1
/*
2
 * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 8248268
27
 * @summary Verify general properties of the AES/KW/NoPadding,
28
 *     AES/KW/PKCS5Padding, and AES/KWP/NoPadding.
29
 * @run main TestGeneral
30
 */
31
import java.util.Arrays;
32
import java.util.Random;
33
import java.security.Key;
34
import java.security.InvalidAlgorithmParameterException;
35
import javax.crypto.*;
36
import javax.crypto.spec.*;
37

38
public class TestGeneral {
39

40
    private static final SecretKey KEY = new SecretKeySpec(new byte[16], "AES");;
41
    private static final int KW_IV_LEN = 8;
42
    private static final int KWP_IV_LEN = 4;
43
    private static final int MAX_KW_PKCS5PAD_LEN = 16; // 1-16
44
    private static final int MAX_KWP_PAD_LEN = 7; // 0...7
45

46
    public static void testEnc(Cipher c, byte[] in, int inLen, int ivLen,
47
            int maxPadLen) throws Exception {
48

49
        System.out.println("input len: " + inLen);
50
        c.init(Cipher.ENCRYPT_MODE, KEY, new IvParameterSpec(in, 0, ivLen));
51

52
        int estOutLen = c.getOutputSize(inLen);
53

54
        byte[] out = c.doFinal(in, 0, inLen);
55

56
        // for encryption output, the estimate should match the actual
57
        if (estOutLen != out.length) {
58
            System.out.println("=> estimated: " + estOutLen);
59
            System.out.println("=> actual enc out length: " + out.length);
60
            throw new RuntimeException("Failed enc output len check");
61
        }
62

63
        // encryption outout should always be multiple of 8 and at least 8-byte
64
        // longer than input
65
        if ((out.length % 8 != 0) || (out.length - inLen < 8)) {
66
            throw new RuntimeException("Invalid length of encrypted data: " +
67
                out.length);
68
        }
69

70
        c.init(Cipher.DECRYPT_MODE, KEY, new IvParameterSpec(in, 0, ivLen));
71
        estOutLen = c.getOutputSize(out.length);
72

73
        byte[] in2 = c.doFinal(out);
74

75
        // for decryption output, the estimate should match the actual for
76
        // AES/KW/NoPadding and slightly larger than the actual for the rest
77
        if (estOutLen < in2.length || (estOutLen - in2.length) > maxPadLen) {
78
            System.out.println("=> estimated: " + estOutLen);
79
            System.out.println("=> actual dec out length: " + in2.length);
80
            throw new RuntimeException("Failed dec output len check");
81
        }
82

83
        if (!Arrays.equals(in, 0, inLen, in2, 0, inLen)) {
84
            throw new RuntimeException("Failed decrypted data check");
85
        }
86
    }
87

88
    public static void testWrap(Cipher c, byte[] in, int inLen, int ivLen,
89
            int maxPadLen) throws Exception {
90

91
        System.out.println("key len: " + inLen);
92
        c.init(Cipher.WRAP_MODE, KEY, new IvParameterSpec(in, 0, ivLen));
93

94
        int estOutLen = c.getOutputSize(inLen);
95

96
        byte[] out = c.wrap(new SecretKeySpec(in, 0, inLen, "Any"));
97

98
        // for encryption output, the estimate should match the actual
99
        if (estOutLen != out.length) {
100
            System.out.println("=> estimated: " + estOutLen);
101
            System.out.println("=> actual wrap out length: " + out.length);
102
            throw new RuntimeException("Failed wrap output len check");
103
        }
104

105
        // encryption outout should always be multiple of 8 and at least 8-byte
106
        // longer than input
107
        if ((out.length % 8 != 0) || (out.length - inLen < 8)) {
108
            throw new RuntimeException("Invalid length of encrypted data: " +
109
                out.length);
110
        }
111
        c.init(Cipher.UNWRAP_MODE, KEY, new IvParameterSpec(in, 0, ivLen));
112
        estOutLen = c.getOutputSize(out.length);
113

