1 /* 2 * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 7088989 8014374 8167512 8173708 27 * @summary Ensure the AES ciphers of OracleUcrypto provider works correctly 28 * @key randomness 29 * @library /test/lib 30 * @build jdk.test.lib.Platform 31 * jdk.test.lib.Utils 32 * @run main TestAES 33 * @run main/othervm -Dpolicy=empty.policy TestAES 34 */ 35 36 import java.security.*; 37 import java.security.spec.*; 38 import java.util.*; 39 import javax.crypto.*; 40 import javax.crypto.spec.*; 41 42 import jdk.test.lib.OSVersion; 43 import jdk.test.lib.Platform; 44 import jdk.test.lib.Utils; 45 46 public class TestAES extends UcryptoTest { 47 48 private static final String[] PADDEDCIPHER_ALGOS = { 49 "AES/ECB/PKCS5Padding", 50 "AES/CBC/PKCS5Padding", 51 "AES/CFB128/PKCS5Padding" 52 }; 53 54 private static final String[] CIPHER_ALGOS = { 55 "AES/ECB/NoPadding", 56 "AES/CBC/NoPadding", 57 "AES/CFB128/NoPadding", 58 "AES/CTR/NoPadding", 59 }; 60 61 private static final SecretKey CIPHER_KEY = 62 new SecretKeySpec(new byte[16], "AES"); 63 64 private static final boolean IS_BAD_SOLARIS = isBadSolaris(); 65 66 public static void main(String[] args) throws Exception { 67 // It has to determine Solaris version before enabling security manager. 68 // Because that needs some permissions, like java.io.FilePermission. 69 String policy = System.getProperty("policy"); 70 if (policy != null) { 71 enableSecurityManager(policy); 72 } 73 74 main(new TestAES(), null); 75 } 76 77 // Enables security manager and uses the specified policy file to override 78 // the default one. 79 private static void enableSecurityManager(String policy) { 80 String policyURL = "file://" + System.getProperty("test.src", ".") + "/" 81 + policy; 82 System.out.println("policyURL: " + policyURL); 83 Security.setProperty("policy.url.1", policyURL); 84 System.setSecurityManager(new SecurityManager()); 85 } 86 87 public void doTest(Provider prov) throws Exception { 88 // Provider for testing Interoperability 89 Provider sunJCEProv = Security.getProvider("SunJCE"); 90 91 testCipherInterop(CIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv); 92 testCipherInterop(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv); 93 94 testCipherOffset(CIPHER_ALGOS, CIPHER_KEY, prov); 95 testCipherOffset(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov); 96 97 testCipherKeyWrapping(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv); 98 testCipherGCM(CIPHER_KEY, prov); 99 } 100 101 private static void testCipherInterop(String[] algos, SecretKey key, 102 Provider p, 103 Provider interopP) { 104 boolean testPassed = true; 105 byte[] in = new byte[32]; 106 (new SecureRandom()).nextBytes(in); 107 108 for (String algo : algos) { 109 try { 110 // check ENC 111 Cipher c; 112 try { 113 c = Cipher.getInstance(algo, p); 114 } catch (NoSuchAlgorithmException nsae) { 115 System.out.println("Skipping Unsupported CIP algo: " + algo); 116 continue; 117 } 118 c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null); 119 byte[] eout = c.doFinal(in, 0, in.length); 120 121 AlgorithmParameters params = c.getParameters(); 122 Cipher c2 = Cipher.getInstance(algo, interopP); 123 c2.init(Cipher.ENCRYPT_MODE, key, params, null); 124 byte[] eout2 = c2.doFinal(in, 0, in.length); 125 126 if (!Arrays.equals(eout, eout2)) { 127 System.out.println(algo + ": DIFF FAILED"); 128 testPassed = false; 129 } else { 130 System.out.println(algo + ": ENC Passed"); 131 } 132 133 // check DEC 134 c.init(Cipher.DECRYPT_MODE, key, params, null); 135 byte[] dout = c.doFinal(eout); 136 c2.init(Cipher.DECRYPT_MODE, key, params, null); 137 byte[] dout2 = c2.doFinal(eout2); 138 139 if (!Arrays.equals(dout, dout2)) { 140 System.out.println(algo + ": DIFF FAILED"); 141 testPassed = false; 142 } else { 143 System.out.println(algo + ": DEC Passed"); 144 } 145 } catch(Exception