1 /* 2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6316539 8136355 27 * @summary Basic tests for TlsRsaPremasterSecret generator 28 * @author Andreas Sterbenz 29 * @library .. 30 * @modules java.base/sun.security.internal.spec 31 * jdk.crypto.token 32 * @run main/othervm TestPremaster 33 * @run main/othervm TestPremaster sm policy 34 */ 35 36 import java.security.Provider; 37 import java.security.InvalidAlgorithmParameterException; 38 import javax.crypto.KeyGenerator; 39 import javax.crypto.SecretKey; 40 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; 41 42 public class TestPremaster extends PKCS11Test { 43 44 public static void main(String[] args) throws Exception { 45 main(new TestPremaster(), args); 46 } 47 48 @Override 49 public void main(Provider provider) throws Exception { 50 if (provider.getService( 51 "KeyGenerator", "SunTlsRsaPremasterSecret") == null) { 52 System.out.println("Not supported by provider, skipping"); 53 return; 54 } 55 KeyGenerator kg; 56 kg = KeyGenerator.getInstance("SunTlsRsaPremasterSecret", provider); 57 58 try { 59 kg.generateKey(); 60 throw new Exception("no exception"); 61 } catch (IllegalStateException e) { 62 System.out.println("OK: " + e); 63 } 64 65 int[] protocolVersions = {0x0300, 0x0301, 0x0302}; 66 for (int clientVersion : protocolVersions) { 67 for (int serverVersion : protocolVersions) { 68 test(kg, clientVersion, serverVersion); 69 if (serverVersion >= clientVersion) { 70 break; 71 } 72 } 73 } 74 75 System.out.println("Done."); 76 } 77 78 private static void test(KeyGenerator kg, 79 int clientVersion, int serverVersion) throws Exception { 80 81 System.out.printf( 82 "Testing RSA pre-master secret key generation between " + 83 "client (0x%04X) and server(0x%04X)%n", 84 clientVersion, serverVersion); 85 try { 86 kg.init(new TlsRsaPremasterSecretParameterSpec( 87 clientVersion, serverVersion)); 88 } catch (InvalidAlgorithmParameterException iape) { 89 // S12 removed support for SSL v3.0 90 if (clientVersion == 0x300 || serverVersion == 0x300) { 91 System.out.println("Skip testing SSLv3 due to no support"); 92 return; 93 } 94 // unexpected, pass it up 95 throw iape; 96 } 97 SecretKey key = kg.generateKey(); 98 byte[] encoded = key.getEncoded(); 99 if (encoded != null) { // raw key material may be not extractable 100 if (encoded.length != 48) { 101 throw new Exception("length: " + encoded.length); 102 } 103 int v = versionOf(encoded[0], encoded[1]); 104 if (clientVersion != v) { 105 if (serverVersion != v || clientVersion >= 0x0302) { 106 throw new Exception(String.format( 107 "version mismatch: (0x%04X) rather than (0x%04X) " + 108 "is used in pre-master secret", v, clientVersion)); 109 } 110 System.out.printf("Use compatible version (0x%04X)%n", v); 111 } 112 System.out.println("Passed, version matches!"); 113 } else { 114 System.out.println("Raw key material is not extractable"); 115 } 116 } 117 118 private static int versionOf(int major, int minor) { 119 return ((major & 0xFF) << 8) | (minor & 0xFF); 120 } 121 122 }