1 /* 2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 import sun.security.provider.MoreDrbgParameters; 24 25 import java.security.DrbgParameters; 26 import java.security.NoSuchAlgorithmException; 27 import java.security.SecureRandom; 28 import java.security.SecureRandomParameters; 29 import java.security.Security; 30 31 import static java.security.DrbgParameters.Capability.*; 32 33 /** 34 * @test 35 * @bug 8051408 36 * @modules java.base/sun.security.provider 37 * @summary make sure DRBG alg can be defined and instantiated freely 38 */ 39 public class DRBGAlg { 40 41 public static void main(String[] args) throws Exception { 42 check(null, "Hash_DRBG", "SHA-256", "reseed_only", ",128"); 43 check("", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); 44 check("sha-1", "Hash_DRBG", "SHA-1", "reseed_only", ",128"); 45 check("sha-256", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); 46 check("SHA-3"); 47 check("hash_drbg", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); 48 check("hmac_drbg", "HMAC_DRBG", "SHA-256", "reseed_only", ",128"); 49 check("ctr_drbg", "CTR_DRBG", "AES-", "reseed_only", ",128", "use_df"); 50 check("hash_drbg,sha-512,Pr_and_Reseed,192", 51 "Hash_DRBG", "SHA-512", "pr_and_reseed", ",192"); 52 53 check("Hash_DRBG,Hmac_DRBG"); 54 check("SHA-1,SHA-256"); 55 check("128,256"); 56 check("none,reseed_only"); 57 check("use_df,no_df"); 58 check("Hash_DRBG,,SHA-1"); 59 60 check(null, DrbgParameters.instantiate(112, PR_AND_RESEED, null), 61 "Hash_DRBG", "SHA-256", "pr_and_reseed", ",112"); 62 check(null, DrbgParameters.instantiate(256, PR_AND_RESEED, null), 63 "Hash_DRBG", "SHA-256", "pr_and_reseed", ",256"); 64 check(null, DrbgParameters.instantiate(384, PR_AND_RESEED, null)); 65 check("sha-1", DrbgParameters.instantiate(112, PR_AND_RESEED, null), 66 "Hash_DRBG", "SHA-1", "pr_and_reseed", ",112"); 67 check("sha-1", DrbgParameters.instantiate(192, PR_AND_RESEED, null)); 68 check("hash_drbg,sha-512,Pr_and_Reseed,192", 69 DrbgParameters.instantiate(112, NONE, null), 70 "Hash_DRBG", "SHA-512", "reseed_only", ",112"); 71 check("hash_drbg,sha-512,Pr_and_Reseed,192", 72 DrbgParameters.instantiate(-1, NONE, null), 73 "Hash_DRBG", "SHA-512", "reseed_only", ",192"); 74 // getInstance params can be stronger than definition 75 check("hash_drbg,sha-256,None,112", 76 DrbgParameters.instantiate(192, PR_AND_RESEED, null), 77 "Hash_DRBG", "SHA-256", "pr_and_reseed", ",192"); 78 79 check("hash_drbg,sha-1", new MoreDrbgParameters(null, null, "sha-512", null, false, 80 DrbgParameters.instantiate(-1, NONE, null)), 81 "Hash_DRBG", "SHA-512"); 82 check("hash_drbg,sha-1", new MoreDrbgParameters(null, null, null, null, false, 83 DrbgParameters.instantiate(-1, NONE, null)), 84 "Hash_DRBG", "SHA-1"); 85 check("hash_drbg", new MoreDrbgParameters(null, "hmac_drbg", null, null, false, 86 DrbgParameters.instantiate(-1, NONE, null)), 87 "HMAC_DRBG", "SHA-256"); 88 89 check("hash_drbg,sha-1", new MoreDrbgParameters(null, null, "sha-3", null, false, 90 DrbgParameters.instantiate(-1, NONE, null))); 91 check("hash_drbg,sha-1", new MoreDrbgParameters(null, "Unknown_DRBG", null, null, false, 92 DrbgParameters.instantiate(-1, NONE, null))); 93 } 94 95 /** 96 * Checks DRBG definition for getInstance(alg, params). 97 * 98 * @param define DRBG 99 * @param params getInstance request (null if none) 100 * @param expected expected actual instantiate params, empty if should fail 101 */ 102 static void check(String define, SecureRandomParameters params, 103 String... expected) throws Exception { 104 System.out.println("Testing " + define + " with " + params + "..."); 105 String old = Security.getProperty("drbg"); 106 if (define != null) { 107 Security.setProperty("drbg", define); 108 } 109 try { 110 String result = params != null ? 111 SecureRandom.getInstance("DRBG", params).toString() : 112 SecureRandom.getInstance("DRBG").toString(); 113 System.out.println("Result " + result); 114 if (expected.length == 0) { 115 throw new Exception("should fail"); 116 } 117 for (String s : expected) { 118 if (!result.contains(s)) { 119 throw new Exception(result); 120 } 121 } 122 } catch (NoSuchAlgorithmException e) { 123 System.out.println("Result NSAE"); 124 if (expected.length > 0) { 125 throw e; 126 } 127 } finally { 128 Security.setProperty("drbg", old); 129 } 130 } 131 132 /** 133 * Checks DRBG definition for getInstance(alg). 134 * 135 * @param define DRBG 136 * @param expected expected actual instantiate params, empty if should fail 137 */ 138 static void check(String define, String... expected) throws Exception { 139 check(define, null, expected); 140 } 141 }