Path: blob/master/test/jdk/com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java
41161 views
/*1* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 699676926* @library ../UTIL27* @build TestUtil28* @run main TestGCMKeyAndIvCheck29* @summary Ensure that same key+iv can't be repeated used for encryption.30* @author Valerie Peng31*/323334import java.security.*;35import javax.crypto.*;36import javax.crypto.spec.*;37import java.math.*;3839import java.util.*;4041public class TestGCMKeyAndIvCheck {4243private static final byte[] AAD = new byte[5];44private static final byte[] PT = new byte[18];4546private static void checkISE(Cipher c) throws Exception {47// Subsequent encryptions should fail48try {49c.updateAAD(AAD);50throw new Exception("Should throw ISE for updateAAD()");51} catch (IllegalStateException ise) {52// expected53}5455try {56c.update(PT);57throw new Exception("Should throw ISE for update()");58} catch (IllegalStateException ise) {59// expected60}61try {62c.doFinal(PT);63throw new Exception("Should throw ISE for doFinal()");64} catch (IllegalStateException ise) {65// expected66}67}6869public void test() throws Exception {70Cipher c = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");7172SecretKey key = new SecretKeySpec(new byte[16], "AES");73// First try parameter-less init.74c.init(Cipher.ENCRYPT_MODE, key);75c.updateAAD(AAD);76byte[] ctPlusTag = c.doFinal(PT);7778// subsequent encryption should fail unless re-init w/ different key+iv79checkISE(c);8081// Validate the retrieved parameters against the IV and tag length.82AlgorithmParameters params = c.getParameters();83if (params == null) {84throw new Exception("getParameters() should not return null");85}86GCMParameterSpec spec = params.getParameterSpec(GCMParameterSpec.class);87if (spec.getTLen() != (ctPlusTag.length - PT.length)*8) {88throw new Exception("Parameters contains incorrect TLen value");89}90if (!Arrays.equals(spec.getIV(), c.getIV())) {91throw new Exception("Parameters contains incorrect IV value");92}9394// Should be ok to use the same key+iv for decryption95c.init(Cipher.DECRYPT_MODE, key, params);96c.updateAAD(AAD);97byte[] recovered = c.doFinal(ctPlusTag);98if (!Arrays.equals(recovered, PT)) {99throw new Exception("decryption result mismatch");100}101102// Now try to encrypt again using the same key+iv; should fail also103try {104c.init(Cipher.ENCRYPT_MODE, key, params);105throw new Exception("Should throw exception when same key+iv is used");106} catch (InvalidAlgorithmParameterException iape) {107// expected108}109110// Now try to encrypt again using parameter-less init; should work111c.init(Cipher.ENCRYPT_MODE, key);112c.doFinal(PT);113114// make sure a different iv is used115byte[] iv = c.getIV();116if (Arrays.equals(spec.getIV(), iv)) {117throw new Exception("IV should be different now");118}119120// Now try to encrypt again using a different parameter; should work121c.init(Cipher.ENCRYPT_MODE, key, new GCMParameterSpec(128, new byte[30]));122c.updateAAD(AAD);123c.doFinal(PT);124// subsequent encryption should fail unless re-init w/ different key+iv125checkISE(c);126127// Now try decryption twice in a row; no re-init required and128// same parameters is used.129c.init(Cipher.DECRYPT_MODE, key, params);130c.updateAAD(AAD);131recovered = c.doFinal(ctPlusTag);132133c.updateAAD(AAD);134recovered = c.doFinal(ctPlusTag);135if (!Arrays.equals(recovered, PT)) {136throw new Exception("decryption result mismatch");137}138139// Now try decryption again and re-init using the same parameters140c.init(Cipher.DECRYPT_MODE, key, params);141c.updateAAD(AAD);142recovered = c.doFinal(ctPlusTag);143144// init to decrypt w/o parameters; should fail with IKE as145// javadoc specified146try {147c.init(Cipher.DECRYPT_MODE, key);148throw new Exception("Should throw IKE for dec w/o params");149} catch (InvalidKeyException ike) {150// expected151}152153// Lastly, try encryption AND decryption w/ wrong type of parameters,154// e.g. IvParameterSpec155try {156c.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));157throw new Exception("Should throw IAPE");158} catch (InvalidAlgorithmParameterException iape) {159// expected160}161try {162c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));163throw new Exception("Should throw IAPE");164} catch (InvalidAlgorithmParameterException iape) {165// expected166}167168System.out.println("Test Passed!");169}170171public static void main (String[] args) throws Exception {172TestGCMKeyAndIvCheck t = new TestGCMKeyAndIvCheck();173t.test();174}175}176177178179