From c82ad845e101bf5d97c0744377d68002907d4a0e Mon Sep 17 00:00:00 2001 From: Fernando Guallini Date: Fri, 1 Nov 2024 17:52:20 +0000 Subject: [PATCH] 8342183: Update tests to use stronger algorithms and keys Reviewed-by: rhalade, ascarpino --- .../crypto/provider/CICO/CICOSkipTest.java | 2 +- .../KeyWrap/TestCipherKeyWrapperTest.java | 6 +-- .../Cipher/PBE/TestCipherPBECons.java | 2 +- .../KeyAgreement/DHKeyAgreement2.java | 20 +++++--- .../KeyAgreement/SupportedDHParamGens.java | 30 +++++++++--- .../SupportedDHParamGensLongKey.java | 1 + .../KeyGenerator/TestExplicitKeyLength.java | 4 +- .../crypto/provider/Mac/HmacSaltLengths.java | 4 ++ .../com/sun/crypto/provider/Mac/MacClone.java | 5 +- .../security/KeyStore/TestKeyStoreEntry.java | 4 +- .../security/MessageDigest/ByteBuffers.java | 5 +- .../java/security/Signature/ByteBuffers.java | 11 +++-- .../Signature/SignWithOutputBuffer.java | 17 ++++--- .../Signature/SignatureGetInstance.java | 11 +++-- .../TestInitSignWithMyOwnRandom.java | 17 +++++-- .../Signature/VerifyRangeCheckOverflow.java | 2 +- .../jdk/java/security/SignedObject/Chain.java | 2 + test/jdk/java/security/SignedObject/Copy.java | 14 ++++-- test/jdk/javax/crypto/Cipher/ByteBuffers.java | 10 ++-- .../javax/crypto/Cipher/TestGetInstance.java | 28 ++++++----- .../crypto/CipherSpi/DirectBBRemaining.java | 10 ++-- .../crypto/CryptoPermission/AllPermCheck.java | 5 +- .../CryptoPermission/LowercasePermCheck.java | 2 +- .../EncryptedPrivateKeyInfo/GetKeySpec.java | 10 ++-- .../GetKeySpecException.java | 5 +- .../GetKeySpecException2.java | 7 +-- .../GetKeySpecInvalidEncoding.java | 5 +- .../crypto/KeyGenerator/TestGetInstance.java | 9 ++-- test/jdk/javax/crypto/Mac/ByteBuffers.java | 7 ++- .../jdk/javax/crypto/Mac/TestGetInstance.java | 9 ++-- .../pkcs/pkcs10/PKCS10AttrEncoding.java | 13 +++-- .../sun/security/pkcs/pkcs7/SignerOrder.java | 33 ++++++++----- .../security/rsa/TestKeyPairGenerator.java | 16 ++++-- test/jdk/sun/security/rsa/pss/InitAgain.java | 9 +++- .../security/tools/keytool/KeyToolTest.java | 49 +++++++++++++------ 35 files changed, 259 insertions(+), 125 deletions(-) diff --git a/test/jdk/com/sun/crypto/provider/CICO/CICOSkipTest.java b/test/jdk/com/sun/crypto/provider/CICO/CICOSkipTest.java index 6ccf4c1eedf..d0af93ff646 100644 --- a/test/jdk/com/sun/crypto/provider/CICO/CICOSkipTest.java +++ b/test/jdk/com/sun/crypto/provider/CICO/CICOSkipTest.java @@ -75,7 +75,7 @@ public class CICOSkipTest { "OFB", "OFB64", "PCBC"}; private static final String[] PADDINGS = {"NoPadding", "Pkcs5Padding"}; private static final String[] PBE_ALGOS = {"PBEWithMD5AndDES", - "PBEWithMD5AndDES/CBC/PKCS5Padding"}; + "PBEWithMD5AndDES/CBC/PKCS5Padding", "PBEWithSHA1AndDESede"}; public static void main(String[] args) throws Exception { // how many kinds of padding mode such as PKCS5padding and NoPadding diff --git a/test/jdk/com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java b/test/jdk/com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java index 82794de2582..2ae0d91d592 100644 --- a/test/jdk/com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java +++ b/test/jdk/com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java @@ -167,7 +167,8 @@ public class TestCipherKeyWrapperTest { test.wrapperPBEKeyTest(provider); // Public and private key wrap test - test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos); + test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos, "DES"); + test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos, "AES"); } private void wrapperAesDESedeKeyTest(String algo, String wrapAlgo, @@ -263,7 +264,7 @@ public class TestCipherKeyWrapperTest { } } - private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms) + private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms, String algoWrap) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException { @@ -275,7 +276,6 @@ public class TestCipherKeyWrapperTest { kpg.initialize(SecurityUtils.getTestKeySize(algo)); KeyPair kp = kpg.genKeyPair(); // key generated - String algoWrap = "DES"; KeyGenerator kg = KeyGenerator.getInstance(algoWrap, p); Key key = kg.generateKey(); wrapTest(algo, algoWrap, key, kp.getPrivate(), Cipher.PRIVATE_KEY, diff --git a/test/jdk/com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java b/test/jdk/com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java index 788f27bcb47..a3432c1ba93 100644 --- a/test/jdk/com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java +++ b/test/jdk/com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java @@ -40,7 +40,7 @@ import javax.crypto.NoSuchPaddingException; public class TestCipherPBECons { private static final String[] PBEAlgorithms = {"pbeWithMD5ANDdes", - "PBEWithMD5AndTripleDES"}; + "PBEWithMD5AndTripleDES", "PBEWithSHA1AndDESede"}; private static final String[] cipherModes = {"ECb", "cbC", "cFB", "Cfb32", "OfB", "oFb64", "pCbC"}; private static final String[] cipherPaddings = {"Pkcs5Padding", "NoPaDDing"}; diff --git a/test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java b/test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java index e3439b0140e..da583c9dc29 100644 --- a/test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java +++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java @@ -232,20 +232,26 @@ public class DHKeyAgreement2 { } System.err.println("Shared secrets are the same"); + testSecretKey(bobKeyAgree, alicePubKey, "DES"); + testSecretKey(bobKeyAgree, alicePubKey, "AES"); + } + + private static void testSecretKey(KeyAgreement bobKeyAgree, PublicKey alicePubKey, String algo) + throws Exception { // Now let's return the shared secret as a SecretKey object // and use it for encryption - System.out.println("Return shared secret as SecretKey object ..."); + System.out.println("Return shared secret as SecretKey object with algorithm: " + algo); bobKeyAgree.doPhase(alicePubKey, true); - SecretKey desKey = bobKeyAgree.generateSecret("DES"); + SecretKey key = bobKeyAgree.generateSecret(algo); - Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); - desCipher.init(Cipher.ENCRYPT_MODE, desKey); + Cipher cipher = Cipher.getInstance(algo + "/ECB/PKCS5Padding"); + cipher.init(Cipher.ENCRYPT_MODE, key); byte[] cleartext = "This is just an example".getBytes(); - byte[] ciphertext = desCipher.doFinal(cleartext); + byte[] ciphertext = cipher.doFinal(cleartext); - desCipher.init(Cipher.DECRYPT_MODE, desKey); - byte[] cleartext1 = desCipher.doFinal(ciphertext); + cipher.init(Cipher.DECRYPT_MODE, key); + byte[] cleartext1 = cipher.doFinal(ciphertext); int clearLen = cleartext.length; int clear1Len = cleartext1.length; diff --git a/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java b/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java index 96a5754cfa6..efc85999b3e 100644 --- a/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java +++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java @@ -24,6 +24,7 @@ /** * @test * @bug 8072452 8163498 + * @library /test/lib * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits * This test has been split based on lower/higher key sizes in order to * reduce individual execution times and run in parallel @@ -33,14 +34,16 @@ * @run main/timeout=300 SupportedDHParamGens 832 * @run main/timeout=300 SupportedDHParamGens 1024 * @run main/timeout=600 SupportedDHParamGens 2048 + * @run main/timeout=600 SupportedDHParamGens 3072 + * @run main/timeout=600 SupportedDHParamGens 4096 */ - import java.math.BigInteger; import java.security.