Copy tests to internal ECDSA signer and verifier.

The implementation has been moved to internal, but we kept the subtle API.
I think it's best to simply run the same tests for both.

PiperOrigin-RevId: 736082365
Change-Id: Ib9ab55ded649982aeccbc3b58ea70b7fcfd1b492

Author: juergw

src/test/java/com/google/crypto/tink/signature/internal/BUILD.bazel

@@ -339,3 +339,69 @@ java_test(
         "@maven//:org_conscrypt_conscrypt_openjdk_uber",
     ],
 )
+
+java_test(
+    name = "EcdsaSignJceTest",
+    size = "small",
+    srcs = ["EcdsaSignJceTest.java"],
+    deps = [
+        "//src/main/java/com/google/crypto/tink:public_key_sign",
+        "//src/main/java/com/google/crypto/tink:public_key_verify",
+        "//src/main/java/com/google/crypto/tink/signature:ecdsa_private_key",
+        "//src/main/java/com/google/crypto/tink/signature:ecdsa_public_key",
+        "//src/main/java/com/google/crypto/tink/signature/internal:ecdsa_sign_jce",
+        "//src/main/java/com/google/crypto/tink/signature/internal:ecdsa_verify_jce",
+        "//src/main/java/com/google/crypto/tink/signature/internal/testing:ecdsa_test_util",
+        "//src/main/java/com/google/crypto/tink/signature/internal/testing:signature_test_vector",
+        "//src/main/java/com/google/crypto/tink/subtle:bytes",
+        "//src/main/java/com/google/crypto/tink/subtle:elliptic_curves",
+        "//src/main/java/com/google/crypto/tink/subtle:enums",
+        "//src/main/java/com/google/crypto/tink/testing:test_util",
+        "@maven//:junit_junit",
+    ],
+)
+
+java_test(
+    name = "EcdsaSignVerifyFipsTest",
+    size = "small",
+    srcs = ["EcdsaSignVerifyFipsTest.java"],
+    tags = ["fips"],
+    deps = [
+        "//src/main/java/com/google/crypto/tink:public_key_sign",
+        "//src/main/java/com/google/crypto/tink:public_key_verify",
+        "//src/main/java/com/google/crypto/tink/config:tink_fips",
+        "//src/main/java/com/google/crypto/tink/config/internal:tink_fips_util",
+        "//src/main/java/com/google/crypto/tink/signature:ecdsa_private_key",
+        "//src/main/java/com/google/crypto/tink/signature:ecdsa_public_key",
+        "//src/main/java/com/google/crypto/tink/signature/internal:ecdsa_sign_jce",
+        "//src/main/java/com/google/crypto/tink/signature/internal:ecdsa_verify_jce",
+        "//src/main/java/com/google/crypto/tink/signature/internal/testing:ecdsa_test_util",
+        "//src/main/java/com/google/crypto/tink/signature/internal/testing:signature_test_vector",
+        "//src/main/java/com/google/crypto/tink/subtle:elliptic_curves",
+        "//src/main/java/com/google/crypto/tink/subtle:enums",
+        "@maven//:junit_junit",
+        "@maven//:org_conscrypt_conscrypt_openjdk_uber",
+    ],
+)
+
+java_test(
+    name = "EcdsaVerifyJceTest",
+    size = "small",
+    srcs = ["EcdsaVerifyJceTest.java"],
+    data = ["@wycheproof//testvectors:all"],
+    tags = ["notsan"],
+    deps = [
+        "//src/main/java/com/google/crypto/tink/config:tink_fips",
+        "//src/main/java/com/google/crypto/tink/signature/internal:ecdsa_sign_jce",
+        "//src/main/java/com/google/crypto/tink/signature/internal:ecdsa_verify_jce",
+        "//src/main/java/com/google/crypto/tink/subtle:elliptic_curves",
+        "//src/main/java/com/google/crypto/tink/subtle:enums",
+        "//src/main/java/com/google/crypto/tink/subtle:hex",
+        "//src/main/java/com/google/crypto/tink/subtle:subtle_util_cluster",
+        "//src/main/java/com/google/crypto/tink/testing:test_util",
+        "//src/main/java/com/google/crypto/tink/testing:wycheproof_test_util",
+        "@maven//:com_google_code_gson_gson",
+        "@maven//:junit_junit",
+        "@maven//:org_conscrypt_conscrypt_openjdk_uber",
+    ],
+)

