stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8026943: SQE test jce/Global/Cipher/SameBuffer failed

Browse Source 
Always use different input/output buffers when calling FeedbackCipher objects

Reviewed-by: mullan
This commit is contained in:
Valerie Peng 2013-11-19 15:29:56 -08:00
parent c430720e0a
commit be7c03049b
4 changed files with 234 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java
View File

@ -186,29 +186,15 @@ class CipherBlockChaining extends FeedbackCipher {
byte[] plain, int plainOffset)
{
int i;
byte[] cipherOrig=null;
int endIndex = cipherOffset + cipherLen;
if (cipher==plain && (cipherOffset >= plainOffset)
&& ((cipherOffset - plainOffset) < blockSize)) {
// Save the original ciphertext blocks, so they can be
// stored in the feedback register "r".
// This is necessary because in this constellation, a
// ciphertext block (or parts of it) will be overridden by
// the plaintext result.
cipherOrig = cipher.clone();
}
for (; cipherOffset < endIndex;
cipherOffset += blockSize, plainOffset += blockSize) {
embeddedCipher.decryptBlock(cipher, cipherOffset, k, 0);
for (i = 0; i < blockSize; i++) {
plain[i+plainOffset] = (byte)(k[i] ^ r[i]);
}
if (cipherOrig==null) {
System.arraycopy(cipher, cipherOffset, r, 0, blockSize);
} else {
System.arraycopy(cipherOrig, cipherOffset, r, 0, blockSize);
}
System.arraycopy(cipher, cipherOffset, r, 0, blockSize);
}
return cipherLen;
}

31
jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java
View File

@ -732,8 +732,12 @@ final class CipherCore {
System.arraycopy(buffer, len, buffer, 0, buffered);
}
} else { // len > buffered
if (buffered == 0) {
if ((input != output) && (buffered == 0)) {
// all to-be-processed data are from 'input'
// however, note that if 'input' and 'output' are the same,
// then they can't be passed directly to the underlying cipher
// engine operations as data may be overwritten before they
// are read.
if (decrypting) {
outLen = cipher.decrypt(input, inputOffset, len, output, outputOffset);
} else {
@ -744,12 +748,16 @@ final class CipherCore {
} else {
// assemble the data using both 'buffer' and 'input'
byte[] in = new byte[len];
System.arraycopy(buffer, 0, in, 0, buffered);
int inConsumed = len - buffered;
System.arraycopy(input, inputOffset, in, buffered, inConsumed);
buffered = 0;
inputOffset += inConsumed;
inputLen -= inConsumed;
if (buffered != 0) {
System.arraycopy(buffer, 0, in, 0, buffered);
buffered = 0;
}
if (inConsumed != 0) {
System.arraycopy(input, inputOffset, in, len - inConsumed, inConsumed);
inputOffset += inConsumed;
inputLen -= inConsumed;
}
if (decrypting) {
outLen = cipher.decrypt(in, 0, len, output, outputOffset);
} else {
@ -907,11 +915,18 @@ final class CipherCore {
" when decrypting with padded cipher");
}
// prepare the final input avoiding copying if possible
/*
* prepare the final input, assemble a new buffer if any
* of the following is true:
* - 'input' and 'output' are the same buffer
* - there are internally buffered bytes
* - doing encryption and padding is needed
*/
byte[] finalBuf = input;
int finalOffset = inputOffset;
int finalBufLen = inputLen;
if ((buffered != 0) || (!decrypting && padding != null)) {
if ((input == output) || (buffered != 0) ||
(!decrypting && padding != null)) {
if (decrypting || padding == null) {
paddingLen = 0;
}

