mirror of
https://github.com/openjdk/jdk.git
synced 2025-09-24 04:54:40 +02:00
8235710: Remove the legacy elliptic curves
Reviewed-by: xuelei, erikj
This commit is contained in:
Anthony Scarpino
parent
8239b67d4f
commit
0b83fc0150
77 changed files with 107 additions and 20127 deletions
|
|
@ -31,8 +31,6 @@
|
|||
* this test file was covered before with JDK-4936763.
|
||||
* @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true KeyAgreementTest
|
||||
* DiffieHellman DH SunJCE
|
||||
* @run main/othervm -Djdk.sunec.disableNative=false KeyAgreementTest
|
||||
* ECDHNative EC SunEC
|
||||
* @run main KeyAgreementTest ECDH EC SunEC
|
||||
* @run main KeyAgreementTest XDH XDH SunEC
|
||||
*/
|
||||
|
|
@ -56,10 +54,6 @@ public class KeyAgreementTest {
|
|||
String provider = args[2];
|
||||
System.out.println("Testing " + kaAlgo);
|
||||
AlgoSpec aSpec = AlgoSpec.valueOf(AlgoSpec.class, kaAlgo);
|
||||
// Switch kaAlgo to ECDH as it is used for algorithm names
|
||||
if (kaAlgo.equals("ECDHNative")) {
|
||||
kaAlgo = "ECDH";
|
||||
}
|
||||
List<AlgorithmParameterSpec> specs = aSpec.getAlgorithmParameterSpecs();
|
||||
for (AlgorithmParameterSpec spec : specs) {
|
||||
testKeyAgreement(provider, kaAlgo, kpgAlgo, spec);
|
||||
|
|
@ -74,26 +68,7 @@ public class KeyAgreementTest {
|
|||
// EC curve supported for KeyGeneration can found between intersection
|
||||
// of curves define in
|
||||
// "java.base/share/classes/sun/security/util/CurveDB.java"
|
||||
// and
|
||||
// "jdk.crypto.ec/share/native/libsunec/impl/ecdecode.c"
|
||||
ECDHNative(
|
||||
// SEC2 prime curves
|
||||
"secp112r1", "secp112r2", "secp128r1", "secp128r2", "secp160k1",
|
||||
"secp160r1", "secp192k1", "secp192r1", "secp224k1", "secp224r1",
|
||||
"secp256k1", "secp256r1", "secp384r1", "secp521r1", "SECP521R1",
|
||||
// ANSI X9.62 prime curves
|
||||
"X9.62 prime192v2", "X9.62 prime192v3", "X9.62 prime239v1",
|
||||
"X9.62 prime239v2", "X9.62 prime239v3",
|
||||
// SEC2 binary curves
|
||||
"sect113r1", "sect113r2", "sect131r1", "sect131r2", "sect163k1",
|
||||
"sect163r1", "sect163r2", "sect193r1", "sect193r2", "sect233k1",
|
||||
"sect233r1", "sect239k1", "sect283k1", "sect283r1", "sect409k1",
|
||||
"sect409r1", "sect571k1", "sect571r1",
|
||||
// ANSI X9.62 binary curves
|
||||
"X9.62 c2tnb191v1", "X9.62 c2tnb191v2", "X9.62 c2tnb191v3",
|
||||
"X9.62 c2tnb239v1", "X9.62 c2tnb239v2", "X9.62 c2tnb239v3",
|
||||
"X9.62 c2tnb359v1", "X9.62 c2tnb431r1"
|
||||
),
|
||||
|
||||
ECDH("secp256r1", "secp384r1", "secp521r1"),
|
||||
XDH("X25519", "X448", "x25519"),
|
||||
// There is no curve for DiffieHellman
|
||||
|
|
@ -105,7 +80,6 @@ public class KeyAgreementTest {
|
|||
// Generate AlgorithmParameterSpec for each KeyExchangeAlgorithm
|
||||
for (String crv : curves) {
|
||||
switch (this.name()) {
|
||||
case "ECDHNative":
|
||||
case "ECDH":
|
||||
specs.add(new ECGenParameterSpec(crv));
|
||||
break;
|
||||
|
|
@ -128,7 +102,7 @@ public class KeyAgreementTest {
|
|||
}
|
||||
|
||||
/**
|
||||
* Perform KeyAgreement operation using native as well as JCE provider.
