365 lines
16 KiB
Java
365 lines
16 KiB
Java
/*
|
|
* Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @bug 5083253
|
|
* @run main CTSMode
|
|
* @summary Verify that CTR mode works as expected
|
|
* @author Valerie Peng
|
|
*/
|
|
|
|
import java.util.*;
|
|
import java.security.AlgorithmParameters;
|
|
import javax.crypto.*;
|
|
import javax.crypto.spec.*;
|
|
|
|
public class CTSMode {
|
|
|
|
private final static byte[] toByteArray(String s) {
|
|
char[] c = s.toCharArray();
|
|
byte[] t = new byte[c.length / 2];
|
|
int n = 0;
|
|
int d1 = -1;
|
|
int d2 = -1;
|
|
for (int i = 0; i < c.length; i++) {
|
|
char ch = c[i];
|
|
if (d1 == -1) {
|
|
d1 = Character.digit(ch, 16);
|
|
} else {
|
|
d2 = Character.digit(ch, 16);
|
|
if (d2 != -1) {
|
|
t[n++] = (byte)((d1 << 4) | d2);
|
|
d1 = -1;
|
|
d2 = -1;
|
|
}
|
|
}
|
|
}
|
|
if (d1 != -1) {
|
|
throw new RuntimeException();
|
|
}
|
|
if (n == t.length) {
|
|
return t;
|
|
}
|
|
byte[] b = new byte[n];
|
|
System.arraycopy(t, 0, b, 0, n);
|
|
return b;
|
|
}
|
|
|
|
private final static SecretKey KEY1 =
|
|
new SecretKeySpec(toByteArray("636869636b656e207465726979616b69"),
|
|
"AES");
|
|
|
|
private final static IvParameterSpec IV1 =
|
|
new IvParameterSpec(new byte[16]);
|
|
|
|
/*
|
|
* Use test vectors, i.e. PLAIN1 and CIPHER1, from the appendix B
|
|
* of RFC 3962 "Advanced Encryption Standard (AES) Encryption for
|
|
* Kerberos 5".
|
|
*/
|
|
private final static byte[][] PLAIN1 = {
|
|
toByteArray("4920776f756c64206c696b652074686520"),
|
|
toByteArray("4920776f756c64206c696b6520746865" +
|
|
"2047656e6572616c20476175277320"),
|
|
toByteArray("4920776f756c64206c696b6520746865" +
|
|
"2047656e6572616c2047617527732043"),
|
|
toByteArray("4920776f756c64206c696b6520746865" +
|
|
"2047656e6572616c2047617527732043" +
|
|
"6869636b656e2c20706c656173652c"),
|
|
toByteArray("4920776f756c64206c696b6520746865" +
|
|
"2047656e6572616c2047617527732043" +
|
|
"6869636b656e2c20706c656173652c20"),
|
|
toByteArray("4920776f756c64206c696b6520746865" +
|
|
"2047656e6572616c2047617527732043" +
|
|
"6869636b656e2c20706c656173652c20" +
|
|
"616e6420776f6e746f6e20736f75702e")
|
|
};
|
|
private final static byte[][] CIPHER1 = {
|
|
toByteArray("c6353568f2bf8cb4d8a580362da7ff7f97"),
|
|
toByteArray("fc00783e0efdb2c1d445d4c8eff7ed22" +
|
|
"97687268d6ecccc0c07b25e25ecfe5"),
|
|
toByteArray("39312523a78662d5be7fcbcc98ebf5a8" +
|
|
"97687268d6ecccc0c07b25e25ecfe584"),
|
|
toByteArray("97687268d6ecccc0c07b25e25ecfe584" +
|
|
"b3fffd940c16a18c1b5549d2f838029e" +
|
|
"39312523a78662d5be7fcbcc98ebf5"),
|
|
toByteArray("97687268d6ecccc0c07b25e25ecfe584" +
|
|
"9dad8bbb96c4cdc03bc103e1a194bbd8" +
|
|
"39312523a78662d5be7fcbcc98ebf5a8"),
|
|
toByteArray("97687268d6ecccc0c07b25e25ecfe584" +
|
|
"39312523a78662d5be7fcbcc98ebf5a8" +
|
|
