1 /*
2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 6316539 8136355
27 * @summary Basic tests for TlsRsaPremasterSecret generator
28 * @author Andreas Sterbenz
29 * @library ..
30 * @modules java.base/sun.security.internal.spec
31 * jdk.crypto.token
32 * @run main/othervm TestPremaster
33 * @run main/othervm TestPremaster sm policy
34 */
35
36 import java.security.Provider;
37 import java.security.InvalidAlgorithmParameterException;
38 import javax.crypto.KeyGenerator;
39 import javax.crypto.SecretKey;
40 import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
41
42 public class TestPremaster extends PKCS11Test {
43
44 public static void main(String[] args) throws Exception {
45 main(new TestPremaster(), args);
46 }
47
48 @Override
49 public void main(Provider provider) throws Exception {
50 if (provider.getService(
51 "KeyGenerator", "SunTlsRsaPremasterSecret") == null) {
52 System.out.println("Not supported by provider, skipping");
53 return;
54 }
55 KeyGenerator kg;
56 kg = KeyGenerator.getInstance("SunTlsRsaPremasterSecret", provider);
57
58 try {
59 kg.generateKey();
60 throw new Exception("no exception");
61 } catch (IllegalStateException e) {
62 System.out.println("OK: " + e);
63 }
64
65 int[] protocolVersions = {0x0300, 0x0301, 0x0302};
66 for (int clientVersion : protocolVersions) {
67 for (int serverVersion : protocolVersions) {
68 test(kg, clientVersion, serverVersion);
69 if (serverVersion >= clientVersion) {
70 break;
71 }
72 }
73 }
74
75 System.out.println("Done.");
76 }
77
78 private static void test(KeyGenerator kg,
79 int clientVersion, int serverVersion) throws Exception {
80
81 System.out.printf(
82 "Testing RSA pre-master secret key generation between " +
83 "client (0x%04X) and server(0x%04X)%n",
84 clientVersion, serverVersion);
85 try {
86 kg.init(new TlsRsaPremasterSecretParameterSpec(
87 clientVersion, serverVersion));
88 } catch (InvalidAlgorithmParameterException iape) {
89 // S12 removed support for SSL v3.0
90 if (clientVersion == 0x300 || serverVersion == 0x300) {
91 System.out.println("Skip testing SSLv3 due to no support");
92 return;
93 }
94 // unexpected, pass it up
95 throw iape;
96 }
97 SecretKey key = kg.generateKey();
98 byte[] encoded = key.getEncoded();
99 if (encoded != null) { // raw key material may be not extractable
100 if (encoded.length != 48) {
101 throw new Exception("length: " + encoded.length);
102 }
103 int v = versionOf(encoded[0], encoded[1]);
104 if (clientVersion != v) {
105 if (serverVersion != v || clientVersion >= 0x0302) {
106 throw new Exception(String.format(
107 "version mismatch: (0x%04X) rather than (0x%04X) " +
108 "is used in pre-master secret", v, clientVersion));
109 }
110 System.out.printf("Use compatible version (0x%04X)%n", v);
111 }
112 System.out.println("Passed, version matches!");
113 } else {
114 System.out.println("Raw key material is not extractable");
115 }
116 }
117
118 private static int versionOf(int major, int minor) {
119 return ((major & 0xFF) << 8) | (minor & 0xFF);
120 }
121
122 }