*; -import javax.crypto.*; import javax.crypto.interfaces.*; import javax.crypto.spec.*; +import jdk.test.lib.security.DiffieHellmanGroup; +import jdk.test.lib.security.SecurityUtils; public class SupportedDHParamGens { @@ -48,12 +51,18 @@ public class SupportedDHParamGens { int primeSize = Integer.valueOf(args[0]).intValue(); System.out.println("Checking " + primeSize + " ..."); - AlgorithmParameterGenerator apg = - AlgorithmParameterGenerator.getInstance("DH", - System.getProperty("test.provider.name", "SunJCE")); - apg.init(primeSize); - AlgorithmParameters ap = apg.generateParameters(); - DHParameterSpec spec = ap.getParameterSpec(DHParameterSpec.class); + DHParameterSpec spec = null; + switch (primeSize) { + case 2048, 3072, 4096 -> spec = getDHParameterSpec(primeSize); + default -> { + AlgorithmParameterGenerator apg = + AlgorithmParameterGenerator.getInstance("DH", + System.getProperty("test.provider.name", "SunJCE")); + apg.init(primeSize); + AlgorithmParameters ap = apg.generateParameters(); + spec = ap.getParameterSpec(DHParameterSpec.class); + } + } KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", System.getProperty("test.provider.name", "SunJCE")); @@ -62,6 +71,11 @@ public class SupportedDHParamGens { checkKeyPair(kp, primeSize); } + private static DHParameterSpec getDHParameterSpec(int primeSize) { + DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup(primeSize); + return new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase()); + } + private static void checkKeyPair(KeyPair kp, int pSize) throws Exception { DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate(); diff --git a/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java b/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java index 740486e06cf..7d2570991d5 100644 --- a/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java +++ b/test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java @@ -24,6 +24,7 @@ /** * @test * @bug 8072452 8163498 + * @library /test/lib * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits * This test has been split based on lower/higher key sizes in order to * reduce individual execution times and run in parallel diff --git a/test/jdk/com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java b/test/jdk/com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java index 6a0c2419fcc..a1226b89d34 100644 --- a/test/jdk/com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java +++ b/test/jdk/com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java @@ -35,10 +35,10 @@ import java.util.*; public class TestExplicitKeyLength { - private static final String ALGOS[] = { "RC2", "ARCFOUR" }; + private static final String ALGOS[] = { "RC2", "ARCFOUR", "AES", "AES", "AES" }; private static final int KEY_SIZES[] = - { 64, 80 }; // in bits + { 64, 80, 128, 192, 256 }; // in bits public static void runTest(String algo, int keysize) throws Exception { KeyGenerator kg = KeyGenerator.getInstance(algo, diff --git a/test/jdk/com/sun/crypto/provider/Mac/HmacSaltLengths.java b/test/jdk/com/sun/crypto/provider/Mac/HmacSaltLengths.java index aa2ef2ae7de..d1c8383e6a1 100644 --- a/test/jdk/com/sun/crypto/provider/Mac/HmacSaltLengths.java +++ b/test/jdk/com/sun/crypto/provider/Mac/HmacSaltLengths.java @@ -41,6 +41,10 @@ public class HmacSaltLengths { private static final String[] ALGOS = { "HmacPBESHA1", + "HmacPBESHA224", + "HmacPBESHA256", + "HmacPBESHA384", + "HmacPBESHA512", "PBEWithHmacSHA1", "PBEWithHmacSHA224", "PBEWithHmacSHA256", diff --git a/test/jdk/com/sun/crypto/provider/Mac/MacClone.java b/test/jdk/com/sun/crypto/provider/Mac/MacClone.java index e66b71ec1a3..5d491ded324 100644 --- a/test/jdk/com/sun/crypto/provider/Mac/MacClone.java +++ b/test/jdk/com/sun/crypto/provider/Mac/MacClone.java @@ -26,6 +26,8 @@ * @bug 7087021 8013069 8288050 * @summary Clone tests for all MAC algorithms. * @author Jan Luehe + * @run main MacClone DES + * @run main MacClone AES */ import java.security.spec.AlgorithmParameterSpec; import javax.crypto.*; @@ -39,7 +41,8 @@ public class MacClone { "HmacSHA384", "HmacSHA512", "HmacSHA512/224", "HmacSHA512/256", }; - KeyGenerator kgen = KeyGenerator.getInstance("DES"); + String keyAlgo = args[0]; + KeyGenerator kgen = KeyGenerator.getInstance(keyAlgo); SecretKey skey = kgen.generateKey(); for (String algo : algos) { doTest(algo, skey, null); diff --git a/test/jdk/java/security/KeyStore/TestKeyStoreEntry.java b/test/jdk/java/security/KeyStore/TestKeyStoreEntry.java index d0aa21f8144..fde58a1cf33 100644 --- a/test/jdk/java/security/KeyStore/TestKeyStoreEntry.java +++ b/test/jdk/java/security/KeyStore/TestKeyStoreEntry.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,7 +47,7 @@ public class TestKeyStoreEntry { private static final char[] PASSWDF = new String("guardian Angel") .toCharArray(); private static final String[] KS_ALGOS = { - "DES", "DESede", "Blowfish" + "DES", "DESede", "Blowfish", "AES" }; private static final int NUM_ALGOS = KS_ALGOS.length; diff --git a/test/jdk/java/security/MessageDigest/ByteBuffers.java b/test/jdk/java/security/MessageDigest/ByteBuffers.java index f21a51e1c10..fc25b596d86 100644 --- a/test/jdk/java/security/MessageDigest/ByteBuffers.java +++ b/test/jdk/java/security/MessageDigest/ByteBuffers.java @@ -27,6 +27,8 @@ * @summary Test the MessageDigest.update(ByteBuffer) method * @author Andreas Sterbenz * @key randomness + * @run main ByteBuffers MD5 + * @run main ByteBuffers SHA-1 */ import java.util.*; @@ -43,7 +45,8 @@ public class ByteBuffers { byte[] t = new byte[n]; random.nextBytes(t); - MessageDigest md = MessageDigest.getInstance("MD5", p); + String digestAlgo = args[0]; + MessageDigest md = MessageDigest.getInstance(digestAlgo, p); byte[] d1 = md.digest(t); // test 1: ByteBuffer with an accessible backing array diff --git a/test/jdk/java/security/Signature/ByteBuffers.java b/test/jdk/java/security/Signature/ByteBuffers.java index d9866204244..9f03a9923ec 100644 --- a/test/jdk/java/security/Signature/ByteBuffers.java +++ b/test/jdk/java/security/Signature/ByteBuffers.java @@ -27,6 +27,8 @@ * @summary Test the Signature.update(ByteBuffer) method * @author Andreas Sterbenz * @key randomness + * @run main ByteBuffers DSA 512 + * @run main ByteBuffers SHA256withDSA 2048 */ import java.util.