/* * Copyright (c) 2024, Red Hat, Inc. * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; import java.security.Key; import java.security.Provider; import java.util.Arrays; import java.util.HexFormat; import java.util.stream.IntStream; /* * @test * @bug 8330842 * @summary test AES CTS multipart operations with SunPKCS11 * @library /test/lib .. * @run main/othervm/timeout=120 TestCipherTextStealingMultipart */ public class TestCipherTextStealingMultipart extends PKCS11Test { private static final String LF = System.lineSeparator(); private static final String ALGORITHM = "AES/CTS/NoPadding"; private static final int BLOCK_SIZE = 16; private static final Key KEY = new SecretKeySpec("AbCdEfGhIjKlMnOp".getBytes(), "AES"); private static final IvParameterSpec IV = new IvParameterSpec("1234567890aBcDeF".getBytes()); private static final StringBuilder chunksDesc = new StringBuilder(); private static Provider sunPKCS11; private static Cipher sunJCECipher; private static byte[][] generateChunks(int totalLength, int[] chunkSizes) { chunksDesc.setLength(0); chunksDesc.append("Testing with ").append(totalLength) .append(" bytes distributed in ").append(chunkSizes.length) .append(" multipart updates:").append(LF); int byteIdx = 0; byte[][] plaintextChunks = new byte[chunkSizes.length][]; for (int chunkIdx = 0; chunkIdx < chunkSizes.length; chunkIdx++) { byte[] chunk = new byte[chunkSizes[chunkIdx]]; for (int i = 0; i < chunk.length; i++) { chunk[i] = (byte) ('A' + byteIdx++ / BLOCK_SIZE); } chunksDesc.append(" ").append(repr(chunk)).append(LF); plaintextChunks[chunkIdx] = chunk; } return plaintextChunks; } private static byte[] computeExpected(byte[] jointPlaintext) throws Exception { byte[] ciphertext = sunJCECipher.doFinal(jointPlaintext); if (ciphertext.length != jointPlaintext.length) { throw new Exception("In CTS mode, ciphertext and plaintext should" + " have the same length. However, SunJCE's CTS cipher " + "returned a ciphertext of " + ciphertext.length + " bytes" + " and plaintext has " + jointPlaintext.length + " bytes."); } return ciphertext; } private static byte[] join(byte[][] inputChunks, int totalLength) { ByteBuffer outputBuf = ByteBuffer.allocate(totalLength); for (byte[] inputChunk : inputChunks) { outputBuf.put(inputChunk); } return outputBuf.array(); } private static byte[][] split(byte[] input, int[] chunkSizes) { ByteBuffer inputBuf = ByteBuffer.wrap(input); byte[][] outputChunks = new byte[chunkSizes.length][]; for (int chunkIdx = 0; chunkIdx < chunkSizes.length; chunkIdx++) { byte[] chunk = new byte[chunkSizes[chunkIdx]]; inputBuf.get(chunk); outputChunks[chunkIdx] = chunk; } return outputChunks; } private enum CheckType {CIPHERTEXT, PLAINTEXT} private enum OutputType {BYTE_ARRAY, DIRECT_BYTE_BUFFER} private static void check(CheckType checkType, OutputType outputType, byte[] expected, ByteBuffer actualBuf) throws Exception { byte[] actual; if (actualBuf.hasArray()) { actual = actualBuf.array(); } else { actual = new byte[actualBuf.position()]; actualBuf.position(0).get(actual); } if (!Arrays.equals(actual, expected)) { throw new Exception("After " + switch (checkType) { case CIPHERTEXT -> "encrypting"; case PLAINTEXT -> "decrypting"; } + " into a " + switch (outputType) { case BYTE_ARRAY -> "byte[]"; case DIRECT_BYTE_BUFFER -> "direct ByteBuffer"; } + ", " + checkType.name().toLowerCase() + "s don't match:" + LF + " Expected: " + repr(expected) + LF + " Actual: " + repr(actual)); } } private static ByteBuffer encryptOrDecryptMultipart(int operation, OutputType outputType, byte[][] inputChunks, int