001: package org.bouncycastle.jce.provider.test;
002:
003: import org.bouncycastle.asn1.DERNull;
004: import org.bouncycastle.asn1.DEROctetString;
005: import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
006: import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
007: import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
008: import org.bouncycastle.asn1.pkcs.RSAESOAEPparams;
009: import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
010: import org.bouncycastle.jce.provider.BouncyCastleProvider;
011: import org.bouncycastle.util.encoders.Hex;
012: import org.bouncycastle.util.test.SimpleTest;
013:
014: import javax.crypto.Cipher;
015: import javax.crypto.spec.OAEPParameterSpec;
016: import javax.crypto.spec.PSource;
017: import java.math.BigInteger;
018: import java.security.AlgorithmParameters;
019: import java.security.KeyFactory;
020: import java.security.KeyPair;
021: import java.security.KeyPairGenerator;
022: import java.security.PrivateKey;
023: import java.security.PublicKey;
024: import java.security.SecureRandom;
025: import java.security.Security;
026: import java.security.interfaces.RSAPrivateCrtKey;
027: import java.security.interfaces.RSAPublicKey;
028: import java.security.spec.MGF1ParameterSpec;
029: import java.security.spec.RSAKeyGenParameterSpec;
030: import java.security.spec.RSAPrivateCrtKeySpec;
031: import java.security.spec.RSAPrivateKeySpec;
032: import java.security.spec.RSAPublicKeySpec;
033:
034: public class RSATest extends SimpleTest {
035: /**
036: * a fake random number generator - we just want to make sure the random numbers
037: * aren't random so that we get the same output, while still getting to test the
038: * key generation facilities.
039: */
040: private class FixedSecureRandom extends SecureRandom {
041: byte[] seed = { (byte) 0xaa, (byte) 0xfd, (byte) 0x12,
042: (byte) 0xf6, (byte) 0x59, (byte) 0xca, (byte) 0xe6,
043: (byte) 0x34, (byte) 0x89, (byte) 0xb4, (byte) 0x79,
044: (byte) 0xe5, (byte) 0x07, (byte) 0x6d, (byte) 0xde,
045: (byte) 0xc2, (byte) 0xf0, (byte) 0x6c, (byte) 0xb5,
046: (byte) 0x8f };
047:
048: public void nextBytes(byte[] bytes) {
049: int offset = 0;
050:
051: while ((offset + seed.length) < bytes.length) {
052: System.arraycopy(seed, 0, bytes, offset, seed.length);
053: offset += seed.length;
054: }
055:
056: System.arraycopy(seed, 0, bytes, offset, bytes.length
057: - offset);
058: }
059: }
060:
061: private RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
062: new BigInteger(
063: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
064: 16), new BigInteger("11", 16));
065:
066: private RSAPrivateCrtKeySpec privKeySpec = new RSAPrivateCrtKeySpec(
067: new BigInteger(
068: "b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7",
069: 16),
070: new BigInteger("11", 16),
071: new BigInteger(
072: "9f66f6b05410cd503b2709e88115d55daced94d1a34d4e32bf824d0dde6028ae79c5f07b580f5dce240d7111f7ddb130a7945cd7d957d1920994da389f490c89",
073: 16),
074: new BigInteger(
