From 767c1f0ad9ceff3040e0b65db016ff322ceeca94 Mon Sep 17 00:00:00 2001 From: valeriep Date: Wed, 16 Aug 2017 17:05:57 +0100 Subject: [PATCH] 8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy Summary: Updated the failed cipher tests to work under unlimited policy Reviewed-by: xuelei --- .../Cipher/AES/TestAESCiphers/Dynamic.java | 21 +++----- .../Cipher/Blowfish/TestCipherBlowfish.java | 4 +- .../PBE/PBESameBuffer/AESPBEWrapper.java | 39 ++++++++------- .../PBE/PBESameBuffer/PBECipherWrapper.java | 48 +++++++++++-------- .../PBE/TestCipherKeyWrapperPBEKey.java | 17 ++++--- .../provider/Cipher/PBE/TestCipherPBE.java | 13 +++-- .../crypto/provider/Cipher/TestCipher.java | 40 +++++++++------- 7 files changed, 98 insertions(+), 84 deletions(-) diff --git a/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java b/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java index 3aa6d29e8..91d7426b7 100644 --- a/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java +++ b/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -150,19 +150,8 @@ public class Dynamic { int offset = ci.update(plainText, 0, plainText.length, cipherText, 0); ci.doFinal(cipherText, offset); + ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters()); - if (!mo.equalsIgnoreCase("ECB")) { - iv = ci.getIV(); - aps = new IvParameterSpec(iv); - } else { - aps = null; - } - - if (!mo.equalsIgnoreCase("GCM")) { - ci.init(Cipher.DECRYPT_MODE, key, aps); - } else { - ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters()); - } byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)]; int len = ci.doFinal(cipherText, 0, cipherText.length, recoveredText); @@ -174,12 +163,14 @@ public class Dynamic { result = Arrays.equals(plainText, tmp); } catch (NoSuchAlgorithmException nsaEx) { - nsaEx.printStackTrace(); // CFB7 and OFB150 are negative test,SunJCE not support this // algorithm result = mo.equalsIgnoreCase("CFB7") || mo.equalsIgnoreCase("OFB150"); - + if (!result) { + // only report unexpected exception + nsaEx.printStackTrace(); + } } return result; } diff --git a/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java b/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java index 7006abc36..1fae3a073 100644 --- a/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java +++ b/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -42,7 +42,7 @@ public class TestCipherBlowfish extends TestCipher { "OFB", "OFB8", "OFB16", "OFB24", "OFB32", "OFB40", "OFB48", "OFB56", "OFB64"}, new String[]{"NoPaDDing", "PKCS5Padding"}, - true); + 32, 448); } public static void main(String[] args) throws Exception { diff --git a/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java b/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java index 16dd69ad3..b166fc19d 100644 --- a/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java +++ b/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ import java.io.PrintStream; import java.security.AlgorithmParameters; import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; import java.security.Provider; import javax.crypto.Cipher; import javax.crypto.SecretKeyFactory; @@ -69,6 +70,15 @@ public class AESPBEWrapper extends PBEWrapper { */ @Override public boolean execute(int edMode, byte[] inputText, int offset, int len) { + boolean isUnlimited; + try { + isUnlimited = + (Cipher.getMaxAllowedKeyLength(this.algo) == Integer.MAX_VALUE); + } catch (NoSuchAlgorithmException nsae) { + out.println("Got unexpected exception for " + this.algo); + nsae.printStackTrace(out); + return false; + } try { // init Cipher if (Cipher.ENCRYPT_MODE == edMode) { @@ -78,6 +88,11 @@ public class AESPBEWrapper extends PBEWrapper { ci.init(Cipher.DECRYPT_MODE, this.key, pbeParams); } + if (this.algo.endsWith("AES_256") && !isUnlimited) { + out.print("Expected exception not thrown for " + this.algo); + return false; + } + // First, generate the cipherText at an allocated buffer byte[] outputText = ci.doFinal(inputText, offset, len); @@ -86,29 +101,19 @@ public class AESPBEWrapper extends PBEWrapper { int off = ci.update(inputText, offset, len, inputText, myoff); ci.doFinal(inputText, myoff + off); - if (this.algo.endsWith("AES_256")) { - out.print("Expected exception uncaught, " - + "keyStrength > 128 within " + this.algo); - - return false; - } - // Compare to see whether the two results are the same or not return equalsBlock(inputText, myoff, outputText, 0, outputText.length); } catch (Exception ex) { if ((ex instanceof