ex) { 146 System.out.println("Unexpected Exception: " + algo); 147 ex.printStackTrace(); 148 testPassed = false; 149 } 150 } 151 152 if (!testPassed) { 153 throw new RuntimeException("One or more CIPHER test failed!"); 154 } else { 155 System.out.println("CIPHER Interop Tests Passed"); 156 } 157 } 158 159 private static void testCipherOffset(String[] algos, SecretKey key, 160 Provider p) { 161 boolean testPassed = true; 162 byte[] in = new byte[16]; 163 (new SecureRandom()).nextBytes(in); 164 165 for (int i = 0; i < algos.length; i++) { 166 if (IS_BAD_SOLARIS 167 && algos[i].indexOf("CFB128") != -1 168 && p.getName().equals("OracleUcrypto")) { 169 System.out.println("Ignore cases on CFB128 due to a pre-S11.3 bug"); 170 continue; 171 } 172 173 for (int j = 1; j < (in.length - 1); j++) { 174 System.out.println("Input offset size: " + j); 175 176 try { 177 // check ENC 178 Cipher c; 179 try { 180 c = Cipher.getInstance(algos[i], p); 181 } catch (NoSuchAlgorithmException nsae) { 182 System.out.println("Skip Unsupported CIP algo: " + algos[i]); 183 continue; 184 } 185 c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null); 186 byte[] eout = new byte[c.getOutputSize(in.length)]; 187 int firstPartLen = in.length - j - 1; 188 //System.out.print("1st UPDATE: " + firstPartLen); 189 int k = c.update(in, 0, firstPartLen, eout, 0); 190 k += c.update(in, firstPartLen, 1, eout, k); 191 k += c.doFinal(in, firstPartLen+1, j, eout, k); 192 193 AlgorithmParameters params = c.getParameters(); 194 195 Cipher c2 = Cipher.getInstance(algos[i], p); 196 c2.init(Cipher.ENCRYPT_MODE, key, params, null); 197 byte[] eout2 = new byte[c2.getOutputSize(in.length)]; 198 int k2 = c2.update(in, 0, j, eout2, 0); 199 k2 += c2.update(in, j, 1, eout2, k2); 200 k2 += c2.doFinal(in, j+1, firstPartLen, eout2, k2); 201 202 if (!checkArrays(eout, k, eout2, k2)) testPassed = false; 203 204 // check DEC 205 c.init(Cipher.DECRYPT_MODE, key, params, null); 206 byte[] dout = new byte[c.getOutputSize(eout.length)]; 207 k = c.update(eout, 0, firstPartLen, dout, 0); 208 k += c.update(eout, firstPartLen, 1, dout, k); 209 k += c.doFinal(eout, firstPartLen+1, eout.length - firstPartLen - 1, dout, k); 210 if (!checkArrays(in, in.length, dout, k)) testPassed = false; 211 } catch(Exception ex) { 212 System.out.println("Unexpected Exception: " + algos[i]); 213 ex.printStackTrace(); 214 testPassed = false; 215 } 216 } 217 } 218 if (!testPassed) { 219 throw new RuntimeException("One or more CIPHER test failed!"); 220 } else { 221 System.out.println("CIPHER Offset Tests Passed"); 222 } 223 } 224 225 private static void testCipherKeyWrapping(String[] algos, SecretKey key, 226 Provider p, Provider interopP) 227 throws NoSuchAlgorithmException { 228 boolean testPassed = true; 229 230 // Test SecretKey, PrivateKey and PublicKey 231 Key[] tbwKeys = new Key[3]; 232 int[] tbwKeyTypes = { Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, Cipher.PUBLIC_KEY }; 233 tbwKeys[0] = new SecretKeySpec(new byte[20], "Blowfish"); 234 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); 235 kpg.initialize(1024); 236 KeyPair kp = kpg.generateKeyPair(); 237 tbwKeys[1] = kp.getPrivate(); 238 tbwKeys[2] = kp.getPublic(); 239 240 for (int i = 0; i < algos.length; i++) { 241 try { 242 System.out.println(algos[i] + " - Native WRAP/Java UNWRAP"); 243 244 Cipher c1; 245 try { 246 c1 = Cipher.getInstance(algos[i], p); 247 } catch (NoSuchAlgorithmException nsae) { 248 System.out.println("Skipping Unsupported CIP algo: " + algos[i]); 249 continue; 250 } 251 c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null); 252 AlgorithmParameters params = c1.getParameters(); 253 Cipher c2 = Cipher.getInstance(algos[i], interopP); 254 c2.init(Cipher.UNWRAP_MODE, key, params, null); 255 256 for (int j = 0; j < tbwKeys.length ; j++) { 257 byte[] wrappedKey = c1.wrap(tbwKeys[j]); 