Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8342188: Update tests to use stronger key parameters and certificates #21563

Closed
wants to merge 9 commits into from
+2,333 −1,638
Closed

8342188: Update tests to use stronger key parameters and certificates #21563

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
09971b1
initial commit
fguallini Oct 17, 2024
dffd9fa
fixed copyright year and not changing DES
fguallini Oct 17, 2024
6ce89cb
DH group reusable
fguallini Oct 21, 2024
7d321b3
DHKeyAgreement2.java refactor
fguallini Oct 21, 2024
32b11d7
Use hex value for diffieHellmanGroup enum
fguallini Oct 22, 2024
ed4af8b
Merge branch 'master' into 8342188
fguallini Oct 23, 2024
44073ab
minor changes to update SecurityUtils comments and refactoring
fguallini Oct 23, 2024
cb7ec17
Address comments
fguallini Oct 24, 2024
aacf093
Merge branch 'master' into 8342188
fguallini Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion test/jdk/com/sun/crypto/provider/KeyAgreement/DHGenSharedSecret.java
View file
Original file line number Diff line number Diff line change
@@ -48,7 +48,7 @@ public void run() throws Exception {
long start, end;

DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup();
BigInteger p = new BigInteger(1, dhGroup.getPrimeBytes());
BigInteger p = dhGroup.getPrime();
BigInteger g = new BigInteger(1, dhGroup.getBase().toByteArray());
int l = 512;

2 changes: 1 addition & 1 deletion test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
View file
Original file line number Diff line number Diff line change
@@ -99,7 +99,7 @@ private void run(String mode) throws Exception {
// use some pre-generated, test default DH parameters
DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup(primeSize);
System.err.println("Using " + dhGroup.name() + " Diffie-Hellman parameters");
dhParameterSpec = new DHParameterSpec(dhGroup.getModulus(),
dhParameterSpec = new DHParameterSpec(dhGroup.getPrime(),
dhGroup.getBase());
}

2 changes: 1 addition & 1 deletion test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement3.java
View file
Original file line number Diff line number Diff line change
@@ -66,7 +66,7 @@ private void run() throws Exception {
DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup();
DHParameterSpec dhParamSpec;
System.err.println("Using " + dhGroup.name() + " Diffie-Hellman parameters");
dhParamSpec = new DHParameterSpec(dhGroup.getModulus(), dhGroup.getBase());
dhParamSpec = new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase());

// Alice creates her own DH key pair
System.err.println("ALICE: Generate DH keypair ...");
2 changes: 1 addition & 1 deletion test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyFactory.java
View file
Original file line number Diff line number Diff line change
@@ -61,7 +61,7 @@ private void run() throws Exception {
jdk.test.lib.security.DiffieHellmanGroup dhGroup = jdk.test.lib.security.SecurityUtils.getTestDHGroup();
DHParameterSpec dhParamSpec;
System.err.println("Using " + dhGroup.name() + " Diffie-Hellman parameters");
dhParamSpec = new DHParameterSpec(dhGroup.getModulus(), dhGroup.getBase());
dhParamSpec = new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase());

KeyPairGenerator kpgen = KeyPairGenerator.getInstance("DH", "SunJCE");
kpgen.initialize(dhParamSpec);
4 changes: 2 additions & 2 deletions test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyGenSpeed.java
View file
Original file line number Diff line number Diff line change
@@ -49,7 +49,7 @@ public void run() throws Exception {
long start, end;

DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup();
BigInteger p = new BigInteger(1, dhGroup.getPrimeBytes());
BigInteger p = dhGroup.getPrime();
BigInteger g = new BigInteger(1, dhGroup.getBase().toByteArray());
int l = 576;

@@ -65,7 +65,7 @@ public void run() throws Exception {
end = System.currentTimeMillis();

System.out.println("PrimeBits\tExponentBits");
System.out.println(dhGroup.getPrimeBytes().length*8 + "\t\t" + l);
System.out.println(dhGroup.getPrime().bitLength() + "\t\t" + l);
System.out.println("keyGen(millisecond): " + (end - start));
System.out.println("Test Passed!");
}
2 changes: 1 addition & 1 deletion test/jdk/java/security/KeyRep/Serial.java
View file
Original file line number Diff line number Diff line change
@@ -96,7 +96,7 @@ public static void main(String[] args) throws Exception {
// generate DH key pair
DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup();
kpg = KeyPairGenerator.getInstance("DiffieHellman", JCE);
kpg.initialize(new DHParameterSpec(dhGroup.getModulus(), dhGroup.getBase()));
kpg.initialize(new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase()));
KeyPair dhKp = kpg.genKeyPair();

