8342183: Update tests to use stronger algorithms and keys

Backport-of: e1eb341217fb5411721dec1b78e4bbf06f2f5cda

test/jdk/com/sun/crypto/provider/CICO/CICOSkipTest.java

@@ -75,7 +75,7 @@ public class CICOSkipTest {
         "OFB", "OFB64", "PCBC"};
     private static final String[] PADDINGS = {"NoPadding", "Pkcs5Padding"};
     private static final String[] PBE_ALGOS = {"PBEWithMD5AndDES",
-        "PBEWithMD5AndDES/CBC/PKCS5Padding"};
+        "PBEWithMD5AndDES/CBC/PKCS5Padding", "PBEWithSHA1AndDESede"};
 
     public static void main(String[] args) throws Exception {
         // how many kinds of padding mode such as PKCS5padding and NoPadding

test/jdk/com/sun/crypto/provider/Cipher/KeyWrap/TestCipherKeyWrapperTest.java

@@ -162,7 +162,8 @@ public static void main(String[] args) throws Exception {
 
         test.wrapperPBEKeyTest(provider);
         // Public and private key wrap test
-        test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos);
+        test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos, "DES");
+        test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos, "AES");
     }
 
     private void wrapperAesDESedeKeyTest(String algo, String wrapAlgo,
@@ -256,7 +257,7 @@ private void wrapperPBEKeyTest(Provider p) throws InvalidKeySpecException,
         }
     }
 
-    private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms)
+    private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms, String algoWrap)
             throws NoSuchAlgorithmException, InvalidKeyException,
             NoSuchPaddingException, IllegalBlockSizeException,
             InvalidAlgorithmParameterException {
@@ -268,7 +269,6 @@ private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms)
             kpg.initialize(SecurityUtils.getTestKeySize(algo));
             KeyPair kp = kpg.genKeyPair();
             // key generated
-            String algoWrap = "DES";
             KeyGenerator kg = KeyGenerator.getInstance(algoWrap, p);
             Key key = kg.generateKey();
             wrapTest(algo, algoWrap, key, kp.getPrivate(), Cipher.PRIVATE_KEY,

test/jdk/com/sun/crypto/provider/Cipher/PBE/TestCipherPBECons.java

@@ -40,7 +40,7 @@
 public class TestCipherPBECons {
 
     private static final String[] PBEAlgorithms = {"pbeWithMD5ANDdes",
-        "PBEWithMD5AndTripleDES"};
+        "PBEWithMD5AndTripleDES", "PBEWithSHA1AndDESede"};
     private static final String[] cipherModes = {"ECb", "cbC", "cFB", "Cfb32",
         "OfB", "oFb64", "pCbC"};
     private static final String[] cipherPaddings = {"Pkcs5Padding", "NoPaDDing"};

test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java

@@ -232,20 +232,26 @@ private void run(String mode) throws Exception {
         }
         System.err.println("Shared secrets are the same");
 
+        testSecretKey(bobKeyAgree, alicePubKey, "DES");
+        testSecretKey(bobKeyAgree, alicePubKey, "AES");
+    }
+
+    private static void testSecretKey(KeyAgreement bobKeyAgree, PublicKey alicePubKey, String algo)
+            throws Exception {
         // Now let's return the shared secret as a SecretKey object
         // and use it for encryption
-        System.out.println("Return shared secret as SecretKey object ...");
+        System.out.println("Return shared secret as SecretKey object with algorithm: " + algo);
         bobKeyAgree.doPhase(alicePubKey, true);
-        SecretKey desKey = bobKeyAgree.generateSecret("DES");
+        SecretKey key = bobKeyAgree.generateSecret(algo);
 
-        Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
-        desCipher.init(Cipher.ENCRYPT_MODE, desKey);
+        Cipher cipher = Cipher.getInstance(algo + "/ECB/PKCS5Padding");
+        cipher.init(Cipher.ENCRYPT_MODE, key);
 
         byte[] cleartext = "This is just an example".getBytes();
-        byte[] ciphertext = desCipher.doFinal(cleartext);
+        byte[] ciphertext = cipher.doFinal(cleartext);
 
