|
| 1 | +/* |
| 2 | + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. |
| 3 | + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | + * |
| 5 | + * This code is free software; you can redistribute it and/or modify it |
| 6 | + * under the terms of the GNU General Public License version 2 only, as |
| 7 | + * published by the Free Software Foundation. |
| 8 | + * |
| 9 | + * This code is distributed in the hope that it will be useful, but WITHOUT |
| 10 | + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 11 | + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 12 | + * version 2 for more details (a copy is included in the LICENSE file that |
| 13 | + * accompanied this code). |
| 14 | + * |
| 15 | + * You should have received a copy of the GNU General Public License version |
| 16 | + * 2 along with this work; if not, write to the Free Software Foundation, |
| 17 | + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 18 | + * |
| 19 | + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| 20 | + * or visit www.oracle.com if you need additional information or have any |
| 21 | + * questions. |
| 22 | + */ |
| 23 | + |
| 24 | +/* |
| 25 | + * @test |
| 26 | + * @bug 8349849 |
| 27 | + * @summary Verify that SunTlsKeyMaterial doesn't crash on TLS 1.2 parameters |
| 28 | + * @library /test/lib .. |
| 29 | + * @modules java.base/sun.security.internal.spec |
| 30 | + * @run main/othervm TestKeyMaterialMisuse |
| 31 | + */ |
| 32 | + |
| 33 | +import sun.security.internal.spec.TlsKeyMaterialParameterSpec; |
| 34 | +import sun.security.internal.spec.TlsKeyMaterialSpec; |
| 35 | + |
| 36 | +import javax.crypto.KeyGenerator; |
| 37 | +import javax.crypto.SecretKey; |
| 38 | +import javax.crypto.spec.SecretKeySpec; |
| 39 | +import java.security.Provider; |
| 40 | +import java.security.ProviderException; |
| 41 | +import java.util.Arrays; |
| 42 | +import java.util.List; |
| 43 | + |
| 44 | +public class TestKeyMaterialMisuse extends PKCS11Test { |
| 45 | + |
| 46 | + public static void main(String[] args) throws Exception { |
| 47 | + System.out.println("NSS Version: " + getNSSVersion()); |
| 48 | + main(new TestKeyMaterialMisuse(), args); |
| 49 | + } |
| 50 | + |
| 51 | + @Override |
| 52 | + public void main(Provider provider) throws Exception { |
| 53 | + byte[] keyBytes = new byte[48]; |
| 54 | + Arrays.fill(keyBytes, (byte)1); |
| 55 | + SecretKey master = new SecretKeySpec(keyBytes, "TlsMasterSecret"); |
| 56 | + byte[] cr = "clientRandom".getBytes(); |
| 57 | + byte[] sr = "serverRandom".getBytes(); |
| 58 | + for (int minor : List.of(1, 3)) { |
| 59 | + try { |
| 60 | + // the algorithms below are deliberately reversed: |
| 61 | + // - SunTls12KeyMaterial is used with TLS 1.0, |
| 62 | + // - SunTlsKeyMaterial is used with TLS 1.2 |
| 63 | + String algorithm = minor != 3 ? |
| 64 | + "SunTls12KeyMaterial" : |
| 65 | + "SunTlsKeyMaterial"; |
| 66 | + System.out.println("Generating key material for version: " + |
| 67 | + minor + " using algorithm: " + algorithm); |
| 68 | + |
| 69 | + KeyGenerator g = KeyGenerator.getInstance(algorithm, provider); |
| 70 | + TlsKeyMaterialParameterSpec spec = |
| 71 | + new TlsKeyMaterialParameterSpec( |
| 72 | + master, 3, minor, cr, sr, |
| 73 | + "AES", 32, 0, |
| 74 | + 12, 32, |
| 75 | + "SHA-256", 32, 128); |
| 76 | + g.init(spec); |
| 77 | + // generateKey crashed the JVM: |
| 78 | + TlsKeyMaterialSpec km = (TlsKeyMaterialSpec) g.generateKey(); |
| 79 | + System.out.println("Success!"); |
| 80 | + } catch (ProviderException e) { |
| 81 | + System.out.println("Got exception, not crash:"); |
| 82 | + e.printStackTrace(); |
| 83 | + } |
| 84 | + } |
| 85 | + } |
| 86 | + |
| 87 | +} |
0 commit comments