|
||||
* Perform KeyAgreement operation
|
||||
*/
|
||||
private static void testKeyAgreement(String provider, String kaAlgo,
|
||||
String kpgAlgo, AlgorithmParameterSpec spec) throws Exception {
|
||||
|
|
|
|||
|
|
@ -37,9 +37,9 @@
|
|||
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 4096
|
||||
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 6144
|
||||
* @run main KeySizeTest DiffieHellman SunJCE DiffieHellman 8192
|
||||
* @run main/othervm -Djdk.sunec.disableNative=false KeySizeTest ECDH SunEC EC 128
|
||||
* @run main/othervm -Djdk.sunec.disableNative=false KeySizeTest ECDH SunEC EC 192
|
||||
* @run main/othervm KeySizeTest ECDH SunEC EC 256
|
||||
* @run main/othervm KeySizeTest ECDH SunEC EC 384
|
||||
* @run main/othervm KeySizeTest ECDH SunEC EC 521
|
||||
* @run main KeySizeTest XDH SunEC XDH 255
|
||||
* @run main KeySizeTest XDH SunEC XDH 448
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -372,14 +372,12 @@ public class SSLSocketTemplate {
|
|||
// Trusted certificates.
|
||||
protected final static Cert[] TRUSTED_CERTS = {
|
||||
Cert.CA_ECDSA_SECP256R1,
|
||||
Cert.CA_ECDSA_SECT283R1,
|
||||
Cert.CA_RSA_2048,
|
||||
Cert.CA_DSA_2048 };
|
||||
|
||||
// End entity certificate.
|
||||
protected final static Cert[] END_ENTITY_CERTS = {
|
||||
Cert.EE_ECDSA_SECP256R1,
|
||||
Cert.EE_ECDSA_SECT283R1,
|
||||
Cert.EE_RSA_2048,
|
||||
Cert.EE_EC_RSA_SECP256R1,
|
||||
Cert.EE_DSA_2048 };
|
||||
|
|
@ -705,32 +703,6 @@ public class SSLSocketTemplate {
|
|||
"p1YdWENftmDoNTJ3O6TNlXb90jKWgAirCXNBUompPtHKkO592eDyGcT1h8qjrKlm\n" +
|
||||
"Kw=="),
|
||||
|
||||
CA_ECDSA_SECT283R1(
|
||||
"EC",
|
||||
// SHA1withECDSA, curve sect283r1
|
||||
// Validity
|
||||
// Not Before: May 26 06:06:52 2020 GMT
|
||||
// Not After : May 21 06:06:52 2040 GMT
|
||||
// Subject Key Identifier:
|
||||
// CF:A3:99:ED:4C:6E:04:41:09:21:31:33:B6:80:D5:A7:BF:2B:98:04
|
||||
"-----BEGIN CERTIFICATE-----\n" +
|
||||
"MIIB8TCCAY+gAwIBAgIJANQFsBngZ3iMMAsGByqGSM49BAEFADBdMQswCQYDVQQG\n" +
|
||||
"EwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNBMQ8wDQYDVQQKEwZPcmFjbGUx\n" +
|
||||
"DzANBgNVBAsTBkpQR1NRRTESMBAGA1UEAxMJc2VjdDI4M3IxMB4XDTIwMDUyNjE4\n" +
|
||||
"MDY1MloXDTQwMDUyMTE4MDY1MlowXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB\n" +
|
||||
"MQswCQYDVQQHEwJTQTEPMA0GA1UEChMGT3JhY2xlMQ8wDQYDVQQLEwZKUEdTUUUx\n" +
|
||||
"EjAQBgNVBAMTCXNlY3QyODNyMTBeMBAGByqGSM49AgEGBSuBBAARA0oABALatmDt\n" +
|
||||
"QIhjpK4vJjv4GgC8CUH/VAWLUSQRU7yGGQ3NF8rVBARv0aehiII0nzjDVX5KrP/A\n" +
|
||||
"w/DmW7q8PfEAIktuaA/tcKv/OKMyMDAwHQYDVR0OBBYEFM+jme1MbgRBCSExM7aA\n" +
|
||||
"1ae/K5gEMA8GA1UdEwEB/wQFMAMBAf8wCwYHKoZIzj0EAQUAA08AMEwCJAGHsAP8\n" +
|
||||
"HlcVqszra+fxq35juTxHJIfxTKIr7f54Ywtz7AJowgIkAxydv8g+dkuniOUAj0Xt\n" +
|
||||
"FnGVp6HzKX5KM1zLpfqmix8ZPP/A\n" +
|
||||
"-----END CERTIFICATE-----",
|
||||
"MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAdcyn/FxiNvuTsSgDehq\n" +
|
||||
"SGFiTxAKNMMJfmsO6GHekzszFqjPoUwDSgAEAtq2YO1AiGOkri8mO/gaALwJQf9U\n" +
|
||||
"BYtRJBFTvIYZDc0XytUEBG/Rp6GIgjSfOMNVfkqs/8DD8OZburw98QAiS25oD+1w\n" +
|
||||
"q/84"),
|
||||
|
||||
CA_RSA_2048(
|
||||
"RSA",
|
||||
// SHA256withRSA, 2048 bits
|
||||
|
|
@ -917,33 +889,6 @@ public class SSLSocketTemplate {
|
|||