"4807efe836ee89a526730dbc2f7bc840" +
|
|
"9dad8bbb96c4cdc03bc103e1a194bbd8"),
|
|
};
|
|
|
|
private final static byte[] IV2_SRC =
|
|
toByteArray("11223344556677880011223344556677");
|
|
|
|
private final static String[] ALGORITHMS2 = {
|
|
"DES", "DESede", "Blowfish", "AES"
|
|
};
|
|
private final static int[] KEYSIZES2 = {
|
|
8, 24, 16, 16
|
|
};
|
|
|
|
private static String toString(byte[] b) {
|
|
StringBuffer sb = new StringBuffer(b.length * 3);
|
|
for (int i = 0; i < b.length; i++) {
|
|
int k = b[i] & 0xff;
|
|
if (i != 0) {
|
|
sb.append(':');
|
|
}
|
|
sb.append(Character.forDigit(k >> 4, 16));
|
|
sb.append(Character.forDigit(k & 0xf, 16));
|
|
}
|
|
return sb.toString();
|
|
}
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
test1();
|
|
test2();
|
|
test3();
|
|
}
|
|
|
|
/**
|
|
* Test with the test vectors and see if results match.
|
|
*/
|
|
private static void test1() throws Exception {
|
|
for (int i = 0; i < PLAIN1.length; i++) {
|
|
String algo = KEY1.getAlgorithm();
|
|
int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo);
|
|
if (KEY1.getEncoded().length > MAX_KEYSIZE) {
|
|
// skip tests using keys whose length exceeds
|
|
// what's configured in jce jurisdiction policy files.
|
|
continue;
|
|
}
|
|
System.out.println("Running test1_" + i + " (" + algo + ")");
|
|
Cipher cipher = Cipher.getInstance(algo+ "/CTS/NoPadding",
|
|
"SunJCE");
|
|
byte[] plainText = PLAIN1[i];
|
|
byte[] cipherText = CIPHER1[i];
|
|
cipher.init(Cipher.ENCRYPT_MODE, KEY1, IV1);
|
|
byte[] enc = cipher.doFinal(plainText);
|
|
if (Arrays.equals(cipherText, enc) == false) {
|
|
System.out.println("plain: " + toString(plainText));
|
|
System.out.println("cipher: " + toString(cipherText));
|
|
System.out.println("actual: " + toString(enc));
|
|
throw new RuntimeException("Encryption failure for test " + i);
|
|
}
|
|
cipher.init(Cipher.DECRYPT_MODE, KEY1, IV1);
|
|
byte[] dec = cipher.doFinal(cipherText);
|
|
if (Arrays.equals(plainText, dec) == false) {
|
|
System.out.println("cipher: " + toString(cipherText));
|
|
System.out.println("plain: " + toString(plainText));
|
|
System.out.println("actual: " + toString(enc));
|
|
throw new RuntimeException("Decryption failure for test " + i);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Test with a combination of update/doFinal calls and make
|
|
* sure that same data is recovered after decryption.
|
|
*/
|
|
private static void test2() throws Exception {
|
|
for (int i = 0; i < ALGORITHMS2.length; i++) {
|
|
String algo = ALGORITHMS2[i];
|
|
System.out.println("Running test2_" + i + " (" + algo + ")");
|
|
int keySize = KEYSIZES2[i];
|
|
int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo);
|
|
if (keySize > MAX_KEYSIZE) {
|
|
// skip tests using keys whose length exceeds
|
|
// what's configured in jce jurisdiction policy files.
