1 /* 2 * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 6405536 6414980 27 * @summary Basic consistency test for all curves using ECDSA and ECDH 28 * @author Andreas Sterbenz 29 * @library .. 30 * @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper 31 * @compile -XDignore.symbol.file TestCurves.java 32 * @run main TestCurves 33 * @key randomness 34 */ 35 36 import java.util.*; 37 38 import java.security.*; 39 import java.security.spec.*; 40 41 import javax.crypto.*; 42 43 public class TestCurves extends PKCS11Test { 44 45 public static void main(String[] args) throws Exception { 46 main(new TestCurves()); 47 } 48 49 public void main(Provider p) throws Exception { 50 if (p.getService("KeyAgreement", "ECDH") == null) { 51 System.out.println("Not supported by provider, skipping"); 52 return; 53 } 54 55 if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) { 56 System.out.println("NSS 3.11 has a DER issue that recent " + 57 "version do not."); 58 return; 59 } 60 61 // Check if this is sparc for later failure avoidance. 62 boolean sparc = false; 63 if (System.getProperty("os.arch").equals("sparcv9")) { 64 sparc = true; 65 System.out.println("This is a sparcv9"); 66 } 67 68 Random random = new Random(); 69 byte[] data = new byte[2048]; 70 random.nextBytes(data); 71 72 Vector<ECParameterSpec> curves = getKnownCurves(p); 73 for (ECParameterSpec params : curves) { 74 System.out.println("Testing " + params + "..."); 75 KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p); 76 kpg.initialize(params); 77 KeyPair kp1, kp2; 78 79 kp1 = kpg.generateKeyPair(); 80 kp2 = kpg.generateKeyPair(); 81 82 testSigning(p, "SHA1withECDSA", data, kp1, kp2); 83 // Check because Solaris ncp driver does not support these but 84 // Solaris metaslot causes them to be run. 85 try { 86 testSigning(p, "SHA224withECDSA", data, kp1, kp2); 87 testSigning(p, "SHA256withECDSA", data, kp1, kp2); 88 testSigning(p, "SHA384withECDSA", data, kp1, kp2); 89 testSigning(p, "SHA512withECDSA", data, kp1, kp2); 90 } catch (ProviderException e) { 91 if (sparc) { 92 Throwable t = e.getCause(); 93 if (t instanceof sun.security.pkcs11.wrapper.PKCS11Exception && 94 t.getMessage().equals("CKR_ATTRIBUTE_VALUE_INVALID")) { 95 System.out.print("-Failure not uncommon. Probably pre-T4."); 96 } else { 97 throw e; 98 } 99 } else { 100 throw e; 101 } 102 } 103 System.out.println(); 104 105 KeyAgreement ka1 = KeyAgreement.getInstance("ECDH", p); 106 ka1.init(kp1.getPrivate()); 107 ka1.doPhase(kp2.getPublic(), true); 108 byte[] secret1 = ka1.generateSecret(); 109 110 KeyAgreement ka2 = KeyAgreement.getInstance("ECDH", p); 111 ka2.init(kp2.getPrivate()); 112 ka2.doPhase(kp1.getPublic(), true); 113 byte[] secret2 = ka2.generateSecret(); 114 115 if (Arrays.equals(secret1, secret2) == false) { 116 throw new Exception("Secrets do not match"); 117 } 118 } 119 120 System.out.println("OK"); 121 } 122 123 private static void testSigning(Provider p, String algorithm, 124 byte[] data, KeyPair kp1, KeyPair kp2) throws Exception { 125 System.out.print(" " + algorithm); 126 Signature s = Signature.getInstance(algorithm, p); 127 s.initSign(kp1.getPrivate()); 128 s.update(data); 129 byte[] sig = s.sign(); 130 131 s = Signature.getInstance(algorithm, p); 132 s.initVerify(kp1.getPublic()); 133 s.update(data); 134 boolean r = s.verify(sig); 135 if (r == false) { 136 throw new Exception("Signature did not verify"); 137 } 138 139 s.initVerify(kp2.getPublic()); 140 s.update(data); 141 r = s.verify(sig); 142 if (r) { 143 throw new Exception("Signature should not verify"); 144 } 145 } 146 }