd04b1e220d86e3d4848d709d032d1e8c6a070c6af9a499fcf95354b14ba6127c739de1bb0fd16431e46938aec0cf8ad9eb72e832a7035de9b7807bdc0ed8b68eb0f5ac2216be40ce920c0db0eddd3860ed788efaccaca502d8f2bd6d1a7c1f41ff46f1681c8f1f818e9c4f6d91a0c7803ccc63d76a6544d843e084e363b8acc55aa531733edb5dee5b5196e9f03e8b731b3776428d9e457fe3fbcb3db7274442d785890e9cb0854b6444dace791d7273de1889719338a77fe");
143: private byte[] slt2b = Hex
144: .decode("7f6dd359e604e60870e898e47b19bf2e5a7b2a90");
145: private byte[] sig2b = Hex
146: .decode("010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea");
147:
148: //
149: // Example 4: A 1027-bit RSA key pair
150: //
151:
152: private RSAKeyParameters pub4 = new RSAKeyParameters(
153: false,
154: new BigInteger(
155: "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705",
156: 16), new BigInteger("010001", 16));
157:
158: private RSAKeyParameters prv4 = new RSAPrivateCrtKeyParameters(
159: new BigInteger(
160: "054adb7886447efe6f57e0368f06cf52b0a3370760d161cef126b91be7f89c421b62a6ec1da3c311d75ed50e0ab5fff3fd338acc3aa8a4e77ee26369acb81ba900fa83f5300cf9bb6c53ad1dc8a178b815db4235a9a9da0c06de4e615ea1277ce559e9c108de58c14a81aa77f5a6f8d1335494498848c8b95940740be7bf7c3705",
161: 16),
162: new BigInteger("010001", 16),
163: new BigInteger(
164: "fa041f8cd9697ceed38ec8caa275523b4dd72b09a301d3541d72f5d31c05cbce2d6983b36183af10690bd46c46131e35789431a556771dd0049b57461bf060c1f68472e8a67c25f357e5b6b4738fa541a730346b4a07649a2dfa806a69c975b6aba64678acc7f5913e89c622f2d8abb1e3e32554e39df94ba60c002e387d9011",
165: 16),
166: new BigInteger(
167: "029232336d2838945dba9dd7723f4e624a05f7375b927a87abe6a893a1658fd49f47f6c7b0fa596c65fa68a23f0ab432962d18d4343bd6fd671a5ea8d148413995",
168: 16),
169: new BigInteger(
170: "020ef5efe7c5394aed2272f7e81a74f4c02d145894cb1b3cab23a9a0710a2afc7e3329acbb743d01f680c4d02afb4c8fde7e20930811bb2b995788b5e872c20bb1",
171: 16),
172: new BigInteger(
173: "026e7e28010ecf2412d9523ad704647fb4fe9b66b1a681581b0e15553a89b1542828898f27243ebab45ff5e1acb9d4df1b051fbc62824dbc6f6c93261a78b9a759",
174: 16),
175: new BigInteger(
176: "012ddcc86ef655998c39ddae11718669e5e46cf1495b07e13b1014cd69b3af68304ad2a6b64321e78bf3bbca9bb494e91d451717e2d97564c6549465d0205cf421",
177: 16),
178: new BigInteger(
179: "010600c4c21847459fe576703e2ebecae8a5094ee63f536bf4ac68d3c13e5e4f12ac5cc10ab6a2d05a199214d1824747d551909636b774c22cac0b837599abcc75",
180: 16));
181:
182: // PSS Example 4.1
183:
184: private byte[] msg4a = Hex.decode("9fb03b827c8217d9");
185:
186: private byte[] slt4a = Hex
187: .decode("ed7c98c95f30974fbe4fbddcf0f28d6021c0e91d");
188:
189: private byte[] sig4a = Hex
190: .decode("0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948");
191:
192: // PSS Example 4.2
193:
194: private byte[] msg4b = Hex
195: .decode("0ca2ad77797ece86de5bf768750ddb5ed6a3116ad99bbd17edf7f782f0db1cd05b0f677468c5ea420dc116b10e80d110de2b0461ea14a38be68620392e7e893cb4ea9393fb886c20ff790642305bf302003892e54df9f667509dc53920df583f50a3dd61abb6fab75d600377e383e6aca6710eeea27156e06752c94ce25ae99fcbf8592dbe2d7e27453cb44de07100ebb1a2a19811a478adbeab270f94e8fe369d90b3ca612f9f");
