From 6d6712d4c434ceafa2b5a827a814ebff50045664 Mon Sep 17 00:00:00 2001 From: valeriep Date: Thu, 24 Sep 2015 18:16:56 +0000 Subject: [PATCH] 8075286: Additional tests for signature algorithm OIDs and transformation string Summary: SQE test co-location effort Reviewed-by: valeriep Contributed-by: sha.jiang@oracle.com --- .../provider/NSASuiteB/TestAESOids.java | 194 ++++++++++++++++++ .../provider/NSASuiteB/TestAESWrapOids.java | 154 ++++++++++++++ .../provider/NSASuiteB/TestHmacSHAOids.java | 116 +++++++++++ test/sun/security/TestSignatureOidHelper.java | 124 +++++++++++ .../TestSHAwithECDSASignatureOids.java | 50 +++++ .../NSASuiteB/TestDSAGenParameterSpec.java | 185 +++++++++++++++++ .../provider/NSASuiteB/TestSHAOids.java | 103 ++++++++++ .../TestSHAwithDSASignatureOids.java | 47 +++++ 8 files changed, 973 insertions(+) create mode 100644 test/com/sun/crypto/provider/NSASuiteB/TestAESOids.java create mode 100644 test/com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java create mode 100644 test/com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java create mode 100644 test/sun/security/TestSignatureOidHelper.java create mode 100644 test/sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java create mode 100644 test/sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java create mode 100644 test/sun/security/provider/NSASuiteB/TestSHAOids.java create mode 100644 test/sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java diff --git a/test/com/sun/crypto/provider/NSASuiteB/TestAESOids.java b/test/com/sun/crypto/provider/NSASuiteB/TestAESOids.java new file mode 100644 index 000000000..062c34ced --- /dev/null +++ b/test/com/sun/crypto/provider/NSASuiteB/TestAESOids.java @@ -0,0 +1,194 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import static javax.crypto.Cipher.ENCRYPT_MODE; +import static javax.crypto.Cipher.getMaxAllowedKeyLength; + +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.spec.AlgorithmParameterSpec; +import java.util.Arrays; +import java.util.List; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.KeyGenerator; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; + +/* + * @test + * @bug 8075286 + * @summary Test the AES algorithm OIDs in JDK. + * OID and Algorithm transformation string should match. + * Both could be able to be used to generate the algorithm instance. + * @run main TestAESOids + */ +public class TestAESOids { + + private static final String PROVIDER_NAME = "SunJCE"; + private static final byte[] INPUT = "1234567890123456".getBytes(); + + private static final List DATA = Arrays.asList( + new DataTuple("2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding", + 128, "ECB"), + new DataTuple("2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding", + 128, "CBC"), + new DataTuple("2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding", + 128, "OFB"), + new DataTuple("2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding", + 128, "CFB"), + new DataTuple("2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding", + 192, "ECB"), + new DataTuple("2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding", + 192, "CBC"), + new DataTuple("2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding", + 192, "OFB"), + new DataTuple("2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding", + 192, "CFB"), + new DataTuple("2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding", + 256, "ECB"), + new DataTuple("2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding", + 256, "CBC"), + new DataTuple("2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding", + 256, "OFB"), + new DataTuple("2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding", + 256, "CFB")); + + public static void main(String[] args) throws Exception { + for (DataTuple dataTuple : DATA) { + int maxAllowedKeyLength = + getMaxAllowedKeyLength(dataTuple.algorithm); + boolean supportedKeyLength = + maxAllowedKeyLength >= dataTuple.keyLength; + + try { + runTest(dataTuple, supportedKeyLength); + System.out.println("passed"); + } catch (InvalidKeyException ike) { + if (supportedKeyLength) { + throw new RuntimeException(String.format( + "The key length %d is supported, but test failed.", + dataTuple.keyLength), ike); + } else { + System.out.printf( + "Catch expected InvalidKeyException due " + + "to the key length %d is greater than " + + "max supported key length %d%n", + dataTuple.keyLength, maxAllowedKeyLength); + } + } + } + } + + private static void runTest(DataTuple dataTuple, + boolean supportedKeyLength) throws NoSuchAlgorithmException, + NoSuchProviderException, NoSuchPaddingException, + InvalidKeyException, ShortBufferException, + IllegalBlockSizeException, BadPaddingException, + InvalidAlgorithmParameterException { + Cipher algorithmCipher = Cipher.getInstance(dataTuple.algorithm, + PROVIDER_NAME); + Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME); + + if (algorithmCipher == null) { + throw new RuntimeException( + String.format("Test failed: algorithm string %s getInstance" + + " failed.%n", dataTuple.algorithm)); + } + + if (oidCipher == null) { + throw new RuntimeException( + String.format("Test failed: OID %s getInstance failed.%n", + dataTuple.oid)); + } + + if (!algorithmCipher.getAlgorithm().equals(dataTuple.algorithm)) { + throw new RuntimeException(String.format( + "Test failed: algorithm string %s getInstance " + + "doesn't generate expected algorithm.%n", + dataTuple.algorithm)); + } + + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(dataTuple.keyLength); + SecretKey key = kg.generateKey(); + + // encrypt + algorithmCipher.init(ENCRYPT_MODE, key); + if (!supportedKeyLength) { + throw new RuntimeException(String.format( + "The key length %d is not supported, so the initialization " + + "of algorithmCipher should fail.%n", + dataTuple.keyLength)); + } + + byte[] cipherText = new byte[algorithmCipher.getOutputSize(INPUT.length)]; + int offset = algorithmCipher.update(INPUT, 0, INPUT.length, + cipherText, 0); + algorithmCipher.doFinal(cipherText, offset); + + AlgorithmParameterSpec aps = null; + if (!dataTuple.mode.equalsIgnoreCase("ECB")) { + aps = new IvParameterSpec(algorithmCipher.getIV()); + } + + oidCipher.init(Cipher.DECRYPT_MODE, key, aps); + if (!supportedKeyLength) { + throw new RuntimeException(String.format( + "The key length %d is not supported, so the " + + "initialization of oidCipher should fail.%n", + dataTuple.keyLength)); + } + + byte[] recoveredText = new byte[oidCipher.getOutputSize(cipherText.length)]; + oidCipher.doFinal(cipherText, 0, cipherText.length, recoveredText); + + // Comparison + if (!Arrays.equals(INPUT, recoveredText)) { + throw new RuntimeException( + "Decrypted data is not the same as the original text"); + } + } + + private static class DataTuple { + + private final String oid; + private final String algorithm; + private final int keyLength; + private final String mode; + + private DataTuple(String oid, String algorithm, int keyLength, + String mode) { + this.oid = oid; + this.algorithm = algorithm; + this.keyLength = keyLength; + this.mode = mode; + } + } +} diff --git a/test/com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java b/test/com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java new file mode 100644 index 000000000..2db96a52b --- /dev/null +++ b/test/com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import static javax.crypto.Cipher.getMaxAllowedKeyLength; + +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.util.Arrays; +import java.util.List; + +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.KeyGenerator; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; + +/* + * @test + * @bug 8075286 + * @summary Test