The Diffie-Hellman parameter generation accepts the size in bits of the
* prime modulus and the size in bits of the random exponent as input.
- * The size of the prime modulus defaults to 1024 bits.
*
* @author Jan Luehe
*
@@ -50,7 +51,7 @@ public final class DHParameterGenerator
extends AlgorithmParameterGeneratorSpi {
// The size in bits of the prime modulus
- private int primeSize = 1024;
+ private int primeSize = DEF_DH_KEY_SIZE;
// The size in bits of the random exponent (private value)
private int exponentSize = 0;
diff --git a/src/share/classes/sun/security/action/GetPropertyAction.java b/src/share/classes/sun/security/action/GetPropertyAction.java
index 4ed9bde37831891f76cc4667dfc3307cb909d4e6..24ecc91a6166064065cf36a0df09fc032ef044b6 100644
--- a/src/share/classes/sun/security/action/GetPropertyAction.java
+++ b/src/share/classes/sun/security/action/GetPropertyAction.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,9 @@
package sun.security.action;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
/**
* A convenience class for retrieving the string value of a system
* property as a privileged action.
@@ -46,8 +49,7 @@ package sun.security.action;
* @since 1.2
*/
-public class GetPropertyAction
- implements java.security.PrivilegedActiongenParams
- * is false, a set of pre-computed parameters is used.
- */
- public void initialize(int modlen, boolean genParams, SecureRandom random) {
- int subPrimeLen = -1;
- if (modlen <= 1024) {
- subPrimeLen = 160;
- } else if (modlen == 2048) {
- subPrimeLen = 224;
- }
- checkStrength(modlen, subPrimeLen);
- if (genParams) {
- params = null;
- } else {
- params = ParameterCache.getCachedDSAParameterSpec(modlen,
- subPrimeLen);
- if (params == null) {
- throw new InvalidParameterException
- ("No precomputed parameters for requested modulus size "
- + "available");
- }
-
- }
- this.plen = modlen;
- this.qlen = subPrimeLen;
- this.random = random;
- this.forceNewParameters = genParams;
- }
-
- /**
- * Initializes the DSA object using a DSA parameter object.
- *
- * @param params a fully initialized DSA parameter object.
- */
- public void initialize(DSAParams params, SecureRandom random) {
- if (params == null) {
- throw new InvalidParameterException("Params must not be null");
- }
- DSAParameterSpec spec = new DSAParameterSpec
- (params.getP(), params.getQ(), params.getG());
- initialize0(spec, random);
+ init(modlen, random, false);
}
/**
@@ -147,10 +102,21 @@ implements java.security.interfaces.DSAKeyPairGenerator {
throw new InvalidAlgorithmParameterException
("Inappropriate parameter");
}
- initialize0((DSAParameterSpec)params, random);
+ init((DSAParameterSpec)params, random, false);
}
- private void initialize0(DSAParameterSpec params, SecureRandom random) {
+ void init(int modlen, SecureRandom random, boolean forceNew) {
+ int subPrimeLen = getDefDSASubprimeSize(modlen);
+ checkStrength(modlen, subPrimeLen);
+ this.plen = modlen;
+ this.qlen = subPrimeLen;
+ this.params = null;
+ this.random = random;
+ this.forceNewParameters = forceNew;
+ }
+
+ void init(DSAParameterSpec params, SecureRandom random,
+ boolean forceNew) {
int sizeP = params.getP().bitLength();
int sizeQ = params.getQ().bitLength();
checkStrength(sizeP, sizeQ);
@@ -158,7 +124,7 @@ implements java.security.interfaces.DSAKeyPairGenerator {
this.qlen = sizeQ;
this.params = params;
this.random = random;
- this.forceNewParameters = false;
+ this.forceNewParameters = forceNew;
}
/**
@@ -187,7 +153,7 @@ implements java.security.interfaces.DSAKeyPairGenerator {
return generateKeyPair(spec.getP(), spec.getQ(), spec.getG(), random);
}
- public KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g,
+ private KeyPair generateKeyPair(BigInteger p, BigInteger q, BigInteger g,
SecureRandom random) {
BigInteger x = generateX(random, q);
@@ -242,4 +208,55 @@ implements java.security.interfaces.DSAKeyPairGenerator {
return y;
}
+ public static final class Current extends DSAKeyPairGenerator {
+ public Current() {
+ super(DEF_DSA_KEY_SIZE);
+ }
+ }
+
+ public static final class Legacy extends DSAKeyPairGenerator
+ implements java.security.interfaces.DSAKeyPairGenerator {
+
+ public Legacy() {
+ super(1024);
+ }
+
+ /**
+ * Initializes the DSA key pair generator. If genParams
+ * is false, a set of pre-computed parameters is used.
