269 lines
10 KiB
Java
269 lines
10 KiB
Java
/*
|
|
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/**
|
|
* @test
|
|
* @bug 8255410
|
|
* @library /test/lib ..
|
|
* @run main/othervm TestChaChaPolyNoReuse
|
|
* @summary Test PKCS#11 ChaCha20-Poly1305 Cipher Implementation
|
|
* (key/nonce reuse check)
|
|
*/
|
|
|
|
import java.util.*;
|
|
import javax.crypto.Cipher;
|
|
import java.security.spec.AlgorithmParameterSpec;
|
|
import java.security.Provider;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import javax.crypto.spec.ChaCha20ParameterSpec;
|
|
import javax.crypto.spec.IvParameterSpec;
|
|
import javax.crypto.spec.SecretKeySpec;
|
|
import javax.crypto.AEADBadTagException;
|
|
import javax.crypto.SecretKey;
|
|
import java.security.InvalidKeyException;
|
|
import java.security.InvalidAlgorithmParameterException;
|
|
|
|
public class TestChaChaPolyNoReuse extends PKCS11Test {
|
|
|
|
private static final String KEY_ALGO = "ChaCha20";
|
|
private static final String CIPHER_ALGO = "ChaCha20-Poly1305";
|
|
|
|
/**
|
|
* Basic TestMethod interface definition
|
|
*/
|
|
public interface TestMethod {
|
|
/**
|
|
* Runs the actual test case
|
|
*
|
|
* @param provider the provider to provide the requested Cipher obj.
|
|
*
|
|
* @return true if the test passes, false otherwise.
|
|
*/
|
|
boolean run(Provider p);
|
|
}
|
|
|
|
public static class TestData {
|
|
public TestData(String name, String keyStr, String nonceStr, int ctr,
|
|
int dir, String inputStr, String aadStr, String outStr) {
|
|
testName = Objects.requireNonNull(name);
|
|
HexFormat hex = HexFormat.of();
|
|
key = hex.parseHex(keyStr);
|
|
nonce = hex.parseHex(nonceStr);
|
|
if ((counter = ctr) < 0) {
|
|
throw new IllegalArgumentException(
|
|
"counter must be 0 or greater");
|
|
}
|
|
direction = dir;
|
|
if (direction != Cipher.ENCRYPT_MODE) {
|
|
throw new IllegalArgumentException(
|
|
"Direction must be ENCRYPT_MODE");
|
|
}
|
|
input = hex.parseHex(inputStr);
|
|
aad = (aadStr != null) ? hex.parseHex(aadStr) : null;
|
|
expOutput = hex.parseHex(outStr);
|
|
}
|
|
|
|
public final String testName;
|
|
public final byte[] key;
|
|
public final byte[] nonce;
|
|
public final int counter;
|
|
public final int direction;
|
|
public final byte[] input;
|
|
public final byte[] aad;
|
|
public final byte[] expOutput;
|
|
}
|
|
|
|
public static final List<TestData> aeadTestList =
|
|
new LinkedList<TestData>() {{
|
|
add(new TestData("RFC 7539 Sample AEAD Test Vector",
|
|
"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
|
|
"070000004041424344454647",
|
|
1, Cipher.ENCRYPT_MODE,
|
|
"4c616469657320616e642047656e746c656d656e206f662074686520636c6173" +
|
|
"73206f66202739393a204966204920636f756c64206f6666657220796f75206f" +
|
|
"6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73" +
|
|
"637265656e20776f756c642062652069742e",
|
|
"50515253c0c1c2c3c4c5c6c7",
|
|
"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d6" +
|
|
"3dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b36" +
|
|
"92ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc" +
|
|
"3ff4def08e4b7a9de576d26586cec64b61161ae10b594f09e26a7e902ecbd060" +
|
|
"0691"));
|
|
}};
|
|
|
|
/**
|
|
* Make sure we do not use this Cipher object without initializing it
|
|
* at all
|
|
*/
|
|
public static final TestMethod noInitTest = new TestMethod() {
|
|
@Override
|
|
public boolean run(Provider p) {
|
|
System.out.println("----- No Init Test -----");
|
|
try {
|
|
Cipher cipher = Cipher.getInstance(CIPHER_ALGO, p);
|
|
TestData testData = aeadTestList.get(0);
|
|
|
|
// Attempting to use the cipher without initializing it
|
|
// should throw an IllegalStateException
|
|
try {
|
|
cipher.updateAAD(testData.aad);
|
|
throw new RuntimeException(
|
|
"Expected IllegalStateException not thrown");
|
|
} catch (IllegalStateException ise) {
|
|
// Do nothing, this is what we expected to happen
|
|
}
|
|
} catch (Exception exc) {
|
|
System.out.println("Unexpected exception: " + exc);
|
|
exc.printStackTrace();
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Attempt to run two full encryption operations without an init in
|
|
* between.
