archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-21 19:44:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8075286: Additional tests for signature algorithm OIDs and transformation string

Browse source 
SQE test co-location effort

Reviewed-by: valeriep
This commit is contained in:
Sha Jiang 2015-09-24 18:16:56 +00:00 committed by Valerie Peng
parent a463c1a271
commit 451024f8df
8 changed files with 973 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

194
jdk/test/com/sun/crypto/provider/NSASuiteB/TestAESOids.java Normal file
View file

@ -0,0 +1,194 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import static javax.crypto.Cipher.ENCRYPT_MODE;
import static javax.crypto.Cipher.getMaxAllowedKeyLength;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.List;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
/*
* @test
* @bug 8075286
* @summary Test the AES algorithm OIDs in JDK.
* OID and Algorithm transformation string should match.
* Both could be able to be used to generate the algorithm instance.
* @run main TestAESOids
*/
public class TestAESOids {
private static final String PROVIDER_NAME = "SunJCE";
private static final byte[] INPUT = "1234567890123456".getBytes();
private static final List<DataTuple> DATA = Arrays.asList(
new DataTuple("2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding",
128, "ECB"),
new DataTuple("2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding",
128, "CBC"),
new DataTuple("2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding",
128, "OFB"),
new DataTuple("2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding",
128, "CFB"),
new DataTuple("2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding",
192, "ECB"),
new DataTuple("2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding",
192, "CBC"),
new DataTuple("2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding",
192, "OFB"),
new DataTuple("2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding",
192, "CFB"),
new DataTuple("2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding",
256, "ECB"),
new DataTuple("2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding",
256, "CBC"),
new DataTuple("2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding",
256, "OFB"),
new DataTuple("2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding",
256, "CFB"));
public static void main(String[] args) throws Exception {
for (DataTuple dataTuple : DATA) {
int maxAllowedKeyLength =
getMaxAllowedKeyLength(dataTuple.algorithm);
boolean supportedKeyLength =
maxAllowedKeyLength >= dataTuple.keyLength;
try {
runTest(dataTuple, supportedKeyLength);
System.out.println("passed");
} catch (InvalidKeyException ike) {
if (supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is supported, but test failed.",
dataTuple.keyLength), ike);
} else {
System.out.printf(
"Catch expected InvalidKeyException due "
+ "to the key length %d is greater than "
+ "max supported key length %d%n",
dataTuple.keyLength, maxAllowedKeyLength);
}
}
}
}
private static void runTest(DataTuple dataTuple,
boolean supportedKeyLength) throws NoSuchAlgorithmException,
NoSuchProviderException, NoSuchPaddingException,
InvalidKeyException, ShortBufferException,
IllegalBlockSizeException, BadPaddingException,
InvalidAlgorithmParameterException {
Cipher algorithmCipher = Cipher.getInstance(dataTuple.algorithm,
PROVIDER_NAME);
Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
if (algorithmCipher == null) {
throw new RuntimeException(
String.format("Test failed: algorithm string %s getInstance"
+ " failed.%n", dataTuple.algorithm));
}
if (oidCipher == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!algorithmCipher.getAlgorithm().equals(dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.algorithm));
}
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(dataTuple.keyLength);
SecretKey key = kg.generateKey();
// encrypt
algorithmCipher.init(ENCRYPT_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization "
+ "of algorithmCipher should fail.%n",
dataTuple.keyLength));
}
byte[] cipherText = new byte[algorithmCipher.getOutputSize(INPUT.length)];
int offset = algorithmCipher.update(INPUT, 0, INPUT.length,
cipherText, 0);
algorithmCipher.doFinal(cipherText, offset);
AlgorithmParameterSpec aps = null;
if (!dataTuple.mode.equalsIgnoreCase("ECB")) {
aps = new IvParameterSpec(algorithmCipher.getIV());
}
oidCipher.init(Cipher.DECRYPT_MODE, key, aps);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the "
+ "initialization of oidCipher should fail.%n",
dataTuple.keyLength));
}
byte[] recoveredText = new byte[oidCipher.getOutputSize(cipherText.length)];
oidCipher.doFinal(cipherText, 0, cipherText.length, recoveredText);
// Comparison
if (!Arrays.equals(INPUT, recoveredText)) {
throw new RuntimeException(
"Decrypted data is not the same as the original text");
}
}
private static class DataTuple {
private final String oid;
private final String algorithm;
private final int keyLength;
private final String mode;
private DataTuple(String oid, String algorithm, int keyLength,
String mode) {
this.oid = oid;
this.algorithm = algorithm;
this.keyLength = keyLength;
this.mode = mode;
}
}
}

