Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/pkcs11/fips/TestTLS12.java
38855 views
1
/*

2
 * Copyright (c) 2018, Red Hat, Inc. and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/*

25
 * @test

26
 * @bug 8029661

27
 * @summary Test TLS 1.2

28
 * @library ..

29
 * @run main/othervm/timeout=120 TestTLS12

30
 */

31


32
import java.io.File;

33
import java.io.FileInputStream;

34
import java.io.InputStream;

35
import java.nio.ByteBuffer;

36


37
import java.security.interfaces.RSAPrivateKey;

38
import java.security.interfaces.RSAPublicKey;

39
import java.security.KeyStore;

40
import java.security.NoSuchAlgorithmException;

41
import java.security.Provider;

42
import java.security.SecureRandom;

43
import java.security.Security;

44


45
import java.util.Arrays;

46


47
import javax.crypto.Cipher;

48
import javax.crypto.KeyGenerator;

49
import javax.crypto.SecretKey;

50
import javax.crypto.spec.SecretKeySpec;

51


52
import javax.net.ssl.KeyManagerFactory;

53
import javax.net.ssl.SSLContext;

54
import javax.net.ssl.SSLEngine;

55
import javax.net.ssl.SSLEngineResult;

56
import javax.net.ssl.SSLEngineResult.HandshakeStatus;

57
import javax.net.ssl.SSLParameters;

58
import javax.net.ssl.SSLSession;

59
import javax.net.ssl.TrustManagerFactory;

60


61
import sun.security.internal.spec.TlsMasterSecretParameterSpec;

62
import sun.security.internal.spec.TlsPrfParameterSpec;

63
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;

64


65
public final class TestTLS12 extends SecmodTest {

66


67
    private static final boolean enableDebug = true;

68


69
    private static Provider sunPKCS11NSSProvider;

70
    private static Provider sunJCEProvider;

71
    private static com.sun.net.ssl.internal.ssl.Provider jsseProvider;

72
    private static KeyStore ks;

73
    private static KeyStore ts;

74
    private static char[] passphrase = "JAHshj131@@".toCharArray();

75
    private static RSAPrivateKey privateKey;

76
    private static RSAPublicKey publicKey;

77


78
    public static void main(String[] args) throws Exception {

79
        try {

80
            initialize();

81
        } catch (Exception e) {

82
            System.out.println("Test skipped: failure during" +

83
                    " initialization");

84
            return;

85
        }

86


87
        if (shouldRun()) {

88
            // Test against JCE

89
            testTlsAuthenticationCodeGeneration();

90


91
            // Self-integrity test (complete TLS 1.2 communication)

92
            new testTLS12SunPKCS11Communication().run();

93


94
            System.out.println("Test PASS - OK");

95
        } else {

96
            System.out.println("Test skipped: TLS 1.2 mechanisms" +

97
                    " not supported by current SunPKCS11 back-end");

98
        }

99
    }

100


101
    private static boolean shouldRun() {

102
        if (sunPKCS11NSSProvider == null) {

103
            return false;

104
        }

105
        try {

106
            KeyGenerator.getInstance("SunTls12MasterSecret",

107
                    sunPKCS11NSSProvider);

108
            KeyGenerator.getInstance(

109
                    "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider);

110
            KeyGenerator.getInstance("SunTls12Prf", sunPKCS11NSSProvider);

111
        } catch (NoSuchAlgorithmException e) {

112
            return false;

113
        }

114
        return true;

115
    }

116


117
    private static void testTlsAuthenticationCodeGeneration()

118
            throws Exception {

119
        // Generate RSA Pre-Master Secret in SunPKCS11 provider

120
        SecretKey rsaPreMasterSecret = null;

121
        @SuppressWarnings("deprecation")

122
        TlsRsaPremasterSecretParameterSpec rsaPreMasterSecretSpec =

123
                new TlsRsaPremasterSecretParameterSpec(0x0303, 0x0303);

124
        {

125
            KeyGenerator rsaPreMasterSecretKG = KeyGenerator.getInstance(

126
                    "SunTls12RsaPremasterSecret", sunPKCS11NSSProvider);

127
            rsaPreMasterSecretKG.init(rsaPreMasterSecretSpec, null);

128
            rsaPreMasterSecret = rsaPreMasterSecretKG.generateKey();

129
        }

130


131
        // Get RSA Pre-Master Secret in plain (from SunPKCS11 provider)

132
        byte[] rsaPlainPreMasterSecret = null;

133
        {

134
            Cipher rsaPreMasterSecretWrapperCipher =

135
                    Cipher.getInstance("RSA/ECB/PKCS1Padding",

136
                            sunPKCS11NSSProvider);

