RFR: 8342188: Update tests to use stronger key parameters and certificates [v5]

Matthew Donovan mdonovan at openjdk.org
Wed Oct 23 19:56:10 UTC 2024 

On Wed, 23 Oct 2024 09:17:48 GMT, Fernando Guallini <fguallini at openjdk.org> wrote:

>> Several tests are identified to use weak key parameters (prime modulus, private/public values) and certs with weak keys. As these tests purpose is not to exercise weak keys, these are updated in this PR to use a modulus with 2048-bit, base 2 and certificates with key size 2048
>
> Fernando Guallini has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains seven additional commits since the last revision:
> 
>  - minor changes to update SecurityUtils comments and refactoring
>  - Merge branch 'master' into 8342188
>  - Use hex value for diffieHellmanGroup enum
>  - DHKeyAgreement2.java refactor
>  - DH group reusable
>  - fixed copyright year and not changing DES
>  - initial commit

test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyFactory.java line 61:

> 59:     private void run() throws Exception {
> 60: 
> 61:         jdk.test.lib.security.DiffieHellmanGroup dhGroup = jdk.test.lib.security.SecurityUtils.getTestDHGroup();

don't need fully qualified names here.

test/jdk/com/sun/crypto/provider/KeyAgreement/DHKeyFactory.java line 64:

> 62:         DHParameterSpec dhParamSpec;
> 63:         System.err.println("Using " + dhGroup.name() + " Diffie-Hellman parameters");
> 64:         dhParamSpec = new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase());

Why not just

DHParameterSpec dhParamSpec = new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase());
System.err.println("Using " + dhGroup.name() + " Diffie-Hellman parameters");


I generally just put generic test output to `System.out` and messages related to failure/unexpected state to `System.err`.

test/lib/jdk/test/lib/security/SecurityUtils.java line 132:

> 130:                 return DiffieHellmanGroup.ffdhe4096;
> 131:             }
> 132:             default -> throw new RuntimeException("Test DH group not defined for " + primeSize);

can clean this a little bit with


return switch(primeSize) {
    case 2048 -> DiffieHellmanGroup.ffdhe2048;
    case 3072 -> DiffieHellmanGroup.ffdhe3072;
    case 4096 -> DiffieHellmanGroup.ffdhe4096;
   default -> throw new RuntimeException("Test DH group not defined for " + primeSize);
};

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/21563#discussion_r1813435429
PR Review Comment: https://git.openjdk.org/jdk/pull/21563#discussion_r1813440998
PR Review Comment: https://git.openjdk.org/jdk/pull/21563#discussion_r1813445653

More information about the security-dev mailing list