-        desCipher.init(Cipher.DECRYPT_MODE, desKey);
-        byte[] cleartext1 = desCipher.doFinal(ciphertext);
+        cipher.init(Cipher.DECRYPT_MODE, key);
+        byte[] cleartext1 = cipher.doFinal(ciphertext);
 
         int clearLen = cleartext.length;
         int clear1Len = cleartext1.length;

test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGens.java

@@ -24,6 +24,7 @@
 /**
  * @test
  * @bug 8072452 8163498
+ * @library /test/lib
  * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
  *          This test has been split based on lower/higher key sizes in order to
  *          reduce individual execution times and run in parallel
@@ -33,27 +34,35 @@
  * @run main/timeout=300 SupportedDHParamGens 832
  * @run main/timeout=300 SupportedDHParamGens 1024
  * @run main/timeout=600 SupportedDHParamGens 2048
+ * @run main/timeout=600 SupportedDHParamGens 3072
+ * @run main/timeout=600 SupportedDHParamGens 4096
  */
-
 import java.math.BigInteger;
 
 import java.security.*;
-import javax.crypto.*;
 import javax.crypto.interfaces.*;
 import javax.crypto.spec.*;
+import jdk.test.lib.security.DiffieHellmanGroup;
+import jdk.test.lib.security.SecurityUtils;
 
 public class SupportedDHParamGens {
 
     public static void main(String[] args) throws Exception {
         int primeSize = Integer.valueOf(args[0]).intValue();
 
         System.out.println("Checking " + primeSize + " ...");
-        AlgorithmParameterGenerator apg =
-                AlgorithmParameterGenerator.getInstance("DH",
-                        System.getProperty("test.provider.name", "SunJCE"));
-        apg.init(primeSize);
-        AlgorithmParameters ap = apg.generateParameters();
-        DHParameterSpec spec = ap.getParameterSpec(DHParameterSpec.class);
+        DHParameterSpec spec = null;
+        switch (primeSize) {
+            case 2048, 3072, 4096 -> spec = getDHParameterSpec(primeSize);
+            default -> {
+                AlgorithmParameterGenerator apg =
+                        AlgorithmParameterGenerator.getInstance("DH",
+                                System.getProperty("test.provider.name", "SunJCE"));
+                apg.init(primeSize);
+                AlgorithmParameters ap = apg.generateParameters();
+                spec = ap.getParameterSpec(DHParameterSpec.class);
+            }
+        }
 
         KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH",
                         System.getProperty("test.provider.name", "SunJCE"));
@@ -62,6 +71,11 @@ public static void main(String[] args) throws Exception {
         checkKeyPair(kp, primeSize);
     }
 
+    private static DHParameterSpec getDHParameterSpec(int primeSize) {
+        DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup(primeSize);
+        return new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase());
+    }
+
     private static void checkKeyPair(KeyPair kp, int pSize) throws Exception {
 
         DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate();

test/jdk/com/sun/crypto/provider/KeyAgreement/SupportedDHParamGensLongKey.java

@@ -24,6 +24,7 @@
 /**
  * @test
  * @bug 8072452 8163498
+ * @library /test/lib
  * @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
  *          This test has been split based on lower/higher key sizes in order to
  *          reduce individual execution times and run in parallel

test/jdk/com/sun/crypto/provider/KeyGenerator/TestExplicitKeyLength.java

@@ -35,10 +35,10 @@
 
 public class TestExplicitKeyLength {
 
-    private static final String ALGOS[] = { "RC2", "ARCFOUR" };
+    private static final String ALGOS[] = { "RC2", "ARCFOUR", "AES", "AES", "AES" };
 
     private static final int KEY_SIZES[] =
-        { 64, 80 }; // in bits
+        { 64, 80, 128, 192, 256 }; // in bits
 
     public static void runTest(String algo, int keysize) throws Exception {
         KeyGenerator kg = KeyGenerator.getInstance(algo,

test/jdk/com/sun/crypto/provider/Mac/HmacSaltLengths.java

@@ -41,6 +41,10 @@ public class HmacSaltLengths {
 
     private static final String[] ALGOS = {
         "HmacPBESHA1",
+        "HmacPBESHA224",
+        "HmacPBESHA256",
+        "HmacPBESHA384",
+        "HmacPBESHA512",
         "PBEWithHmacSHA1",
         "PBEWithHmacSHA224",
         "PBEWithHmacSHA256",

test/jdk/com/sun/crypto/provider/Mac/MacClone.java

@@ -26,6 +26,8 @@
  * @bug 7087021 8013069
  * @summary Clone tests for all MAC algorithms.
  * @author Jan Luehe
+ * @run main MacClone DES
+ * @run main MacClone AES
  */
 import java.security.spec.AlgorithmParameterSpec;
 import javax.crypto.*;
@@ -37,7 +39,8 @@ public static void main(String[] args) throws Exception {
 