154
jdk/test/com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java Normal file
View file

@ -0,0 +1,154 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import static javax.crypto.Cipher.getMaxAllowedKeyLength;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
/*
* @test
* @bug 8075286
* @summary Test the AESWrap algorithm OIDs in JDK.
* OID and Algorithm transformation string should match.
* Both could be able to be used to generate the algorithm instance.
* @run main TestAESWrapOids
*/
public class TestAESWrapOids {
private static final String PROVIDER_NAME = "SunJCE";
private static final List<DataTuple> DATA = Arrays.asList(
new DataTuple("2.16.840.1.101.3.4.1.5", "AESWrap_128", 128),
new DataTuple("2.16.840.1.101.3.4.1.25", "AESWrap_192", 192),
new DataTuple("2.16.840.1.101.3.4.1.45", "AESWrap_256", 256));
public static void main(String[] args) throws Exception {
for (DataTuple dataTuple : DATA) {
int maxAllowedKeyLength = getMaxAllowedKeyLength(
dataTuple.algorithm);
boolean supportedKeyLength =
maxAllowedKeyLength >= dataTuple.keyLength;
try {
runTest(dataTuple, supportedKeyLength);
System.out.println("passed");
} catch (InvalidKeyException ike) {
if (supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is supported, but test failed.",
dataTuple.keyLength), ike);
} else {
System.out.printf(
"Catch expected InvalidKeyException "
+ "due to the key length %d is greater "
+ "than max supported key length %d%n",
dataTuple.keyLength, maxAllowedKeyLength);
}
}
}
}
private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException {
Cipher algorithmCipher = Cipher.getInstance(
dataTuple.algorithm, PROVIDER_NAME);
Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
if (algorithmCipher == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (oidCipher == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!algorithmCipher.getAlgorithm().equals(
dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.oid));
}
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(dataTuple.keyLength);
SecretKey key = kg.generateKey();
// Wrap the key
algorithmCipher.init(Cipher.WRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of algorithmCipher should fail.%n",
dataTuple.keyLength));
}
// Unwrap the key
oidCipher.init(Cipher.UNWRAP_MODE, key);
if (!supportedKeyLength) {
throw new RuntimeException(String.format(
"The key length %d is not supported, so the initialization"
+ " of oidCipher should fail.%n",
dataTuple.keyLength));
}
byte[] keyWrapper = algorithmCipher.wrap(key);
Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
Cipher.SECRET_KEY);
// Comparison
if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
throw new RuntimeException("Key comparison failed");
}
}
private static class DataTuple {
private final String oid;
private final String algorithm;
private final int keyLength;
private DataTuple(String oid, String algorithm, int keyLength) {
this.oid = oid;
this.algorithm = algorithm;
this.keyLength = keyLength;
}
}
}

116
jdk/test/com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java Normal file
View file

@ -0,0 +1,116 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.List;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
/*
* @test
* @bug 8075286
* @summary Test the HmacSHA algorithm OIDs in JDK.
* OID and Algorithm transformation string should match.
* Both could be able to be used to generate the algorithm instance.
* @run main TestHmacSHAOids
*/
public class TestHmacSHAOids {
private static final String PROVIDER_NAME = "SunJCE";
private static final byte[] INPUT = "1234567890".getBytes();
private static final List<DataTuple> DATA = Arrays.asList(
new DataTuple("1.2.840.113549.2.7", "HmacSHA1"),
new DataTuple("1.2.840.113549.2.8", "HmacSHA224"),
new DataTuple("1.2.840.113549.2.9", "HmacSHA256"),
new DataTuple("1.2.840.113549.2.10", "HmacSHA384"),
new DataTuple("1.2.840.113549.2.11", "HmacSHA512"));
public static void main(String[] args) throws Exception {
for (DataTuple dataTuple : DATA) {
runTest(dataTuple);
System.out.println("passed");
}
System.out.println("All tests passed");
}
private static void runTest(DataTuple dataTuple)
throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException {
Mac mcAlgorithm = Mac.getInstance(dataTuple.algorithm,
PROVIDER_NAME);
Mac mcOid = Mac.getInstance(dataTuple.oid, PROVIDER_NAME);
if (mcAlgorithm == null) {
throw new RuntimeException(String.format(
"Test failed: Mac using algorithm "
+ "string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (mcOid == null) {
throw new RuntimeException(String.format(
"Test failed: Mac using OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!mcAlgorithm.getAlgorithm().equals(dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: Mac using algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
dataTuple.algorithm));
}
KeyGenerator kg = KeyGenerator.getInstance(dataTuple.algorithm,
PROVIDER_NAME);
SecretKey key = kg.generateKey();
mcAlgorithm.init(key);
mcAlgorithm.update(INPUT);
mcOid.init(key);
mcOid.update(INPUT);
// Comparison
if (!Arrays.equals(mcAlgorithm.doFinal(), mcOid.doFinal())) {
throw new RuntimeException("Digest comparison failed: "
+ "the two MACs are not the same");
}
}
private static class DataTuple {
private final String oid;
private final String algorithm;
private DataTuple(String oid, String algorithm) {
this.oid = oid;
this.algorithm = algorithm;
}
}
}