258 Key recovered = c2.unwrap(wrappedKey, 259 tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]); 260 if (!checkKeys(tbwKeys[j], recovered)) testPassed = false; 261 } 262 263 System.out.println(algos[i] + " - Java WRAP/Native UNWRAP"); 264 c1 = Cipher.getInstance(algos[i], interopP); 265 c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null); 266 params = c1.getParameters(); 267 c2 = Cipher.getInstance(algos[i], p); 268 c2.init(Cipher.UNWRAP_MODE, key, params, null); 269 270 for (int j = 0; j < tbwKeys.length ; j++) { 271 byte[] wrappedKey = c1.wrap(tbwKeys[j]); 272 Key recovered = c2.unwrap(wrappedKey, 273 tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]); 274 if (!checkKeys(tbwKeys[j], recovered)) testPassed = false; 275 } 276 277 } catch(Exception ex) { 278 System.out.println("Unexpected Exception: " + algos[i]); 279 ex.printStackTrace(); 280 testPassed = false; 281 } 282 } 283 if (!testPassed) { 284 throw new RuntimeException("One or more CIPHER test failed!"); 285 } else { 286 System.out.println("CIPHER KeyWrapping Tests Passed"); 287 } 288 } 289 290 private static void testCipherGCM(SecretKey key, 291 Provider p) { 292 boolean testPassed = true; 293 byte[] in = new byte[16]; 294 (new SecureRandom()).nextBytes(in); 295 296 byte[] iv = new byte[16]; 297 (new SecureRandom()).nextBytes(iv); 298 299 300 String algo = "AES/GCM/NoPadding"; 301 int tagLen[] = { 128, 120, 112, 104, 96, 64, 32 }; 302 303 try { 304 Cipher c; 305 try { 306 c = Cipher.getInstance(algo, p); 307 } catch (NoSuchAlgorithmException nsae) { 308 System.out.println("Skipping Unsupported CIP algo: " + algo); 309 return; 310 } 311 for (int i = 0; i < tagLen.length; i++) { 312 // change iv value to pass the key+iv uniqueness cehck for 313 // GCM encryption 314 iv[0] += 1; 315 AlgorithmParameterSpec paramSpec = new GCMParameterSpec(tagLen[i], iv); 316 // check ENC 317 c.init(Cipher.ENCRYPT_MODE, key, paramSpec, null); 318 c.updateAAD(iv); 319 byte[] eout = c.doFinal(in, 0, in.length); 320 321 AlgorithmParameters param = c.getParameters(); 322 // check DEC 323 c.init(Cipher.DECRYPT_MODE, key, param, null); 324 c.updateAAD(iv); 325 byte[] dout = c.doFinal(eout, 0, eout.length); 326 327 if (!Arrays.equals(dout, in)) { 328 System.out.println(algo + ": PT and RT DIFF FAILED"); 329 testPassed = false; 330 } else { 331 System.out.println(algo + ": tagLen " + tagLen[i] + " done"); 332 } 333 } 334 } catch(Exception ex) { 335 System.out.println("Unexpected Exception: " + algo); 336 ex.printStackTrace(); 337 testPassed = false; 338 } 339 if (!testPassed) { 340 throw new RuntimeException("One or more CIPHER test failed!"); 341 } else { 342 System.out.println("CIPHER GCM Tests Passed"); 343 } 344 } 345 346 private static boolean checkArrays(byte[] a1, int a1Len, byte[] a2, int a2Len) { 347 boolean equal = true; 348 if (a1Len != a2Len) { 349 System.out.println("DIFFERENT OUT LENGTH"); 350 equal = false; 351 } else { 352 for (int p = 0; p < a1Len; p++) { 353 if (a1[p] != a2[p]) { 354 System.out.println("DIFF FAILED"); 355 equal = false; 356 break; 357 } 358 } 359 } 360 return equal; 361 } 362 363 private static boolean checkKeys(Key k1, Key k2) { 364 boolean equal = true; 365 if (!k1.getAlgorithm().equalsIgnoreCase(k2.getAlgorithm())) { 366 System.out.println("DIFFERENT Key Algorithm"); 367 equal = false; 368 } else if (!k1.getFormat().equalsIgnoreCase(k2.getFormat())) { 369 System.out.println("DIFFERENT Key Format"); 370 equal = false; 371 } else if (!Arrays.equals(k1.getEncoded(), k2.getEncoded())) { 372 System.out.println("DIFFERENT Key Encoding"); 373 equal = false; 374 } 375 return equal; 376 } 377 378 // The cases on CFB128 mode have to be skipped on pre-S11.3. 379 private static boolean isBadSolaris() { 380 return Platform.isSolaris() && OSVersion.current().compareTo(new OSVersion(11, 3)) < 0; 381 } 382 }