src/test/java/com/google/crypto/tink/signature/internal/EcdsaSignJceTest.java

@@ -0,0 +1,119 @@
+// Copyright 2017 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+package com.google.crypto.tink.signature.internal;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.junit.Assert.assertThrows;
+import static org.junit.Assert.assertTrue;
+
+import com.google.crypto.tink.PublicKeySign;
+import com.google.crypto.tink.PublicKeyVerify;
+import com.google.crypto.tink.signature.EcdsaPrivateKey;
+import com.google.crypto.tink.signature.EcdsaPublicKey;
+import com.google.crypto.tink.signature.internal.testing.EcdsaTestUtil;
+import com.google.crypto.tink.signature.internal.testing.SignatureTestVector;
+import com.google.crypto.tink.subtle.Bytes;
+import com.google.crypto.tink.subtle.EllipticCurves;
+import com.google.crypto.tink.subtle.EllipticCurves.EcdsaEncoding;
+import com.google.crypto.tink.subtle.Enums.HashType;
+import com.google.crypto.tink.testing.TestUtil;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Signature;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECParameterSpec;
+import org.junit.Test;
+import org.junit.experimental.theories.DataPoints;
+import org.junit.experimental.theories.FromDataPoints;
+import org.junit.experimental.theories.Theories;
+import org.junit.experimental.theories.Theory;
+import org.junit.runner.RunWith;
+
+/** Unit tests for EcdsaSignJce. */
+@RunWith(Theories.class)
+public class EcdsaSignJceTest {
+
+  @Test
+  public void testBasic() throws Exception {
+    ECParameterSpec ecParams = EllipticCurves.getNistP256Params();
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+    keyGen.initialize(ecParams);
+    KeyPair keyPair = keyGen.generateKeyPair();
+    ECPublicKey pub = (ECPublicKey) keyPair.getPublic();
+    ECPrivateKey priv = (ECPrivateKey) keyPair.getPrivate();
+
+    // Sign with EcdsaSign.
+    String message = "Hello";
+    EcdsaSignJce signer = new EcdsaSignJce(priv, HashType.SHA256, EcdsaEncoding.DER);
+    byte[] signature = signer.sign(message.getBytes(UTF_8));
+
+    // Verify with JCE's Signature.
+    Signature verifier = Signature.getInstance("SHA256WithECDSA");
+    verifier.initVerify(pub);
+    verifier.update(message.getBytes(UTF_8));
+    assertTrue(verifier.verify(signature));
+  }
+
+  @Test
+  public void testConstructorExceptions() throws Exception {
+    ECParameterSpec ecParams = EllipticCurves.getNistP256Params();
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+    keyGen.initialize(ecParams);
+    KeyPair keyPair = keyGen.generateKeyPair();
+    ECPrivateKey priv = (ECPrivateKey) keyPair.getPrivate();
+
+    GeneralSecurityException e =
+        assertThrows(
+            GeneralSecurityException.class,
+            () -> new EcdsaSignJce(priv, HashType.SHA1, EcdsaEncoding.DER));
+    TestUtil.assertExceptionContains(e, "Unsupported hash: SHA1");
+  }
+
+  @Theory
+  public void test_validateSignatureInTestVector(
+      @FromDataPoints("allTests") SignatureTestVector testVector) throws Exception {
+    PublicKeyVerify verifier =
+        EcdsaVerifyJce.create((EcdsaPublicKey) testVector.getPrivateKey().getPublicKey());
+    verifier.verify(testVector.getSignature(), testVector.getMessage());
+  }
+
+  @Theory
+  public void test_computeAndValidateFreshSignatureWithTestVector(
+      @FromDataPoints("allTests") SignatureTestVector testVector) throws Exception {
+    PublicKeySign signer = EcdsaSignJce.create((EcdsaPrivateKey) testVector.getPrivateKey());
+    byte[] signature = signer.sign(testVector.getMessage());
+    PublicKeyVerify verifier =
+        EcdsaVerifyJce.create((EcdsaPublicKey) testVector.getPrivateKey().getPublicKey());
+    verifier.verify(signature, testVector.getMessage());
+  }
+
+  @Theory
+  public void test_validateSignatureInTestVectorWithWrongMessage_throws(
+      @FromDataPoints("allTests") SignatureTestVector testVector) throws Exception {
+    PublicKeyVerify verifier =
+        EcdsaVerifyJce.create((EcdsaPublicKey) testVector.getPrivateKey().getPublicKey());
+    byte[] modifiedMessage = Bytes.concat(testVector.getMessage(), new byte[] {0x01});
+    assertThrows(
+        GeneralSecurityException.class,
+        () -> verifier.verify(testVector.getSignature(), modifiedMessage));
+  }
+
+  @DataPoints("allTests")
+  public static final SignatureTestVector[] testVectors = EcdsaTestUtil.createEcdsaTestVectors();
+}

src/test/java/com/google/crypto/tink/signature/internal/EcdsaSignVerifyFipsTest.java