075: "c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb",
076: 16),
077: new BigInteger(
078: "f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5",
079: 16),
080: new BigInteger(
081: "b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391",
082: 16),
083: new BigInteger(
084: "d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd",
085: 16),
086: new BigInteger(
087: "b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19",
088: 16));
089:
090: private RSAPublicKeySpec isoPubKeySpec = new RSAPublicKeySpec(
091: new BigInteger(
092: "0100000000000000000000000000000000bba2d15dbb303c8a21c5ebbcbae52b7125087920dd7cdf358ea119fd66fb064012ec8ce692f0a0b8e8321b041acd40b7",
093: 16), new BigInteger("03", 16));
094:
095: private RSAPrivateKeySpec isoPrivKeySpec = new RSAPrivateKeySpec(
096: new BigInteger(
097: "0100000000000000000000000000000000bba2d15dbb303c8a21c5ebbcbae52b7125087920dd7cdf358ea119fd66fb064012ec8ce692f0a0b8e8321b041acd40b7",
098: 16),
099: new BigInteger(
100: "2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaac9f0783a49dd5f6c5af651f4c9d0dc9281c96a3f16a85f9572d7cc3f2d0f25a9dbf1149e4cdc32273faadd3fda5dcda7",
101: 16));
102:
103: private RSAPublicKeySpec pub2048KeySpec = new RSAPublicKeySpec(
104: new BigInteger(
105: "a7295693155b1813bb84877fb45343556e0568043de5910872a3a518cc11e23e2db74eaf4545068c4e3d258a2718fbacdcc3eafa457695b957e88fbf110aed049a992d9c430232d02f3529c67a3419935ea9b569f85b1bcd37de6b899cd62697e843130ff0529d09c97d813cb15f293751ff56f943fbdabb63971cc7f4f6d5bff1594416b1f5907bde5a84a44f9802ef29b43bda1960f948f8afb8766c1ab80d32eec88ed66d0b65aebe44a6d0b3c5e0ab051aaa1b912fbcc17b8e751ddecc5365b6db6dab0020c3057db4013a51213a5798a3aab67985b0f4d88627a54a0f3f0285fbcb4afdfeb65cb153af66825656d43238b75503231500753f4e421e3c57",
106: 16), new BigInteger("10001", 16));
107:
108: private RSAPrivateCrtKeySpec priv2048KeySpec = new RSAPrivateCrtKeySpec(
109: new BigInteger(
110: "a7295693155b1813bb84877fb45343556e0568043de5910872a3a518cc11e23e2db74eaf4545068c4e3d258a2718fbacdcc3eafa457695b957e88fbf110aed049a992d9c430232d02f3529c67a3419935ea9b569f85b1bcd37de6b899cd62697e843130ff0529d09c97d813cb15f293751ff56f943fbdabb63971cc7f4f6d5bff1594416b1f5907bde5a84a44f9802ef29b43bda1960f948f8afb8766c1ab80d32eec88ed66d0b65aebe44a6d0b3c5e0ab051aaa1b912fbcc17b8e751ddecc5365b6db6dab0020c3057db4013a51213a5798a3aab67985b0f4d88627a54a0f3f0285fbcb4afdfeb65cb153af66825656d43238b75503231500753f4e421e3c57",
111: 16),
112: new BigInteger("10001", 16),
113: new BigInteger(
114: "65dad56ac7df7abb434e4cb5eeadb16093aa6da7f0033aad3815289b04757d32bfee6ade7749c8e4a323b5050a2fb9e2a99e23469e1ed4ba5bab54336af20a5bfccb8b3424cc6923db2ffca5787ed87aa87aa614cd04cedaebc8f623a2d2063017910f436dff18bb06f01758610787f8b258f0a8efd8bd7de30007c47b2a1031696c7d6523bc191d4d918927a7e0b09584ed205bd2ff4fc4382678df82353f7532b3bbb81d69e3f39070aed3fb64fce032a089e8e64955afa5213a6eb241231bd98d702fba725a9b205952fda186412d9e0d9344d2998c455ad8c2bae85ee672751466d5288304032b5b7e02f7e558c7af82c7fbf58eea0bb4ef0f001e6cd0a9",
115: 16),