196:
197: private byte[] slt4b = Hex
198: .decode("22d71d54363a4217aa55113f059b3384e3e57e44");
199:
200: private byte[] sig4b = Hex
201: .decode("049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598");
202:
203: //
204: // Example 8: A 1031-bit RSA key pair
205: //
206:
207: private RSAKeyParameters pub8 = new RSAKeyParameters(
208: false,
209: new BigInteger(
210: "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f",
211: 16), new BigInteger("010001", 16));
212:
213: private RSAKeyParameters prv8 = new RSAPrivateCrtKeyParameters(
214: new BigInteger(
215: "495370a1fb18543c16d3631e3163255df62be6eee890d5f25509e4f778a8ea6fbbbcdf85dff64e0d972003ab3681fbba6dd41fd541829b2e582de9f2a4a4e0a2d0900bef4753db3cee0ee06c7dfae8b1d53b5953218f9cceea695b08668edeaadced9463b1d790d5ebf27e9115b46cad4d9a2b8efab0561b0810344739ada0733f",
216: 16),
217: new BigInteger("010001", 16),
218: new BigInteger(
219: "6c66ffe98980c38fcdeab5159898836165f4b4b817c4f6a8d486ee4ea9130fe9b9092bd136d184f95f504a607eac565846d2fdd6597a8967c7396ef95a6eeebb4578a643966dca4d8ee3de842de63279c618159c1ab54a89437b6a6120e4930afb52a4ba6ced8a4947ac64b30a3497cbe701c2d6266d517219ad0ec6d347dbe9",
220: 16),
221: new BigInteger(
222: "08dad7f11363faa623d5d6d5e8a319328d82190d7127d2846c439b0ab72619b0a43a95320e4ec34fc3a9cea876422305bd76c5ba7be9e2f410c8060645a1d29edb",
223: 16),
224: new BigInteger(
225: "0847e732376fc7900f898ea82eb2b0fc418565fdae62f7d9ec4ce2217b97990dd272db157f99f63c0dcbb9fbacdbd4c4dadb6df67756358ca4174825b48f49706d",
226: 16),
227: new BigInteger(
228: "05c2a83c124b3621a2aa57ea2c3efe035eff4560f33ddebb7adab81fce69a0c8c2edc16520dda83d59a23be867963ac65f2cc710bbcfb96ee103deb771d105fd85",
229: 16),
230: new BigInteger(
231: "04cae8aa0d9faa165c87b682ec140b8ed3b50b24594b7a3b2c220b3669bb819f984f55310a1ae7823651d4a02e99447972595139363434e5e30a7e7d241551e1b9",
232: 16),
233: new BigInteger(
234: "07d3e47bf686600b11ac283ce88dbb3f6051e8efd04680e44c171ef531b80b2b7c39fc766320e2cf15d8d99820e96ff30dc69691839c4b40d7b06e45307dc91f3f",
235: 16));
236:
237: // PSS Example 8.1
238:
239: private byte[] msg8a = Hex
240: .decode("81332f4be62948415ea1d899792eeacf6c6e1db1da8be13b5cea41db2fed467092e1ff398914c714259775f595f8547f735692a575e6923af78f22c6997ddb90fb6f72d7bb0dd5744a31decd3dc3685849836ed34aec596304ad11843c4f88489f209735f5fb7fdaf7cec8addc5818168f880acbf490d51005b7a8e84e43e54287977571dd99eea4b161eb2df1f5108f12a4142a83322edb05a75487a3435c9a78ce53ed93bc550857d7a9fb");
241:
242: private byte[] slt8a = Hex
243: .decode("1d65491d79c864b373009be6f6f2467bac4c78fa");
244:
245: private byte[] sig8a = Hex
246: .decode("0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5");
247:
248: // PSS Example 8.2
249:
250: private byte[] msg8b = Hex
251: .decode("e2f96eaf0e05e7ba326ecca0ba7fd2f7c02356f3cede9d0faabf4fcc8e60a973e5595fd9ea08");
252:
253: private byte[] slt8b = Hex
254: .decode("435c098aa9909eb2377f1248b091b68987ff1838");
255:
256: private byte[] sig8b = Hex
