jdk-24/test/jdk/sun/security/pkcs11/Cipher/TestGCMKeyAndIvCheck.java

/*
 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 8080462
 * @library /test/lib ..
 * @modules jdk.crypto.cryptoki
 * @run main TestGCMKeyAndIvCheck
 * @summary Ensure that same key+iv can't be repeated used for encryption.
 */


import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.math.*;

import java.util.*;

public class TestGCMKeyAndIvCheck extends PKCS11Test {

    private static final byte[] AAD = new byte[5];
    private static final byte[] PT = new byte[18];

    public static void main(String[] args) throws Exception {
        main(new TestGCMKeyAndIvCheck(), args);
    }

    private static void checkISE(Cipher c) throws Exception {
        // Subsequent encryptions should fail
        try {
            c.updateAAD(AAD);
            throw new Exception("Should throw ISE for updateAAD()");
        } catch (IllegalStateException ise) {
            // expected
        }

        try {
            c.update(PT);
            throw new Exception("Should throw ISE for update()");
        } catch (IllegalStateException ise) {
            // expected
        }
        try {
            c.doFinal(PT);
            throw new Exception("Should throw ISE for doFinal()");
        } catch (IllegalStateException ise) {
            // expected
        }
    }

    public void test(String mode, Provider p) throws Exception {
        Cipher c;
        try {
            String transformation = "AES/" + mode + "/NoPadding";
            c = Cipher.getInstance(transformation, p);
        } catch (GeneralSecurityException e) {
            System.out.println("Skip testing " + p.getName() +
                    ", no support for " + mode);
            return;
        }
        SecretKey key = new SecretKeySpec(new byte[16], "AES");
        // First try parameter-less init.
        c.init(Cipher.ENCRYPT_MODE, key);
        c.updateAAD(AAD);
        byte[] ctPlusTag = c.doFinal(PT);

        // subsequent encryption should fail unless re-init w/ different key+iv
        checkISE(c);

        // Validate the retrieved parameters against the IV and tag length.
        AlgorithmParameters params = c.getParameters();
        if (params == null) {
            throw new Exception("getParameters() should not return null");
        }
        byte[] iv = null;
        int tagLength = 0; // in bits
        if (mode.equalsIgnoreCase("GCM")) {
            GCMParameterSpec spec = params.getParameterSpec(GCMParameterSpec.class);
            tagLength = spec.getTLen();
            iv = spec.getIV();
        } else {
            throw new RuntimeException("Error: Unsupported mode: " + mode);
        }
        if (tagLength != (ctPlusTag.length - PT.length)*8) {
            throw new Exception("Parameters contains incorrect TLen value");
        }
        if (!Arrays.equals(iv, c.getIV())) {
            throw new Exception("Parameters contains incorrect IV value");
        }

        // Should be ok to use the same key+iv for decryption
        c.init(Cipher.DECRYPT_MODE, key, params);
        c.updateAAD(AAD);
        byte[] recovered = c.doFinal(ctPlusTag);
        if (!Arrays.equals(recovered, PT)) {
            throw new Exception("decryption result mismatch");
        }

        // Now try to encrypt again using the same key+iv; should fail also
        try {
            c.init(Cipher.ENCRYPT_MODE, key, params);
            throw new Exception("Should throw exception when same key+iv is used");
        } catch (InvalidAlgorithmParameterException iape) {
            // expected
        }

        // Now try to encrypt again using parameter-less init; should work
        c.init(Cipher.ENCRYPT_MODE, key);
        c.doFinal(PT);

        // make sure a different iv is used
        byte[] ivNew = c.getIV();
        if (Arrays.equals(iv, ivNew)) {
            throw new Exception("IV should be different now");
        }

        // Now try to encrypt again using a different parameter; should work
        AlgorithmParameterSpec spec2 = new GCMParameterSpec(128, new byte[30]);
        c.init(Cipher.ENCRYPT_MODE, key, spec2);
        c.updateAAD(AAD);
        c.doFinal(PT);
        // subsequent encryption should fail unless re-init w/ different key+iv
        checkISE(c);