116: new BigInteger(
117: "d4fd9ac3474fb83aaf832470643609659e511b322632b239b688f3cd2aad87527d6cf652fb9c9ca67940e84789444f2e99b0cb0cfabbd4de95396106c865f38e2fb7b82b231260a94df0e01756bf73ce0386868d9c41645560a81af2f53c18e4f7cdf3d51d80267372e6e0216afbf67f655c9450769cca494e4f6631b239ce1b",
118: 16),
119: new BigInteger(
120: "c8eaa0e2a1b3a4412a702bccda93f4d150da60d736c99c7c566fdea4dd1b401cbc0d8c063daaf0b579953d36343aa18b33dbf8b9eae94452490cc905245f8f7b9e29b1a288bc66731a29e1dd1a45c9fd7f8238ff727adc49fff73991d0dc096206b9d3a08f61e7462e2b804d78cb8c5eccdb9b7fbd2ad6a8fea46c1053e1be75",
121: 16),
122: new BigInteger(
123: "10edcb544421c0f9e123624d1099feeb35c72a8b34e008ac6fa6b90210a7543f293af4e5299c8c12eb464e70092805c7256e18e5823455ba0f504d36f5ccacac1b7cd5c58ff710f9c3f92646949d88fdd1e7ea5fed1081820bb9b0d2a8cd4b093fecfdb96dabd6e28c3a6f8c186dc86cddc89afd3e403e0fcf8a9e0bcb27af0b",
124: 16),
125: new BigInteger(
126: "97fc25484b5a415eaa63c03e6efa8dafe9a1c8b004d9ee6e80548fefd6f2ce44ee5cb117e77e70285798f57d137566ce8ea4503b13e0f1b5ed5ca6942537c4aa96b2a395782a4cb5b58d0936e0b0fa63b1192954d39ced176d71ef32c6f42c84e2e19f9d4dd999c2151b032b97bd22aa73fd8c5bcd15a2dca4046d5acc997021",
127: 16),
128: new BigInteger(
129: "4bb8064e1eff7e9efc3c4578fcedb59ca4aef0993a8312dfdcb1b3decf458aa6650d3d0866f143cbf0d3825e9381181170a0a1651eefcd7def786b8eb356555d9fa07c85b5f5cbdd74382f1129b5e36b4166b6cc9157923699708648212c484958351fdc9cf14f218dbe7fbf7cbd93a209a4681fe23ceb44bab67d66f45d1c9d",
130: 16));
131:
132: public void performTest() throws Exception {
133: KeyFactory fact;
134: byte[] input = new byte[] { (byte) 0x54, (byte) 0x85,
135: (byte) 0x9b, (byte) 0x34, (byte) 0x2c, (byte) 0x49,
136: (byte) 0xea, (byte) 0x2a };
137: byte[][] output = new byte[][] {
138: Hex
139: .decode("8b427f781a2e59dd9def386f1956b996ee07f48c96880e65a368055ed8c0a8831669ef7250b40918b2b1d488547e72c84540e42bd07b03f14e226f04fbc2d929"),
140: Hex
141: .decode("2ec6e1a1711b6c7b8cd3f6a25db21ab8bb0a5f1d6df2ef375fa708a43997730ffc7c98856dbbe36edddcdd1b2d2a53867d8355af94fea3aeec128da908e08f4c"),
142: Hex
143: .decode("0850ac4e5a8118323200c8ed1e5aaa3d5e635172553ccac66a8e4153d35c79305c4440f11034ab147fccce21f18a50cf1c0099c08a577eb68237a91042278965"),
144: Hex
145: .decode("1c9649bdccb51056751fe43837f4eb43bada472accf26f65231666d5de7d11950d8379b3596dfdf75c6234274896fa8d18ad0865d3be2ac4d6687151abdf01e93941dcef18fa63186c9351d1506c89d09733c5ff4304208c812bdd21a50f56fde115e629e0e973721c9fcc87e89295a79853dee613962a0b2f2fc57163fd99057a3c776f13c20c26407eb8863998d7e53b543ba8d0a295a9a68d1a149833078c9809ad6a6dad7fc22a95ad615a73138c54c018f40d99bf8eeecd45f5be526f2d6b01aeb56381991c1ab31a2e756f15e052b9cd5638b2eff799795c5bae493307d5eb9f8c21d438de131fe505a4e7432547ab19224094f9e4be1968bd0793b79d"),
146: Hex
147: .decode("4c4afc0c24dddaedd4f9a3b23be30d35d8e005ffd36b3defc5d18acc830c3ed388ce20f43a00e614fd087c814197bc9fc2eff9ad4cc474a7a2ef3ed9c0f0a55eb23371e41ee8f2e2ed93ea3a06ca482589ab87e0d61dcffda5eea1241408e43ea1108726cdb87cc3aa5e9eaaa9f72507ca1352ac54a53920c94dccc768147933d8c50aefd9d1da10522a40133cd33dbc0524669e70f771a88d65c4716d471cd22b08b9f01f24e4e9fc7ffbcfa0e0a7aed47b345826399b26a73be112eb9c5e06fc6742fc3d0ef53d43896403c5105109cfc12e6deeaf4a48ba308e039774b9bdb31a9b9e133c81c321630cf0b4b2d1f90717b24c3268e1fea681ea9cdc709342"),