the AESWrap algorithm OIDs in JDK. + * OID and Algorithm transformation string should match. + * Both could be able to be used to generate the algorithm instance. + * @run main TestAESWrapOids + */ +public class TestAESWrapOids { + + private static final String PROVIDER_NAME = "SunJCE"; + + private static final List DATA = Arrays.asList( + new DataTuple("2.16.840.1.101.3.4.1.5", "AESWrap_128", 128), + new DataTuple("2.16.840.1.101.3.4.1.25", "AESWrap_192", 192), + new DataTuple("2.16.840.1.101.3.4.1.45", "AESWrap_256", 256)); + + public static void main(String[] args) throws Exception { + for (DataTuple dataTuple : DATA) { + int maxAllowedKeyLength = getMaxAllowedKeyLength( + dataTuple.algorithm); + boolean supportedKeyLength = + maxAllowedKeyLength >= dataTuple.keyLength; + + try { + runTest(dataTuple, supportedKeyLength); + System.out.println("passed"); + } catch (InvalidKeyException ike) { + if (supportedKeyLength) { + throw new RuntimeException(String.format( + "The key length %d is supported, but test failed.", + dataTuple.keyLength), ike); + } else { + System.out.printf( + "Catch expected InvalidKeyException " + + "due to the key length %d is greater " + + "than max supported key length %d%n", + dataTuple.keyLength, maxAllowedKeyLength); + } + } + } + } + + private static void runTest(DataTuple dataTuple, boolean supportedKeyLength) + throws NoSuchAlgorithmException, NoSuchProviderException, + NoSuchPaddingException, InvalidKeyException, + IllegalBlockSizeException { + Cipher algorithmCipher = Cipher.getInstance( + dataTuple.algorithm, PROVIDER_NAME); + Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME); + + if (algorithmCipher == null) { + throw new RuntimeException(String.format( + "Test failed: algorithm string %s getInstance failed.%n", + dataTuple.algorithm)); + } + + if (oidCipher == null) { + throw new RuntimeException( + String.format("Test failed: OID %s getInstance failed.%n", + dataTuple.oid)); + } + + if (!algorithmCipher.getAlgorithm().equals( + dataTuple.algorithm)) { + throw new RuntimeException(String.format( + "Test failed: algorithm string %s getInstance " + + "doesn't generate expected algorithm.%n", + dataTuple.oid)); + } + + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(dataTuple.keyLength); + SecretKey key = kg.generateKey(); + + // Wrap the key + algorithmCipher.init(Cipher.WRAP_MODE, key); + if (!supportedKeyLength) { + throw new RuntimeException(String.format( + "The key length %d is not supported, so the initialization" + + " of algorithmCipher should fail.%n", + dataTuple.keyLength)); + } + + // Unwrap the key + oidCipher.init(Cipher.UNWRAP_MODE, key); + if (!supportedKeyLength) { + throw new RuntimeException(String.format( + "The key length %d is not supported, so the initialization" + + " of oidCipher should fail.%n", + dataTuple.keyLength)); + } + + byte[] keyWrapper = algorithmCipher.wrap(key); + Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES", + Cipher.SECRET_KEY); + + // Comparison + if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) { + throw new RuntimeException("Key comparison failed"); + } + } + + private static class DataTuple { + + private final String oid; + private final String algorithm; + private final int keyLength; + + private DataTuple(String oid, String algorithm, int keyLength) { + this.oid = oid; + this.algorithm = algorithm; + this.keyLength = keyLength; + } + } +} diff --git a/test/com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java b/test/com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java new file mode 100644 index 000000000..15110d78d --- /dev/null +++ b/test/com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.util.Arrays; +import java.util.List; + +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; + +/* + * @test + * @bug 8075286 + * @summary Test the HmacSHA algorithm