# HG changeset patch # User Andrew John Hughes # Date 1469674552 -3600 # Node ID 0c5b97b56309ef1523d0d1b44b4a62e04a85475c # Parent 2fbb359cc3c72d6836edc4c2b45f2f45e9f7e7f0 PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed 2016-04-23 Andrew John Hughes PR2900: Don't use WithSeed versions of NSS functions as they don't fully process the seed * Makefile.am: (ECC_CHECK_SRCS): Add TestECDSA.java (ecccheck): Only compile tests if SunEC is enabled. (clean-ecccheck): Only remove build directory if SunEC is enabled. (check-ecc): Only run tests if SunEC is enabled. Add running of TestECDSA. Call set -e so rule fails if any test fails. * test/standalone/TestECDSA.java: New test to make sure SunEC can produce ECDSA signatures. diff -r 2fbb359cc3c7 -r 0c5b97b56309 ChangeLog --- a/ChangeLog Thu Jul 28 03:46:39 2016 +0100 +++ b/ChangeLog Thu Jul 28 03:55:52 2016 +0100 @@ -1,3 +1,19 @@ +2016-04-23 Andrew John Hughes + + PR2900: Don't use WithSeed versions of NSS + functions as they don't fully process the seed + * Makefile.am: + (ECC_CHECK_SRCS): Add TestECDSA.java + (ecccheck): Only compile tests if SunEC is enabled. + (clean-ecccheck): Only remove build directory if + SunEC is enabled. + (check-ecc): Only run tests if SunEC is enabled. + Add running of TestECDSA. Call set -e so rule + fails if any test fails. + * test/standalone/TestECDSA.java: + New test to make sure SunEC can produce ECDSA + signatures. + 2015-05-20 Andrew John Hughes PR3115: Add check for elliptic curve diff -r 2fbb359cc3c7 -r 0c5b97b56309 Makefile.am --- a/Makefile.am Thu Jul 28 03:46:39 2016 +0100 +++ b/Makefile.am Thu Jul 28 03:55:52 2016 +0100 @@ -368,7 +368,8 @@ REWRITER_SRCS = $(top_srcdir)/rewriter/com/redhat/rewriter/ClassRewriter.java CRYPTO_CHECK_SRCS = $(top_srcdir)/test/standalone/TestCryptoLevel.java -ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java +ECC_CHECK_SRCS = $(top_srcdir)/test/standalone/TestEllipticCurveCryptoSupport.java \ + $(top_srcdir)/test/standalone/TestECDSA.java MIME_TYPE_CHECK_SRCS = $(top_srcdir)/test/standalone/RH1195203.java # Patch list @@ -3059,20 +3060,28 @@ # ECC Availability Check stamps/ecccheck.stamp: $(INITIAL_BOOTSTRAP_LINK_STAMP) +if ENABLE_SUNEC mkdir -p $(ECC_CHECK_BUILD_DIR) $(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \ -d $(ECC_CHECK_BUILD_DIR) $(ECC_CHECK_SRCS) +endif mkdir -p stamps touch $@ clean-ecccheck: +if ENABLE_SUNEC rm -rf $(ECC_CHECK_BUILD_DIR) +endif rm -f stamps/ecccheck.stamp stamps/check-ecc.stamp: stamps/ecccheck.stamp stamps/icedtea.stamp +if ENABLE_SUNEC + set -e ; \ if [ -e $(BUILD_SDK_DIR)/bin/java ] ; then \ $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestEllipticCurveCryptoSupport yes ; \ + $(BUILD_SDK_DIR)/bin/java -cp $(ECC_CHECK_BUILD_DIR) TestECDSA ; \ fi +endif mkdir -p stamps touch $@ diff -r 2fbb359cc3c7 -r 0c5b97b56309 test/standalone/TestECDSA.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/standalone/TestECDSA.java Thu Jul 28 03:55:52 2016 +0100 @@ -0,0 +1,49 @@ +/* TestECDSA -- Ensure ECDSA signatures are working. + Copyright (C) 2016 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Signature; + +/** + * @test + */ +public class TestECDSA { + + public static void main(String[] args) throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + KeyPair key = keyGen.generateKeyPair(); + + byte[] data = "This is a string to sign".getBytes("UTF-8"); + + Signature dsa = Signature.getInstance("NONEwithECDSA"); + dsa.initSign(key.getPrivate()); + dsa.update(data); + byte[] sig = dsa.sign(); + System.out.println("Signature: " + new BigInteger(1, sig).toString(16)); + + Signature dsaCheck = Signature.getInstance("NONEwithECDSA"); + dsaCheck.initVerify(key.getPublic()); + dsaCheck.update(data); + boolean success = dsaCheck.verify(sig); + if (!success) { + throw new RuntimeException("Test failed. Signature verification error"); + } + System.out.println("Test passed."); + } +}