148: Hex
149: .decode("06b5b26bd13515f799e5e37ca43cace15cd82fd4bf36b25d285a6f0998d97c8cb0755a28f0ae66618b1cd03e27ac95eaaa4882bc6dc0078cd457d4f7de4154173a9c7a838cfc2ac2f74875df462aae0cfd341645dc51d9a01da9bdb01507f140fa8a016534379d838cc3b2a53ac33150af1b242fc88013cb8d914e66c8182864ee6de88ce2879d4c05dd125409620a96797c55c832fb2fb31d4310c190b8ed2c95fdfda2ed87f785002faaec3f35ec05cf70a3774ce185e4882df35719d582dd55ac31257344a9cba95189dcbea16e8c6cb7a235a0384bc83b6183ca8547e670fe33b1b91725ae0c250c9eca7b5ba78bd77145b70270bf8ac31653006c02ca9c"),
150: Hex
151: .decode("135f1be3d045526235bf9d5e43499d4ee1bfdf93370769ae56e85dbc339bc5b7ea3bee49717497ee8ac3f7cd6adb6fc0f17812390dcd65ac7b87fef7970d9ff9"),
152: Hex
153: .decode("03c05add1e030178c352face07cafc9447c8f369b8f95125c0d311c16b6da48ca2067104cce6cd21ae7b163cd18ffc13001aecebdc2eb02b9e92681f84033a98"),
154: Hex
155: .decode("00319bb9becb49f3ed1bca26d0fcf09b0b0a508e4d0bd43b350f959b72cd25b3af47d608fdcd248eada74fbe19990dbeb9bf0da4b4e1200243a14e5cab3f7e610c") };
156: SecureRandom rand = new FixedSecureRandom();
157:
158: fact = KeyFactory.getInstance("RSA", "BC");
159:
160: PrivateKey privKey = fact.generatePrivate(privKeySpec);
161: PublicKey pubKey = fact.generatePublic(pubKeySpec);
162:
163: PrivateKey priv2048Key = fact.generatePrivate(priv2048KeySpec);
164: PublicKey pub2048Key = fact.generatePublic(pub2048KeySpec);
165:
166: //
167: // No Padding
168: //
169: Cipher c = Cipher.getInstance("RSA", "BC");
170:
171: c.init(Cipher.ENCRYPT_MODE, pubKey, rand);
172:
173: byte[] out = c.doFinal(input);
174:
175: if (!areEqual(out, output[0])) {
176: fail("NoPadding test failed on encrypt expected "
177: + new String(Hex.encode(output[0])) + " got "
178: + new String(Hex.encode(out)));
179: }
180:
181: c.init(Cipher.DECRYPT_MODE, privKey);
182:
183: out = c.doFinal(out);
184:
185: if (!areEqual(out, input)) {
186: fail("NoPadding test failed on decrypt expected "
187: + new String(Hex.encode(input)) + " got "
188: + new String(Hex.encode(out)));
189: }
190:
191: //
192: // No Padding - incremental
193: //
194: c = Cipher.getInstance("RSA", "BC");
195:
196: c.init(Cipher.ENCRYPT_MODE, pubKey, rand);
197:
198: c.update(input);
199:
200: out = c.doFinal();
201:
202: if (!areEqual(out, output[0])) {
203: fail("NoPadding test failed on encrypt expected "
204: + new String(Hex.encode(output[0])) + " got "
205: + new String(Hex.encode(out)));
206: }
207:
208: c.init(Cipher.DECRYPT_MODE, privKey);
209:
210: out = c.doFinal(out);
211:
212: if (!areEqual(out, input)) {
213: fail("NoPadding test failed on decrypt expected "
214: + new String(Hex.encode(input)) + " got "
215: + new String(Hex.encode(out)));
216: }
217:
218: //
219: // No Padding - maximum length
220: //
221: c = Cipher.getInstance("RSA", "BC");
