1 /* 2 * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.io.PrintStream; 25 import java.security.AlgorithmParameters; 26 import java.security.InvalidKeyException; 27 import java.security.Provider; 28 import java.security.Security; 29 import java.security.spec.AlgorithmParameterSpec; 30 import java.util.Arrays; 31 import java.util.Random; 32 import java.util.StringTokenizer; 33 import javax.crypto.Cipher; 34 import javax.crypto.SealedObject; 35 import javax.crypto.SecretKey; 36 import javax.crypto.SecretKeyFactory; 37 import javax.crypto.spec.PBEKeySpec; 38 import javax.crypto.spec.PBEParameterSpec; 39 40 /** 41 * @test 42 * @bug 8041781 43 * @summary test if seal/unseal works correctly with PBE algorithms 44 * @author Yun Ke 45 * @author Bill Situ 46 * @author Alexander Fomin 47 * @run main PBESealedObject 48 */ 49 public class PBESealedObject { 50 51 private static final String[] PBEAlgorithms = { 52 "pbeWithMD5ANDdes", 53 "PBEWithMD5AndDES/CBC/PKCS5Padding", 54 "PBEWithMD5AndTripleDES", 55 "PBEWithMD5AndTripleDES/CBC/PKCS5Padding", 56 "PBEwithSHA1AndDESede", 57 "PBEwithSHA1AndDESede/CBC/PKCS5Padding", 58 "PBEwithSHA1AndRC2_40", 59 "PBEwithSHA1Andrc2_40/CBC/PKCS5Padding", 60 "PBEWithSHA1AndRC2_128", 61 "PBEWithSHA1andRC2_128/CBC/PKCS5Padding", 62 "PBEWithSHA1AndRC4_40", 63 "PBEWithsha1AndRC4_40/ECB/NoPadding", 64 "PBEWithSHA1AndRC4_128", 65 "pbeWithSHA1AndRC4_128/ECB/NoPadding", 66 "PBEWithHmacSHA1AndAES_128", 67 "PBEWithHmacSHA224AndAES_128", 68 "PBEWithHmacSHA256AndAES_128", 69 "PBEWithHmacSHA384AndAES_128", 70 "PBEWithHmacSHA512AndAES_128", 71 "PBEWithHmacSHA1AndAES_256", 72 "PBEWithHmacSHA224AndAES_256", 73 "PBEWithHmacSHA256AndAES_256", 74 "PBEWithHmacSHA384AndAES_256", 75 "PBEWithHmacSHA512AndAES_256" 76 }; 77 78 public static void main(String[] args) { 79 PBESealedObject test = new PBESealedObject(); 80 Provider sunjce = Security.getProvider("SunJCE"); 81 82 if (!test.runAll(sunjce, System.out)) { 83 throw new RuntimeException("One or more tests have failed...."); 84 } 85 } 86 87 public boolean runAll(Provider p, PrintStream out) { 88 boolean finalResult = true; 89 90 for (String algorithm : PBEAlgorithms) { 91 out.println("Running test with " + algorithm + ":"); 92 try { 93 if (!runTest(p, algorithm, out)) { 94 finalResult = false; 95 out.println("STATUS: Failed"); 96 } else { 97 out.println("STATUS: Passed"); 98 } 99 } catch (Exception ex) { 100 finalResult = false; 101 ex.printStackTrace(out); 102 out.println("STATUS:Failed"); 103 } 104 } 105 106 return finalResult; 107 } 108 109 // Have a generic throws Exception as it can throw many different exceptions 110 public boolean runTest(Provider p, String algo, PrintStream out) 111 throws Exception { 112 113 byte[] salt = new byte[8]; 114 int ITERATION_COUNT = 1000; 115 AlgorithmParameters pbeParams = null; 116 117 String baseAlgo 118 = new StringTokenizer(algo, "/").nextToken().toUpperCase(); 119 boolean isAES = baseAlgo.contains("AES"); 120 121 try { 122 // Initialization 123 Cipher ci = Cipher.getInstance(algo, p); 124 new Random().nextBytes(salt); 125 AlgorithmParameterSpec aps = new PBEParameterSpec(salt, 126 ITERATION_COUNT); 127 SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p); 128 SecretKey key = skf.generateSecret( 129 new PBEKeySpec("Secret Lover".toCharArray())); 130 131 // Seal 132 if (isAES) { 133 ci.init(Cipher.ENCRYPT_MODE, key); 134 pbeParams = ci.getParameters(); 135 } else { 136 ci.init(Cipher.ENCRYPT_MODE, key, aps); 137 } 138 139 SealedObject so = new SealedObject(key, ci); 140 141 // Unseal and compare 142 if (isAES) { 143 ci.init(Cipher.DECRYPT_MODE, key, pbeParams); 144 } else { 145 ci.init(Cipher.DECRYPT_MODE, key, aps); 146 } 147 148 SecretKey unsealedKey; 149 150 unsealedKey = (SecretKey) so.getObject(ci); 151 if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) { 152 return false; 153 } 154 155 unsealedKey = (SecretKey) so.getObject(key); 156 if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) { 157 return false; 158 } 159 160 unsealedKey = (SecretKey) so.getObject(key, "SunJCE"); 161 return Arrays.equals(unsealedKey.getEncoded(), key.getEncoded()); 162 } catch (InvalidKeyException ex) { 163 if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) { 164 out.println( 165 "Expected exception , keyStrength > 128 within" + algo); 166 return true; 167 } 168 169 throw ex; 170 } 171 } 172 173 }