Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 c13657e3 编写于 作者: X xuelei
浏览文件
操作

7027797: take care of ECDH_anon/DH_anon server key exchange for TLS 1.2 

Summary: the signature of server key exanage message could be null
Reviewed-by: vinnie
上级 2419285b
显示空白变更内容
内联 并排
Showing with 401 addition and 109 deletion
src/share/classes/sun/security/ssl/HandshakeMessage.java
浏览文件 @ c13657e3
/* /*
* copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -694,47 +694,6 @@ class DH_ServerKeyExchange extends ServerKeyExchange ...@@ -694,47 +694,6 @@ class DH_ServerKeyExchange extends ServerKeyExchange
// the preferable signature algorithm used by this ServerKeyExchange message // the preferable signature algorithm used by this ServerKeyExchange message
private SignatureAndHashAlgorithm preferableSignatureAlgorithm; private SignatureAndHashAlgorithm preferableSignatureAlgorithm;
/* Return the Diffie-Hellman modulus */
BigInteger getModulus() {
return new BigInteger(1, dh_p);
}
/* Return the Diffie-Hellman base/generator */
BigInteger getBase() {
return new BigInteger(1, dh_g);
}
/* Return the server's Diffie-Hellman public key */
BigInteger getServerPublicKey() {
return new BigInteger(1, dh_Ys);
}
/*
* Update sig with nonces and Diffie-Hellman public key.
*/
private void updateSignature(Signature sig, byte clntNonce[],
byte svrNonce[]) throws SignatureException {
int tmp;
sig.update(clntNonce);
sig.update(svrNonce);
tmp = dh_p.length;
sig.update((byte)(tmp >> 8));
sig.update((byte)(tmp & 0x0ff));
sig.update(dh_p);
tmp = dh_g.length;
sig.update((byte)(tmp >> 8));
sig.update((byte)(tmp & 0x0ff));
sig.update(dh_g);
tmp = dh_Ys.length;
sig.update((byte)(tmp >> 8));
sig.update((byte)(tmp & 0x0ff));
sig.update(dh_Ys);
}
/* /*
* Construct from initialized DH key object, for DH_anon * Construct from initialized DH key object, for DH_anon
* key exchange. * key exchange.
...@@ -779,12 +738,6 @@ class DH_ServerKeyExchange extends ServerKeyExchange ...@@ -779,12 +738,6 @@ class DH_ServerKeyExchange extends ServerKeyExchange
signature = sig.sign(); signature = sig.sign();
} }
private void setValues(DHCrypt obj) {
dh_p = toByteArray(obj.getModulus());
dh_g = toByteArray(obj.getBase());
dh_Ys = toByteArray(obj.getPublicKey());
}
/* /*
* Construct a DH_ServerKeyExchange message from an input * Construct a DH_ServerKeyExchange message from an input
* stream, as if sent from server to client for use with * stream, as if sent from server to client for use with
...@@ -875,6 +828,53 @@ class DH_ServerKeyExchange extends ServerKeyExchange ...@@ -875,6 +828,53 @@ class DH_ServerKeyExchange extends ServerKeyExchange
} }
} }
/* Return the Diffie-Hellman modulus */
BigInteger getModulus() {
return new BigInteger(1, dh_p);
}
/* Return the Diffie-Hellman base/generator */
BigInteger getBase() {
return new BigInteger(1, dh_g);
}
/* Return the server's Diffie-Hellman public key */
BigInteger getServerPublicKey() {
return new BigInteger(1, dh_Ys);
}
/*
* Update sig with nonces and Diffie-Hellman public key.
