1 /*
2 * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 7088989 8014374 8167512 8173708
27 * @summary Ensure the AES ciphers of OracleUcrypto provider works correctly
28 * @key randomness
29 * @library /test/lib
30 * @build jdk.test.lib.Platform
31 * jdk.test.lib.Utils
32 * @run main TestAES
33 * @run main/othervm -Dpolicy=empty.policy TestAES
34 */
35
36 import java.security.*;
37 import java.security.spec.*;
38 import java.util.*;
39 import javax.crypto.*;
40 import javax.crypto.spec.*;
41
42 import jdk.test.lib.Platform;
43 import jdk.test.lib.Utils;
44
45 public class TestAES extends UcryptoTest {
46
47 private static final String[] PADDEDCIPHER_ALGOS = {
48 "AES/ECB/PKCS5Padding",
49 "AES/CBC/PKCS5Padding",
50 "AES/CFB128/PKCS5Padding"
51 };
52
53 private static final String[] CIPHER_ALGOS = {
54 "AES/ECB/NoPadding",
55 "AES/CBC/NoPadding",
56 "AES/CFB128/NoPadding",
57 "AES/CTR/NoPadding",
58 };
59
60 private static final SecretKey CIPHER_KEY =
61 new SecretKeySpec(new byte[16], "AES");
62
63 private static final boolean IS_BAD_SOLARIS = isBadSolaris();
64
65 public static void main(String[] args) throws Exception {
66 // It has to determine Solaris version before enabling security manager.
67 // Because that needs some permissions, like java.io.FilePermission.
68 String policy = System.getProperty("policy");
69 if (policy != null) {
70 enableSecurityManager(policy);
71 }
72
73 main(new TestAES(), null);
74 }
75
76 // Enables security manager and uses the specified policy file to override
77 // the default one.
78 private static void enableSecurityManager(String policy) {
79 String policyURL = "file://" + System.getProperty("test.src", ".") + "/"
80 + policy;
81 System.out.println("policyURL: " + policyURL);
82 Security.setProperty("policy.url.1", policyURL);
83 System.setSecurityManager(new SecurityManager());
84 }
85
86 public void doTest(Provider prov) throws Exception {
87 // Provider for testing Interoperability
88 Provider sunJCEProv = Security.getProvider("SunJCE");
89
90 testCipherInterop(CIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
91 testCipherInterop(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
92
93 testCipherOffset(CIPHER_ALGOS, CIPHER_KEY, prov);
94 testCipherOffset(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov);
95
96 testCipherKeyWrapping(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
97 testCipherGCM(CIPHER_KEY, prov);
98 }
99
100 private static void testCipherInterop(String[] algos, SecretKey key,
101 Provider p,
102 Provider interopP) {
103 boolean testPassed = true;
104 byte[] in = new byte[32];
105 (new SecureRandom()).nextBytes(in);
106
107 for (String algo : algos) {
108 try {
109 // check ENC
110 Cipher c;
111 try {
112 c = Cipher.getInstance(algo, p);
113 } catch (NoSuchAlgorithmException nsae) {
114 System.out.println("Skipping Unsupported CIP algo: " + algo);
115 continue;
116 }
117 c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null);
118 byte[] eout = c.doFinal(in, 0, in.length);
119
120 AlgorithmParameters params = c.getParameters();
121 Cipher c2 = Cipher.getInstance(algo, interopP);
122 c2.init(Cipher.ENCRYPT_MODE, key, params, null);
123 byte[] eout2 = c2.doFinal(in, 0, in.length);
124
125 if (!Arrays.equals(eout, eout2)) {
126 System.out.println(algo + ": DIFF FAILED");
127 testPassed = false;
128 } else {
129 System.out.println(algo + ": ENC Passed");
130 }
131
132 // check DEC
133 c.init(Cipher.DECRYPT_MODE, key, params, null);
134 byte[] dout = c.doFinal(eout);
135 c2.init(Cipher.DECRYPT_MODE, key, params, null);
136 byte[] dout2 = c2.doFinal(eout2);
137
138 if (!Arrays.equals(dout, dout2)) {
139 System.out.println(algo + ": DIFF FAILED");
140 testPassed = false;
141 } else {
142 System.out.println(algo + ": DEC Passed");
143 }
144 } catch(Exception ex) {
145 System.out.println("Unexpected Exception: " + algo);