222:
223: byte[] modBytes = ((RSAPublicKey) pubKey).getModulus()
224: .toByteArray();
225: byte[] maxInput = new byte[modBytes.length - 1];
226:
227: maxInput[0] |= 0x7f;
228:
229: c.init(Cipher.ENCRYPT_MODE, pubKey, rand);
230:
231: out = c.doFinal(maxInput);
232:
233: c.init(Cipher.DECRYPT_MODE, privKey);
234:
235: out = c.doFinal(out);
236:
237: if (!areEqual(out, maxInput)) {
238: fail("NoPadding test failed on decrypt expected "
239: + new String(Hex.encode(maxInput)) + " got "
240: + new String(Hex.encode(out)));
241: }
242:
243: //
244: // PKCS1 V 1.5
245: //
246: c = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
247:
248: c.init(Cipher.ENCRYPT_MODE, pubKey, rand);
249:
250: out = c.doFinal(input);
251:
252: if (!areEqual(out, output[1])) {
253: fail("PKCS1 test failed on encrypt expected "
254: + new String(Hex.encode(output[1])) + " got "
255: + new String(Hex.encode(out)));
256: }
257:
258: c.init(Cipher.DECRYPT_MODE, privKey);
259:
260: out = c.doFinal(out);
261:
262: if (!areEqual(out, input)) {
263: fail("PKCS1 test failed on decrypt expected "
264: + new String(Hex.encode(input)) + " got "
265: + new String(Hex.encode(out)));
266: }
267:
268: //
269: // OAEP - SHA1
270: //
271: c = Cipher.getInstance("RSA/NONE/OAEPPadding", "BC");
272:
273: c.init(Cipher.ENCRYPT_MODE, pubKey, rand);
274:
275: out = c.doFinal(input);
276:
277: if (!areEqual(out, output[2])) {
278: fail("OAEP test failed on encrypt expected "
279: + new String(Hex.encode(output[2])) + " got "
280: + new String(Hex.encode(out)));
281: }
282:
283: c = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding",
284: "BC");
285:
286: c.init(Cipher.DECRYPT_MODE, privKey);
287:
288: out = c.doFinal(out);
289:
290: if (!areEqual(out, input)) {
291: fail("OAEP test failed on decrypt expected "
292: + new String(Hex.encode(input)) + " got "
293: + new String(Hex.encode(out)));
294: }
295:
296: AlgorithmParameters oaepP = c.getParameters();
297:
298: if (!areEqual(oaepP.getEncoded(), new RSAESOAEPparams(
299: new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1,
300: new DERNull()), new AlgorithmIdentifier(
301: PKCSObjectIdentifiers.id_mgf1,
302: new AlgorithmIdentifier(
303: OIWObjectIdentifiers.idSHA1,
304: new DERNull())),
305: new AlgorithmIdentifier(
306: PKCSObjectIdentifiers.id_pSpecified,
307: new DEROctetString(new byte[0]))).getEncoded())) {
308: fail("OAEP test failed default sha-1 parameters");
309: }
310:
311: //
312: // OAEP - SHA224
313: //
314: c = Cipher.getInstance("RSA/NONE/OAEPWithSHA224AndMGF1Padding",
315: "BC");
316:
317: c.init(Cipher.ENCRYPT_MODE, pub2048Key, rand);
318:
319: out = c.doFinal(input);
320:
321: if (!areEqual(out, output[3])) {
322: fail("OAEP SHA-224 test failed on encrypt expected "
323: + new String(Hex.encode(output[2])) + " got "
324: + new String(Hex.encode(out)));
325: }
326:
327: c.init(Cipher.DECRYPT_MODE, priv2048Key);
328:
329: out = c.doFinal(out);
330:
331: if (!areEqual(out, input)) {
332: fail("OAEP SHA-224 test failed on decrypt expected "
