8075286: Additional tests for signature algorithm OIDs and transformation string
Summary: SQE test co-location effort
Reviewed-by: valeriep
Contributed-by: sha.jiang@oracle.com
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/crypto/provider/NSASuiteB/TestAESOids.java Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,194 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import static javax.crypto.Cipher.ENCRYPT_MODE;
+import static javax.crypto.Cipher.getMaxAllowedKeyLength;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the AES algorithm OIDs in JDK.
+ * OID and Algorithm transformation string should match.
+ * Both could be able to be used to generate the algorithm instance.
+ * @run main TestAESOids
+ */
+public class TestAESOids {
+
+ private static final String PROVIDER_NAME = "SunJCE";
+ private static final byte[] INPUT = "1234567890123456".getBytes();
+
+ private static final List<DataTuple> DATA = Arrays.asList(
+ new DataTuple("2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding",
+ 128, "ECB"),
+ new DataTuple("2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding",
+ 128, "CBC"),
+ new DataTuple("2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding",
+ 128, "OFB"),
+ new DataTuple("2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding",
+ 128, "CFB"),
+ new DataTuple("2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding",
+ 192, "ECB"),
+ new DataTuple("2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding",
+ 192, "CBC"),
+ new DataTuple("2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding",
+ 192, "OFB"),
+ new DataTuple("2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding",
+ 192, "CFB"),
+ new DataTuple("2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding",
+ 256, "ECB"),
+ new DataTuple("2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding",
+ 256, "CBC"),
+ new DataTuple("2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding",
+ 256, "OFB"),
+ new DataTuple("2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding",
+ 256, "CFB"));
+
+ public static void main(String[] args) throws Exception {
+ for (DataTuple dataTuple : DATA) {
+ int maxAllowedKeyLength =
+ getMaxAllowedKeyLength(dataTuple.algorithm);
+ boolean supportedKeyLength =
+ maxAllowedKeyLength >= dataTuple.keyLength;
+
+ try {
+ runTest(dataTuple, supportedKeyLength);
+ System.out.println("passed");
+ } catch (InvalidKeyException ike) {
+ if (supportedKeyLength) {
+ throw new RuntimeException(String.format(
+ "The key length %d is supported, but test failed.",
+ dataTuple.keyLength), ike);
+ } else {
+ System.out.printf(
+ "Catch expected InvalidKeyException due "
+ + "to the key length %d is greater than "
+ + "max supported key length %d%n",
+ dataTuple.keyLength, maxAllowedKeyLength);
+ }
+ }
+ }
+ }
+
+ private static void runTest(DataTuple dataTuple,
+ boolean supportedKeyLength) throws NoSuchAlgorithmException,
+ NoSuchProviderException, NoSuchPaddingException,
+ InvalidKeyException, ShortBufferException,
+ IllegalBlockSizeException, BadPaddingException,
+ InvalidAlgorithmParameterException {
+ Cipher algorithmCipher = Cipher.getInstance(dataTuple.algorithm,
+ PROVIDER_NAME);
+ Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
+
+ if (algorithmCipher == null) {
+ throw new RuntimeException(
+ String.format("Test failed: algorithm string %s getInstance"
+ + " failed.%n", dataTuple.algorithm));
+ }
+
+ if (oidCipher == null) {
+ throw new RuntimeException(
+ String.format("Test failed: OID %s getInstance failed.%n",
+ dataTuple.oid));
+ }
+
+ if (!algorithmCipher.getAlgorithm().equals(dataTuple.algorithm)) {
+ throw new RuntimeException(String.format(
+ "Test failed: algorithm string %s getInstance "
+ + "doesn't generate expected algorithm.%n",
+ dataTuple.algorithm));
+ }
+
+ KeyGenerator kg = KeyGenerator.getInstance("AES");
+ kg.init(dataTuple.keyLength);
+ SecretKey key = kg.generateKey();
+
+ // encrypt
+ algorithmCipher.init(ENCRYPT_MODE, key);
+ if (!supportedKeyLength) {
+ throw new RuntimeException(String.format(
+ "The key length %d is not supported, so the initialization "
+ + "of algorithmCipher should fail.%n",
+ dataTuple.keyLength));
+ }
+
+ byte[] cipherText = new byte[algorithmCipher.getOutputSize(INPUT.length)];
+ int offset = algorithmCipher.update(INPUT, 0, INPUT.length,
+ cipherText, 0);
+ algorithmCipher.doFinal(cipherText, offset);
+
+ AlgorithmParameterSpec aps = null;
+ if (!dataTuple.mode.equalsIgnoreCase("ECB")) {
