1 /*
2 * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import java.io.PrintStream;
25 import java.security.AlgorithmParameters;
26 import java.security.InvalidKeyException;
27 import java.security.Key;
28 import java.security.Provider;
29 import java.security.Security;
30 import java.security.spec.AlgorithmParameterSpec;
31 import java.util.Arrays;
32 import java.util.Random;
33 import java.util.StringTokenizer;
34 import javax.crypto.Cipher;
35 import javax.crypto.SecretKey;
36 import javax.crypto.SecretKeyFactory;
37 import javax.crypto.spec.PBEKeySpec;
38 import javax.crypto.spec.PBEParameterSpec;
39
40 /**
41 * @test
42 * @bug 8041781
43 * @summary Test to see if key wrapper works correctly with PBEKey
44 * @author Yu-Ching (Valerie) PENG
45 * @author Bill Situ
46 * @author Yun Ke
47 * @run main TestCipherKeyWrapperPBEKey
48 * @key randomness
49 */
50 public class TestCipherKeyWrapperPBEKey {
51
52 private static final String[] PBEAlgorithms = {
53 "pbeWithMD5ANDdes",
54 "PBEWithMD5AndDES/CBC/PKCS5Padding",
55 "PBEWithMD5AndTripleDES",
56 "PBEWithMD5AndTripleDES/CBC/PKCS5Padding",
57 "PBEwithSHA1AndDESede",
58 "PBEwithSHA1AndDESede/CBC/PKCS5Padding",
59 "PBEwithSHA1AndRC2_40",
60 "PBEwithSHA1Andrc2_40/CBC/PKCS5Padding",
61 "PBEWithSHA1AndRC2_128",
62 "PBEWithSHA1andRC2_128/CBC/PKCS5Padding",
63 "PBEWithSHA1AndRC4_40",
64 "PBEWithsha1AndRC4_40/ECB/NoPadding",
65 "PBEWithSHA1AndRC4_128",
66 "pbeWithSHA1AndRC4_128/ECB/NoPadding",
67 "PBEWithHmacSHA1AndAES_128",
68 "PBEWithHmacSHA224AndAES_128",
69 "PBEWithHmacSHA256AndAES_128",
70 "PBEWithHmacSHA384AndAES_128",
71 "PBEWithHmacSHA512AndAES_128",
72 "PBEWithHmacSHA1AndAES_256",
73 "PBEWithHmacSHA224AndAES_256",
74 "PBEWithHmacSHA256AndAES_256",
75 "PBEWithHmacSHA384AndAES_256",
76 "PBEWithHmacSHA512AndAES_256"
77 };
78
79 public static void main(String[] args) {
80
81 TestCipherKeyWrapperPBEKey test = new TestCipherKeyWrapperPBEKey();
82 Provider sunjce = Security.getProvider("SunJCE");
83
84 if (!test.runAll(sunjce, System.out)) {
85 throw new RuntimeException("One or more tests have failed....");
86 }
87 }
88
89 public boolean runAll(Provider p, PrintStream out) {
90 boolean finalResult = true;
91
92 for (String algorithm : PBEAlgorithms) {
93 out.println("Running test with " + algorithm + ":");
94 try {
95 if (!runTest(p, algorithm, out)) {
96 finalResult = false;
97 out.println("STATUS: Failed");
98 } else {
99 out.println("STATUS: Passed");
100 }
101 } catch (Exception ex) {
102 finalResult = false;
103 ex.printStackTrace(out);
104 out.println("STATUS:Failed");
105 }
106 }
107
108 return finalResult;
109 }
110
111 // Have a generic throws Exception as it can throw many different exceptions
112 public boolean runTest(Provider p, String algo, PrintStream out)
113 throws Exception {
114
115 byte[] salt = new byte[8];
116 int ITERATION_COUNT = 1000;
117 AlgorithmParameters pbeParams = null;
118
119 String baseAlgo
120 = new StringTokenizer(algo, "/").nextToken().toUpperCase();
121 boolean isAES = baseAlgo.contains("AES");
122
123 try {
124 // Initialization
125 new Random().nextBytes(salt);
126 AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
127 ITERATION_COUNT);
128 SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
129 SecretKey key = skf.generateSecret(new PBEKeySpec(
130 "Secret Key".toCharArray()));
131 Cipher ci = Cipher.getInstance(algo);
132
133 if (isAES) {
134 ci.init(Cipher.WRAP_MODE, key);
135 pbeParams = ci.getParameters();
136 } else {
137 ci.init(Cipher.WRAP_MODE, key, aps);
138 }
139
140 byte[] keyWrapper = ci.wrap(key);
141 if (isAES) {
142 ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
143 } else {
144 ci.init(Cipher.UNWRAP_MODE, key, aps);
145 }
146
147 Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
148
149 if (baseAlgo.endsWith("TRIPLEDES")
150 || baseAlgo.endsWith("AES_256")) {
151 out.print(
152 "InvalidKeyException not thrown when keyStrength > 128");
153 return false;
154 }
155
156 return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
157
158 } catch (InvalidKeyException ex) {
159
160 if ((baseAlgo.endsWith("TRIPLEDES")
161 || baseAlgo.endsWith("AES_256"))) {
162 out.println("Expected InvalidKeyException, keyStrength > 128");
163 return true;
164 } else {
165 throw ex;
166 }
167 }
168 }
169 }