|
1 /* |
|
2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 import sun.security.provider.MoreDrbgParameters; |
|
24 |
|
25 import java.security.DrbgParameters; |
|
26 import java.security.NoSuchAlgorithmException; |
|
27 import java.security.SecureRandom; |
|
28 import java.security.SecureRandomParameters; |
|
29 import java.security.Security; |
|
30 import java.util.ArrayList; |
|
31 import java.util.Arrays; |
|
32 import java.util.Collections; |
|
33 import java.util.List; |
|
34 import java.util.stream.Collectors; |
|
35 |
|
36 import static java.security.DrbgParameters.Capability.*; |
|
37 |
|
38 /** |
|
39 * @test |
|
40 * @bug 8051408 |
|
41 * @modules java.base/sun.security.provider |
|
42 * @summary make sure DRBG alg can be defined and instantiated freely |
|
43 */ |
|
44 public class DRBGAlg { |
|
45 |
|
46 public static void main(String[] args) throws Exception { |
|
47 |
|
48 check(null, "Hash_DRBG", "SHA-256", "reseed_only", ",128"); |
|
49 check("", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); |
|
50 check("sha-1", "Hash_DRBG", "SHA-1", "reseed_only", ",128"); |
|
51 check("sha-256", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); |
|
52 check("SHA-3"); |
|
53 check("hash_drbg", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); |
|
54 check("hmac_drbg", "HMAC_DRBG", "SHA-256", "reseed_only", ",128"); |
|
55 check("ctr_drbg", "CTR_DRBG", "AES-", "reseed_only", ",128", "use_df"); |
|
56 |
|
57 // trying all permutations |
|
58 checkPermutations( |
|
59 Collections.emptyList(), |
|
60 Arrays.asList("hash_drbg","sha-512","Pr_and_Reseed","192"), |
|
61 "Hash_DRBG", "SHA-512", "pr_and_reseed", ",192"); |
|
62 |
|
63 check("Hash_DRBG,Hmac_DRBG"); |
|
64 check("SHA-1,SHA-256"); |
|
65 check("128,256"); |
|
66 check("none,reseed_only"); |
|
67 check("use_df,no_df"); |
|
68 check("Hash_DRBG,,SHA-1"); |
|
69 |
|
70 check(null, DrbgParameters.instantiation(112, PR_AND_RESEED, null), |
|
71 "Hash_DRBG", "SHA-256", "pr_and_reseed", ",112"); |
|
72 check(null, DrbgParameters.instantiation(256, PR_AND_RESEED, null), |
|
73 "Hash_DRBG", "SHA-256", "pr_and_reseed", ",256"); |
|
74 check(null, DrbgParameters.instantiation(384, PR_AND_RESEED, null)); |
|
75 check("sha-1", DrbgParameters.instantiation(112, PR_AND_RESEED, null), |
|
76 "Hash_DRBG", "SHA-1", "pr_and_reseed", ",112"); |
|
77 check("sha-1", DrbgParameters.instantiation(192, PR_AND_RESEED, null)); |
|
78 check("hash_drbg,sha-512,Pr_and_Reseed,192", |
|
79 DrbgParameters.instantiation(112, NONE, null), |
|
80 "Hash_DRBG", "SHA-512", "reseed_only", ",112"); |
|
81 check("hash_drbg,sha-512,Pr_and_Reseed,192", |
|
82 DrbgParameters.instantiation(-1, NONE, null), |
|
83 "Hash_DRBG", "SHA-512", "reseed_only", ",192"); |
|
84 // getInstance params can be stronger than definition |
|
85 check("hash_drbg,sha-256,None,112", |
|
86 DrbgParameters.instantiation(192, PR_AND_RESEED, null), |
|
87 "Hash_DRBG", "SHA-256", "pr_and_reseed", ",192"); |
|
88 |
|
89 check("hash_drbg,sha-1", new MoreDrbgParameters( |
|
90 null, null, "sha-512", null, false, |
|
91 DrbgParameters.instantiation(-1, NONE, null)), |
|
92 "Hash_DRBG", "SHA-512"); |
|
93 check("hash_drbg,sha-1", new MoreDrbgParameters( |
|
94 null, null, null, null, false, |