totalLength) throws Exception { Cipher cipher = Cipher.getInstance(ALGORITHM, sunPKCS11); cipher.init(operation, KEY, IV); ByteBuffer output = null; int outOfs = 1; switch (outputType) { case BYTE_ARRAY -> { output = ByteBuffer.allocate(totalLength); for (byte[] inputChunk : inputChunks) { output.put(cipher.update(inputChunk)); } // Check that the output array offset does not affect the // penultimate block length calculation. byte[] tmpOut = new byte[cipher.getOutputSize(0) + outOfs]; cipher.doFinal(tmpOut, outOfs); output.put(tmpOut, outOfs, tmpOut.length - outOfs); } case DIRECT_BYTE_BUFFER -> { output = ByteBuffer.allocateDirect(totalLength); for (byte[] inputChunk : inputChunks) { cipher.update(ByteBuffer.wrap(inputChunk), output); } // Check that the output array offset does not affect the // penultimate block length calculation. ByteBuffer tmpOut = ByteBuffer.allocateDirect( cipher.getOutputSize(0) + outOfs); tmpOut.position(outOfs); cipher.doFinal(ByteBuffer.allocate(0), tmpOut); tmpOut.position(outOfs); output.put(tmpOut); } } return output; } private static void doMultipart(int... chunkSizes) throws Exception { int totalLength = IntStream.of(chunkSizes).sum(); byte[][] plaintextChunks = generateChunks(totalLength, chunkSizes); byte[] jointPlaintext = join(plaintextChunks, totalLength); byte[] expectedCiphertext = computeExpected(jointPlaintext); byte[][] ciphertextChunks = split(expectedCiphertext, chunkSizes); for (OutputType outputType : OutputType.values()) { // Encryption test check(CheckType.CIPHERTEXT, outputType, expectedCiphertext, encryptOrDecryptMultipart(Cipher.ENCRYPT_MODE, outputType, plaintextChunks, totalLength)); // Decryption test check(CheckType.PLAINTEXT, outputType, jointPlaintext, encryptOrDecryptMultipart(Cipher.DECRYPT_MODE, outputType, ciphertextChunks, totalLength)); } } private static String repr(byte[] data) { if (data == null) { return ""; } if (data.length == 0) { return ""; } String lenRepr = " (" + data.length + " bytes)"; for (byte b : data) { if (b < 32 || b > 126) { return HexFormat.ofDelimiter(":").formatHex(data) + lenRepr; } } return new String(data, StandardCharsets.US_ASCII) + lenRepr; } private static void initialize() throws Exception { sunJCECipher = Cipher.getInstance(ALGORITHM, "SunJCE"); sunJCECipher.init(Cipher.ENCRYPT_MODE, KEY, IV); } public static void main(String[] args) throws Exception { initialize(); main(new TestCipherTextStealingMultipart(), args); } @Override public void main(Provider p) throws Exception { sunPKCS11 = p; try { // Test relevant combinations for 2, 3, and 4 update operations int aesBSize = 16; int[] points = new int[]{1, aesBSize - 1, aesBSize, aesBSize + 1}; for (int size1 : points) { for (int size2 : points) { if (size1 + size2 >= aesBSize) { doMultipart(size1, size2); } for (int size3 : points) { if (size1 + size2 + size3 >= aesBSize) { doMultipart(size1, size2, size3); } for (int size4 : points) { if (size1 + size2 + size3 + size4 >= aesBSize) { doMultipart(size1, size2, size3, size4); } } } } } doMultipart(17, 17, 17, 17, 17); doMultipart(4, 2, 7, 1, 6, 12); doMultipart(2, 15, 21, 26, 31, 26, 5, 30); doMultipart(7, 12, 26, 8, 15, 2, 17, 16, 21, 2, 32, 29); doMultipart(6, 7, 6, 1, 5, 16, 14, 1, 10, 16, 17, 8, 1, 13, 12); doMultipart(16, 125, 19, 32, 32, 16, 17, 31, 19, 13, 16, 16, 32, 16, 16); doMultipart(5, 30, 11, 9, 6, 14, 20, 6, 5, 18, 31, 33, 15, 29, 7, 9); doMultipart(105, 8, 21, 27, 30, 101, 15, 20, 23, 33, 26, 6, 8, 2, 13, 17); } catch (Exception e) { System.out.print(chunksDesc); throw e; } System.out.println("TEST PASS - OK"); } }