+ */
+ @Override
+ public void initialize(int modlen, boolean genParams,
+ SecureRandom random) throws InvalidParameterException {
+ if (genParams) {
+ super.init(modlen, random, true);
+ } else {
+ DSAParameterSpec cachedParams =
+ ParameterCache.getCachedDSAParameterSpec(modlen,
+ getDefDSASubprimeSize(modlen));
+ if (cachedParams == null) {
+ throw new InvalidParameterException
+ ("No precomputed parameters for requested modulus" +
+ " size available");
+ }
+ super.init(cachedParams, random, false);
+ }
+ }
+
+ /**
+ * Initializes the DSA object using a DSA parameter object.
+ *
+ * @param params a fully initialized DSA parameter object.
+ */
+ @Override
+ public void initialize(DSAParams params, SecureRandom random)
+ throws InvalidParameterException {
+ if (params == null) {
+ throw new InvalidParameterException("Params must not be null");
+ }
+ DSAParameterSpec spec = new DSAParameterSpec
+ (params.getP(), params.getQ(), params.getG());
+ super.init(spec, random, false);
+ }
+ }
}
diff --git a/src/share/classes/sun/security/provider/DSAParameterGenerator.java b/src/share/classes/sun/security/provider/DSAParameterGenerator.java
index ac50e96f2680183706e951451bc7d3d7b510f283..af8fb7b19e9e49010ccf0e7e0e37a7b0dba46a1b 100644
--- a/src/share/classes/sun/security/provider/DSAParameterGenerator.java
+++ b/src/share/classes/sun/security/provider/DSAParameterGenerator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,15 +34,18 @@ import java.security.NoSuchProviderException;
import java.security.InvalidParameterException;
import java.security.MessageDigest;
import java.security.SecureRandom;
+import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.DSAParameterSpec;
import java.security.spec.DSAGenParameterSpec;
+import static sun.security.util.SecurityProviderConstants.DEF_DSA_KEY_SIZE;
+import static sun.security.util.SecurityProviderConstants.getDefDSASubprimeSize;
+
+
/**
- * This class generates parameters for the DSA algorithm. It uses a default
- * prime modulus size of 1024 bits, which can be overwritten during
- * initialization.
+ * This class generates parameters for the DSA algorithm.
*
* @author Jan Luehe
*
@@ -56,10 +59,6 @@ import java.security.spec.DSAGenParameterSpec;
public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
- // the default parameters
- private static final DSAGenParameterSpec DEFAULTS =
- new DSAGenParameterSpec(1024, 160, 160);
-
// the length of prime P, subPrime Q, and seed in bits
private int valueL = -1;
private int valueN = -1;
@@ -83,18 +82,16 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
* @param strength the strength (size of prime) in bits
* @param random the source of randomness
*/
+ @Override
protected void engineInit(int strength, SecureRandom random) {
- if ((strength >= 512) && (strength <= 1024) && (strength % 64 == 0)) {
- this.valueN = 160;
- } else if (strength == 2048) {
- this.valueN = 224;
-// } else if (strength == 3072) {
-// this.valueN = 256;
- } else {
- throw new InvalidParameterException
- ("Prime size should be 512 - 1024, or 2048");
+ if ((strength != 2048) &&
+ ((strength < 512) || (strength > 1024) || (strength % 64 != 0))) {
+ throw new InvalidParameterException(
+ "Unexpected strength (size of prime): " + strength +
+ ". Prime size should be 512-1024, or 2048");
}
this.valueL = strength;
+ this.valueN = getDefDSASubprimeSize(strength);
this.seedLen = valueN;
this.random = random;
}
@@ -103,19 +100,20 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
* Initializes this parameter generator with a set of
* algorithm-specific parameter generation values.