|
95 DrbgParameters.instantiation(-1, NONE, null)), |
|
96 "Hash_DRBG", "SHA-1"); |
|
97 check("hash_drbg", new MoreDrbgParameters( |
|
98 null, "hmac_drbg", null, null, false, |
|
99 DrbgParameters.instantiation(-1, NONE, null)), |
|
100 "HMAC_DRBG", "SHA-256"); |
|
101 |
|
102 check("hash_drbg,sha-1", new MoreDrbgParameters( |
|
103 null, null, "sha-3", null, false, |
|
104 DrbgParameters.instantiation(-1, NONE, null))); |
|
105 check("hash_drbg,sha-1", new MoreDrbgParameters( |
|
106 null, "Unknown_DRBG", null, null, false, |
|
107 DrbgParameters.instantiation(-1, NONE, null))); |
|
108 } |
|
109 |
|
110 /** |
|
111 * Checks all permutatins of a config. This is a recursive method and |
|
112 * should be called with checkPermutations(empty,config,expected). |
|
113 * |
|
114 * @param current the current chosen aspects |
|
115 * @param remains the remaining |
|
116 * @param expected the expected effective config |
|
117 * @throws Exception when check fails |
|
118 */ |
|
119 private static void checkPermutations(List<String> current, |
|
120 List<String> remains, String... expected) throws Exception { |
|
121 if (remains.isEmpty()) { |
|
122 check(current.stream().collect(Collectors.joining(",")), expected); |
|
123 } else { |
|
124 for (String r : remains) { |
|
125 List<String> newCurrent = new ArrayList<>(current); |
|
126 newCurrent.add(r); |
|
127 List<String> newRemains = new ArrayList<>(remains); |
|
128 newRemains.remove(r); |
|
129 checkPermutations(newCurrent, newRemains, expected); |
|
130 } |
|
131 } |
|
132 } |
|
133 |
|
134 /** |
|
135 * Checks DRBG definition for getInstance(alg, params). |
|
136 * |
|
137 * @param define DRBG |
|
138 * @param params getInstance request (null if none) |
|
139 * @param expected expected actual instantiate params, empty if should fail |
|
140 */ |
|
141 static void check(String define, SecureRandomParameters params, |
|
142 String... expected) throws Exception { |
|
143 System.out.println("Testing " + define + " with " + params + "..."); |
|
144 String old = Security.getProperty("securerandom.drbg.config"); |
|
145 if (define != null) { |
|
146 Security.setProperty("securerandom.drbg.config", define); |
|
147 } |
|
148 try { |
|
149 String result = params != null ? |
|
150 SecureRandom.getInstance("DRBG", params).toString() : |
|
151 SecureRandom.getInstance("DRBG").toString(); |
|
152 System.out.println("Result " + result); |
|
153 if (expected.length == 0) { |
|
154 throw new Exception("should fail"); |
|
155 } |
|
156 for (String s : expected) { |
|
157 if (!result.contains(s)) { |
|
158 throw new Exception(result); |
|
159 } |
|
160 } |
|
161 } catch (NoSuchAlgorithmException e) { |
|
162 System.out.println("Result NSAE"); |
|
163 if (expected.length > 0) { |
|
164 throw e; |
|
165 } |
|
166 } finally { |
|
167 Security.setProperty("securerandom.drbg.config", old); |
|
168 } |
|
169 } |
|
170 |
|
171 /** |
|
172 * Checks DRBG definition for getInstance(alg). |
|
173 * |
|
174 * @param define DRBG |
|
175 * @param expected expected actual instantiate params, empty if should fail |
|
176 */ |
|
177 static void check(String define, String... expected) throws Exception { |
|
178 check(define, null, expected); |
|
179 } |
|
180 } |