4898461: Support for ECB and CBC/PKCS5Padding

Summary: Add support for ECB mode and PKCS5Padding Reviewed-by: andreas

4898461: Support for ECB and CBC/PKCS5Padding
Summary: Add support for ECB mode and PKCS5Padding Reviewed-by: andreas
c07dea0d · valeriep · fd4ec021 · c07dea0d · c07dea0d · c07dea0d
3 changed file
--- a/src/share/classes/sun/security/pkcs11/P11Cipher.java
+++ b/src/share/classes/sun/security/pkcs11/P11Cipher.java
--- a/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/share/classes/sun/security/pkcs11/SunPKCS11.java
 /*
- * Copyright 2003-2007 Sun Microsystems, Inc.  All Rights Reserved.
+ * Copyright 2003-2008 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -601,14 +601,26 @@ public final class SunPKCS11 extends AuthProvider {
        // XXX attributes for Ciphers (supported modes, padding)
        d(CIP, "ARCFOUR",                       P11Cipher,      s("RC4"),
                m(CKM_RC4));
-        // XXX only CBC/NoPadding for block ciphers
        d(CIP, "DES/CBC/NoPadding",             P11Cipher,
                m(CKM_DES_CBC));
+        d(CIP, "DES/CBC/PKCS5Padding",          P11Cipher,
+                m(CKM_DES_CBC_PAD, CKM_DES_CBC));
+        d(CIP, "DES/ECB",                       P11Cipher,      s("DES"),
+                m(CKM_DES_ECB));
        d(CIP, "DESede/CBC/NoPadding",          P11Cipher,
                m(CKM_DES3_CBC));
+        d(CIP, "DESede/CBC/PKCS5Padding",       P11Cipher,
+                m(CKM_DES3_CBC_PAD, CKM_DES3_CBC));
+        d(CIP, "DESede/ECB",                    P11Cipher,      s("DESede"),
+                m(CKM_DES3_ECB));
        d(CIP, "AES/CBC/NoPadding",             P11Cipher,
                m(CKM_AES_CBC));
-        d(CIP, "Blowfish/CBC/NoPadding",        P11Cipher,
+        d(CIP, "AES/CBC/PKCS5Padding",          P11Cipher,
+                m(CKM_AES_CBC_PAD, CKM_AES_CBC));
+        d(CIP, "AES/ECB",                       P11Cipher,      s("AES"),
+                m(CKM_AES_ECB));
+        d(CIP, "Blowfish/CBC",                  P11Cipher,
                m(CKM_BLOWFISH_CBC));
        // XXX RSA_X_509, RSA_OAEP not yet supported

--- a/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java
+++ b/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java
+/*
+ * Copyright 2008 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modi
+fy it
+ * under the terms of the GNU General Public License version 2 onl
+y, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, bu
+t WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABIL
+ITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public L
+icense
+ * version 2 for more details (a copy is included in the LICENSE f
+ile that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public Licen
+se version
+ * 2 along with this work; if not, write to the Free Software Foun
+dation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, San
+ta Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional inform
+ation or
+ * have any questions.
+ */
+/**
+ * @test %I% %E%
+ * @bug 4898461
+ * @summary basic test for symmetric ciphers with padding
+ * @author Valerie Peng
+ * @library ..