// serialize DH key pair
8 changes: 4 additions & 4 deletions test/jdk/sun/security/pkcs11/KeyAgreement/TestInterop.java
View file
Original file line number Diff line number Diff line change
@@ -89,16 +89,16 @@ public void main(Provider prov) throws Exception {
KeyAgreement ka = KeyAgreement.getInstance("DH", prov);
KeyAgreement kbSunJCE = KeyAgreement.getInstance("DH", "SunJCE");
DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup();
DHPrivateKeySpec privSpecA = new DHPrivateKeySpec(xa, dhGroup.getModulus(),
DHPrivateKeySpec privSpecA = new DHPrivateKeySpec(xa, dhGroup.getPrime(),
dhGroup.getBase());
DHPublicKeySpec pubSpecA = new DHPublicKeySpec(ya, dhGroup.getModulus(),
DHPublicKeySpec pubSpecA = new DHPublicKeySpec(ya, dhGroup.getPrime(),
dhGroup.getBase());
PrivateKey privA = kf.generatePrivate(privSpecA);
PublicKey pubA = kf.generatePublic(pubSpecA);

DHPrivateKeySpec privSpecB = new DHPrivateKeySpec(xb, dhGroup.getModulus(),
DHPrivateKeySpec privSpecB = new DHPrivateKeySpec(xb, dhGroup.getPrime(),
dhGroup.getBase());
DHPublicKeySpec pubSpecB = new DHPublicKeySpec(yb, dhGroup.getModulus(),
DHPublicKeySpec pubSpecB = new DHPublicKeySpec(yb, dhGroup.getPrime(),
dhGroup.getBase());
PrivateKey privB = kf.generatePrivate(privSpecB);
PublicKey pubB = kf.generatePublic(pubSpecB);
106 changes: 60 additions & 46 deletions test/lib/jdk/test/lib/security/DiffieHellmanGroup.java
View file
Original file line number Diff line number Diff line change
@@ -30,63 +30,77 @@ public enum DiffieHellmanGroup {
/**
* RFC 7919 - ffdhe2048.
*/
ffdhe2048 (new byte[]{
(byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
(byte) 0xAD, (byte) 0xF8, (byte) 0x54, (byte) 0x58, (byte) 0xA2, (byte) 0xBB, (byte) 0x4A, (byte) 0x9A,
(byte) 0xAF, (byte) 0xDC, (byte) 0x56, (byte) 0x20, (byte) 0x27, (byte) 0x3D, (byte) 0x3C, (byte) 0xF1,
(byte) 0xD8, (byte) 0xB9, (byte) 0xC5, (byte) 0x83, (byte) 0xCE, (byte) 0x2D, (byte) 0x36, (byte) 0x95,
(byte) 0xA9, (byte) 0xE1, (byte) 0x36, (byte) 0x41, (byte) 0x14, (byte) 0x64, (byte) 0x33, (byte) 0xFB,
(byte) 0xCC, (byte) 0x93, (byte) 0x9D, (byte) 0xCE, (byte) 0x24, (byte) 0x9B, (byte) 0x3E, (byte) 0xF9,
(byte) 0x7D, (byte) 0x2F, (byte) 0xE3, (byte) 0x63, (byte) 0x63, (byte) 0x0C, (byte) 0x75, (byte) 0xD8,
(byte) 0xF6, (byte) 0x81, (byte) 0xB2, (byte) 0x02, (byte) 0xAE, (byte) 0xC4, (byte) 0x61, (byte) 0x7A,
