1
/*
2
 * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 6316539 8136355
27
 * @summary Known-answer-test for TlsKeyMaterial generator
28
 * @author Andreas Sterbenz
29
 * @library /test/lib ..
30
 * @modules java.base/sun.security.internal.spec
31
 *          jdk.crypto.cryptoki
32
 * @run main/othervm TestKeyMaterial
33
 * @run main/othervm -Djava.security.manager=allow TestKeyMaterial sm policy
34
 */
35

36
import java.io.BufferedReader;
37
import java.nio.file.Files;
38
import java.nio.file.Paths;
39
import java.security.InvalidAlgorithmParameterException;
40
import java.security.Provider;
41
import java.security.ProviderException;
42
import java.util.Arrays;
43

44
import javax.crypto.KeyGenerator;
45
import javax.crypto.SecretKey;
46
import javax.crypto.spec.IvParameterSpec;
47
import javax.crypto.spec.SecretKeySpec;
48

49
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
50
import sun.security.internal.spec.TlsKeyMaterialSpec;
51

52
public class TestKeyMaterial extends PKCS11Test {
53

54
    private static final int PREFIX_LENGTH = "km-master:  ".length();
55

56
    public static void main(String[] args) throws Exception {
57
        System.out.println("NSS Version: " + getNSSVersion());
58
        main(new TestKeyMaterial(), args);
59
    }
60

61
    @Override
62
    public void main(Provider provider) throws Exception {
63
        if (provider.getService("KeyGenerator", "SunTlsKeyMaterial") == null) {
64
            System.out.println("Provider does not support algorithm, skipping");
65
            return;
66
        }
67

68
        try (BufferedReader reader = Files.newBufferedReader(
69
                Paths.get(BASE, "keymatdata.txt"))) {
70

71
            int n = 0;
72
            int lineNumber = 0;
73

74
            byte[] master = null;
75
            int major = 0;
76
            int minor = 0;
77
            byte[] clientRandom = null;
78
            byte[] serverRandom = null;
79
            String cipherAlgorithm = null;
80
            int keyLength = 0;
81
            int expandedKeyLength = 0;
82
            int ivLength = 0;
83
            int macLength = 0;
84
            byte[] clientCipherBytes = null;
85
            byte[] serverCipherBytes = null;
86
            byte[] clientIv = null;
87
            byte[] serverIv = null;
88
            byte[] clientMacBytes = null;
89
            byte[] serverMacBytes = null;
90

91
            while (true) {
92
                String line = reader.readLine();
93
                lineNumber++;
94
                if (line == null) {
95
                    break;
96
                }
97
                if (line.startsWith("km-") == false) {
98
                    continue;
99
                }
100
                String data = line.substring(PREFIX_LENGTH);
101
                if (line.startsWith("km-master:")) {
102
                    master = parse(data);
103
                } else if (line.startsWith("km-major:")) {
104
                    major = Integer.parseInt(data);
105
                } else if (line.startsWith("km-minor:")) {
106
                    minor = Integer.parseInt(data);
107
                } else if (line.startsWith("km-crandom:")) {
108
                    clientRandom = parse(data);
109
                } else if (line.startsWith("km-srandom:")) {
110
                    serverRandom = parse(data);
111
                } else if (line.startsWith("km-cipalg:")) {
112
                    cipherAlgorithm = data;
113
                } else if (line.startsWith("km-keylen:")) {
114
                    keyLength = Integer.parseInt(data);
115
                } else if (line.startsWith("km-explen:")) {
116
                    expandedKeyLength = Integer.parseInt(data);
117
                } else if (line.startsWith("km-ivlen:")) {
118
                    ivLength = Integer.parseInt(data);
119
                } else if (line.startsWith("km-maclen:")) {
120
                    macLength = Integer.parseInt(data);
121
                } else if (line.startsWith("km-ccipkey:")) {
122
                    clientCipherBytes = parse(data);
123
                } else if (line.startsWith("km-scipkey:")) {
124
                    serverCipherBytes = parse(data);
125
                } else if (line.startsWith("km-civ:")) {
126
                    clientIv = parse(data);
127
                } else if (line.startsWith("km-siv:")) {
128
                    serverIv = parse(data);
129
                } else if (line.startsWith("km-cmackey:")) {
130
                    clientMacBytes = parse(data);
131
                } else if (line.startsWith("km-smackey:")) {
132
                    serverMacBytes = parse(data);
133

