Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/com/sun/crypto/provider/Cipher/AES/TestGCMKeyAndIvCheck.java
38889 views
/*1* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 699676926* @library ../UTIL27* @build TestUtil28* @run main TestGCMKeyAndIvCheck29* @summary Ensure that same key+iv can't be repeated used for encryption.30* @author Valerie Peng31*/323334import java.security.*;35import javax.crypto.*;36import javax.crypto.spec.*;37import java.math.*;38import com.sun.crypto.provider.*;3940import java.util.*;4142public class TestGCMKeyAndIvCheck {4344private static final byte[] AAD = new byte[5];45private static final byte[] PT = new byte[18];4647private static void checkISE(Cipher c) throws Exception {48// Subsequent encryptions should fail49try {50c.updateAAD(AAD);51throw new Exception("Should throw ISE for updateAAD()");52} catch (IllegalStateException ise) {53// expected54}5556try {57c.update(PT);58throw new Exception("Should throw ISE for update()");59} catch (IllegalStateException ise) {60// expected61}62try {63c.doFinal(PT);64throw new Exception("Should throw ISE for doFinal()");65} catch (IllegalStateException ise) {66// expected67}68}6970public void test() throws Exception {71Cipher c = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");7273SecretKey key = new SecretKeySpec(new byte[16], "AES");74// First try parameter-less init.75c.init(Cipher.ENCRYPT_MODE, key);76c.updateAAD(AAD);77byte[] ctPlusTag = c.doFinal(PT);7879// subsequent encryption should fail unless re-init w/ different key+iv80checkISE(c);8182// Validate the retrieved parameters against the IV and tag length.83AlgorithmParameters params = c.getParameters();84if (params == null) {85throw new Exception("getParameters() should not return null");86}87GCMParameterSpec spec = params.getParameterSpec(GCMParameterSpec.class);88if (spec.getTLen() != (ctPlusTag.length - PT.length)*8) {89throw new Exception("Parameters contains incorrect TLen value");90}91if (!Arrays.equals(spec.getIV(), c.getIV())) {92throw new Exception("Parameters contains incorrect IV value");93}9495// Should be ok to use the same key+iv for decryption96c.init(Cipher.DECRYPT_MODE, key, params);97c.updateAAD(AAD);98byte[] recovered = c.doFinal(ctPlusTag);99if (!Arrays.equals(recovered, PT)) {100throw new Exception("decryption result mismatch");101}102103// Now try to encrypt again using the same key+iv; should fail also104try {105c.init(Cipher.ENCRYPT_MODE, key, params);106throw new Exception("Should throw exception when same key+iv is used");107} catch (InvalidAlgorithmParameterException iape) {108// expected109}110111// Now try to encrypt again using parameter-less init; should work112c.init(Cipher.ENCRYPT_MODE, key);113c.doFinal(PT);114115// make sure a different iv is used116byte[] iv = c.getIV();117if (Arrays.equals(spec.getIV(), iv)) {118throw new Exception("IV should be different now");119}120121// Now try to encrypt again using a different parameter; should work122c.init(Cipher.ENCRYPT_MODE, key, new GCMParameterSpec(128, new byte[30]));123c.updateAAD(AAD);124c.doFinal(PT);125// subsequent encryption should fail unless re-init w/ different key+iv126checkISE(c);127128// Now try decryption twice in a row; no re-init required and129// same parameters is used.130c.init(Cipher.DECRYPT_MODE, key, params);131c.updateAAD(AAD);132recovered = c.doFinal(ctPlusTag);133134c.updateAAD(AAD);135recovered = c.doFinal(ctPlusTag);136if (!Arrays.equals(recovered, PT)) {137throw new Exception("decryption result mismatch");138}139140// Now try decryption again and re-init using the same parameters141c.init(Cipher.DECRYPT_MODE, key, params);142c.updateAAD(AAD);143recovered = c.doFinal(ctPlusTag);144145// init to decrypt w/o parameters; should fail with IKE as146// javadoc specified147try {148c.init(Cipher.DECRYPT_MODE, key);149throw new Exception("Should throw IKE for dec w/o params");150} catch (InvalidKeyException ike) {151// expected152}153154// Lastly, try encryption AND decryption w/ wrong type of parameters,155// e.g. IvParameterSpec156try {157c.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));158throw new Exception("Should throw IAPE");159} catch (InvalidAlgorithmParameterException iape) {160// expected161}162try {163c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));164throw new Exception("Should throw IAPE");165} catch (InvalidAlgorithmParameterException iape) {166// expected167}168169System.out.println("Test Passed!");170}171172public static void main (String[] args) throws Exception {173TestGCMKeyAndIvCheck t = new TestGCMKeyAndIvCheck();174t.test();175}176}177178179180