< prev index next >
test/jdk/sun/security/pkcs11/sslecc/CipherTest.java
Print this page
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 2002, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
@@ -103,161 +103,33 @@
}
public static class TestParameters {
- String cipherSuite;
- String protocol;
+ CipherSuite cipherSuite;
+ Protocol protocol;
String clientAuth;
- TestParameters(String cipherSuite, String protocol,
+ TestParameters(CipherSuite cipherSuite, Protocol protocol,
String clientAuth) {
this.cipherSuite = cipherSuite;
this.protocol = protocol;
this.clientAuth = clientAuth;
}
boolean isEnabled() {
- return TLSCipherStatus.isEnabled(cipherSuite, protocol);
+ return cipherSuite.supportedByProtocol(protocol);
}
@Override
public String toString() {
String s = cipherSuite + " in " + protocol + " mode";
if (clientAuth != null) {
s += " with " + clientAuth + " client authentication";
}
return s;
}
-
- static enum TLSCipherStatus {
- // cipher suites supported since TLS 1.2
- CS_01("TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
- CS_02("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
- CS_03("TLS_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
- CS_04("TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
- CS_05("TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384", 0x0303, 0xFFFF),
- CS_06("TLS_DHE_RSA_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
- CS_07("TLS_DHE_DSS_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
-
- CS_08("TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
- CS_09("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
- CS_10("TLS_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
- CS_11("TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
- CS_12("TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
- CS_13("TLS_DHE_RSA_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
- CS_14("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
-
- CS_15("TLS_DH_anon_WITH_AES_256_CBC_SHA256", 0x0303, 0xFFFF),
- CS_16("TLS_DH_anon_WITH_AES_128_CBC_SHA256", 0x0303, 0xFFFF),
- CS_17("TLS_RSA_WITH_NULL_SHA256", 0x0303, 0xFFFF),
-
- CS_20("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
- CS_21("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
- CS_22("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
- CS_23("TLS_RSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
- CS_24("TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
- CS_25("TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
- CS_26("TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
- CS_27("TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
-
- CS_28("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
- CS_29("TLS_RSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
- CS_30("TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
- CS_31("TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
- CS_32("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
- CS_33("TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
-
- CS_34("TLS_DH_anon_WITH_AES_256_GCM_SHA384", 0x0303, 0xFFFF),
- CS_35("TLS_DH_anon_WITH_AES_128_GCM_SHA256", 0x0303, 0xFFFF),
-
- // cipher suites obsoleted since TLS 1.2
- CS_50("SSL_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303),
- CS_51("SSL_DHE_RSA_WITH_DES_CBC_SHA", 0x0000, 0x0303),
- CS_52("SSL_DHE_DSS_WITH_DES_CBC_SHA", 0x0000, 0x0303),
- CS_53("SSL_DH_anon_WITH_DES_CBC_SHA", 0x0000, 0x0303),
- CS_54("TLS_KRB5_WITH_DES_CBC_SHA", 0x0000, 0x0303),
- CS_55("TLS_KRB5_WITH_DES_CBC_MD5", 0x0000, 0x0303),
-
- // cipher suites obsoleted since TLS 1.1
- CS_60("SSL_RSA_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
- CS_61("SSL_DH_anon_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
- CS_62("SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
- CS_63("SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
- CS_64("SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
- CS_65("SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA", 0x0000, 0x0302),
- CS_66("TLS_KRB5_EXPORT_WITH_RC4_40_SHA", 0x0000, 0x0302),
- CS_67("TLS_KRB5_EXPORT_WITH_RC4_40_MD5", 0x0000, 0x0302),
- CS_68("TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", 0x0000, 0x0302),
- CS_69("TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", 0x0000, 0x0302),
-
- // ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always
- CS_99("TLS_EMPTY_RENEGOTIATION_INFO_SCSV", 0xFFFF, 0x0000);
-
- // the cipher suite name
- final String cipherSuite;
-
- // supported since protocol version
- final int supportedSince;
-
- // obsoleted since protocol version
- final int obsoletedSince;
-
- TLSCipherStatus(String cipherSuite,
- int supportedSince, int obsoletedSince) {
- this.cipherSuite = cipherSuite;
- this.supportedSince = supportedSince;
- this.obsoletedSince = obsoletedSince;
- }
-
- static boolean isEnabled(String cipherSuite, String protocol) {
- int versionNumber = toVersionNumber(protocol);
-
- if (versionNumber < 0) {
- return true; // unlikely to happen
- }
-
- for (TLSCipherStatus status : TLSCipherStatus.values()) {
- if (cipherSuite.equals(status.cipherSuite)) {
- if ((versionNumber < status.supportedSince) ||
- (versionNumber >= status.obsoletedSince)) {
- return false;
- }
-
- return true;
- }
- }
-
- return true;
- }
-
- private static int toVersionNumber(String protocol) {
- int versionNumber = -1;
-
- switch (protocol) {
- case "SSLv2Hello":
- versionNumber = 0x0002;
- break;
- case "SSLv3":
- versionNumber = 0x0300;
- break;
- case "TLSv1":
- versionNumber = 0x0301;
- break;
- case "TLSv1.1":
- versionNumber = 0x0302;
- break;
- case "TLSv1.2":
- versionNumber = 0x0303;
- break;
- default:
- // unlikely to happen
- }
-
- return versionNumber;
- }
- }
}
private List<TestParameters> tests;
private Iterator<TestParameters> testIterator;
private SSLSocketFactory factory;
@@ -281,17 +153,24 @@
continue;
}
for (int k = 0; k < clientAuths.length; k++) {
String clientAuth = clientAuths[k];
- if ((clientAuth != null) &&
- (cipherSuite.indexOf("DH_anon") != -1)) {
- // no client with anonymous ciphersuites
+ // no client with anonymous cipher suites.
+ // TLS_EMPTY_RENEGOTIATION_INFO_SCSV always be skipped.
+ // TLS 1.3 is skipped due to the signature algorithm,
+ // exactly MD5withRSA, in the certificates is not allowed.
+ if ((clientAuth != null && cipherSuite.contains("DH_anon")
+ || cipherSuite.equals(
+ CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV.name())
+ || "TLSv1.3".equals(protocol))) {
continue;
}
- tests.add(new TestParameters(cipherSuite, protocol,
+ tests.add(new TestParameters(
+ CipherSuite.cipherSuite(cipherSuite),
+ Protocol.protocol(protocol),
clientAuth));
}
}
}
< prev index next >