*/
private void updateSignature(Signature sig, byte clntNonce[],
byte svrNonce[]) throws SignatureException {
int tmp;
sig.update(clntNonce);
sig.update(svrNonce);
tmp = dh_p.length;
sig.update((byte)(tmp >> 8));
sig.update((byte)(tmp & 0x0ff));
sig.update(dh_p);
tmp = dh_g.length;
sig.update((byte)(tmp >> 8));
sig.update((byte)(tmp & 0x0ff));
sig.update(dh_g);
tmp = dh_Ys.length;
sig.update((byte)(tmp >> 8));
sig.update((byte)(tmp & 0x0ff));
sig.update(dh_Ys);
}
private void setValues(DHCrypt obj) {
dh_p = toByteArray(obj.getModulus());
dh_g = toByteArray(obj.getBase());
dh_Ys = toByteArray(obj.getPublicKey());
}
int messageLength() { int messageLength() {
int temp = 6; // overhead for p, g, y(s) values. int temp = 6; // overhead for p, g, y(s) values.
...@@ -945,8 +945,7 @@ class DH_ServerKeyExchange extends ServerKeyExchange ...@@ -945,8 +945,7 @@ class DH_ServerKeyExchange extends ServerKeyExchange
* We support named curves only, no explicitly encoded curves. * We support named curves only, no explicitly encoded curves.
*/ */
static final static final
class ECDH_ServerKeyExchange extends ServerKeyExchange class ECDH_ServerKeyExchange extends ServerKeyExchange {
{
// constants for ECCurveType // constants for ECCurveType
private final static int CURVE_EXPLICIT_PRIME = 1; private final static int CURVE_EXPLICIT_PRIME = 1;
...@@ -1120,11 +1119,13 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange ...@@ -1120,11 +1119,13 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange
} }
int messageLength() { int messageLength() {
int sigLen = (signatureBytes == null) ? 0 : 2 + signatureBytes.length; int sigLen = 0;
if (signatureBytes != null) {
sigLen = 2 + signatureBytes.length;
if (protocolVersion.v >= ProtocolVersion.TLS12.v) { if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
sigLen += SignatureAndHashAlgorithm.sizeInRecord(); sigLen += SignatureAndHashAlgorithm.sizeInRecord();
} }
}
return 4 + pointBytes.length + sigLen; return 4 + pointBytes.length + sigLen;
} }
...@@ -1133,12 +1134,13 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange ...@@ -1133,12 +1134,13 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange
s.putInt8(CURVE_NAMED_CURVE); s.putInt8(CURVE_NAMED_CURVE);
s.putInt16(curveId); s.putInt16(curveId);
s.putBytes8(pointBytes); s.putBytes8(pointBytes);
if (signatureBytes != null) {
if (protocolVersion.v >= ProtocolVersion.TLS12.v) { if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
s.putInt8(preferableSignatureAlgorithm.getHashValue()); s.putInt8(preferableSignatureAlgorithm.getHashValue());
s.putInt8(preferableSignatureAlgorithm.getSignatureValue()); s.putInt8(preferableSignatureAlgorithm.getSignatureValue());
} }
if (signatureBytes != null) {
s.putBytes16(signatureBytes); s.putBytes16(signatureBytes);
} }
} }
...@@ -1147,10 +1149,14 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange ...@@ -1147,10 +1149,14 @@ class ECDH_ServerKeyExchange extends ServerKeyExchange
s.println("*** ECDH ServerKeyExchange"); s.println("*** ECDH ServerKeyExchange");
if (debug != null && Debug.isOn("verbose")) { if (debug != null && Debug.isOn("verbose")) {
if (signatureBytes == null) {
s.println("Anonymous");
} else {
if (protocolVersion.v >= ProtocolVersion.TLS12.v) { if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
s.println("Signature Algorithm " + s.println("Signature Algorithm " +
preferableSignatureAlgorithm.getAlgorithmName()); preferableSignatureAlgorithm.getAlgorithmName());
} }
}
s.println("Server key: " + publicKey); s.println("Server key: " + publicKey);
} }
......
