8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy

Summary: Updated the failed cipher tests to work under unlimited policy Reviewed-by: xuelei

8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy
Summary: Updated the failed cipher tests to work under unlimited policy Reviewed-by: xuelei
767c1f0a · valeriep · 338be0a0 · 767c1f0a · 767c1f0a · 767c1f0a
7 changed file
--- a/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java
+++ b/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java
 /*
- * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -150,19 +150,8 @@ public class Dynamic {
            int offset = ci.update(plainText, 0, plainText.length, cipherText,
                    0);
            ci.doFinal(cipherText, offset);
+            ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
-            if (!mo.equalsIgnoreCase("ECB")) {
-                iv = ci.getIV();
-                aps = new IvParameterSpec(iv);
-            } else {
-                aps = null;
-            }
-            if (!mo.equalsIgnoreCase("GCM")) {
-                ci.init(Cipher.DECRYPT_MODE, key, aps);
-            } else {
-                ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
-            }
            byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)];
            int len = ci.doFinal(cipherText, 0, cipherText.length,
                    recoveredText);
@@ -174,12 +163,14 @@ public class Dynamic {
            result = Arrays.equals(plainText, tmp);
        } catch (NoSuchAlgorithmException nsaEx) {
-            nsaEx.printStackTrace();
            // CFB7 and OFB150 are negative test,SunJCE not support this
            // algorithm
            result = mo.equalsIgnoreCase("CFB7")
                    || mo.equalsIgnoreCase("OFB150");
+            if (!result) {
+                // only report unexpected exception
+                nsaEx.printStackTrace();
+            }
        }
        return result;
    }

--- a/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java
+++ b/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@ public class TestCipherBlowfish extends TestCipher {
                    "OFB", "OFB8", "OFB16", "OFB24", "OFB32", "OFB40", "OFB48", "OFB56",
                    "OFB64"},
                new String[]{"NoPaDDing", "PKCS5Padding"},
-                true);
+                32, 448);
    }
    public static void main(String[] args) throws Exception {

