1 /*
2 * Copyright (c) 2014, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 7088989 8014374 8167512 8173708
27 * @summary Ensure the AES ciphers of OracleUcrypto provider works correctly
28 * @key randomness
29 * @library /test/lib
30 * @build jdk.test.lib.Platform
31 * jdk.test.lib.Utils
32 * @run main TestAES
33 * @run main/othervm -Dpolicy=empty.policy TestAES
34 */
35
36 import java.security.*;
37 import java.security.spec.*;
38 import java.util.*;
39 import javax.crypto.*;
40 import javax.crypto.spec.*;
41
42 import jdk.test.lib.OSVersion;
43 import jdk.test.lib.Platform;
44 import jdk.test.lib.Utils;
45
46 public class TestAES extends UcryptoTest {
47
48 private static final String[] PADDEDCIPHER_ALGOS = {
49 "AES/ECB/PKCS5Padding",
50 "AES/CBC/PKCS5Padding",
51 "AES/CFB128/PKCS5Padding"
52 };
53
54 private static final String[] CIPHER_ALGOS = {
55 "AES/ECB/NoPadding",
56 "AES/CBC/NoPadding",
57 "AES/CFB128/NoPadding",
58 "AES/CTR/NoPadding",
59 };
60
61 private static final SecretKey CIPHER_KEY =
62 new SecretKeySpec(new byte[16], "AES");
63
64 private static final boolean IS_BAD_SOLARIS = isBadSolaris();
65
66 public static void main(String[] args) throws Exception {
67 // It has to determine Solaris version before enabling security manager.
68 // Because that needs some permissions, like java.io.FilePermission.
69 String policy = System.getProperty("policy");
70 if (policy != null) {
71 enableSecurityManager(policy);
72 }
73
74 main(new TestAES(), null);
75 }
76
77 // Enables security manager and uses the specified policy file to override
78 // the default one.
79 private static void enableSecurityManager(String policy) {
80 String policyURL = "file://" + System.getProperty("test.src", ".") + "/"
81 + policy;
82 System.out.println("policyURL: " + policyURL);
83 Security.setProperty("policy.url.1", policyURL);
84 System.setSecurityManager(new SecurityManager());
85 }
86
87 public void doTest(Provider prov) throws Exception {
88 // Provider for testing Interoperability
89 Provider sunJCEProv = Security.getProvider("SunJCE");
90
91 testCipherInterop(CIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
92 testCipherInterop(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
93
94 testCipherOffset(CIPHER_ALGOS, CIPHER_KEY, prov);
95 testCipherOffset(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov);
96
97 testCipherKeyWrapping(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
98 testCipherGCM(CIPHER_KEY, prov);
99 }
100
101 private static void testCipherInterop(String[] algos, SecretKey key,
102 Provider p,
103 Provider interopP) {
104 boolean testPassed = true;
105 byte[] in = new byte[32];
106 (new SecureRandom()).nextBytes(in);
107
108 for (String algo : algos) {
109 try {
110 // check ENC
111 Cipher c;
112 try {
113 c = Cipher.getInstance(algo, p);
114 } catch (NoSuchAlgorithmException nsae) {
115 System.out.println("Skipping Unsupported CIP algo: " + algo);
116 continue;
117 }
118 c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null);
119 byte[] eout = c.doFinal(in, 0, in.length);
120
121 AlgorithmParameters params = c.getParameters();
122 Cipher c2 = Cipher.getInstance(algo, interopP);
123 c2.init(Cipher.ENCRYPT_MODE, key, params, null);
124 byte[] eout2 = c2.doFinal(in, 0, in.length);
125
126 if (!Arrays.equals(eout, eout2)) {
127 System.out.println(algo + ": DIFF FAILED");
128 testPassed = false;
129 } else {
130 System.out.println(algo + ": ENC Passed");
131 }
132
133 // check DEC
134 c.init(Cipher.DECRYPT_MODE, key, params, null);
135 byte[] dout = c.doFinal(eout);
136 c2.init(Cipher.DECRYPT_MODE, key, params, null);
137 byte[] dout2 = c2.doFinal(eout2);
138
139 if (!Arrays.equals(dout, dout2)) {
140 System.out.println(algo + ": DIFF FAILED");
141 testPassed = false;
142 } else {
143 System.out.println(algo + ": DEC Passed");
144 }
145 } catch(Exception ex) {