146 ex.printStackTrace();
147 testPassed = false;
148 }
149 }
150
151 if (!testPassed) {
152 throw new RuntimeException("One or more CIPHER test failed!");
153 } else {
154 System.out.println("CIPHER Interop Tests Passed");
155 }
156 }
157
158 private static void testCipherOffset(String[] algos, SecretKey key,
159 Provider p) {
160 boolean testPassed = true;
161 byte[] in = new byte[16];
162 (new SecureRandom()).nextBytes(in);
163
164 for (int i = 0; i < algos.length; i++) {
165 if (IS_BAD_SOLARIS
166 && algos[i].indexOf("CFB128") != -1
167 && p.getName().equals("OracleUcrypto")) {
168 System.out.println("Ignore cases on CFB128 due to a pre-S11.3 bug");
169 continue;
170 }
171
172 for (int j = 1; j < (in.length - 1); j++) {
173 System.out.println("Input offset size: " + j);
174
175 try {
176 // check ENC
177 Cipher c;
178 try {
179 c = Cipher.getInstance(algos[i], p);
180 } catch (NoSuchAlgorithmException nsae) {
181 System.out.println("Skip Unsupported CIP algo: " + algos[i]);
182 continue;
183 }
184 c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null);
185 byte[] eout = new byte[c.getOutputSize(in.length)];
186 int firstPartLen = in.length - j - 1;
187 //System.out.print("1st UPDATE: " + firstPartLen);
188 int k = c.update(in, 0, firstPartLen, eout, 0);
189 k += c.update(in, firstPartLen, 1, eout, k);
190 k += c.doFinal(in, firstPartLen+1, j, eout, k);
191
192 AlgorithmParameters params = c.getParameters();
193
194 Cipher c2 = Cipher.getInstance(algos[i], p);
195 c2.init(Cipher.ENCRYPT_MODE, key, params, null);
196 byte[] eout2 = new byte[c2.getOutputSize(in.length)];
197 int k2 = c2.update(in, 0, j, eout2, 0);
198 k2 += c2.update(in, j, 1, eout2, k2);
199 k2 += c2.doFinal(in, j+1, firstPartLen, eout2, k2);
200
201 if (!checkArrays(eout, k, eout2, k2)) testPassed = false;
202
203 // check DEC
204 c.init(Cipher.DECRYPT_MODE, key, params, null);
205 byte[] dout = new byte[c.getOutputSize(eout.length)];
206 k = c.update(eout, 0, firstPartLen, dout, 0);
207 k += c.update(eout, firstPartLen, 1, dout, k);
208 k += c.doFinal(eout, firstPartLen+1, eout.length - firstPartLen - 1, dout, k);
209 if (!checkArrays(in, in.length, dout, k)) testPassed = false;
210 } catch(Exception ex) {
211 System.out.println("Unexpected Exception: " + algos[i]);
212 ex.printStackTrace();
213 testPassed = false;
214 }
215 }
216 }
217 if (!testPassed) {
218 throw new RuntimeException("One or more CIPHER test failed!");
219 } else {
220 System.out.println("CIPHER Offset Tests Passed");
221 }
222 }
223
224 private static void testCipherKeyWrapping(String[] algos, SecretKey key,
225 Provider p, Provider interopP)
226 throws NoSuchAlgorithmException {
227 boolean testPassed = true;
228
229 // Test SecretKey, PrivateKey and PublicKey
230 Key[] tbwKeys = new Key[3];
231 int[] tbwKeyTypes = { Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, Cipher.PUBLIC_KEY };
232 tbwKeys[0] = new SecretKeySpec(new byte[20], "Blowfish");
233 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
234 kpg.initialize(1024);
235 KeyPair kp = kpg.generateKeyPair();
236 tbwKeys[1] = kp.getPrivate();
237 tbwKeys[2] = kp.getPublic();
238
239 for (int i = 0; i < algos.length; i++) {
240 try {
241 System.out.println(algos[i] + " - Native WRAP/Java UNWRAP");
242
243 Cipher c1;
244 try {
245 c1 = Cipher.getInstance(algos[i], p);
246 } catch (NoSuchAlgorithmException nsae) {
247 System.out.println("Skipping Unsupported CIP algo: " + algos[i]);
248 continue;
249 }
250 c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null);
251 AlgorithmParameters params = c1.getParameters();
252 Cipher c2 = Cipher.getInstance(algos[i], interopP);
253 c2.init(Cipher.UNWRAP_MODE, key, params, null);
254
255 for (int j = 0; j < tbwKeys.length ; j++) {
256 byte[] wrappedKey = c1.wrap(tbwKeys[j]);
257 Key recovered = c2.unwrap(wrappedKey,