*
- * @param genParamSpec the set of algorithm-specific parameter generation values
+ * @param genParamSpec the set of algorithm-specific parameter
+ * generation values
* @param random the source of randomness
*
* @exception InvalidAlgorithmParameterException if the given parameter
* generation values are inappropriate for this parameter generator
*/
+ @Override
protected void engineInit(AlgorithmParameterSpec genParamSpec,
- SecureRandom random)
- throws InvalidAlgorithmParameterException {
+ SecureRandom random) throws InvalidAlgorithmParameterException {
if (!(genParamSpec instanceof DSAGenParameterSpec)) {
throw new InvalidAlgorithmParameterException("Invalid parameter");
}
- DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec) genParamSpec;
+ DSAGenParameterSpec dsaGenParams = (DSAGenParameterSpec)genParamSpec;
int primePLen = dsaGenParams.getPrimePLength();
if (primePLen > 2048) {
throw new InvalidParameterException
@@ -140,11 +138,7 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
this.random = new SecureRandom();
}
if (valueL == -1) {
- try {
- engineInit(DEFAULTS, this.random);
- } catch (InvalidAlgorithmParameterException iape) {
- // should never happen
- }
+ engineInit(DEF_DSA_KEY_SIZE, this.random);
}
BigInteger[] pAndQ = generatePandQ(this.random, valueL,
valueN, seedLen);
@@ -210,13 +204,16 @@ public class DSAParameterGenerator extends AlgorithmParameterGeneratorSpi {
int b = (valueL - 1) % outLen;
byte[] seedBytes = new byte[seedLen/8];
BigInteger twoSl = TWO.pow(seedLen);
- int primeCertainty = 80; // for 1024-bit prime P
- if (valueL == 2048) {
+ int primeCertainty = -1;
+ if (valueL <= 1024) {
+ primeCertainty = 80;
+ } else if (valueL == 2048) {
primeCertainty = 112;
- //} else if (valueL == 3072) {
- // primeCertainty = 128;
}
+ if (primeCertainty < 0) {
+ throw new ProviderException("Invalid valueL: " + valueL);
+ }
BigInteger resultP, resultQ, seed = null;
int counter;
while (true) {
diff --git a/src/share/classes/sun/security/provider/SunEntries.java b/src/share/classes/sun/security/provider/SunEntries.java
index 0e33ad81a24e4620ba723999cb004e131487abc8..008fea58e4f8a5bdd15c2a16657fe57287df7f66 100644
--- a/src/share/classes/sun/security/provider/SunEntries.java
+++ b/src/share/classes/sun/security/provider/SunEntries.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@ import java.io.*;
import java.net.*;
import java.util.Map;
import java.security.*;
+import sun.security.action.GetPropertyAction;
/**
* Defines the entries of the SUN provider.
@@ -78,6 +79,10 @@ import java.security.*;
final class SunEntries {
+ private static final boolean useLegacyDSA =
+ Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
+ ("jdk.security.legacyDSAKeyPairGenerator"));
+
private SunEntries() {
// empty
}
@@ -159,8 +164,9 @@ final class SunEntries {
/*
* Key Pair Generator engines
*/
- map.put("KeyPairGenerator.DSA",
- "sun.security.provider.DSAKeyPairGenerator");
+ String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
+ dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
+ map.put("KeyPairGenerator.DSA", dsaKPGImplClass);
map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
diff --git a/src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java b/src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
index 8ca36a1e62c2c460b5e3f340e6aa0a3af080592a..6ad77b52361aa7255af1701067006d3e7ed90e60 100644
--- a/src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
+++ b/src/share/classes/sun/security/rsa/RSAKeyPairGenerator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@ import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import sun.security.jca.JCAUtil;
+import static sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE;
/**
* RSA keypair generation. Standard algorithm, minimum key length 512 bit.
