Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -29,13 +29,11 @@
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.ProviderException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.KDF;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.HKDFParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLHandshakeException;
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialSpec;
Expand Down Expand Up @@ -191,26 +189,26 @@ private static byte[] createHkdfInfo(

private enum KeySchedule {
// Note that we use enum name as the key name.
TlsKey ("key", false),
TlsIv ("iv", true),
TlsUpdateNplus1 ("traffic upd", false);
TlsKey ("key"),
TlsIv ("iv"),
TlsUpdateNplus1 ("traffic upd");

private final byte[] label;
private final boolean isIv;

KeySchedule(String label, boolean isIv) {
KeySchedule(String label) {
this.label = ("tls13 " + label).getBytes();
this.isIv = isIv;
}

int getKeyLength(CipherSuite cs) {
if (this == KeySchedule.TlsUpdateNplus1)
return cs.hashAlg.hashLength;
return isIv ? cs.bulkCipher.ivSize : cs.bulkCipher.keySize;
return switch (this) {
case TlsUpdateNplus1 -> cs.hashAlg.hashLength;
case TlsIv -> cs.bulkCipher.ivSize;
case TlsKey -> cs.bulkCipher.keySize;
};
}

String getAlgorithm(CipherSuite cs, String algorithm) {
return isIv ? algorithm : cs.bulkCipher.algorithm;
return this == TlsKey ? cs.bulkCipher.algorithm : algorithm;
}
}

Expand Down
10 changes: 7 additions & 3 deletions test/jdk/sun/security/pkcs11/tls/fips/FipsModeTLS.java
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@

/*
* @test
* @bug 8029661 8325164 8368073 8368514
* @bug 8029661 8325164 8368073 8368514 8368520
* @summary Test TLS 1.2 and TLS 1.3
* @modules java.base/sun.security.internal.spec
* java.base/sun.security.util
Expand Down Expand Up @@ -89,6 +89,9 @@ public final class FipsModeTLS extends SecmodTest {
private static PublicKey publicKey;

public static void main(String[] args) throws Exception {
// reduce the limit to trigger a key update later
Security.setProperty("jdk.tls.keyLimits",
"AES/GCM/NoPadding KeyUpdate 10000");
try {
initialize();
} catch (Exception e) {
Expand Down Expand Up @@ -305,10 +308,11 @@ public static void run() throws Exception {
cTOs = ByteBuffer.allocateDirect(netBufferMax);
sTOc = ByteBuffer.allocateDirect(netBufferMax);

// big enough to trigger a key update
clientOut = ByteBuffer.wrap(
"Hi Server, I'm Client".getBytes());
"a".repeat(16000).getBytes());
serverOut = ByteBuffer.wrap(
"Hello Client, I'm Server".getBytes());
"b".repeat(16000).getBytes());

SSLEngineResult clientResult;
SSLEngineResult serverResult;
Expand Down