1 /* 2 * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.security.InvalidKeyException; 25 import java.security.NoSuchAlgorithmException; 26 import java.security.spec.InvalidKeySpecException; 27 import java.util.Arrays; 28 import java.util.Random; 29 import javax.crypto.SecretKey; 30 import javax.crypto.SecretKeyFactory; 31 import javax.crypto.interfaces.PBEKey; 32 import javax.crypto.spec.PBEKeySpec; 33 34 /** 35 * @test 36 * @bug 8041781 37 * @summary Verify if the SecretKeyFactory.translateKey() method works 38 * @author Alexander Fomin 39 * @run main PBKDF2Translate 40 */ 41 public class PBKDF2Translate { 42 43 private static final String[] ALGO_TO_TEST = { 44 "PBKDF2WithHmacSHA1", 45 "PBKDF2WithHmacSHA224", 46 "PBKDF2WithHmacSHA256", 47 "PBKDF2WithHmacSHA384", 48 "PBKDF2WithHmacSHA512" 49 }; 50 51 private static final String PASS_PHRASE = "some hidden string"; 52 private static final int ITERATION_COUNT = 1000; 53 private static final int KEY_SIZE = 128; 54 55 private final String algoToTest; 56 private final byte[] salt = new byte[8]; 57 58 public static void main(String[] args) throws Exception { 59 60 boolean failed = false; 61 62 for (String algo : ALGO_TO_TEST) { 63 64 System.out.println("Testing " + algo + ":"); 65 PBKDF2Translate theTest = new PBKDF2Translate(algo); 66 67 try { 68 if (!theTest.testMyOwnSecretKey() 69 || !theTest.generateAndTranslateKey() 70 || !theTest.translateSpoiledKey()) { 71 // we don't want to set failed to false 72 failed = true; 73 } 74 } catch (InvalidKeyException | NoSuchAlgorithmException | 75 InvalidKeySpecException e) { 76 e.printStackTrace(System.err); 77 failed = true; 78 } 79 } 80 81 if (failed) { 82 throw new RuntimeException("One or more tests failed...."); 83 } 84 } 85 86 public PBKDF2Translate(String algoToTest) { 87 this.algoToTest = algoToTest; 88 new Random().nextBytes(this.salt); 89 } 90 91 /** 92 * The test case scenario implemented in the method: - derive PBKDF2 key 93 * using the given algorithm; - translate the key - check if the translated 94 * and original keys have the same key value. 95 * 96 * @return true if the test case passed; false - otherwise. 97 * @throws NoSuchAlgorithmException 98 * @throws InvalidKeySpecException 99 * @throws InvalidKeyException 100 */ 101 public boolean generateAndTranslateKey() throws NoSuchAlgorithmException, 102 InvalidKeySpecException, InvalidKeyException { 103 // derive PBKDF2 key 104 SecretKey key1 = getSecretKeyForPBKDF2(algoToTest); 105 106 // translate key 107 SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToTest); 108 SecretKey key2 = skf.translateKey(key1); 109 110 // check if it still the same after translation 111 if (!Arrays.equals(key1.getEncoded(), key2.getEncoded())) { 112 System.err.println("generateAndTranslateKey test case failed: the " 113 + "key1 and key2 values in its primary encoding format are " 114 + "not the same for " + algoToTest + "algorithm."); 115 return false; 116 } 117 118 return true; 119 } 120 121 /** 122 * The test case scenario implemented in the method: - derive Key1 for the 123 * given PBKDF2 algorithm - create my own secret Key2 as an instance of a 124 * class implements PBEKey - translate Key2 - check if the key value of the 125 * translated key and Key1 are the same. 126 * 127 * @return true if the test case passed; false - otherwise. 128 * @throws NoSuchAlgorithmException 129 * @throws InvalidKeySpecException 130 * @throws InvalidKeyException 131 */ 132 public boolean testMyOwnSecretKey() 133 throws NoSuchAlgorithmException, InvalidKeySpecException, 134 InvalidKeyException { 135 SecretKey key1 = getSecretKeyForPBKDF2(algoToTest); 136 SecretKey key2 = getMyOwnSecretKey(); 137 138 // Is it actually the same? 139 if (!Arrays.equals(key1.getEncoded(), key2.getEncoded())) { 140 System.err.println("We shouldn't be here. The key1 and key2 values " 141 + "in its primary encoding format have to be the same!"); 142 return false; 143 } 144 145 // Translate key 146 SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToTest); 147 SecretKey key3 = skf.translateKey(key2); 148 149 // Check if it still the same after translation 150 if (!Arrays.equals(key1.getEncoded(), key3.getEncoded())) { 151 System.err.println("testMyOwnSecretKey test case failed: the key1 " 152 + "and key3 values in its primary encoding format are not " 153 + "the same for " + algoToTest + "algorithm."); 154 return false; 155 } 156 157 return true; 158 } 159 160 /** 161 * The test case scenario implemented in the method: - create my own secret 162 * Key2 as an instance of a class implements PBEKey - spoil the key (set 163 * iteration count to 0, for example) - try to translate key - 164 * InvalidKeyException is expected. 