4ab7e98c79
Co-authored-by: Francisco Ferrari Bihurriet <fferrari@openjdk.org> Co-authored-by: Martin Balao <mbalao@openjdk.org> Reviewed-by: valeriep
256 lines
10 KiB
Java
256 lines
10 KiB
Java
/*
|
|
* Copyright (c) 2024, Red Hat, Inc.
|
|
*
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
import javax.crypto.Cipher;
|
|
import javax.crypto.spec.IvParameterSpec;
|
|
import javax.crypto.spec.SecretKeySpec;
|
|
import java.nio.ByteBuffer;
|
|
import java.nio.charset.StandardCharsets;
|
|
import java.security.Key;
|
|
import java.security.Provider;
|
|
import java.util.Arrays;
|
|
import java.util.HexFormat;
|
|
import java.util.stream.IntStream;
|
|
|
|
/*
|
|
* @test
|
|
* @bug 8330842
|
|
* @summary test AES CTS multipart operations with SunPKCS11
|
|
* @library /test/lib ..
|
|
* @run main/othervm/timeout=120 TestCipherTextStealingMultipart
|
|
*/
|
|
|
|
public class TestCipherTextStealingMultipart extends PKCS11Test {
|
|
private static final String LF = System.lineSeparator();
|
|
private static final String ALGORITHM = "AES/CTS/NoPadding";
|
|
private static final int BLOCK_SIZE = 16;
|
|
private static final Key KEY =
|
|
new SecretKeySpec("AbCdEfGhIjKlMnOp".getBytes(), "AES");
|
|
private static final IvParameterSpec IV =
|
|
new IvParameterSpec("1234567890aBcDeF".getBytes());
|
|
|
|
private static final StringBuilder chunksDesc = new StringBuilder();
|
|
private static Provider sunPKCS11;
|
|
private static Cipher sunJCECipher;
|
|
|
|
private static byte[][] generateChunks(int totalLength, int[] chunkSizes) {
|
|
chunksDesc.setLength(0);
|
|
chunksDesc.append("Testing with ").append(totalLength)
|
|
.append(" bytes distributed in ").append(chunkSizes.length)
|
|
.append(" multipart updates:").append(LF);
|
|
int byteIdx = 0;
|
|
byte[][] plaintextChunks = new byte[chunkSizes.length][];
|
|
for (int chunkIdx = 0; chunkIdx < chunkSizes.length; chunkIdx++) {
|
|
byte[] chunk = new byte[chunkSizes[chunkIdx]];
|
|
for (int i = 0; i < chunk.length; i++) {
|
|
chunk[i] = (byte) ('A' + byteIdx++ / BLOCK_SIZE);
|
|
}
|
|
chunksDesc.append(" ").append(repr(chunk)).append(LF);
|
|
plaintextChunks[chunkIdx] = chunk;
|
|
}
|
|
return plaintextChunks;
|
|
}
|
|
|
|
private static byte[] computeExpected(byte[] jointPlaintext)
|
|
throws Exception {
|
|
byte[] ciphertext = sunJCECipher.doFinal(jointPlaintext);
|
|
if (ciphertext.length != jointPlaintext.length) {
|
|
throw new Exception("In CTS mode, ciphertext and plaintext should" +
|
|
" have the same length. However, SunJCE's CTS cipher " +
|
|
"returned a ciphertext of " + ciphertext.length + " bytes" +
|
|
" and plaintext has " + jointPlaintext.length + " bytes.");