114
        Key key2 = c.unwrap(out, "Any", Cipher.SECRET_KEY);
115

116
        if (!(key2 instanceof SecretKey)) {
117
            throw new RuntimeException("Failed unwrap output type check");
118
        }
119

120
        byte[] in2 = key2.getEncoded();
121
        // for decryption output, the estimate should match the actual for
122
        // AES/KW/NoPadding and slightly larger than the actual for the rest
123
        if (estOutLen < in2.length || (estOutLen - in2.length) > maxPadLen) {
124
            System.out.println("=> estimated: " + estOutLen);
125
            System.out.println("=> actual unwrap out length: " + in2.length);
126
            throw new RuntimeException("Failed unwrap output len check");
127
        }
128

129
        if (inLen != in2.length ||
130
                !Arrays.equals(in, 0, inLen, in2, 0, inLen)) {
131
            throw new RuntimeException("Failed unwrap data check");
132
        }
133
    }
134

135
    public static void testIv(Cipher c) throws Exception {
136
        c.init(Cipher.ENCRYPT_MODE, KEY);
137
        byte[] defIv = c.getIV();
138
        // try init w/ an iv w/ different length
139
        try {
140
            c.init(Cipher.ENCRYPT_MODE, KEY, new IvParameterSpec(defIv, 0,
141
                defIv.length/2));
142
        } catch (InvalidAlgorithmParameterException iape) {
143
            System.out.println("Invalid IV rejected as expected");
144
        }
145
        Arrays.fill(defIv, (byte) 0xFF);
146
        c.init(Cipher.ENCRYPT_MODE, KEY, new IvParameterSpec(defIv));
147
        byte[] newIv = c.getIV();
148
        if (!Arrays.equals(newIv, defIv)) {
149
            throw new RuntimeException("Failed iv check");
150
        }
151
    }
152

153
    public static void main(String[] argv) throws Exception {
154
        // test all possible pad lengths, i.e. 1 - 16
155
        byte[] data = new byte[128];
156
        new Random().nextBytes(data);
157

158
        String ALGO = "AES/KW/PKCS5Padding";
159
        System.out.println("Testing " + ALGO);
160
        Cipher c = Cipher.getInstance(ALGO, "SunJCE");
161
        for (int i = 0; i < MAX_KW_PKCS5PAD_LEN; i++) {
162
            testEnc(c, data, data.length - i, KW_IV_LEN, MAX_KW_PKCS5PAD_LEN);
163
            testWrap(c, data, data.length - i, KW_IV_LEN, MAX_KW_PKCS5PAD_LEN);
164
        }
165
        testIv(c);
166

167
        ALGO = "AES/KW/NoPadding";
168
        System.out.println("Testing " + ALGO);
169
        c = Cipher.getInstance(ALGO, "SunJCE");
170
        testEnc(c, data, data.length, KW_IV_LEN, 0);
171
        testEnc(c, data, data.length >> 1, KW_IV_LEN, 0);
172
        testWrap(c, data, data.length, KW_IV_LEN, 0);
173
        testWrap(c, data, data.length >> 1, KW_IV_LEN, 0);
174
        testIv(c);
175

176
        ALGO = "AES/KWP/NoPadding";
177
        System.out.println("Testing " + ALGO);
178
        c = Cipher.getInstance(ALGO, "SunJCE");
179
        for (int i = 0; i < MAX_KWP_PAD_LEN; i++) {
180
            testEnc(c, data, data.length - i, KWP_IV_LEN, MAX_KWP_PAD_LEN);
181
            testWrap(c, data, data.length - i, KWP_IV_LEN, MAX_KWP_PAD_LEN);
182
        }
183
        testIv(c);
184

185
        System.out.println("All Tests Passed");
186
    }
187
}
188

189