@@ -55,7 +56,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
public RSAKeyPairGenerator() {
// initialize to default in case the app does not call initialize()
- initialize(1024, null);
+ initialize(DEF_RSA_KEY_SIZE, null);
}
// initialize the generator. See JCA doc
diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/classes/sun/security/tools/keytool/Main.java
index 78df17156c1d5260bcce8346d84ef66d9af0ce71..c2c52ef91694c90d7a41bbe70cd7f17298821b0a 100644
--- a/src/share/classes/sun/security/tools/keytool/Main.java
+++ b/src/share/classes/sun/security/tools/keytool/Main.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -70,6 +70,7 @@ import sun.security.pkcs10.PKCS10Attribute;
import sun.security.provider.X509Factory;
import sun.security.provider.certpath.CertStoreHelper;
import sun.security.util.Password;
+import sun.security.util.SecurityProviderConstants;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
@@ -1578,11 +1579,12 @@ public final class Main {
{
if (keysize == -1) {
if ("EC".equalsIgnoreCase(keyAlgName)) {
- keysize = 256;
+ keysize = SecurityProviderConstants.DEF_EC_KEY_SIZE;
} else if ("RSA".equalsIgnoreCase(keyAlgName)) {
- keysize = 2048;
- } else {
- keysize = 1024;
+ // hardcode for now as DEF_RSA_KEY_SIZE is still 1024
+ keysize = 2048; // SecurityProviderConstants.DEF_RSA_KEY_SIZE;
+ } else if ("DSA".equalsIgnoreCase(keyAlgName)) {
+ keysize = SecurityProviderConstants.DEF_DSA_KEY_SIZE;
}
}
diff --git a/src/share/classes/sun/security/util/SecurityProviderConstants.java b/src/share/classes/sun/security/util/SecurityProviderConstants.java
new file mode 100644
index 0000000000000000000000000000000000000000..866f9fc8c401e8aaa1cfd6d56008e9c2dc6ca964
--- /dev/null
+++ b/src/share/classes/sun/security/util/SecurityProviderConstants.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.util.regex.PatternSyntaxException;
+import java.security.InvalidParameterException;
+import sun.security.action.GetPropertyAction;
+
+/**
+ * Various constants such as version number, default key length, used by
+ * the JDK security/crypto providers.
+ */
+public final class SecurityProviderConstants {
+ private static final Debug debug =
+ Debug.getInstance("jca", "ProviderConfig");
+
+ // Cannot create one of these
+ private SecurityProviderConstants () {
+ }
+
+ public static final int getDefDSASubprimeSize(int primeSize) {
+ if (primeSize <= 1024) {
+ return 160;
+ } else if (primeSize == 2048) {
+ return 224;
+ } else if (primeSize == 3072) {
+ return 256;
+ } else {
+ throw new InvalidParameterException("Invalid DSA Prime Size: " +
+ primeSize);
+ }
+ }
+
+ public static final int DEF_DSA_KEY_SIZE;
+ public static final int DEF_RSA_KEY_SIZE;
+ public static final int DEF_DH_KEY_SIZE;
+ public static final int DEF_EC_KEY_SIZE;
+
+ private static final String KEY_LENGTH_PROP =
+ "jdk.security.defaultKeySize";
+ static {
+ String keyLengthStr = GetPropertyAction.privilegedGetProperty
+ (KEY_LENGTH_PROP);
+ int dsaKeySize = 1024;
+ int rsaKeySize = 1024;
+ int dhKeySize = 1024;
+ int ecKeySize = 256;
+
+ if (keyLengthStr != null) {
+ try {
+ String[] pairs = keyLengthStr.split(",");
+ for (String p : pairs) {
+ String[] algoAndValue = p.split(":");
+ if (algoAndValue.length != 2) {
+ // invalid pair, skip to next pair
+ if (debug != null) {
+ debug.println("Ignoring invalid pair in " +
+ KEY_LENGTH_PROP + " property: " + p);
+ }
+ continue;
+ }
+ String algoName = algoAndValue[0].trim().toUpperCase();
+ int value = -1;
+ try {