48
jdk/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java
View File

@ -50,6 +50,9 @@ public final class DESedeWrapCipher extends CipherSpi {
(byte) 0x79, (byte) 0xe8, (byte) 0x21, (byte) 0x05
};
private static final int CHECKSUM_LEN = 8;
private static final int IV_LEN = 8;
/*
* internal cipher object which does the real work.
*/
@ -135,7 +138,7 @@ public final class DESedeWrapCipher extends CipherSpi {
// can only return an upper-limit if not initialized yet.
int result = 0;
if (decrypting) {
result = inputLen - 16;
result = inputLen - 16; // CHECKSUM_LEN + IV_LEN;
} else {
result = inputLen + 16;
}
@ -215,7 +218,7 @@ public final class DESedeWrapCipher extends CipherSpi {
if (opmode == Cipher.WRAP_MODE) {
decrypting = false;
if (params == null) {
iv = new byte[8];
iv = new byte[IV_LEN];
if (random == null) {
random = SunJCE.getRandom();
}
@ -449,14 +452,15 @@ public final class DESedeWrapCipher extends CipherSpi {
}
byte[] cks = getChecksum(keyVal);
byte[] out = new byte[iv.length + keyVal.length + cks.length];
System.arraycopy(keyVal, 0, out, iv.length, keyVal.length);
System.arraycopy(cks, 0, out, iv.length+keyVal.length, cks.length);
cipher.encrypt(out, iv.length, keyVal.length+cks.length,
out, iv.length);
byte[] in = new byte[keyVal.length + CHECKSUM_LEN];
System.arraycopy(keyVal, 0, in, 0, keyVal.length);
System.arraycopy(cks, 0, in, keyVal.length, CHECKSUM_LEN);
byte[] out = new byte[iv.length + in.length];
System.arraycopy(iv, 0, out, 0, iv.length);
cipher.encrypt(in, 0, in.length, out, iv.length);
// reverse the array content
for (int i = 0; i < out.length/2; i++) {
byte temp = out[i];
@ -470,7 +474,8 @@ public final class DESedeWrapCipher extends CipherSpi {
// should never happen
throw new RuntimeException("Internal cipher key is corrupted");
}
cipher.encrypt(out, 0, out.length, out, 0);
byte[] out2 = new byte[out.length];
cipher.encrypt(out, 0, out.length, out2, 0);
// restore cipher state to prior to this call
try {
@ -480,7 +485,7 @@ public final class DESedeWrapCipher extends CipherSpi {
// should never happen
throw new RuntimeException("Internal cipher key is corrupted");
}
return out;
return out2;
}
/**
@ -520,25 +525,26 @@ public final class DESedeWrapCipher extends CipherSpi {
buffer[i] = buffer[buffer.length-1-i];
buffer[buffer.length-1-i] = temp;
}
iv = new byte[IV2.length];
iv = new byte[IV_LEN];
System.arraycopy(buffer, 0, iv, 0, iv.length);
cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(),
iv);
cipher.decrypt(buffer, iv.length, buffer.length-iv.length,
buffer, iv.length);
int origLen = buffer.length - iv.length - 8;
byte[] cks = getChecksum(buffer, iv.length, origLen);
int offset = iv.length + origLen;
for (int i = 0; i < cks.length; i++) {
if (buffer[offset + i] != cks[i]) {
byte[] buffer2 = new byte[buffer.length - iv.length];
cipher.decrypt(buffer, iv.length, buffer2.length,
buffer2, 0);
int keyValLen = buffer2.length - CHECKSUM_LEN;
byte[] cks = getChecksum(buffer2, 0, keyValLen);
int offset = keyValLen;
for (int i = 0; i < CHECKSUM_LEN; i++) {
if (buffer2[offset + i] != cks[i]) {
throw new InvalidKeyException("Checksum comparison failed");
}
}
// restore cipher state to prior to this call
cipher.init(decrypting, cipherKey.getAlgorithm(),
cipherKey.getEncoded(), IV2);
byte[] out = new byte[origLen];
System.arraycopy(buffer, iv.length, out, 0, out.length);
byte[] out = new byte[keyValLen];
System.arraycopy(buffer2, 0, out, 0, keyValLen);
return ConstructKeys.constructKey(out, wrappedKeyAlgorithm,
wrappedKeyType);
}
@ -554,7 +560,7 @@ public final class DESedeWrapCipher extends CipherSpi {
throw new RuntimeException("SHA1 message digest not available");
}
md.update(in, offset, len);
byte[] cks = new byte[8];
byte[] cks = new byte[CHECKSUM_LEN];
System.arraycopy(md.digest(), 0, cks, 0, cks.length);
return cks;
}

183
jdk/test/com/sun/crypto/provider/Cipher/AES/TestCopySafe.java Normal file
View File

@ -0,0 +1,183 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8026943
* @summary Verify that same buffer can be used as input and output when
* using Cipher objects.
* @author Valerie Peng
*/
import java.security.*;
import java.security.spec.*;
import java.util.Arrays;
import javax.crypto.*;
import javax.crypto.spec.*;
public class TestCopySafe {
private static boolean DEBUG = false;
private static int INPUT_LENGTH = 160; // must be multiple of block size
private static byte[] PT = new byte[INPUT_LENGTH];
private static SecretKey KEY = new SecretKeySpec(new byte[16], "AES");
private static byte[] IV = new byte[16];
private static int[] OFFSETS = { 1, 8, 17 };
private static final String[] MODES = {
"ECB", "CBC", "PCBC", "CTR", "CTS",
"CFB", "CFB8", "CFB16", "CFB24", "CFB32", "CFB40",
"CFB48", "CFB56", "CFB64",
"OFB", "OFB8", "OFB16", "OFB24", "OFB32", "OFB40",
"OFB48", "OFB56", "OFB64",
"GCM"
};
public static void main(String[] argv) throws Exception {
Provider p = Security.getProvider("SunJCE");
AlgorithmParameterSpec params = null;
boolean result = true;
for (String mode : MODES) {
String transformation = "AES/" + mode + "/NoPadding";
boolean isGCM = (mode == "GCM");
if (isGCM) {
params = new GCMParameterSpec(128, IV);
} else if (mode != "ECB") {
params = new IvParameterSpec(IV);
}
Cipher c = Cipher.getInstance(transformation, p);
System.out.println("Testing " + transformation + ":");
for (int offset : OFFSETS) {
System.out.print("=> offset " + offset + ": ");
try {
test(c, params, offset, isGCM);
System.out.println("Passed");
} catch(Exception ex) {
ex.printStackTrace();
result = false;
continue;
}
}
}
if (!result) {
throw new Exception("One or more test failed");
}
}
private static void test(Cipher c, AlgorithmParameterSpec params,
int offset, boolean isGCM) throws Exception {
// Test encryption first
if (isGCM) {
// re-init with only key value first to bypass the
// Key+IV-uniqueness check for GCM encryption
c.init(Cipher.ENCRYPT_MODE, KEY);
}
c.init(Cipher.ENCRYPT_MODE, KEY, params);
byte[] answer = c.doFinal(PT);
byte[] pt2 = Arrays.copyOf(PT, answer.length + offset);
// #1: outOfs = inOfs = 0
if (isGCM) {
c.init(Cipher.ENCRYPT_MODE, KEY);
c.init(Cipher.ENCRYPT_MODE, KEY, params);
}
c.doFinal(pt2, 0, PT.length, pt2, 0);
if (!isTwoArraysEqual(pt2, 0, answer, 0, answer.length)) {
throw new Exception("Enc#1 diff check failed!");
} else if (DEBUG) {
System.out.println("Enc#1 diff check passed");
}
// #2: inOfs = 0, outOfs = offset
System.arraycopy(PT, 0, pt2, 0, PT.length);
if (isGCM) {
c.init(Cipher.ENCRYPT_MODE, KEY);
c.init(Cipher.ENCRYPT_MODE, KEY, params);
}
c.doFinal(pt2, 0, PT.length, pt2, offset);
if (!isTwoArraysEqual(pt2, offset, answer, 0, answer.length)) {
throw new Exception("Enc#2 diff check failed");
} else if (DEBUG) {
System.out.println("Enc#2 diff check passed");
}
// #3: inOfs = offset, outOfs = 0
System.arraycopy(PT, 0, pt2, offset, PT.length);
if (isGCM) {
c.init(Cipher.ENCRYPT_MODE, KEY);
c.init(Cipher.ENCRYPT_MODE, KEY, params);
}
c.doFinal(pt2, offset, PT.length, pt2, 0);
if (!isTwoArraysEqual(pt2, 0, answer, 0, answer.length)) {
throw new Exception("Enc#3 diff check failed");
} else if (DEBUG) {
System.out.println("Enc#3 diff check passed");
}
// Test decryption now, we should get back PT as a result
c.init(Cipher.DECRYPT_MODE, KEY, params);
pt2 = Arrays.copyOf(answer, answer.length + offset);
// #1: outOfs = inOfs = 0
c.doFinal(pt2, 0, answer.length, pt2, 0);
if (!isTwoArraysEqual(pt2, 0, PT, 0, PT.length)) {
throw new Exception("Dec#1 diff check failed!");
} else if (DEBUG) {
System.out.println("Dec#1 diff check passed");
}
// #2: inOfs = 0, outOfs = offset
System.arraycopy(answer, 0, pt2, 0, answer.length);
c.doFinal(pt2, 0, answer.length, pt2, offset);
if (!isTwoArraysEqual(pt2, offset, PT, 0, PT.length)) {
throw new Exception("Dec#2 diff check failed");
} else if (DEBUG) {
System.out.println("Dec#2 diff check passed");
}
// #3: inOfs = offset, outOfs = 0
System.arraycopy(answer, 0, pt2, offset, answer.length);
c.doFinal(pt2, offset, answer.length, pt2, 0);
if (!isTwoArraysEqual(pt2, 0, PT, 0, PT.length)) {
throw new Exception("Dec#3 diff check failed");
} else if (DEBUG) {
System.out.println("Dec#3 diff check passed");
}
}
private static boolean isTwoArraysEqual(byte[] a, int aOff, byte[] b, int bOff,
int len) {
for (int i = 0; i < len; i++) {
if (a[aOff + i] != b[bOff + i]) {
return false;
}
}
return true;
}
}