infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-01-28 12:09:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

8367994: test/jdk/sun/security/pkcs11/Signature/ tests pass when they should skip

Browse Source 
Reviewed-by: rhalade
This commit is contained in:
Mikhail Yankelevich 2025-12-04 18:41:12 +00:00
parent b19163b107
commit ef7532e7e6
7 changed files with 160 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -20,8 +20,15 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import java.security.spec.*;
import jtreg.SkippedException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Signature;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
/**
* @test
@ -46,9 +53,7 @@ public class InitAgainPSS extends PKCS11Test {
try {
s1 = Signature.getInstance(sigAlg, p);
} catch (NoSuchAlgorithmException e) {
System.out.println("Skip testing " + sigAlg +
" due to no support");
return;
throw new SkippedException("No support " + sigAlg);
}
byte[] msg = "hello".getBytes();

36
test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -20,9 +20,18 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayList;
import java.util.List;
import jtreg.SkippedException;
@ -43,7 +52,7 @@ public class KeyAndParamCheckForPSS extends PKCS11Test {
main(new KeyAndParamCheckForPSS(), args);
}
private static boolean skipTest = true;
private static final List<String> skippedAlgs = new ArrayList<>();
@Override
public void main(Provider p) throws Exception {
@ -73,8 +82,8 @@ public class KeyAndParamCheckForPSS extends PKCS11Test {
runTest(p, 1040, "SHA3-512", "SHA3-384");
runTest(p, 1040, "SHA3-512", "SHA3-512");
if (skipTest) {
throw new SkippedException("Test Skipped");
if (!skippedAlgs.isEmpty()) {
throw new SkippedException("Tests Skipped: " + skippedAlgs);
}
}
@ -84,7 +93,17 @@ public class KeyAndParamCheckForPSS extends PKCS11Test {
System.out.println("Testing " + hashAlg + " and MGF1" + mgfHashAlg);
PSSUtil.AlgoSupport s = PSSUtil.isHashSupported(p, hashAlg, mgfHashAlg);
if (s == PSSUtil.AlgoSupport.NO) {
System.out.println("=> Skip; no support");
System.out.printf("=> Skip; no support keysize: %d, hash alg: %s, mgf Hash Alg: %s%n",
keySize,
hashAlg,
mgfHashAlg);
skippedAlgs.add(
String.format(
"[keysize: %s, hash alg: %s, mgf Hash Alg: %s]",
keySize,
hashAlg,
mgfHashAlg)
);
return;
}
@ -108,7 +127,6 @@ public class KeyAndParamCheckForPSS extends PKCS11Test {
sig.setParameter(paramsGood);
sig.initSign(priv);
// algorithm support confirmed
skipTest = false;
} catch (Exception ex) {
if (s == PSSUtil.AlgoSupport.MAYBE) {
// confirmed to be unsupported; skip the rest of the test

18
test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,9 +21,15 @@
* questions.
*/
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import jtreg.SkippedException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Signature;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
/*
* @test
@ -53,9 +59,7 @@ public class SigInteropPSS extends PKCS11Test {
try {
sigPkcs11 = Signature.getInstance("RSASSA-PSS", p);
} catch (NoSuchAlgorithmException e) {
System.out.println("Skip testing RSASSA-PSS" +
" due to no support");
return;
throw new SkippedException("No support for RSASSA-PSS");
}
Signature sigSunRsaSign =

19
test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,9 +21,16 @@
* questions.
*/
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import jtreg.SkippedException;
import java.security.AlgorithmParameters;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.spec.PSSParameterSpec;
/*
* @test
@ -67,9 +74,7 @@ public class SigInteropPSS2 extends PKCS11Test {
try {
sigPkcs11 = Signature.getInstance(digest + "withRSASSA-PSS", p);
} catch (NoSuchAlgorithmException e) {
System.out.println("Skip testing " + digest + "withRSASSA-PSS" +
" due to no support");
continue;
throw new SkippedException("No support for " + digest + "withRSASSA-PSS");
}
runTest(sigPkcs11, sigSunRsaSign, kp);

