stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d752f19611
jdk-24/test/jdk/sun/security/pkcs11/Cipher/TestChaChaPoly.java
Valerie Peng 5d8c1cc8a0 8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider 
Reviewed-by: jnimeh
2021-04-29 21:02:41 +00:00

322 lines
12 KiB
Java
Raw Blame History

/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8255410
* @library /test/lib ..
* @modules jdk.crypto.cryptoki
* @run main/othervm TestChaChaPoly
* @summary test for PKCS#11 ChaCha20-Poly1305 Cipher.
*/
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.GeneralSecurityException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import java.util.HexFormat;
import javax.crypto.Cipher;
import javax.crypto.spec.ChaCha20ParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.NoSuchPaddingException;
import jdk.test.lib.Utils;
public class TestChaChaPoly extends PKCS11Test {
private static final byte[] NONCE
= HexFormat.of().parseHex("012345670123456701234567");
private static final SecretKeySpec KEY = new SecretKeySpec(
HexFormat.of().parseHex("0123456701234567012345670123456701234567012345670123456701234567"),
"ChaCha20");
private static final ChaCha20ParameterSpec CHACHA20_PARAM_SPEC
= new ChaCha20ParameterSpec(NONCE, 0);
private static final IvParameterSpec IV_PARAM_SPEC
= new IvParameterSpec(NONCE);
private static final String ALGO = "ChaCha20-Poly1305";
private static final SecureRandom RAND = new SecureRandom();
private static Provider p;
@Override
public void main(Provider p) throws Exception {
System.out.println("Testing " + p.getName());
try {
Cipher.getInstance(ALGO, p);
} catch (NoSuchAlgorithmException nsae) {
System.out.println("Skip; no support for " + ALGO);
return;
}
this.p = p;
testTransformations();
testInit();
testAEAD();
testGetBlockSize();
testGetIV();
testInterop("SunJCE");
}
private static void testTransformations() throws Exception {
System.out.println("== transformations ==");
checkTransformation(p, ALGO, true);
checkTransformation(p, ALGO + "/None/NoPadding", true);
checkTransformation(p, ALGO + "/ECB/NoPadding", false);
checkTransformation(p, ALGO + "/None/PKCS5Padding", false);
}
private static void checkTransformation(Provider p, String t,
boolean expected) throws Exception {
try {
Cipher.getInstance(t, p);
if (!expected) {
throw new RuntimeException( "Should reject transformation: " +
t);
} else {
System.out.println("Accepted transformation: " + t);
}
} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
if (!expected) {
System.out.println("Rejected transformation: " + t);
} else {
throw new RuntimeException("Should accept transformation: " +
t, e);
}
}
}
private static void testInit() throws Exception {
testInitOnCrypt(Cipher.ENCRYPT_MODE);
testInitOnCrypt(Cipher.DECRYPT_MODE);
}
private static void testInitOnCrypt(int opMode) throws Exception {
System.out.println("== init (" + getOpModeName(opMode) + ") ==");
// Need to acquire new Cipher object as ChaCha20-Poly1305 cipher
// disallow reusing the same key and iv pair
Cipher.getInstance(ALGO, p).init(opMode, KEY, IV_PARAM_SPEC);
Cipher c = Cipher.getInstance(ALGO, p);
c.init(opMode, KEY, IV_PARAM_SPEC, RAND);
AlgorithmParameters params = c.getParameters();
Cipher.getInstance(ALGO, p).init(opMode, KEY, params, RAND);
try {
// try with invalid param
Cipher.getInstance(ALGO, p).init(opMode, KEY, CHACHA20_PARAM_SPEC);
throw new RuntimeException("Should reject non-IvparameterSpec");
} catch (InvalidAlgorithmParameterException e) {
System.out.println("Expected IAPE - " + e);
}
}
private static void testAEAD() throws Exception {
byte[] expectedPt = HexFormat.of().parseHex("01234567");
byte[] ct = testUpdateAAD(Cipher.ENCRYPT_MODE, expectedPt);
byte[] pt = testUpdateAAD(Cipher.DECRYPT_MODE, ct);
if (pt != null && !Arrays.equals(pt, expectedPt)) {
System.out.println("ciphertext: " + Arrays.toString(ct));
System.out.println("plaintext: " + Arrays.toString(pt));
throw new RuntimeException("AEAD failed");
}
}
private static byte[] testUpdateAAD(int opMode, byte[] input)
throws Exception {
String opModeName = getOpModeName(opMode);
System.out.println("== updateAAD (" + opModeName + ") ==");
byte[] aad = HexFormat.of().parseHex("0000");
ByteBuffer aadBuf = ByteBuffer.wrap(aad);
Cipher ccp = Cipher.getInstance(ALGO, p);
try {
ccp.updateAAD(aadBuf);
throw new RuntimeException(
"Should throw ISE for setting AAD on uninit'ed Cipher");
