1 /*
2 * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import java.security.InvalidAlgorithmParameterException;
25 import java.security.InvalidKeyException;
26 import java.security.NoSuchAlgorithmException;
27 import java.security.NoSuchProviderException;
28 import java.security.spec.AlgorithmParameterSpec;
29 import java.util.Random;
30 import javax.crypto.BadPaddingException;
31 import javax.crypto.Cipher;
32 import javax.crypto.IllegalBlockSizeException;
33 import javax.crypto.KeyGenerator;
34 import javax.crypto.NoSuchPaddingException;
35 import javax.crypto.SecretKey;
36 import javax.crypto.ShortBufferException;
37 import javax.crypto.spec.IvParameterSpec;
38
39 /**
40 * @test
41 * @bug 8043836
42 * @summary Test AES ciphers with different modes and padding schemes (ECB mode
43 * doesn't use IV). The test tries 3 different read methods of
44 * CipherInputStream.
45 * @key randomness
46 */
47 public class Padding {
48
49 private static final String ALGORITHM = "AES";
50 private static final String PROVIDER = "SunJCE";
51 private static final String[] MODES_PKCS5PAD = {
52 "ECb", "CbC", "PCBC", "OFB",
53 "OFB150", "cFB", "CFB7", "cFB8", "cFB16", "cFB24", "cFB32",
54 "Cfb40", "cfB48", "cfB56", "cfB64", "cfB72", "cfB80", "cfB88",
55 "cfB96", "cfb104", "cfB112", "cfB120", "OFB8", "OFB16", "OFB24",
56 "OFB32", "OFB40", "OFB48", "OFB56", "OFB64", "OFB72", "OFB80",
57 "OFB88", "OFB96", "OFB104", "OFB112", "OFB120" };
58 private static final String[] MODES_NOPAD = { "CTR", "CTS", "GCM" };
59
60 private static final int KEY_LENGTH = 128;
61
62 public static void main(String argv[]) throws Exception {
63 Padding test = new Padding();
64 for (String mode : MODES_PKCS5PAD) {
65 test.runTest(ALGORITHM, mode, "PKCS5Padding");
66 }
67 for (String mode : MODES_NOPAD) {
68 test.runTest(ALGORITHM, mode, "NoPadding");
69 }
70 }
71
72 public void runTest(String algo, String mo, String pad) throws Exception {
73 Cipher ci = null;
74 byte[] iv = null;
75 AlgorithmParameterSpec aps = null;
76 SecretKey key = null;
77 try {
78 Random rdm = new Random();
79 byte[] plainText;
80
81 ci = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER);
82 KeyGenerator kg = KeyGenerator.getInstance(algo, PROVIDER);
83 kg.init(KEY_LENGTH);
84 key = kg.generateKey();
85
86 for (int i = 0; i < 15; i++) {
87 plainText = new byte[1600 + i + 1];
88 rdm.nextBytes(plainText);
89
90 if (!mo.equalsIgnoreCase("GCM")) {
91 ci.init(Cipher.ENCRYPT_MODE, key, aps);
92 } else {
93 ci.init(Cipher.ENCRYPT_MODE, key);
94 }
95
96 byte[] cipherText = new byte[ci.getOutputSize(plainText.length)];
97 int offset = ci.update(plainText, 0, plainText.length,
98 cipherText, 0);
99 ci.doFinal(cipherText, offset);
100 if (!mo.equalsIgnoreCase("ECB")) {
101 iv = ci.getIV();
102 aps = new IvParameterSpec(iv);
103 } else {
104 aps = null;
105 }
106
107 if (!mo.equalsIgnoreCase("GCM")) {
108 ci.init(Cipher.DECRYPT_MODE, key, aps);
109 } else {
110 ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
111 }
112
113 byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)];
114 int len = ci.doFinal(cipherText, 0, cipherText.length,
115 recoveredText);
116 byte[] tmp = new byte[len];
117
118 for (int j = 0; j < len; j++) {
119 tmp[j] = recoveredText[j];
120 }
121
122 if (!java.util.Arrays.equals(plainText, tmp)) {
123 System.out.println("Original: ");
124 dumpBytes(plainText);
125 System.out.println("Recovered: ");
126 dumpBytes(tmp);
127 throw new RuntimeException(
128 "Original text is not equal with recovered text, with mode:"
129 + mo);
130 }
131 }
132 } catch (NoSuchAlgorithmException e) {
133 //CFB7 and OFB150 are for negative testing
134 if (!mo.equalsIgnoreCase("CFB7") && !mo.equalsIgnoreCase("OFB150")) {
135 System.out
136 .println("Unexpected NoSuchAlgorithmException with mode: "
137 + mo);
138 throw new RuntimeException("Test failed!");
139 }
140 } catch ( NoSuchProviderException | NoSuchPaddingException
141 | InvalidKeyException | InvalidAlgorithmParameterException
142 | ShortBufferException | IllegalBlockSizeException
143 | BadPaddingException e) {
144 System.out.println("Test failed!");
145 throw e;
146 }
147 }
148
149 private void dumpBytes(byte[] bytes) {
150 for (byte b : bytes) {
151 System.out.print(Integer.toHexString(b));
152 }
153
154 System.out.println();
155 }
156 }