         String[] algos = { "HmacMD5", "HmacSHA1", "HmacSHA224", "HmacSHA256",
                            "HmacSHA384", "HmacSHA512" };
-        KeyGenerator kgen = KeyGenerator.getInstance("DES");
+        String keyAlgo = args[0];
+        KeyGenerator kgen = KeyGenerator.getInstance(keyAlgo);
         SecretKey skey = kgen.generateKey();
         for (String algo : algos) {
             doTest(algo, skey, null);

test/jdk/java/security/KeyStore/TestKeyStoreEntry.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -47,7 +47,7 @@ public class TestKeyStoreEntry {
     private static final char[] PASSWDF = new String("guardian Angel")
             .toCharArray();
     private static final String[] KS_ALGOS = {
-            "DES", "DESede", "Blowfish"
+            "DES", "DESede", "Blowfish", "AES"
     };
     private static final int NUM_ALGOS = KS_ALGOS.length;
 

test/jdk/java/security/MessageDigest/ByteBuffers.java

@@ -27,6 +27,8 @@
  * @summary Test the MessageDigest.update(ByteBuffer) method
  * @author Andreas Sterbenz
  * @key randomness
+ * @run main ByteBuffers MD5
+ * @run main ByteBuffers SHA-1
  */
 
 import java.util.*;
@@ -43,7 +45,8 @@ public static void main(String[] args) throws Exception {
         byte[] t = new byte[n];
         random.nextBytes(t);
 
-        MessageDigest md = MessageDigest.getInstance("MD5", p);
+        String digestAlgo = args[0];
+        MessageDigest md = MessageDigest.getInstance(digestAlgo, p);
         byte[] d1 = md.digest(t);
 
         // test 1: ByteBuffer with an accessible backing array

test/jdk/java/security/Signature/ByteBuffers.java

@@ -27,6 +27,8 @@
  * @summary Test the Signature.update(ByteBuffer) method
  * @author Andreas Sterbenz
  * @key randomness
+ * @run main ByteBuffers DSA 512
+ * @run main ByteBuffers SHA256withDSA 2048
  */
 
 import java.util.*;
@@ -44,11 +46,14 @@ public static void main(String[] args) throws Exception {
         byte[] t = new byte[n];
         random.nextBytes(t);
 
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p);
-        kpg.initialize(512);
+        String kpgAlgorithm = "DSA";
+        int keySize = Integer.parseInt(args[1]);
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
+        kpg.initialize(keySize);
         KeyPair kp = kpg.generateKeyPair();
 
-        Signature sig = Signature.getInstance("DSA", p);
+        String signAlgo = args[0];
+        Signature sig = Signature.getInstance(signAlgo, p);
         sig.initSign(kp.getPrivate());
         sig.update(t);
         byte[] signature = sig.sign();

test/jdk/java/security/Signature/SignWithOutputBuffer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
  * @bug 4114896
  * @summary Signature should support a sign() method that places the signature
  * in an already existing array.
+ * @run main SignWithOutputBuffer DSS 512
+ * @run main SignWithOutputBuffer SHA256withDSA 2048
  */
 
 import java.security.*;
@@ -36,11 +38,14 @@ public static void main(String[] args) throws Exception {
 
         int numBytes;
 
-        KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA");
-        kpGen.initialize(512);
+        String kpgAlgorithm = "DSA";
+        int keySize = Integer.parseInt(args[1]);
+        KeyPairGenerator kpGen = KeyPairGenerator.getInstance(kpgAlgorithm);
+        kpGen.initialize(keySize);
         KeyPair kp = kpGen.genKeyPair();
 
-        Signature sig = Signature.getInstance("DSS");
+        String signAlgo = args[0];
+        Signature sig = Signature.getInstance(signAlgo);
         sig.initSign(kp.getPrivate());
         sig.update((byte)0xff);
 
@@ -55,10 +60,10 @@ public static void main(String[] args) throws Exception {
         }
 
         // Now repeat the same with a buffer that's big enough
-        sig = Signature.getInstance("DSS");
+        sig = Signature.getInstance(signAlgo);
         sig.initSign(kp.getPrivate());
         sig.update((byte)0xff);
-        out = new byte[48];
+        out = new byte[64];
         numBytes = sig.sign(out, 0, out.length);
 