257: .decode("2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e");
258:
259: //
260: // Example 9: A 1536-bit RSA key pair
261: //
262:
263: private RSAKeyParameters pub9 = new RSAKeyParameters(
264: false,
265: new BigInteger(
266: "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b",
267: 16), new BigInteger("010001", 16));
268:
269: private RSAKeyParameters prv9 = new RSAPrivateCrtKeyParameters(
270: new BigInteger(
271: "e6bd692ac96645790403fdd0f5beb8b9bf92ed10007fc365046419dd06c05c5b5b2f48ecf989e4ce269109979cbb40b4a0ad24d22483d1ee315ad4ccb1534268352691c524f6dd8e6c29d224cf246973aec86c5bf6b1401a850d1b9ad1bb8cbcec47b06f0f8c7f45d3fc8f319299c5433ddbc2b3053b47ded2ecd4a4caefd614833dc8bb622f317ed076b8057fe8de3f84480ad5e83e4a61904a4f248fb397027357e1d30e463139815c6fd4fd5ac5b8172a45230ecb6318a04f1455d84e5a8b",
272: 16),
273: new BigInteger("010001", 16),
274: new BigInteger(
275: "6a7fd84fb85fad073b34406db74f8d61a6abc12196a961dd79565e9da6e5187bce2d980250f7359575359270d91590bb0e427c71460b55d51410b191bcf309fea131a92c8e702738fa719f1e0041f52e40e91f229f4d96a1e6f172e15596b4510a6daec26105f2bebc53316b87bdf21311666070e8dfee69d52c71a976caae79c72b68d28580dc686d9f5129d225f82b3d615513a882b3db91416b48ce08888213e37eeb9af800d81cab328ce420689903c00c7b5fd31b75503a6d419684d629",
276: 16),
277: new BigInteger(
278: "f8eb97e98df12664eefdb761596a69ddcd0e76daece6ed4bf5a1b50ac086f7928a4d2f8726a77e515b74da41988f220b1cc87aa1fc810ce99a82f2d1ce821edced794c6941f42c7a1a0b8c4d28c75ec60b652279f6154a762aed165d47dee367",
279: 16),
280: new BigInteger(
281: "ed4d71d0a6e24b93c2e5f6b4bbe05f5fb0afa042d204fe3378d365c2f288b6a8dad7efe45d153eef40cacc7b81ff934002d108994b94a5e4728cd9c963375ae49965bda55cbf0efed8d6553b4027f2d86208a6e6b489c176128092d629e49d3d",
282: 16),
283: new BigInteger(
284: "2bb68bddfb0c4f56c8558bffaf892d8043037841e7fa81cfa61a38c5e39b901c8ee71122a5da2227bd6cdeeb481452c12ad3d61d5e4f776a0ab556591befe3e59e5a7fddb8345e1f2f35b9f4cee57c32414c086aec993e9353e480d9eec6289f",
285: 16),
286: new BigInteger(
287: "4ff897709fad079746494578e70fd8546130eeab5627c49b080f05ee4ad9f3e4b7cba9d6a5dff113a41c3409336833f190816d8a6bc42e9bec56b7567d0f3c9c696db619b245d901dd856db7c8092e77e9a1cccd56ee4dba42c5fdb61aec2669",
288: 16),
289: new BigInteger(
290: "77b9d1137b50404a982729316efafc7dfe66d34e5a182600d5f30a0a8512051c560d081d4d0a1835ec3d25a60f4e4d6aa948b2bf3dbb5b124cbbc3489255a3a948372f6978496745f943e1db4f18382ceaa505dfc65757bb3f857a58dce52156",
291: 16));
292:
293: // PSS Example 9.1
294:
295: private byte[] msg9a = Hex
296: .decode("a88e265855e9d7ca36c68795f0b31b591cd6587c71d060a0b3f7f3eaef43795922028bc2b6ad467cfc2d7f659c5385aa70ba3672cdde4cfe4970cc7904601b278872bf51321c4a972f3c95570f3445d4f57980e0f20df54846e6a52c668f1288c03f95006ea32f562d40d52af9feb32f0fa06db65b588a237b34e592d55cf979f903a642ef64d2ed542aa8c77dc1dd762f45a59303ed75e541ca271e2b60ca709e44fa0661131e8d5d4163fd8d398566ce26de8730e72f9cca737641c244159420637028df0a18079d6208ea8b4711a2c750f5");
297:
298: private byte[] slt9a = Hex
299: .decode("c0a425313df8d7564bd2434d311523d5257eed80");
300:
