1 /*
2 * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import java.io.PrintStream;
25 import java.security.AlgorithmParameters;
26 import java.security.InvalidKeyException;
27 import java.security.Provider;
28 import java.security.Security;
29 import java.security.spec.AlgorithmParameterSpec;
30 import java.util.Arrays;
31 import java.util.Random;
32 import java.util.StringTokenizer;
33 import javax.crypto.Cipher;
34 import javax.crypto.SealedObject;
35 import javax.crypto.SecretKey;
36 import javax.crypto.SecretKeyFactory;
37 import javax.crypto.spec.PBEKeySpec;
38 import javax.crypto.spec.PBEParameterSpec;
39
40 /**
41 * @test
42 * @bug 8041781
43 * @summary test if seal/unseal works correctly with PBE algorithms
44 * @author Yun Ke
45 * @author Bill Situ
46 * @author Alexander Fomin
47 * @run main PBESealedObject
48 * @key randomness
49 */
50 public class PBESealedObject {
51
52 private static final String[] PBEAlgorithms = {
53 "pbeWithMD5ANDdes",
54 "PBEWithMD5AndDES/CBC/PKCS5Padding",
55 "PBEWithMD5AndTripleDES",
56 "PBEWithMD5AndTripleDES/CBC/PKCS5Padding",
57 "PBEwithSHA1AndDESede",
58 "PBEwithSHA1AndDESede/CBC/PKCS5Padding",
59 "PBEwithSHA1AndRC2_40",
60 "PBEwithSHA1Andrc2_40/CBC/PKCS5Padding",
61 "PBEWithSHA1AndRC2_128",
62 "PBEWithSHA1andRC2_128/CBC/PKCS5Padding",
63 "PBEWithSHA1AndRC4_40",
64 "PBEWithsha1AndRC4_40/ECB/NoPadding",
65 "PBEWithSHA1AndRC4_128",
66 "pbeWithSHA1AndRC4_128/ECB/NoPadding",
67 "PBEWithHmacSHA1AndAES_128",
68 "PBEWithHmacSHA224AndAES_128",
69 "PBEWithHmacSHA256AndAES_128",
70 "PBEWithHmacSHA384AndAES_128",
71 "PBEWithHmacSHA512AndAES_128",
72 "PBEWithHmacSHA1AndAES_256",
73 "PBEWithHmacSHA224AndAES_256",
74 "PBEWithHmacSHA256AndAES_256",
75 "PBEWithHmacSHA384AndAES_256",
76 "PBEWithHmacSHA512AndAES_256"
77 };
78
79 public static void main(String[] args) {
80 PBESealedObject test = new PBESealedObject();
81 Provider sunjce = Security.getProvider("SunJCE");
82
83 if (!test.runAll(sunjce, System.out)) {
84 throw new RuntimeException("One or more tests have failed....");
85 }
86 }
87
88 public boolean runAll(Provider p, PrintStream out) {
89 boolean finalResult = true;
90
91 for (String algorithm : PBEAlgorithms) {
92 out.println("Running test with " + algorithm + ":");
93 try {
94 if (!runTest(p, algorithm, out)) {
95 finalResult = false;
96 out.println("STATUS: Failed");
97 } else {
98 out.println("STATUS: Passed");
99 }
100 } catch (Exception ex) {
101 finalResult = false;
102 ex.printStackTrace(out);
103 out.println("STATUS:Failed");
104 }
105 }
106
107 return finalResult;
108 }
109
110 // Have a generic throws Exception as it can throw many different exceptions
111 public boolean runTest(Provider p, String algo, PrintStream out)
112 throws Exception {
113
114 byte[] salt = new byte[8];
115 int ITERATION_COUNT = 1000;
116 AlgorithmParameters pbeParams = null;
117
118 String baseAlgo
119 = new StringTokenizer(algo, "/").nextToken().toUpperCase();
120 boolean isAES = baseAlgo.contains("AES");
121
122 try {
123 // Initialization
124 Cipher ci = Cipher.getInstance(algo, p);
125 new Random().nextBytes(salt);
126 AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
127 ITERATION_COUNT);
128 SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
129 SecretKey key = skf.generateSecret(
130 new PBEKeySpec("Secret Lover".toCharArray()));
131
132 // Seal
133 if (isAES) {
134 ci.init(Cipher.ENCRYPT_MODE, key);
135 pbeParams = ci.getParameters();
136 } else {
137 ci.init(Cipher.ENCRYPT_MODE, key, aps);
138 }
139
140 SealedObject so = new SealedObject(key, ci);
141
142 // Unseal and compare
143 if (isAES) {
144 ci.init(Cipher.DECRYPT_MODE, key, pbeParams);
145 } else {
146 ci.init(Cipher.DECRYPT_MODE, key, aps);
147 }
148
149 SecretKey unsealedKey;
150
151 unsealedKey = (SecretKey) so.getObject(ci);
152 if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
153 return false;
154 }
155
156 unsealedKey = (SecretKey) so.getObject(key);
157 if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
158 return false;
159 }
160
161 unsealedKey = (SecretKey) so.getObject(key, "SunJCE");
162 return Arrays.equals(unsealedKey.getEncoded(), key.getEncoded());
163 } catch (InvalidKeyException ex) {
164 if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
165 out.println(
166 "Expected exception , keyStrength > 128 within" + algo);
167 return true;
168 }
169
170 throw ex;
171 }
172 }
173
174 }