OIDs in JDK. + * OID and Algorithm transformation string should match. + * Both could be able to be used to generate the algorithm instance. + * @run main TestHmacSHAOids + */ +public class TestHmacSHAOids { + + private static final String PROVIDER_NAME = "SunJCE"; + private static final byte[] INPUT = "1234567890".getBytes(); + + private static final List DATA = Arrays.asList( + new DataTuple("1.2.840.113549.2.7", "HmacSHA1"), + new DataTuple("1.2.840.113549.2.8", "HmacSHA224"), + new DataTuple("1.2.840.113549.2.9", "HmacSHA256"), + new DataTuple("1.2.840.113549.2.10", "HmacSHA384"), + new DataTuple("1.2.840.113549.2.11", "HmacSHA512")); + + public static void main(String[] args) throws Exception { + for (DataTuple dataTuple : DATA) { + runTest(dataTuple); + System.out.println("passed"); + } + System.out.println("All tests passed"); + } + + private static void runTest(DataTuple dataTuple) + throws NoSuchAlgorithmException, NoSuchProviderException, + InvalidKeyException { + Mac mcAlgorithm = Mac.getInstance(dataTuple.algorithm, + PROVIDER_NAME); + Mac mcOid = Mac.getInstance(dataTuple.oid, PROVIDER_NAME); + + if (mcAlgorithm == null) { + throw new RuntimeException(String.format( + "Test failed: Mac using algorithm " + + "string %s getInstance failed.%n", + dataTuple.algorithm)); + } + + if (mcOid == null) { + throw new RuntimeException(String.format( + "Test failed: Mac using OID %s getInstance failed.%n", + dataTuple.oid)); + } + + if (!mcAlgorithm.getAlgorithm().equals(dataTuple.algorithm)) { + throw new RuntimeException(String.format( + "Test failed: Mac using algorithm string %s getInstance " + + "doesn't generate expected algorithm.%n", + dataTuple.algorithm)); + } + + KeyGenerator kg = KeyGenerator.getInstance(dataTuple.algorithm, + PROVIDER_NAME); + SecretKey key = kg.generateKey(); + + mcAlgorithm.init(key); + mcAlgorithm.update(INPUT); + + mcOid.init(key); + mcOid.update(INPUT); + + // Comparison + if (!Arrays.equals(mcAlgorithm.doFinal(), mcOid.doFinal())) { + throw new RuntimeException("Digest comparison failed: " + + "the two MACs are not the same"); + } + } + + private static class DataTuple { + + private final String oid; + private final String algorithm; + + private DataTuple(String oid, String algorithm) { + this.oid = oid; + this.algorithm = algorithm; + } + } +} diff --git a/test/sun/security/TestSignatureOidHelper.java b/test/sun/security/TestSignatureOidHelper.java new file mode 100644 index 000000000..be135992b --- /dev/null +++ b/test/sun/security/TestSignatureOidHelper.java @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Signature; +import java.security.SignatureException; +import java.util.List; + +/* + * Utilities for testing the signature algorithm OIDs. + */ +public class TestSignatureOidHelper { + + private static final byte[] INPUT = "1234567890".getBytes(); + + private final String algorithm; + + private final String provider; + + private final int keySize; + + private final List data; + + public TestSignatureOidHelper(String algorithm, String provider, + int keySize, List data) { + this.algorithm = algorithm; + this.provider = provider; + this.keySize = keySize; + this.data = data; + } + + public void execute() throws Exception { + KeyPair keyPair = createKeyPair(); + for (OidAlgorithmPair oidAlgorithmPair : data) { + runTest(oidAlgorithmPair, keyPair); + System.out.println("passed"); + } + System.out.println("All tests passed"); + } + + private KeyPair createKeyPair() + throws NoSuchAlgorithmException, NoSuchProviderException { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm, + provider); + keyGen.initialize(keySize); + return keyGen.generateKeyPair(); + } + + private void runTest(OidAlgorithmPair oidAlgorithmPair, KeyPair keyPair) + throws NoSuchAlgorithmException, NoSuchProviderException, + InvalidKeyException, SignatureException { + Signature sgAlgorithm = + Signature.getInstance(oidAlgorithmPair.algorithm, provider); + Signature sgOid = Signature.getInstance(oidAlgorithmPair.oid, provider); + + if (sgAlgorithm == null) { + throw new RuntimeException(String.format( + "Test failed: algorithm string %s getInstance failed.