*; @@ -44,11 +46,14 @@ public class ByteBuffers { byte[] t = new byte[n]; random.nextBytes(t); - KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p); - kpg.initialize(512); + String kpgAlgorithm = "DSA"; + int keySize = Integer.parseInt(args[1]); + KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p); + kpg.initialize(keySize); KeyPair kp = kpg.generateKeyPair(); - Signature sig = Signature.getInstance("DSA", p); + String signAlgo = args[0]; + Signature sig = Signature.getInstance(signAlgo, p); sig.initSign(kp.getPrivate()); sig.update(t); byte[] signature = sig.sign(); diff --git a/test/jdk/java/security/Signature/SignWithOutputBuffer.java b/test/jdk/java/security/Signature/SignWithOutputBuffer.java index 5f4716391a7..0fcc0405f7c 100644 --- a/test/jdk/java/security/Signature/SignWithOutputBuffer.java +++ b/test/jdk/java/security/Signature/SignWithOutputBuffer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,8 @@ * @bug 4114896 * @summary Signature should support a sign() method that places the signature * in an already existing array. + * @run main SignWithOutputBuffer DSS 512 + * @run main SignWithOutputBuffer SHA256withDSA 2048 */ import java.security.*; @@ -36,11 +38,14 @@ public class SignWithOutputBuffer { int numBytes; - KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA"); - kpGen.initialize(512); + String kpgAlgorithm = "DSA"; + int keySize = Integer.parseInt(args[1]); + KeyPairGenerator kpGen = KeyPairGenerator.getInstance(kpgAlgorithm); + kpGen.initialize(keySize); KeyPair kp = kpGen.genKeyPair(); - Signature sig = Signature.getInstance("DSS"); + String signAlgo = args[0]; + Signature sig = Signature.getInstance(signAlgo); sig.initSign(kp.getPrivate()); sig.update((byte)0xff); @@ -55,10 +60,10 @@ public class SignWithOutputBuffer { } // Now repeat the same with a buffer that's big enough - sig = Signature.getInstance("DSS"); + sig = Signature.getInstance(signAlgo); sig.initSign(kp.getPrivate()); sig.update((byte)0xff); - out = new byte[48]; + out = new byte[64]; numBytes = sig.sign(out, 0, out.length); System.out.println("Signature len="+numBytes); diff --git a/test/jdk/java/security/Signature/SignatureGetInstance.java b/test/jdk/java/security/Signature/SignatureGetInstance.java index e36d253dbc8..821c20602a7 100644 --- a/test/jdk/java/security/Signature/SignatureGetInstance.java +++ b/test/jdk/java/security/Signature/SignatureGetInstance.java @@ -27,7 +27,8 @@ * @summary Ensure the BC provider-reselection workaround in Signature class * functions correctly * @modules java.base/sun.security.util - * @run main/othervm SignatureGetInstance + * @run main/othervm SignatureGetInstance default + * @run main/othervm SignatureGetInstance SHA-256 */ import java.security.*; import java.security.interfaces.*; @@ -37,8 +38,12 @@ import sun.security.util.SignatureUtil; public class SignatureGetInstance { private static final String SIGALG = "RSASSA-PSS"; + private static PSSParameterSpec pssParamSpec; public static void main(String[] args) throws Exception { + String mdName = args[0]; + pssParamSpec = "default".equals(mdName) ? PSSParameterSpec.DEFAULT : + new PSSParameterSpec(mdName, "MGF1", new MGF1ParameterSpec(mdName), 20, 1); Provider testProvider = new TestProvider(); // put test provider before SunRsaSign provider Security.insertProviderAt(testProvider, 1); @@ -85,7 +90,7 @@ public class SignatureGetInstance { private static void testDblInit(PrivateKey key1, PublicKey key2, boolean shouldPass, String expectedProvName) throws Exception { Signature sig = Signature.getInstance(SIGALG); - SignatureUtil.initSignWithParam(sig, key1, PSSParameterSpec.DEFAULT, null); + SignatureUtil.initSignWithParam(sig, key1, pssParamSpec, null); try { sig.initVerify(key2); if (!shouldPass) { @@ -108,7 +113,7 @@ public class SignatureGetInstance { } else { sig = Signature.getInstance(SIGALG, provName); } - AlgorithmParameterSpec params = PSSParameterSpec.DEFAULT; + AlgorithmParameterSpec params = pssParamSpec; boolean doSign = (key instanceof PrivateKey); try { if (doSign) { diff --git a/test/jdk/java/security/Signature/TestInitSignWithMyOwnRandom.java b/test/jdk/java/security/Signature/TestInitSignWithMyOwnRandom.java index a59ea9a9355..ac4199ec771 100644 --- a/test/jdk/java/security/Signature/TestInitSignWithMyOwnRandom.java +++ b/test/jdk/java/security/Signature/TestInitSignWithMyOwnRandom.java @@ -24,23 +24,30 @@ /** * @test * @bug 4716321 + * @library /test/lib * @summary Ensure the random source supplied in * Signature.initSign(PrivateKey, SecureRandom) is used. + * @run main TestInitSignWithMyOwnRandom DSA 512 + * @run main TestInitSignWithMyOwnRandom SHA256withDSA 2048 */ import java.security.*; +import jdk.test.lib.security.SecurityUtils; public class TestInitSignWithMyOwnRandom { - public static void main(String[] argv) throws Exception { + public static void main(String[] args) throws Exception { // any signature implementation will do as long as // it needs a random source Provider p = Security.getProvider( - System.getProperty("test.provider.name", "SUN")); - KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p); - kpg.initialize(512); + System.getProperty("test.provider.name", "SUN")); + String kpgAlgorithm = "DSA"; + int keySize = Integer.parseInt(args[1]); + KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p); + kpg.initialize(keySize); KeyPair kp = kpg.generateKeyPair(); TestRandomSource rand = new TestRandomSource(); - Signature sig = Signature.getInstance("DSA", p); + String signAlgo = args[0]; + Signature sig = Signature.getInstance(signAlgo, p); sig.initSign(kp.getPrivate(), rand); sig.update(new byte[20]); sig.sign(); diff --git a/test/jdk/java/security/Signature/VerifyRangeCheckOverflow.java b/test/jdk/java/security/Signature/VerifyRangeCheckOverflow.java index 5cf939d05db..397d7933274 100644 --- a/test/jdk/java/security/Signature/VerifyRangeCheckOverflow.java +++ b/test/jdk/java/security/Signature/VerifyRangeCheckOverflow.java @@ -48,7 +48,7 @@ public class VerifyRangeCheckOverflow { PublicKey publicKey = keys.getPublic(); byte[] sigBytes = new byte[100]; - Signature signature = Signature.getInstance("SHA1withDSA"); + Signature signature = Signature.getInstance("SHA256withDSA"); signature.initVerify(publicKey); try { signature.verify(sigBytes, Integer.MAX_VALUE, 1); diff --git a/test/jdk/java/security/SignedObject/Chain.java b/test/jdk/java/security/SignedObject/Chain.java index 0fb5cf3c53f..883ac13890d 100644 --- a/test/jdk/java/security/SignedObject/Chain.java +++ b/test/jdk/java/security/SignedObject/Chain.java @@ -165,6 +165,8 @@ public class Chain { new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024), new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default), + new Test(SigAlg.SHA224withRSA, KeyAlg.RSA, Provider.Default), + new Test(SigAlg.SHA256withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.SHA3_224withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.SHA3_256withRSA, KeyAlg.RSA, Provider.Default), new