Merge pull request #158 from cconlon/eccAlgOids

Additional ECC algorithm OIDs to Signature and KeyPairGenerator

Author: rlm2002

src/main/java/com/wolfssl/provider/jce/WolfCryptProvider.java

@@ -132,30 +132,35 @@ private void registerServices() {
                     "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA1wRSA");
             put("Signature.SHA1withECDSA",
                     "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA1wECDSA");
+            put("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA");
         }
         if (FeatureDetect.Sha224Enabled()) {
             put("Signature.SHA224withRSA",
                     "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA224wRSA");
             put("Signature.SHA224withECDSA",
                   "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA224wECDSA");
+            put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA");
         }
         if (FeatureDetect.Sha256Enabled()) {
             put("Signature.SHA256withRSA",
                     "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA256wRSA");
             put("Signature.SHA256withECDSA",
                   "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA256wECDSA");
+            put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA");
         }
         if (FeatureDetect.Sha384Enabled()) {
             put("Signature.SHA384withRSA",
                     "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA384wRSA");
             put("Signature.SHA384withECDSA",
                   "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA384wECDSA");
+            put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA");
         }
         if (FeatureDetect.Sha512Enabled()) {
             put("Signature.SHA512withRSA",
                     "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA512wRSA");
             put("Signature.SHA512withECDSA",
                   "com.wolfssl.provider.jce.WolfCryptSignature$wcSHA512wECDSA");
+            put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA");
         }
         if (FeatureDetect.Sha3Enabled()) {
             put("Signature.SHA3-224withRSA",
@@ -396,6 +401,7 @@ private void registerServices() {
         if (FeatureDetect.EccKeyGenEnabled()) {
             put("KeyPairGenerator.EC",
                 "com.wolfssl.provider.jce.WolfCryptKeyPairGenerator$wcKeyPairGenECC");
+            put("Alg.Alias.KeyPairGenerator.1.2.840.10045.2.1", "EC");
         }
         if (FeatureDetect.DhEnabled()) {
             put("KeyPairGenerator.DH",

src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyPairGeneratorTest.java

@@ -832,5 +832,66 @@ public void testRsassaPssKeyIdentificationAndSunCompatibility()
         assertTrue("Sun-generated key should verify wolfJCE signature",
             sig.verify(signature));
     }
+
+    @Test
+    public void testECKeyPairGeneratorOIDMapping()
+        throws NoSuchProviderException, NoSuchAlgorithmException,
+               InvalidAlgorithmParameterException {
+
+        /* Test that ECC KeyPairGenerator OID 1.2.840.10045.2.1 maps to "EC" */
+        String oid = "1.2.840.10045.2.1";
+        String algoName = "EC";
+
+        /* Skip test if ECC is not compiled in */
+        if (enabledEccKeySizes.isEmpty()) {
+            return;
+        }
+
+        /* Create KeyPairGenerator instances using both OID and name */
+        KeyPairGenerator kpgByOid = null;
+        KeyPairGenerator kpgByName = null;
+
+        try {
+            kpgByOid = KeyPairGenerator.getInstance(oid, "wolfJCE");
+            kpgByName = KeyPairGenerator.getInstance(algoName, "wolfJCE");
+        } catch (NoSuchAlgorithmException e) {
+            fail("Failed to create KeyPairGenerator instance for OID " + oid +
+                 " or algorithm " + algoName + ": " + e.getMessage());
+        }
+
+        assertNotNull("KeyPairGenerator by OID should not be null", kpgByOid);
+        assertNotNull("KeyPairGenerator by name should not be null", kpgByName);
+
+        /* Verify both instances have the same class */
+        assertEquals("OID and name should map to same implementation",
+            kpgByName.getClass(), kpgByOid.getClass());
+
+        /* Test functional equivalence - both should generate valid key pairs */
+        ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp256r1");
+
+        kpgByOid.initialize(ecSpec);
+        KeyPair keyPairFromOid = kpgByOid.generateKeyPair();
+        assertNotNull("Key pair from OID should not be null", keyPairFromOid);
+        assertNotNull("Private key from OID should not be null",
+            keyPairFromOid.getPrivate());
+        assertNotNull("Public key from OID should not be null",
+            keyPairFromOid.getPublic());
+
+        kpgByName.initialize(ecSpec);
+        KeyPair keyPairFromName = kpgByName.generateKeyPair();
+        assertNotNull("Key pair from name should not be null", keyPairFromName);
+        assertNotNull("Private key from name should not be null",
+            keyPairFromName.getPrivate());
+        assertNotNull("Public key from name should not be null",
+            keyPairFromName.getPublic());
+
+        /* Both key pairs should have the same algorithm */
+        assertEquals("Key algorithms should match",
+            keyPairFromName.getPrivate().getAlgorithm(),
+            keyPairFromOid.getPrivate().getAlgorithm());
+        assertEquals("Public key algorithms should match",
+            keyPairFromName.getPublic().getAlgorithm(),
+            keyPairFromOid.getPublic().getAlgorithm());
+    }
 }
 