+ value = Integer.parseInt(algoAndValue[1].trim());
+ } catch (NumberFormatException nfe) {
+ // invalid value, skip to next pair
+ if (debug != null) {
+ debug.println("Ignoring invalid value in " +
+ KEY_LENGTH_PROP + " property: " + p);
+ }
+ continue;
+ }
+ if (algoName.equals("DSA")) {
+ dsaKeySize = value;
+ } else if (algoName.equals("RSA")) {
+ rsaKeySize = value;
+ } else if (algoName.equals("DH")) {
+ dhKeySize = value;
+ } else if (algoName.equals("EC")) {
+ ecKeySize = value;
+ } else {
+ if (debug != null) {
+ debug.println("Ignoring unsupported algo in " +
+ KEY_LENGTH_PROP + " property: " + p);
+ }
+ continue;
+ }
+ if (debug != null) {
+ debug.println("Overriding default " + algoName +
+ " keysize with value from " +
+ KEY_LENGTH_PROP + " property: " + value);
+ }
+ }
+ } catch (PatternSyntaxException pse) {
+ // if property syntax is not followed correctly
+ if (debug != null) {
+ debug.println("Unexpected exception while parsing " +
+ KEY_LENGTH_PROP + " property: " + pse);
+ }
+ }
+ }
+ DEF_DSA_KEY_SIZE = dsaKeySize;
+ DEF_RSA_KEY_SIZE = rsaKeySize;
+ DEF_DH_KEY_SIZE = dhKeySize;
+ DEF_EC_KEY_SIZE = ecKeySize;
+ }
+}
diff --git a/src/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java b/src/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
index f0d193eb8a61a3f1ada5f80d8d160a9e793c8435..4222dee1ce56a19ebaf29a174f3cb91b250ca623 100644
--- a/src/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
+++ b/src/windows/classes/sun/security/mscapi/RSAKeyPairGenerator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@ import java.security.spec.RSAKeyGenParameterSpec;
import sun.security.jca.JCAUtil;
import sun.security.rsa.RSAKeyFactory;
+import static sun.security.util.SecurityProviderConstants.DEF_RSA_KEY_SIZE;
/**
* RSA keypair generator.
@@ -46,14 +47,13 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
// Supported by Microsoft Base, Strong and Enhanced Cryptographic Providers
static final int KEY_SIZE_MIN = 512; // disallow MSCAPI min. of 384
static final int KEY_SIZE_MAX = 16384;
- private static final int KEY_SIZE_DEFAULT = 1024;
// size of the key to generate, KEY_SIZE_MIN <= keySize <= KEY_SIZE_MAX
private int keySize;
public RSAKeyPairGenerator() {
// initialize to default in case the app does not call initialize()
- initialize(KEY_SIZE_DEFAULT, null);
+ initialize(DEF_RSA_KEY_SIZE, null);
}
// initialize the generator. See JCA doc
@@ -77,7 +77,7 @@ public final class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
int tmpSize;
if (params == null) {
- tmpSize = KEY_SIZE_DEFAULT;
+ tmpSize = DEF_RSA_KEY_SIZE;
} else if (params instanceof RSAKeyGenParameterSpec) {
if (((RSAKeyGenParameterSpec) params).getPublicExponent() != null) {
diff --git a/test/java/security/Signature/Offsets.java b/test/java/security/Signature/Offsets.java
index 9e71690ea4f588e05e9888d3eab11232c5bebcb6..1db510dd6c41d51eef559fc520b87f71b892aaa4 100644
--- a/test/java/security/Signature/Offsets.java
+++ b/test/java/security/Signature/Offsets.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,7 +34,7 @@ import jdk.testlibrary.RandomFactory;
/*
* @test
- * @bug 8050374
+ * @bug 8050374 8181048
* @key randomness
* @summary This test validates signature verification
* Signature.verify(byte[], int, int). The test uses RandomFactory to
@@ -105,18 +105,25 @@ public class Offsets {
Signature signature = Signature.getInstance(algorithm, provider);
String keyAlgo;
+ int keySize = 2048;
if (algorithm.contains("RSA")) {
keyAlgo = "RSA";
} else if (algorithm.contains("ECDSA")) {