Test(SigAlg.SHA3_384withRSA, KeyAlg.RSA, Provider.Default), diff --git a/test/jdk/java/security/SignedObject/Copy.java b/test/jdk/java/security/SignedObject/Copy.java index 16267ee534d..3e36891173a 100644 --- a/test/jdk/java/security/SignedObject/Copy.java +++ b/test/jdk/java/security/SignedObject/Copy.java @@ -31,31 +31,35 @@ import java.security.SignedObject; * @test * @bug 8050374 * @summary Checks if a signed object is a copy of an original object + * @run main Copy DSA 512 + * @run main Copy SHA256withDSA 2048 */ public class Copy { private static final String DSA = "DSA"; - private static final int KEY_SIZE = 512; private static final int MAGIC = 123; public static void main(String args[]) throws Exception { + int keySize = Integer.parseInt(args[1]); KeyPairGenerator kg = KeyPairGenerator.getInstance(DSA); - kg.initialize(KEY_SIZE); + kg.initialize(keySize); KeyPair kp = kg.genKeyPair(); - Signature signature = Signature.getInstance(DSA); + String signAlgo = args[0]; + Signature signature = Signature.getInstance(signAlgo); Test original = new Test(); SignedObject so = new SignedObject(original, kp.getPrivate(), signature); System.out.println("Signature algorithm: " + so.getAlgorithm()); - signature = Signature.getInstance(DSA, System.getProperty("test.provider.name", "SUN")); + signature = Signature.getInstance(signAlgo, + System.getProperty("test.provider.name", "SUN")); if (!so.verify(kp.getPublic(), signature)) { throw new RuntimeException("Verification failed"); } kg = KeyPairGenerator.getInstance(DSA); - kg.initialize(KEY_SIZE); + kg.initialize(keySize); kp = kg.genKeyPair(); if (so.verify(kp.getPublic(), signature)) { diff --git a/test/jdk/javax/crypto/Cipher/ByteBuffers.java b/test/jdk/javax/crypto/Cipher/ByteBuffers.java index 141f1c10781..4dd6d86b476 100644 --- a/test/jdk/javax/crypto/Cipher/ByteBuffers.java +++ b/test/jdk/javax/crypto/Cipher/ByteBuffers.java @@ -27,6 +27,8 @@ * @summary Test the Cipher.update/doFinal(ByteBuffer, ByteBuffer) methods * @author Andreas Sterbenz * @key randomness + * @run main ByteBuffers DES 8 + * @run main ByteBuffers AES 16 */ import java.util.*; @@ -47,11 +49,13 @@ public class ByteBuffers { byte[] t = new byte[n]; random.nextBytes(t); - byte[] keyBytes = new byte[8]; + int keyInt = Integer.parseInt(args[1]); + byte[] keyBytes = new byte[keyInt]; random.nextBytes(keyBytes); - SecretKey key = new SecretKeySpec(keyBytes, "DES"); + String algo = args[0]; + SecretKey key = new SecretKeySpec(keyBytes, algo); - Cipher cipher = Cipher.getInstance("DES/ECB/NoPadding"); + Cipher cipher = Cipher.getInstance(algo + "/ECB/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] outBytes = cipher.doFinal(t); diff --git a/test/jdk/javax/crypto/Cipher/TestGetInstance.java b/test/jdk/javax/crypto/Cipher/TestGetInstance.java index 07ad131c736..8d261657498 100644 --- a/test/jdk/javax/crypto/Cipher/TestGetInstance.java +++ b/test/jdk/javax/crypto/Cipher/TestGetInstance.java @@ -26,10 +26,13 @@ * @bug 4898428 * @summary test that the new getInstance() implementation works correctly * @author Andreas Sterbenz + * @run main TestGetInstance DES PBEWithMD5AndTripleDES + * @run main TestGetInstance AES PBEWithHmacSHA1AndAES_128 */ import java.security.*; import java.security.spec.*; +import java.util.Locale; import javax.crypto.*; @@ -42,61 +45,64 @@ public class TestGetInstance { } public static void main(String[] args) throws Exception { + String algo = args[0]; + String algoLC = algo.toLowerCase(Locale.ROOT); + String pbeAlgo = args[1]; Provider p = Security.getProvider( System.getProperty("test.provider.name", "SunJCE")); Cipher c; - c = Cipher.getInstance("PBEWithMD5AndTripleDES"); + c = Cipher.getInstance(pbeAlgo); same(p, c.getProvider()); - c = Cipher.getInstance("des", + c = Cipher.getInstance(algoLC, System.getProperty("test.provider.name", "SunJCE")); same(p, c.getProvider()); - c = Cipher.getInstance("des/cbc/pkcs5padding", + c = Cipher.getInstance(algoLC + "/cbc/pkcs5padding", System.getProperty("test.provider.name", "SunJCE")); same(p, c.getProvider()); - c = Cipher.getInstance("des", p); + c = Cipher.getInstance(algoLC, p); same(p, c.getProvider()); - c = Cipher.getInstance("des/cbc/pkcs5padding", p); + c = Cipher.getInstance(algoLC + "/cbc/pkcs5padding", p); same(p, c.getProvider()); try { - c = Cipher.getInstance("DES/XYZ/PKCS5Padding"); + c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding"); throw new AssertionError(); } catch (NoSuchAlgorithmException e) { System.out.println(e); } try { - c = Cipher.getInstance("DES/XYZ/PKCS5Padding", + c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding", System.getProperty("test.provider.name", "SunJCE")); throw new AssertionError(); } catch (NoSuchAlgorithmException e) { System.out.println(e); } try { - c = Cipher.getInstance("DES/XYZ/PKCS5Padding", p); + c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding", p); throw new AssertionError(); } catch (NoSuchAlgorithmException e) { System.out.println(e); } try { - c = Cipher.getInstance("DES/CBC/XYZPadding"); + c = Cipher.getInstance(algo + "/CBC/XYZPadding"); throw new AssertionError(); } catch (NoSuchAlgorithmException e) { System.out.println(e); } try { - c = Cipher.getInstance("DES/CBC/XYZPadding", + c = Cipher.getInstance(algo + "/CBC/XYZPadding", System.getProperty("test.provider.name", "SunJCE")); throw new AssertionError(); } catch (NoSuchPaddingException e) { System.out.println(e); } try { - c = Cipher.getInstance("DES/CBC/XYZPadding", p); + c = Cipher.getInstance(algo + "/CBC/XYZPadding", p); throw new AssertionError(); } catch (NoSuchPaddingException e) { System.out.println(e); diff --git a/test/jdk/javax/crypto/CipherSpi/DirectBBRemaining.java b/test/jdk/javax/crypto/CipherSpi/DirectBBRemaining.java index 5a383ded6dc..9487792df08 100644 --- a/test/jdk/javax/crypto/CipherSpi/DirectBBRemaining.java +++ b/test/jdk/javax/crypto/CipherSpi/DirectBBRemaining.java @@ -27,6 +27,8 @@ * @summary Cipher.doFinal(ByteBuffer,ByteBuffer) fails to * process when in.remaining() == 0 * @key randomness + * @run main DirectBBRemaining DES 8 + * @run main DirectBBRemaining AES 16 */ import java.nio.ByteBuffer; @@ -53,11 +55,13 @@ public class DirectBBRemaining { boolean failedOnce = false; Exception failedReason = null; - byte[] keyBytes = new byte[8]; + int keyInt = Integer.parseInt(args[1]); + byte[] keyBytes = new byte[keyInt]; random.nextBytes(keyBytes); - SecretKey key = new SecretKeySpec(keyBytes, "DES"); + String algo = args[0]; + SecretKey key = new SecretKeySpec(keyBytes, algo); - Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding", + Cipher cipher = Cipher.getInstance(algo + "/CBC/PKCS5Padding", System.getProperty("test.provider.name", "SunJCE")); cipher.init(Cipher.ENCRYPT_MODE, key); diff --git a/test/jdk/javax/crypto/CryptoPermission/AllPermCheck.java b/test/jdk/javax/crypto/CryptoPermission/AllPermCheck.java index ea0ae4ab925..c2fef8785e1 100644 --- a/test/jdk/javax/crypto/CryptoPermission/AllPermCheck.java +++ b/test/jdk/javax/crypto/CryptoPermission/AllPermCheck.java @@ -29,6 +29,8 @@ * crypto permssion checks failed. * @author Valerie Peng * @key randomness + * @run main AllPermCheck DES + * @run main AllPermCheck AES */ import java.io.