1 /* 2 * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 6405536 6414980 27 * @summary Basic consistency test for all curves using ECDSA and ECDH 28 * @author Andreas Sterbenz 29 * @library .. 30 * @compile -XDignore.symbol.file TestCurves.java 31 * @run main TestCurves 32 */ 33 34 import java.util.*; 35 36 import java.security.*; 37 import java.security.spec.*; 38 39 import javax.crypto.*; 40 41 public class TestCurves extends PKCS11Test { 42 43 public static void main(String[] args) throws Exception { 44 main(new TestCurves()); 45 } 46 47 public void main(Provider p) throws Exception { 48 if (p.getService("KeyAgreement", "ECDH") == null) { 49 System.out.println("Not supported by provider, skipping"); 50 return; 51 } 52 53 if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) { 54 System.out.println("NSS 3.11 has a DER issue that recent " + 55 "version do not."); 56 return; 57 } 58 59 // Check if this is sparc for later failure avoidance. 60 boolean sparc = false; 61 if (System.getProperty("os.arch").equals("sparcv9")) { 62 sparc = true; 63 System.out.println("This is a sparcv9"); 64 } 65 66 Random random = new Random(); 67 byte[] data = new byte[2048]; 68 random.nextBytes(data); 69 70 Vector<ECParameterSpec> curves = getKnownCurves(p); 71 for (ECParameterSpec params : curves) { 72 System.out.println("Testing " + params + "..."); 73 KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p); 74 kpg.initialize(params); 75 KeyPair kp1, kp2; 76 77 kp1 = kpg.generateKeyPair(); 78 kp2 = kpg.generateKeyPair(); 79 80 testSigning(p, "SHA1withECDSA", data, kp1, kp2); 81 // Check because Solaris ncp driver does not support these but 82 // Solaris metaslot causes them to be run. 83 try { 84 testSigning(p, "SHA224withECDSA", data, kp1, kp2); 85 testSigning(p, "SHA256withECDSA", data, kp1, kp2); 86 testSigning(p, "SHA384withECDSA", data, kp1, kp2); 87 testSigning(p, "SHA512withECDSA", data, kp1, kp2); 88 } catch (ProviderException e) { 89 if (sparc) { 90 Throwable t = e.getCause(); 91 if (t instanceof sun.security.pkcs11.wrapper.PKCS11Exception && 92 t.getMessage().equals("CKR_ATTRIBUTE_VALUE_INVALID")) { 93 System.out.print("-Failure not uncommon. Probably pre-T4."); 94 } else { 95 throw e; 96 } 97 } else { 98 throw e; 99 } 100 } 101 System.out.println(); 102 103 KeyAgreement ka1 = KeyAgreement.getInstance("ECDH", p); 104 ka1.init(kp1.getPrivate()); 105 ka1.doPhase(kp2.getPublic(), true); 106 byte[] secret1 = ka1.generateSecret(); 107 108 KeyAgreement ka2 = KeyAgreement.getInstance("ECDH", p); 109 ka2.init(kp2.getPrivate()); 110 ka2.doPhase(kp1.getPublic(), true); 111 byte[] secret2 = ka2.generateSecret(); 112 113 if (Arrays.equals(secret1, secret2) == false) { 114 throw new Exception("Secrets do not match"); 115 } 116 } 117 118 System.out.println("OK"); 119 } 120 121 private static void testSigning(Provider p, String algorithm, 122 byte[] data, KeyPair kp1, KeyPair kp2) throws Exception { 123 System.out.print(" " + algorithm); 124 Signature s = Signature.getInstance(algorithm, p); 125 s.initSign(kp1.getPrivate()); 126 s.update(data); 127 byte[] sig = s.sign(); 128 129 s = Signature.getInstance(algorithm, p); 130 s.initVerify(kp1.getPublic()); 131 s.update(data); 132 boolean r = s.verify(sig); 133 if (r == false) { 134 throw new Exception("Signature did not verify"); 135 } 136 137 s.initVerify(kp2.getPublic()); 138 s.update(data); 139 r = s.verify(sig); 140 if (r) { 141 throw new Exception("Signature should not verify"); 142 } 143 } 144 }