137
            rsaPreMasterSecretWrapperCipher.init(Cipher.WRAP_MODE, publicKey,

138
                    new SecureRandom());

139
            byte[] rsaEncryptedPreMasterSecret =

140
                    rsaPreMasterSecretWrapperCipher.wrap(rsaPreMasterSecret);

141
            Cipher rsaPreMasterSecretUnwrapperCipher =

142
                    Cipher.getInstance("RSA/ECB/PKCS1Padding", sunJCEProvider);

143
            rsaPreMasterSecretUnwrapperCipher.init(Cipher.UNWRAP_MODE,

144
                    privateKey, rsaPreMasterSecretSpec);

145
            rsaPlainPreMasterSecret = rsaPreMasterSecretUnwrapperCipher.unwrap(

146
                    rsaEncryptedPreMasterSecret, "TlsRsaPremasterSecret",

147
                    Cipher.SECRET_KEY).getEncoded();

148


149
            if (enableDebug) {

150
                System.out.println("rsaPlainPreMasterSecret:");

151
                for (byte b : rsaPlainPreMasterSecret) {

152
                    System.out.printf("%02X, ", b);

153
                }

154
                System.out.println("");

155
            }

156
        }

157


158
        // Generate Master Secret

159
        SecretKey sunPKCS11MasterSecret = null;

160
        SecretKey jceMasterSecret = null;

161
        {

162
            KeyGenerator sunPKCS11MasterSecretGenerator =

163
                    KeyGenerator.getInstance("SunTls12MasterSecret",

164
                            sunPKCS11NSSProvider);

165
            KeyGenerator jceMasterSecretGenerator = KeyGenerator.getInstance(

166
                    "SunTls12MasterSecret", sunJCEProvider);

167
            @SuppressWarnings("deprecation")

168
            TlsMasterSecretParameterSpec sunPKCS11MasterSecretSpec =

169
                    new TlsMasterSecretParameterSpec(rsaPreMasterSecret, 3, 3,

170
                            new byte[32], new byte[32], "SHA-256", 32, 64);

171
            @SuppressWarnings("deprecation")

172
            TlsMasterSecretParameterSpec jceMasterSecretSpec =

173
                    new TlsMasterSecretParameterSpec(

174
                            new SecretKeySpec(rsaPlainPreMasterSecret,

175
                                    "Generic"), 3, 3, new byte[32],

176
                            new byte[32], "SHA-256", 32, 64);

177
            sunPKCS11MasterSecretGenerator.init(sunPKCS11MasterSecretSpec,

178
                    null);

179
            jceMasterSecretGenerator.init(jceMasterSecretSpec, null);

180
            sunPKCS11MasterSecret =

181
                    sunPKCS11MasterSecretGenerator.generateKey();

182
            jceMasterSecret = jceMasterSecretGenerator.generateKey();

183
            if (enableDebug) {

184
                System.out.println("Master Secret (SunJCE):");

185
                if (jceMasterSecret != null) {

186
                    for (byte b : jceMasterSecret.getEncoded()) {

187
                        System.out.printf("%02X, ", b);

188
                    }

189
                    System.out.println("");

190
                }

191
            }

192
        }

193


194
        // Generate authentication codes

195
        byte[] sunPKCS11AuthenticationCode = null;

196
        byte[] jceAuthenticationCode = null;

197
        {

198
            // Generate SunPKCS11 authentication code

199
            {

200
                @SuppressWarnings("deprecation")

201
                TlsPrfParameterSpec sunPKCS11AuthenticationCodeSpec =

202
                        new TlsPrfParameterSpec(sunPKCS11MasterSecret,

203
                                "client finished", "a".getBytes(), 12,

204
                                "SHA-256", 32, 64);

205
                KeyGenerator sunPKCS11AuthCodeGenerator =

206
                        KeyGenerator.getInstance("SunTls12Prf",

207
                                sunPKCS11NSSProvider);

208
                sunPKCS11AuthCodeGenerator.init(

209
                        sunPKCS11AuthenticationCodeSpec);

210
                sunPKCS11AuthenticationCode =

211
                        sunPKCS11AuthCodeGenerator.generateKey().getEncoded();

212
            }

213


214
            // Generate SunJCE authentication code

215
            {

216
                @SuppressWarnings("deprecation")

217
                TlsPrfParameterSpec jceAuthenticationCodeSpec =

218
                        new TlsPrfParameterSpec(jceMasterSecret,

219
                                "client finished", "a".getBytes(), 12,

220
                                "SHA-256", 32, 64);

221
                KeyGenerator jceAuthCodeGenerator =

222
                        KeyGenerator.getInstance("SunTls12Prf",

223
                                sunJCEProvider);