124
jdk/test/sun/security/TestSignatureOidHelper.java Normal file
View file

@ -0,0 +1,124 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import java.util.List;
/*
* Utilities for testing the signature algorithm OIDs.
*/
public class TestSignatureOidHelper {
private static final byte[] INPUT = "1234567890".getBytes();
private final String algorithm;
private final String provider;
private final int keySize;
private final List<OidAlgorithmPair> data;
public TestSignatureOidHelper(String algorithm, String provider,
int keySize, List<OidAlgorithmPair> data) {
this.algorithm = algorithm;
this.provider = provider;
this.keySize = keySize;
this.data = data;
}
public void execute() throws Exception {
KeyPair keyPair = createKeyPair();
for (OidAlgorithmPair oidAlgorithmPair : data) {
runTest(oidAlgorithmPair, keyPair);
System.out.println("passed");
}
System.out.println("All tests passed");
}
private KeyPair createKeyPair()
throws NoSuchAlgorithmException, NoSuchProviderException {
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm,
provider);
keyGen.initialize(keySize);
return keyGen.generateKeyPair();
}
private void runTest(OidAlgorithmPair oidAlgorithmPair, KeyPair keyPair)
throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidKeyException, SignatureException {
Signature sgAlgorithm =
Signature.getInstance(oidAlgorithmPair.algorithm, provider);
Signature sgOid = Signature.getInstance(oidAlgorithmPair.oid, provider);
if (sgAlgorithm == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
oidAlgorithmPair.algorithm));
}
if (sgOid == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
oidAlgorithmPair.oid));
}
if (!sgAlgorithm.getAlgorithm().equals(oidAlgorithmPair.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance "
+ "doesn't generate expected algorithm.%n",
oidAlgorithmPair.algorithm));
}
sgAlgorithm.initSign(keyPair.getPrivate());
sgAlgorithm.update(INPUT);
sgOid.initVerify(keyPair.getPublic());
sgOid.update(INPUT);
if (!sgOid.verify(sgAlgorithm.sign())) {
throw new RuntimeException(
"Signature verification failed unexpectedly");
}
}
}
class OidAlgorithmPair {
public final String oid;
public final String algorithm;
public OidAlgorithmPair(String oid, String algorithm) {
this.oid = oid;
this.algorithm = algorithm;
}
@Override
public String toString() {
return "[oid=" + oid + ", algorithm=" + algorithm + "]";
}
}

50
jdk/test/sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java Normal file
View file

@ -0,0 +1,50 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.util.Arrays;
import java.util.List;
/*
* @test
* @bug 8075286
* @summary Test the SHAwithECDSA signature algorithm OIDs in JDK.
* OID and algorithm transformation string should match.
* Both could be able to be used to generate the algorithm instance.
* @compile ../../TestSignatureOidHelper.java
* @run main TestSHAwithECDSASignatureOids
*/
public class TestSHAwithECDSASignatureOids {
private static final List<OidAlgorithmPair> DATA = Arrays.asList(
new OidAlgorithmPair("1.2.840.10045.4.1", "SHA1withECDSA"),
new OidAlgorithmPair("1.2.840.10045.4.3.1", "SHA224withECDSA"),
new OidAlgorithmPair("1.2.840.10045.4.3.2", "SHA256withECDSA"),
new OidAlgorithmPair("1.2.840.10045.4.3.3", "SHA384withECDSA"),
new OidAlgorithmPair("1.2.840.10045.4.3.4", "SHA512withECDSA"));
public static void main(String[] args) throws Exception {
TestSignatureOidHelper helper = new TestSignatureOidHelper("EC",
"SunEC", 256, DATA);
helper.execute();
}
}