"MEcCAQAwBQYDK2VxBDsEOd6/hRZqkUyTlJSwdN5gO/HnoWYda1fD83YUm5j6m2Bg\n" +
|
||||
"hAQi+QadFsQLD7R6PI/4Q0twXqlKnxU5Ug=="),
|
||||
|
||||
EE_ECDSA_SECT283R1(
|
||||
"EC",
|
||||
// SHA1withECDSA, curve sect283r1
|
||||
// Validity
|
||||
// Not Before: May 26 06:08:15 2020 GMT
|
||||
// Not After : May 21 06:08:15 2040 GMT
|
||||
// Authority Key Identifier:
|
||||
// CF:A3:99:ED:4C:6E:04:41:09:21:31:33:B6:80:D5:A7:BF:2B:98:04
|
||||
"-----BEGIN CERTIFICATE-----\n" +
|
||||
"MIICFTCCAbOgAwIBAgIJAM0Dd9zxR9CeMAsGByqGSM49BAEFADBdMQswCQYDVQQG\n" +
|
||||
"EwJVUzELMAkGA1UECBMCQ0ExCzAJBgNVBAcTAlNBMQ8wDQYDVQQKEwZPcmFjbGUx\n" +
|
||||
"DzANBgNVBAsTBkpQR1NRRTESMBAGA1UEAxMJc2VjdDI4M3IxMB4XDTIwMDUyNjE4\n" +
|
||||
"MDgxNVoXDTQwMDUyMTE4MDgxNVowYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB\n" +
|
||||
"MQswCQYDVQQHEwJTQTEPMA0GA1UEChMGT3JhY2xlMQ8wDQYDVQQLEwZKUEdTUUUx\n" +
|
||||
"FTATBgNVBAMMDHNlY3QyODNyMV9lZTBeMBAGByqGSM49AgEGBSuBBAARA0oABAMP\n" +
|
||||
"oaMP2lIiCrNaFSePtZA8nBnqJXSGCz8kosKeYTqz/SPE1AN6BvM4xl0kPQZvJWMz\n" +
|
||||
"fyTcm2Ar0PdbIh8f22vJfO+0JpfhnqNTMFEwHQYDVR0OBBYEFOzDGNWQhslU5ei4\n" +
|
||||
"SYda/ro9DickMA8GA1UdEwQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUz6OZ7UxuBEEJ\n" +
|
||||
"ITEztoDVp78rmAQwCwYHKoZIzj0EAQUAA08AMEwCJALYBWSYdbhRiW4mNulQh6/v\n" +
|
||||
"dfHG3y/oMjzJEmT/A0WYl96ohgIkAbDC0Ke632RXtCZ4xa2FrmzP41Vb80mSH1iY\n" +
|
||||
"FCJ3LVoTEUgN\n" +
|
||||
"-----END CERTIFICATE-----",
|
||||
"MIGQAgEAMBAGByqGSM49AgEGBSuBBAARBHkwdwIBAQQkAXq9LPYU+XSrImPzgO1e\n" +
|
||||
"hsgjfTBXlWGveFUtn0OHPtbp7hzpoUwDSgAEAw+how/aUiIKs1oVJ4+1kDycGeol\n" +
|
||||
"dIYLPySiwp5hOrP9I8TUA3oG8zjGXSQ9Bm8lYzN/JNybYCvQ91siHx/ba8l877Qm\n" +
|
||||
"l+Ge"),
|
||||
|
||||
EE_ECDSA_SECP256R1(
|
||||
"EC",
|
||||
// SHA256withECDSA, curve secp256r1
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
* jdk.jartool
|
||||
* jdk.crypto.ec
|
||||
* @build jdk.test.lib.util.JarUtils
|
||||
* @run main/othervm -Djdk.sunec.disableNative=false Spec
|
||||
* @run main/othervm Spec
|
||||
*/
|
||||
|
||||
import com.sun.jarsigner.ContentSigner;
|
||||
|
|
@ -190,7 +190,7 @@ public class Spec {
|
|||
.equals("SHA256withDSA"));
|
||||
|
||||
kpg = KeyPairGenerator.getInstance("EC");
|
||||
kpg.initialize(192);
|
||||
kpg.initialize(256);
|
||||
assertTrue(JarSigner.Builder
|
||||
.getDefaultSignatureAlgorithm(kpg.generateKeyPair().getPrivate())
|
||||
.equals("SHA256withECDSA"));
|
||||
|
|
@ -198,7 +198,7 @@ public class Spec {
|
|||
assertTrue(JarSigner.Builder
|
||||
.getDefaultSignatureAlgorithm(kpg.generateKeyPair().getPrivate())
|
||||
.equals("SHA384withECDSA"));
|
||||
kpg.initialize(571);
|
||||
kpg.initialize(521);
|
||||
assertTrue(JarSigner.Builder
|
||||
.getDefaultSignatureAlgorithm(kpg.generateKeyPair().getPrivate())
|
||||
.equals("SHA512withECDSA"));
|
||||
|
|
|
|||
|
|
@ -66,10 +66,7 @@ public class ECDSAJavaVerify {
|
|||
"SHA1withECDSA", "SHA256withECDSA", "SHA384withECDSA", "SHA512withECDSA"};
|
||||
|
||||
static final String[] ALL_CURVES = new String[] {
|
||||
"secp128r1", "secp256k1", "secp256r1", "secp384r1", "secp521r1"};
|
||||
|
||||
static final List<String> ALL_JAVA_CURVES
|
||||
= List.of("secp256r1", "secp384r1", "secp521r1");
|
||||
"secp256r1", "secp384r1", "secp521r1"};