301: private byte[] sig9a = Hex
302: .decode("586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e");
303:
304: // PSS Example 9.2
305:
306: private byte[] msg9b = Hex
307: .decode("c8c9c6af04acda414d227ef23e0820c3732c500dc87275e95b0d095413993c2658bc1d988581ba879c2d201f14cb88ced153a01969a7bf0a7be79c84c1486bc12b3fa6c59871b6827c8ce253ca5fefa8a8c690bf326e8e37cdb96d90a82ebab69f86350e1822e8bd536a2e");
308:
309: private byte[] slt9b = Hex
310: .decode("b307c43b4850a8dac2f15f32e37839ef8c5c0e91");
311:
312: private byte[] sig9b = Hex
313: .decode("80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958");
314:
315: public String getName() {
316: return "PSSBlindTest";
317: }
318:
319: private void testSig(int id, RSAKeyParameters pub,
320: RSAKeyParameters prv, byte[] slt, byte[] msg, byte[] sig)
321: throws Exception {
322: RSABlindingFactorGenerator blindFactorGen = new RSABlindingFactorGenerator();
323: RSABlindingEngine blindingEngine = new RSABlindingEngine();
324: PSSSigner blindSigner = new PSSSigner(blindingEngine,
325: new SHA1Digest(), 20);
326: PSSSigner signer = new PSSSigner(new RSAEngine(),
327: new SHA1Digest(), 20);
328:
329: blindFactorGen.init(pub);
330:
331: BigInteger blindFactor = blindFactorGen
332: .generateBlindingFactor();
333: RSABlindingParameters params = new RSABlindingParameters(pub,
334: blindFactor);
335:
336: // generate a blind signature
337: blindSigner.init(true, new ParametersWithRandom(params,
338: new FixedRandom(slt)));
339:
340: blindSigner.update(msg, 0, msg.length);
341:
342: byte[] blindedData = blindSigner.generateSignature();
343:
344: RSAEngine signerEngine = new RSAEngine();
345:
346: signerEngine.init(true, prv);
347:
348: byte[] blindedSig = signerEngine.processBlock(blindedData, 0,
349: blindedData.length);
350:
351: // unblind the signature
352: blindingEngine.init(false, params);
353:
354: byte[] s = blindingEngine.processBlock(blindedSig, 0,
355: blindedSig.length);
356:
357: //signature verification
358: if (!areEqual(s, sig)) {
359: fail("test " + id + " failed generation");
360: }
361:
362: //verify signature with PSSSigner
363: signer.init(false, pub);
364: signer.update(msg, 0, msg.length);
365:
366: if (!signer.verifySignature(s)) {
367: fail("test " + id + " failed PSSSigner verification");
368: }
369: }
370:
371: private boolean isProcessingOkay(RSAKeyParameters pub,
372: RSAKeyParameters prv, byte[] data, SecureRandom random)
373: throws Exception {
374: RSABlindingFactorGenerator blindFactorGen = new RSABlindingFactorGenerator();
375: RSABlindingEngine blindingEngine = new RSABlindingEngine();
376: PSSSigner blindSigner = new PSSSigner(blindingEngine,
377: new SHA1Digest(), 20);
378: PSSSigner pssEng = new PSSSigner(new RSAEngine(),
379: new SHA1Digest(), 20);
380:
381: random.nextBytes(data);
382:
383: blindFactorGen.init(pub);
384:
385: BigInteger blindFactor = blindFactorGen
386: .generateBlindingFactor();
387: RSABlindingParameters params = new RSABlindingParameters(pub,
388: blindFactor);
389:
390: // generate a blind signature