*; @@ -86,7 +88,8 @@ public class AllPermCheck { public static void main(String[] args) throws Exception { Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE")); System.out.println("Testing provider " + p.getName() + "..."); - if (Cipher.getMaxAllowedKeyLength("DES") == Integer.MAX_VALUE) { + String transformation = args[0]; + if (Cipher.getMaxAllowedKeyLength(transformation) == Integer.MAX_VALUE) { // skip this test for unlimited jurisdiction policy files System.out.println("Skip this test due to unlimited version"); return; diff --git a/test/jdk/javax/crypto/CryptoPermission/LowercasePermCheck.java b/test/jdk/javax/crypto/CryptoPermission/LowercasePermCheck.java index a8eca5f6830..97f6f4fd103 100644 --- a/test/jdk/javax/crypto/CryptoPermission/LowercasePermCheck.java +++ b/test/jdk/javax/crypto/CryptoPermission/LowercasePermCheck.java @@ -48,7 +48,7 @@ public class LowercasePermCheck { public static void main(String[] args) throws Exception { Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE")); System.out.println("Testing provider " + p.getName() + "..."); - if (Cipher.getMaxAllowedKeyLength("DES") == Integer.MAX_VALUE) { + if (Cipher.getMaxAllowedKeyLength("AES") == Integer.MAX_VALUE) { // skip this test for unlimited jurisdiction policy files System.out.println("Skip this test due to unlimited version"); return; diff --git a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java index 6be4ef9bbdf..cc0adc18e56 100644 --- a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java +++ b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpec.java @@ -26,6 +26,8 @@ * @bug 4508341 * @summary Test the EncryptedPrivateKeyInfo.getKeySpec(...) methods. * @author Valerie Peng + * @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpec + * @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpec */ import java.util.*; import java.nio.*; @@ -37,12 +39,13 @@ import javax.crypto.*; import javax.crypto.spec.*; public class GetKeySpec { - private static final String cipherAlg = "PBEWithMD5AndDES"; + private static String cipherAlg; private static final char[] passwd = { 'p','a','s','s','w','d' }; private static AlgorithmParameters GOOD_PARAMS; static { try { + cipherAlg = System.getProperty("cipherAlg"); PBEParameterSpec goodParamSpec = new PBEParameterSpec(new byte[8], 1024); GOOD_PARAMS = AlgorithmParameters.getInstance @@ -55,7 +58,8 @@ public class GetKeySpec { } private static String pkcs8Encoded = "30:82:01:53:02:01:00:30:0D:06:09:2A:86:48:86:F7:0D:01:01:01:05:00:04:82:01:3D:30:82:01:39:02:01:00:02:40:6E:A4:13:65:97:A2:C2:47:5E:F2:23:6B:94:D8:D7:25:13:BB:A4:AE:8A:AA:A7:27:A4:9A:04:DC:15:F7:9B:E4:39:18:99:9E:27:EA:92:BB:D0:0E:F3:26:F4:95:89:33:02:65:6D:84:69:2C:CE:B7:FA:68:8E:FE:8D:63:44:6B:02:03:01:00:01:02:40:59:6E:1C:13:98:FE:C1:04:89:75:35:36:27:29:22:B5:E0:7E:62:BD:86:6E:2C:10:7A:16:D8:68:C1:04:D4:A7:10:41:F7:B9:B4:84:05:03:A5:C0:28:73:24:A7:24:F1:1B:C3:4F:BF:05:20:D0:D9:00:08:7F:C3:29:64:1B:29:02:21:00:C4:63:4D:0C:32:51:44:AE:DD:90:A9:B7:B6:C2:6B:11:BE:D2:07:E7:B5:C2:4A:9F:4D:0F:2F:30:5F:E6:1C:6D:02:21:00:90:39:A4:2D:93:0B:08:AF:2F:6F:18:CC:1A:EF:B6:E6:01:E7:21:3A:7F:45:C7:3F:39:12:B8:CC:DF:44:2D:37:02:21:00:B3:9B:61:9E:B2:F2:12:4F:9E:C1:2C:06:A1:B5:A3:38:62:7D:31:CF:9F:32:67:0E:D3:E9:FC:2D:50:B7:61:ED:02:20:5B:FD:77:FB:5D:A3:97:09:6E:1E:D5:59:32:01:1D:CE:7C:FE:38:12:80:A5:38:1D:DA:40:57:C0:CC:D3:46:67:02:20:52:EC:61:05:0D:EC:8A:ED:F7:1E:95:67:D0:7C:8B:D9:AA:A5:33:B8:26:26:2E:8F:D7:A7:18:16:2A:83:63:5C"; - private static String encryptedPKCS8 = "AE:20:81:4F:4D:38:73:C0:51:70:42:DA:C2:EF:61:49:07:E9:B5:D5:55:6D:D1:50:54:B2:0B:41:3E:2F:B6:00:BC:30:89:7B:32:A5:5F:B6:86:92:9E:06:6E:E2:40:8E:3E:E8:0B:CA:97:DB:3E:72:3E:03:22:34:35:EA:5F:B0:71:B2:07:BC:0D:97:94:0A:E6:12:9B:60:7A:77:D4:6C:99:60:2E:68:D6:55:BE:83:B8:A9:0F:19:8A:BE:91:30:D0:FE:52:94:5A:4C:D7:24:07:B3:61:EB:B5:4A:C6:6F:96:8A:C0:20:E9:73:40:FA:A2:56:04:F2:43:35:90:EA:35:C9:8C:08:9D:0B:BC:37:F0:01:D5:DF:BE:E4:4A:57:E0:13:0C:D5:F0:E8:5C:3B:B3:CD:7E:B5:E8:A5:84:63:F6:DA:3E:F2:CF:53:1F:A2:86:44:61:DD:AF:C1:78:70:3A:E6:06:41:77:6C:5B:8D:FA:C4:39:D7:4D:2F:87:D8:31:F4:B6:2B:94:D9:87:17:0E:C8:E3:FA:54:C8:B2:44:56:E0:37:5F:4C:5D:B2:21:DD:15:9E:94:63:89:CF:07:8C:79:F8:65:B2:22:45:D5:F0:2A:70:19:61:16:1D:52:5E:0C:35:3B:20:88:17:7E:FD:05:CC:08:09:2F:05:61:F7:A8:F5:EA:DE:77:DE:5D:55:4E:A0:36:A1:13:FF:2D:57:E8:4E:06:CE:C9:C1:B1:AE:C6:52:A6:EB:35:4C:81:91:DE:71:BA:34:DA:8A:99:1A:47:2E:66:52:AF:E3:2A:E4:0A:27:7F:72:C4:90:7E:8D:8F:64:8D:21:7E:00:DC:1C:62:0F:CC:96:80:C7:E5:5B:70:48:A5:E7:34:27:1A:7C:48:A7:9E:8B:2B:A6:E2"; + private static String sha1EncryptedPKCS8 = "0D:CA:00:8F:64:91:9C:60:36:F5:9B:BD:DD:C5:A9:A2:27:9E:6B:AE:CB:23:0E:2F:DA:76:03:A5:B7:C0:D5:3E:B9:03:60:62:41:2C:D6:51:37:F0:D9:ED:B2:CC:E7:99:28:03:CD:20:5D:EC:56:77:FC:61:57:D7:8C:F3:F6:10:F7:E5:BA:88:04:FE:1A:17:B3:8C:36:BF:70:2D:CD:6F:BF:83:ED:03:41:22:95:68:E3:08:90:76:B5:97:CB:FF:CE:51:27:14:F6:38:00:22:E9:0F:86:9F:64:D2:47:34:F6:50:DA:A9:80:F5:67:BF:C7:51:B3:38:AF:CD:15:96:50:8F:33:F3:8B:43:4C:AF:ED:DD:37:03:EC:B1:CC:57:53:0A:AF:0D:53:CD:D7:2B:A2:20:C5:37:AF:09:78:8E:3F:A0:E4:EC:22:C6:71:EC:D1:42:15:9D:1D:E9:E3:9D:8F:D6:0B:2A:99:C9:C8:90:B1:CD:AB:17:DD:A3:6F:64:43:23:26:25:7B:A5:E0:1F:2E:AF:18:89:C8:D6:97:28:32:A1:01:22:6F:14:B6:6C:4E:8A:83:47:16:99:51:B4:8D:85:9E:AB:00:B5:18:BB:49:97:47:59:F8:A7:A8:64:76:3F:41:5F:71:1A:F3:4A:96:F2:B4:44:38:42:4B:AE:0F:08:83:5C:33:F8:6A:8F:B9:6A:3D:1C:06:02:4E:07:48:46:E0:6D:6D:ED:E8:19:CB:3F:B0:6F:10:68:3A:5E:F5:8F:94:EF:B4:8B:58:5F:50:0A:E5:F2:13:54:59:14:99:C5:74:02:A2:B1:73:16:7F:F2:D4:DE:E0:12:86:55:46:9C:57:D1:7A:5C:8B:46:E1:7E:C3:32:14:31:52:64:07:52:9D:65:04:9D:54:89"; + private static String md5EncryptedPKCS8 = "AE:20:81:4F:4D:38:73:C0:51:70:42:DA:C2:EF:61:49:07:E9:B5:D5:55:6D:D1:50:54:B2:0B:41:3E:2F:B6:00:BC:30:89:7B:32:A5:5F:B6:86:92:9E:06:6E:E2:40:8E:3E:E8:0B:CA:97:DB:3E:72:3E:03:22:34:35:EA:5F:B0:71:B2:07:BC:0D:97:94:0A:E6:12:9B:60:7A:77:D4:6C:99:60:2E:68:D6:55:BE:83:B8:A9:0F:19:8A:BE:91:30:D0:FE:52:94:5A:4C:D7:24:07:B3:61:EB:B5:4A:C6:6F:96:8A:C0:20:E9:73:40:FA:A2:56:04:F2:43:35:90:EA:35:C9:8C:08:9D:0B:BC:37:F0:01:D5:DF:BE:E4:4A:57:E0:13:0C:D5:F0:E8:5C:3B:B3:CD:7E:B5:E8:A5:84:63:F6:DA:3E:F2:CF:53:1F:A2:86:44:61:DD:AF:C1:78:70:3A:E6:06:41:77:6C:5B:8D:FA:C4:39:D7:4D:2F:87:D8:31:F4:B6:2B:94:D9:87:17:0E:C8:E3:FA:54:C8:B2:44:56:E0:37:5F:4C:5D:B2:21:DD:15:9E:94:63:89:CF:07:8C:79:F8:65:B2:22:45:D5:F0:2A:70:19:61:16:1D:52:5E:0C:35:3B:20:88:17:7E:FD:05:CC:08:09:2F:05:61:F7:A8:F5:EA:DE:77:DE:5D:55:4E:A0:36:A1:13:FF:2D:57:E8:4E:06:CE:C9:C1:B1:AE:C6:52:A6:EB:35:4C:81:91:DE:71:BA:34:DA:8A:99:1A:47:2E:66:52:AF:E3:2A:E4:0A:27:7F:72:C4:90:7E:8D:8F:64:8D:21:7E:00:DC:1C:62:0F:CC:96:80:C7:E5:5B:70:48:A5:E7:34:27:1A:7C:48:A7:9E:8B:2B:A6:E2"; private static byte[] parse(String s) { try { @@ -99,7 +103,7 @@ public class GetKeySpec { throw new Exception("Static parameter generation failed"); } byte[] encodedKey = parse(pkcs8Encoded); - byte[] encryptedData = parse(encryptedPKCS8); + byte[] encryptedData = parse(cipherAlg.contains("MD5") ? md5EncryptedPKCS8 : sha1EncryptedPKCS8); boolean result = true; Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE")); diff --git a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java index 7be1023aafe..f55f1eea42c 100644 --- a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java +++ b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException.java @@ -28,6 +28,8 @@ * @summary Test the error conditions of * EncryptedPrivateKeyInfo.getKeySpec(...) methods. * @author Valerie Peng + * @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpecException + * @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpecException */ import java.security.