185
jdk/test/sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java Normal file
View file

@ -0,0 +1,185 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.AlgorithmParameterGenerator;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.DSAGenParameterSpec;
import java.security.spec.DSAParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import java.util.List;
/*
* @test
* @bug 8075286
* @summary Verify that DSAGenParameterSpec can and can only be used to generate
* DSA within some certain range of key sizes as described in the class
* specification (L, N) as (1024, 160), (2048, 224), (2048, 256) and
* (3072, 256) should be OK for DSAGenParameterSpec. But the real
* implementation SUN doesn't support (3072, 256).
* @run main TestDSAGenParameterSpec
*/
public class TestDSAGenParameterSpec {
private static final String ALGORITHM_NAME = "DSA";
private static final String PROVIDER_NAME = "SUN";
private static final List<DataTuple> DATA = Arrays.asList(
new DataTuple(1024, 160, true, true),
new DataTuple(2048, 224, true, true),
new DataTuple(2048, 256, true, true),
new DataTuple(3072, 256, true, false),
new DataTuple(1024, 224),
new DataTuple(2048, 160),
new DataTuple(4096, 256),
new DataTuple(512, 160),
new DataTuple(3072, 224));
private static void testDSAGenParameterSpec(DataTuple dataTuple)
throws NoSuchAlgorithmException, NoSuchProviderException,
InvalidParameterSpecException, InvalidAlgorithmParameterException {
System.out.printf("Test case: primePLen=%d, " + "subprimeQLen=%d%n",
dataTuple.primePLen, dataTuple.subprimeQLen);
AlgorithmParameterGenerator apg =
AlgorithmParameterGenerator.getInstance(ALGORITHM_NAME,
PROVIDER_NAME);
DSAGenParameterSpec genParamSpec = createGenParameterSpec(dataTuple);
// genParamSpec will be null if IllegalAE is thrown when expected.
if (genParamSpec == null) {
return;
}
try {
apg.init(genParamSpec, null);
AlgorithmParameters param = apg.generateParameters();
checkParam(param, genParamSpec);
System.out.println("Test case passed");
} catch (InvalidParameterException ipe) {
// The DSAGenParameterSpec API support this, but the real
// implementation in SUN doesn't
if (!dataTuple.isSunProviderSupported) {
System.out.println("Test case passed: expected "
+ "InvalidParameterException is caught");
} else {
throw new RuntimeException("Test case failed.", ipe);
}
}
}
private static void checkParam(AlgorithmParameters param,
DSAGenParameterSpec genParam) throws InvalidParameterSpecException,
NoSuchAlgorithmException, NoSuchProviderException,
InvalidAlgorithmParameterException {
String algorithm = param.getAlgorithm();
if (!algorithm.equalsIgnoreCase(ALGORITHM_NAME)) {
throw new RuntimeException(
"Unexpected type of parameters: " + algorithm);
}
DSAParameterSpec spec = param.getParameterSpec(DSAParameterSpec.class);
int valueL = spec.getP().bitLength();
int strengthP = genParam.getPrimePLength();
if (strengthP != valueL) {
System.out.printf("P: Expected %d but actual %d%n", strengthP,
valueL);
throw new RuntimeException("Wrong P strength");
}
int valueN = spec.getQ().bitLength();
int strengthQ = genParam.getSubprimeQLength();
if (strengthQ != valueN) {
System.out.printf("Q: Expected %d but actual %d%n", strengthQ,
valueN);
throw new RuntimeException("Wrong Q strength");
}
if (genParam.getSubprimeQLength() != genParam.getSeedLength()) {
System.out.println("Defaut seed length should be the same as Q.");
throw new RuntimeException("Wrong seed length");
}
// use the parameters to generate real DSA keys
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM_NAME,
PROVIDER_NAME);
keyGen.initialize(spec);
keyGen.generateKeyPair();
}
private static DSAGenParameterSpec createGenParameterSpec(
DataTuple dataTuple) {
DSAGenParameterSpec genParamSpec = null;
try {
genParamSpec = new DSAGenParameterSpec(dataTuple.primePLen,
dataTuple.subprimeQLen);
if (!dataTuple.isDSASpecSupported) {
throw new RuntimeException(
"Test case failed: the key length must not supported");
}
} catch (IllegalArgumentException e) {
if (!dataTuple.isDSASpecSupported) {
System.out.println("Test case passed: expected "
+ "IllegalArgumentException is caught");
} else {
throw new RuntimeException("Test case failed: unexpected "
+ "IllegalArgumentException is thrown", e);
}
}
return genParamSpec;
}
public static void main(String[] args) throws Exception {
for (DataTuple dataTuple : DATA) {
testDSAGenParameterSpec(dataTuple);
}
System.out.println("All tests passed");
}
private static class DataTuple {
private int primePLen;
private int subprimeQLen;
private boolean isDSASpecSupported;
private boolean isSunProviderSupported;
private DataTuple(int primePLen, int subprimeQLen,
boolean isDSASpecSupported, boolean isSunProviderSupported) {
this.primePLen = primePLen;
this.subprimeQLen = subprimeQLen;
this.isDSASpecSupported = isDSASpecSupported;
this.isSunProviderSupported = isSunProviderSupported;
}
private DataTuple(int primePLen, int subprimeQLen) {
this(primePLen, subprimeQLen, false, false);
}
}
}

