001: package org.bouncycastle.jce.provider.test;
002:
003: import org.bouncycastle.asn1.ASN1InputStream;
004: import org.bouncycastle.asn1.ASN1Sequence;
005: import org.bouncycastle.asn1.DERInteger;
006: import org.bouncycastle.jce.ECPointUtil;
007: import org.bouncycastle.jce.provider.BouncyCastleProvider;
008: import org.bouncycastle.util.BigIntegers;
009: import org.bouncycastle.util.encoders.Hex;
010: import org.bouncycastle.util.test.FixedSecureRandom;
011: import org.bouncycastle.util.test.SimpleTest;
012:
013: import java.io.ByteArrayInputStream;
014: import java.io.IOException;
015: import java.math.BigInteger;
016: import java.security.KeyFactory;
017: import java.security.KeyPair;
018: import java.security.KeyPairGenerator;
019: import java.security.PrivateKey;
020: import java.security.PublicKey;
021: import java.security.SecureRandom;
022: import java.security.Security;
023: import java.security.Signature;
024: import java.security.interfaces.ECPrivateKey;
025: import java.security.interfaces.ECPublicKey;
026: import java.security.spec.ECFieldF2m;
027: import java.security.spec.ECFieldFp;
028: import java.security.spec.ECParameterSpec;
029: import java.security.spec.ECPoint;
030: import java.security.spec.ECPrivateKeySpec;
031: import java.security.spec.ECPublicKeySpec;
032: import java.security.spec.EllipticCurve;
033:
034: public class ECDSA5Test extends SimpleTest {
035: byte[] k1 = Hex.decode("d5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
036: byte[] k2 = Hex
037: .decode("345e8d05c075c3a508df729a1685690e68fcfb8c8117847e89063bca1f85d968fd281540b6e13bd1af989a1fbf17e06462bf511f9d0b140fb48ac1b1baa5bded");
038:
039: SecureRandom random = new FixedSecureRandom(new byte[][] { k1, k2 });
040:
041: private void decodeTest() {
042: EllipticCurve curve = new EllipticCurve(
043: new ECFieldFp(
044: new BigInteger(
045: "6277101735386680763835789423207666416083908700390324961279")), // q
046: new BigInteger(
047: "fffffffffffffffffffffffffffffffefffffffffffffffc",
048: 16), // a
049: new BigInteger(
050: "64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
051: 16)); // b
052:
053: ECPoint p = ECPointUtil
054: .decodePoint(
055: curve,
056: Hex
057: .decode("03188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012"));
058:
059: if (!p
060: .getAffineX()
061: .equals(
062: new BigInteger(
063: "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
064: 16))) {
065: fail("x uncompressed incorrectly");
066: }
067:
068: if (!p
069: .getAffineY()
070: .equals(
071: new BigInteger(
072: "7192b95ffc8da78631011ed6b24cdd573f977a11e794811",
073: 16))) {
074: fail("y uncompressed incorrectly");
075: }
076: }
077:
078: /**
079: * X9.62 - 1998,<br>
080: * J.3.2, Page 155, ECDSA over the field Fp<br>
081: * an example with 239 bit prime
082: */
083: private void testECDSA239bitPrime() throws Exception {
084: BigInteger r = new BigInteger(
085: "308636143175167811492622547300668018854959378758531778147462058306432176");
086: BigInteger s = new BigInteger(
087: "323813553209797357708078776831250505931891051755007842781978505179448783");
088:
089: byte[] kData = BigIntegers
090: .asUnsignedByteArray(new BigInteger(
091: "700000017569056646655505781757157107570501575775705779575555657156756655"));
092:
093: SecureRandom k = new FixedSecureRandom(kData);
094:
095: EllipticCurve curve = new EllipticCurve(
096: new ECFieldFp(
097: new BigInteger(
098: "883423532389192164791648750360308885314476597252960362792450860609699839")), // q
099: new BigInteger(
100: "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
101: 16), // a
102: new BigInteger(
103: "6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a",
104: 16)); // b
105:
106: ECParameterSpec spec = new ECParameterSpec(
107: curve,
108: ECPointUtil
109: .decodePoint(
110: curve,
111: Hex
112: .decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
113: new BigInteger(
114: "883423532389192164791648750360308884807550341691627752275345424702807307"), // n
115: 1); // h
116:
117: ECPrivateKeySpec priKey = new ECPrivateKeySpec(
118: new BigInteger(
119: "876300101507107567501066130761671078357010671067781776716671676178726717"), // d
120: spec);
121:
122: ECPublicKeySpec pubKey = new ECPublicKeySpec(
123: ECPointUtil
124: .decodePoint(
125: curve,
126: Hex
127: .decode("025b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c70")), // Q
128: spec);
129:
130: Signature sgr = Signature.getInstance("ECDSA", "BC");
131: KeyFactory f = KeyFactory.getInstance("ECDSA", "BC");
132: PrivateKey sKey = f.generatePrivate(priKey);
133: PublicKey vKey = f.generatePublic(pubKey);
134:
135: sgr.initSign(sKey, k);
136:
137: byte[] message = new byte[] { (byte) 'a', (byte) 'b',
138: (byte) 'c' };
139:
140: sgr.update(message);
141:
142: byte[] sigBytes = sgr.sign();
143:
144: sgr.initVerify(vKey);
145:
146: sgr.update(message);
147:
148: if (!sgr.verify(sigBytes)) {
149: fail("239 Bit EC verification failed");
150: }
151:
152: BigInteger[] sig = derDecode(sigBytes);
153:
154: if (!r.equals(sig[0])) {
155: fail("r component wrong."