%n", + oidAlgorithmPair.algorithm)); + } + + if (sgOid == null) { + throw new RuntimeException( + String.format("Test failed: OID %s getInstance failed.%n", + oidAlgorithmPair.oid)); + } + + if (!sgAlgorithm.getAlgorithm().equals(oidAlgorithmPair.algorithm)) { + throw new RuntimeException(String.format( + "Test failed: algorithm string %s getInstance " + + "doesn't generate expected algorithm.%n", + oidAlgorithmPair.algorithm)); + } + + sgAlgorithm.initSign(keyPair.getPrivate()); + sgAlgorithm.update(INPUT); + sgOid.initVerify(keyPair.getPublic()); + sgOid.update(INPUT); + if (!sgOid.verify(sgAlgorithm.sign())) { + throw new RuntimeException( + "Signature verification failed unexpectedly"); + } + } +} + +class OidAlgorithmPair { + + public final String oid; + public final String algorithm; + + public OidAlgorithmPair(String oid, String algorithm) { + this.oid = oid; + this.algorithm = algorithm; + } + + @Override + public String toString() { + return "[oid=" + oid + ", algorithm=" + algorithm + "]"; + } +} diff --git a/test/sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java b/test/sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java new file mode 100644 index 000000000..58a810657 --- /dev/null +++ b/test/sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.util.Arrays; +import java.util.List; + +/* + * @test + * @bug 8075286 + * @summary Test the SHAwithECDSA signature algorithm OIDs in JDK. + * OID and algorithm transformation string should match. + * Both could be able to be used to generate the algorithm instance. + * @compile ../../TestSignatureOidHelper.java + * @run main TestSHAwithECDSASignatureOids + */ +public class TestSHAwithECDSASignatureOids { + + private static final List DATA = Arrays.asList( + new OidAlgorithmPair("1.2.840.10045.4.1", "SHA1withECDSA"), + new OidAlgorithmPair("1.2.840.10045.4.3.1", "SHA224withECDSA"), + new OidAlgorithmPair("1.2.840.10045.4.3.2", "SHA256withECDSA"), + new OidAlgorithmPair("1.2.840.10045.4.3.3", "SHA384withECDSA"), + new OidAlgorithmPair("1.2.840.10045.4.3.4", "SHA512withECDSA")); + + public static void main(String[] args) throws Exception { + TestSignatureOidHelper helper = new TestSignatureOidHelper("EC", + "SunEC", 256, DATA); + helper.execute(); + } +} diff --git a/test/sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java b/test/sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java new file mode 100644 index 000000000..43a857f0c --- /dev/null +++ b/test/sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java @@ -0,0 +1,185 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.AlgorithmParameterGenerator; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.spec.DSAGenParameterSpec; +import java.security.spec.DSAParameterSpec; +import java.security.spec.InvalidParameterSpecException; +import java.util.Arrays; +import java.util.List; + +/* + * @test + * @bug 8075286 + * @summary Verify that DSAGenParameterSpec can and can only be used to generate + * DSA within some certain range of key sizes as described in the class + * specification (L, N) as (1024, 160), (2048, 224), (2048, 256) and + * (3072, 256) should be OK for DSAGenParameterSpec. But the real + * implementation SUN doesn't support (3072, 256). + * @run main TestDSAGenParameterSpec + */ +public class TestDSAGenParameterSpec { + + private static final String ALGORITHM_NAME = "DSA"; + private static final String PROVIDER_NAME = "SUN"; + + private static final List DATA = Arrays.asList( + new DataTuple(1024, 160, true, true), + new DataTuple(2048, 224, true, true), + new