134
                    System.out.print(".");
135
                    n++;
136

137
                    KeyGenerator kg =
138
                        KeyGenerator.getInstance("SunTlsKeyMaterial", provider);
139
                    SecretKey masterKey =
140
                        new SecretKeySpec(master, "TlsMasterSecret");
141
                    TlsKeyMaterialParameterSpec spec =
142
                        new TlsKeyMaterialParameterSpec(masterKey, major, minor,
143
                        clientRandom, serverRandom, cipherAlgorithm,
144
                        keyLength, expandedKeyLength, ivLength, macLength,
145
                        null, -1, -1);
146

147
                    try {
148
                        kg.init(spec);
149
                        TlsKeyMaterialSpec result =
150
                            (TlsKeyMaterialSpec)kg.generateKey();
151
                        match(lineNumber, clientCipherBytes,
152
                            result.getClientCipherKey(), cipherAlgorithm);
153
                        match(lineNumber, serverCipherBytes,
154
                            result.getServerCipherKey(), cipherAlgorithm);
155
                        match(lineNumber, clientIv, result.getClientIv(), "");
156
                        match(lineNumber, serverIv, result.getServerIv(), "");
157
                        match(lineNumber, clientMacBytes, result.getClientMacKey(), "");
158
                        match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
159
                    } catch (ProviderException pe) {
160
                        if (provider.getName().indexOf("NSS") != -1) {
161
                            Throwable t = pe.getCause();
162
                            if (expandedKeyLength != 0
163
                                    && t.getMessage().indexOf(
164
                                            "CKR_MECHANISM_PARAM_INVALID") != -1) {
165
                                // NSS removed support for export-grade cipher suites in 3.28,
166
                                // see https://bugzilla.mozilla.org/show_bug.cgi?id=1252849
167
                                System.out.println("Ignore known NSS failure on CKR_MECHANISM_PARAM_INVALID");
168
                                continue;
169
                            }
170
                        }
171
                        throw pe;
172
                    }
173
               } else {
174
                    throw new Exception("Unknown line: " + line);
175
               }
176
            }
177
            if (n == 0) {
178
                throw new Exception("no tests");
179
            }
180
            System.out.println();
181
            System.out.println("OK: " + n + " tests");
182
        }
183
    }
184

185
    private static void stripParity(byte[] b) {
186
        for (int i = 0; i < b.length; i++) {
187
            b[i] &= 0xfe;
188
        }
189
    }
190

191
    private static void match(int lineNumber, byte[] out, Object res,
192
            String cipherAlgorithm) throws Exception {
193
        if ((out == null) || (res == null)) {
194
            if (out != res) {
195
                throw new Exception("null mismatch line " + lineNumber);
196
            } else {
197
                return;
198
            }
199
        }
200
        byte[] b;
201
        if (res instanceof SecretKey) {
202
            b = ((SecretKey)res).getEncoded();
203
            if (cipherAlgorithm.equalsIgnoreCase("DES") ||
204
                    cipherAlgorithm.equalsIgnoreCase("DESede")) {
205
                // strip DES parity bits before comparision
206
                stripParity(out);
207
                stripParity(b);
208
            }
209
        } else if (res instanceof IvParameterSpec) {
210
            b = ((IvParameterSpec)res).getIV();
211
        } else {
212
            throw new Exception(res.getClass().getName());
213
        }
214
        if (Arrays.equals(out, b) == false) {
215
            System.out.println();
216
            System.out.println("out: " + toString(out));
217
            System.out.println("b:   " + toString(b));
218
            throw new Exception("mismatch line " + lineNumber);
219
        }
220
    }
221

222
}
223

224