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
if (args.length == 1) {
|
||||
|
|
@ -100,8 +97,7 @@ public class ECDSAJavaVerify {
|
|||
= launchingConnector.defaultArguments();
|
||||
arguments.get("main").setValue(ECDSAJavaVerify.class.getName());
|
||||
arguments.get("options").setValue(
|
||||
"-cp " + System.getProperty("test.classes") +
|
||||
" -Djdk.sunec.disableNative=false");
|
||||
"-cp " + System.getProperty("test.classes"));
|
||||
VirtualMachine vm = launchingConnector.launch(arguments);
|
||||
|
||||
MethodEntryRequest req = vm.eventRequestManager()
|
||||
|
|
@ -117,7 +113,7 @@ public class ECDSAJavaVerify {
|
|||
int pos = 0;
|
||||
for (String dummy : ALL_ALGS) {
|
||||
for (String curve : ALL_CURVES) {
|
||||
char caller = ALL_JAVA_CURVES.contains(curve) ? 'J' : 'N';
|
||||
char caller = 'J';
|
||||
// For each case, Signature::verify is called twice
|
||||
expected[pos++] = caller;
|
||||
expected[pos++] = caller;
|
||||
|
|
@ -150,9 +146,6 @@ public class ECDSAJavaVerify {
|
|||
case "verifySignedDigestImpl": // the java impl
|
||||
result[pos] = expected[pos] != 'J' ? 'x' : 'v';
|
||||
break;
|
||||
case "verifySignedDigest": // the native impl
|
||||
result[pos] = expected[pos] != 'N' ? 'x' : 'v';
|
||||
break;
|
||||
}
|
||||
}
|
||||
vm.resume();
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ import java.util.*;
|
|||
* group order.
|
||||
* @library /test/lib
|
||||
* @build jdk.test.lib.Convert
|
||||
* @run main/othervm -Djdk.sunec.disableNative=false SignatureDigestTruncate
|
||||
* @run main/othervm SignatureDigestTruncate
|
||||
*/
|
||||
public class SignatureDigestTruncate {
|
||||
|
||||
|
|
@ -117,12 +117,12 @@ public class SignatureDigestTruncate {
|
|||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
runTest("SHA384withECDSAinP1363Format", "sect283r1",
|
||||
runTest("SHA384withECDSAinP1363Format", "secp256r1",
|
||||
"abcdef10234567", "010203040506070809",
|
||||
"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d" +
|
||||
"1e1f20212223",
|
||||
"01d7544b5d3935216bd45e2f8042537e1e0296a11e0eb96666199281b409" +
|
||||
"42abccd5358a035de8a314d3e6c2a97614daebf5fb1313540eec3f9a3272" +
|
||||
"068aa10922ccae87d255c84c");
|
||||
"1e1f20212223",
|
||||
"d83534beccde787f9a4c6b0408337d9b9ca2e0a0259228526c15cc17a1d6" +
|
||||
"4da6b34bf21b3bc4488c591d8ac9c33d93c7c6137e2ab4c503a42da7" +
|
||||
"2fe0b6dda4c4");
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,13 +48,12 @@ import java.security.Security;
|
|||
/*
|
||||
* Leverage the collection of EC tests used by PKCS11
|
||||
*
|
||||
* NOTE: the following 6 files were copied here from the PKCS11 EC Test area
|
||||
* NOTE: the following 5 files were copied here from the PKCS11 EC Test area
|
||||
* and must be kept in sync with the originals:
|
||||
*
|
||||
* ../pkcs11/ec/p12passwords.txt
|
||||
* ../pkcs11/ec/certs/sunlabscerts.pem
|
||||
* ../pkcs11/ec/pkcs12/secp256r1server-secp384r1ca.p12
|
||||
* ../pkcs11/ec/pkcs12/sect193r1server-rsa1024ca.p12
|
||||
* ../pkcs11/sslecc/keystore
|
||||
* ../pkcs11/sslecc/truststore
|
||||
*/
|
||||
|
|
@ -99,14 +98,21 @@ public class TestEC {
|
|||
* The entry point used for each test is its instance method
|
||||
* called main (not its static method called main).