*; import java.util.Arrays; @@ -37,7 +39,7 @@ import javax.crypto.*; import javax.crypto.spec.*; public class GetKeySpecException { - private static final String cipherAlg = "PBEWithMD5AndDES"; + private static String cipherAlg; private static final char[] passwd = { 'p','a','s','s','w','d' }; private static SecretKey cipherKey; private static Cipher cipher = null; @@ -50,6 +52,7 @@ public class GetKeySpecException { static { try { + cipherAlg = System.getProperty("cipherAlg"); sunjce = Security.getProvider(System.getProperty("test.provider.name", "SunJCE")); PBEParameterSpec badParamSpec = new PBEParameterSpec(new byte[10], 10); diff --git a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java index ef2d6acdef7..1fad8b70071 100644 --- a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java +++ b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecException2.java @@ -28,6 +28,8 @@ * with wrong mode with EncryptedPrivateKeyInfo.getKeySpec * (Cipher) method. * @author Valerie Peng + * @run main GetKeySpecException2 PBEWithMD5AndDES + * @run main GetKeySpecException2 PBEWithSHA1AndDESede */ import java.security.*; import java.util.Arrays; @@ -38,11 +40,10 @@ import javax.crypto.interfaces.PBEKey; import javax.crypto.spec.*; public class GetKeySpecException2 { - private static final String cipherAlg = "PBEWithMD5AndDES"; private static final char[] passwd = { 'p','a','s','s','w','d' }; - public static void main(String[] argv) throws Exception { - + public static void main(String[] args) throws Exception { + String cipherAlg = args[0]; // use random data byte[] encryptedData = new byte[30]; encryptedData[20] = (byte) 8; diff --git a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java index a6aa3c86222..40c112b42ee 100644 --- a/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java +++ b/test/jdk/javax/crypto/EncryptedPrivateKeyInfo/GetKeySpecInvalidEncoding.java @@ -28,6 +28,8 @@ * methods with scenarios where the decrypted bytes are not * encoded correctly per PKCS#8 standard. * @author Valerie Peng + * @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpecInvalidEncoding + * @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpecInvalidEncoding */ import java.util.*; import java.nio.*; @@ -39,12 +41,13 @@ import javax.crypto.*; import javax.crypto.spec.*; public class GetKeySpecInvalidEncoding { - private static final String cipherAlg = "PBEWithMD5AndDES"; + private static String cipherAlg; private static final char[] passwd = { 'p','a','s','s', 'w', 'd' }; private static AlgorithmParameters GOOD_PARAMS; static { try { + cipherAlg = System.getProperty("cipherAlg"); PBEParameterSpec goodParamSpec = new PBEParameterSpec(new byte[8], 6); GOOD_PARAMS = AlgorithmParameters.getInstance diff --git a/test/jdk/javax/crypto/KeyGenerator/TestGetInstance.java b/test/jdk/javax/crypto/KeyGenerator/TestGetInstance.java index 3863fc98154..96e8f794d9b 100644 --- a/test/jdk/javax/crypto/KeyGenerator/TestGetInstance.java +++ b/test/jdk/javax/crypto/KeyGenerator/TestGetInstance.java @@ -26,6 +26,8 @@ * @bug 4898428 * @summary test that the new getInstance() implementation works correctly * @author Andreas Sterbenz + * @run main TestGetInstance des + * @run main TestGetInstance aes */ import java.security.*; @@ -47,12 +49,13 @@ public class TestGetInstance { KeyGenerator kg; - kg = KeyGenerator.getInstance("des"); + String algo = args[0]; + kg = KeyGenerator.getInstance(algo); System.out.println("Default: " + kg.getProvider().getName()); - kg = KeyGenerator.getInstance("des", + kg = KeyGenerator.getInstance(algo, System.getProperty("test.provider.name", "SunJCE")); same(p, kg.getProvider()); - kg = KeyGenerator.getInstance("des", p); + kg = KeyGenerator.getInstance(algo, p); same(p, kg.getProvider()); try { diff --git a/test/jdk/javax/crypto/Mac/ByteBuffers.java b/test/jdk/javax/crypto/Mac/ByteBuffers.java index 39efee91798..eafd2b89e1a 100644 --- a/test/jdk/javax/crypto/Mac/ByteBuffers.java +++ b/test/jdk/javax/crypto/Mac/ByteBuffers.java @@ -27,6 +27,8 @@ * @summary Test the Mac.update(ByteBuffer) method * @author Andreas Sterbenz * @key randomness + * @run main ByteBuffers HmacMD5 + * @run main ByteBuffers HmacSha256 */ import java.util.*; @@ -46,11 +48,12 @@ public class ByteBuffers { byte[] t = new byte[n]; random.nextBytes(t); + String algo = args[0]; byte[] keyBytes = new byte[16]; random.nextBytes(keyBytes); - SecretKey key = new SecretKeySpec(keyBytes, "HmacMD5"); + SecretKey key = new SecretKeySpec(keyBytes, algo); - Mac mac = Mac.getInstance("HmacMD5"); + Mac mac = Mac.getInstance(algo); mac.init(key); byte[] macValue = mac.doFinal(t); diff --git a/test/jdk/javax/crypto/Mac/TestGetInstance.java b/test/jdk/javax/crypto/Mac/TestGetInstance.java index 0361bc0b8d0..85982799bd0 100644 --- a/test/jdk/javax/crypto/Mac/TestGetInstance.java +++ b/test/jdk/javax/crypto/Mac/TestGetInstance.java @@ -26,6 +26,8 @@ * @bug 4898428 * @summary test that the new getInstance() implementation works correctly * @author Andreas Sterbenz + * @run main TestGetInstance hmacmd5 + * @run main TestGetInstance hmacsha256 */ import java.security.*; @@ -47,11 +49,12 @@ public class TestGetInstance { Mac mac; - mac = Mac.getInstance("hmacmd5"); + String algo = args[0]; + mac = Mac.getInstance(algo); System.out.println("Default: " + mac.getProvider().getName()); - mac = Mac.getInstance("hmacmd5", System.getProperty("test.provider.name", "SunJCE")); + mac = Mac.getInstance(algo, System.getProperty("test.provider.name", "SunJCE")); same(p, mac.getProvider()); - mac = Mac.getInstance("hmacmd5", p); + mac = Mac.getInstance(algo, p); same(p, mac.getProvider()); try { diff --git a/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java b/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java index 1e389eb613f..9f3d72f8983 100644 --- a/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java +++ b/test/jdk/sun/security/pkcs/pkcs10/PKCS10AttrEncoding.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,7 +30,8 @@ * java.base/sun.security.util * java.base/sun.security.x509 * @compile -XDignore.symbol.file PKCS10AttrEncoding.java - * @run main PKCS10AttrEncoding + * @run main PKCS10AttrEncoding DSA 512 + * @run main PKCS10AttrEncoding Sha256withDSA 2048 */ import java.security.KeyPair; import java.security.KeyPairGenerator; @@ -69,11 +70,13 @@ public class PKCS10AttrEncoding { constructedMap.put(ids[j], values[j]); } + String kpgAlgorithm = "DSA"; X500Name subject = new X500Name("cn=Test"); - KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA"); - String sigAlg = "DSA"; + KeyPairGenerator keyGen = KeyPairGenerator.getInstance(kpgAlgorithm); + String sigAlg = args[0]; + int keySize = Integer.parseInt(args[1]); - keyGen.initialize(512); + keyGen.initialize(keySize); KeyPair pair = keyGen.generateKeyPair(); X509Key publicKey = (X509Key) pair.getPublic(); diff --git a/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java b/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java index 30f9392cfde..7d8333e6aa5 100644 --- a/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java +++ b/test/jdk/sun/security/pkcs/pkcs7/SignerOrder.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,7 +29,8 @@ * @modules java.base/sun.security.pkcs * java.base/sun.security.util * java.base/sun.security.x509 - * @run main SignerOrder + * @run main SignerOrder default 1024 + * @run main SignerOrder Sha256 2048 */ import java.io.IOException; import java.math.BigInteger; @@ -62,20 +63,21 @@ public class SignerOrder { static final byte[] data1 = "12345".getBytes(); static final byte[] data2 = "abcde".getBytes(); - public static void main(String[] argv) throws Exception { - + public static void main(String[] args) throws Exception { + String digestAlg = "default".equals(args[0]) ? null : args[0]; + int keySize = Integer.parseInt(args[1]); SignerInfo[] signerInfos = new SignerInfo[9]; - SimpleSigner signer1 = new SimpleSigner(null, null, null, null); + SimpleSigner signer1 = new SimpleSigner(digestAlg, null, null, null, keySize); signerInfos[8] = signer1.genSignerInfo(data1); signerInfos[7] = signer1.genSignerInfo(new byte[]{}); signerInfos[6] = signer1.genSignerInfo(data2); - SimpleSigner signer2 = new SimpleSigner(null, null, null, null); + SimpleSigner signer2 = new SimpleSigner(digestAlg, null, null, null, keySize); signerInfos[5] = signer2.genSignerInfo(data1); signerInfos[4] = signer2.genSignerInfo(new byte[]{}); signerInfos[3] = signer2.genSignerInfo(data2); - SimpleSigner signer3 = new SimpleSigner(null, null, null, null); + SimpleSigner signer3 = new SimpleSigner(digestAlg, null, null, null, keySize); signerInfos[2] = signer3.genSignerInfo(data1); signerInfos[1] = signer3.genSignerInfo(new byte[]{}); signerInfos[0] = signer3.genSignerInfo(data2); @@ -156,28 +158,33 @@ class SimpleSigner { public SimpleSigner(String digestAlg, String encryptionAlg, KeyPair keyPair, - X500Name agent) throws Exception { + X500Name agent, + int keySize) throws Exception { + String signAlgoDigest; if (agent == null) { agent = new X500Name("cn=test"); } - if (digestAlg == null) { - digestAlg = "SHA"; - } if (encryptionAlg == null) { encryptionAlg = "DSA"; } + if (digestAlg == null) { + digestAlg = "SHA"; + signAlgoDigest = encryptionAlg; + } else { + signAlgoDigest = digestAlg + "with" + encryptionAlg; + } if (keyPair == null) { KeyPairGenerator keyGen = KeyPairGenerator.getInstance(encryptionAlg); - keyGen.initialize(1024); + keyGen.initialize(keySize); keyPair = keyGen.generateKeyPair(); } publicKey = (X509Key) keyPair.getPublic(); privateKey = keyPair.getPrivate(); if ("DSA".equals(encryptionAlg)) { - this.sig = Signature.getInstance(encryptionAlg); + this.sig = Signature.getInstance(signAlgoDigest); } else { // RSA this.sig = Signature.getInstance(digestAlg + "/" + encryptionAlg); } diff --git a/test/jdk/sun/security/rsa/TestKeyPairGenerator.java b/test/jdk/sun/security/rsa/TestKeyPairGenerator.java index ea4d92fd6a3..f5bd6c47f3b 100644 --- a/test/jdk/sun/security/rsa/TestKeyPairGenerator.java +++ b/test/jdk/sun/security/rsa/TestKeyPairGenerator.java @@ -86,9 +86,10 @@ public class TestKeyPairGenerator { } // regression test for 4865198 - private static void testInvalidSignature(KeyPair kp1, KeyPair kp2) throws Exception { + private static void testInvalidSignature(KeyPair kp1, KeyPair kp2, String signAlgo) + throws Exception { System.out.println("Testing signature with incorrect key..."); - Signature sig = Signature.getInstance("MD5withRSA", provider); + Signature sig = Signature.getInstance(signAlgo, provider); sig.initSign(kp1.getPrivate()); byte[] data = new byte[100]; sig.update(data); @@ -153,9 +154,14 @@ public class TestKeyPairGenerator { } test(privateKey, publicKey); } - testInvalidSignature(keyPairs[0], keyPairs[1]); - testInvalidSignature(keyPairs[0], keyPairs[2]); - testInvalidSignature(keyPairs[2], keyPairs[0]); + String md5Algo = "MD5withRSA"; + String sha256Algo = "Sha256withRSA"; + testInvalidSignature(keyPairs[0], keyPairs[1], md5Algo); + testInvalidSignature(keyPairs[0], keyPairs[2], md5Algo); + testInvalidSignature(keyPairs[2], keyPairs[0], md5Algo); + testInvalidSignature(keyPairs[0], keyPairs[1], sha256Algo); + testInvalidSignature(keyPairs[0], keyPairs[2], sha256Algo); + testInvalidSignature(keyPairs[2], keyPairs[0], sha256Algo); long stop = System.currentTimeMillis(); System.out.println("All tests passed (" + (stop - start) + " ms)."); } diff --git a/test/jdk/sun/security/rsa/pss/InitAgain.java b/test/jdk/sun/security/rsa/pss/InitAgain.java index 9b1963c2ee0..9fe8d1a0131 100644 --- a/test/jdk/sun/security/rsa/pss/InitAgain.java +++ b/test/jdk/sun/security/rsa/pss/InitAgain.java @@ -29,18 +29,23 @@ import jdk.test.lib.security.SecurityUtils; * @bug 8205445 * @library /test/lib * @summary Make sure old state is cleared when init is called again + * @run main InitAgain default + * @run main InitAgain SHA-256 */ public class InitAgain { public static void main(String[] args) throws Exception { + String mdName = args[0]; + PSSParameterSpec pssParamSpec = "default".equals(mdName) ? PSSParameterSpec.DEFAULT : + new PSSParameterSpec(mdName, "MGF1", new MGF1ParameterSpec(mdName), 20, 1); byte[] msg = "hello".getBytes(); Signature s1 = Signature.getInstance("RSASSA-PSS"); Signature s2 = Signature.getInstance("RSASSA-PSS"); - s1.setParameter(PSSParameterSpec.DEFAULT); - s2.setParameter(PSSParameterSpec.DEFAULT); + s1.setParameter(pssParamSpec); + s2.setParameter(pssParamSpec); String kpgAlgorithm = "RSA"; KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm); diff --git a/test/jdk/sun/security/tools/keytool/KeyToolTest.java b/test/jdk/sun/security/tools/keytool/KeyToolTest.java index 7b5f4d5556e..954951a1a78 100644 --- a/test/jdk/sun/security/tools/keytool/KeyToolTest.java +++ b/test/jdk/sun/security/tools/keytool/KeyToolTest.java @@ -68,6 +68,7 @@ import java.security.NoSuchAlgorithmException; import java.util.