--- a/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
 import java.io.PrintStream;
 import java.security.AlgorithmParameters;
 import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import javax.crypto.Cipher;
 import javax.crypto.SecretKeyFactory;
@@ -69,6 +70,15 @@ public class AESPBEWrapper extends PBEWrapper {
     */
    @Override
    public boolean execute(int edMode, byte[] inputText, int offset, int len) {
+        boolean isUnlimited;
+        try {
+            isUnlimited =
+                (Cipher.getMaxAllowedKeyLength(this.algo) == Integer.MAX_VALUE);
+        } catch (NoSuchAlgorithmException nsae) {
+            out.println("Got unexpected exception for " + this.algo);
+            nsae.printStackTrace(out);
+            return false;
+        }
        try {
            // init Cipher
            if (Cipher.ENCRYPT_MODE == edMode) {
@@ -78,6 +88,11 @@ public class AESPBEWrapper extends PBEWrapper {
                ci.init(Cipher.DECRYPT_MODE, this.key, pbeParams);
            }
+            if (this.algo.endsWith("AES_256") && !isUnlimited) {
+                out.print("Expected exception not thrown for " + this.algo);
+                return false;
+            }
            // First, generate the cipherText at an allocated buffer
            byte[] outputText = ci.doFinal(inputText, offset, len);
@@ -86,29 +101,19 @@ public class AESPBEWrapper extends PBEWrapper {
            int off = ci.update(inputText, offset, len, inputText, myoff);
            ci.doFinal(inputText, myoff + off);
-            if (this.algo.endsWith("AES_256")) {
-                out.print("Expected exception uncaught, "
-                        + "keyStrength > 128 within " + this.algo);
-                return false;
-            }
            // Compare to see whether the two results are the same or not
            return equalsBlock(inputText, myoff, outputText, 0,
                    outputText.length);
        } catch (Exception ex) {
            if ((ex instanceof InvalidKeyException)
-                    && this.algo.endsWith("AES_256")) {
+                    && this.algo.endsWith("AES_256") && !isUnlimited) {
-                out.println("Expected InvalidKeyException exception: "
+                out.println("Expected InvalidKeyException thrown");
-                        + ex.getMessage());
                return true;
+            } else {
+                out.println("Got unexpected exception for " + algo);
+                ex.printStackTrace(out);
+                return false;
            }
-            out.println("Catch unexpected exception within " + algo);
-            ex.printStackTrace(out);
-            return false;
        }
    }
 }
--- a/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@ import java.security.spec.AlgorithmParameterSpec;
 import java.util.StringTokenizer;
 import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.io.PrintStream;
@@ -64,9 +65,25 @@ public class PBECipherWrapper extends PBEWrapper {
        StringTokenizer st = new StringTokenizer(algo, "/");
        String baseAlgo = st.nextToken().toUpperCase();
+        boolean isUnlimited;
+        try {
+            isUnlimited =
+                (Cipher.getMaxAllowedKeyLength(this.algo) == Integer.MAX_VALUE);
+        } catch (NoSuchAlgorithmException nsae) {
+            out.println("Got unexpected exception for " + this.algo);
+            nsae.printStackTrace(out);
+            return false;
+        }
        // Perform encryption or decryption depends on the specified edMode
        try {
            ci.init(edMode, key, aps);
+            if ((baseAlgo.endsWith("TRIPLEDES")
+                    || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
+                out.print("Expected InvalidKeyException not thrown: "
+                    + this.algo);
+                return false;
+            }
            // First, generate the cipherText at an allocated buffer
            byte[] outputText = ci.doFinal(inputText, offset, len);
@@ -78,33 +95,24 @@ public class PBECipherWrapper extends PBEWrapper {
            ci.doFinal(inputText, myoff + off);
-            if (baseAlgo.endsWith("TRIPLEDES")
-                    || baseAlgo.endsWith("AES_256")) {
-                out.print("Expected exception uncaught,"
-                        + "keyStrength > 128 within " + this.algo);
-                return false;
-            }
            // Compare to see whether the two results are the same or not
            boolean result = equalsBlock(inputText, myoff, outputText, 0,
                    outputText.length);
            return result;
        } catch (Exception ex) {
-            if ((ex instanceof InvalidKeyException)
+            if ((ex instanceof InvalidKeyException) &&
-                    && (baseAlgo.endsWith("TRIPLEDES")
+                    (baseAlgo.endsWith("TRIPLEDES")
-                    || baseAlgo.endsWith("AES_256"))) {
+                        || baseAlgo.endsWith("AES_256")) &&
-                out.println("Expected InvalidKeyException exception: "
+                !isUnlimited) {
-                        + ex.getMessage());
+                out.println("Expected InvalidKeyException thrown for "
+                    + algo);
                return true;
+            } else {
+                out.println("Got unexpected exception for " + algo);
+                ex.printStackTrace(out);
+                return false;
            }
-            out.println("Catch unexpected exception within " + algo);
-            ex.printStackTrace(out);
-            return false;
        }
    }
 }
--- a/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -119,6 +119,9 @@ public class TestCipherKeyWrapperPBEKey {
                = new StringTokenizer(algo, "/").nextToken().toUpperCase();
        boolean isAES = baseAlgo.contains("AES");
+        boolean isUnlimited =
+            (Cipher.getMaxAllowedKeyLength(algo) == Integer.MAX_VALUE);
        try {
            // Initialization
            new Random().nextBytes(salt);
@@ -128,7 +131,6 @@ public class TestCipherKeyWrapperPBEKey {
            SecretKey key = skf.generateSecret(new PBEKeySpec(
                    "Secret Key".toCharArray()));
            Cipher ci = Cipher.getInstance(algo);
            if (isAES) {
                ci.init(Cipher.WRAP_MODE, key);
                pbeParams = ci.getParameters();
@@ -145,10 +147,10 @@ public class TestCipherKeyWrapperPBEKey {
            Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
-            if (baseAlgo.endsWith("TRIPLEDES")
+            if ((baseAlgo.endsWith("TRIPLEDES")
-                    || baseAlgo.endsWith("AES_256")) {
+                    || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
                out.print(
-                        "InvalidKeyException not thrown when keyStrength > 128");
+                        "Expected InvalidKeyException not thrown");
                return false;
            }
@@ -157,8 +159,9 @@ public class TestCipherKeyWrapperPBEKey {
        } catch (InvalidKeyException ex) {
            if ((baseAlgo.endsWith("TRIPLEDES")
-                    || baseAlgo.endsWith("AES_256"))) {
+                    || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
-                out.println("Expected InvalidKeyException, keyStrength > 128");
+                out.print(
+                        "Expected InvalidKeyException thrown");
                return true;
            } else {
                throw ex;

--- a/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java
+++ b/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -79,6 +79,9 @@ public class TestCipherPBE {
        out.println("=> Testing: " + algorithm);
+        boolean isUnlimited =
+            (Cipher.getMaxAllowedKeyLength(algorithm) == Integer.MAX_VALUE);
        try {
            // Initialization
            AlgorithmParameterSpec algoParamSpec
@@ -98,9 +101,9 @@ public class TestCipherPBE {
            ci.init(Cipher.DECRYPT_MODE, secretKey, algoParamSpec);
            byte[] recoveredText = ci.doFinal(cipherText);
-            if (algorithm.contains("TripleDES")) {
+            if (algorithm.contains("TripleDES") && !isUnlimited) {
                throw new RuntimeException(
-                        "Expected InvalidKeyException exception uncaugh");
+                        "Expected InvalidKeyException not thrown");
            }
            // Comparison
@@ -110,8 +113,8 @@ public class TestCipherPBE {
            }
            out.println("Test Passed.");
        } catch (InvalidKeyException ex) {
-            if (algorithm.contains("TripleDES")) {
+            if (algorithm.contains("TripleDES") && !isUnlimited) {
-                out.println("Expected InvalidKeyException raised");
+                out.println("Expected InvalidKeyException thrown");
            } else {
                throw new RuntimeException(ex);
            }