(byte) 0xD3, (byte) 0xDF, (byte) 0x1E, (byte) 0xD5, (byte) 0xD5, (byte) 0xFD, (byte) 0x65, (byte) 0x61,
(byte) 0x24, (byte) 0x33, (byte) 0xF5, (byte) 0x1F, (byte) 0x5F, (byte) 0x06, (byte) 0x6E, (byte) 0xD0,
(byte) 0x85, (byte) 0x63, (byte) 0x65, (byte) 0x55, (byte) 0x3D, (byte) 0xED, (byte) 0x1A, (byte) 0xF3,
(byte) 0xB5, (byte) 0x57, (byte) 0x13, (byte) 0x5E, (byte) 0x7F, (byte) 0x57, (byte) 0xC9, (byte) 0x35,
(byte) 0x98, (byte) 0x4F, (byte) 0x0C, (byte) 0x70, (byte) 0xE0, (byte) 0xE6, (byte) 0x8B, (byte) 0x77,
(byte) 0xE2, (byte) 0xA6, (byte) 0x89, (byte) 0xDA, (byte) 0xF3, (byte) 0xEF, (byte) 0xE8, (byte) 0x72,
(byte) 0x1D, (byte) 0xF1, (byte) 0x58, (byte) 0xA1, (byte) 0x36, (byte) 0xAD, (byte) 0xE7, (byte) 0x35,
(byte) 0x30, (byte) 0xAC, (byte) 0xCA, (byte) 0x4F, (byte) 0x48, (byte) 0x3A, (byte) 0x79, (byte) 0x7A,
(byte) 0xBC, (byte) 0x0A, (byte) 0xB1, (byte) 0x82, (byte) 0xB3, (byte) 0x24, (byte) 0xFB, (byte) 0x61,
(byte) 0xD1, (byte) 0x08, (byte) 0xA9, (byte) 0x4B, (byte) 0xB2, (byte) 0xC8, (byte) 0xE3, (byte) 0xFB,
(byte) 0xB9, (byte) 0x6A, (byte) 0xDA, (byte) 0xB7, (byte) 0x60, (byte) 0xD7, (byte) 0xF4, (byte) 0x68,
(byte) 0x1D, (byte) 0x4F, (byte) 0x42, (byte) 0xA3, (byte) 0xDE, (byte) 0x39, (byte) 0x4D, (byte) 0xF4,
(byte) 0xAE, (byte) 0x56, (byte) 0xED, (byte) 0xE7, (byte) 0x63, (byte) 0x72, (byte) 0xBB, (byte) 0x19,
(byte) 0x0B, (byte) 0x07, (byte) 0xA7, (byte) 0xC8, (byte) 0xEE, (byte) 0x0A, (byte) 0x6D, (byte) 0x70,
(byte) 0x9E, (byte) 0x02, (byte) 0xFC, (byte) 0xE1, (byte) 0xCD, (byte) 0xF7, (byte) 0xE2, (byte) 0xEC,
(byte) 0xC0, (byte) 0x34, (byte) 0x04, (byte) 0xCD, (byte) 0x28, (byte) 0x34, (byte) 0x2F, (byte) 0x61,
(byte) 0x91, (byte) 0x72, (byte) 0xFE, (byte) 0x9C, (byte) 0xE9, (byte) 0x85, (byte) 0x83, (byte) 0xFF,
(byte) 0x8E, (byte) 0x4F, (byte) 0x12, (byte) 0x32, (byte) 0xEE, (byte) 0xF2, (byte) 0x81, (byte) 0x83,
(byte) 0xC3, (byte) 0xFE, (byte) 0x3B, (byte) 0x1B, (byte) 0x4C, (byte) 0x6F, (byte) 0xAD, (byte) 0x73,
(byte) 0x3B, (byte) 0xB5, (byte) 0xFC, (byte) 0xBC, (byte) 0x2E, (byte) 0xC2, (byte) 0x20, (byte) 0x05,
(byte) 0xC5, (byte) 0x8E, (byte) 0xF1, (byte) 0x83, (byte) 0x7D, (byte) 0x16, (byte) 0x83, (byte) 0xB2,
(byte) 0xC6, (byte) 0xF3, (byte) 0x4A, (byte) 0x26, (byte) 0xC1, (byte) 0xB2, (byte) 0xEF, (byte) 0xFA,
(byte) 0x88, (byte) 0x6B, (byte) 0x42, (byte) 0x38, (byte) 0x61, (byte) 0x28, (byte) 0x5C, (byte) 0x97,
(byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF},
1, 2);