|
|
}
|
|
return ciphertext;
|
|
}
|
|
|
|
private static byte[] join(byte[][] inputChunks, int totalLength) {
|
|
ByteBuffer outputBuf = ByteBuffer.allocate(totalLength);
|
|
for (byte[] inputChunk : inputChunks) {
|
|
outputBuf.put(inputChunk);
|
|
}
|
|
return outputBuf.array();
|
|
}
|
|
|
|
private static byte[][] split(byte[] input, int[] chunkSizes) {
|
|
ByteBuffer inputBuf = ByteBuffer.wrap(input);
|
|
byte[][] outputChunks = new byte[chunkSizes.length][];
|
|
for (int chunkIdx = 0; chunkIdx < chunkSizes.length; chunkIdx++) {
|
|
byte[] chunk = new byte[chunkSizes[chunkIdx]];
|
|
inputBuf.get(chunk);
|
|
outputChunks[chunkIdx] = chunk;
|
|
}
|
|
return outputChunks;
|
|
}
|
|
|
|
private enum CheckType {CIPHERTEXT, PLAINTEXT}
|
|
|
|
private enum OutputType {BYTE_ARRAY, DIRECT_BYTE_BUFFER}
|
|
|
|
private static void check(CheckType checkType, OutputType outputType,
|
|
byte[] expected, ByteBuffer actualBuf) throws Exception {
|
|
byte[] actual;
|
|
if (actualBuf.hasArray()) {
|
|
actual = actualBuf.array();
|
|
} else {
|
|
actual = new byte[actualBuf.position()];
|
|
actualBuf.position(0).get(actual);
|
|
}
|
|
if (!Arrays.equals(actual, expected)) {
|
|
throw new Exception("After " + switch (checkType) {
|
|
case CIPHERTEXT -> "encrypting";
|
|
case PLAINTEXT -> "decrypting";
|
|
} + " into a " + switch (outputType) {
|
|
case BYTE_ARRAY -> "byte[]";
|
|
case DIRECT_BYTE_BUFFER -> "direct ByteBuffer";
|
|
} + ", " + checkType.name().toLowerCase() + "s don't match:" + LF +
|
|
" Expected: " + repr(expected) + LF +
|
|
" Actual: " + repr(actual));
|
|
}
|
|
}
|
|
|
|
private static ByteBuffer encryptOrDecryptMultipart(int operation,
|
|
OutputType outputType, byte[][] inputChunks, int totalLength)
|
|
throws Exception {
|
|
Cipher cipher = Cipher.getInstance(ALGORITHM, sunPKCS11);
|
|
cipher.init(operation, KEY, IV);
|
|
ByteBuffer output = null;
|
|
int outOfs = 1;
|
|
switch (outputType) {
|
|
case BYTE_ARRAY -> {
|
|
output = ByteBuffer.allocate(totalLength);
|
|
for (byte[] inputChunk : inputChunks) {
|
|
output.put(cipher.update(inputChunk));
|
|
}
|
|
// Check that the output array offset does not affect the
|
|
// penultimate block length calculation.
|
|
byte[] tmpOut = new byte[cipher.getOutputSize(0) + outOfs];
|
|
cipher.doFinal(tmpOut, outOfs);
|
|
output.put(tmpOut, outOfs, tmpOut.length - outOfs);
|
|
}
|
|
case DIRECT_BYTE_BUFFER -> {
|
|
output = ByteBuffer.allocateDirect(totalLength);
|
|
for (byte[] inputChunk : inputChunks) {
|
|
cipher.update(ByteBuffer.wrap(inputChunk), output);
|
|
}
|
|
// Check that the output array offset does not affect the
|
|
// penultimate block length calculation.
