--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7196382 8072452
+ * @summary Ensure that DH key pairs can be generated for 512 - 8192 bits
+ * @author Valerie Peng
+ * @library ..
+ * @modules jdk.crypto.cryptoki
+ * @run main/othervm TestDH2048
+ * @run main/othervm TestDH2048 sm
+ */
+
+import java.security.InvalidParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+
+public class TestDH2048 extends PKCS11Test {
+
+ private static void checkUnsupportedKeySize(KeyPairGenerator kpg, int ks)
+ throws Exception {
+ try {
+ kpg.initialize(ks);
+ throw new Exception("Expected IPE not thrown for " + ks);
+ } catch (InvalidParameterException ipe) {
+ }
+ }
+
+ @Override
+ public void main(Provider p) throws Exception {
+ if (p.getService("KeyPairGenerator", "DH") == null) {
+ System.out.println("KPG for DH not supported, skipping");
+ return;
+ }
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", p);
+ kpg.initialize(512);
+ KeyPair kp1 = kpg.generateKeyPair();
+
+ kpg.initialize(768);
+ kp1 = kpg.generateKeyPair();
+
+ kpg.initialize(1024);
+ kp1 = kpg.generateKeyPair();
+
+ kpg.initialize(1536);
+ kp1 = kpg.generateKeyPair();
+
+ kpg.initialize(2048);
+ kp1 = kpg.generateKeyPair();
+
+ try {
+ kpg.initialize(3072);
+ kp1 = kpg.generateKeyPair();
+
+ kpg.initialize(4096);
+ kp1 = kpg.generateKeyPair();
+
+ kpg.initialize(6144);
+ kp1 = kpg.generateKeyPair();
+
+ kpg.initialize(8192);
+ kp1 = kpg.generateKeyPair();
+ } catch (InvalidParameterException ipe) {
+ // NSS (as of version 3.13) has a hard coded maximum limit
+ // of 2236 or 3072 bits for DHE keys.
+ System.out.println("4096-bit DH key pair generation: " + ipe);
+ if (!p.getName().equals("SunPKCS11-NSS")) {
+ throw ipe;
+ }
+ }
+
+ // key size must be multiples of 64 though
+ checkUnsupportedKeySize(kpg, 2048 + 63);
+ checkUnsupportedKeySize(kpg, 3072 + 32);
+ }
+
+ public static void main(String[] args) throws Exception {
+ main(new TestDH2048(), args);
+ }
+}