        // Now try decryption twice in a row; no re-init required and
        // same parameters is used.
        c.init(Cipher.DECRYPT_MODE, key, params);
        c.updateAAD(AAD);
        recovered = c.doFinal(ctPlusTag);

        c.updateAAD(AAD);
        recovered = c.doFinal(ctPlusTag);
        if (!Arrays.equals(recovered, PT)) {
            throw new Exception("decryption result mismatch");
        }

        // Now try decryption again and re-init using the same parameters
        c.init(Cipher.DECRYPT_MODE, key, params);
        c.updateAAD(AAD);
        recovered = c.doFinal(ctPlusTag);

        // init to decrypt w/o parameters; should fail with IKE as
        // javadoc specified
        try {
            c.init(Cipher.DECRYPT_MODE, key);
            throw new Exception("Should throw IKE for dec w/o params");
        } catch (InvalidKeyException ike) {
            // expected
        }

        // Lastly, try encryption AND decryption w/ wrong type of parameters,
        // e.g. IvParameterSpec
        try {
            c.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
            throw new Exception("Should throw IAPE");
        } catch (InvalidAlgorithmParameterException iape) {
            // expected
        }
        try {
            c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));
            throw new Exception("Should throw IAPE");
        } catch (InvalidAlgorithmParameterException iape) {
            // expected
        }

        System.out.println("Test Passed!");
    }

    @Override
    public void main(Provider p) throws Exception {
        test("GCM", p);
    }
}
8080462: Update SunPKCS11 provider with PKCS11 v2.40 support Added support for GCM, PSS, and other mechanisms Reviewed-by: jnimeh 2019-06-11 21:30:28 +00:00			`/*`
			`* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.`
			`* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.`
			`*`
			`* This code is free software; you can redistribute it and/or modify it`
			`* under the terms of the GNU General Public License version 2 only, as`
			`* published by the Free Software Foundation.`
			`*`
			`* This code is distributed in the hope that it will be useful, but WITHOUT`
			`* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or`
			`* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License`
			`* version 2 for more details (a copy is included in the LICENSE file that`
			`* accompanied this code).`
			`*`
			`* You should have received a copy of the GNU General Public License version`
			`* 2 along with this work; if not, write to the Free Software Foundation,`
			`* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.`
			`*`
			`* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA`
			`* or visit www.oracle.com if you need additional information or have any`
			`* questions.`
			`*/`

			`/*`
			`* @test`
			`* @bug 8080462`
			`* @library /test/lib ..`
			`* @modules jdk.crypto.cryptoki`
			`* @run main TestGCMKeyAndIvCheck`
			`* @summary Ensure that same key+iv can't be repeated used for encryption.`
			`*/`


			`import java.security.*;`
			`import java.security.spec.AlgorithmParameterSpec;`
			`import javax.crypto.*;`
			`import javax.crypto.spec.*;`
			`import java.math.*;`

			`import java.util.*;`

			`public class TestGCMKeyAndIvCheck extends PKCS11Test {`

			`private static final byte[] AAD = new byte[5];`
			`private static final byte[] PT = new byte[18];`

			`public static void main(String[] args) throws Exception {`
			`main(new TestGCMKeyAndIvCheck(), args);`
			`}`

			`private static void checkISE(Cipher c) throws Exception {`
			`// Subsequent encryptions should fail`
			`try {`
			`c.updateAAD(AAD);`
			`throw new Exception("Should throw ISE for updateAAD()");`
			`} catch (IllegalStateException ise) {`
			`// expected`
			`}`

			`try {`
			`c.update(PT);`
			`throw new Exception("Should throw ISE for update()");`
			`} catch (IllegalStateException ise) {`
			`// expected`
			`}`
			`try {`
			`c.doFinal(PT);`
			`throw new Exception("Should throw ISE for doFinal()");`
			`} catch (IllegalStateException ise) {`
			`// expected`
			`}`
			`}`

			`public void test(String mode, Provider p) throws Exception {`
			`Cipher c;`
			`try {`
			`String transformation = "AES/" + mode + "/NoPadding";`
			`c = Cipher.getInstance(transformation, p);`
			`} catch (GeneralSecurityException e) {`
			`System.out.println("Skip testing " + p.getName() +`
			`", no support for " + mode);`
			`return;`
			`}`
			`SecretKey key = new SecretKeySpec(new byte[16], "AES");`
			`// First try parameter-less init.`
			`c.init(Cipher.ENCRYPT_MODE, key);`
			`c.updateAAD(AAD);`
			`byte[] ctPlusTag = c.doFinal(PT);`

