Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/pkcs11/Cipher/CancelMultipart.java
38855 views
1
/*

2
 * Copyright (c) 2021, Red Hat, Inc.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/*

25
 * @test

26
 * @bug 8258833

27
 * @library /lib/security ..

28
 * @run main/othervm CancelMultipart

29
 */

30


31
import java.lang.reflect.Field;

32
import java.nio.ByteBuffer;

33
import java.security.Key;

34
import java.security.Provider;

35
import java.security.ProviderException;

36
import javax.crypto.Cipher;

37
import javax.crypto.IllegalBlockSizeException;

38
import javax.crypto.spec.SecretKeySpec;

39


40
public class CancelMultipart extends PKCS11Test {

41


42
    private static Provider provider;

43
    private static Key key;

44


45
    static {

46
        key = new SecretKeySpec(new byte[16], "AES");

47
    }

48


49
    private static class SessionLeaker {

50
        private LeakOperation op;

51
        private LeakInputType type;

52


53
        SessionLeaker(LeakOperation op, LeakInputType type) {

54
            this.op = op;

55
            this.type = type;

56
        }

57


58
        private void leakAndTry() throws Exception {

59
            Cipher cipher = op.getCipher();

60
            try {

61
                type.doOperation(cipher,

62
                        (op instanceof LeakDecrypt ?

63
                                LeakInputType.DECRYPT_MODE :

64
                                null));

65
                throw new Exception("PKCS11Exception expected, invalid block"

66
                        + "size");

67
            } catch (ProviderException | IllegalBlockSizeException e) {

68
                // Exception expected - session returned to the SessionManager

69
                // should be cancelled. That's what will be tested now.

70
            }

71


72
            tryCipherInit();

73
        }

74
    }

75


76
    private static interface LeakOperation {

77
        Cipher getCipher() throws Exception;

78
    }

79


80
    private static interface LeakInputType {

81
        static int DECRYPT_MODE = 1;

82
        void doOperation(Cipher cipher, int mode) throws Exception;

83
    }

84


85
    private static class LeakDecrypt implements LeakOperation {

86
        public Cipher getCipher() throws Exception {

87
            Cipher cipher = Cipher.getInstance(

88
                    "AES/ECB/PKCS5Padding", provider);

89
            cipher.init(Cipher.DECRYPT_MODE, key);

90
            return cipher;

91
        }

92
    }

93


94
    private static class LeakByteBuffer implements LeakInputType {

95
        public void doOperation(Cipher cipher, int mode) throws Exception {

96
            if (mode == DECRYPT_MODE) {

97
                cipher.update(ByteBuffer.allocate(1), ByteBuffer.allocate(1));

98
                cipher.doFinal(ByteBuffer.allocate(0), ByteBuffer.allocate(1));

99
            }

100
        }

101
    }

102


103
    private static class LeakByteArray implements LeakInputType {

104
        public void doOperation(Cipher cipher, int mode) throws Exception {

105
            if (mode == DECRYPT_MODE) {

106
                cipher.update(new byte[1]);

107
                cipher.doFinal(new byte[1], 0, 0);

108
            }

109
        }

110
    }

111


112
    public static void main(String[] args) throws Exception {

113
        main(new CancelMultipart(), args);

114
    }

115


116
    @Override

117
    public void main(Provider p) throws Exception {

118
        init(p);

119


120
        // Try multiple paths:

121


122
        executeTest(new SessionLeaker(new LeakDecrypt(), new LeakByteArray()),

123
                "P11Cipher::implDoFinal(byte[], int, int)");

124


125
        executeTest(new SessionLeaker(new LeakDecrypt(), new LeakByteBuffer()),

126
                "P11Cipher::implDoFinal(ByteBuffer)");

127


128
        System.out.println("TEST PASS - OK");

129
    }

130


131
    private static void executeTest(SessionLeaker sl, String testName)

132
            throws Exception {

133
        try {

134
            sl.leakAndTry();

135
            System.out.println(testName +  ": OK");

136
        } catch (Exception e) {

137
            System.out.println(testName +  ": FAILED");

138
            throw e;

139
        }

140
    }

141


142
    private static void init(Provider p) throws Exception {

143
        provider = p;

144


145
        // The max number of sessions is 2 because, in addition to the

146
        // operation (i.e. PKCS11::getNativeKeyInfo), a session to hold

147
        // the P11Key object is needed.

148
        setMaxSessions(2);

149
    }

150


151
    /*

152
     * This method is intended to generate pression on the number of sessions

153
     * to be used from the NSS Software Token, so sessions with (potentially)

154
     * active operations are reused.

155
     */

156
    private static void setMaxSessions(int maxSessions) throws Exception {

157
        Field tokenField = Class.forName("sun.security.pkcs11.SunPKCS11")

158
                .getDeclaredField("token");

159
        tokenField.setAccessible(true);

160
        Field sessionManagerField = Class.forName("sun.security.pkcs11.Token")

161
                .getDeclaredField("sessionManager");

162
        sessionManagerField.setAccessible(true);

163
        Field maxSessionsField = Class.forName("sun.security.pkcs11.SessionManager")

164
                .getDeclaredField("maxSessions");

165
        maxSessionsField.setAccessible(true);

166
        Object sessionManagerObj = sessionManagerField.get(

167
                tokenField.get(provider));

168
        maxSessionsField.setInt(sessionManagerObj, maxSessions);

169
    }

170


171
    private static void tryCipherInit() throws Exception {

172
        Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding", provider);

173


174
        // A CKR_OPERATION_ACTIVE error may be thrown if a session was

175
        // returned to the Session Manager with an active operation, and

176
        // we try to initialize the Cipher using it.

177
        //

178
        // Given that the maximum number of sessions was forced to 2, we know

179
        // that the session to be used here was already used in a previous

180
        // (failed) operation. Thus, the test asserts that the operation was

181
        // properly cancelled.

182
        cipher.init(Cipher.ENCRYPT_MODE, key);

183


184
        // If initialization passes, finish gracefully so other paths can

185
        // be tested under the current maximum number of sessions.

186
        cipher.doFinal(new byte[16], 0, 0);

187
    }

188
}

189


190