1/* 2 * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/* 25 * @test 26 * @bug 7088989 8014374 8167512 8173708 27 * @summary Ensure the AES ciphers of OracleUcrypto provider works correctly 28 * @key randomness 29 * @library /test/lib 30 * @build jdk.test.lib.Platform 31 * jdk.test.lib.Utils 32 * @run main TestAES 33 * @run main/othervm -Dpolicy=empty.policy TestAES 34 */ 35 36import java.security.*; 37import java.security.spec.*; 38import java.util.*; 39import javax.crypto.*; 40import javax.crypto.spec.*; 41 42import jdk.test.lib.Platform; 43import jdk.test.lib.Utils; 44 45public class TestAES extends UcryptoTest { 46 47 private static final String[] PADDEDCIPHER_ALGOS = { 48 "AES/ECB/PKCS5Padding", 49 "AES/CBC/PKCS5Padding", 50 "AES/CFB128/PKCS5Padding" 51 }; 52 53 private static final String[] CIPHER_ALGOS = { 54 "AES/ECB/NoPadding", 55 "AES/CBC/NoPadding", 56 "AES/CFB128/NoPadding", 57 "AES/CTR/NoPadding", 58 }; 59 60 private static final SecretKey CIPHER_KEY = 61 new SecretKeySpec(new byte[16], "AES"); 62 63 private static final boolean IS_BAD_SOLARIS = isBadSolaris(); 64 65 public static void main(String[] args) throws Exception { 66 // It has to determine Solaris version before enabling security manager. 67 // Because that needs some permissions, like java.io.FilePermission. 68 String policy = System.getProperty("policy"); 69 if (policy != null) { 70 enableSecurityManager(policy); 71 } 72 73 main(new TestAES(), null); 74 } 75 76 // Enables security manager and uses the specified policy file to override 77 // the default one. 78 private static void enableSecurityManager(String policy) { 79 String policyURL = "file://" + System.getProperty("test.src", ".") + "/" 80 + policy; 81 System.out.println("policyURL: " + policyURL); 82 Security.setProperty("policy.url.1", policyURL); 83 System.setSecurityManager(new SecurityManager()); 84 } 85 86 public void doTest(Provider prov) throws Exception { 87 // Provider for testing Interoperability 88 Provider sunJCEProv = Security.getProvider("SunJCE"); 89 90 testCipherInterop(CIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv); 91 testCipherInterop(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv); 92 93 testCipherOffset(CIPHER_ALGOS, CIPHER_KEY, prov); 94 testCipherOffset(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov); 95 96 testCipherKeyWrapping(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv); 97 testCipherGCM(CIPHER_KEY, prov); 98 } 99 100 private static void testCipherInterop(String[] algos, SecretKey key, 101 Provider p, 102 Provider interopP) { 103 boolean testPassed = true; 104 byte[] in = new byte[32]; 105 (new SecureRandom()).nextBytes(in); 106 107 for (String algo : algos) { 108 try { 109 // check ENC 110 Cipher c; 111 try { 112 c = Cipher.getInstance(algo, p); 113 } catch (NoSuchAlgorithmException nsae) { 114 System.out.println("Skipping Unsupported CIP algo: " + algo); 115 continue; 116 } 117 c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null); 118 byte[] eout = c.doFinal(in, 0, in.length); 119 120 AlgorithmParameters params = c.getParameters(); 121 Cipher c2 = Cipher.getInstance(algo, interopP); 122 c2.init(Cipher.ENCRYPT_MODE, key, params, null); 123 byte[] eout2 = c2.doFinal(in, 0, in.length); 124 125 if (!Arrays.equals(eout, eout2)) { 126 System.out.println(algo + ": DIFF FAILED"); 127 testPassed = false; 128 } else { 129 System.out.println(algo + ": ENC Passed"); 130 } 131 132 // check DEC 133 c.init(Cipher.DECRYPT_MODE, key, params, null); 134 byte[] dout = c.doFinal(eout); 135 c2.init(Cipher.DECRYPT_MODE, key, params, null); 136 byte[] dout2 = c2.doFinal(eout2); 137 138 if (!Arrays.equals(dout, dout2)) { 139 System.out.println(algo + ": DIFF FAILED"); 140 testPassed = false; 141 } else { 142 System.out.println(algo + ": DEC Passed"); 143 } 144 } catch(Exception ex) { 145 System.out.println("Unexpected