|
|
*/
|
|
public static final TestMethod encTwiceNoInit = new TestMethod() {
|
|
@Override
|
|
public boolean run(Provider p) {
|
|
System.out.println("----- Encrypt 2nd time without init -----");
|
|
try {
|
|
AlgorithmParameterSpec spec;
|
|
Cipher cipher = Cipher.getInstance(CIPHER_ALGO, p);
|
|
TestData testData = aeadTestList.get(0);
|
|
spec = new IvParameterSpec(testData.nonce);
|
|
SecretKey key = new SecretKeySpec(testData.key, KEY_ALGO);
|
|
|
|
// Initialize and encrypt
|
|
cipher.init(testData.direction, key, spec);
|
|
cipher.updateAAD(testData.aad);
|
|
cipher.doFinal(testData.input);
|
|
System.out.println("First encryption complete");
|
|
|
|
// Now attempt to encrypt again without changing the key/IV
|
|
// This should fail.
|
|
try {
|
|
cipher.updateAAD(testData.aad);
|
|
} catch (IllegalStateException ise) {
|
|
// Do nothing, this is what we expected to happen
|
|
}
|
|
try {
|
|
cipher.doFinal(testData.input);
|
|
throw new RuntimeException(
|
|
"Expected IllegalStateException not thrown");
|
|
} catch (IllegalStateException ise) {
|
|
// Do nothing, this is what we expected to happen
|
|
}
|
|
} catch (Exception exc) {
|
|
System.out.println("Unexpected exception: " + exc);
|
|
exc.printStackTrace();
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Encrypt once successfully, then attempt to init with the same
|
|
* key and nonce.
|
|
*/
|
|
public static final TestMethod encTwiceInitSameParams = new TestMethod() {
|
|
@Override
|
|
public boolean run(Provider p) {
|
|
System.out.println("----- Encrypt, then init with same params " +
|
|
"-----");
|
|
try {
|
|
AlgorithmParameterSpec spec;
|
|
Cipher cipher = Cipher.getInstance(CIPHER_ALGO, p);
|
|
TestData testData = aeadTestList.get(0);
|
|
spec = new IvParameterSpec(testData.nonce);
|
|
SecretKey key = new SecretKeySpec(testData.key, KEY_ALGO);
|
|
|
|
// Initialize then encrypt
|
|
cipher.init(testData.direction, key, spec);
|
|
cipher.updateAAD(testData.aad);
|
|
cipher.doFinal(testData.input);
|
|
System.out.println("First encryption complete");
|
|
|
|
// Initializing after the completed encryption with
|
|
// the same key and nonce should fail.
|
|
try {
|
|
cipher.init(testData.direction, key, spec);
|
|
throw new RuntimeException(
|
|
"Expected IKE or IAPE not thrown");
|
|
} catch (InvalidKeyException |
|
|
InvalidAlgorithmParameterException e) {
|
|
// Do nothing, this is what we expected to happen
|
|
}
|
|
} catch (Exception exc) {
|
|
System.out.println("Unexpected exception: " + exc);
|
|
exc.printStackTrace();
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
};
|
|
|
|
public static final List<TestMethod> testMethodList =
|
|
Arrays.asList(noInitTest, encTwiceNoInit, encTwiceInitSameParams);
|
|
|
|
@Override
|
|
public void main(Provider p) throws Exception {
|
|
System.out.println("Testing " + p.getName());
|
|
try {
|
|
Cipher.getInstance(CIPHER_ALGO, p);
|
|
} catch (NoSuchAlgorithmException nsae) {
|
|
System.out.println("Skip; no support for " + CIPHER_ALGO);
|
|
return;
|
|
}
|
|
|
|
int testsPassed = 0;
|
|
int testNumber = 0;
|
|
|
|
for (TestMethod tm : testMethodList) {
|
|
testNumber++;
|
|
boolean result = tm.run(p);
|
|
System.out.println("Result: " + (result ? "PASS" : "FAIL"));
|
|
if (result) {
|
|
testsPassed++;
|
|
}
|
|
}
|
|
|
|
System.out.println("Total Tests: " + testNumber +
|
|
", Tests passed: " + testsPassed);
|
|
if (testsPassed < testNumber) {
|
|
throw new RuntimeException(
|
|
"Not all tests passed. See output for failure info");
|
|
}
|
|
}
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
main(new TestChaChaPolyNoReuse(), args);
|
|
}
|
|
}
|