			`// subsequent encryption should fail unless re-init w/ different key+iv`
			`checkISE(c);`

			`// Validate the retrieved parameters against the IV and tag length.`
			`AlgorithmParameters params = c.getParameters();`
			`if (params == null) {`
			`throw new Exception("getParameters() should not return null");`
			`}`
			`byte[] iv = null;`
			`int tagLength = 0; // in bits`
			`if (mode.equalsIgnoreCase("GCM")) {`
			`GCMParameterSpec spec = params.getParameterSpec(GCMParameterSpec.class);`
			`tagLength = spec.getTLen();`
			`iv = spec.getIV();`
			`} else {`
			`throw new RuntimeException("Error: Unsupported mode: " + mode);`
			`}`
			`if (tagLength != (ctPlusTag.length - PT.length)*8) {`
			`throw new Exception("Parameters contains incorrect TLen value");`
			`}`
			`if (!Arrays.equals(iv, c.getIV())) {`
			`throw new Exception("Parameters contains incorrect IV value");`
			`}`

			`// Should be ok to use the same key+iv for decryption`
			`c.init(Cipher.DECRYPT_MODE, key, params);`
			`c.updateAAD(AAD);`
			`byte[] recovered = c.doFinal(ctPlusTag);`
			`if (!Arrays.equals(recovered, PT)) {`
			`throw new Exception("decryption result mismatch");`
			`}`

			`// Now try to encrypt again using the same key+iv; should fail also`
			`try {`
			`c.init(Cipher.ENCRYPT_MODE, key, params);`
			`throw new Exception("Should throw exception when same key+iv is used");`
			`} catch (InvalidAlgorithmParameterException iape) {`
			`// expected`
			`}`

			`// Now try to encrypt again using parameter-less init; should work`
			`c.init(Cipher.ENCRYPT_MODE, key);`
			`c.doFinal(PT);`

			`// make sure a different iv is used`
			`byte[] ivNew = c.getIV();`
			`if (Arrays.equals(iv, ivNew)) {`
			`throw new Exception("IV should be different now");`
			`}`

			`// Now try to encrypt again using a different parameter; should work`
			`AlgorithmParameterSpec spec2 = new GCMParameterSpec(128, new byte[30]);`
			`c.init(Cipher.ENCRYPT_MODE, key, spec2);`
			`c.updateAAD(AAD);`
			`c.doFinal(PT);`
			`// subsequent encryption should fail unless re-init w/ different key+iv`
			`checkISE(c);`

			`// Now try decryption twice in a row; no re-init required and`
			`// same parameters is used.`
			`c.init(Cipher.DECRYPT_MODE, key, params);`
			`c.updateAAD(AAD);`
			`recovered = c.doFinal(ctPlusTag);`

			`c.updateAAD(AAD);`
			`recovered = c.doFinal(ctPlusTag);`
			`if (!Arrays.equals(recovered, PT)) {`
			`throw new Exception("decryption result mismatch");`
			`}`

			`// Now try decryption again and re-init using the same parameters`
			`c.init(Cipher.DECRYPT_MODE, key, params);`
			`c.updateAAD(AAD);`
			`recovered = c.doFinal(ctPlusTag);`

			`// init to decrypt w/o parameters; should fail with IKE as`
			`// javadoc specified`
			`try {`
			`c.init(Cipher.DECRYPT_MODE, key);`
			`throw new Exception("Should throw IKE for dec w/o params");`
			`} catch (InvalidKeyException ike) {`
			`// expected`
			`}`

			`// Lastly, try encryption AND decryption w/ wrong type of parameters,`
			`// e.g. IvParameterSpec`
			`try {`
			`c.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));`
			`throw new Exception("Should throw IAPE");`
			`} catch (InvalidAlgorithmParameterException iape) {`
			`// expected`
			`}`
			`try {`
			`c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));`
			`throw new Exception("Should throw IAPE");`
			`} catch (InvalidAlgorithmParameterException iape) {`
			`// expected`
			`}`

			`System.out.println("Test Passed!");`
			`}`

			`@Override`
			`public void main(Provider p) throws Exception {`
			`test("GCM", p);`
			`}`
			`}`