|
||||
*/
|
||||
System.out.println("TestECDH");
|
||||
new TestECDH().main(p);
|
||||
System.out.println("TestECDSA");
|
||||
new TestECDSA().main(p);
|
||||
System.out.println("TestCurves");
|
||||
new TestCurves().main(p);
|
||||
System.out.println("TestKeyFactory");
|
||||
new TestKeyFactory().main(p);
|
||||
System.out.println("TestECGenSpec");
|
||||
new TestECGenSpec().main(p);
|
||||
System.out.println("ReadPKCS12");
|
||||
new ReadPKCS12().main(p);
|
||||
System.out.println("ReadCertificate");
|
||||
new ReadCertificates().main(p);
|
||||
|
||||
System.out.println("ClientJSSEServerJSSE");
|
||||
new ClientJSSEServerJSSE().main(p);
|
||||
|
||||
long stop = System.currentTimeMillis();
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -29,9 +29,9 @@
|
|||
* @library /test/lib ..
|
||||
* @library ../../../../java/security/testlibrary
|
||||
* @key randomness
|
||||
* @modules jdk.crypto.cryptoki
|
||||
* @run main/othervm -Djdk.sunec.disableNative=false ReadPKCS12
|
||||
* @run main/othervm -Djdk.sunec.disableNative=false ReadPKCS12 sm policy
|
||||
* @modules jdk.crypto.cryptoki jdk.crypto.ec/sun.security.ec
|
||||
* @run main/othervm ReadPKCS12
|
||||
* @run main/othervm ReadPKCS12 sm policy
|
||||
*/
|
||||
|
||||
import java.io.BufferedReader;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -124,9 +124,12 @@ public class TestECDH extends PKCS11Test {
|
|||
return;
|
||||
}
|
||||
|
||||
test(p, pub192a, priv192a, pub192b, priv192b, secret192);
|
||||
test(p, pub163a, priv163a, pub163b, priv163b, secret163);
|
||||
|
||||
if (getSupportedECParameterSpec("secp192r1", p).isPresent()) {
|
||||
test(p, pub192a, priv192a, pub192b, priv192b, secret192);
|
||||
}
|
||||
if (getSupportedECParameterSpec("sect163r1", p).isPresent()) {
|
||||
test(p, pub163a, priv163a, pub163b, priv163b, secret163);
|
||||
}
|
||||
if (getSupportedECParameterSpec("brainpoolP256r1", p).isPresent()) {
|
||||
test(p, pubBrainpoolP256r1a, privBrainpoolP256r1a, pubBrainpoolP256r1b, privBrainpoolP256r1b, secretBrainpoolP256r1);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -156,12 +156,14 @@ public class TestECDSA extends PKCS11Test {
|
|||
return;
|
||||
}
|
||||
|
||||
if (getNSSECC() != ECCState.Basic) {
|
||||
if (getSupportedECParameterSpec("secp192r1", provider).isPresent()) {
|
||||
test(provider, pub192, priv192, sig192);
|
||||
}
|
||||
if (getSupportedECParameterSpec("sect163r1", provider).isPresent()) {
|
||||
test(provider, pub163, priv163, sig163);
|
||||
}
|
||||
if (getSupportedECParameterSpec("sect571r1", provider).isPresent()) {
|
||||
test(provider, pub571, priv571, sig571);
|
||||
} else {
|
||||
System.out.println("ECC Basic only, skipping 192, 163 and 571.");
|
||||
}
|
||||
test(provider, pub521, priv521, sig521);
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2006, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -130,17 +130,12 @@ public class TestKeyFactory extends PKCS11Test {
|
|||
System.out.println("Provider does not support EC, skipping");
|
||||
return;
|
||||
}
|
||||
int[] keyLengths = {192, 163, 409, 521};
|
||||
int len = 0;
|
||||
if (getNSSECC() == ECCState.Basic) {
|
||||
System.out.println("NSS Basic ECC only. Skipping 192, 163, & 409");
|
||||
len = 3;
|
||||
}
|
||||
int[] keyLengths = {256, 521};
|
||||
KeyFactory kf = KeyFactory.getInstance("EC", p);
|
||||
for (; keyLengths.length > len ; len++) {
|
||||
System.out.println("Length "+keyLengths[len]);
|
||||
for (int len : keyLengths) {
|
||||
System.out.println("Length " + len);
|
||||
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);