103
jdk/test/sun/security/provider/NSASuiteB/TestSHAOids.java Normal file
View file

@ -0,0 +1,103 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.List;
/*
* @test
* @bug 8075286
* @summary Test the SHA algorithm OIDs in JDK.
* OID and algorithm transformation string should match.
* Both could be able to be used to generate the algorithm instance.
* @run main TestSHAOids
*/
public class TestSHAOids {
private static final String PROVIDER_NAME = "SUN";
private static final byte[] INPUT = "1234567890".getBytes();
private static final List<DataTuple> DATA = Arrays.asList(
new DataTuple("2.16.840.1.101.3.4.2.1", "SHA-256"),
new DataTuple("2.16.840.1.101.3.4.2.2", "SHA-384"),
new DataTuple("2.16.840.1.101.3.4.2.3", "SHA-512"),
new DataTuple("2.16.840.1.101.3.4.2.4", "SHA-224"));
public static void main(String[] args) throws Exception {
for (DataTuple dataTuple : DATA) {
runTest(dataTuple);
System.out.println("passed");
}
System.out.println("All tests passed");
}
private static void runTest(DataTuple dataTuple)
throws NoSuchAlgorithmException, NoSuchProviderException {
MessageDigest mdAlgorithm = MessageDigest.getInstance(
dataTuple.algorithm, PROVIDER_NAME);
MessageDigest mdOid = MessageDigest.getInstance(dataTuple.oid,
PROVIDER_NAME);
if (mdAlgorithm == null) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance failed.%n",
dataTuple.algorithm));
}
if (mdOid == null) {
throw new RuntimeException(
String.format("Test failed: OID %s getInstance failed.%n",
dataTuple.oid));
}
if (!mdAlgorithm.getAlgorithm().equals(dataTuple.algorithm)) {
throw new RuntimeException(String.format(
"Test failed: algorithm string %s getInstance doesn't "
+ "generate expected algorithm.%n",
dataTuple.algorithm));
}
mdAlgorithm.update(INPUT);
mdOid.update(INPUT);
// Comparison
if (!Arrays.equals(mdAlgorithm.digest(), mdOid.digest())) {
throw new RuntimeException("Digest comparison failed: "
+ "the two digests are not the same");
}
}
private static class DataTuple {
private final String oid;
private final String algorithm;
private DataTuple(String oid, String algorithm) {
this.oid = oid;
this.algorithm = algorithm;
}
}
}

47
jdk/test/sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java Normal file
View file

@ -0,0 +1,47 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.util.Arrays;
import java.util.List;
/*
* @test
* @bug 8075286
* @summary Test the SHAwithDSA signature algorithm OIDs in JDK.
* OID and algorithm transformation string should match.
* Both could be able to be used to generate the algorithm instance.
* @compile ../../TestSignatureOidHelper.java
* @run main TestSHAwithDSASignatureOids
*/
public class TestSHAwithDSASignatureOids {
private static final List<OidAlgorithmPair> DATA = Arrays.asList(
new OidAlgorithmPair("2.16.840.1.101.3.4.3.1", "SHA224withDSA"),
new OidAlgorithmPair("2.16.840.1.101.3.4.3.2", "SHA256withDSA"));
public static void main(String[] args) throws Exception {
TestSignatureOidHelper helper = new TestSignatureOidHelper("DSA",
"SUN", 1024, DATA);
helper.execute();
}
}