Skip to content

Commit 69fd49d

Browse files
authored
Merge pull request #158 from cconlon/eccAlgOids
Additional ECC algorithm OIDs to Signature and KeyPairGenerator
2 parents 634c70c + ec19a60 commit 69fd49d

File tree

3 files changed

+148
-0
lines changed

3 files changed

+148
-0
lines changed

src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,30 +132,35 @@ private void registerServices() {
132132
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA1wRSA");
133133
put("Signature.SHA1withECDSA",
134134
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA1wECDSA");
135+
put("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA");
135136
}
136137
if (FeatureDetect.Sha224Enabled()) {
137138
put("Signature.SHA224withRSA",
138139
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA224wRSA");
139140
put("Signature.SHA224withECDSA",
140141
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA224wECDSA");
142+
put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA");
141143
}
142144
if (FeatureDetect.Sha256Enabled()) {
143145
put("Signature.SHA256withRSA",
144146
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA256wRSA");
145147
put("Signature.SHA256withECDSA",
146148
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA256wECDSA");
149+
put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA");
147150
}
148151
if (FeatureDetect.Sha384Enabled()) {
149152
put("Signature.SHA384withRSA",
150153
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA384wRSA");
151154
put("Signature.SHA384withECDSA",
152155
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA384wECDSA");
156+
put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA");
153157
}
154158
if (FeatureDetect.Sha512Enabled()) {
155159
put("Signature.SHA512withRSA",
156160
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA512wRSA");
157161
put("Signature.SHA512withECDSA",
158162
"com.wolfssl.provider.jce.WolfCryptSignature$wcSHA512wECDSA");
163+
put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA");
159164
}
160165
if (FeatureDetect.Sha3Enabled()) {
161166
put("Signature.SHA3-224withRSA",
@@ -396,6 +401,7 @@ private void registerServices() {
396401
if (FeatureDetect.EccKeyGenEnabled()) {
397402
put("KeyPairGenerator.EC",
398403
"com.wolfssl.provider.jce.WolfCryptKeyPairGenerator$wcKeyPairGenECC");
404+
put("Alg.Alias.KeyPairGenerator.1.2.840.10045.2.1", "EC");
399405
}
400406
if (FeatureDetect.DhEnabled()) {
401407
put("KeyPairGenerator.DH",

src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyPairGeneratorTest.java

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -832,5 +832,66 @@ public void testRsassaPssKeyIdentificationAndSunCompatibility()
832832
assertTrue("Sun-generated key should verify wolfJCE signature",
833833
sig.verify(signature));
834834
}
835+
836+
@Test
837+
public void testECKeyPairGeneratorOIDMapping()
838+
throws NoSuchProviderException, NoSuchAlgorithmException,
839+
InvalidAlgorithmParameterException {
840+
841+
/* Test that ECC KeyPairGenerator OID 1.2.840.10045.2.1 maps to "EC" */
842+
String oid = "1.2.840.10045.2.1";
843+
String algoName = "EC";
844+
845+
/* Skip test if ECC is not compiled in */
846+
if (enabledEccKeySizes.isEmpty()) {
847+
return;
848+
}
849+
850+
/* Create KeyPairGenerator instances using both OID and name */
851+
KeyPairGenerator kpgByOid = null;
852+
KeyPairGenerator kpgByName = null;
853+
854+
try {
855+
kpgByOid = KeyPairGenerator.getInstance(oid, "wolfJCE");
856+
kpgByName = KeyPairGenerator.getInstance(algoName, "wolfJCE");
857+
} catch (NoSuchAlgorithmException e) {
858+
fail("Failed to create KeyPairGenerator instance for OID " + oid +
859+
" or algorithm " + algoName + ": " + e.getMessage());
860+
}
861+
862+
assertNotNull("KeyPairGenerator by OID should not be null", kpgByOid);
863+
assertNotNull("KeyPairGenerator by name should not be null", kpgByName);
864+
865+
/* Verify both instances have the same class */
866+
assertEquals("OID and name should map to same implementation",
867+
kpgByName.getClass(), kpgByOid.getClass());
868+
869+
/* Test functional equivalence - both should generate valid key pairs */
870+
ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
871+
872+
kpgByOid.initialize(ecSpec);
873+
KeyPair keyPairFromOid = kpgByOid.generateKeyPair();
874+
assertNotNull("Key pair from OID should not be null", keyPairFromOid);
875+
assertNotNull("Private key from OID should not be null",
876+
keyPairFromOid.getPrivate());
877+
assertNotNull("Public key from OID should not be null",
878+
keyPairFromOid.getPublic());
879+
880+
kpgByName.initialize(ecSpec);
881+
KeyPair keyPairFromName = kpgByName.generateKeyPair();
882+
assertNotNull("Key pair from name should not be null", keyPairFromName);
883+
assertNotNull("Private key from name should not be null",
884+
keyPairFromName.getPrivate());
885+
assertNotNull("Public key from name should not be null",
886+
keyPairFromName.getPublic());
887+
888+
/* Both key pairs should have the same algorithm */
889+
assertEquals("Key algorithms should match",
890+
keyPairFromName.getPrivate().getAlgorithm(),
891+
keyPairFromOid.getPrivate().getAlgorithm());
892+
assertEquals("Public key algorithms should match",
893+
keyPairFromName.getPublic().getAlgorithm(),
894+
keyPairFromOid.getPublic().getAlgorithm());
895+
}
835896
}
836897