} catch (IllegalStateException e) {
System.out.println("Expected ISE - " + e);
}
ccp.init(opMode, KEY, IV_PARAM_SPEC);
ccp.update(input);
try {
ccp.updateAAD(aad);
throw new RuntimeException(
"Should throw ISE for setting AAD after update");
} catch (IllegalStateException e) {
System.out.println("Expected ISE - " + e);
}
ccp.init(opMode, KEY, IV_PARAM_SPEC);
ccp.updateAAD(aadBuf);
return ccp.doFinal(input);
}
private static void testGetBlockSize() throws Exception {
testGetBlockSize(Cipher.ENCRYPT_MODE);
testGetBlockSize(Cipher.DECRYPT_MODE);
}
private static void testGetBlockSize(int opMode) throws Exception {
System.out.println("== getBlockSize (" + getOpModeName(opMode) + ") ==");
Cipher c = Cipher.getInstance(ALGO, p);
if (c.getBlockSize() != 0) {
throw new RuntimeException("Block size must be 0");
}
}
private static void testGetIV() throws Exception {
testGetIV(Cipher.ENCRYPT_MODE);
testGetIV(Cipher.DECRYPT_MODE);
}
private static void testGetIV(int opMode) throws Exception {
System.out.println("== getIv (" + getOpModeName(opMode) + ") ==");
try {
Cipher.getInstance(ALGO, p).getIV();
Cipher.getInstance(ALGO, p).getParameters();
} catch (Exception e) {
throw new RuntimeException("Should not throw ex", e);
}
// first init w/ key only
AlgorithmParameters params = null;
for (int i = 0; i < 6; i++) {
System.out.println("IV test# " + i);
Cipher c = Cipher.getInstance(ALGO, p);
byte[] expectedIV = NONCE;
try {
switch (i) {
case 0 -> {
c.init(opMode, KEY);
expectedIV = null; // randomly-generated
}
case 1 -> {
c.init(opMode, KEY, RAND);
expectedIV = null; // randomly-generated
}
case 2 -> {
c.init(opMode, KEY, IV_PARAM_SPEC);
params = c.getParameters();
if (params == null) {
throw new RuntimeException("Params should not be null");
}
}
case 3 -> c.init(opMode, KEY, IV_PARAM_SPEC, RAND);
case 4 -> c.init(opMode, KEY, params);
case 5 -> c.init(opMode, KEY, params, RAND);
}
checkIV(c, expectedIV);
System.out.println("=> Passed");
} catch (GeneralSecurityException e) {
if (opMode == Cipher.DECRYPT_MODE && i < 2) {
System.out.println("=> Passed: Expected Ex thrown");
} else {
throw new RuntimeException("Should not throw ex", e);
}
}
}
}
private static void checkIV(Cipher c, byte[] expectedIv) {
// the specified cipher has been initialized; the returned IV and
// AlgorithmParameters object should be non-null
byte[] iv = c.getIV();
AlgorithmParameters params = c.getParameters();
// fail if either is null
if (iv == null || params == null) {
throw new RuntimeException("getIV()/getParameters() should " +
"not return null");
}
// check iv matches if not null
if (expectedIv != null && !Arrays.equals(expectedIv, iv)) {
throw new RuntimeException("IV should match expected value");
}
try {
byte[] iv2 = params.getParameterSpec(IvParameterSpec.class).getIV();
if (!Arrays.equals(iv, iv2)) {
throw new RuntimeException("IV values should be consistent");
}
} catch (InvalidParameterSpecException ipe) {
// should never happen
throw new AssertionError();
}
}
private static void testInterop(String interopProv) throws Exception {
testInterop(Cipher.getInstance(ALGO, p),
Cipher.getInstance(ALGO, interopProv));
testInterop(Cipher.getInstance(ALGO, interopProv),
Cipher.getInstance(ALGO, p));
}
private static void testInterop(Cipher encCipher, Cipher decCipher)
throws Exception {
System.out.println("Interop: " + encCipher.getProvider().getName() +
" -> " + encCipher.getProvider().getName());
byte[] pt = HexFormat.of().parseHex("012345678901234567890123456789");
encCipher.init(Cipher.ENCRYPT_MODE, KEY);
byte[] ct = encCipher.doFinal(pt);
decCipher.init(Cipher.DECRYPT_MODE, KEY, encCipher.getParameters());
byte[] pt2 = decCipher.doFinal(ct);
if (!Arrays.equals(pt, pt2)) {
System.out.println("HexDump/pt: " + HexFormat.of().formatHex(pt));
System.out.println("HexDump/pt2: " + HexFormat.of().formatHex(pt2));
throw new RuntimeException("Recovered data should match");
}
System.out.println("=> Passed");
}
private static String getOpModeName(int opMode) {
switch (opMode) {
case Cipher.ENCRYPT_MODE:
return "ENCRYPT";
case Cipher.DECRYPT_MODE:
return "DECRYPT";
case Cipher.WRAP_MODE:
return "WRAP";
case Cipher.UNWRAP_MODE:
return "UNWRAP";
default:
return "";
}
}
public static void main(String[] args) throws Exception {
main(new TestChaChaPoly(), args);
}
}
Reference in New Issue View Git Blame Copy Permalink