+ aps = new IvParameterSpec(algorithmCipher.getIV());
+ }
+
+ oidCipher.init(Cipher.DECRYPT_MODE, key, aps);
+ if (!supportedKeyLength) {
+ throw new RuntimeException(String.format(
+ "The key length %d is not supported, so the "
+ + "initialization of oidCipher should fail.%n",
+ dataTuple.keyLength));
+ }
+
+ byte[] recoveredText = new byte[oidCipher.getOutputSize(cipherText.length)];
+ oidCipher.doFinal(cipherText, 0, cipherText.length, recoveredText);
+
+ // Comparison
+ if (!Arrays.equals(INPUT, recoveredText)) {
+ throw new RuntimeException(
+ "Decrypted data is not the same as the original text");
+ }
+ }
+
+ private static class DataTuple {
+
+ private final String oid;
+ private final String algorithm;
+ private final int keyLength;
+ private final String mode;
+
+ private DataTuple(String oid, String algorithm, int keyLength,
+ String mode) {
+ this.oid = oid;
+ this.algorithm = algorithm;
+ this.keyLength = keyLength;
+ this.mode = mode;
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import static javax.crypto.Cipher.getMaxAllowedKeyLength;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the AESWrap algorithm OIDs in JDK.
+ * OID and Algorithm transformation string should match.
+ * Both could be able to be used to generate the algorithm instance.
+ * @run main TestAESWrapOids
+ */
+public class TestAESWrapOids {
+
+ private static final String PROVIDER_NAME = "SunJCE";
+
+ private static final List<DataTuple> DATA = Arrays.asList(
+ new DataTuple("2.16.840.1.101.3.4.1.5", "AESWrap_128", 128),
+ new DataTuple("2.16.840.1.101.3.4.1.25", "AESWrap_192", 192),
+ new DataTuple("2.16.840.1.101.3.4.1.45", "AESWrap_256", 256));
+
+ public static void main(String[] args) throws Exception {
+ for (DataTuple dataTuple : DATA) {
+ int maxAllowedKeyLength = getMaxAllowedKeyLength(
+ dataTuple.algorithm);
+ boolean supportedKeyLength =
+ maxAllowedKeyLength >= dataTuple.keyLength;
+
+ try {
+ runTest(dataTuple, supportedKeyLength);
+ System.out.println("passed");
+ } catch (InvalidKeyException ike) {
+ if (supportedKeyLength) {
+ throw new RuntimeException(String.format(
+ "The key length %d is supported, but test failed.",
+ dataTuple.keyLength), ike);
+ } else {
+ System.out.printf(
+ "Catch expected InvalidKeyException "
+ + "due to the key length %d is greater "
+ + "than max supported key length %d%n",
+ dataTuple.keyLength, maxAllowedKeyLength);
+ }
+ }
+ }
+ }
+
+ private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ NoSuchPaddingException, InvalidKeyException,
+ IllegalBlockSizeException {
+ Cipher algorithmCipher = Cipher.getInstance(
+ dataTuple.algorithm, PROVIDER_NAME);
+ Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
+
+ if (algorithmCipher == null) {
+ throw new RuntimeException(String.format(
+ "Test failed: algorithm string %s getInstance failed.%n",
+ dataTuple.algorithm));
+ }
+
+ if (oidCipher == null) {
+ throw new RuntimeException(
+ String.format("Test failed: OID %s getInstance failed.%n",
+ dataTuple.oid));
+ }
+
+ if (!algorithmCipher.getAlgorithm().equals(
+ dataTuple.algorithm)) {
+ throw new RuntimeException(String.format(
+ "Test failed: algorithm string %s getInstance "
+ + "doesn't generate expected algorithm.%n",
+ dataTuple.oid));
+ }
+
+ KeyGenerator kg = KeyGenerator.getInstance("AES");
+ kg.init(dataTuple.keyLength);
+ SecretKey key = kg.generateKey();
+
+ // Wrap the key
+ algorithmCipher.init(Cipher.WRAP_MODE, key);
+ if (!supportedKeyLength) {
+ throw new RuntimeException(String.format(
+ "The key length %d is not supported, so the initialization"
+ + " of algorithmCipher should fail.%n",
+ dataTuple.keyLength));
+ }
+
+ // Unwrap the key
+ oidCipher.init(Cipher.UNWRAP_MODE, key);
+ if (!supportedKeyLength) {
+ throw new RuntimeException(String.format(
+ "The key length %d is not supported, so the initialization"
+ + " of oidCipher should fail.%n",
+ dataTuple.keyLength));
+ }
+
+ byte[] keyWrapper = algorithmCipher.wrap(key);
+ Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
+ Cipher.SECRET_KEY);
+
+ // Comparison
+ if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
+ throw new RuntimeException("Key comparison failed");
+ }
+ }
+
+ private static class DataTuple {
+
+ private final String oid;
+ private final String algorithm;
+ private final int keyLength;
+
+ private DataTuple(String oid, String algorithm, int keyLength) {
+ this.oid = oid;
+ this.algorithm = algorithm;
+ this.keyLength = keyLength;
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the HmacSHA algorithm OIDs in JDK.