224
                jceAuthCodeGenerator.init(jceAuthenticationCodeSpec);

225
                jceAuthenticationCode =

226
                        jceAuthCodeGenerator.generateKey().getEncoded();

227
            }

228


229
            if (enableDebug) {

230
                System.out.println("SunPKCS11 Authentication Code: ");

231
                for (byte b : sunPKCS11AuthenticationCode) {

232
                    System.out.printf("%02X, ", b);

233
                }

234
                System.out.println("");

235
                System.out.println("SunJCE Authentication Code: ");

236
                for (byte b : jceAuthenticationCode) {

237
                    System.out.printf("%02X, ", b);

238
                }

239
                System.out.println("");

240
            }

241
        }

242


243
        if (sunPKCS11AuthenticationCode == null ||

244
                jceAuthenticationCode == null ||

245
                sunPKCS11AuthenticationCode.length == 0 ||

246
                jceAuthenticationCode.length == 0 ||

247
                !Arrays.equals(sunPKCS11AuthenticationCode,

248
                        jceAuthenticationCode)) {

249
            throw new Exception("Authentication codes from JCE" +

250
                        " and SunPKCS11 differ.");

251
        }

252
    }

253


254
    private static class testTLS12SunPKCS11Communication {

255
        public static void run() throws Exception {

256
            SSLEngine[][] enginesToTest = getSSLEnginesToTest();

257


258
            for (SSLEngine[] engineToTest : enginesToTest) {

259


260
                SSLEngine clientSSLEngine = engineToTest[0];

261
                SSLEngine serverSSLEngine = engineToTest[1];

262


263
                // SSLEngine code based on RedhandshakeFinished.java

264


265
                boolean dataDone = false;

266


267
                ByteBuffer clientOut = null;

268
                ByteBuffer clientIn = null;

269
                ByteBuffer serverOut = null;

270
                ByteBuffer serverIn = null;

271
                ByteBuffer cTOs;

272
                ByteBuffer sTOc;

273


274
                SSLSession session = clientSSLEngine.getSession();

275
                int appBufferMax = session.getApplicationBufferSize();

276
                int netBufferMax = session.getPacketBufferSize();

277


278
                clientIn = ByteBuffer.allocate(appBufferMax + 50);

279
                serverIn = ByteBuffer.allocate(appBufferMax + 50);

280


281
                cTOs = ByteBuffer.allocateDirect(netBufferMax);

282
                sTOc = ByteBuffer.allocateDirect(netBufferMax);

283


284
                clientOut = ByteBuffer.wrap(

285
                        "Hi Server, I'm Client".getBytes());

286
                serverOut = ByteBuffer.wrap(

287
                        "Hello Client, I'm Server".getBytes());

288


289
                SSLEngineResult clientResult;

290
                SSLEngineResult serverResult;

291


292
                while (!dataDone) {

293
                    clientResult = clientSSLEngine.wrap(clientOut, cTOs);

294
                    runDelegatedTasks(clientResult, clientSSLEngine);

295
                    serverResult = serverSSLEngine.wrap(serverOut, sTOc);

296
                    runDelegatedTasks(serverResult, serverSSLEngine);

297
                    cTOs.flip();

298
                    sTOc.flip();

299


300
                    if (enableDebug) {

301
                        System.out.println("Client -> Network");

302
                        printTlsNetworkPacket("", cTOs);

303
                        System.out.println("");

304
                        System.out.println("Server -> Network");

305
                        printTlsNetworkPacket("", sTOc);

306
                        System.out.println("");

307
                    }

308


309
                    clientResult = clientSSLEngine.unwrap(sTOc, clientIn);

310
                    runDelegatedTasks(clientResult, clientSSLEngine);

311
                    serverResult = serverSSLEngine.unwrap(cTOs, serverIn);

312
                    runDelegatedTasks(serverResult, serverSSLEngine);

313


314
                    cTOs.compact();

315
                    sTOc.compact();

316


317
                    if (!dataDone &&

318
                            (clientOut.limit() == serverIn.position()) &&

319
                            (serverOut.limit() == clientIn.position())) {

320
                        checkTransfer(serverOut, clientIn);

321
                        checkTransfer(clientOut, serverIn);

322
                        dataDone = true;

323
                    }

324
                }

325
            }

326
        }

327


328
        static void printTlsNetworkPacket(String prefix, ByteBuffer bb) {

329
            ByteBuffer slice = bb.slice();

330
            byte[] buffer = new byte[slice.remaining()];

331
            slice.get(buffer);