+ */
+import java.io.*;
+import java.nio.*;
+import java.util.*;
+import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
+import javax.crypto.*;
+import javax.crypto.spec.IvParameterSpec;
+public class TestSymmCiphers extends PKCS11Test {
+    private static class CI { // class for holding Cipher Information
+        String transformation;
+        String keyAlgo;
+        int dataSize;
+        CI(String transformation, String keyAlgo, int dataSize) {
+            this.transformation = transformation;
+            this.keyAlgo = keyAlgo;
+            this.dataSize = dataSize;
+        }
+    }
+    private static final CI[] TEST_LIST = {
+        new CI("ARCFOUR", "ARCFOUR", 400),
+        new CI("RC4", "RC4", 401),
+        new CI("DES/CBC/NoPadding", "DES", 400),
+        new CI("DESede/CBC/NoPadding", "DESede", 160),
+        new CI("AES/CBC/NoPadding", "AES", 4800),
+        new CI("Blowfish/CBC/NoPadding", "Blowfish", 24),
+        new CI("DES/cbc/PKCS5Padding", "DES", 6401),
+        new CI("DESede/CBC/PKCS5Padding", "DESede", 402),
+        new CI("AES/CBC/PKCS5Padding", "AES", 30),
+        new CI("Blowfish/CBC/PKCS5Padding", "Blowfish", 19),
+        new CI("DES/ECB/NoPadding", "DES", 400),
+        new CI("DESede/ECB/NoPadding", "DESede", 160),
+        new CI("AES/ECB/NoPadding", "AES", 4800),
+        new CI("DES/ECB/PKCS5Padding", "DES", 32),
+        new CI("DES/ECB/PKCS5Padding", "DES", 6400),
+        new CI("DESede/ECB/PKCS5Padding", "DESede", 400),
+        new CI("AES/ECB/PKCS5Padding", "AES", 64),
+        new CI("DES", "DES", 6400),
+        new CI("DESede", "DESede", 408),
+        new CI("AES", "AES", 128)
+    };
+    private static StringBuffer debugBuf = new StringBuffer();
+    public void main(Provider p) throws Exception {
+        // NSS reports CKR_DEVICE_ERROR when the data passed to
+        // its EncryptUpdate/DecryptUpdate is not multiple of blocks
+        int firstBlkSize = 16;
+        boolean status = true;
+        Random random = new Random();
+        try {
+            for (int i = 0; i < TEST_LIST.length; i++) {
+                CI currTest = TEST_LIST[i];
+                System.out.println("===" + currTest.transformation + "===");
+                try {
+                    KeyGenerator kg =
+                            KeyGenerator.getInstance(currTest.keyAlgo, p);
+                    SecretKey key = kg.generateKey();
+                    Cipher c1 = Cipher.getInstance(currTest.transformation, p);
+                    Cipher c2 = Cipher.getInstance(currTest.transformation,
+                            "SunJCE");
+                    byte[] plainTxt = new byte[currTest.dataSize];
+                    random.nextBytes(plainTxt);
+                    System.out.println("Testing inLen = " + plainTxt.length);
+                    c2.init(Cipher.ENCRYPT_MODE, key);
+                    AlgorithmParameters params = c2.getParameters();
+                    byte[] answer = c2.doFinal(plainTxt);
+                    System.out.println("Encryption tests: START");
+                    test(c1, Cipher.ENCRYPT_MODE, key, params, firstBlkSize,
+                            plainTxt, answer);
+                    System.out.println("Encryption tests: DONE");
+                    c2.init(Cipher.DECRYPT_MODE, key, params);
+                    byte[] answer2 = c2.doFinal(answer);
+                    System.out.println("Decryption tests: START");
+                    test(c1, Cipher.DECRYPT_MODE, key, params, firstBlkSize,
+                            answer, answer2);
+                    System.out.println("Decryption tests: DONE");
+                } catch (NoSuchAlgorithmException nsae) {
+                    System.out.println("Skipping unsupported algorithm: " +
+                            nsae);
+                }
+            }
+        } catch (Exception ex) {
+            // print out debug info when exception is encountered
+            if (debugBuf != null) {
+                System.out.println(debugBuf.toString());
+                debugBuf = new StringBuffer();
+            }
+            throw ex;
+        }
+    }
+    private static void test(Cipher cipher, int mode, SecretKey key,
+            AlgorithmParameters params, int firstBlkSize,
+            byte[] in, byte[] answer) throws Exception {
+        // test setup
+        long startTime, endTime;
+        cipher.init(mode, key, params);
+        int outLen = cipher.getOutputSize(in.length);
+        //debugOut("Estimated output size = " + outLen + "\n");
+        // test data preparation
+        ByteBuffer inBuf = ByteBuffer.allocate(in.length);
+        inBuf.put(in);
+        inBuf.position(0);
