test/jdk/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java

/*
 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/**
 * @test
 * @bug 6330287 6331386 7044060
 * @summary verify that DHKeyPairGenerator returns keys of the expected size
 * (modulus and exponent)
 * -and-
 *      DHKeyPairGenerator is using BigInteger.setBit
 * @author Andreas Sterbenz
 */

import java.math.BigInteger;
import java.util.Arrays;

import java.security.*;
import javax.crypto.*;
import javax.crypto.interfaces.*;
import javax.crypto.spec.*;

/*
 * NOTE:  BigInteger's bitlength() doesn't report leading zeros, only
 * the number of bits needed to actually represent the number.  i.e.
 *
 *     new BigInteger("4").bitLength() = 3
 *
 * Since the private key x can vary 1 <= x <= p-2, we can't do any
 * bitlength-based calculations here.  But we can check that p conforms
 * as expected.
 *
 * If not specified, we're currently using an lsize of Math.max(384, psize/2).
 */
public class TestExponentSize {

    /*
     * Sizes and values for various lengths.
     */
    private enum Sizes {
        two56(256), three84(384), five12(512), seven68(768), ten24(1024),
        twenty48(2048);

        private final int intSize;
        private final BigInteger bigIntValue;

        Sizes(int size) {
            intSize = size;
            byte [] bits = new byte[intSize/8];
            Arrays.fill(bits, (byte)0xff);
            bigIntValue = new BigInteger(1, bits);
        }

        int getIntSize() {
            return intSize;
        }

        BigInteger getBigIntValue() {
            return bigIntValue;
        }
    }

    public static void main(String[] args) throws Exception {
        KeyPair kp;
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", "SunJCE");

        // Sun's default uses a default psize of 2048 and
        // lsize of (pSize / 2) but at least 384 bits
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.twenty48, Sizes.ten24);

        DHPublicKey publicKey = (DHPublicKey)kp.getPublic();
        BigInteger p = publicKey.getParams().getP();
        BigInteger g = publicKey.getParams().getG();

        kpg.initialize(Sizes.ten24.getIntSize());
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.ten24, Sizes.five12);

        kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.twenty48, Sizes.ten24);

        kpg.initialize(new DHParameterSpec(p, g, Sizes.five12.getIntSize()));
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.twenty48, Sizes.five12);

        kpg.initialize(new DHParameterSpec(p, g, Sizes.two56.getIntSize()));
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.twenty48, Sizes.two56);

        kpg.initialize(Sizes.five12.getIntSize());
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.five12, Sizes.three84);

        kpg.initialize(Sizes.seven68.getIntSize());
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.seven68, Sizes.three84);

        // test w/ only pSize
        kpg.initialize(Sizes.twenty48.getIntSize());
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.twenty48, Sizes.ten24);

        publicKey = (DHPublicKey)kp.getPublic();
        p = publicKey.getParams().getP();
        g = publicKey.getParams().getG();

        // test w/ all values specified
        kpg.initialize(new DHParameterSpec(p, g, Sizes.five12.getIntSize()));
        kp = kpg.generateKeyPair();
        checkKeyPair(kp, Sizes.twenty48, Sizes.five12);

        System.out.println("OK");
    }

    private static void checkKeyPair(KeyPair kp, Sizes modulusSize,
            Sizes exponentSize) throws Exception {

        System.out.println("Checking (" + modulusSize + ", " +
            exponentSize + ")");
        DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate();
        BigInteger p = privateKey.getParams().getP();
        BigInteger x = privateKey.getX();

        if (p.bitLength() != modulusSize.getIntSize()) {
            throw new Exception("Invalid modulus size: " + p.bitLength());
        }

        if (x.bitLength() > exponentSize.getIntSize()) {
            throw new Exception("X has more bits than expected: " +
                x.bitLength());
        }

        BigInteger pMinus2 =
            p.subtract(BigInteger.ONE).subtract(BigInteger.ONE);

        if ((x.compareTo(BigInteger.ONE) < 0 ||
                (x.compareTo(pMinus2)) > 0)) {
            throw new Exception(
                "X outside range 1<=x<p-2:  x: " + x + " p: " + p);
        }
    }
}