src/test/java/com/wolfssl/provider/jce/test/WolfCryptSignatureTest.java

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2158,5 +2158,86 @@ public void testRsaPssMultipleUpdates()
21582158
shouldNotVerify);
21592159
}
21602160
}
2161+
2162+
@Test
2163+
public void testECDSASignatureOIDMappings()
2164+
throws NoSuchProviderException, NoSuchAlgorithmException,
2165+
SignatureException, InvalidKeyException,
2166+
InvalidAlgorithmParameterException {
2167+
/* Test OID to algorithm name mappings for ECDSA signatures.
2168+
* These OIDs should map to the same implementations as the
2169+
* algorithm names. */
2170+
String[][] oidMappings = {
2171+
{"1.2.840.10045.4.1", "SHA1withECDSA"},
2172+
{"1.2.840.10045.4.3.1", "SHA224withECDSA"},
2173+
{"1.2.840.10045.4.3.2", "SHA256withECDSA"},
2174+
{"1.2.840.10045.4.3.3", "SHA384withECDSA"},
2175+
{"1.2.840.10045.4.3.4", "SHA512withECDSA"}
2176+
};
2177+
2178+
String testMessage = "Hello World OID Test";
2179+
byte[] testData = testMessage.getBytes();
2180+
2181+
for (String[] mapping : oidMappings) {
2182+
String oid = mapping[0];
2183+
String algoName = mapping[1];
2184+
2185+
/* Skip if the algorithm is not enabled */
2186+
if (!enabledAlgos.contains(algoName)) {
2187+
continue;
2188+
}
2189+
2190+
/* Create signatures using both OID and algorithm name */
2191+
Signature sigByOid = null;
2192+
Signature sigByName = null;
2193+
2194+
try {
2195+
sigByOid = Signature.getInstance(oid, "wolfJCE");
2196+
sigByName = Signature.getInstance(algoName, "wolfJCE");
2197+
} catch (NoSuchAlgorithmException e) {
2198+
fail("Failed to create signature instance for OID " + oid +
2199+
" or algorithm " + algoName + ": " + e.getMessage());
2200+
}
2201+
2202+
assertNotNull("Signature by OID should not be null for " + oid,
2203+
sigByOid);
2204+
assertNotNull("Signature by name should not be null for " +
2205+
algoName, sigByName);
2206+
2207+
/* Verify both instances have the same class */
2208+
assertEquals("OID and name should map to same implementation for " +
2209+
algoName, sigByName.getClass(), sigByOid.getClass());
2210+
2211+
/* Generate an EC key pair for testing */
2212+
KeyPair keyPair = generateKeyPair(algoName, secureRandom);
2213+
assertNotNull("Key pair should not be null for " + algoName,
2214+
keyPair);
2215+
2216+
/* Test signing with OID and verifying with algorithm name */
2217+
sigByOid.initSign(keyPair.getPrivate());
2218+
sigByOid.update(testData);
2219+
byte[] signature = sigByOid.sign();
2220+
2221+
sigByName.initVerify(keyPair.getPublic());
2222+
sigByName.update(testData);
2223+
boolean verified = sigByName.verify(signature);
2224+
2225+
assertTrue("Signature created with OID " + oid +
2226+
" should be verified with algorithm name " + algoName,
2227+
verified);
2228+
2229+
/* Test signing with algorithm name and verifying with OID */
2230+
sigByName.initSign(keyPair.getPrivate());
2231+
sigByName.update(testData);
2232+
signature = sigByName.sign();
2233+
2234+
sigByOid.initVerify(keyPair.getPublic());
2235+
sigByOid.update(testData);
2236+
verified = sigByOid.verify(signature);
2237+
2238+
assertTrue("Signature created with algorithm name " + algoName +
2239+
" should be verified with OID " + oid, verified);
2240+
}
2241+
}
21612242
}
21622243

0 commit comments

Comments
 (0)