165 * 166 * @return true if InvalidKeyException occurred; false - otherwise. 167 * @throws NoSuchAlgorithmException 168 * @throws InvalidKeySpecException 169 */ 170 public boolean translateSpoiledKey() throws NoSuchAlgorithmException, 171 InvalidKeySpecException { 172 // derive the key 173 SecretKey key1 = getMyOwnSecretKey(); 174 175 // spoil the key 176 ((MyPBKDF2SecretKey) key1).spoil(); 177 178 // translate key 179 SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToTest); 180 try { 181 SecretKey key2 = skf.translateKey(key1); 182 } catch (InvalidKeyException ike) { 183 // this is expected 184 return true; 185 } 186 187 return false; 188 } 189 190 /** 191 * Generate a PBKDF2 secret key using given algorithm. 192 * 193 * @param algoToDeriveKey PBKDF2 algorithm 194 * @return PBKDF2 secret key 195 * @throws NoSuchAlgorithmException 196 * @throws InvalidKeySpecException 197 */ 198 private SecretKey getSecretKeyForPBKDF2(String algoToDeriveKey) 199 throws NoSuchAlgorithmException, InvalidKeySpecException { 200 SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToDeriveKey); 201 202 PBEKeySpec spec = new PBEKeySpec(PASS_PHRASE.toCharArray(), 203 this.salt, ITERATION_COUNT, KEY_SIZE); 204 205 return skf.generateSecret(spec); 206 } 207 208 /** 209 * Generate a secrete key as an instance of a class implements PBEKey. 210 * 211 * @return secrete key 212 * @throws InvalidKeySpecException 213 * @throws NoSuchAlgorithmException 214 */ 215 private SecretKey getMyOwnSecretKey() throws InvalidKeySpecException, 216 NoSuchAlgorithmException { 217 return new MyPBKDF2SecretKey(PASS_PHRASE, this.algoToTest, this.salt, 218 ITERATION_COUNT, KEY_SIZE); 219 } 220 } 221 222 /** 223 * An utility class to check the SecretKeyFactory.translateKey() method. 224 */ 225 class MyPBKDF2SecretKey implements PBEKey { 226 227 private final byte[] key; 228 private final byte[] salt; 229 private final String algorithm; 230 private final int keySize, keyLength; 231 private int itereationCount; 232 private final String pass; 233 234 @Override 235 public String getAlgorithm() { 236 return algorithm; 237 } 238 239 @Override 240 public String getFormat() { 241 return "RAW"; 242 } 243 244 @Override 245 public byte[] getEncoded() { 246 byte[] copy = new byte[keyLength]; 247 System.arraycopy(this.key, 0, copy, 0, keyLength); 248 return copy; 249 } 250 251 /** 252 * The key is generating by SecretKeyFactory and its value just copying in 253 * the key field of MySecretKey class. So, this is real key derived using 254 * the given algorithm. 255 * 256 * @param passPhrase some string intended to be a password 257 * @param algo PBKDF2 algorithm 258 * @param salt slat for PBKDF2 259 * @param iterationCount iteration count 260 * @param keySize key size in bits 261 * @throws InvalidKeySpecException 262 * @throws NoSuchAlgorithmException 263 */ 264 public MyPBKDF2SecretKey(String passPhrase, String algo, byte[] salt, 265 int iterationCount, int keySize) 266 throws InvalidKeySpecException, NoSuchAlgorithmException { 267 this.algorithm = algo; 268 this.salt = salt; 269 this.itereationCount = iterationCount; 270 this.keySize = keySize; 271 this.pass = passPhrase; 272 273 PBEKeySpec spec = new PBEKeySpec(passPhrase.toCharArray(), 274 this.salt, iterationCount, this.keySize); 275 276 SecretKeyFactory keyFactory 277 = SecretKeyFactory.getInstance(algo); 278 279 SecretKey realKey = keyFactory.generateSecret(spec); 280 281 this.keyLength = realKey.getEncoded().length; 282 283 this.key = new byte[this.keyLength]; 284 System.arraycopy(realKey.getEncoded(), 0, this.key, 0, 285 this.keyLength); 286 } 287 288 @Override 289 public int getIterationCount() { 290 return itereationCount; 291 } 292 293 @Override 294 public byte[] getSalt() { 295 return salt; 296 } 297 298 @Override 299 public char[] getPassword() { 300 return this.pass.toCharArray(); 301 } 302 303 /** 304 * Spoil the generated key (before translation) to cause an 305 * InvalidKeyException 306 */ 307 public void spoil() { 308 this.itereationCount = -1; 309 } 310 311 }