test/sun/security/ec/TestEC.java
浏览文件 @ c13657e3
/* /*
* Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -25,8 +25,6 @@ ...@@ -25,8 +25,6 @@
* @test * @test
* @bug 6840752 * @bug 6840752
* @summary Provide out-of-the-box support for ECC algorithms * @summary Provide out-of-the-box support for ECC algorithms
* @ignore JSSE supported cipher suites are changed with CR 6916074,
* need to update this test case in JDK 7 soon
* @library ../pkcs11 * @library ../pkcs11
* @library ../pkcs11/ec * @library ../pkcs11/ec
* @library ../pkcs11/sslecc * @library ../pkcs11/sslecc
......
test/sun/security/pkcs11/fips/CipherTest.java
浏览文件 @ c13657e3
/* /*
* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -114,29 +114,125 @@ public class CipherTest { ...@@ -114,29 +114,125 @@ public class CipherTest {
} }
boolean isEnabled() { boolean isEnabled() {
// ignore SCSV return TLSCipherStatus.isEnabled(cipherSuite, protocol);
if (cipherSuite.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
return false;
} }
// ignore exportable cipher suite for TLSv1.1 public String toString() {
if (protocol.equals("TLSv1.1")) { String s = cipherSuite + " in " + protocol + " mode";
if(cipherSuite.indexOf("_EXPORT_") != -1) { if (clientAuth != null) {
return false; s += " with " + clientAuth + " client authentication";
} }
return s;
}
static enum TLSCipherStatus {
// cipher suites supported since TLS 1.2
CS_01("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_02("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_03("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_04("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_05("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_06("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_07("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_08("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_09("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_10("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_11("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_12("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_13("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_14("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_15("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_16("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_17("TLS_RSA_WITH_NULL_SHA256", 0x0303, 0xFFFF),
// cipher suites obsoleted since TLS 1.2
CS_50("SSL_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_51("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_52("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_53("SSL_DH_anon_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_54("TLS_KRB5_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_55("TLS_KRB5_WITH_DES_CBC_MD5", 0x0000, 0x0303),
// cipher suites obsoleted since TLS 1.1
CS_60("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_61("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_62("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_63("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_64("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_65("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_66("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0000, 0x0302),
CS_67("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_68("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0000, 0x0302),
CS_69("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0000, 0x0302),
// ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always
CS_99("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0xFFFF, 0x0000);
// the cipher suite name
final String cipherSuite;
// supported since protocol version
final int supportedSince;
// obsoleted since protocol version
final int obsoletedSince;
TLSCipherStatus(String cipherSuite,
int supportedSince, int obsoletedSince) {
this.cipherSuite = cipherSuite;
this.supportedSince = supportedSince;
this.obsoletedSince = obsoletedSince;
}
static boolean isEnabled(String cipherSuite, String protocol) {
int versionNumber = toVersionNumber(protocol);
if (versionNumber < 0) {
return true; // unlikely to happen
}
for (TLSCipherStatus status : TLSCipherStatus.values()) {
if (cipherSuite.equals(status.cipherSuite)) {
if ((versionNumber < status.supportedSince) ||
(versionNumber >= status.obsoletedSince)) {
return false;
} }
return true; return true;
} }
}
public String toString() { return true;
String s = cipherSuite + " in " + protocol + " mode";
if (clientAuth != null) {
s += " with " + clientAuth + " client authentication";
} }
return s;
private static int toVersionNumber(String protocol) {
int versionNumber = -1;
switch (protocol) {
case "SSLv2Hello":
versionNumber = 0x0002;
break;
case "SSLv3":
versionNumber = 0x0300;
break;
case "TLSv1":
versionNumber = 0x0301;
break;
case "TLSv1.1":
versionNumber = 0x0302;
break;
case "TLSv1.2":
versionNumber = 0x0303;
break;
default:
// unlikely to happen
} }
return versionNumber;
}
}
} }
private List<TestParameters> tests; private List<TestParameters> tests;
......