DataTuple(2048, 256, true, true), + new DataTuple(3072, 256, true, false), + new DataTuple(1024, 224), + new DataTuple(2048, 160), + new DataTuple(4096, 256), + new DataTuple(512, 160), + new DataTuple(3072, 224)); + + private static void testDSAGenParameterSpec(DataTuple dataTuple) + throws NoSuchAlgorithmException, NoSuchProviderException, + InvalidParameterSpecException, InvalidAlgorithmParameterException { + System.out.printf("Test case: primePLen=%d, " + "subprimeQLen=%d%n", + dataTuple.primePLen, dataTuple.subprimeQLen); + + AlgorithmParameterGenerator apg = + AlgorithmParameterGenerator.getInstance(ALGORITHM_NAME, + PROVIDER_NAME); + + DSAGenParameterSpec genParamSpec = createGenParameterSpec(dataTuple); + // genParamSpec will be null if IllegalAE is thrown when expected. + if (genParamSpec == null) { + return; + } + + try { + apg.init(genParamSpec, null); + AlgorithmParameters param = apg.generateParameters(); + + checkParam(param, genParamSpec); + System.out.println("Test case passed"); + } catch (InvalidParameterException ipe) { + // The DSAGenParameterSpec API support this, but the real + // implementation in SUN doesn't + if (!dataTuple.isSunProviderSupported) { + System.out.println("Test case passed: expected " + + "InvalidParameterException is caught"); + } else { + throw new RuntimeException("Test case failed.", ipe); + } + } + } + + private static void checkParam(AlgorithmParameters param, + DSAGenParameterSpec genParam) throws InvalidParameterSpecException, + NoSuchAlgorithmException, NoSuchProviderException, + InvalidAlgorithmParameterException { + String algorithm = param.getAlgorithm(); + if (!algorithm.equalsIgnoreCase(ALGORITHM_NAME)) { + throw new RuntimeException( + "Unexpected type of parameters: " + algorithm); + } + + DSAParameterSpec spec = param.getParameterSpec(DSAParameterSpec.class); + int valueL = spec.getP().bitLength(); + int strengthP = genParam.getPrimePLength(); + if (strengthP != valueL) { + System.out.printf("P: Expected %d but actual %d%n", strengthP, + valueL); + throw new RuntimeException("Wrong P strength"); + } + + int valueN = spec.getQ().bitLength(); + int strengthQ = genParam.getSubprimeQLength(); + if (strengthQ != valueN) { + System.out.printf("Q: Expected %d but actual %d%n", strengthQ, + valueN); + throw new RuntimeException("Wrong Q strength"); + } + + if (genParam.getSubprimeQLength() != genParam.getSeedLength()) { + System.out.println("Defaut seed length should be the same as Q."); + throw new RuntimeException("Wrong seed length"); + } + + // use the parameters to generate real DSA keys + KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM_NAME, + PROVIDER_NAME); + keyGen.initialize(spec); + keyGen.generateKeyPair(); + } + + private static DSAGenParameterSpec createGenParameterSpec( + DataTuple dataTuple) { + DSAGenParameterSpec genParamSpec = null; + try { + genParamSpec = new DSAGenParameterSpec(dataTuple.primePLen, + dataTuple.subprimeQLen); + if (!dataTuple.isDSASpecSupported) { + throw new RuntimeException( + "Test case failed: the key length must not supported"); + } + } catch (IllegalArgumentException e) { + if (!dataTuple.isDSASpecSupported) { + System.out.println("Test case passed: expected " + + "IllegalArgumentException is caught"); + } else { + throw new RuntimeException("Test case failed: unexpected " + + "IllegalArgumentException is thrown", e); + } + } + + return genParamSpec; + } + + public static void main(String[] args) throws Exception { + for (DataTuple dataTuple : DATA) { + testDSAGenParameterSpec(dataTuple); + } + System.out.println("All tests passed"); + } + + private static class DataTuple { + + private int primePLen; + private int subprimeQLen; + private boolean isDSASpecSupported; + private boolean isSunProviderSupported; + + private DataTuple(int primePLen, int subprimeQLen, + boolean isDSASpecSupported, boolean