+ * OID and Algorithm transformation string should match.
+ * Both could be able to be used to generate the algorithm instance.
+ * @run main TestHmacSHAOids
+ */
+public class TestHmacSHAOids {
+
+ private static final String PROVIDER_NAME = "SunJCE";
+ private static final byte[] INPUT = "1234567890".getBytes();
+
+ private static final List<DataTuple> DATA = Arrays.asList(
+ new DataTuple("1.2.840.113549.2.7", "HmacSHA1"),
+ new DataTuple("1.2.840.113549.2.8", "HmacSHA224"),
+ new DataTuple("1.2.840.113549.2.9", "HmacSHA256"),
+ new DataTuple("1.2.840.113549.2.10", "HmacSHA384"),
+ new DataTuple("1.2.840.113549.2.11", "HmacSHA512"));
+
+ public static void main(String[] args) throws Exception {
+ for (DataTuple dataTuple : DATA) {
+ runTest(dataTuple);
+ System.out.println("passed");
+ }
+ System.out.println("All tests passed");
+ }
+
+ private static void runTest(DataTuple dataTuple)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidKeyException {
+ Mac mcAlgorithm = Mac.getInstance(dataTuple.algorithm,
+ PROVIDER_NAME);
+ Mac mcOid = Mac.getInstance(dataTuple.oid, PROVIDER_NAME);
+
+ if (mcAlgorithm == null) {
+ throw new RuntimeException(String.format(
+ "Test failed: Mac using algorithm "
+ + "string %s getInstance failed.%n",
+ dataTuple.algorithm));
+ }
+
+ if (mcOid == null) {
+ throw new RuntimeException(String.format(
+ "Test failed: Mac using OID %s getInstance failed.%n",
+ dataTuple.oid));
+ }
+
+ if (!mcAlgorithm.getAlgorithm().equals(dataTuple.algorithm)) {
+ throw new RuntimeException(String.format(
+ "Test failed: Mac using algorithm string %s getInstance "
+ + "doesn't generate expected algorithm.%n",
+ dataTuple.algorithm));
+ }
+
+ KeyGenerator kg = KeyGenerator.getInstance(dataTuple.algorithm,
+ PROVIDER_NAME);
+ SecretKey key = kg.generateKey();
+
+ mcAlgorithm.init(key);
+ mcAlgorithm.update(INPUT);
+
+ mcOid.init(key);
+ mcOid.update(INPUT);
+
+ // Comparison
+ if (!Arrays.equals(mcAlgorithm.doFinal(), mcOid.doFinal())) {
+ throw new RuntimeException("Digest comparison failed: "
+ + "the two MACs are not the same");
+ }
+ }
+
+ private static class DataTuple {
+
+ private final String oid;
+ private final String algorithm;
+
+ private DataTuple(String oid, String algorithm) {
+ this.oid = oid;
+ this.algorithm = algorithm;
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/TestSignatureOidHelper.java Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.util.List;
+
+/*
+ * Utilities for testing the signature algorithm OIDs.
