SupportedDHKeys.java revision 14400:2569a85ce76a 
1/*
2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/**
25 * @test
26 * @bug 8072452
27 * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
28 * @library ..
29 * @run main/othervm SupportedDHKeys
30 * @run main/othervm SupportedDHKeys sm
31 */
32
33import java.math.BigInteger;
34
35import java.security.*;
36import javax.crypto.*;
37import javax.crypto.interfaces.*;
38import javax.crypto.spec.*;
39
40public class SupportedDHKeys extends PKCS11Test {
41
42    /*
43     * Sizes and values for various lengths.
44     */
45    private enum SupportedKeySize {
46        dhp512(512),   dhp768(768),    dhp832(832),
47        dhp1024(1024), dhp1536(1536),  dhp2048(2048);
48
49        // the underlying pkcs11 may not support the following sizes yet
50        //
51        // dhp3072(3072), dhp4096(4096),  dhp6144(6144),
52        // dhp8192(8192);
53
54        final int primeSize;
55
56        SupportedKeySize(int primeSize) {
57            this.primeSize = primeSize;
58        }
59    }
60
61    @Override
62    public void main(Provider provider) throws Exception {
63        if (provider.getService("KeyPairGenerator", "DiffieHellman") == null) {
64            System.out.println("No support of DH KeyPairGenerator, skipping");
65            return;
66        }
67
68        for (SupportedKeySize keySize : SupportedKeySize.values()) {
69            System.out.println("Checking " + keySize.primeSize + " ...");
70            KeyPairGenerator kpg =
71                    KeyPairGenerator.getInstance("DiffieHellman", provider);
72            kpg.initialize(keySize.primeSize);
73            KeyPair kp = kpg.generateKeyPair();
74            checkKeyPair(kp, keySize.primeSize, provider);
75
76            DHPublicKey publicKey = (DHPublicKey)kp.getPublic();
77            BigInteger p = publicKey.getParams().getP();
78            BigInteger g = publicKey.getParams().getG();
79            kpg.initialize(new DHParameterSpec(p, g));
80            kp = kpg.generateKeyPair();
81            checkKeyPair(kp, keySize.primeSize, provider);
82        }
83    }
84
85    private static void checkKeyPair(KeyPair kp, int pSize,
86                Provider provider) throws Exception {
87
88        DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate();
89        BigInteger p = privateKey.getParams().getP();
90        if (p.bitLength() != pSize) {
91            throw new Exception(
92                "Invalid modulus size: " + p.bitLength() + "/" + pSize);
93        }
94
95        // System.out.println("P(" + pSize + "): " + p.toString());
96        if (!p.isProbablePrime(128)) {
97            throw new Exception("Good luck, the modulus is composite!");
98        }
99
100        DHPublicKey publicKey = (DHPublicKey)kp.getPublic();
101        p = publicKey.getParams().getP();
102        if (p.bitLength() != pSize) {
103            throw new Exception(
104                "Invalid modulus size: " + p.bitLength() + "/" + pSize);
105        }
106
107        BigInteger leftOpen = BigInteger.ONE;
108        BigInteger rightOpen = p.subtract(BigInteger.ONE);
109
110        // ignore the private key range checking on Solaris at present
111        if (provider.getName().equals("SunPKCS11-Solaris") &&
112                !System.getProperty("os.name").equals("SunOS")) {
113            BigInteger x = privateKey.getX();
114            if ((x.compareTo(leftOpen) <= 0) ||
115                    (x.compareTo(rightOpen) >= 0)) {
116                throw new Exception(
117                    "X outside range [2, p - 2]:  x: " + x + " p: " + p);
118            }
119        }
120
121        BigInteger y = publicKey.getY();
122        if ((y.compareTo(leftOpen) <= 0) ||
123                (y.compareTo(rightOpen) >= 0)) {
124            throw new Exception(
125                "Y outside range [2, p - 2]:  y: " + y + " p: " + p);
126        }
127    }
128
129    public static void main(String[] args) throws Exception {
130        main(new SupportedDHKeys(), args);
131    }
132}
133