src/test/java/com/wolfssl/provider/jce/test/WolfCryptSignatureTest.java

@@ -2158,5 +2158,86 @@ public void testRsaPssMultipleUpdates()
                 shouldNotVerify);
         }
     }
+
+    @Test
+    public void testECDSASignatureOIDMappings()
+        throws NoSuchProviderException, NoSuchAlgorithmException,
+               SignatureException, InvalidKeyException,
+               InvalidAlgorithmParameterException {
+        /* Test OID to algorithm name mappings for ECDSA signatures.
+         * These OIDs should map to the same implementations as the
+         * algorithm names. */
+        String[][] oidMappings = {
+            {"1.2.840.10045.4.1", "SHA1withECDSA"},
+            {"1.2.840.10045.4.3.1", "SHA224withECDSA"},
+            {"1.2.840.10045.4.3.2", "SHA256withECDSA"},
+            {"1.2.840.10045.4.3.3", "SHA384withECDSA"},
+            {"1.2.840.10045.4.3.4", "SHA512withECDSA"}
+        };
+
+        String testMessage = "Hello World OID Test";
+        byte[] testData = testMessage.getBytes();
+
+        for (String[] mapping : oidMappings) {
+            String oid = mapping[0];
+            String algoName = mapping[1];
+
+            /* Skip if the algorithm is not enabled */
+            if (!enabledAlgos.contains(algoName)) {
+                continue;
+            }
+
+            /* Create signatures using both OID and algorithm name */
+            Signature sigByOid = null;
+            Signature sigByName = null;
+
+            try {
+                sigByOid = Signature.getInstance(oid, "wolfJCE");
+                sigByName = Signature.getInstance(algoName, "wolfJCE");
+            } catch (NoSuchAlgorithmException e) {
+                fail("Failed to create signature instance for OID " + oid +
+                     " or algorithm " + algoName + ": " + e.getMessage());
+            }
+
+            assertNotNull("Signature by OID should not be null for " + oid,
+                sigByOid);
+            assertNotNull("Signature by name should not be null for " +
+                algoName, sigByName);
+
+            /* Verify both instances have the same class */
+            assertEquals("OID and name should map to same implementation for " +
+                algoName, sigByName.getClass(), sigByOid.getClass());
+
+            /* Generate an EC key pair for testing */
+            KeyPair keyPair = generateKeyPair(algoName, secureRandom);
+            assertNotNull("Key pair should not be null for " + algoName,
+                keyPair);
+
+            /* Test signing with OID and verifying with algorithm name */
+            sigByOid.initSign(keyPair.getPrivate());
+            sigByOid.update(testData);
+            byte[] signature = sigByOid.sign();
+
+            sigByName.initVerify(keyPair.getPublic());
+            sigByName.update(testData);
+            boolean verified = sigByName.verify(signature);
+
+            assertTrue("Signature created with OID " + oid +
+                " should be verified with algorithm name " + algoName,
+                verified);
+
+            /* Test signing with algorithm name and verifying with OID */
+            sigByName.initSign(keyPair.getPrivate());
+            sigByName.update(testData);
+            signature = sigByName.sign();
+
+            sigByOid.initVerify(keyPair.getPublic());
+            sigByOid.update(testData);
+            verified = sigByOid.verify(signature);
+
+            assertTrue("Signature created with algorithm name " + algoName +
+                      " should be verified with OID " + oid, verified);
+        }
+    }
 }