keyAlgo = "EC";
+ keySize = 256;
} else if (algorithm.contains("DSA")) {
keyAlgo = "DSA";
+ if (algorithm.startsWith("SHAwith") ||
+ algorithm.startsWith("SHA1with")) {
+ keySize = 1024;
+ }
} else {
throw new RuntimeException("Test doesn't support this signature "
+ "algorithm: " + algorithm);
}
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+ kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
PublicKey pubkey = kp.getPublic();
PrivateKey privkey = kp.getPrivate();
diff --git a/test/java/security/SignedObject/Chain.java b/test/java/security/SignedObject/Chain.java
index e6c423cbb0287a9bfab9a4ae881776968d2d0980..f5ad1b1e20089915d0f03495c8d4f404747c8840 100644
--- a/test/java/security/SignedObject/Chain.java
+++ b/test/java/security/SignedObject/Chain.java
@@ -32,7 +32,7 @@ import java.util.Arrays;
/*
* @test
- * @bug 8050374
+ * @bug 8050374 8181048
* @summary Verify a chain of signed objects
*/
public class Chain {
@@ -97,22 +97,28 @@ public class Chain {
final Provider provider;
final KeyAlg keyAlg;
final SigAlg sigAlg;
+ final int keySize;
- Test(SigAlg sigAlg, KeyAlg keyAlg, Provider privider) {
- this.provider = privider;
+ Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider) {
+ this(sigAlg, keyAlg, provider, -1);
+ }
+
+ Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider, int keySize) {
+ this.provider = provider;
this.keyAlg = keyAlg;
this.sigAlg = sigAlg;
+ this.keySize = keySize;
}
}
private static final Test[] tests = {
- new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default),
+ new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024),
new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA1withRSA, KeyAlg.RSA, Provider.Default),
- new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun),
- new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun),
- new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun),
+ new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Sun, 1024),
+ new Test(SigAlg.SHA224withDSA, KeyAlg.DSA, Provider.Sun, 2048),
+ new Test(SigAlg.SHA256withDSA, KeyAlg.DSA, Provider.Sun, 2048),
};
private static final String str = "to-be-signed";
@@ -139,6 +145,9 @@ public class Chain {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
test.keyAlg.name);
for (int j=0; j < N; j++) {
+ if (test.keySize != -1) {
+ kpg.initialize(test.keySize);
+ }
KeyPair kp = kpg.genKeyPair();
KeyPair anotherKp = kpg.genKeyPair();
privKeys[j] = kp.getPrivate();
diff --git a/test/sun/security/provider/DSA/TestAlgParameterGenerator.java b/test/sun/security/provider/DSA/TestAlgParameterGenerator.java
index c416c1d8423e921c8ee6e750572e2ccb1fd510c3..43ed0a9980b76263c26a18b3b12f7f0c16ff1015 100644
--- a/test/sun/security/provider/DSA/TestAlgParameterGenerator.java
+++ b/test/sun/security/provider/DSA/TestAlgParameterGenerator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 7044060
+ * @bug 7044060 8181048
* @summary verify that DSA parameter generation works
* @run main/othervm/timeout=300 TestAlgParameterGenerator
*/
@@ -78,7 +78,6 @@ public class TestAlgParameterGenerator {
AlgorithmParameters param = apg.generateParameters();
stop = System.currentTimeMillis();
System.out.println("Time: " + (stop - start) + " ms.");
- checkParamStrength(param, 1024);
// make sure the old model works
int[] strengths = { 512, 768, 1024 };
diff --git a/test/sun/security/provider/DSA/TestKeyPairGenerator.java b/test/sun/security/provider/DSA/TestKeyPairGenerator.java
index 10483d5e66cf9f5c6d0685b5e6d739e40535caae..79f669fc0399aed4bc05c93ec2d3f2cd93bbfbd9 100644