+ */
+public class TestSignatureOidHelper {
+
+ private static final byte[] INPUT = "1234567890".getBytes();
+
+ private final String algorithm;
+
+ private final String provider;
+
+ private final int keySize;
+
+ private final List<OidAlgorithmPair> data;
+
+ public TestSignatureOidHelper(String algorithm, String provider,
+ int keySize, List<OidAlgorithmPair> data) {
+ this.algorithm = algorithm;
+ this.provider = provider;
+ this.keySize = keySize;
+ this.data = data;
+ }
+
+ public void execute() throws Exception {
+ KeyPair keyPair = createKeyPair();
+ for (OidAlgorithmPair oidAlgorithmPair : data) {
+ runTest(oidAlgorithmPair, keyPair);
+ System.out.println("passed");
+ }
+ System.out.println("All tests passed");
+ }
+
+ private KeyPair createKeyPair()
+ throws NoSuchAlgorithmException, NoSuchProviderException {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm,
+ provider);
+ keyGen.initialize(keySize);
+ return keyGen.generateKeyPair();
+ }
+
+ private void runTest(OidAlgorithmPair oidAlgorithmPair, KeyPair keyPair)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidKeyException, SignatureException {
+ Signature sgAlgorithm =
+ Signature.getInstance(oidAlgorithmPair.algorithm, provider);
+ Signature sgOid = Signature.getInstance(oidAlgorithmPair.oid, provider);
+
+ if (sgAlgorithm == null) {
+ throw new RuntimeException(String.format(
+ "Test failed: algorithm string %s getInstance failed.%n",
+ oidAlgorithmPair.algorithm));
+ }
+
+ if (sgOid == null) {
+ throw new RuntimeException(
+ String.format("Test failed: OID %s getInstance failed.%n",
+ oidAlgorithmPair.oid));
+ }
+
+ if (!sgAlgorithm.getAlgorithm().equals(oidAlgorithmPair.algorithm)) {
+ throw new RuntimeException(String.format(
+ "Test failed: algorithm string %s getInstance "
+ + "doesn't generate expected algorithm.%n",
+ oidAlgorithmPair.algorithm));
+ }
+
+ sgAlgorithm.initSign(keyPair.getPrivate());
+ sgAlgorithm.update(INPUT);
+ sgOid.initVerify(keyPair.getPublic());
+ sgOid.update(INPUT);
+ if (!sgOid.verify(sgAlgorithm.sign())) {
+ throw new RuntimeException(
+ "Signature verification failed unexpectedly");
+ }
+ }
+}
+
+class OidAlgorithmPair {
+
+ public final String oid;
+ public final String algorithm;
+
+ public OidAlgorithmPair(String oid, String algorithm) {
+ this.oid = oid;
+ this.algorithm = algorithm;
+ }
+
+ @Override
+ public String toString() {
+ return "[oid=" + oid + ", algorithm=" + algorithm + "]";
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.util.Arrays;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the SHAwithECDSA signature algorithm OIDs in JDK.
+ * OID and algorithm transformation string should match.
+ * Both could be able to be used to generate the algorithm instance.
+ * @compile ../../TestSignatureOidHelper.java
+ * @run main TestSHAwithECDSASignatureOids
+ */
+public class TestSHAwithECDSASignatureOids {
+
+ private static final List<OidAlgorithmPair> DATA = Arrays.asList(
+ new OidAlgorithmPair("1.2.840.10045.4.1", "SHA1withECDSA"),
+ new OidAlgorithmPair("1.2.840.10045.4.3.1", "SHA224withECDSA"),
+ new OidAlgorithmPair("1.2.840.10045.4.3.2", "SHA256withECDSA"),
+ new OidAlgorithmPair("1.2.840.10045.4.3.3", "SHA384withECDSA"),
+ new OidAlgorithmPair("1.2.840.10045.4.3.4", "SHA512withECDSA"));
+
+ public static void main(String[] args) throws Exception {
+ TestSignatureOidHelper helper = new TestSignatureOidHelper("EC",
+ "SunEC", 256, DATA);
+ helper.execute();
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.AlgorithmParameterGenerator;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.DSAGenParameterSpec;
+import java.security.spec.DSAParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.Arrays;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Verify that DSAGenParameterSpec can and can only be used to generate
+ * DSA within some certain range of key sizes as described in the class
+ * specification (L, N) as (1024, 160), (2048, 224), (2048, 256) and
+ * (3072, 256) should be OK for DSAGenParameterSpec. But the real
+ * implementation SUN doesn't support (3072, 256).