|
||||
kpg.initialize(keyLengths[len]);
|
||||
kpg.initialize(len);
|
||||
KeyPair kp = kpg.generateKeyPair();
|
||||
test(kf, kp.getPrivate());
|
||||
test(kf, kp.getPublic());
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2013, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -52,8 +52,6 @@ public class DKSTest {
|
|||
new KeyStore.PasswordProtection("test12".toCharArray()));
|
||||
put("eckeystore1",
|
||||
new KeyStore.PasswordProtection("password".toCharArray()));
|
||||
put("eckeystore2",
|
||||
new KeyStore.PasswordProtection("password".toCharArray()));
|
||||
put("truststore",
|
||||
new KeyStore.PasswordProtection("changeit".toCharArray()));
|
||||
put("empty",
|
||||
|
|
@ -69,8 +67,6 @@ public class DKSTest {
|
|||
new KeyStore.PasswordProtection("wrong".toCharArray()));
|
||||
put("eckeystore1",
|
||||
new KeyStore.PasswordProtection("wrong".toCharArray()));
|
||||
put("eckeystore2",
|
||||
new KeyStore.PasswordProtection("wrong".toCharArray()));
|
||||
}};
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
|
@ -154,7 +150,7 @@ public class DKSTest {
|
|||
* domain keystore: keystores
|
||||
*/
|
||||
config = new URI(CONFIG + "#keystores");
|
||||
expected = 2 + 1 + 1 + 1;
|
||||
expected = 2 + 1 + 1;
|
||||
keystore = KeyStore.getInstance("DKS");
|
||||
// load entries
|
||||
keystore.load(new DomainLoadStoreParameter(config, PASSWORDS));
|
||||
|
|
|
|||
|
|
@ -25,8 +25,6 @@ domain keystores
|
|||
keystoreType="CaseExactJKS"
|
||||
keystoreURI="${test.src}/pw.jks";
|
||||
keystore eckeystore1
|
||||
keystoreURI="${test.src}/../../pkcs11/ec/pkcs12/sect193r1server-rsa1024ca.p12";
|
||||
keystore eckeystore2
|
||||
keystoreURI="${test.src}/../../pkcs11/ec/pkcs12/secp256r1server-secp384r1ca.p12";
|
||||
};
|
||||
|
||||
|
|
@ -40,8 +38,6 @@ domain keystores_tmp
|
|||
keystoreType="CaseExactJKS"
|
||||
keystoreURI="${user.dir}/pw.jks_tmp";
|
||||
keystore eckeystore1
|
||||
keystoreURI="${user.dir}/sect193r1server-rsa1024ca.p12_tmp";
|
||||
keystore eckeystore2
|
||||
keystoreURI="${user.dir}/secp256r1server-secp384r1ca.p12_tmp";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -25,10 +25,10 @@
|
|||
* @test
|
||||
* @bug 8246330
|
||||
* @library /javax/net/ssl/templates
|
||||
* @run main/othervm -Djdk.tls.namedGroups="sect283r1"
|
||||
* @run main/othervm -Djdk.tls.namedGroups="secp384r1"
|
||||
DisabledCurve DISABLE_NONE PASS
|
||||
* @run main/othervm -Djdk.tls.namedGroups="sect283r1"
|
||||
DisabledCurve sect283r1 FAIL
|
||||
* @run main/othervm -Djdk.tls.namedGroups="secp384r1"
|
||||
DisabledCurve secp384r1 FAIL
|
||||
*/
|
||||
import java.security.Security;
|
||||
import java.util.Arrays;
|
||||
|
|
@ -49,18 +49,18 @@ public class DisabledCurve extends SSLSocketTemplate {
|
|||
protected SSLContext createClientSSLContext() throws Exception {
|
||||
return createSSLContext(
|
||||
new SSLSocketTemplate.Cert[] {
|
||||
SSLSocketTemplate.Cert.CA_ECDSA_SECT283R1 },
|
||||
SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 },
|
||||
new SSLSocketTemplate.Cert[] {
|
||||
SSLSocketTemplate.Cert.EE_ECDSA_SECT283R1 },
|
||||
SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 },
|
||||
getClientContextParameters());
|
||||
}
|
||||
|
||||
protected SSLContext createServerSSLContext() throws Exception {
|
||||
return createSSLContext(
|
||||
new SSLSocketTemplate.Cert[] {
|
||||
SSLSocketTemplate.Cert.CA_ECDSA_SECT283R1 },
|
||||
SSLSocketTemplate.Cert.CA_ECDSA_SECP384R1 },
|
||||
new SSLSocketTemplate.Cert[] {
|
||||
SSLSocketTemplate.Cert.EE_ECDSA_SECT283R1 },
|
||||