156: + System.getProperty("line.separator")
157: + " expecting: " + r
158: + System.getProperty("line.separator")
159: + " got : " + sig[0]);
160: }
161:
162: if (!s.equals(sig[1])) {
163: fail("s component wrong."
164: + System.getProperty("line.separator")
165: + " expecting: " + s
166: + System.getProperty("line.separator")
167: + " got : " + sig[1]);
168: }
169: }
170:
171: /**
172: * X9.62 - 1998,<br>
173: * J.2.1, Page 100, ECDSA over the field F2m<br>
174: * an example with 191 bit binary field
175: */
176: private void testECDSA239bitBinary() throws Exception {
177: BigInteger r = new BigInteger(
178: "21596333210419611985018340039034612628818151486841789642455876922391552");
179: BigInteger s = new BigInteger(
180: "197030374000731686738334997654997227052849804072198819102649413465737174");
181:
182: byte[] kData = BigIntegers
183: .asUnsignedByteArray(new BigInteger(
184: "171278725565216523967285789236956265265265235675811949404040041670216363"));
185:
186: SecureRandom k = new FixedSecureRandom(kData);
187:
188: EllipticCurve curve = new EllipticCurve(
189: new ECFieldF2m(239, // m
190: new int[] { 36 }), // k
191: new BigInteger(
192: "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
193: 16), // a
194: new BigInteger(
195: "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
196: 16)); // b
197:
198: ECParameterSpec params = new ECParameterSpec(
199: curve,
200: ECPointUtil
201: .decodePoint(
202: curve,
203: Hex
204: .decode("0457927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305")), // G
205: new BigInteger(
206: "220855883097298041197912187592864814557886993776713230936715041207411783"), // n
207: 4); // h
208:
209: ECPrivateKeySpec priKeySpec = new ECPrivateKeySpec(
210: new BigInteger(
211: "145642755521911534651321230007534120304391871461646461466464667494947990"), // d
212: params);
213:
214: ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
215: ECPointUtil
216: .decodePoint(
217: curve,
218: Hex
219: .decode("045894609CCECF9A92533F630DE713A958E96C97CCB8F5ABB5A688A238DEED6DC2D9D0C94EBFB7D526BA6A61764175B99CB6011E2047F9F067293F57F5")), // Q
220: params);
221:
222: Signature sgr = Signature.getInstance("ECDSA", "BC");
223: KeyFactory f = KeyFactory.getInstance("ECDSA", "BC");
224: PrivateKey sKey = f.generatePrivate(priKeySpec);
225: PublicKey vKey = f.generatePublic(pubKeySpec);
226: byte[] message = new byte[] { (byte) 'a', (byte) 'b',
227: (byte) 'c' };
228:
229: sgr.initSign(sKey, k);
230:
231: sgr.update(message);
232:
233: byte[] sigBytes = sgr.sign();
234:
235: sgr.initVerify(vKey);
236:
237: sgr.update(message);
238:
239: if (!sgr.verify(sigBytes)) {
240: fail("239 Bit EC verification failed");
241: }
242:
243: BigInteger[] sig = derDecode(sigBytes);
244:
245: if (!r.equals(sig[0])) {
246: fail("r component wrong."
247: + System.getProperty("line.separator")
248: + " expecting: " + r
249: + System.getProperty("line.separator")
250: + " got : " + sig[0]);
251: }
252:
253: if (!s.equals(sig[1])) {
254: fail("s component wrong."