+        ByteBuffer inDirectBuf = ByteBuffer.allocateDirect(in.length);
+        inDirectBuf.put(in);
+        inDirectBuf.position(0);
+        ByteBuffer outBuf = ByteBuffer.allocate(outLen);
+        ByteBuffer outDirectBuf = ByteBuffer.allocateDirect(outLen);
+        // test#1: byte[] in + byte[] out
+        //debugOut("Test#1:\n");
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        startTime = System.nanoTime();
+        byte[] temp = cipher.update(in, 0, firstBlkSize);
+        if (temp != null && temp.length > 0) {
+            baos.write(temp, 0, temp.length);
+        }
+        temp = cipher.doFinal(in, firstBlkSize, in.length - firstBlkSize);
+        if (temp != null && temp.length > 0) {
+            baos.write(temp, 0, temp.length);
+        }
+        byte[] testOut1 = baos.toByteArray();
+        endTime = System.nanoTime();
+        perfOut("stream InBuf + stream OutBuf: " +
+                (endTime - startTime));
+        match(testOut1, answer);
+        // test#2: Non-direct Buffer in + non-direct Buffer out
+        //debugOut("Test#2:\n");
+        //debugOut("inputBuf: " + inBuf + "\n");
+        //debugOut("outputBuf: " + outBuf + "\n");
+        startTime = System.nanoTime();
+        cipher.update(inBuf, outBuf);
+        cipher.doFinal(inBuf, outBuf);
+        endTime = System.nanoTime();
+        perfOut("non-direct InBuf + non-direct OutBuf: " +
+                (endTime - startTime));
+        match(outBuf, answer);
+        // test#3: Direct Buffer in + direc Buffer out
+        //debugOut("Test#3:\n");
+        //debugOut("(pre) inputBuf: " + inDirectBuf + "\n");
+        //debugOut("(pre) outputBuf: " + outDirectBuf + "\n");
+        startTime = System.nanoTime();
+        cipher.update(inDirectBuf, outDirectBuf);
+        cipher.doFinal(inDirectBuf, outDirectBuf);
+        endTime = System.nanoTime();
+        perfOut("direct InBuf + direct OutBuf: " +
+                (endTime - startTime));
+        //debugOut("(post) inputBuf: " + inDirectBuf + "\n");
+        //debugOut("(post) outputBuf: " + outDirectBuf + "\n");
+        match(outDirectBuf, answer);
+        // test#4: Direct Buffer in + non-direct Buffer out
+        //debugOut("Test#4:\n");
+        inDirectBuf.position(0);
+        outBuf.position(0);
+        //debugOut("inputBuf: " + inDirectBuf + "\n");
+        //debugOut("outputBuf: " + outBuf + "\n");
+        startTime = System.nanoTime();
+        cipher.update(inDirectBuf, outBuf);
+        cipher.doFinal(inDirectBuf, outBuf);
+        endTime = System.nanoTime();
+        perfOut("direct InBuf + non-direct OutBuf: " +
+                (endTime - startTime));
+        match(outBuf, answer);
+        // test#5: Non-direct Buffer in + direct Buffer out
+        //debugOut("Test#5:\n");
+        inBuf.position(0);
+        outDirectBuf.position(0);
+        //debugOut("(pre) inputBuf: " + inBuf + "\n");
+        //debugOut("(pre) outputBuf: " + outDirectBuf + "\n");
+        startTime = System.nanoTime();
+        cipher.update(inBuf, outDirectBuf);
+        cipher.doFinal(inBuf, outDirectBuf);
+        endTime = System.nanoTime();
+        perfOut("non-direct InBuf + direct OutBuf: " +
+                (endTime - startTime));
+        //debugOut("(post) inputBuf: " + inBuf + "\n");
+        //debugOut("(post) outputBuf: " + outDirectBuf + "\n");
+        match(outDirectBuf, answer);
+        debugBuf = null;
+    }
+    private static void perfOut(String msg) {
+        if (debugBuf != null) {
+            debugBuf.append("PERF>" + msg);
+        }
+    }
+    private static void debugOut(String msg) {
+        if (debugBuf != null) {
+            debugBuf.append(msg);
+        }
+    }
+    private static void match(byte[] b1, byte[] b2) throws Exception {
+        if (b1.length != b2.length) {
+            debugOut("got len   : " + b1.length + "\n");
+            debugOut("expect len: " + b2.length + "\n");
+            throw new Exception("mismatch - different length! got: " + b1.length + ", expect: " + b2.length + "\n");
+        } else {
+            for (int i = 0; i < b1.length; i++) {
+                if (b1[i] != b2[i]) {
+                    debugOut("got   : " + toString(b1) + "\n");
+                    debugOut("expect: " + toString(b2) + "\n");
+                    throw new Exception("mismatch");
+                }
+            }
+        }
+    }
+    private static void match(ByteBuffer bb, byte[] answer) throws Exception {
+        byte[] bbTemp = new byte[bb.position()];
+        bb.position(0);
+        bb.get(bbTemp, 0, bbTemp.length);
+        match(bbTemp, answer);
+    }
+    public static void main(String[] args) throws Exception {
+        main(new TestSymmCiphers());
+    }
+}