SSLSocketTemplate.Cert.EE_ECDSA_SECP384R1 },
|
||||
getServerContextParameters());
|
||||
}
|
||||
|
||||
|
|
@ -89,22 +89,23 @@ public class DisabledCurve extends SSLSocketTemplate {
|
|||
public static void main(String[] args) throws Exception {
|
||||
String expected = args[1];
|
||||
String disabledName = ("DISABLE_NONE".equals(args[0]) ? "" : args[0]);
|
||||
boolean disabled = false;
|
||||
if (disabledName.equals("")) {
|
||||
Security.setProperty("jdk.disabled.namedCurves", "");
|
||||
} else {
|
||||
disabled = true;
|
||||
Security.setProperty("jdk.certpath.disabledAlgorithms", "secp384r1");
|
||||
}
|
||||
System.setProperty("jdk.sunec.disableNative", "false");
|
||||
|
||||
for (index = 0; index < protocols.length; index++) {
|
||||
try {
|
||||
(new DisabledCurve()).run();
|
||||
if (expected.equals("FAIL")) {
|
||||
throw new RuntimeException(
|
||||
"The test case should not reach here");
|
||||
"Expected test to fail, but it passed");
|
||||
}
|
||||
} catch (SSLException | IllegalStateException ssle) {
|
||||
if ((expected.equals("FAIL"))
|
||||
&& Security.getProperty("jdk.disabled.namedCurves")
|
||||
.contains(disabledName)) {
|
||||
if (expected.equals("FAIL") && disabled) {
|
||||
System.out.println(
|
||||
"Expected exception was thrown: TEST PASSED");
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -93,11 +93,6 @@ public class RestrictedAlgo {
|
|||
System.out.println("\nTesting DSA Keysize: DSA keySize < 1024\n");
|
||||
test("DSA", "SHA256withDSA", "KeySizeDSA", "SHA256", true,
|
||||
"-keysize", "512");
|
||||
|
||||
System.out.println("\nTesting Native Curve:"
|
||||
+ " include jdk.disabled.namedCurves\n");
|
||||
test("EC", "SHA256withECDSA", "curve", "SHA256", true,
|
||||
"-groupname", "secp112r1");
|
||||
}
|
||||
|
||||
private static void test(String keyAlg, String sigAlg, String aliasPrefix,
|
||||
|
|
@ -123,8 +118,7 @@ public class RestrictedAlgo {
|
|||
"-ext", "bc:c",
|
||||
"-keyalg", keyAlg,
|
||||
"-sigalg", sigAlg,
|
||||
"-alias", alias,
|
||||
"-J-Djdk.sunec.disableNative=false");
|
||||
"-alias", alias);
|
||||
for (String additionalCMDArg : additionalCmdArgs) {
|
||||
cmd.add(additionalCMDArg);
|
||||
}
|
||||
|
|
@ -147,8 +141,7 @@ public class RestrictedAlgo {
|
|||
"-digestalg", digestAlg,
|
||||
"-signedjar", SIGNED_JARFILE,
|
||||
UNSIGNED_JARFILE,
|
||||
alias,
|
||||
"-J-Djdk.sunec.disableNative=false");
|
||||
alias);
|
||||
|
||||
OutputAnalyzer analyzer = SecurityTools.jarsigner(cmd)
|
||||
.shouldHaveExitValue(0);
|
||||
|
|
@ -162,8 +155,7 @@ public class RestrictedAlgo {
|
|||
System.out.println("\nTesting JarSigner Verification\n");
|
||||
List<String> cmd = prepareCommand(
|
||||
"-verify",
|
||||
SIGNED_JARFILE,
|
||||
"-J-Djdk.sunec.disableNative=false");
|
||||
SIGNED_JARFILE);
|
||||
|
||||
OutputAnalyzer analyzer = SecurityTools.jarsigner(cmd)
|
||||
.shouldHaveExitValue(0);
|
||||
|
|
|
|||
|
|
@ -65,11 +65,6 @@ public class GroupName {
|
|||
.shouldNotContain("Specifying -keysize for generating EC keys is deprecated");
|
||||
checkCurveName("e", "secp256r1");
|
||||
|
||||
gen("f", "-J-Djdk.sunec.disableNative=false -keyalg EC -groupname brainpoolP256r1")
|
||||
.shouldHaveExitValue(0)
|
||||
.shouldNotContain("Specifying -keysize for generating EC keys is deprecated");
|
||||
checkCurveName("f", "brainpoolP256r1");
|
||||
|
||||
kt("-list -v")
|
||||
.shouldHaveExitValue(0)
|
||||
.shouldContain("Subject Public Key Algorithm: 256-bit EC (secp256r1) key");
|
||||
|
|
|
|||
|
|
@ -41,10 +41,6 @@ public class KeyAlg {
|
|||
keytool("-printcert -file user.crt")
|
||||
