jdk-24/test/jdk/sun/security/ec/ECDSAPrvGreaterThanOrder.java
2021-09-02 17:54:08 +00:00

108 lines
4.3 KiB
Java

/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 8272385
* @summary Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider
* @run main ECDSAPrvGreaterThanOrder
*/
import javax.crypto.KeyAgreement;
import java.math.BigInteger;
import java.security.*;
import java.security.interfaces.ECPrivateKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPrivateKeySpec;
import java.util.List;
public class ECDSAPrvGreaterThanOrder {
private static final List<String> CURVE_NAMES =
List.of("secp256r1", "secp384r1", "secp521r1");
public static void main(String[] args) throws Exception {
for (String curveName : CURVE_NAMES) {
ECPrivateKey ecPrivKey = makePrivateKey(curveName);
// Check using the private key for creating a digital signature
Signature sig = null;
KeyAgreement ka = null;
try {
sig = Signature.getInstance("SHA256withECDSA",
"SunEC");
sig.initSign(ecPrivKey);
throw new RuntimeException("Expected exception for " +
"ECDSA/" + sig.getAlgorithm() + "/" + curveName +
" not thrown.");
} catch (InvalidKeyException ike) {
// We are expecting this to be caught
System.out.println("Caught expected exception for " +
"ECDSA/" + sig.getAlgorithm() + "/" + curveName +
": " + ike);
}
// Next, try starting a ECDH operation
try {
ka = KeyAgreement.getInstance("ECDH", "SunEC");
ka.init(ecPrivKey);
throw new RuntimeException("Expected exception for ECDH/" +
curveName + " not thrown.");
} catch (InvalidKeyException ike) {
// We are expecting this to be caught
System.out.println("Caught expected exception for ECDH/" +
curveName + ": " + ike);
}
}
}
private static ECPrivateKey makePrivateKey(String curveName) {
try {
System.out.println("Creating private key for curve " + curveName);
AlgorithmParameters params = AlgorithmParameters.getInstance(
"EC", "SunEC");
params.init(new ECGenParameterSpec(curveName));
ECParameterSpec ecParameters = params.getParameterSpec(
ECParameterSpec.class);
BigInteger order = ecParameters.getOrder(); // the N value
System.out.println("Order is: " + order);
// Create a private key value (d) that is outside the range
// [1, N-1]
BigInteger dVal = order.add(BigInteger.TWO);
System.out.println("Modified d Value is: " + dVal);
// Create the private key
KeyFactory kf = KeyFactory.getInstance("EC", "SunEC");
return (ECPrivateKey)kf.generatePrivate(
new ECPrivateKeySpec(dVal, ecParameters));
} catch (GeneralSecurityException gse) {
throw new RuntimeException("Unexpected error creating private key",
gse);
}
}
}