76
test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -20,29 +20,55 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.util.stream.IntStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.util.ArrayList;
import java.util.List;
import jtreg.SkippedException;
/**
* @test
* @test id=sha
* @bug 8080462 8226651 8242332
* @summary Generate a RSASSA-PSS signature and verify it using PKCS11 provider
* @library /test/lib ..
* @modules jdk.crypto.cryptoki
* @run main SignatureTestPSS
*/
/**
* @test id=sha3
* @bug 8080462 8226651 8242332
* @summary Generate a RSASSA-PSS signature and verify it using PKCS11 provider
* @library /test/lib ..
* @modules jdk.crypto.cryptoki
* @run main SignatureTestPSS sha3
*/
public class SignatureTestPSS extends PKCS11Test {
private static final String SIGALG = "RSASSA-PSS";
private static final int[] KEYSIZES = { 2048, 3072 };
private static final String[] DIGESTS = {
private static String[] DIGESTS = null;
private static final String[] SHA_DIGESTS = {
"SHA-224", "SHA-256", "SHA-384" , "SHA-512",
"SHA3-224", "SHA3-256", "SHA3-384" , "SHA3-512",
};
private static final String[] SHA3_DIGESTS = {
"SHA3-224", "SHA3-256", "SHA3-384" , "SHA3-512"
};
private static final byte[] DATA = generateData(100);
/**
@ -55,9 +81,12 @@ public class SignatureTestPSS extends PKCS11Test {
*/
private static final int UPDATE_TIMES_HUNDRED = 100;
private static boolean skipTest = true;
private static final List<String> skippedAlgs = new ArrayList<>();
public static void main(String[] args) throws Exception {
DIGESTS = (args.length > 0 && "sha3".equals(args[0])) ?
SHA3_DIGESTS : SHA_DIGESTS;
main(new SignatureTestPSS(), args);
}
@ -80,6 +109,8 @@ public class SignatureTestPSS extends PKCS11Test {
PSSUtil.isHashSupported(p, hash, mgfHash);
if (s == PSSUtil.AlgoSupport.NO) {
System.out.println(" => Skip; no support");
skippedAlgs.add("[Hash = " + hash +
", MGF1 Hash = " + mgfHash + "]");
continue;
}
checkSignature(p, DATA, pubKey, privKey, hash, mgfHash, s);
@ -87,17 +118,15 @@ public class SignatureTestPSS extends PKCS11Test {
};
}
// start testing below
if (skipTest) {
throw new SkippedException("Test Skipped");
if (!skippedAlgs.isEmpty()) {
throw new SkippedException("Test Skipped :" + skippedAlgs);
}
}
private static void checkSignature(Provider p, byte[] data, PublicKey pub,
PrivateKey priv, String hash, String mgfHash, PSSUtil.AlgoSupport s)
throws NoSuchAlgorithmException, InvalidKeyException,
SignatureException, NoSuchProviderException,
InvalidAlgorithmParameterException {
SignatureException {
// only test RSASSA-PSS signature against the supplied hash/mgfHash
// if they are supported; otherwise PKCS11 library will throw
@ -112,14 +141,27 @@ public class SignatureTestPSS extends PKCS11Test {
} catch (InvalidAlgorithmParameterException iape) {
if (s == PSSUtil.AlgoSupport.MAYBE) {
// confirmed to be unsupported; skip the rest of the test
System.out.println(" => Skip; no PSS support");
System.out.printf(" => Skip; no PSS support public key: %s, private key: %s, " +
"hash: %s, mgf hash: %s, Algo Support: %s%n",
pub,
priv,
hash,
mgfHash,
s);
skippedAlgs.add(String.format(
"[public key: %s, private key: %s, " +
"hash: %s, mgf hash: %s, Algo Support: %s]",
pub,
priv,
hash,
mgfHash,
s)
);
return;
} else {
throw new RuntimeException("Unexpected Exception", iape);
}
}
// start testing below
skipTest = false;
for (int i = 0; i < UPDATE_TIMES_HUNDRED; i++) {
sig.update(data);

47
test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2020, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -20,13 +20,23 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import jtreg.SkippedException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.stream.IntStream;
/**
* @test
* @test id=sha
* @bug 8244154 8242332
* @summary Generate a <digest>withRSASSA-PSS signature and verify it using
* PKCS11 provider
@ -34,13 +44,28 @@ import java.util.stream.IntStream;
* @modules jdk.crypto.cryptoki
* @run main SignatureTestPSS2
*/
/**
* @test id=sha3
* @bug 8244154 8242332
* @summary Generate a <digest>withRSASSA-PSS signature and verify it using
* PKCS11 provider
* @library /test/lib ..
* @modules jdk.crypto.cryptoki
* @run main SignatureTestPSS2 sha3
*/
public class SignatureTestPSS2 extends PKCS11Test {
// PKCS11 does not support RSASSA-PSS keys yet
private static final String KEYALG = "RSA";
private static final String[] SIGALGS = {
private static String[] SIGALGS = null;
private static final String[] SHA_SIGALGS = {
"SHA224withRSASSA-PSS", "SHA256withRSASSA-PSS",
"SHA384withRSASSA-PSS", "SHA512withRSASSA-PSS",
"SHA384withRSASSA-PSS", "SHA512withRSASSA-PSS"
};
private static final String[] SHA3_SIGALGS = {
"SHA3-224withRSASSA-PSS", "SHA3-256withRSASSA-PSS",
"SHA3-384withRSASSA-PSS", "SHA3-512withRSASSA-PSS"
};
@ -53,6 +78,8 @@ public class SignatureTestPSS2 extends PKCS11Test {
private static final int UPDATE_TIMES = 2;
public static void main(String[] args) throws Exception {
SIGALGS = (args.length > 0 && "sha3".equals(args[0])) ? SHA3_SIGALGS : SHA_SIGALGS;
main(new SignatureTestPSS2(), args);
}
@ -63,9 +90,7 @@ public class SignatureTestPSS2 extends PKCS11Test {
try {
sig = Signature.getInstance(sa, p);
} catch (NoSuchAlgorithmException e) {
System.out.println("Skip testing " + sa +
" due to no support");
return;
throw new SkippedException("No support for " + sa);
}
for (int i : KEYSIZES) {
runTest(sig, i);
@ -94,7 +119,7 @@ public class SignatureTestPSS2 extends PKCS11Test {
SignatureException | NoSuchProviderException ex) {
throw new RuntimeException(ex);
} catch (InvalidAlgorithmParameterException ex2) {
System.out.println("Skip test due to " + ex2);
throw new SkippedException(ex2.toString());
}
}

7
test/jdk/sun/security/pkcs11/Signature/TestDSA.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,6 +32,8 @@
* @run main/othervm TestDSA
*/
import jtreg.SkippedException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringReader;
@ -122,8 +124,7 @@ public class TestDSA extends PKCS11Test {
System.out.println("Testing provider " + provider + "...");
if (provider.getService("Signature", "SHA1withDSA") == null) {
System.out.println("DSA not supported, skipping");
return;
throw new SkippedException("DSA not supported");
}
KeyFactory kf = KeyFactory.getInstance("DSA", provider);