7eff578768
Reviewed-by: weijun
148 lines
6.0 KiB
Java
148 lines
6.0 KiB
Java
/*
|
|
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @bug 6383200 8288050
|
|
* @summary PBE: need new algorithm support in password based encryption
|
|
*/
|
|
import java.security.*;
|
|
import java.util.Arrays;
|
|
import java.util.Locale;
|
|
import javax.crypto.*;
|
|
import javax.crypto.spec.*;
|
|
|
|
public class PBES2Test {
|
|
|
|
private static final String[] algos = {
|
|
"PBEWithHmacSHA1AndAES_128",
|
|
"PBEWithHmacSHA224AndAES_128",
|
|
"PBEWithHmacSHA256AndAES_128",
|
|
"PBEWithHmacSHA384AndAES_128",
|
|
"PBEWithHmacSHA512AndAES_128",
|
|
"PBEWithHmacSHA512/224AndAES_128",
|
|
"PBEWithHmacSHA512/256AndAES_128",
|
|
"PBEWithHmacSha1AndAES_128/CBC/PKCS5PAdding",
|
|
"PBEWithHmacSHA224andAES_128/CBC/PkCS5Padding",
|
|
"PBEWithHmacSHA256AndAes_128/CBC/PKCS5PaddIng",
|
|
"PBEWithHmacSHa384AndAES_128/CbC/PKCS5Padding",
|
|
"PBEWithHmacSHA512andAES_128/CBc/PKCS5Padding",
|
|
"PBEWithHmacSha512/224andAES_128/cBC/PKCS5Padding",
|
|
"PBEWithHmacShA512/256AndAES_128/CBC/pkCS5Padding",
|
|
};
|
|
private static final byte[] ivBytes = {
|
|
0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,
|
|
0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
|
|
};
|
|
|
|
public static final void main(String[] args) throws Exception {
|
|
for (String algo : algos) {
|
|
test(algo, true); // salt, ic, IV supplied by the application
|
|
test(algo, false); // salt, ic, IV generated by the implementation
|
|
}
|
|
}
|
|
|
|
private static final void test(String algo, boolean suppliedParams)
|
|
throws Exception {
|
|
|
|
System.out.println("***********************************************");
|
|
System.out.println(algo +
|
|
(suppliedParams ? " [algorithm parameters are supplied]\n"
|
|
: " [algorithm parameters are generated]\n"));
|
|
int iterationCount = 1000;
|
|
byte[] salt = new byte[]{ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 };
|
|
|
|
// Create PBE key
|
|
PBEKeySpec pbeKeySpec = new PBEKeySpec("mypassword".toCharArray());
|
|
int modeIdx = algo.toUpperCase(Locale.ENGLISH).indexOf("/CBC");
|
|
String keyAlgo = (modeIdx == -1 ? algo : algo.substring(0, modeIdx));
|
|
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(keyAlgo);
|
|
SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec);
|
|
byte[] pbeKeyBytes = pbeKey.getEncoded();
|
|
System.out.println(" key[" + pbeKeyBytes.length + "]: " +
|
|
String.format("0x%0" + (pbeKeyBytes.length * 2) + "x",
|
|
new java.math.BigInteger(1, pbeKeyBytes)));
|
|
|
|
// Create PBE cipher
|
|
System.out.println("Encrypting...");
|
|
Cipher pbeCipher = Cipher.getInstance(algo);
|
|
if (suppliedParams) {
|
|
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey,
|
|
new PBEParameterSpec(salt, iterationCount,
|
|
new IvParameterSpec(ivBytes)));
|
|
} else {
|
|
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey);
|
|
}
|
|
|
|
// Encrypt
|
|
byte[] cleartext = "This is just an example".getBytes();
|
|
System.out.println(" text[" + cleartext.length + "]: " +
|
|
String.format("0x%0" + (cleartext.length * 2) + "x",
|
|
new java.math.BigInteger(1, cleartext)));
|
|
|
|
byte[] ciphertext = pbeCipher.doFinal(cleartext);
|
|
System.out.println("c'text[" + ciphertext.length + "]: " +
|
|
String.format("0x%0" + (ciphertext.length * 2) + "x",
|
|
new java.math.BigInteger(1, ciphertext)));
|
|
|
|
AlgorithmParameters aps = pbeCipher.getParameters();
|
|
|
|
byte[] iv;
|
|
if (suppliedParams) {
|
|
iv = ivBytes;
|
|
} else {
|
|
PBEParameterSpec pbeSpec =
|
|
aps.getParameterSpec(PBEParameterSpec.class);
|
|
salt = pbeSpec.getSalt();
|
|
iterationCount = pbeSpec.getIterationCount();
|
|
IvParameterSpec ivSpec =
|
|
(IvParameterSpec) pbeSpec.getParameterSpec();
|
|
iv = ivSpec.getIV();
|
|
}
|
|
System.out.println(" salt[" + salt.length + "]: " +
|
|
String.format("0x%0" + (salt.length * 2) + "x",
|
|
new java.math.BigInteger(1, salt)));
|
|
System.out.println("iterationCount=" + iterationCount);
|
|
System.out.println(" iv[" + iv.length + "]: " +
|
|
String.format("0x%0" + (iv.length * 2) + "x",
|
|
new java.math.BigInteger(1, iv)));
|
|
|
|
// Decrypt
|
|
System.out.println("Decrypting...");
|
|
Cipher pbeCipher2 = Cipher.getInstance(algo);
|
|
pbeCipher2.init(Cipher.DECRYPT_MODE, pbeKey, aps);
|
|
byte[] cleartext2 = pbeCipher2.doFinal(ciphertext);
|
|
System.out.println(" text[" + cleartext2.length + "]: " +
|
|
String.format("0x%0" + (cleartext2.length * 2) + "x",
|
|
new java.math.BigInteger(1, cleartext2)));
|
|
|
|
if (Arrays.equals(cleartext, cleartext2)) {
|
|
System.out.println(
|
|
"\nPass: decrypted ciphertext matches the original text\n");
|
|
} else {
|
|
throw new Exception(
|
|
"Fail: decrypted ciphertext does NOT match the original text");
|
|
}
|
|
}
|
|
}
|