1 /*
   2  * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import java.io.PrintStream;
  25 import java.security.AlgorithmParameters;
  26 import java.security.InvalidKeyException;
  27 import java.security.Provider;
  28 import java.security.Security;
  29 import java.security.spec.AlgorithmParameterSpec;
  30 import java.util.Arrays;
  31 import java.util.Random;
  32 import java.util.StringTokenizer;
  33 import javax.crypto.Cipher;
  34 import javax.crypto.SealedObject;
  35 import javax.crypto.SecretKey;
  36 import javax.crypto.SecretKeyFactory;
  37 import javax.crypto.spec.PBEKeySpec;
  38 import javax.crypto.spec.PBEParameterSpec;
  39 
  40 /**
  41  * @test
  42  * @bug 8041781
  43  * @summary test if seal/unseal works correctly with PBE algorithms
  44  * @author Yun Ke
  45  * @author Bill Situ
  46  * @author Alexander Fomin
  47  * @run main PBESealedObject
  48  */
  49 public class PBESealedObject {
  50 
  51     private static final String[] PBEAlgorithms = {
  52         "pbeWithMD5ANDdes",
  53         "PBEWithMD5AndDES/CBC/PKCS5Padding",
  54         "PBEWithMD5AndTripleDES",
  55         "PBEWithMD5AndTripleDES/CBC/PKCS5Padding",
  56         "PBEwithSHA1AndDESede",
  57         "PBEwithSHA1AndDESede/CBC/PKCS5Padding",
  58         "PBEwithSHA1AndRC2_40",
  59         "PBEwithSHA1Andrc2_40/CBC/PKCS5Padding",
  60         "PBEWithSHA1AndRC2_128",
  61         "PBEWithSHA1andRC2_128/CBC/PKCS5Padding",
  62         "PBEWithSHA1AndRC4_40",
  63         "PBEWithsha1AndRC4_40/ECB/NoPadding",
  64         "PBEWithSHA1AndRC4_128",
  65         "pbeWithSHA1AndRC4_128/ECB/NoPadding",
  66         "PBEWithHmacSHA1AndAES_128",
  67         "PBEWithHmacSHA224AndAES_128",
  68         "PBEWithHmacSHA256AndAES_128",
  69         "PBEWithHmacSHA384AndAES_128",
  70         "PBEWithHmacSHA512AndAES_128",
  71         "PBEWithHmacSHA1AndAES_256",
  72         "PBEWithHmacSHA224AndAES_256",
  73         "PBEWithHmacSHA256AndAES_256",
  74         "PBEWithHmacSHA384AndAES_256",
  75         "PBEWithHmacSHA512AndAES_256"
  76     };
  77 
  78     public static void main(String[] args) {
  79         PBESealedObject test = new PBESealedObject();
  80         Provider sunjce = Security.getProvider("SunJCE");
  81 
  82         if (!test.runAll(sunjce, System.out)) {
  83             throw new RuntimeException("One or more tests have failed....");
  84         }
  85     }
  86 
  87     public boolean runAll(Provider p, PrintStream out) {
  88         boolean finalResult = true;
  89 
  90         for (String algorithm : PBEAlgorithms) {
  91             out.println("Running test with " + algorithm + ":");
  92             try {
  93                 if (!runTest(p, algorithm, out)) {
  94                     finalResult = false;
  95                     out.println("STATUS: Failed");
  96                 } else {
  97                     out.println("STATUS: Passed");
  98                 }
  99             } catch (Exception ex) {
 100                 finalResult = false;
 101                 ex.printStackTrace(out);
 102                 out.println("STATUS:Failed");
 103             }
 104         }
 105 
 106         return finalResult;
 107     }
 108 
 109     // Have a generic throws Exception as it can throw many different exceptions
 110     public boolean runTest(Provider p, String algo, PrintStream out)
 111             throws Exception {
 112 
 113         byte[] salt = new byte[8];
 114         int ITERATION_COUNT = 1000;
 115         AlgorithmParameters pbeParams = null;
 116 
 117         String baseAlgo
 118                 = new StringTokenizer(algo, "/").nextToken().toUpperCase();
 119         boolean isAES = baseAlgo.contains("AES");
 120 
 121         try {
 122             // Initialization
 123             Cipher ci = Cipher.getInstance(algo, p);
 124             new Random().nextBytes(salt);
 125             AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
 126                     ITERATION_COUNT);
 127             SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
 128             SecretKey key = skf.generateSecret(
 129                     new PBEKeySpec("Secret Lover".toCharArray()));
 130 
 131             // Seal
 132             if (isAES) {
 133                 ci.init(Cipher.ENCRYPT_MODE, key);
 134                 pbeParams = ci.getParameters();
 135             } else {
 136                 ci.init(Cipher.ENCRYPT_MODE, key, aps);
 137             }
 138 
 139             SealedObject so = new SealedObject(key, ci);
 140 
 141             // Unseal and compare
 142             if (isAES) {
 143                 ci.init(Cipher.DECRYPT_MODE, key, pbeParams);
 144             } else {
 145                 ci.init(Cipher.DECRYPT_MODE, key, aps);
 146             }
 147 
 148             SecretKey unsealedKey;
 149 
 150             unsealedKey = (SecretKey) so.getObject(ci);
 151             if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
 152                 return false;
 153             }
 154 
 155             unsealedKey = (SecretKey) so.getObject(key);
 156             if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
 157                 return false;
 158             }
 159 
 160             unsealedKey = (SecretKey) so.getObject(key, "SunJCE");
 161             return Arrays.equals(unsealedKey.getEncoded(), key.getEncoded());
 162         } catch (InvalidKeyException ex) {
 163             if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
 164                 out.println(
 165                         "Expected exception , keyStrength > 128 within" + algo);
 166                 return true;
 167             }
 168 
 169             throw ex;
 170         }
 171     }
 172 
 173 }