333: + new String(Hex.encode(input)) + " got "
334: + new String(Hex.encode(out)));
335: }
336:
337: oaepP = c.getParameters();
338:
339: if (!areEqual(
340: oaepP.getEncoded(),
341: new RSAESOAEPparams(
342: new AlgorithmIdentifier(
343: NISTObjectIdentifiers.id_sha224,
344: new DERNull()),
345: new AlgorithmIdentifier(
346: PKCSObjectIdentifiers.id_mgf1,
347: new AlgorithmIdentifier(
348: NISTObjectIdentifiers.id_sha224,
349: new DERNull())),
350: new AlgorithmIdentifier(
351: PKCSObjectIdentifiers.id_pSpecified,
352: new DEROctetString(new byte[0])))
353: .getEncoded())) {
354: fail("OAEP test failed default sha-224 parameters");
355: }
356:
357: //
358: // OAEP - SHA 256
359: //
360: c = Cipher.getInstance("RSA/NONE/OAEPWithSHA256AndMGF1Padding",
361: "BC");
362:
363: c.init(Cipher.ENCRYPT_MODE, pub2048Key, rand);
364:
365: out = c.doFinal(input);
366:
367: if (!areEqual(out, output[4])) {
368: fail("OAEP SHA-256 test failed on encrypt expected "
369: + new String(Hex.encode(output[2])) + " got "
370: + new String(Hex.encode(out)));
371: }
372:
373: c.init(Cipher.DECRYPT_MODE, priv2048Key);
374:
375: out = c.doFinal(out);
376:
377: if (!areEqual(out, input)) {
378: fail("OAEP SHA-256 test failed on decrypt expected "
379: + new String(Hex.encode(input)) + " got "
380: + new String(Hex.encode(out)));
381: }
382:
383: oaepP = c.getParameters();
384:
385: if (!areEqual(
386: oaepP.getEncoded(),
387: new RSAESOAEPparams(
388: new AlgorithmIdentifier(
389: NISTObjectIdentifiers.id_sha256,
390: new DERNull()),
391: new AlgorithmIdentifier(
392: PKCSObjectIdentifiers.id_mgf1,
393: new AlgorithmIdentifier(
394: NISTObjectIdentifiers.id_sha256,
395: new DERNull())),
396: new AlgorithmIdentifier(
397: PKCSObjectIdentifiers.id_pSpecified,
398: new DEROctetString(new byte[0])))
399: .getEncoded())) {
400: fail("OAEP test failed default sha-256 parameters");
401: }
402:
403: //
404: // OAEP - SHA 384
405: //
406: c = Cipher.getInstance("RSA/NONE/OAEPWithSHA384AndMGF1Padding",
407: "BC");
408:
409: c.init(Cipher.ENCRYPT_MODE, pub2048Key, rand);
410:
411: out = c.doFinal(input);
412:
413: if (!areEqual(out, output[5])) {
414: fail("OAEP SHA-384 test failed on encrypt expected "
415: + new String(Hex.encode(output[2])) + " got "
416: + new String(Hex.encode(out)));
417: }
418:
419: c.init(Cipher.DECRYPT_MODE, priv2048Key);
420:
421: out = c.doFinal(out);
422:
423: if (!areEqual(out, input)) {
424: fail("OAEP SHA-384 test failed on decrypt expected "
425: + new String(Hex.encode(input)) + " got "
426: + new String(Hex.encode(out)));
427: }
428:
429: oaepP = c.getParameters();
430:
431: if (!areEqual(
432: oaepP.getEncoded(),
433: new RSAESOAEPparams(
434: new AlgorithmIdentifier(
435: NISTObjectIdentifiers.id_sha384,
436: new DERNull()),
437: new AlgorithmIdentifier(
438: PKCSObjectIdentifiers.id_mgf1,
439: new AlgorithmIdentifier(
440: NISTObjectIdentifiers.id_sha384,
441: new DERNull())),
442: new AlgorithmIdentifier(
443: PKCSObjectIdentifiers.id_pSpecified,
444: new DEROctetString(new byte[0])))