*; import java.security.cert.X509Certificate; import jdk.test.lib.util.FileUtils; +import jdk.test.lib.security.SecurityUtils; import sun.security.util.ObjectIdentifier; @@ -103,6 +104,8 @@ public class KeyToolTest { "-srcproviderName SunPKCS11-nzz " + "-addprovider SunPKCS11 " + "-providerArg p11-nzz.txt "; + private static final int KEY_LENGTH_DSA = SecurityUtils.getTestKeySize("DSA"); + private static final int KEY_LENGTH_RSA = SecurityUtils.getTestKeySize("RSA"); String p11Arg, srcP11Arg; @@ -192,7 +195,7 @@ public class KeyToolTest { // SunPKCS11-NSS does not support SHA256withDSA yet. if (cmd.contains("p11-nss.txt") && cmd.contains("-genkey") && cmd.contains("DSA")) { - cmd += " -sigalg SHA1withDSA -keysize 1024"; + cmd += " -sigalg SHA256withDSA -keysize " + KEY_LENGTH_DSA; } test(input, cmd); } catch(Exception e) { @@ -955,6 +958,9 @@ public class KeyToolTest { // sig not compatible testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -selfcert -sigalg MD5withRSA"); + // sig not compatible + testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + + "-keypass changeit -selfcert -sigalg SHA256withRSA"); // bad pass testFail("", "-keystore x.jks -storetype JKS -storepass wrong " + "-keypass changeit -selfcert"); @@ -1062,10 +1068,10 @@ public class KeyToolTest { "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 999 " + "-alias n5"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 512 " + + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 2048 " + "-alias n6"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024 " + + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 3072 " + "-alias n7"); testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " + @@ -1076,6 +1082,9 @@ public class KeyToolTest { testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + "-sigalg MD5withRSA -alias n10"); + testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + + "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + + "-sigalg SHA256withRSA -alias n10-1"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + "-sigalg SHA1withRSA -alias n11"); @@ -1152,16 +1161,20 @@ public class KeyToolTest { remove("csr1"); // PrivateKeyEntry can do certreq testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024"); + "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize " + + KEY_LENGTH_DSA); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-certreq -file csr1 -alias mykey"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-certreq -file csr1"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-certreq -file csr1 -sigalg SHA1withDSA"); - // unmatched sigalg + "-certreq -file csr1 -sigalg SHA256withDSA"); + // unmatched md5 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + "-certreq -file csr1 -sigalg MD5withRSA"); + // unmatched sha + testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + + "-certreq -file csr1 -sigalg SHA256withRSA"); // misc test // bad storepass testFail("", "-keystore x.jks -storetype JKS -storepass badstorepass " + @@ -1192,9 +1205,9 @@ public class KeyToolTest { "-certreq -file csr1"); // unmatched sigalg testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-certreq -file csr1 -sigalg SHA1withDSA"); + "-certreq -file csr1 -sigalg SHA256withDSA"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + - "-certreq -file csr1 -sigalg MD5withRSA"); + "-certreq -file csr1 -sigalg SHA256withRSA"); // TrustedCertificateEntry cannot do certreq testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-exportcert -file x.jks.p1.cert"); @@ -1222,6 +1235,9 @@ public class KeyToolTest { testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-keypass changeit -genkeypair -dname CN=weak -keyalg rsa " + "-keysize 512 -sigalg MD5withRSA -alias myweakkey"); + testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + + "-keypass changeit -genkeypair -dname CN=weak -keyalg rsa -keysize " + + KEY_LENGTH_RSA + " -sigalg SHA256withRSA -alias myweakkey-sha"); testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + "-export -file myweakkey.cert -alias myweakkey"); testFail("", "-printcert -file badkeystore"); @@ -1673,31 +1689,32 @@ public class KeyToolTest { remove("x.jks"); testOK("", "-help"); - // 2. keytool -genkey -keyalg DSA -v -keysize 512 Enter "a" for the keystore + // 2. keytool -genkey -keyalg DSA -v -keysize Enter "a" for the keystore // password. Check error (password too short). Enter "password" for // the keystore password. Hit 'return' for "first and last name", // "organizational unit", "City", "State", and "Country Code". // Type "yes" when they ask you if everything is correct. // Type 'return' for new key password. testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n", - "-genkey -keyalg DSA -v -keysize 512 -keystore x.jks -storetype JKS"); + "-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA + " -keystore x.jks " + + "-storetype JKS"); // 3. keytool -list -v -storepass password testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS"); // 4. keytool -list -v Type "a" for the keystore password. // Check error (wrong keystore password). testFail("a\n", "-list -v -keystore x.jks -storetype JKS"); assertTrue(ex.indexOf("password was incorrect") != -1); - // 5. keytool - -keyalg DSA -v -keysize 512 Enter "password" as the password. + // 5. keytool - -keyalg DSA -v -keysize Enter "password" as the password. // Check error (alias 'mykey' already exists). - testFail("password\n", "-genkey -keyalg DSA -v -keysize 512" + + testFail("password\n", "-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA + " -keystore x.jks -storetype JKS"); assertTrue(ex.indexOf("alias already exists") != -1); - // 6. keytool -genkey -keyalg DSA -v -keysize 512 -alias mykey2 -storepass password + // 6. keytool -genkey -keyalg DSA -v -keysize -alias mykey2 -storepass password // Hit 'return' for "first and last name", "organizational unit", "City", // "State", and "Country Code". Type "yes" when they ask you if // everything is correct. Type 'return' for new key password. - testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize 512 -alias mykey2" + - " -storepass password -keystore x.jks -storetype JKS"); + testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA + + " -alias mykey2 -storepass password -keystore x.jks -storetype JKS"); // 7. keytool -list -v Type 'password' for the store password. testOK("password\n", "-list -v -keystore x.jks -storetype JKS"); // 8. keytool -keypasswd -v -alias mykey2 -storepass password @@ -1777,7 +1794,7 @@ public class KeyToolTest { // 1. sccs edit cert8.db key3.db //Runtime.getRuntime().exec("/usr/bin/sccs edit cert8.db key3.db"); testOK("", p11Arg + ("-storepass test12 -genkey -alias genkey" + - " -dname cn=genkey -keysize 512 -keyalg rsa")); + " -dname cn=genkey -keysize " + KEY_LENGTH_RSA + " -keyalg rsa")); testOK("", p11Arg + "-storepass test12 -list"); testOK("", p11Arg + "-storepass test12 -list -alias genkey"); testOK("", p11Arg +