.shouldMatch("Signature algorithm name:.*SHA1withECDSA")
|
||||
.shouldMatch("Subject Public Key Algorithm:.*1024.*RSA");
|
||||
keytool("-genkeypair -alias e -dname CN=e " +
|
||||
"-J-Djdk.sunec.disableNative=false -keyalg EC " +
|
||||
"-groupname brainpoolP256r1")
|
||||
.shouldContain("Generating 256 bit EC (brainpoolP256r1) key pair");
|
||||
keytool("-genkeypair -alias f -dname CN=f -keyalg EC")
|
||||
.shouldContain("Generating 256 bit EC (secp256r1) key pair");
|
||||
keytool("-genkeypair -alias g -dname CN=g -keyalg EC -keysize 384")
|
||||
|
|
|
|||
|
|
@ -55,11 +55,9 @@ public class DefaultSignatureAlgorithm {
|
|||
check("DSA", 1024, null, "SHA256withDSA");
|
||||
check("DSA", 3072, null, "SHA256withDSA");
|
||||
|
||||
check("EC", 192, null, "SHA256withECDSA");
|
||||
check("EC", 384, null, "SHA384withECDSA");
|
||||
check("EC", 571, null, "SHA512withECDSA");
|
||||
|
||||
check("EC", 571, "SHA256withECDSA", "SHA256withECDSA");
|
||||
check("EC", 384, "SHA256withECDSA", "SHA256withECDSA");
|
||||
}
|
||||
|
||||
private static void check(String keyAlg, int keySize,
|
||||
|
|
@ -82,8 +80,7 @@ public class DefaultSignatureAlgorithm {
|
|||
|
||||
static OutputAnalyzer genkeypair(String alias, String options)
|
||||
throws Exception {
|
||||
String patchArg = "-J-Djdk.sunec.disableNative=false " +
|
||||
"-J--patch-module=java.base="
|
||||
String patchArg = "-J--patch-module=java.base="
|
||||
+ System.getProperty("test.classes")
|
||||
+ File.separator + "patches" + File.separator + "java.base"
|
||||
+ " -J--patch-module=jdk.crypto.ec="
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -58,14 +58,6 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||
public KeyPair generateKeyPair() {
|
||||
BigInteger s, x, y;
|
||||
switch (keySize) {
|
||||
case 192:
|
||||
s = new BigInteger("144089953963995451666433763881605261867377"
|
||||
+ "0287449914970417");
|
||||
x = new BigInteger("527580219290493448707803038403444129676461"
|
||||
+ "560927008883862");
|
||||
y = new BigInteger("171489247081620145247240656640887886126295"
|
||||
+ "376102134763235");
|
||||
break;
|
||||
case 384:
|
||||
s = new BigInteger("230878276322370828604837367594276033697165"
|
||||
+ "328633328282930557390817326627704675451851870430805"
|
||||
|
|
@ -77,22 +69,10 @@ public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||
+ "792287657810480793861620950159864617021540168828129"
|
||||
+ "97920015041145259782242");
|
||||
break;
|
||||
case 571:
|
||||
s = new BigInteger("102950007413729156017516513076331886543538"
|
||||
+ "947044937190140406420556321983301533699021909556189"
|
||||
+ "150601557539520495361099574425100081169640300555562"
|
||||
+ "4280643194744140660275077121");
|
||||
x = new BigInteger("640598847385582251482893323029655037929442"
|
||||
+ "593800810090252942944624854811134311418807076811195"
|
||||
+ "132373308708007447666896675761104237802118413642543"
|
||||
+ "8277858107132017492037336593");
|
||||
y = new BigInteger("254271270803422773271985083014247202480077"
|
||||
+ "131823713050110789460550383275777195766342550786766"
|
||||
+ "080401402424961690914429074822281551140068729472439"
|
||||
+ "477216613432839953714415981");
|
||||
break;
|
||||
default:
|
||||
throw new AssertionError("Unsupported keysize " + keySize);
|
||||
throw new AssertionError("SunEC ECKeyPairGenerator" +
|
||||
"has been patched. Key size " + keySize +
|
||||
" is not supported");
|
||||
}
|
||||
ECParameterSpec ecParams = ECUtil.getECParameterSpec(null, keySize);
|
||||
try {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue