/* * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 6383200 8288050 * @summary PBE: need new algorithm support in password based encryption */ import java.security.*; import java.util.Arrays; import java.util.Locale; import javax.crypto.*; import javax.crypto.spec.*; public class PBES2Test { private static final String[] algos = { "PBEWithHmacSHA1AndAES_128", "PBEWithHmacSHA224AndAES_128", "PBEWithHmacSHA256AndAES_128", "PBEWithHmacSHA384AndAES_128", "PBEWithHmacSHA512AndAES_128", "PBEWithHmacSHA512/224AndAES_128", "PBEWithHmacSHA512/256AndAES_128", "PBEWithHmacSha1AndAES_128/CBC/PKCS5PAdding", "PBEWithHmacSHA224andAES_128/CBC/PkCS5Padding", "PBEWithHmacSHA256AndAes_128/CBC/PKCS5PaddIng", "PBEWithHmacSHa384AndAES_128/CbC/PKCS5Padding", "PBEWithHmacSHA512andAES_128/CBc/PKCS5Padding", "PBEWithHmacSha512/224andAES_128/cBC/PKCS5Padding", "PBEWithHmacShA512/256AndAES_128/CBC/pkCS5Padding", }; private static final byte[] ivBytes = { 0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18, 0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20, }; public static final void main(String[] args) throws Exception { for (String algo : algos) { test(algo, true); // salt, ic, IV supplied by the application test(algo, false); // salt, ic, IV generated by the implementation } } private static final void test(String algo, boolean suppliedParams) throws Exception { System.out.println("***********************************************"); System.out.println(algo + (suppliedParams ? " [algorithm parameters are supplied]\n" : " [algorithm parameters are generated]\n")); int iterationCount = 1000; byte[] salt = new byte[]{ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; // Create PBE key PBEKeySpec pbeKeySpec = new PBEKeySpec("mypassword".toCharArray()); int modeIdx = algo.toUpperCase(Locale.ENGLISH).indexOf("/CBC"); String keyAlgo = (modeIdx == -1 ? algo : algo.substring(0, modeIdx)); SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(keyAlgo); SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec); byte[] pbeKeyBytes = pbeKey.getEncoded(); System.out.println(" key[" + pbeKeyBytes.length + "]: " + String.format("0x%0" + (pbeKeyBytes.length * 2) + "x", new java.math.BigInteger(1, pbeKeyBytes))); // Create PBE cipher System.out.println("Encrypting..."); Cipher pbeCipher = Cipher.getInstance(algo); if (suppliedParams) { pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, new PBEParameterSpec(salt, iterationCount, new IvParameterSpec(ivBytes))); } else { pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey); } // Encrypt byte[] cleartext = "This is just an example".getBytes(); System.out.println(" text[" + cleartext.length + "]: " + String.format("0x%0" + (cleartext.length * 2) + "x", new java.math.BigInteger(1, cleartext))); byte[] ciphertext = pbeCipher.doFinal(cleartext); System.out.println("c'text[" + ciphertext.length + "]: " + String.format("0x%0" + (ciphertext.length * 2) + "x", new java.math.BigInteger(1, ciphertext))); AlgorithmParameters aps = pbeCipher.getParameters(); byte[] iv; if (suppliedParams) { iv = ivBytes; } else { PBEParameterSpec pbeSpec = aps.getParameterSpec(PBEParameterSpec.class); salt = pbeSpec.getSalt(); iterationCount = pbeSpec.getIterationCount(); IvParameterSpec ivSpec = (IvParameterSpec) pbeSpec.getParameterSpec(); iv = ivSpec.getIV(); } System.out.println(" salt[" + salt.length + "]: " + String.format("0x%0" + (salt.length * 2) + "x", new java.math.BigInteger(1, salt))); System.out.println("iterationCount=" + iterationCount); System.out.println(" iv[" + iv.length + "]: " + String.format("0x%0" + (iv.length * 2) + "x", new java.math.BigInteger(1, iv))); // Decrypt System.out.println("Decrypting..."); Cipher pbeCipher2 = Cipher.getInstance(algo); pbeCipher2.init(Cipher.DECRYPT_MODE, pbeKey, aps); byte[] cleartext2 = pbeCipher2.doFinal(ciphertext); System.out.println(" text[" + cleartext2.length + "]: " + String.format("0x%0" + (cleartext2.length * 2) + "x", new java.math.BigInteger(1, cleartext2))); if (Arrays.equals(cleartext, cleartext2)) { System.out.println( "\nPass: decrypted ciphertext matches the original text\n"); } else { throw new Exception( "Fail: decrypted ciphertext does NOT match the original text"); } } }