jdk-24/test/jdk/sun/security/pkcs11
Weijun Wang 0203c7e612 8318340: Improve RSA key implementations
Reviewed-by: rhalade, mschoene, valeriep, mullan
2024-04-16 11:17:05 +05:30
..
Cipher 8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock 2023-07-20 16:39:17 +00:00
Config 8321713: Harmonize executeTestJvm with create[Limited]TestJavaProcessBuilder 2024-01-03 08:53:01 +00:00
ec 8308398: Move SunEC crypto provider into java.base 2023-07-17 17:38:54 +00:00
KeyAgreement 8267184: Add -Djava.security.manager=allow to tests calling System.setSecurityManager 2021-05-24 16:55:55 +00:00
KeyGenerator 8267319: Use larger default key sizes and algorithms based on CNSA 2022-03-24 22:50:26 +00:00
KeyPairGenerator 8295425: Match the default priv exp length between SunPKCS11 and other JDK providers 2023-03-01 22:40:50 +00:00
KeyStore 8314283: Support for NSS tests on aarch64 platforms 2023-10-11 16:44:22 +00:00
Mac 8328556: Do not extract large CKO_SECRET_KEY keys from the NSS Software Token 2024-03-22 15:28:05 +00:00
MessageDigest 8312428: PKCS11 tests fail with NSS 3.91 2023-08-29 22:08:34 +00:00
nss 8313575: Refactor PKCS11Test tests 2023-09-05 23:08:25 +00:00
Provider 8319128: sun/security/pkcs11 tests fail on OL 7.9 aarch64 2024-01-11 15:19:48 +00:00
rsa 8313575: Refactor PKCS11Test tests 2023-09-05 23:08:25 +00:00
Secmod 8296631: NSS tests failing on OL9 linux-aarch64 hosts 2023-10-02 22:43:48 +00:00
SecretKeyFactory 8301553: Support Password-Based Cryptography in SunPKCS11 2023-06-06 19:39:34 +00:00
SecureRandom 8313206: PKCS11 tests silently skip execution 2023-08-08 20:21:16 +00:00
Serialize 8164639: Configure PKCS11 tests to use user-supplied NSS libraries 2018-08-15 18:41:18 +08:00
Signature 8325164: Named groups and signature schemes unavailable with SunPKCS11 in FIPS mode 2024-03-13 19:09:52 +00:00
sslecc 8161536: sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java fails with ProviderException 2023-09-05 17:51:12 +00:00
tls 8325164: Named groups and signature schemes unavailable with SunPKCS11 in FIPS mode 2024-03-13 19:09:52 +00:00
PKCS11Test.java 8318340: Improve RSA key implementations 2024-04-16 11:17:05 +05:30
policy 8187443: Forest Consolidation: Move files to unified layout 2017-09-12 19:03:39 +02:00
PSSUtil.java 8312428: PKCS11 tests fail with NSS 3.91 2023-08-29 22:08:34 +00:00
README 8295343: sun/security/pkcs11 tests fail on Linux RHEL 8.6 and newer 2023-11-22 13:00:56 +00:00
SampleTest.java 8164639: Configure PKCS11 tests to use user-supplied NSS libraries 2018-08-15 18:41:18 +08:00
SecmodTest.java 8296631: NSS tests failing on OL9 linux-aarch64 hosts 2023-10-02 22:43:48 +00:00

This README is to keep a list facts and known workaround for the pkcs11 java tests
perform as a result of bugs or features in NSS or other pkcs11 libraries.

- How to get NSS libraries?
The libraries come from the following sources.

1. Specified by system property jdk.test.lib.artifacts.<NAME>
The system property, jdk.test.lib.artifacts.<NAME>, can specify an absolute path
to the local NSS library directory. The <NAME> component should be replaced with
the name element of the appropriate @Artifact class.
(See `test/jdk/sun/security/pkcs11/PKCS11Test.java`)

2. Pre-built NSS libraries from artifactory server
If the value of system property jdk.test.lib.artifacts.<NAME> is not set, the
tests will try to download pre-built NSS libraries from artifactory server.
Please note that JIB jar MUST be present in classpath when downloading the
libraries.

3. System NSS libraries
If both of the above sources are not available, the tests will try to search
for the libraries in some system paths. The paths are platform-specific. Note
that, there is no such system path on Windows and MacOSX platforms. On these
platforms, it has to use source 1 or 2.

- NSS ECC None/Basic/Extended
The tests detect the NSS library support for Elliptic Curves as to not
report incorrect failures.  PKCS11 reports back CKR_DOMAIN_PARAMS_INVALID
when the curve is not supported.

- Default libsoftokn3.so
By default PKCS11Test.java will look for libsoftokn3.so. There are a number of
tests, particularly in Secmod, that need libnss3.so.  The method useNSS() in
PKCS11test.java is to change the search and version checking to libnss3.

ECC Basic supports is secp256r1, secp384r1, and secp521r1.

- A bug in NSS 3.12 (Mozilla bug 471665) causes AES key lengths to be
read incorrectly. KeyStore/SecretKeysBasic.java tiggers this bug and
knows to avoid it.

- A number of EC tests fail because of a DER bug in NSS 3.11. The best guess
is Mozilla bug 480280.  Those tests that abort execution with a PASS result
are:  TestECDH2, TestECDSA, TestECDSA2 and TestECGenSpec.