255: + System.getProperty("line.separator")
256: + " expecting: " + s
257: + System.getProperty("line.separator")
258: + " got : " + sig[1]);
259: }
260: }
261:
262: private void testGeneration() throws Exception {
263: //
264: // ECDSA generation test
265: //
266: byte[] data = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
267: Signature s = Signature.getInstance("ECDSA", "BC");
268: KeyPairGenerator g = KeyPairGenerator
269: .getInstance("ECDSA", "BC");
270:
271: EllipticCurve curve = new EllipticCurve(
272: new ECFieldFp(
273: new BigInteger(
274: "883423532389192164791648750360308885314476597252960362792450860609699839")), // q
275: new BigInteger(
276: "7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
277: 16), // a
278: new BigInteger(
279: "6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a",
280: 16)); // b
281:
282: ECParameterSpec ecSpec = new ECParameterSpec(
283: curve,
284: ECPointUtil
285: .decodePoint(
286: curve,
287: Hex
288: .decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
289: new BigInteger(
290: "883423532389192164791648750360308884807550341691627752275345424702807307"), // n
291: 1); // h
292:
293: g.initialize(ecSpec, new SecureRandom());
294:
295: KeyPair p = g.generateKeyPair();
296:
297: PrivateKey sKey = p.getPrivate();
298: PublicKey vKey = p.getPublic();
299:
300: s.initSign(sKey);
301:
302: s.update(data);
303:
304: byte[] sigBytes = s.sign();
305:
306: s = Signature.getInstance("ECDSA", "BC");
307:
308: s.initVerify(vKey);
309:
310: s.update(data);
311:
312: if (!s.verify(sigBytes)) {
313: fail("ECDSA verification failed");
314: }
315:
316: testKeyFactory((ECPublicKey) vKey, (ECPrivateKey) sKey);
317: }
318:
319: private void testKeyFactory(ECPublicKey pub, ECPrivateKey priv)
320: throws Exception {
321: KeyFactory ecFact = KeyFactory.getInstance("ECDSA");
322:
323: ECPublicKeySpec pubSpec = (ECPublicKeySpec) ecFact.getKeySpec(
324: pub, ECPublicKeySpec.class);
325: ECPrivateKeySpec privSpec = (ECPrivateKeySpec) ecFact
326: .getKeySpec(priv, ECPrivateKeySpec.class);
327:
328: if (!pubSpec.getW().equals(pub.getW())
329: || !pubSpec.getParams().getCurve().equals(
330: pub.getParams().getCurve())) {
331: fail("pubSpec not correct");
332: }
333:
334: if (!privSpec.getS().equals(priv.getS())
335: || !privSpec.getParams().getCurve().equals(
336: priv.getParams().getCurve())) {
337: fail("privSpec not correct");
338: }
339:
340: ECPublicKey pubKey = (ECPublicKey) ecFact.translateKey(pub);
341: ECPrivateKey privKey = (ECPrivateKey) ecFact.translateKey(priv);
342:
343: if (!pubKey.getW().equals(pub.getW())
344: || !pubKey.getParams().getCurve().equals(
345: pub.getParams().getCurve())) {
346: fail("pubKey not correct");
347: }
348:
349: if (!privKey.getS().equals(priv.getS())
350: || !privKey.getParams().getCurve().equals(
351: priv.getParams().getCurve())) {
352: fail("privKey not correct");
353: }
354: }
355:
356: protected BigInteger[] derDecode(byte[] encoding)
357: throws IOException {
358: ByteArrayInputStream bIn = new ByteArrayInputStream(encoding);
359: ASN1InputStream aIn = new ASN1InputStream(bIn);
360: ASN1Sequence s = (ASN1Sequence) aIn.readObject();
361:
362: BigInteger[] sig = new BigInteger[2];
363:
364: sig[0] = ((DERInteger) s.getObjectAt(0)).getValue();
365: sig[1] = ((DERInteger) s.getObjectAt(1)).getValue();
366:
367: return sig;
368: }
369:
370: public String getName() {
371: return "ECDSA5";
372: }
373:
374: public void performTest() throws Exception {
375: decodeTest();
376: testECDSA239bitPrime();
377: testECDSA239bitBinary();
378: testGeneration();
379: }
380:
381: public static void main(String[] args) {
382: Security.addProvider(new BouncyCastleProvider());
383:
384: runTest(new ECDSA5Test());
385: }
386: }
|