public byte[] getPrimeBytes() {
return primeBytes;
}
ffdhe2048(new BigInteger("FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
"D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
"7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
"2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
"984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
"30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
"B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
"0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
"9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
"3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
"886B423861285C97FFFFFFFFFFFFFFFF", 16), 2),
/**
* RFC 7919 - ffdhe3072.
*/
ffdhe3072(new BigInteger("FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
"D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
"7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
"2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
"984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
"30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
"B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
"0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
"9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
"3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
"886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
"61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
"AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
"64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
"ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
"3C1B20EE3FD59D7C25E41D2B66C62E37FFFFFFFFFFFFFFFF", 16), 2),
/**
* RFC 7919 - ffdhe4096.
*/
ffdhe4096(new BigInteger("FFFFFFFFFFFFFFFFADF85458A2BB4A9AAFDC5620273D3CF1" +
"D8B9C583CE2D3695A9E13641146433FBCC939DCE249B3EF9" +
"7D2FE363630C75D8F681B202AEC4617AD3DF1ED5D5FD6561" +
"2433F51F5F066ED0856365553DED1AF3B557135E7F57C935" +
"984F0C70E0E68B77E2A689DAF3EFE8721DF158A136ADE735" +
"30ACCA4F483A797ABC0AB182B324FB61D108A94BB2C8E3FB" +
"B96ADAB760D7F4681D4F42A3DE394DF4AE56EDE76372BB19" +
"0B07A7C8EE0A6D709E02FCE1CDF7E2ECC03404CD28342F61" +
"9172FE9CE98583FF8E4F1232EEF28183C3FE3B1B4C6FAD73" +
"3BB5FCBC2EC22005C58EF1837D1683B2C6F34A26C1B2EFFA" +
"886B4238611FCFDCDE355B3B6519035BBC34F4DEF99C0238" +
"61B46FC9D6E6C9077AD91D2691F7F7EE598CB0FAC186D91C" +
"AEFE130985139270B4130C93BC437944F4FD4452E2D74DD3" +
"64F2E21E71F54BFF5CAE82AB9C9DF69EE86D2BC522363A0D" +
"ABC521979B0DEADA1DBF9A42D5C4484E0ABCD06BFA53DDEF" +
"3C1B20EE3FD59D7C25E41D2B669E1EF16E6F52C3164DF4FB" +
"7930E9E4E58857B6AC7D5F42D69F6D187763CF1D55034004" +
"87F55BA57E31CC7A7135C886EFB4318AED6A1E012D9E6832" +
"A907600A918130C46DC778F971AD0038092999A333CB8B7A" +
"1A1DB93D7140003C2A4ECEA9F98D0ACC0A8291CDCEC97DCF" +
"8EC9B55A7F88A46B4DB5A851F44182E1C68A007E5E655F6A" +
"FFFFFFFFFFFFFFFF", 16), 2);

private final byte[] primeBytes;

public BigInteger getModulus() {
return modulus;
public BigInteger getPrime() {
return prime;
}

private final BigInteger modulus;
private final BigInteger prime;

public BigInteger getBase() {
return base;
}

private final BigInteger base;

DiffieHellmanGroup(byte[] primeBytes, int signum, int base) {
this.primeBytes = primeBytes;
this.modulus = new BigInteger(signum, primeBytes);
DiffieHellmanGroup(BigInteger prime, int base) {
this.prime = prime;
this.base = BigInteger.valueOf(base);
}

2 changes: 2 additions & 0 deletions test/lib/jdk/test/lib/security/SecurityUtils.java
View file
Original file line number Diff line number Diff line change
@@ -122,6 +122,8 @@ public static DiffieHellmanGroup getTestDHGroup(int primeSize) {
DiffieHellmanGroup diffieHellmanGroup;
switch (primeSize) {
case 2048 -> diffieHellmanGroup = DiffieHellmanGroup.ffdhe2048;
case 3072 -> diffieHellmanGroup = DiffieHellmanGroup.ffdhe3072;
case 4096 -> diffieHellmanGroup = DiffieHellmanGroup.ffdhe4096;
default -> throw new RuntimeException("Test DH group not defined for " + primeSize);
}
return diffieHellmanGroup;