258 tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]);
259 if (!checkKeys(tbwKeys[j], recovered)) testPassed = false;
260 }
261
262 System.out.println(algos[i] + " - Java WRAP/Native UNWRAP");
263 c1 = Cipher.getInstance(algos[i], interopP);
264 c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null);
265 params = c1.getParameters();
266 c2 = Cipher.getInstance(algos[i], p);
267 c2.init(Cipher.UNWRAP_MODE, key, params, null);
268
269 for (int j = 0; j < tbwKeys.length ; j++) {
270 byte[] wrappedKey = c1.wrap(tbwKeys[j]);
271 Key recovered = c2.unwrap(wrappedKey,
272 tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]);
273 if (!checkKeys(tbwKeys[j], recovered)) testPassed = false;
274 }
275
276 } catch(Exception ex) {
277 System.out.println("Unexpected Exception: " + algos[i]);
278 ex.printStackTrace();
279 testPassed = false;
280 }
281 }
282 if (!testPassed) {
283 throw new RuntimeException("One or more CIPHER test failed!");
284 } else {
285 System.out.println("CIPHER KeyWrapping Tests Passed");
286 }
287 }
288
289 private static void testCipherGCM(SecretKey key,
290 Provider p) {
291 boolean testPassed = true;
292 byte[] in = new byte[16];
293 (new SecureRandom()).nextBytes(in);
294
295 byte[] iv = new byte[16];
296 (new SecureRandom()).nextBytes(iv);
297
298
299 String algo = "AES/GCM/NoPadding";
300 int tagLen[] = { 128, 120, 112, 104, 96, 64, 32 };
301
302 try {
303 Cipher c;
304 try {
305 c = Cipher.getInstance(algo, p);
306 } catch (NoSuchAlgorithmException nsae) {
307 System.out.println("Skipping Unsupported CIP algo: " + algo);
308 return;
309 }
310 for (int i = 0; i < tagLen.length; i++) {
311 // change iv value to pass the key+iv uniqueness cehck for
312 // GCM encryption
313 iv[0] += 1;
314 AlgorithmParameterSpec paramSpec = new GCMParameterSpec(tagLen[i], iv);
315 // check ENC
316 c.init(Cipher.ENCRYPT_MODE, key, paramSpec, null);
317 c.updateAAD(iv);
318 byte[] eout = c.doFinal(in, 0, in.length);
319
320 AlgorithmParameters param = c.getParameters();
321 // check DEC
322 c.init(Cipher.DECRYPT_MODE, key, param, null);
323 c.updateAAD(iv);
324 byte[] dout = c.doFinal(eout, 0, eout.length);
325
326 if (!Arrays.equals(dout, in)) {
327 System.out.println(algo + ": PT and RT DIFF FAILED");
328 testPassed = false;
329 } else {
330 System.out.println(algo + ": tagLen " + tagLen[i] + " done");
331 }
332 }
333 } catch(Exception ex) {
334 System.out.println("Unexpected Exception: " + algo);
335 ex.printStackTrace();
336 testPassed = false;
337 }
338 if (!testPassed) {
339 throw new RuntimeException("One or more CIPHER test failed!");
340 } else {
341 System.out.println("CIPHER GCM Tests Passed");
342 }
343 }
344
345 private static boolean checkArrays(byte[] a1, int a1Len, byte[] a2, int a2Len) {
346 boolean equal = true;
347 if (a1Len != a2Len) {
348 System.out.println("DIFFERENT OUT LENGTH");
349 equal = false;
350 } else {
351 for (int p = 0; p < a1Len; p++) {
352 if (a1[p] != a2[p]) {
353 System.out.println("DIFF FAILED");
354 equal = false;
355 break;
356 }
357 }
358 }
359 return equal;
360 }
361
362 private static boolean checkKeys(Key k1, Key k2) {
363 boolean equal = true;
364 if (!k1.getAlgorithm().equalsIgnoreCase(k2.getAlgorithm())) {
365 System.out.println("DIFFERENT Key Algorithm");
366 equal = false;
367 } else if (!k1.getFormat().equalsIgnoreCase(k2.getFormat())) {
368 System.out.println("DIFFERENT Key Format");
369 equal = false;
370 } else if (!Arrays.equals(k1.getEncoded(), k2.getEncoded())) {
371 System.out.println("DIFFERENT Key Encoding");
372 equal = false;
373 }
374 return equal;
375 }
376
377 // The cases on CFB128 mode have to be skipped on pre-S11.3.
378 private static boolean isBadSolaris() {
379 return Platform.isSolaris()
380 && Platform.getOsVersionMajor() <= 5
381 && Platform.getOsVersionMinor() <= 11
382 && Utils.distro().compareTo("11.3") < 0;
383 }
384 }