445: .getEncoded())) {
446: fail("OAEP test failed default sha-384 parameters");
447: }
448:
449: //
450: // OAEP - MD5
451: //
452: c = Cipher.getInstance("RSA/NONE/OAEPWithMD5AndMGF1Padding",
453: "BC");
454:
455: c.init(Cipher.ENCRYPT_MODE, pubKey, rand);
456:
457: out = c.doFinal(input);
458:
459: if (!areEqual(out, output[6])) {
460: fail("OAEP MD5 test failed on encrypt expected "
461: + new String(Hex.encode(output[2])) + " got "
462: + new String(Hex.encode(out)));
463: }
464:
465: c.init(Cipher.DECRYPT_MODE, privKey);
466:
467: out = c.doFinal(out);
468:
469: if (!areEqual(out, input)) {
470: fail("OAEP MD5 test failed on decrypt expected "
471: + new String(Hex.encode(input)) + " got "
472: + new String(Hex.encode(out)));
473: }
474:
475: oaepP = c.getParameters();
476:
477: if (!areEqual(oaepP.getEncoded(), new RSAESOAEPparams(
478: new AlgorithmIdentifier(PKCSObjectIdentifiers.md5,
479: new DERNull()), new AlgorithmIdentifier(
480: PKCSObjectIdentifiers.id_mgf1,
481: new AlgorithmIdentifier(
482: PKCSObjectIdentifiers.md5,
483: new DERNull())),
484: new AlgorithmIdentifier(
485: PKCSObjectIdentifiers.id_pSpecified,
486: new DEROctetString(new byte[0]))).getEncoded())) {
487: fail("OAEP test failed default md5 parameters");
488: }
489:
490: //
491: // OAEP - SHA1 with default parameters
492: //
493: c = Cipher.getInstance("RSA/NONE/OAEPPadding", "BC");
494:
495: c.init(Cipher.ENCRYPT_MODE, pubKey, OAEPParameterSpec.DEFAULT,
496: rand);
497:
498: out = c.doFinal(input);
499:
500: if (!areEqual(out, output[2])) {
501: fail("OAEP test failed on encrypt expected "
502: + new String(Hex.encode(output[2])) + " got "
503: + new String(Hex.encode(out)));
504: }
505:
506: c = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding",
507: "BC");
508:
509: c.init(Cipher.DECRYPT_MODE, privKey);
510:
511: out = c.doFinal(out);
512:
513: if (!areEqual(out, input)) {
514: fail("OAEP test failed on decrypt expected "
515: + new String(Hex.encode(input)) + " got "
516: + new String(Hex.encode(out)));
517: }
518:
519: oaepP = c.getParameters();
520:
521: if (!areEqual(oaepP.getEncoded(), new byte[] { 0x30, 0x00 })) {
522: fail("OAEP test failed default parameters");
523: }
524:
525: //
526: // OAEP - SHA1 with specified string
527: //
528: c = Cipher.getInstance("RSA/NONE/OAEPPadding", "BC");
529:
530: c.init(Cipher.ENCRYPT_MODE, pubKey, new OAEPParameterSpec(
531: "SHA1", "MGF1", new MGF1ParameterSpec("SHA1"),
532: new PSource.PSpecified(new byte[] { 1, 2, 3, 4, 5 })),
533: rand);
534:
535: out = c.doFinal(input);
536:
537: oaepP = c.getParameters();
538:
539: if (!areEqual(oaepP.getEncoded(),
540: new RSAESOAEPparams(new AlgorithmIdentifier(
541: OIWObjectIdentifiers.idSHA1, new DERNull()),
542: new AlgorithmIdentifier(
543: PKCSObjectIdentifiers.id_mgf1,
544: new AlgorithmIdentifier(
545: OIWObjectIdentifiers.idSHA1,
546: new DERNull())),
547: new AlgorithmIdentifier(
548: PKCSObjectIdentifiers.id_pSpecified,
549: new DEROctetString(new byte[] { 1, 2,