391: blindSigner
392: .init(true, new ParametersWithRandom(params, random));
393:
394: blindSigner.update(data, 0, data.length);
395:
396: byte[] blindedData = blindSigner.generateSignature();
397:
398: RSAEngine signerEngine = new RSAEngine();
399:
400: signerEngine.init(true, prv);
401:
402: byte[] blindedSig = signerEngine.processBlock(blindedData, 0,
403: blindedData.length);
404:
405: // unblind the signature
406: blindingEngine.init(false, params);
407:
408: byte[] s = blindingEngine.processBlock(blindedSig, 0,
409: blindedSig.length);
410:
411: //verify signature with PSSSigner
412: pssEng.init(false, pub);
413: pssEng.update(data, 0, data.length);
414:
415: return pssEng.verifySignature(s);
416: }
417:
418: public void performTest() throws Exception {
419: testSig(1, pub1, prv1, slt1a, msg1a, sig1a);
420: testSig(2, pub1, prv1, slt1b, msg1b, sig1b);
421: testSig(3, pub2, prv2, slt2a, msg2a, sig2a);
422: testSig(4, pub2, prv2, slt2b, msg2b, sig2b);
423: testSig(5, pub4, prv4, slt4a, msg4a, sig4a);
424: testSig(6, pub4, prv4, slt4b, msg4b, sig4b);
425: testSig(7, pub8, prv8, slt8a, msg8a, sig8a);
426: testSig(8, pub8, prv8, slt8b, msg8b, sig8b);
427: testSig(9, pub9, prv9, slt9a, msg9a, sig9a);
428: testSig(10, pub9, prv9, slt9b, msg9b, sig9b);
429:
430: //
431: // loop test
432: //
433: RSABlindingFactorGenerator blindFactorGen = new RSABlindingFactorGenerator();
434: RSABlindingEngine blindingEngine = new RSABlindingEngine();
435: PSSSigner blindSigner = new PSSSigner(blindingEngine,
436: new SHA1Digest(), 20);
437: PSSSigner pssEng = new PSSSigner(new RSAEngine(),
438: new SHA1Digest(), 20);
439:
440: int failed = 0;
441: byte[] data = new byte[DATA_LENGTH];
442:
443: SecureRandom random = new SecureRandom();
444:
445: RSAKeyParameters[] kprv = { prv1, prv2, prv4, prv8, prv9 };
446: RSAKeyParameters[] kpub = { pub1, pub2, pub4, pub8, pub9 };
447:
448: int i = 0;
449: for (int j = 0; j < NUM_TESTS; j++, i++) {
450: if (i == kprv.length) {
451: i = 0;
452: }
453:
454: if (!isProcessingOkay(kpub[i], kprv[i], data, random)) {
455: failed++;
456: }
457: }
458:
459: if (failed != 0) {
460: fail("loop test failed - failures: " + failed);
461: }
462:
463: //
464: // key generation test
465: //
466: RSAKeyPairGenerator pGen = new RSAKeyPairGenerator();
467: RSAKeyGenerationParameters genParam = new RSAKeyGenerationParameters(
468: BigInteger.valueOf(0x11), new SecureRandom(), 1024, 25);
469:
470: pGen.init(genParam);
471: failed = 0;
472:
473: for (int k = 0; k < NUM_TESTS_WITH_KEY_GENERATION; k++) {
474: AsymmetricCipherKeyPair pair = pGen.generateKeyPair();
475:
476: for (int j = 0; j < NUM_TESTS; j++) {
477: if (!isProcessingOkay((RSAKeyParameters) pair
478: .getPublic(), (RSAKeyParameters) pair
479: .getPrivate(), data, random)) {
480: failed++;
481: }
482: }
483:
484: }
485:
486: if (failed != 0) {
487: fail("loop test with key generation failed - failures: "
488: + failed);
489: }
490: }
491:
492: public static void main(String[] args) {
493: runTest(new PSSBlindTest());
494: }
495: }
|