test/sun/security/pkcs11/sslecc/CipherTest.java
浏览文件 @ c13657e3
/* /*
* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -114,29 +114,125 @@ public class CipherTest { ...@@ -114,29 +114,125 @@ public class CipherTest {
} }
boolean isEnabled() { boolean isEnabled() {
// ignore SCSV return TLSCipherStatus.isEnabled(cipherSuite, protocol);
if (cipherSuite.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
return false;
} }
// ignore exportable cipher suite for TLSv1.1 public String toString() {
if (protocol.equals("TLSv1.1")) { String s = cipherSuite + " in " + protocol + " mode";
if(cipherSuite.indexOf("_EXPORT_") != -1) { if (clientAuth != null) {
return false; s += " with " + clientAuth + " client authentication";
}
return s;
} }
static enum TLSCipherStatus {
// cipher suites supported since TLS 1.2
CS_01("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_02("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_03("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_04("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_05("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_06("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_07("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_08("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_09("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_10("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_11("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_12("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_13("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_14("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_15("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_16("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_17("TLS_RSA_WITH_NULL_SHA256", 0x0303, 0xFFFF),
// cipher suites obsoleted since TLS 1.2
CS_50("SSL_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_51("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_52("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_53("SSL_DH_anon_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_54("TLS_KRB5_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_55("TLS_KRB5_WITH_DES_CBC_MD5", 0x0000, 0x0303),
// cipher suites obsoleted since TLS 1.1
CS_60("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_61("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_62("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_63("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_64("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_65("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_66("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0000, 0x0302),
CS_67("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_68("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0000, 0x0302),
CS_69("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0000, 0x0302),
// ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always
CS_99("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0xFFFF, 0x0000);
// the cipher suite name
final String cipherSuite;
// supported since protocol version
final int supportedSince;
// obsoleted since protocol version
final int obsoletedSince;
TLSCipherStatus(String cipherSuite,
int supportedSince, int obsoletedSince) {
this.cipherSuite = cipherSuite;
this.supportedSince = supportedSince;
this.obsoletedSince = obsoletedSince;
}
static boolean isEnabled(String cipherSuite, String protocol) {
int versionNumber = toVersionNumber(protocol);
if (versionNumber < 0) {
return true; // unlikely to happen
}
for (TLSCipherStatus status : TLSCipherStatus.values()) {
if (cipherSuite.equals(status.cipherSuite)) {
if ((versionNumber < status.supportedSince) ||
(versionNumber >= status.obsoletedSince)) {
return false;
} }
return true; return true;
} }
}
public String toString() { return true;
String s = cipherSuite + " in " + protocol + " mode";
if (clientAuth != null) {
s += " with " + clientAuth + " client authentication";
} }
return s;
private static int toVersionNumber(String protocol) {
int versionNumber = -1;
switch (protocol) {
case "SSLv2Hello":
versionNumber = 0x0002;
break;
case "SSLv3":
versionNumber = 0x0300;
break;
case "TLSv1":
versionNumber = 0x0301;
break;
case "TLSv1.1":
versionNumber = 0x0302;
break;
case "TLSv1.2":
versionNumber = 0x0303;
break;
default:
// unlikely to happen
} }
return versionNumber;
}
}
} }
private List<TestParameters> tests; private List<TestParameters> tests;
...@@ -170,11 +266,13 @@ public class CipherTest { ...@@ -170,11 +266,13 @@ public class CipherTest {
// no client with anonymous ciphersuites // no client with anonymous ciphersuites
continue; continue;
} }
tests.add(new TestParameters(cipherSuite, protocol, tests.add(new TestParameters(cipherSuite, protocol,
clientAuth)); clientAuth));
} }
} }
} }
testIterator = tests.iterator(); testIterator = tests.iterator();
} }
......