InvalidKeyException) - && this.algo.endsWith("AES_256")) { - out.println("Expected InvalidKeyException exception: " - + ex.getMessage()); - + && this.algo.endsWith("AES_256") && !isUnlimited) { + out.println("Expected InvalidKeyException thrown"); return true; + } else { + out.println("Got unexpected exception for " + algo); + ex.printStackTrace(out); + return false; } - - out.println("Catch unexpected exception within " + algo); - ex.printStackTrace(out); - - return false; } } } diff --git a/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java b/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java index e4a8509ca..6a61ca0bc 100644 --- a/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java +++ b/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.StringTokenizer; import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.io.PrintStream; @@ -64,9 +65,25 @@ public class PBECipherWrapper extends PBEWrapper { StringTokenizer st = new StringTokenizer(algo, "/"); String baseAlgo = st.nextToken().toUpperCase(); + boolean isUnlimited; + try { + isUnlimited = + (Cipher.getMaxAllowedKeyLength(this.algo) == Integer.MAX_VALUE); + } catch (NoSuchAlgorithmException nsae) { + out.println("Got unexpected exception for " + this.algo); + nsae.printStackTrace(out); + return false; + } + // Perform encryption or decryption depends on the specified edMode try { ci.init(edMode, key, aps); + if ((baseAlgo.endsWith("TRIPLEDES") + || baseAlgo.endsWith("AES_256")) && !isUnlimited) { + out.print("Expected InvalidKeyException not thrown: " + + this.algo); + return false; + } // First, generate the cipherText at an allocated buffer byte[] outputText = ci.doFinal(inputText, offset, len); @@ -78,33 +95,24 @@ public class PBECipherWrapper extends PBEWrapper { ci.doFinal(inputText, myoff + off); - if (baseAlgo.endsWith("TRIPLEDES") - || baseAlgo.endsWith("AES_256")) { - out.print("Expected exception uncaught," - + "keyStrength > 128 within " + this.algo); - - return false; - } - // Compare to see whether the two results are the same or not boolean result = equalsBlock(inputText, myoff, outputText, 0, outputText.length); return result; } catch (Exception ex) { - if ((ex instanceof InvalidKeyException) - && (baseAlgo.endsWith("TRIPLEDES") - || baseAlgo.endsWith("AES_256"))) { - out.println("Expected InvalidKeyException exception: " - + ex.getMessage()); - + if ((ex instanceof InvalidKeyException) && + (baseAlgo.endsWith("TRIPLEDES") + || baseAlgo.endsWith("AES_256")) && + !isUnlimited) { + out.println("Expected InvalidKeyException thrown for " + + algo); return true; + } else { + out.println("Got unexpected exception for " + algo); + ex.printStackTrace(out); + return false; } - - out.println("Catch unexpected exception within " + algo); - ex.printStackTrace(out); - - return false; } } } diff --git a/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java b/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java index cc237d054..ab7fd8aab 100644 --- a/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java +++ b/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -119,6 +119,9 @@ public class TestCipherKeyWrapperPBEKey { = new StringTokenizer(algo, "/").nextToken().toUpperCase(); boolean isAES = baseAlgo.contains("AES"); + boolean isUnlimited = + (Cipher.getMaxAllowedKeyLength(algo) == Integer.MAX_VALUE); + try { // Initialization new Random().nextBytes(salt); @@ -128,7 +131,6 @@ public class TestCipherKeyWrapperPBEKey { SecretKey key = skf.generateSecret(new PBEKeySpec( "Secret Key".toCharArray())); Cipher ci = Cipher.getInstance(algo); - if (isAES) { ci.init(Cipher.WRAP_MODE, key); pbeParams = ci.getParameters(); @@ -145,10 +147,10 @@ public class TestCipherKeyWrapperPBEKey { Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY); - if (baseAlgo.endsWith("TRIPLEDES") - || baseAlgo.endsWith("AES_256")) { + if ((baseAlgo.endsWith("TRIPLEDES") + || baseAlgo.endsWith("AES_256")) && !isUnlimited) { out.print( - "InvalidKeyException not thrown when keyStrength > 128"); + "Expected InvalidKeyException not thrown"); return false; } @@ -157,8 +159,9 @@ public class TestCipherKeyWrapperPBEKey { } catch (InvalidKeyException ex) { if ((baseAlgo.endsWith("TRIPLEDES") - || baseAlgo.endsWith("AES_256"))) { - out.println("Expected InvalidKeyException, keyStrength > 128"); + || baseAlgo.endsWith("AES_256")) && !isUnlimited) { + out.print( + "Expected InvalidKeyException thrown"); return true; } else { throw ex; diff --git a/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java