+ * @run main TestDSAGenParameterSpec
+ */
+public class TestDSAGenParameterSpec {
+
+ private static final String ALGORITHM_NAME = "DSA";
+ private static final String PROVIDER_NAME = "SUN";
+
+ private static final List<DataTuple> DATA = Arrays.asList(
+ new DataTuple(1024, 160, true, true),
+ new DataTuple(2048, 224, true, true),
+ new DataTuple(2048, 256, true, true),
+ new DataTuple(3072, 256, true, false),
+ new DataTuple(1024, 224),
+ new DataTuple(2048, 160),
+ new DataTuple(4096, 256),
+ new DataTuple(512, 160),
+ new DataTuple(3072, 224));
+
+ private static void testDSAGenParameterSpec(DataTuple dataTuple)
+ throws NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidParameterSpecException, InvalidAlgorithmParameterException {
+ System.out.printf("Test case: primePLen=%d, " + "subprimeQLen=%d%n",
+ dataTuple.primePLen, dataTuple.subprimeQLen);
+
+ AlgorithmParameterGenerator apg =
+ AlgorithmParameterGenerator.getInstance(ALGORITHM_NAME,
+ PROVIDER_NAME);
+
+ DSAGenParameterSpec genParamSpec = createGenParameterSpec(dataTuple);
+ // genParamSpec will be null if IllegalAE is thrown when expected.
+ if (genParamSpec == null) {
+ return;
+ }
+
+ try {
+ apg.init(genParamSpec, null);
+ AlgorithmParameters param = apg.generateParameters();
+
+ checkParam(param, genParamSpec);
+ System.out.println("Test case passed");
+ } catch (InvalidParameterException ipe) {
+ // The DSAGenParameterSpec API support this, but the real
+ // implementation in SUN doesn't
+ if (!dataTuple.isSunProviderSupported) {
+ System.out.println("Test case passed: expected "
+ + "InvalidParameterException is caught");
+ } else {
+ throw new RuntimeException("Test case failed.", ipe);
+ }
+ }
+ }
+
+ private static void checkParam(AlgorithmParameters param,
+ DSAGenParameterSpec genParam) throws InvalidParameterSpecException,
+ NoSuchAlgorithmException, NoSuchProviderException,
+ InvalidAlgorithmParameterException {
+ String algorithm = param.getAlgorithm();
+ if (!algorithm.equalsIgnoreCase(ALGORITHM_NAME)) {
+ throw new RuntimeException(
+ "Unexpected type of parameters: " + algorithm);
+ }
+
+ DSAParameterSpec spec = param.getParameterSpec(DSAParameterSpec.class);
+ int valueL = spec.getP().bitLength();
+ int strengthP = genParam.getPrimePLength();
+ if (strengthP != valueL) {
+ System.out.printf("P: Expected %d but actual %d%n", strengthP,
+ valueL);
+ throw new RuntimeException("Wrong P strength");
+ }
+
+ int valueN = spec.getQ().bitLength();
+ int strengthQ = genParam.getSubprimeQLength();
+ if (strengthQ != valueN) {
+ System.out.printf("Q: Expected %d but actual %d%n", strengthQ,
+ valueN);
+ throw new RuntimeException("Wrong Q strength");
+ }
+
+ if (genParam.getSubprimeQLength() != genParam.getSeedLength()) {
+ System.out.println("Defaut seed length should be the same as Q.");
+ throw new RuntimeException("Wrong seed length");
+ }
+
+ // use the parameters to generate real DSA keys
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM_NAME,
+ PROVIDER_NAME);
+ keyGen.initialize(spec);
+ keyGen.generateKeyPair();
+ }
+
+ private static DSAGenParameterSpec createGenParameterSpec(
+ DataTuple dataTuple) {
+ DSAGenParameterSpec genParamSpec = null;
+ try {
+ genParamSpec = new DSAGenParameterSpec(dataTuple.primePLen,
+ dataTuple.subprimeQLen);
+ if (!dataTuple.isDSASpecSupported) {
+ throw new RuntimeException(
+ "Test case failed: the key length must not supported");
+ }
+ } catch (IllegalArgumentException e) {
+ if (!dataTuple.isDSASpecSupported) {
+ System.out.println("Test case passed: expected "
+ + "IllegalArgumentException is caught");
+ } else {
+ throw new RuntimeException("Test case failed: unexpected "
+ + "IllegalArgumentException is thrown", e);
+ }
+ }
+
+ return genParamSpec;
+ }
+
+ public static void main(String[] args) throws Exception {
+ for (DataTuple dataTuple : DATA) {
+ testDSAGenParameterSpec(dataTuple);
+ }
+ System.out.println("All tests passed");
+ }
+
+ private static class DataTuple {
+
+ private int primePLen;
+ private int subprimeQLen;
+ private boolean isDSASpecSupported;
+ private boolean isSunProviderSupported;
+
+ private DataTuple(int primePLen, int subprimeQLen,
+ boolean isDSASpecSupported, boolean isSunProviderSupported) {
+ this.primePLen = primePLen;
+ this.subprimeQLen = subprimeQLen;
+ this.isDSASpecSupported = isDSASpecSupported;
+ this.isSunProviderSupported = isSunProviderSupported;
+ }
+
+ private DataTuple(int primePLen, int subprimeQLen) {
+ this(primePLen, subprimeQLen, false, false);
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/provider/NSASuiteB/TestSHAOids.java Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the SHA algorithm OIDs in JDK.
