1 /* 2 * Copyright (c) 2006, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 6405536 6414980 27 * @summary Basic consistency test for all curves using ECDSA and ECDH 28 * @author Andreas Sterbenz 29 * @library .. 30 * @modules jdk.crypto.cryptoki/sun.security.pkcs11.wrapper 31 * @compile --add-modules jdk.crypto.cryptoki TestCurves.java 32 * @run main/othervm TestCurves 33 * @run main/othervm TestCurves sm 34 * @key randomness 35 */ 36 37 import java.security.KeyPair; 38 import java.security.KeyPairGenerator; 39 import java.security.Provider; 40 import java.security.ProviderException; 41 import java.security.Signature; 42 import java.security.spec.ECParameterSpec; 43 import java.util.Arrays; 44 import java.util.List; 45 import java.util.Random; 46 import javax.crypto.KeyAgreement; 47 48 public class TestCurves extends PKCS11Test { 49 50 public static void main(String[] args) throws Exception { 51 main(new TestCurves(), args); 52 } 53 54 @Override 55 public void main(Provider p) throws Exception { 56 if (p.getService("KeyAgreement", "ECDH") == null) { 57 System.out.println("Not supported by provider, skipping"); 58 return; 59 } 60 61 if (isBadNSSVersion(p)) { 62 return; 63 } 64 65 if (isBadSolarisSparc(p)) { 66 return; 67 } 68 69 // Check if this is sparc for later failure avoidance. 70 boolean sparc = false; 71 if (props.getProperty("os.arch").equals("sparcv9")) { 72 sparc = true; 73 System.out.println("This is a sparcv9"); 74 } 75 76 Random random = new Random(); 77 byte[] data = new byte[2048]; 78 random.nextBytes(data); 79 80 List<ECParameterSpec> curves = getKnownCurves(p); 81 for (ECParameterSpec params : curves) { 82 System.out.println("Testing " + params + "..."); 83 KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p); 84 kpg.initialize(params); 85 KeyPair kp1, kp2; 86 87 kp1 = kpg.generateKeyPair(); 88 kp2 = kpg.generateKeyPair(); 89 90 testSigning(p, "SHA1withECDSA", data, kp1, kp2); 91 // Check because Solaris ncp driver does not support these but 92 // Solaris metaslot causes them to be run. 93 try { 94 testSigning(p, "SHA224withECDSA", data, kp1, kp2); 95 testSigning(p, "SHA256withECDSA", data, kp1, kp2); 96 testSigning(p, "SHA384withECDSA", data, kp1, kp2); 97 testSigning(p, "SHA512withECDSA", data, kp1, kp2); 98 } catch (ProviderException e) { 99 if (sparc) { 100 Throwable t = e.getCause(); 101 if (t instanceof sun.security.pkcs11.wrapper.PKCS11Exception && 102 t.getMessage().equals("CKR_ATTRIBUTE_VALUE_INVALID")) { 103 System.out.print("-Failure not uncommon. Probably pre-T4."); 104 } else { 105 throw e; 106 } 107 } else { 108 throw e; 109 } 110 } 111 System.out.println(); 112 113 KeyAgreement ka1 = KeyAgreement.getInstance("ECDH", p); 114 ka1.init(kp1.getPrivate()); 115 ka1.doPhase(kp2.getPublic(), true); 116 byte[] secret1 = ka1.generateSecret(); 117 118 KeyAgreement ka2 = KeyAgreement.getInstance("ECDH", p); 119 ka2.init(kp2.getPrivate()); 120 ka2.doPhase(kp1.getPublic(), true); 121 byte[] secret2 = ka2.generateSecret(); 122 123 if (Arrays.equals(secret1, secret2) == false) { 124 throw new Exception("Secrets do not match"); 125 } 126 } 127 128 System.out.println("OK"); 129 } 130 131 private static void testSigning(Provider p, String algorithm, 132 byte[] data, KeyPair kp1, KeyPair kp2) throws Exception { 133 System.out.print(" " + algorithm); 134 Signature s = Signature.getInstance(algorithm, p); 135 s.initSign(kp1.getPrivate()); 136 s.update(data); 137 byte[] sig = s.sign(); 138 139 s = Signature.getInstance(algorithm, p); 140 s.initVerify(kp1.getPublic()); 141 s.update(data); 142 boolean r = s.verify(sig); 143 if (r == false) { 144 throw new Exception("Signature did not verify"); 145 } 146 147 s.initVerify(kp2.getPublic()); 148 s.update(data); 149 r = s.verify(sig); 150 if (r) { 151 throw new Exception("Signature should not verify"); 152 } 153 } 154 }