b/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java index f30498932..97a52c912 100644 --- a/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java +++ b/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -79,6 +79,9 @@ public class TestCipherPBE { out.println("=> Testing: " + algorithm); + boolean isUnlimited = + (Cipher.getMaxAllowedKeyLength(algorithm) == Integer.MAX_VALUE); + try { // Initialization AlgorithmParameterSpec algoParamSpec @@ -98,9 +101,9 @@ public class TestCipherPBE { ci.init(Cipher.DECRYPT_MODE, secretKey, algoParamSpec); byte[] recoveredText = ci.doFinal(cipherText); - if (algorithm.contains("TripleDES")) { + if (algorithm.contains("TripleDES") && !isUnlimited) { throw new RuntimeException( - "Expected InvalidKeyException exception uncaugh"); + "Expected InvalidKeyException not thrown"); } // Comparison @@ -110,8 +113,8 @@ public class TestCipherPBE { } out.println("Test Passed."); } catch (InvalidKeyException ex) { - if (algorithm.contains("TripleDES")) { - out.println("Expected InvalidKeyException raised"); + if (algorithm.contains("TripleDES") && !isUnlimited) { + out.println("Expected InvalidKeyException thrown"); } else { throw new RuntimeException(ex); } diff --git a/test/com/sun/crypto/provider/Cipher/TestCipher.java b/test/com/sun/crypto/provider/Cipher/TestCipher.java index 9cb25c739..b5e50c842 100644 --- a/test/com/sun/crypto/provider/Cipher/TestCipher.java +++ b/test/com/sun/crypto/provider/Cipher/TestCipher.java @@ -49,14 +49,13 @@ public abstract class TestCipher { private final String[] MODES; private final String[] PADDINGS; - /* Used to test cipher with different key strengths - Key size tested is increment of KEYCUTTER from MINIMUM_KEY_SIZE to - maximum allowed keysize. - DES/DESede/Blowfish work with currently selected key sizes. + /* Used to test variable-key-length ciphers: + Key size tested is increment of KEYCUTTER from minKeySize + to min(maxKeySize, Cipher.getMaxAllowedKeyLength(algo)). */ - private final int variousKeySize; private final int KEYCUTTER = 8; - private final int MINIMUM_KEY_SIZE = 32; + private final int minKeySize; + private final int maxKeySize; // Used to assert that Encryption/Decryption works with same buffer // TEXT_LEN is multiple of blocks in order to work against ciphers w/ NoPadding @@ -68,23 +67,28 @@ public abstract class TestCipher { private final byte[] IV; private final byte[] INPUT_TEXT; + // for variable-key-length ciphers TestCipher(String algo, String[] modes, String[] paddings, - boolean keyStrength) throws NoSuchAlgorithmException { + int minKeySize, int maxKeySize) throws NoSuchAlgorithmException { ALGORITHM = algo; MODES = modes; PADDINGS = paddings; - this.variousKeySize - = keyStrength ? Cipher.getMaxAllowedKeyLength(ALGORITHM) : 0; - + this.minKeySize = minKeySize; + int maxAllowedKeySize = Cipher.getMaxAllowedKeyLength(ALGORITHM); + if (maxKeySize > maxAllowedKeySize) { + maxKeySize = maxAllowedKeySize; + } + this.maxKeySize = maxKeySize; IV = generateBytes(8); INPUT_TEXT = generateBytes(TEXT_LEN + PAD_BYTES + ENC_OFFSET); } + // for fixed-key-length ciphers TestCipher(String algo, String[] modes, String[] paddings) { ALGORITHM = algo; MODES = modes; PADDINGS = paddings; - variousKeySize = 0; + this.minKeySize = this.maxKeySize = 0; IV = generateBytes(8); INPUT_TEXT = generateBytes(TEXT_LEN + PAD_BYTES + ENC_OFFSET); @@ -98,8 +102,8 @@ public abstract class TestCipher { return bytes; } - private boolean isKeyStrenthSupported() { - return (variousKeySize != 0); + private boolean isMultipleKeyLengthSupported() { + return (maxKeySize != minKeySize); } public void runAll() throws InvalidKeyException, @@ -110,11 +114,11 @@ public abstract class TestCipher { for (String mode : MODES) { for (String padding : PADDINGS) { - if (!isKeyStrenthSupported()) { - runTest(mode, padding, 0); + if (!isMultipleKeyLengthSupported()) { + runTest(mode, padding, minKeySize); } else { - int keySize = variousKeySize; - while (keySize >= MINIMUM_KEY_SIZE) { + int keySize = maxKeySize; + while (keySize >= minKeySize) { out.println("With Key Strength: " + keySize); runTest(mode, padding, keySize); keySize -= KEYCUTTER; @@ -139,6 +143,7 @@ public abstract class TestCipher { if (keySize != 0) { kg.init(keySize); } + SecretKey key = kg.generateKey(); SecretKeySpec skeySpec = new SecretKeySpec(key.getEncoded(), ALGORITHM); @@ -150,7 +155,6 @@ public abstract class TestCipher { } // Encryption - byte[] plainText = INPUT_TEXT.clone(); // Generate cipher and save to separate buffer -- GitLab