isSunProviderSupported) { + this.primePLen = primePLen; + this.subprimeQLen = subprimeQLen; + this.isDSASpecSupported = isDSASpecSupported; + this.isSunProviderSupported = isSunProviderSupported; + } + + private DataTuple(int primePLen, int subprimeQLen) { + this(primePLen, subprimeQLen, false, false); + } + } +} diff --git a/test/sun/security/provider/NSASuiteB/TestSHAOids.java b/test/sun/security/provider/NSASuiteB/TestSHAOids.java new file mode 100644 index 000000000..66d72b6d8 --- /dev/null +++ b/test/sun/security/provider/NSASuiteB/TestSHAOids.java @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.util.Arrays; +import java.util.List; + +/* + * @test + * @bug 8075286 + * @summary Test the SHA algorithm OIDs in JDK. + * OID and algorithm transformation string should match. + * Both could be able to be used to generate the algorithm instance. + * @run main TestSHAOids + */ +public class TestSHAOids { + + private static final String PROVIDER_NAME = "SUN"; + private static final byte[] INPUT = "1234567890".getBytes(); + + private static final List DATA = Arrays.asList( + new DataTuple("2.16.840.1.101.3.4.2.1", "SHA-256"), + new DataTuple("2.16.840.1.101.3.4.2.2", "SHA-384"), + new DataTuple("2.16.840.1.101.3.4.2.3", "SHA-512"), + new DataTuple("2.16.840.1.101.3.4.2.4", "SHA-224")); + + public static void main(String[] args) throws Exception { + for (DataTuple dataTuple : DATA) { + runTest(dataTuple); + System.out.println("passed"); + } + System.out.println("All tests passed"); + } + + private static void runTest(DataTuple dataTuple) + throws NoSuchAlgorithmException, NoSuchProviderException { + MessageDigest mdAlgorithm = MessageDigest.getInstance( + dataTuple.algorithm, PROVIDER_NAME); + MessageDigest mdOid = MessageDigest.getInstance(dataTuple.oid, + PROVIDER_NAME); + + if (mdAlgorithm == null) { + throw new RuntimeException(String.format( + "Test failed: algorithm string %s getInstance failed.%n", + dataTuple.algorithm)); + } + + if (mdOid == null) { + throw new RuntimeException( + String.format("Test failed: OID %s getInstance failed.%n", + dataTuple.oid)); + } + + if (!mdAlgorithm.getAlgorithm().equals(dataTuple.algorithm)) { + throw new RuntimeException(String.format( + "Test failed: algorithm string %s getInstance doesn't " + + "generate expected algorithm.%n", + dataTuple.algorithm)); + } + + mdAlgorithm.update(INPUT); + mdOid.update(INPUT); + + // Comparison + if (!Arrays.equals(mdAlgorithm.digest(), mdOid.digest())) { + throw new RuntimeException("Digest comparison failed: " + + "the two digests are not the same"); + } + } + + private static class DataTuple { + + private final String oid; + private final String algorithm; + + private DataTuple(String oid, String algorithm) { + this.oid = oid; + this.algorithm = algorithm; + } + } +} diff --git a/test/sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java b/test/sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java new file mode 100644 index 000000000..dad84ccfd --- /dev/null +++ b/test/sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.util.Arrays; +import java.util.List; + +/* + * @test + * @bug 8075286 + * @summary Test the SHAwithDSA signature algorithm OIDs in JDK. + * OID and algorithm transformation string should match. + * Both could be able to be used to generate the algorithm instance. + * @compile ../../TestSignatureOidHelper.java + * @run main TestSHAwithDSASignatureOids + */ +public class TestSHAwithDSASignatureOids { + + private static final List DATA = Arrays.asList( + new OidAlgorithmPair("2.16.840.1.101.3.4.3.1", "SHA224withDSA"), + new OidAlgorithmPair("2.16.840.1.101.3.4.3.2", "SHA256withDSA")); + + public static void main(String[] args) throws Exception { + TestSignatureOidHelper helper = new TestSignatureOidHelper("DSA", + "SUN", 1024, DATA); + helper.execute(); + } +} -- GitLab