1 /* 2 * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.io.PrintStream; 25 import java.security.AlgorithmParameters; 26 import java.security.InvalidKeyException; 27 import java.security.Key; 28 import java.security.Provider; 29 import java.security.Security; 30 import java.security.spec.AlgorithmParameterSpec; 31 import java.util.Arrays; 32 import java.util.Random; 33 import java.util.StringTokenizer; 34 import javax.crypto.Cipher; 35 import javax.crypto.SecretKey; 36 import javax.crypto.SecretKeyFactory; 37 import javax.crypto.spec.PBEKeySpec; 38 import javax.crypto.spec.PBEParameterSpec; 39 40 /** 41 * @test 42 * @bug 8041781 43 * @summary Test to see if key wrapper works correctly with PBEKey 44 * @author Yu-Ching (Valerie) PENG 45 * @author Bill Situ 46 * @author Yun Ke 47 * @run main TestCipherKeyWrapperPBEKey 48 * @key randomness 49 */ 50 public class TestCipherKeyWrapperPBEKey { 51 52 private static final String[] PBEAlgorithms = { 53 "pbeWithMD5ANDdes", 54 "PBEWithMD5AndDES/CBC/PKCS5Padding", 55 "PBEWithMD5AndTripleDES", 56 "PBEWithMD5AndTripleDES/CBC/PKCS5Padding", 57 "PBEwithSHA1AndDESede", 58 "PBEwithSHA1AndDESede/CBC/PKCS5Padding", 59 "PBEwithSHA1AndRC2_40", 60 "PBEwithSHA1Andrc2_40/CBC/PKCS5Padding", 61 "PBEWithSHA1AndRC2_128", 62 "PBEWithSHA1andRC2_128/CBC/PKCS5Padding", 63 "PBEWithSHA1AndRC4_40", 64 "PBEWithsha1AndRC4_40/ECB/NoPadding", 65 "PBEWithSHA1AndRC4_128", 66 "pbeWithSHA1AndRC4_128/ECB/NoPadding", 67 "PBEWithHmacSHA1AndAES_128", 68 "PBEWithHmacSHA224AndAES_128", 69 "PBEWithHmacSHA256AndAES_128", 70 "PBEWithHmacSHA384AndAES_128", 71 "PBEWithHmacSHA512AndAES_128", 72 "PBEWithHmacSHA1AndAES_256", 73 "PBEWithHmacSHA224AndAES_256", 74 "PBEWithHmacSHA256AndAES_256", 75 "PBEWithHmacSHA384AndAES_256", 76 "PBEWithHmacSHA512AndAES_256" 77 }; 78 79 public static void main(String[] args) { 80 81 TestCipherKeyWrapperPBEKey test = new TestCipherKeyWrapperPBEKey(); 82 Provider sunjce = Security.getProvider("SunJCE"); 83 84 if (!test.runAll(sunjce, System.out)) { 85 throw new RuntimeException("One or more tests have failed...."); 86 } 87 } 88 89 public boolean runAll(Provider p, PrintStream out) { 90 boolean finalResult = true; 91 92 for (String algorithm : PBEAlgorithms) { 93 out.println("Running test with " + algorithm + ":"); 94 try { 95 if (!runTest(p, algorithm, out)) { 96 finalResult = false; 97 out.println("STATUS: Failed"); 98 } else { 99 out.println("STATUS: Passed"); 100 } 101 } catch (Exception ex) { 102 finalResult = false; 103 ex.printStackTrace(out); 104 out.println("STATUS:Failed"); 105 } 106 } 107 108 return finalResult; 109 } 110 111 // Have a generic throws Exception as it can throw many different exceptions 112 public boolean runTest(Provider p, String algo, PrintStream out) 113 throws Exception { 114 115 byte[] salt = new byte[8]; 116 int ITERATION_COUNT = 1000; 117 AlgorithmParameters pbeParams = null; 118 119 String baseAlgo 120 = new StringTokenizer(algo, "/").nextToken().toUpperCase(); 121 boolean isAES = baseAlgo.contains("AES"); 122 123 try { 124 // Initialization 125 new Random().nextBytes(salt); 126 AlgorithmParameterSpec aps = new PBEParameterSpec(salt, 127 ITERATION_COUNT); 128 SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p); 129 SecretKey key = skf.generateSecret(new PBEKeySpec( 130 "Secret Key".toCharArray())); 131 Cipher ci = Cipher.getInstance(algo); 132 133 if (isAES) { 134 ci.init(Cipher.WRAP_MODE, key); 135 pbeParams = ci.getParameters(); 136 } else { 137 ci.init(Cipher.WRAP_MODE, key, aps); 138 } 139 140 byte[] keyWrapper = ci.wrap(key); 141 if (isAES) { 142 ci.init(Cipher.UNWRAP_MODE, key, pbeParams); 143 } else { 144 ci.init(Cipher.UNWRAP_MODE, key, aps); 145 } 146 147 Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY); 148 149 if (baseAlgo.endsWith("TRIPLEDES") 150 || baseAlgo.endsWith("AES_256")) { 151 out.print( 152 "InvalidKeyException not thrown when keyStrength > 128"); 153 return false; 154 } 155 156 return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())); 157 158 } catch (InvalidKeyException ex) { 159 160 if ((baseAlgo.endsWith("TRIPLEDES") 161 || baseAlgo.endsWith("AES_256"))) { 162 out.println("Expected InvalidKeyException, keyStrength > 128"); 163 return true; 164 } else { 165 throw ex; 166 } 167 } 168 } 169 }