|
|
ByteBuffer tmpOut = ByteBuffer.allocateDirect(
|
|
cipher.getOutputSize(0) + outOfs);
|
|
tmpOut.position(outOfs);
|
|
cipher.doFinal(ByteBuffer.allocate(0), tmpOut);
|
|
tmpOut.position(outOfs);
|
|
output.put(tmpOut);
|
|
}
|
|
}
|
|
return output;
|
|
}
|
|
|
|
private static void doMultipart(int... chunkSizes) throws Exception {
|
|
int totalLength = IntStream.of(chunkSizes).sum();
|
|
byte[][] plaintextChunks = generateChunks(totalLength, chunkSizes);
|
|
byte[] jointPlaintext = join(plaintextChunks, totalLength);
|
|
byte[] expectedCiphertext = computeExpected(jointPlaintext);
|
|
byte[][] ciphertextChunks = split(expectedCiphertext, chunkSizes);
|
|
|
|
for (OutputType outputType : OutputType.values()) {
|
|
// Encryption test
|
|
check(CheckType.CIPHERTEXT, outputType, expectedCiphertext,
|
|
encryptOrDecryptMultipart(Cipher.ENCRYPT_MODE, outputType,
|
|
plaintextChunks, totalLength));
|
|
// Decryption test
|
|
check(CheckType.PLAINTEXT, outputType, jointPlaintext,
|
|
encryptOrDecryptMultipart(Cipher.DECRYPT_MODE, outputType,
|
|
ciphertextChunks, totalLength));
|
|
}
|
|
}
|
|
|
|
private static String repr(byte[] data) {
|
|
if (data == null) {
|
|
return "<null>";
|
|
}
|
|
if (data.length == 0) {
|
|
return "<empty []>";
|
|
}
|
|
String lenRepr = " (" + data.length + " bytes)";
|
|
for (byte b : data) {
|
|
if (b < 32 || b > 126) {
|
|
return HexFormat.ofDelimiter(":").formatHex(data) + lenRepr;
|
|
}
|
|
}
|
|
return new String(data, StandardCharsets.US_ASCII) + lenRepr;
|
|
}
|
|
|
|
private static void initialize() throws Exception {
|
|
sunJCECipher = Cipher.getInstance(ALGORITHM, "SunJCE");
|
|
sunJCECipher.init(Cipher.ENCRYPT_MODE, KEY, IV);
|
|
}
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
initialize();
|
|
main(new TestCipherTextStealingMultipart(), args);
|
|
}
|
|
|
|
@Override
|
|
public void main(Provider p) throws Exception {
|
|
sunPKCS11 = p;
|
|
try {
|
|
// Test relevant combinations for 2, 3, and 4 update operations
|
|
int aesBSize = 16;
|
|
int[] points = new int[]{1, aesBSize - 1, aesBSize, aesBSize + 1};
|
|
for (int size1 : points) {
|
|
for (int size2 : points) {
|
|
if (size1 + size2 >= aesBSize) {
|
|
doMultipart(size1, size2);
|
|
}
|
|
for (int size3 : points) {
|
|
if (size1 + size2 + size3 >= aesBSize) {
|
|
doMultipart(size1, size2, size3);
|
|
}
|
|
for (int size4 : points) {
|
|
if (size1 + size2 + size3 + size4 >= aesBSize) {
|
|
doMultipart(size1, size2, size3, size4);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
doMultipart(17, 17, 17, 17, 17);
|
|
doMultipart(4, 2, 7, 1, 6, 12);
|
|
doMultipart(2, 15, 21, 26, 31, 26, 5, 30);
|
|
doMultipart(7, 12, 26, 8, 15, 2, 17, 16, 21, 2, 32, 29);
|
|
doMultipart(6, 7, 6, 1, 5, 16, 14, 1, 10, 16, 17, 8, 1, 13, 12);
|
|
doMultipart(16, 125, 19, 32, 32, 16, 17,
|
|
31, 19, 13, 16, 16, 32, 16, 16);
|
|
doMultipart(5, 30, 11, 9, 6, 14, 20, 6,
|
|
5, 18, 31, 33, 15, 29, 7, 9);
|
|
doMultipart(105, 8, 21, 27, 30, 101, 15, 20,
|
|
23, 33, 26, 6, 8, 2, 13, 17);
|
|
} catch (Exception e) {
|
|
System.out.print(chunksDesc);
|
|
throw e;
|
|
}
|
|
System.out.println("TEST PASS - OK");
|
|
}
|
|
}
|