1 /* 2 * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.security.InvalidAlgorithmParameterException; 25 import java.security.InvalidKeyException; 26 import java.security.NoSuchAlgorithmException; 27 import java.security.NoSuchProviderException; 28 import java.security.spec.AlgorithmParameterSpec; 29 import java.util.Random; 30 import javax.crypto.BadPaddingException; 31 import javax.crypto.Cipher; 32 import javax.crypto.IllegalBlockSizeException; 33 import javax.crypto.KeyGenerator; 34 import javax.crypto.NoSuchPaddingException; 35 import javax.crypto.SecretKey; 36 import javax.crypto.ShortBufferException; 37 import javax.crypto.spec.IvParameterSpec; 38 39 /** 40 * @test 41 * @bug 8043836 42 * @summary Test AES ciphers with different modes and padding schemes (ECB mode 43 * doesn't use IV). The test tries 3 different read methods of 44 * CipherInputStream. 45 * @key randomness 46 */ 47 public class Padding { 48 49 private static final String ALGORITHM = "AES"; 50 private static final String PROVIDER = "SunJCE"; 51 private static final String[] MODES_PKCS5PAD = { 52 "ECb", "CbC", "PCBC", "OFB", 53 "OFB150", "cFB", "CFB7", "cFB8", "cFB16", "cFB24", "cFB32", 54 "Cfb40", "cfB48", "cfB56", "cfB64", "cfB72", "cfB80", "cfB88", 55 "cfB96", "cfb104", "cfB112", "cfB120", "OFB8", "OFB16", "OFB24", 56 "OFB32", "OFB40", "OFB48", "OFB56", "OFB64", "OFB72", "OFB80", 57 "OFB88", "OFB96", "OFB104", "OFB112", "OFB120" }; 58 private static final String[] MODES_NOPAD = { "CTR", "CTS", "GCM" }; 59 60 private static final int KEY_LENGTH = 128; 61 62 public static void main(String argv[]) throws Exception { 63 Padding test = new Padding(); 64 for (String mode : MODES_PKCS5PAD) { 65 test.runTest(ALGORITHM, mode, "PKCS5Padding"); 66 } 67 for (String mode : MODES_NOPAD) { 68 test.runTest(ALGORITHM, mode, "NoPadding"); 69 } 70 } 71 72 public void runTest(String algo, String mo, String pad) throws Exception { 73 Cipher ci = null; 74 byte[] iv = null; 75 AlgorithmParameterSpec aps = null; 76 SecretKey key = null; 77 try { 78 Random rdm = new Random(); 79 byte[] plainText; 80 81 ci = Cipher.getInstance(algo + "/" + mo + "/" + pad, PROVIDER); 82 KeyGenerator kg = KeyGenerator.getInstance(algo, PROVIDER); 83 kg.init(KEY_LENGTH); 84 key = kg.generateKey(); 85 86 for (int i = 0; i < 15; i++) { 87 plainText = new byte[1600 + i + 1]; 88 rdm.nextBytes(plainText); 89 90 if (!mo.equalsIgnoreCase("GCM")) { 91 ci.init(Cipher.ENCRYPT_MODE, key, aps); 92 } else { 93 ci.init(Cipher.ENCRYPT_MODE, key); 94 } 95 96 byte[] cipherText = new byte[ci.getOutputSize(plainText.length)]; 97 int offset = ci.update(plainText, 0, plainText.length, 98 cipherText, 0); 99 ci.doFinal(cipherText, offset); 100 if (!mo.equalsIgnoreCase("ECB")) { 101 iv = ci.getIV(); 102 aps = new IvParameterSpec(iv); 103 } else { 104 aps = null; 105 } 106 107 if (!mo.equalsIgnoreCase("GCM")) { 108 ci.init(Cipher.DECRYPT_MODE, key, aps); 109 } else { 110 ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters()); 111 } 112 113 byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)]; 114 int len = ci.doFinal(cipherText, 0, cipherText.length, 115 recoveredText); 116 byte[] tmp = new byte[len]; 117 118 for (int j = 0; j < len; j++) { 119 tmp[j] = recoveredText[j]; 120 } 121 122 if (!java.util.Arrays.equals(plainText, tmp)) { 123 System.out.println("Original: "); 124 dumpBytes(plainText); 125 System.out.println("Recovered: "); 126 dumpBytes(tmp); 127 throw new RuntimeException( 128 "Original text is not equal with recovered text, with mode:" 129 + mo); 130 } 131 } 132 } catch (NoSuchAlgorithmException e) { 133 //CFB7 and OFB150 are for negative testing 134 if (!mo.equalsIgnoreCase("CFB7") && !mo.equalsIgnoreCase("OFB150")) { 135 System.out 136 .println("Unexpected NoSuchAlgorithmException with mode: " 137 + mo); 138 throw new RuntimeException("Test failed!"); 139 } 140 } catch ( NoSuchProviderException | NoSuchPaddingException 141 | InvalidKeyException | InvalidAlgorithmParameterException 142 | ShortBufferException | IllegalBlockSizeException 143 | BadPaddingException e) { 144 System.out.println("Test failed!"); 145 throw e; 146 } 147 } 148 149 private void dumpBytes(byte[] bytes) { 150 for (byte b : bytes) { 151 System.out.print(Integer.toHexString(b)); 152 } 153 154 System.out.println(); 155 } 156 }