         System.out.println("Signature len="+numBytes);

test/jdk/java/security/Signature/SignatureGetInstance.java

@@ -27,7 +27,8 @@
  * @summary Ensure the BC provider-reselection workaround in Signature class
  *     functions correctly
  * @modules java.base/sun.security.util
- * @run main/othervm SignatureGetInstance
+ * @run main/othervm SignatureGetInstance default
+ * @run main/othervm SignatureGetInstance SHA-256
  */
 import java.security.*;
 import java.security.interfaces.*;
@@ -37,8 +38,12 @@
 public class SignatureGetInstance {
 
     private static final String SIGALG = "RSASSA-PSS";
+    private static PSSParameterSpec pssParamSpec;
 
     public static void main(String[] args) throws Exception {
+        String mdName = args[0];
+        pssParamSpec = "default".equals(mdName) ? PSSParameterSpec.DEFAULT :
+                new PSSParameterSpec(mdName, "MGF1", new MGF1ParameterSpec(mdName), 20, 1);
         Provider testProvider = new TestProvider();
         // put test provider before SunRsaSign provider
         Security.insertProviderAt(testProvider, 1);
@@ -85,7 +90,7 @@ private static void checkName(Signature s, String name) {
     private static void testDblInit(PrivateKey key1, PublicKey key2,
             boolean shouldPass, String expectedProvName) throws Exception {
         Signature sig = Signature.getInstance(SIGALG);
-        SignatureUtil.initSignWithParam(sig, key1, PSSParameterSpec.DEFAULT, null);
+        SignatureUtil.initSignWithParam(sig, key1, pssParamSpec, null);
         try {
             sig.initVerify(key2);
             if (!shouldPass) {
@@ -108,7 +113,7 @@ private static void testSetAndInit(String provName, Key key,
         } else {
             sig = Signature.getInstance(SIGALG, provName);
         }
-        AlgorithmParameterSpec params = PSSParameterSpec.DEFAULT;
+        AlgorithmParameterSpec params = pssParamSpec;
         boolean doSign = (key instanceof PrivateKey);
         try {
             if (doSign) {

test/jdk/java/security/Signature/TestInitSignWithMyOwnRandom.java

@@ -24,23 +24,30 @@
 /**
  * @test
  * @bug 4716321
+ * @library /test/lib
  * @summary Ensure the random source supplied in
  * Signature.initSign(PrivateKey, SecureRandom) is used.
+ * @run main TestInitSignWithMyOwnRandom DSA 512
+ * @run main TestInitSignWithMyOwnRandom SHA256withDSA 2048
  */
 import java.security.*;
+import jdk.test.lib.security.SecurityUtils;
 
 public class TestInitSignWithMyOwnRandom {
 
-    public static void main(String[] argv) throws Exception {
+    public static void main(String[] args) throws Exception {
         // any signature implementation will do as long as
         // it needs a random source
         Provider p = Security.getProvider(
-                            System.getProperty("test.provider.name", "SUN"));
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p);
-        kpg.initialize(512);
+                System.getProperty("test.provider.name", "SUN"));
+        String kpgAlgorithm = "DSA";
+        int keySize = Integer.parseInt(args[1]);
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
+        kpg.initialize(keySize);
         KeyPair kp = kpg.generateKeyPair();
         TestRandomSource rand = new TestRandomSource();
-        Signature sig = Signature.getInstance("DSA", p);
+        String signAlgo = args[0];
+        Signature sig = Signature.getInstance(signAlgo, p);
         sig.initSign(kp.getPrivate(), rand);
         sig.update(new byte[20]);
         sig.sign();

test/jdk/java/security/Signature/VerifyRangeCheckOverflow.java

@@ -48,7 +48,7 @@ public static void main(String[] args) throws Exception {
         PublicKey publicKey = keys.getPublic();
         byte[] sigBytes = new byte[100];
 
-        Signature signature = Signature.getInstance("SHA1withDSA");
+        Signature signature = Signature.getInstance("SHA256withDSA");
         signature.initVerify(publicKey);
         try {
             signature.verify(sigBytes, Integer.MAX_VALUE, 1);

test/jdk/java/security/SignedObject/Chain.java

@@ -165,6 +165,8 @@ public String toString() {
         new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024),
         new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default),
         new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default),
+        new Test(SigAlg.SHA224withRSA, KeyAlg.RSA, Provider.Default),
+        new Test(SigAlg.SHA256withRSA, KeyAlg.RSA, Provider.Default),
         new Test(SigAlg.SHA3_224withRSA, KeyAlg.RSA, Provider.Default),
         new Test(SigAlg.SHA3_256withRSA, KeyAlg.RSA, Provider.Default),
         new Test(SigAlg.SHA3_384withRSA, KeyAlg.RSA, Provider.Default),