--- a/test/com/sun/crypto/provider/Cipher/TestCipher.java
+++ b/test/com/sun/crypto/provider/Cipher/TestCipher.java
@@ -49,14 +49,13 @@ public abstract class TestCipher {
    private final String[] MODES;
    private final String[] PADDINGS;
-    /* Used to test cipher with different key strengths
+    /* Used to test variable-key-length ciphers:
-       Key size tested is increment of KEYCUTTER from MINIMUM_KEY_SIZE to
+       Key size tested is increment of KEYCUTTER from minKeySize
-       maximum allowed keysize.
+       to min(maxKeySize, Cipher.getMaxAllowedKeyLength(algo)).
-       DES/DESede/Blowfish work with currently selected key sizes.
    */
-    private final int variousKeySize;
    private final int KEYCUTTER = 8;
-    private final int MINIMUM_KEY_SIZE = 32;
+    private final int minKeySize;
+    private final int maxKeySize;
    // Used to assert that Encryption/Decryption works with same buffer
    // TEXT_LEN is multiple of blocks in order to work against ciphers w/ NoPadding
@@ -68,23 +67,28 @@ public abstract class TestCipher {
    private final byte[] IV;
    private final byte[] INPUT_TEXT;
+    // for variable-key-length ciphers
    TestCipher(String algo, String[] modes, String[] paddings,
-            boolean keyStrength) throws NoSuchAlgorithmException {
+            int minKeySize, int maxKeySize) throws NoSuchAlgorithmException {
        ALGORITHM = algo;
        MODES = modes;
        PADDINGS = paddings;
-        this.variousKeySize
+        this.minKeySize = minKeySize;
-                = keyStrength ? Cipher.getMaxAllowedKeyLength(ALGORITHM) : 0;
+        int maxAllowedKeySize = Cipher.getMaxAllowedKeyLength(ALGORITHM);
+        if (maxKeySize > maxAllowedKeySize) {
+            maxKeySize = maxAllowedKeySize;
+        }
+        this.maxKeySize = maxKeySize;
        IV = generateBytes(8);
        INPUT_TEXT = generateBytes(TEXT_LEN + PAD_BYTES + ENC_OFFSET);
    }
+    // for fixed-key-length ciphers
    TestCipher(String algo, String[] modes, String[] paddings) {
        ALGORITHM = algo;
        MODES = modes;
        PADDINGS = paddings;
-        variousKeySize = 0;
+        this.minKeySize = this.maxKeySize = 0;
        IV = generateBytes(8);
        INPUT_TEXT = generateBytes(TEXT_LEN + PAD_BYTES + ENC_OFFSET);
@@ -98,8 +102,8 @@ public abstract class TestCipher {
        return bytes;
    }
-    private boolean isKeyStrenthSupported() {
+    private boolean isMultipleKeyLengthSupported() {
-        return (variousKeySize != 0);
+        return (maxKeySize != minKeySize);
    }
    public void runAll() throws InvalidKeyException,
@@ -110,11 +114,11 @@ public abstract class TestCipher {
        for (String mode : MODES) {
            for (String padding : PADDINGS) {
-                if (!isKeyStrenthSupported()) {
+                if (!isMultipleKeyLengthSupported()) {
-                    runTest(mode, padding, 0);
+                    runTest(mode, padding, minKeySize);
                } else {
-                    int keySize = variousKeySize;
+                    int keySize = maxKeySize;
-                    while (keySize >= MINIMUM_KEY_SIZE) {
+                    while (keySize >= minKeySize) {
                        out.println("With Key Strength: " + keySize);
                        runTest(mode, padding, keySize);
                        keySize -= KEYCUTTER;
@@ -139,6 +143,7 @@ public abstract class TestCipher {
        if (keySize != 0) {
            kg.init(keySize);
        }
        SecretKey key = kg.generateKey();
        SecretKeySpec skeySpec = new SecretKeySpec(key.getEncoded(), ALGORITHM);
@@ -150,7 +155,6 @@ public abstract class TestCipher {
        }
        // Encryption
        byte[] plainText = INPUT_TEXT.clone();
        // Generate cipher and save to separate buffer