146 System.out.println("Unexpected Exception: " + algo);
147 ex.printStackTrace();
148 testPassed = false;
149 }
150 }
151
152 if (!testPassed) {
153 throw new RuntimeException("One or more CIPHER test failed!");
154 } else {
155 System.out.println("CIPHER Interop Tests Passed");
156 }
157 }
158
159 private static void testCipherOffset(String[] algos, SecretKey key,
160 Provider p) {
161 boolean testPassed = true;
162 byte[] in = new byte[16];
163 (new SecureRandom()).nextBytes(in);
164
165 for (int i = 0; i < algos.length; i++) {
166 if (IS_BAD_SOLARIS
167 && algos[i].indexOf("CFB128") != -1
168 && p.getName().equals("OracleUcrypto")) {
169 System.out.println("Ignore cases on CFB128 due to a pre-S11.3 bug");
170 continue;
171 }
172
173 for (int j = 1; j < (in.length - 1); j++) {
174 System.out.println("Input offset size: " + j);
175
176 try {
177 // check ENC
178 Cipher c;
179 try {
180 c = Cipher.getInstance(algos[i], p);
181 } catch (NoSuchAlgorithmException nsae) {
182 System.out.println("Skip Unsupported CIP algo: " + algos[i]);
183 continue;
184 }
185 c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null);
186 byte[] eout = new byte[c.getOutputSize(in.length)];
187 int firstPartLen = in.length - j - 1;
188 //System.out.print("1st UPDATE: " + firstPartLen);
189 int k = c.update(in, 0, firstPartLen, eout, 0);
190 k += c.update(in, firstPartLen, 1, eout, k);
191 k += c.doFinal(in, firstPartLen+1, j, eout, k);
192
193 AlgorithmParameters params = c.getParameters();
194
195 Cipher c2 = Cipher.getInstance(algos[i], p);
196 c2.init(Cipher.ENCRYPT_MODE, key, params, null);
197 byte[] eout2 = new byte[c2.getOutputSize(in.length)];
198 int k2 = c2.update(in, 0, j, eout2, 0);
199 k2 += c2.update(in, j, 1, eout2, k2);
200 k2 += c2.doFinal(in, j+1, firstPartLen, eout2, k2);
201
202 if (!checkArrays(eout, k, eout2, k2)) testPassed = false;
203
204 // check DEC
205 c.init(Cipher.DECRYPT_MODE, key, params, null);
206 byte[] dout = new byte[c.getOutputSize(eout.length)];
207 k = c.update(eout, 0, firstPartLen, dout, 0);
208 k += c.update(eout, firstPartLen, 1, dout, k);
209 k += c.doFinal(eout, firstPartLen+1, eout.length - firstPartLen - 1, dout, k);
210 if (!checkArrays(in, in.length, dout, k)) testPassed = false;
211 } catch(Exception ex) {
212 System.out.println("Unexpected Exception: " + algos[i]);
213 ex.printStackTrace();
214 testPassed = false;
215 }
216 }
217 }
218 if (!testPassed) {
219 throw new RuntimeException("One or more CIPHER test failed!");
220 } else {
221 System.out.println("CIPHER Offset Tests Passed");
222 }
223 }
224
225 private static void testCipherKeyWrapping(String[] algos, SecretKey key,
226 Provider p, Provider interopP)
227 throws NoSuchAlgorithmException {
228 boolean testPassed = true;
229
230 // Test SecretKey, PrivateKey and PublicKey
231 Key[] tbwKeys = new Key[3];
232 int[] tbwKeyTypes = { Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, Cipher.PUBLIC_KEY };
233 tbwKeys[0] = new SecretKeySpec(new byte[20], "Blowfish");
234 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
235 kpg.initialize(1024);
236 KeyPair kp = kpg.generateKeyPair();
237 tbwKeys[1] = kp.getPrivate();
238 tbwKeys[2] = kp.getPublic();
239
240 for (int i = 0; i < algos.length; i++) {
241 try {
242 System.out.println(algos[i] + " - Native WRAP/Java UNWRAP");
243
244 Cipher c1;
245 try {
246 c1 = Cipher.getInstance(algos[i], p);
247 } catch (NoSuchAlgorithmException nsae) {
248 System.out.println("Skipping Unsupported CIP algo: " + algos[i]);
249 continue;
250 }
251 c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null);
252 AlgorithmParameters params = c1.getParameters();
253 Cipher c2 = Cipher.getInstance(algos[i], interopP);
254 c2.init(Cipher.UNWRAP_MODE, key, params, null);
255
256 for (int j = 0; j < tbwKeys.length ; j++) {
257 byte[] wrappedKey = c1.wrap(tbwKeys[j]);
