CoCalc -- TestGCMKeyAndIvCheck.java

GitHub Repository: PojavLauncherTeam/mobile
Path: blob/master/test/jdk/sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java
⁴¹¹⁵² views
1
/*
2
 * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 8080462 8229243
27
 * @library /test/lib ..
28
 * @modules jdk.crypto.cryptoki
29
 * @run main TestGCMKeyAndIvCheck
30
 * @summary Ensure that same key+iv can't be repeated used for encryption.
31
 */
32

33

34
import java.security.*;
35
import java.security.spec.AlgorithmParameterSpec;
36
import javax.crypto.*;
37
import javax.crypto.spec.*;
38
import java.math.*;
39

40
import java.util.*;
41

42
public class TestGCMKeyAndIvCheck extends PKCS11Test {
43

44
    private static final byte[] AAD = new byte[5];
45
    private static final byte[] PT = new byte[18];
46

47
    public static void main(String[] args) throws Exception {
48
        main(new TestGCMKeyAndIvCheck(), args);
49
    }
50

51
    private static void checkISE(Cipher c) throws Exception {
52
        // Subsequent encryptions should fail
53
        try {
54
            c.updateAAD(AAD);
55
            throw new Exception("Should throw ISE for updateAAD()");
56
        } catch (IllegalStateException ise) {
57
            // expected
58
        }
59

60
        try {
61
            c.update(PT);
62
            throw new Exception("Should throw ISE for update()");
63
        } catch (IllegalStateException ise) {
64
            // expected
65
        }
66
        try {
67
            c.doFinal(PT);
68
            throw new Exception("Should throw ISE for doFinal()");
69
        } catch (IllegalStateException ise) {
70
            // expected
71
        }
72
    }
73

74
    public void test(String mode, Provider p) throws Exception {
75
        Cipher c;
76
        try {
77
            String transformation = "AES/" + mode + "/NoPadding";
78
            c = Cipher.getInstance(transformation, p);
79
        } catch (GeneralSecurityException e) {
80
            System.out.println("Skip testing " + p.getName() +
81
                    ", no support for " + mode);
82
            return;
83
        }
84
        System.out.println("Testing against " + p.getName());
85
        SecretKey key = new SecretKeySpec(new byte[16], "AES");
86
        // First try parameter-less init.
87
        c.init(Cipher.ENCRYPT_MODE, key);
88
        c.updateAAD(AAD);
89
        byte[] ctPlusTag = c.doFinal(PT);
90

91
        // subsequent encryption should fail unless re-init w/ different key+iv
92
        checkISE(c);
93

94
        // Validate the retrieved parameters against the IV and tag length.
95
        AlgorithmParameters params = c.getParameters();
96
        if (params == null) {
97
            throw new Exception("getParameters() should not return null");
98
        }
99
        byte[] iv = null;
100
        int tagLength = 0; // in bits
101
        if (mode.equalsIgnoreCase("GCM")) {
102
            GCMParameterSpec spec = params.getParameterSpec(GCMParameterSpec.class);
103
            tagLength = spec.getTLen();
104
            iv = spec.getIV();
105
        } else {
106
            throw new RuntimeException("Error: Unsupported mode: " + mode);
107
        }
108
        if (tagLength != (ctPlusTag.length - PT.length)*8) {
109
            throw new Exception("Parameters contains incorrect TLen value");
110
        }
111
        if (!Arrays.equals(iv, c.getIV())) {
112
            throw new Exception("Parameters contains incorrect IV value");
113
        }
114

115
        c.init(Cipher.DECRYPT_MODE, key, params);
116
        c.updateAAD(AAD);
117
        byte[] recovered = c.doFinal(ctPlusTag);
118
        if (!Arrays.equals(recovered, PT)) {
119
            throw new Exception("Decryption result mismatch");
120
        }
121

122
        // Now try to encrypt again using the same key+iv; should fail also
123
        try {
124
            c.init(Cipher.ENCRYPT_MODE, key, params);
125
            throw new Exception("Should throw exception when same key+iv is used");
126
        } catch (InvalidAlgorithmParameterException iape) {
127
            // expected
128
            System.out.println("Expected IAPE thrown");
129
        }
130

131
        // Now try to encrypt again using parameter-less init; should work
132
        c.init(Cipher.ENCRYPT_MODE, key);
133
        c.doFinal(PT);
134

135
        // make sure a different iv is used
136
        byte[] ivNew = c.getIV();
137
        if (Arrays.equals(iv, ivNew)) {
138
            throw new Exception("IV should be different now");
139
        }
140

141
        // Now try to encrypt again using a different parameter; should work
142
        AlgorithmParameterSpec spec2 = new GCMParameterSpec(128,
143
            "Solaris PKCS11 lib does not allow all-zero IV".getBytes());
144
        c.init(Cipher.ENCRYPT_MODE, key, spec2);
145
        c.updateAAD(AAD);
146
        c.doFinal(PT);
147
        // subsequent encryption should fail unless re-init w/ different key+iv
148
        checkISE(c);
149

150
        // Now try decryption twice in a row; no re-init required and
151
        // same parameters is used.
152
        c.init(Cipher.DECRYPT_MODE, key, params);
153
        c.updateAAD(AAD);
154
        recovered = c.doFinal(ctPlusTag);
155

156
        c.updateAAD(AAD);
157
        recovered = c.doFinal(ctPlusTag);
158
        if (!Arrays.equals(recovered, PT)) {
159
            throw new Exception("Decryption result mismatch");
160
        }
161

162
        // Now try decryption again and re-init using the same parameters
163
        c.init(Cipher.DECRYPT_MODE, key, params);
164
        c.updateAAD(AAD);
165
        recovered = c.doFinal(ctPlusTag);
166

167
        // init to decrypt w/o parameters; should fail with IKE as
168
        // javadoc specified
169
        try {
170
            c.init(Cipher.DECRYPT_MODE, key);
171
            throw new Exception("Should throw IKE for dec w/o params");
172
        } catch (InvalidKeyException ike) {
173
            // expected
174
        }
175

176
        // Lastly, try encryption AND decryption w/ wrong type of parameters,
177
        // e.g. IvParameterSpec
178
        try {
179
            c.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
180
            throw new Exception("Should throw IAPE");
181
        } catch (InvalidAlgorithmParameterException iape) {
182
            // expected
183
        }
184
        try {
185
            c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));
186
            throw new Exception("Should throw IAPE");
187
        } catch (InvalidAlgorithmParameterException iape) {
188
            // expected
189
        }
190

191
        System.out.println("Test Passed!");
192
    }
193

194
    @Override
195
    public void main(Provider p) throws Exception {
196
        test("GCM", p);
197
    }
198
}
199

200

201
Product

Resources

Company