Exception: " + algo); 146 ex.printStackTrace(); 147 testPassed = false; 148 } 149 } 150 151 if (!testPassed) { 152 throw new RuntimeException("One or more CIPHER test failed!"); 153 } else { 154 System.out.println("CIPHER Interop Tests Passed"); 155 } 156 } 157 158 private static void testCipherOffset(String[] algos, SecretKey key, 159 Provider p) { 160 boolean testPassed = true; 161 byte[] in = new byte[16]; 162 (new SecureRandom()).nextBytes(in); 163 164 for (int i = 0; i < algos.length; i++) { 165 if (IS_BAD_SOLARIS 166 && algos[i].indexOf("CFB128") != -1 167 && p.getName().equals("OracleUcrypto")) { 168 System.out.println("Ignore cases on CFB128 due to a pre-S11.3 bug"); 169 continue; 170 } 171 172 for (int j = 1; j < (in.length - 1); j++) { 173 System.out.println("Input offset size: " + j); 174 175 try { 176 // check ENC 177 Cipher c; 178 try { 179 c = Cipher.getInstance(algos[i], p); 180 } catch (NoSuchAlgorithmException nsae) { 181 System.out.println("Skip Unsupported CIP algo: " + algos[i]); 182 continue; 183 } 184 c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null); 185 byte[] eout = new byte[c.getOutputSize(in.length)]; 186 int firstPartLen = in.length - j - 1; 187 //System.out.print("1st UPDATE: " + firstPartLen); 188 int k = c.update(in, 0, firstPartLen, eout, 0); 189 k += c.update(in, firstPartLen, 1, eout, k); 190 k += c.doFinal(in, firstPartLen+1, j, eout, k); 191 192 AlgorithmParameters params = c.getParameters(); 193 194 Cipher c2 = Cipher.getInstance(algos[i], p); 195 c2.init(Cipher.ENCRYPT_MODE, key, params, null); 196 byte[] eout2 = new byte[c2.getOutputSize(in.length)]; 197 int k2 = c2.update(in, 0, j, eout2, 0); 198 k2 += c2.update(in, j, 1, eout2, k2); 199 k2 += c2.doFinal(in, j+1, firstPartLen, eout2, k2); 200 201 if (!checkArrays(eout, k, eout2, k2)) testPassed = false; 202 203 // check DEC 204 c.init(Cipher.DECRYPT_MODE, key, params, null); 205 byte[] dout = new byte[c.getOutputSize(eout.length)]; 206 k = c.update(eout, 0, firstPartLen, dout, 0); 207 k += c.update(eout, firstPartLen, 1, dout, k); 208 k += c.doFinal(eout, firstPartLen+1, eout.length - firstPartLen - 1, dout, k); 209 if (!checkArrays(in, in.length, dout, k)) testPassed = false; 210 } catch(Exception ex) { 211 System.out.println("Unexpected Exception: " + algos[i]); 212 ex.printStackTrace(); 213 testPassed = false; 214 } 215 } 216 } 217 if (!testPassed) { 218 throw new RuntimeException("One or more CIPHER test failed!"); 219 } else { 220 System.out.println("CIPHER Offset Tests Passed"); 221 } 222 } 223 224 private static void testCipherKeyWrapping(String[] algos, SecretKey key, 225 Provider p, Provider interopP) 226 throws NoSuchAlgorithmException { 227 boolean testPassed = true; 228 229 // Test SecretKey, PrivateKey and PublicKey 230 Key[] tbwKeys = new Key[3]; 231 int[] tbwKeyTypes = { Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, Cipher.PUBLIC_KEY }; 232 tbwKeys[0] = new SecretKeySpec(new byte[20], "Blowfish"); 233 KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); 234 kpg.initialize(1024); 235 KeyPair kp = kpg.generateKeyPair(); 236 tbwKeys[1] = kp.getPrivate(); 237 tbwKeys[2] = kp.getPublic(); 238 239 for (int i = 0; i < algos.length; i++) { 240 try { 241 System.out.println(algos[i] + " - Native WRAP/Java UNWRAP"); 242 243 Cipher c1; 244 try { 245 c1 = Cipher.getInstance(algos[i], p); 246 } catch (NoSuchAlgorithmException nsae) { 247 System.out.println("Skipping Unsupported CIP algo: " + algos[i]); 248 continue; 249 } 250 c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null); 251 AlgorithmParameters params = c1.getParameters(); 252 Cipher c2 = Cipher.getInstance(algos[i], interopP); 253 c2.init(Cipher.UNWRAP_MODE, key, params, null); 254 255 for (int j = 0; j < tbwKeys.length ; j++) { 256 byte[] wrappedKey = c1.wrap(tbwKeys[j]); 257 Key recovered = c2.unwrap(wrappedKey, 258 tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]); 259 if (!checkKeys(tbwKeys[j], recovered)) testPassed = false; 260 } 261 262 System.out.println(algos[i] + " - Java WRAP/Native UNWRAP"); 263 c1 = Cipher.getInstance(algos[i], interopP); 264 c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null); 265 params = c1.getParameters(); 266 c2 = Cipher.getInstance(algos[i], p); 267 c2.init(Cipher.UNWRAP_MODE, key, params, null); 268 269 for (int j = 0; j < tbwKeys.length ; j++) { 270 byte[] wrappedKey = c1.wrap(tbwKeys[j]); 271 Key recovered = c2.unwrap(wrappedKey, 272 tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]); 273 if (!checkKeys(tbwKeys[j], recovered)) testPassed = false; 274 } 275 276 } catch(Exception ex) { 277 System.out.println("Unexpected Exception: " + algos[i]); 278 ex.printStackTrace(); 279 testPassed = false; 280 } 281 } 282 if (!testPassed) { 283 throw new RuntimeException("One or more CIPHER test failed!"); 284 } else { 285 System.out.println("CIPHER KeyWrapping Tests Passed"); 286 } 287 } 288 289 private static void testCipherGCM(SecretKey key, 290 Provider p) { 291 boolean testPassed = true; 292 byte[] in = new byte[16]; 293 (new SecureRandom()).nextBytes(in); 294 295 byte[] iv = new byte[16]; 296 (new SecureRandom()).nextBytes(iv); 297 298 299 String algo = "AES/GCM/NoPadding"; 300 int tagLen[] = { 128, 120, 112, 104, 96, 64, 32 }; 301 302 try { 303 Cipher c; 304 try { 305 c = Cipher.getInstance(algo, p); 306 } catch (NoSuchAlgorithmException nsae) { 307 System.out.println("Skipping Unsupported CIP algo: " + algo); 308 return; 309 } 310 for (int i = 0; i < tagLen.length; i++) { 311 // change iv value to pass the key+iv uniqueness cehck for 312 // GCM encryption 313 iv[0] += 1; 314 AlgorithmParameterSpec paramSpec = new GCMParameterSpec(tagLen[i], iv); 315 // check ENC 316 c.init(Cipher.ENCRYPT_MODE, key, paramSpec, null); 317 c.updateAAD(iv); 318 byte[] eout = c.doFinal(in, 0, in.length); 319 320 AlgorithmParameters param = c.getParameters(); 321 // check DEC 322 c.init(Cipher.DECRYPT_MODE, key, param, null); 323 c.updateAAD(iv); 324 byte[] dout = c.doFinal(eout, 0, eout.length); 325 326 if (!Arrays.equals(dout, in)) { 327 System.out.println(algo + ": PT and RT DIFF FAILED"); 328 testPassed = false; 329 } else { 330 System.out.println(algo + ": tagLen " + tagLen[i] + " done"); 331 } 332 } 333 } catch(Exception ex) { 334 System.out.println("Unexpected Exception: " + algo); 335 ex.printStackTrace(); 336 testPassed = false; 337 } 338 if (!testPassed) { 339 throw new RuntimeException("One or more CIPHER test failed!"); 340 } else { 341 System.out.println("CIPHER GCM Tests Passed"); 342 } 343 } 344 345 private static boolean checkArrays(byte[] a1, int a1Len, byte[] a2, int a2Len) { 346 boolean equal = true; 347 if (a1Len != a2Len) { 348 System.out.println("DIFFERENT OUT LENGTH"); 349 equal = false; 350 } else { 351 for (int p = 0; p < a1Len; p++) { 352 if (a1[p] != a2[p]) { 353 System.out.println("DIFF FAILED"); 354 equal = false; 355 break; 356 } 357 } 358 } 359 return equal; 360 } 361 362 private static boolean checkKeys(Key k1, Key k2) { 363 boolean equal = true; 364 if (!k1.getAlgorithm().equalsIgnoreCase(k2.getAlgorithm())) { 365 System.out.println("DIFFERENT Key Algorithm"); 366 equal = false; 367 } else if (!k1.getFormat().equalsIgnoreCase(k2.getFormat())) { 368 System.out.println("DIFFERENT Key Format"); 369 equal = false; 370 } else if (!Arrays.equals(k1.getEncoded(), k2.getEncoded())) { 371 System.out.println("DIFFERENT Key Encoding"); 372 equal = false; 373 } 374 return equal; 375 } 376 377 // The cases on CFB128 mode have to be skipped on pre-S11.3. 378 private static boolean isBadSolaris() { 379 return Platform.isSolaris() 380 && Platform.getOsVersionMajor() <= 5 381 && Platform.getOsVersionMinor() <= 11 382 && Utils.distro().compareTo("11.3") < 0; 383 } 384} 385