test/sun/security/ssl/sanity/interop/CipherTest.java
浏览文件 @ c13657e3
/* /*
* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -115,29 +115,125 @@ public class CipherTest { ...@@ -115,29 +115,125 @@ public class CipherTest {
} }
boolean isEnabled() { boolean isEnabled() {
// ignore SCSV return TLSCipherStatus.isEnabled(cipherSuite, protocol);
if (cipherSuite.equals("TLS_EMPTY_RENEGOTIATION_INFO_SCSV")) {
return false;
} }
// ignore exportable cipher suite for TLSv1.1 public String toString() {
if (protocol.equals("TLSv1.1")) { String s = cipherSuite + " in " + protocol + " mode";
if(cipherSuite.indexOf("_EXPORT_") != -1) { if (clientAuth != null) {
return false; s += " with " + clientAuth + " client authentication";
} }
return s;
}
static enum TLSCipherStatus {
// cipher suites supported since TLS 1.2
CS_01("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_02("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_03("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_04("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_05("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
CS_06("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_07("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_08("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_09("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_10("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_11("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_12("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_13("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_14("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_15("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
CS_16("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
CS_17("TLS_RSA_WITH_NULL_SHA256", 0x0303, 0xFFFF),
// cipher suites obsoleted since TLS 1.2
CS_50("SSL_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_51("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_52("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_53("SSL_DH_anon_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_54("TLS_KRB5_WITH_DES_CBC_SHA", 0x0000, 0x0303),
CS_55("TLS_KRB5_WITH_DES_CBC_MD5", 0x0000, 0x0303),
// cipher suites obsoleted since TLS 1.1
CS_60("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_61("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_62("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_63("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_64("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_65("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
CS_66("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0000, 0x0302),
CS_67("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
CS_68("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0000, 0x0302),
CS_69("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0000, 0x0302),
// ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always
CS_99("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0xFFFF, 0x0000);
// the cipher suite name
final String cipherSuite;
// supported since protocol version
final int supportedSince;
// obsoleted since protocol version
final int obsoletedSince;
TLSCipherStatus(String cipherSuite,
int supportedSince, int obsoletedSince) {
this.cipherSuite = cipherSuite;
this.supportedSince = supportedSince;
this.obsoletedSince = obsoletedSince;
}
static boolean isEnabled(String cipherSuite, String protocol) {
int versionNumber = toVersionNumber(protocol);
if (versionNumber < 0) {
return true; // unlikely to happen
}
for (TLSCipherStatus status : TLSCipherStatus.values()) {
if (cipherSuite.equals(status.cipherSuite)) {
if ((versionNumber < status.supportedSince) ||
(versionNumber >= status.obsoletedSince)) {
return false;
} }
return true; return true;
} }
}
public String toString() { return true;
String s = cipherSuite + " in " + protocol + " mode";
if (clientAuth != null) {
s += " with " + clientAuth + " client authentication";
} }
return s;
private static int toVersionNumber(String protocol) {
int versionNumber = -1;
switch (protocol) {
case "SSLv2Hello":
versionNumber = 0x0002;
break;
case "SSLv3":
versionNumber = 0x0300;
break;
case "TLSv1":
versionNumber = 0x0301;
break;
case "TLSv1.1":
versionNumber = 0x0302;
break;
case "TLSv1.2":
versionNumber = 0x0303;
break;
default:
// unlikely to happen
} }
return versionNumber;
}
}
} }
private List<TestParameters> tests; private List<TestParameters> tests;
......
test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java
浏览文件 @ c13657e3
/* /*
* Copyright (c) 2002, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -25,8 +25,6 @@ ...@@ -25,8 +25,6 @@
* @test * @test
* @bug 4496785 * @bug 4496785
* @summary Verify that all ciphersuites work in all configurations * @summary Verify that all ciphersuites work in all configurations
* @ignore JSSE supported cipher suites are changed with CR 6916074,
* need to update this test case in JDK 7 soon
* @author Andreas Sterbenz * @author Andreas Sterbenz
* @run main/othervm/timeout=300 ClientJSSEServerJSSE * @run main/othervm/timeout=300 ClientJSSEServerJSSE
*/ */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册