+ * OID and algorithm transformation string should match.
+ * Both could be able to be used to generate the algorithm instance.
+ * @run main TestSHAOids
+ */
+public class TestSHAOids {
+
+ private static final String PROVIDER_NAME = "SUN";
+ private static final byte[] INPUT = "1234567890".getBytes();
+
+ private static final List<DataTuple> DATA = Arrays.asList(
+ new DataTuple("2.16.840.1.101.3.4.2.1", "SHA-256"),
+ new DataTuple("2.16.840.1.101.3.4.2.2", "SHA-384"),
+ new DataTuple("2.16.840.1.101.3.4.2.3", "SHA-512"),
+ new DataTuple("2.16.840.1.101.3.4.2.4", "SHA-224"));
+
+ public static void main(String[] args) throws Exception {
+ for (DataTuple dataTuple : DATA) {
+ runTest(dataTuple);
+ System.out.println("passed");
+ }
+ System.out.println("All tests passed");
+ }
+
+ private static void runTest(DataTuple dataTuple)
+ throws NoSuchAlgorithmException, NoSuchProviderException {
+ MessageDigest mdAlgorithm = MessageDigest.getInstance(
+ dataTuple.algorithm, PROVIDER_NAME);
+ MessageDigest mdOid = MessageDigest.getInstance(dataTuple.oid,
+ PROVIDER_NAME);
+
+ if (mdAlgorithm == null) {
+ throw new RuntimeException(String.format(
+ "Test failed: algorithm string %s getInstance failed.%n",
+ dataTuple.algorithm));
+ }
+
+ if (mdOid == null) {
+ throw new RuntimeException(
+ String.format("Test failed: OID %s getInstance failed.%n",
+ dataTuple.oid));
+ }
+
+ if (!mdAlgorithm.getAlgorithm().equals(dataTuple.algorithm)) {
+ throw new RuntimeException(String.format(
+ "Test failed: algorithm string %s getInstance doesn't "
+ + "generate expected algorithm.%n",
+ dataTuple.algorithm));
+ }
+
+ mdAlgorithm.update(INPUT);
+ mdOid.update(INPUT);
+
+ // Comparison
+ if (!Arrays.equals(mdAlgorithm.digest(), mdOid.digest())) {
+ throw new RuntimeException("Digest comparison failed: "
+ + "the two digests are not the same");
+ }
+ }
+
+ private static class DataTuple {
+
+ private final String oid;
+ private final String algorithm;
+
+ private DataTuple(String oid, String algorithm) {
+ this.oid = oid;
+ this.algorithm = algorithm;
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.util.Arrays;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the SHAwithDSA signature algorithm OIDs in JDK.
+ * OID and algorithm transformation string should match.
+ * Both could be able to be used to generate the algorithm instance.
+ * @compile ../../TestSignatureOidHelper.java
+ * @run main TestSHAwithDSASignatureOids
+ */
+public class TestSHAwithDSASignatureOids {
+
+ private static final List<OidAlgorithmPair> DATA = Arrays.asList(
+ new OidAlgorithmPair("2.16.840.1.101.3.4.3.1", "SHA224withDSA"),
+ new OidAlgorithmPair("2.16.840.1.101.3.4.3.2", "SHA256withDSA"));
+
+ public static void main(String[] args) throws Exception {
+ TestSignatureOidHelper helper = new TestSignatureOidHelper("DSA",
+ "SUN", 1024, DATA);
+ helper.execute();
+ }
+}