@@ -0,0 +1,147 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+package com.google.crypto.tink.signature.internal;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.junit.Assert.assertThrows;
+
+import com.google.crypto.tink.PublicKeySign;
+import com.google.crypto.tink.PublicKeyVerify;
+import com.google.crypto.tink.config.TinkFips;
+import com.google.crypto.tink.config.internal.TinkFipsUtil;
+import com.google.crypto.tink.signature.EcdsaPrivateKey;
+import com.google.crypto.tink.signature.EcdsaPublicKey;
+import com.google.crypto.tink.signature.internal.testing.EcdsaTestUtil;
+import com.google.crypto.tink.signature.internal.testing.SignatureTestVector;
+import com.google.crypto.tink.subtle.EllipticCurves;
+import com.google.crypto.tink.subtle.EllipticCurves.EcdsaEncoding;
+import com.google.crypto.tink.subtle.Enums.HashType;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Security;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import org.conscrypt.Conscrypt;
+import org.junit.Assume;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+/**
+ * Unit tests for EcdsaSignJce and EcdsaVerifyJce in FIPS mode.
+ *
+ * <p>This test should be run with the <code>--use_only_fips=true</code>, both with the BoringCrypto
+ * FIPS module enabled and disabled with <code>--define=BORINGSSL_FIPS=0</code>.
+ */
+@RunWith(JUnit4.class)
+public final class EcdsaSignVerifyFipsTest {
+
+  @Before
+  public void useConscrypt() throws Exception {
+    Assume.assumeTrue(TinkFips.useOnlyFips());
+    Conscrypt.checkAvailability();
+    Security.addProvider(Conscrypt.newProvider());
+  }
+
+  private static final SignatureTestVector[] testVectors = EcdsaTestUtil.createEcdsaTestVectors();
+
+  @Test
+  public void createWorksIfFipsModuleAvailable() throws Exception {
+    Assume.assumeTrue(TinkFipsUtil.fipsModuleAvailable());
+    for (SignatureTestVector testVector : testVectors) {
+      PublicKeySign signer = EcdsaSignJce.create((EcdsaPrivateKey) testVector.getPrivateKey());
+      byte[] signature = signer.sign(testVector.getMessage());
+      PublicKeyVerify verifier =
+          EcdsaVerifyJce.create((EcdsaPublicKey) testVector.getPrivateKey().getPublicKey());
+      verifier.verify(signature, testVector.getMessage());
+    }
+  }
+
+  @Test
+  public void createThrowsIfFipsModuleNotAvailable() throws Exception {
+    Assume.assumeFalse(TinkFipsUtil.fipsModuleAvailable());
+    for (SignatureTestVector testVector : testVectors) {
+      assertThrows(
+          GeneralSecurityException.class,
+          () -> EcdsaSignJce.create((EcdsaPrivateKey) testVector.getPrivateKey()));
+      assertThrows(
+          GeneralSecurityException.class,
+          () -> EcdsaVerifyJce.create((EcdsaPublicKey) testVector.getPrivateKey().getPublicKey()));
+    }
+  }
+
+  @Test
+  public void constructorsWorkIfFipsModuleAvailable() throws Exception {
+    Assume.assumeTrue(TinkFipsUtil.fipsModuleAvailable());
+
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+    keyGen.initialize(EllipticCurves.getNistP256Params());
+    KeyPair keyPair = keyGen.generateKeyPair();
+    ECPublicKey pub = (ECPublicKey) keyPair.getPublic();
+    ECPrivateKey priv = (ECPrivateKey) keyPair.getPrivate();
+
+    byte[] message = "Hello".getBytes(UTF_8);
+
+    EcdsaSignJce signer = new EcdsaSignJce(priv, HashType.SHA256, EcdsaEncoding.DER);
+    byte[] signature = signer.sign(message);
+
+    EcdsaVerifyJce verifier = new EcdsaVerifyJce(pub, HashType.SHA256, EcdsaEncoding.DER);
+    verifier.verify(signature, message);
+  }
+
+  @Test
+  public void constructorsDontValidateHashFunctionType() throws Exception {
+    Assume.assumeTrue(TinkFipsUtil.fipsModuleAvailable());
+    // Using Curve P521 with SHA256 is not allowed by the FIPS 140-2, see
+    // https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf Page 21.
+    //
+    // This is currently not enforced.
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+    keyGen.initialize(EllipticCurves.getNistP521Params());
+    KeyPair keyPair = keyGen.generateKeyPair();
+    ECPublicKey pub = (ECPublicKey) keyPair.getPublic();
+    ECPrivateKey priv = (ECPrivateKey) keyPair.getPrivate();
+
+    byte[] message = "Hello".getBytes(UTF_8);
+
+    EcdsaSignJce signer = new EcdsaSignJce(priv, HashType.SHA256, EcdsaEncoding.DER);
+    byte[] signature = signer.sign(message);
+
+    EcdsaVerifyJce verifier = new EcdsaVerifyJce(pub, HashType.SHA256, EcdsaEncoding.DER);
+    verifier.verify(signature, message);
+  }
+
+  @Test
+  public void constructorThrowsIfFipsModuleNotAvailable() throws Exception {
+    Assume.assumeFalse(TinkFipsUtil.fipsModuleAvailable());
+
+    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC");
+    keyGen.initialize(EllipticCurves.getNistP256Params());
+    KeyPair keyPair = keyGen.generateKeyPair();
+    ECPublicKey pub = (ECPublicKey) keyPair.getPublic();
+    ECPrivateKey priv = (ECPrivateKey) keyPair.getPrivate();
+
+    assertThrows(
+        GeneralSecurityException.class,
+        () -> new EcdsaSignJce(priv, HashType.SHA256, EcdsaEncoding.DER));
+    assertThrows(
+        GeneralSecurityException.class,
+        () -> new EcdsaVerifyJce(pub, HashType.SHA256, EcdsaEncoding.DER));
+  }
+}