258 Key recovered = c2.unwrap(wrappedKey,
259 tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]);
260 if (!checkKeys(tbwKeys[j], recovered)) testPassed = false;
261 }
262
263 System.out.println(algos[i] + " - Java WRAP/Native UNWRAP");
264 c1 = Cipher.getInstance(algos[i], interopP);
265 c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null);
266 params = c1.getParameters();
267 c2 = Cipher.getInstance(algos[i], p);
268 c2.init(Cipher.UNWRAP_MODE, key, params, null);
269
270 for (int j = 0; j < tbwKeys.length ; j++) {
271 byte[] wrappedKey = c1.wrap(tbwKeys[j]);
272 Key recovered = c2.unwrap(wrappedKey,
273 tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]);
274 if (!checkKeys(tbwKeys[j], recovered)) testPassed = false;
275 }
276
277 } catch(Exception ex) {
278 System.out.println("Unexpected Exception: " + algos[i]);
279 ex.printStackTrace();
280 testPassed = false;
281 }
282 }
283 if (!testPassed) {
284 throw new RuntimeException("One or more CIPHER test failed!");
285 } else {
286 System.out.println("CIPHER KeyWrapping Tests Passed");
287 }
288 }
289
290 private static void testCipherGCM(SecretKey key,
291 Provider p) {
292 boolean testPassed = true;
293 byte[] in = new byte[16];
294 (new SecureRandom()).nextBytes(in);
295
296 byte[] iv = new byte[16];
297 (new SecureRandom()).nextBytes(iv);
298
299
300 String algo = "AES/GCM/NoPadding";
301 int tagLen[] = { 128, 120, 112, 104, 96, 64, 32 };
302
303 try {
304 Cipher c;
305 try {
306 c = Cipher.getInstance(algo, p);
307 } catch (NoSuchAlgorithmException nsae) {
308 System.out.println("Skipping Unsupported CIP algo: " + algo);
309 return;
310 }
311 for (int i = 0; i < tagLen.length; i++) {
312 // change iv value to pass the key+iv uniqueness cehck for
313 // GCM encryption
314 iv[0] += 1;
315 AlgorithmParameterSpec paramSpec = new GCMParameterSpec(tagLen[i], iv);
316 // check ENC
317 c.init(Cipher.ENCRYPT_MODE, key, paramSpec, null);
318 c.updateAAD(iv);
319 byte[] eout = c.doFinal(in, 0, in.length);
320
321 AlgorithmParameters param = c.getParameters();
322 // check DEC
323 c.init(Cipher.DECRYPT_MODE, key, param, null);
324 c.updateAAD(iv);
325 byte[] dout = c.doFinal(eout, 0, eout.length);
326
327 if (!Arrays.equals(dout, in)) {
328 System.out.println(algo + ": PT and RT DIFF FAILED");
329 testPassed = false;
330 } else {
331 System.out.println(algo + ": tagLen " + tagLen[i] + " done");
332 }
333 }
334 } catch(Exception ex) {
335 System.out.println("Unexpected Exception: " + algo);
336 ex.printStackTrace();
337 testPassed = false;
338 }
339 if (!testPassed) {
340 throw new RuntimeException("One or more CIPHER test failed!");
341 } else {
342 System.out.println("CIPHER GCM Tests Passed");
343 }
344 }
345
346 private static boolean checkArrays(byte[] a1, int a1Len, byte[] a2, int a2Len) {
347 boolean equal = true;
348 if (a1Len != a2Len) {
349 System.out.println("DIFFERENT OUT LENGTH");
350 equal = false;
351 } else {
352 for (int p = 0; p < a1Len; p++) {
353 if (a1[p] != a2[p]) {
354 System.out.println("DIFF FAILED");
355 equal = false;
356 break;
357 }
358 }
359 }
360 return equal;
361 }
362
363 private static boolean checkKeys(Key k1, Key k2) {
364 boolean equal = true;
365 if (!k1.getAlgorithm().equalsIgnoreCase(k2.getAlgorithm())) {
366 System.out.println("DIFFERENT Key Algorithm");
367 equal = false;
368 } else if (!k1.getFormat().equalsIgnoreCase(k2.getFormat())) {
369 System.out.println("DIFFERENT Key Format");
370 equal = false;
371 } else if (!Arrays.equals(k1.getEncoded(), k2.getEncoded())) {
372 System.out.println("DIFFERENT Key Encoding");
373 equal = false;
374 }
375 return equal;
376 }
377
378 // The cases on CFB128 mode have to be skipped on pre-S11.3.
379 private static boolean isBadSolaris() {
380 return Platform.isSolaris() && OSVersion.current().compareTo(new OSVersion(11, 3)) < 0;
381 }
382 }