332
            for (int i = 0; i < buffer.length; i++) {

333
                System.out.printf("%02X, ", (byte)(buffer[i] & (byte)0xFF));

334
                if (i % 8 == 0 && i % 16 != 0) {

335
                    System.out.print(" ");

336
                }

337
                if (i % 16 == 0) {

338
                    System.out.println("");

339
                }

340
            }

341
            System.out.flush();

342
        }

343


344
        private static void checkTransfer(ByteBuffer a, ByteBuffer b)

345
                throws Exception {

346
            a.flip();

347
            b.flip();

348
            if (!a.equals(b)) {

349
                throw new Exception("Data didn't transfer cleanly");

350
            }

351
            a.position(a.limit());

352
            b.position(b.limit());

353
            a.limit(a.capacity());

354
            b.limit(b.capacity());

355
        }

356


357
        private static void runDelegatedTasks(SSLEngineResult result,

358
                SSLEngine engine) throws Exception {

359


360
            if (result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {

361
                Runnable runnable;

362
                while ((runnable = engine.getDelegatedTask()) != null) {

363
                    runnable.run();

364
                }

365
                HandshakeStatus hsStatus = engine.getHandshakeStatus();

366
                if (hsStatus == HandshakeStatus.NEED_TASK) {

367
                    throw new Exception(

368
                        "handshake shouldn't need additional tasks");

369
                }

370
            }

371
        }

372


373
        private static SSLEngine[][] getSSLEnginesToTest() throws Exception {

374
            SSLEngine[][] enginesToTest = new SSLEngine[2][2];

375
            String[][] preferredSuites = new String[][]{ new String[] {

376
                    "TLS_RSA_WITH_AES_128_CBC_SHA256"

377
            },  new String[] {

378
                    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"

379
            }};

380
            for (int i = 0; i < enginesToTest.length; i++) {

381
                enginesToTest[i][0] = createSSLEngine(true);

382
                enginesToTest[i][1] = createSSLEngine(false);

383
                enginesToTest[i][0].setEnabledCipherSuites(preferredSuites[i]);

384
                enginesToTest[i][1].setEnabledCipherSuites(preferredSuites[i]);

385
            }

386
            return enginesToTest;

387
        }

388


389
        static private SSLEngine createSSLEngine(boolean client)

390
                throws Exception {

391
            SSLEngine ssle;

392
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX",

393
                    jsseProvider);

394
            kmf.init(ks, passphrase);

395


396
            TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX",

397
                    jsseProvider);

398
            tmf.init(ts);

399


400
            SSLContext sslCtx = SSLContext.getInstance("TLSv1.2",

401
                    jsseProvider);

402
            sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

403
            ssle = sslCtx.createSSLEngine("localhost", 443);

404
            ssle.setUseClientMode(client);

405
            SSLParameters sslParameters = ssle.getSSLParameters();

406
            ssle.setSSLParameters(sslParameters);

407


408
            return ssle;

409
        }

410
    }

411


412
    private static void initialize() throws Exception {

413
        if (initSecmod() == false) {

414
            return;

415
        }

416
        String configName = BASE + SEP + "fips.cfg";

417
        sunPKCS11NSSProvider = getSunPKCS11(configName);

418
        System.out.println("SunPKCS11 provider: " + sunPKCS11NSSProvider);

419
        Security.addProvider(sunPKCS11NSSProvider);

420


421
        sunJCEProvider = new com.sun.crypto.provider.SunJCE();

422
        Security.addProvider(sunJCEProvider);

423


424
        Security.removeProvider("SunJSSE");

425
        jsseProvider =new com.sun.net.ssl.internal.ssl.Provider(

426
                sunPKCS11NSSProvider);

427
        Security.addProvider(jsseProvider);

428
        System.out.println(jsseProvider.getInfo());

429


430
        ks = KeyStore.getInstance("PKCS11", sunPKCS11NSSProvider);

431
        ks.load(null, "test12".toCharArray());

432
        ts = ks;

433


434
        KeyStore ksPlain = readTestKeyStore();

435
        privateKey = (RSAPrivateKey)ksPlain.getKey("rh_rsa_sha256",

436
                passphrase);

437
        publicKey = (RSAPublicKey)ksPlain.getCertificate(

438
                "rh_rsa_sha256").getPublicKey();

439
    }

440


441
    private static KeyStore readTestKeyStore() throws Exception {

442
        File file = new File(System.getProperty("test.src", "."), "keystore");

443
        InputStream in = new FileInputStream(file);

444
        KeyStore ks = KeyStore.getInstance("JKS");

445
        ks.load(in, "passphrase".toCharArray());

446
        in.close();

447
        return ks;

448
    }

449
}

450