--- a/test/sun/security/provider/DSA/TestKeyPairGenerator.java
+++ b/test/sun/security/provider/DSA/TestKeyPairGenerator.java
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@
/*
* @test
- * @bug 4800108
+ * @bug 4800108 8181048
* @summary verify that precomputed DSA parameters are always used (512, 768, 1024, 2048 bit)
* @run main/othervm/timeout=15 TestKeyPairGenerator
*/
@@ -56,15 +56,12 @@ public class TestKeyPairGenerator {
// on JDKs that do not have the fix
kpg = KeyPairGenerator.getInstance("DSA", "SUN");
kp = kpg.generateKeyPair();
- checkKeyLength(kp, 1024);
kpg = KeyPairGenerator.getInstance("DSA", "SUN");
kp = kpg.generateKeyPair();
- checkKeyLength(kp, 1024);
// some other basic tests
kp = kpg.generateKeyPair();
- checkKeyLength(kp, 1024);
kpg.initialize(1024);
kp = kpg.generateKeyPair();
diff --git a/test/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java b/test/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java
new file mode 100644
index 0000000000000000000000000000000000000000..5b4f902aff4e2e5be6616f21e0f83dac86acfce5
--- /dev/null
+++ b/test/sun/security/provider/DSA/TestLegacyDSAKeyPairGenerator.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8181048
+ * @summary verify that when the returned DSA KeyPairGenerator is
+ * an instance of java.security.interfaces.DSAKeyPairGenerator,
+ * the behavior is compliant with the javadoc spec.
+ * @run main/othervm -Djdk.security.legacyDSAKeyPairGenerator=tRUe TestLegacyDSAKeyPairGenerator
+ */
+
+import java.security.*;
+import java.security.interfaces.*;
+
+public class TestLegacyDSAKeyPairGenerator {
+
+ private static void checkKeyLength(KeyPair kp, int len) throws Exception {
+ DSAPublicKey key = (DSAPublicKey)kp.getPublic();
+ int n = key.getParams().getP().bitLength();
+ System.out.println("Key length: " + n);
+ if (len != n) {
+ throw new Exception("Wrong key length");
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", "SUN");
+ // check the returned object implements the legacy interface
+ if (!(kpg instanceof DSAKeyPairGenerator)) {
+ throw new Exception("Should be an instance of DSAKeyPairGenerator");
+ }
+ System.out.println("Returned an instance of DSAKeyPairGenerator");
+ // check the default key size is 1024 when initiaize(..) is not called
+ KeyPair kp1 = kpg.generateKeyPair();
+ checkKeyLength(kp1, 1024);
+ KeyPair kp2 = kpg.generateKeyPair();
+ checkKeyLength(kp2, 1024);
+ System.out.println("Used 1024 default key size");
+
+ // check kp1 and kp2 uses the same DSA parameters p, q, g
+ DSAParams param1 = ((DSAPublicKey)kp1.getPublic()).getParams();
+ DSAParams param2 = ((DSAPublicKey)kp2.getPublic()).getParams();
+ if ((param1.getP().compareTo(param2.getP()) != 0) ||
+ (param1.getQ().compareTo(param2.getQ()) != 0) ||
+ (param1.getG().compareTo(param2.getG()) != 0)) {
+ throw new RuntimeException("Key params mismatch");
+ }
+ System.out.println("Used same default params");
+
+ // check that the documented exception is thrown if no cached parameters
+ int sizeNotInCache = (1024 - 64);
+ try {
+ ((DSAKeyPairGenerator)kpg).initialize(sizeNotInCache, false, null);
+ throw new RuntimeException("Expected IPE not thrown");
+ } catch (InvalidParameterException ipe) {
+ System.out.println("Throwed expected IPE");
+ }
+ ((DSAKeyPairGenerator)kpg).initialize(sizeNotInCache, true, null);
+ KeyPair kp = kpg.generateKeyPair();
+ checkKeyLength(kp, sizeNotInCache);
+ System.out.println("Generated requested key size");
+ }
+}