|
|
continue;
|
|
}
|
|
Cipher cipher =
|
|
Cipher.getInstance(algo+"/CTS/NoPadding", "SunJCE");
|
|
int blockSize = cipher.getBlockSize();
|
|
SecretKeySpec key = new SecretKeySpec(new byte[keySize], algo);
|
|
// Make sure encryption works for inputs with valid length
|
|
byte[] plainText = PLAIN1[3];
|
|
cipher.init(Cipher.ENCRYPT_MODE, key);
|
|
byte[] cipherText = new byte[plainText.length];
|
|
int firstPartLen = blockSize + 1;
|
|
int processed1 = cipher.update(plainText, 0, firstPartLen,
|
|
cipherText, 0);
|
|
int processed2 = cipher.doFinal(plainText, firstPartLen,
|
|
plainText.length-firstPartLen,
|
|
cipherText, processed1);
|
|
AlgorithmParameters params = cipher.getParameters();
|
|
if ((processed1 + processed2) != plainText.length) {
|
|
System.out.println("processed1 = " + processed1);
|
|
System.out.println("processed2 = " + processed2);
|
|
System.out.println("total length = " + plainText.length);
|
|
throw new RuntimeException("Encryption failure for test " + i);
|
|
}
|
|
// Make sure IllegalBlockSizeException is thrown for inputs
|
|
// with less-than-a-block length
|
|
try {
|
|
cipher.doFinal(new byte[blockSize-1]);
|
|
throw new RuntimeException("Expected IBSE is not thrown");
|
|
} catch (IllegalBlockSizeException ibse) {
|
|
}
|
|
// Make sure data is encrypted as in CBC mode for inputs
|
|
// which is exactly one block long
|
|
IvParameterSpec iv2 = new IvParameterSpec(IV2_SRC, 0, blockSize);
|
|
cipher.init(Cipher.ENCRYPT_MODE, key, iv2);
|
|
Cipher cipher2 =
|
|
Cipher.getInstance(algo+"/CBC/NoPadding", "SunJCE");
|
|
cipher2.init(Cipher.ENCRYPT_MODE, key, iv2);
|
|
|
|
byte[] eout = cipher.doFinal(IV2_SRC, 0, blockSize);
|
|
byte[] eout2 = cipher2.doFinal(IV2_SRC, 0, blockSize);
|
|
if (!Arrays.equals(eout, eout2)) {
|
|
throw new RuntimeException("Different encryption output " +
|
|
"for CBC and CTS");
|
|
}
|
|
// Make sure decryption works for inputs with valid length
|
|
cipher.init(Cipher.DECRYPT_MODE, key, params);
|
|
byte[] recoveredText =
|
|
new byte[cipher.getOutputSize(cipherText.length)];
|
|
processed1 = cipher.update(cipherText, 0, firstPartLen,
|
|
recoveredText, 0);
|
|
processed2 = cipher.update(cipherText, firstPartLen,
|
|
cipherText.length-firstPartLen,
|
|
recoveredText, processed1);
|
|
int processed3 =
|
|
cipher.doFinal(recoveredText, processed1+processed2);
|
|
if ((processed1 + processed2 + processed3) != plainText.length) {
|
|
System.out.println("processed1 = " + processed1);
|
|
System.out.println("processed2 = " + processed2);
|
|
System.out.println("processed3 = " + processed3);
|
|
System.out.println("total length = " + plainText.length);
|
|
throw new RuntimeException("Decryption failure for test " + i);
|
|
}
|
|
if (Arrays.equals(plainText, recoveredText) == false) {
|
|
System.out.println("plain: " + toString(plainText));
|
|
System.out.println("recovered: " + toString(recoveredText));
|
|
throw new RuntimeException("Decryption failure for test " + i);
|
|
}
|
|
// Make sure IllegalBlockSizeException is thrown for inputs
|
|
// with less-than-a-block length
|
|
try {
|
|
cipher.doFinal(new byte[blockSize-1]);
|
|
throw new RuntimeException("Expected IBSE is not thrown");
|
|
} catch (IllegalBlockSizeException ibse) {
|
|
}
|
|
// Make sure data is decrypted as in CBC mode for inputs
|
|
// which is exactly one block long
|
|
cipher.init(Cipher.DECRYPT_MODE, key, iv2);
|
|
cipher2.init(Cipher.DECRYPT_MODE, key, iv2);
|
|
byte[] dout = cipher.doFinal(eout);
|
|
byte[] dout2 = cipher2.doFinal(eout2);
|
|
if (!Arrays.equals(dout, dout2)) {
|
|
throw new RuntimeException("Different decryption output " +
|
|
"for CBC and CTS");
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Test with a shortBuffer and see if encryption/decryption
|
|
* still works correctly afterwards.