550: 3, 4, 5 }))).getEncoded())) {
551: fail("OAEP test failed changed sha-1 parameters");
552: }
553:
554: if (!areEqual(out, output[7])) {
555: fail("OAEP test failed on encrypt expected "
556: + new String(Hex.encode(output[2])) + " got "
557: + new String(Hex.encode(out)));
558: }
559:
560: c = Cipher.getInstance("RSA/NONE/OAEPWithSHA1AndMGF1Padding",
561: "BC");
562:
563: c.init(Cipher.DECRYPT_MODE, privKey, oaepP);
564:
565: out = c.doFinal(out);
566:
567: if (!areEqual(out, input)) {
568: fail("OAEP test failed on decrypt expected "
569: + new String(Hex.encode(input)) + " got "
570: + new String(Hex.encode(out)));
571: }
572:
573: //
574: // ISO9796-1
575: //
576: byte[] isoInput = Hex
577: .decode("fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210");
578: PrivateKey isoPrivKey = fact.generatePrivate(isoPrivKeySpec);
579: PublicKey isoPubKey = fact.generatePublic(isoPubKeySpec);
580:
581: c = Cipher.getInstance("RSA/NONE/ISO9796-1Padding", "BC");
582:
583: c.init(Cipher.ENCRYPT_MODE, isoPrivKey);
584:
585: out = c.doFinal(isoInput);
586:
587: if (!areEqual(out, output[8])) {
588: fail("ISO9796-1 test failed on encrypt expected "
589: + new String(Hex.encode(output[3])) + " got "
590: + new String(Hex.encode(out)));
591: }
592:
593: c.init(Cipher.DECRYPT_MODE, isoPubKey);
594:
595: out = c.doFinal(out);
596:
597: if (!areEqual(out, isoInput)) {
598: fail("ISO9796-1 test failed on decrypt expected "
599: + new String(Hex.encode(input)) + " got "
600: + new String(Hex.encode(out)));
601: }
602:
603: //
604: //
605: // generation with parameters test.
606: //
607: KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(
608: "RSA", "BC");
609:
610: //
611: // 768 bit RSA with e = 2^16-1
612: //
613: keyPairGen.initialize(new RSAKeyGenParameterSpec(768,
614: BigInteger.valueOf(65537)), new SecureRandom());
615:
616: KeyPair kp = keyPairGen.generateKeyPair();
617:
618: pubKey = kp.getPublic();
619: privKey = kp.getPrivate();
620:
621: c.init(Cipher.ENCRYPT_MODE, pubKey, rand);
622:
623: out = c.doFinal(input);
624:
625: c.init(Cipher.DECRYPT_MODE, privKey);
626:
627: out = c.doFinal(out);
628:
629: if (!areEqual(out, input)) {
630: fail("key generation test failed on decrypt expected "
631: + new String(Hex.encode(input)) + " got "
632: + new String(Hex.encode(out)));
633: }
634:
635: //
636: // comparison check
637: //
638: KeyFactory keyFact = KeyFactory.getInstance("RSA", "BC");
639:
640: RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey) keyFact
641: .translateKey(privKey);
642:
643: if (!privKey.equals(crtKey)) {
644: fail("private key equality check failed");
645: }
646:
647: RSAPublicKey copyKey = (RSAPublicKey) keyFact
648: .translateKey(pubKey);
649:
650: if (!pubKey.equals(copyKey)) {
651: fail("public key equality check failed");
652: }
653: }
654:
655: public String getName() {
656: return "RSATest";
657: }
658:
659: public static void main(String[] args) {
660: Security.addProvider(new BouncyCastleProvider());
661:
662: runTest(new RSATest());
663: }
664: }
|