1 /* 2 * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 7196382 8072452 27 * @summary Ensure that DH key pairs can be generated for 512 - 8192 bits 28 * @author Valerie Peng 29 * @library .. 30 * @modules jdk.crypto.cryptoki 31 * @run main/othervm TestDH2048 32 * @run main/othervm TestDH2048 sm 33 */ 34 35 import java.security.InvalidParameterException; 36 import java.security.KeyPair; 37 import java.security.KeyPairGenerator; 38 import java.security.Provider; 39 40 public class TestDH2048 extends PKCS11Test { 41 42 private static void checkUnsupportedKeySize(KeyPairGenerator kpg, int ks) 43 throws Exception { 44 try { 45 kpg.initialize(ks); 46 throw new Exception("Expected IPE not thrown for " + ks); 47 } catch (InvalidParameterException ipe) { 48 } 49 } 50 51 @Override 52 public void main(Provider p) throws Exception { 53 if (p.getService("KeyPairGenerator", "DH") == null) { 54 System.out.println("KPG for DH not supported, skipping"); 55 return; 56 } 57 KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", p); 58 kpg.initialize(512); 59 KeyPair kp1 = kpg.generateKeyPair(); 60 61 kpg.initialize(768); 62 kp1 = kpg.generateKeyPair(); 63 64 kpg.initialize(1024); 65 kp1 = kpg.generateKeyPair(); 66 67 kpg.initialize(1536); 68 kp1 = kpg.generateKeyPair(); 69 70 kpg.initialize(2048); 71 kp1 = kpg.generateKeyPair(); 72 73 try { 74 kpg.initialize(3072); 75 kp1 = kpg.generateKeyPair(); 76 77 kpg.initialize(4096); 78 kp1 = kpg.generateKeyPair(); 79 80 kpg.initialize(6144); 81 kp1 = kpg.generateKeyPair(); 82 83 kpg.initialize(8192); 84 kp1 = kpg.generateKeyPair(); 85 } catch (InvalidParameterException ipe) { 86 // NSS (as of version 3.13) has a hard coded maximum limit 87 // of 2236 or 3072 bits for DHE keys. 88 System.out.println("4096-bit DH key pair generation: " + ipe); 89 if (!p.getName().equals("SunPKCS11-NSS")) { 90 throw ipe; 91 } 92 } 93 94 // key size must be multiples of 64 though 95 checkUnsupportedKeySize(kpg, 2048 + 63); 96 checkUnsupportedKeySize(kpg, 3072 + 32); 97 } 98 99 public static void main(String[] args) throws Exception { 100 main(new TestDH2048(), args); 101 } 102 }