|
|
*/
|
|
private static void test3() throws Exception {
|
|
// Skip PLAIN1[0, 1, 2] due to their lengths
|
|
for (int i = 3; i < PLAIN1.length; i++) {
|
|
String algo = KEY1.getAlgorithm();
|
|
System.out.println("Running test3_" + i + " (" + algo + ")");
|
|
int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo);
|
|
if (KEY1.getEncoded().length > MAX_KEYSIZE) {
|
|
// skip tests using keys whose length exceeds
|
|
// what's configured in jce jurisdiction policy files.
|
|
continue;
|
|
}
|
|
Cipher cipher =
|
|
Cipher.getInstance(algo+ "/CTS/NoPadding", "SunJCE");
|
|
byte[] plainText = PLAIN1[i];
|
|
byte[] cipherText = CIPHER1[i];
|
|
byte[] enc = new byte[plainText.length];
|
|
cipher.init(Cipher.ENCRYPT_MODE, KEY1, IV1);
|
|
int halfInput = plainText.length/2;
|
|
int processed1 = cipher.update(plainText, 0, halfInput,
|
|
enc, 0);
|
|
try {
|
|
cipher.doFinal(plainText, halfInput,
|
|
plainText.length-halfInput,
|
|
new byte[1], 0);
|
|
throw new RuntimeException("Expected Exception is not thrown");
|
|
} catch (ShortBufferException sbe) {
|
|
// expected exception thrown; retry
|
|
int processed2 =
|
|
cipher.doFinal(plainText, halfInput,
|
|
plainText.length-halfInput,
|
|
enc, processed1);
|
|
if ((processed1 + processed2) != enc.length) {
|
|
System.out.println("processed1 = " + processed1);
|
|
System.out.println("processed2 = " + processed2);
|
|
System.out.println("total length = " + enc.length);
|
|
throw new RuntimeException("Encryption length check " +
|
|
"failed");
|
|
}
|
|
}
|
|
if (Arrays.equals(cipherText, enc) == false) {
|
|
System.out.println("plain: " + toString(plainText));
|
|
System.out.println("cipher: " + toString(cipherText));
|
|
System.out.println("actual: " + toString(enc));
|
|
throw new RuntimeException("Encryption failure for test " + i);
|
|
}
|
|
cipher.init(Cipher.DECRYPT_MODE, KEY1, IV1);
|
|
byte[] dec =
|
|
new byte[cipher.getOutputSize(cipherText.length)];
|
|
processed1 = cipher.update(cipherText, 0, halfInput,
|
|
dec, 0);
|
|
try {
|
|
cipher.update(cipherText, halfInput,
|
|
cipherText.length-halfInput,
|
|
new byte[1], 0);
|
|
throw new RuntimeException("Expected Exception is not thrown");
|
|
} catch (ShortBufferException sbe) {
|
|
// expected exception thrown; retry
|
|
int processed2 = cipher.update(cipherText, halfInput,
|
|
cipherText.length-halfInput,
|
|
dec, processed1);
|
|
int processed3 =
|
|
cipher.doFinal(dec, processed1+processed2);
|
|
if ((processed1 + processed2 + processed3) != dec.length) {
|
|
System.out.println("processed1 = " + processed1);
|
|
System.out.println("processed2 = " + processed2);
|
|
System.out.println("processed3 = " + processed3);
|
|
System.out.println("total length = " + dec.length);
|
|
throw new RuntimeException("Decryption length check " +
|
|
"failed");
|
|
}
|
|
}
|
|
if (Arrays.equals(plainText, dec) == false) {
|
|
System.out.println("cipher: " + toString(cipherText));
|
|
System.out.println("plain: " + toString(plainText));
|
|
System.out.println("actualD: " + toString(dec));
|
|
throw new RuntimeException("Decryption failure for test " + i);
|
|
}
|
|
}
|
|
}
|
|
}
|