/* * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 5083253 * @run main CTSMode * @summary Verify that CTR mode works as expected * @author Valerie Peng */ import java.util.*; import java.security.AlgorithmParameters; import javax.crypto.*; import javax.crypto.spec.*; public class CTSMode { private final static byte[] toByteArray(String s) { char[] c = s.toCharArray(); byte[] t = new byte[c.length / 2]; int n = 0; int d1 = -1; int d2 = -1; for (int i = 0; i < c.length; i++) { char ch = c[i]; if (d1 == -1) { d1 = Character.digit(ch, 16); } else { d2 = Character.digit(ch, 16); if (d2 != -1) { t[n++] = (byte)((d1 << 4) | d2); d1 = -1; d2 = -1; } } } if (d1 != -1) { throw new RuntimeException(); } if (n == t.length) { return t; } byte[] b = new byte[n]; System.arraycopy(t, 0, b, 0, n); return b; } private final static SecretKey KEY1 = new SecretKeySpec(toByteArray("636869636b656e207465726979616b69"), "AES"); private final static IvParameterSpec IV1 = new IvParameterSpec(new byte[16]); /* * Use test vectors, i.e. PLAIN1 and CIPHER1, from the appendix B * of RFC 3962 "Advanced Encryption Standard (AES) Encryption for * Kerberos 5". */ private final static byte[][] PLAIN1 = { toByteArray("4920776f756c64206c696b652074686520"), toByteArray("4920776f756c64206c696b6520746865" + "2047656e6572616c20476175277320"), toByteArray("4920776f756c64206c696b6520746865" + "2047656e6572616c2047617527732043"), toByteArray("4920776f756c64206c696b6520746865" + "2047656e6572616c2047617527732043" + "6869636b656e2c20706c656173652c"), toByteArray("4920776f756c64206c696b6520746865" + "2047656e6572616c2047617527732043" + "6869636b656e2c20706c656173652c20"), toByteArray("4920776f756c64206c696b6520746865" + "2047656e6572616c2047617527732043" + "6869636b656e2c20706c656173652c20" + "616e6420776f6e746f6e20736f75702e") }; private final static byte[][] CIPHER1 = { toByteArray("c6353568f2bf8cb4d8a580362da7ff7f97"), toByteArray("fc00783e0efdb2c1d445d4c8eff7ed22" + "97687268d6ecccc0c07b25e25ecfe5"), toByteArray("39312523a78662d5be7fcbcc98ebf5a8" + "97687268d6ecccc0c07b25e25ecfe584"), toByteArray("97687268d6ecccc0c07b25e25ecfe584" + "b3fffd940c16a18c1b5549d2f838029e" + "39312523a78662d5be7fcbcc98ebf5"), toByteArray("97687268d6ecccc0c07b25e25ecfe584" + "9dad8bbb96c4cdc03bc103e1a194bbd8" + "39312523a78662d5be7fcbcc98ebf5a8"), toByteArray("97687268d6ecccc0c07b25e25ecfe584" + "39312523a78662d5be7fcbcc98ebf5a8" + "4807efe836ee89a526730dbc2f7bc840" + "9dad8bbb96c4cdc03bc103e1a194bbd8"), }; private final static byte[] IV2_SRC = toByteArray("11223344556677880011223344556677"); private final static String[] ALGORITHMS2 = { "DES", "DESede", "Blowfish", "AES" }; private final static int[] KEYSIZES2 = { 8, 24, 16, 16 }; private static String toString(byte[] b) { StringBuffer sb = new StringBuffer(b.length * 3); for (int i = 0; i < b.length; i++) { int k = b[i] & 0xff; if (i != 0) { sb.append(':'); } sb.append(Character.forDigit(k >> 4, 16)); sb.append(Character.forDigit(k & 0xf, 16)); } return sb.toString(); } public static void main(String[] args) throws Exception { test1(); test2(); test3(); } /** * Test with the test vectors and see if results match. */ private static void test1() throws Exception { for (int i = 0; i < PLAIN1.length; i++) { String algo = KEY1.getAlgorithm(); int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo); if (KEY1.getEncoded().length > MAX_KEYSIZE) { // skip tests using keys whose length exceeds // what's configured in jce jurisdiction policy files. continue; } System.out.println("Running test1_" + i + " (" + algo + ")"); Cipher cipher = Cipher.getInstance(algo+ "/CTS/NoPadding", "SunJCE"); byte[] plainText = PLAIN1[i]; byte[] cipherText = CIPHER1[i]; cipher.init(Cipher.ENCRYPT_MODE, KEY1, IV1); byte[] enc = cipher.doFinal(plainText); if (Arrays.equals(cipherText, enc) == false) { System.out.println("plain: " + toString(plainText)); System.out.println("cipher: " + toString(cipherText)); System.out.println("actual: " + toString(enc)); throw new RuntimeException("Encryption failure for test " + i); } cipher.init(Cipher.DECRYPT_MODE, KEY1, IV1); byte[] dec = cipher.doFinal(cipherText); if (Arrays.equals(plainText, dec) == false) { System.out.println("cipher: " + toString(cipherText)); System.out.println("plain: " + toString(plainText)); System.out.println("actual: " + toString(enc)); throw new RuntimeException("Decryption failure for test " + i); } } } /** * Test with a combination of update/doFinal calls and make * sure that same data is recovered after decryption. */ private static void test2() throws Exception { for (int i = 0; i < ALGORITHMS2.length; i++) { String algo = ALGORITHMS2[i]; System.out.println("Running test2_" + i + " (" + algo + ")"); int keySize = KEYSIZES2[i]; int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo); if (keySize > MAX_KEYSIZE) { // skip tests using keys whose length exceeds // what's configured in jce jurisdiction policy files. continue; } Cipher cipher = Cipher.getInstance(algo+"/CTS/NoPadding", "SunJCE"); int blockSize = cipher.getBlockSize(); SecretKeySpec key = new SecretKeySpec(new byte[keySize], algo); // Make sure encryption works for inputs with valid length byte[] plainText = PLAIN1[3]; cipher.init(Cipher.ENCRYPT_MODE, key); byte[] cipherText = new byte[plainText.length]; int firstPartLen = blockSize + 1; int processed1 = cipher.update(plainText, 0, firstPartLen, cipherText, 0); int processed2 = cipher.doFinal(plainText, firstPartLen, plainText.length-firstPartLen, cipherText, processed1); AlgorithmParameters params = cipher.getParameters(); if ((processed1 + processed2) != plainText.length) { System.out.println("processed1 = " + processed1); System.out.println("processed2 = " + processed2); System.out.println("total length = " + plainText.length); throw new RuntimeException("Encryption failure for test " + i); } // Make sure IllegalBlockSizeException is thrown for inputs // with less-than-a-block length try { cipher.doFinal(new byte[blockSize-1]); throw new RuntimeException("Expected IBSE is not thrown"); } catch (IllegalBlockSizeException ibse) { } // Make sure data is encrypted as in CBC mode for inputs // which is exactly one block long IvParameterSpec iv2 = new IvParameterSpec(IV2_SRC, 0, blockSize); cipher.init(Cipher.ENCRYPT_MODE, key, iv2); Cipher cipher2 = Cipher.getInstance(algo+"/CBC/NoPadding", "SunJCE"); cipher2.init(Cipher.ENCRYPT_MODE, key, iv2); byte[] eout = cipher.doFinal(IV2_SRC, 0, blockSize); byte[] eout2 = cipher2.doFinal(IV2_SRC, 0, blockSize); if (!Arrays.equals(eout, eout2)) { throw new RuntimeException("Different encryption output " + "for CBC and CTS"); } // Make sure decryption works for inputs with valid length cipher.init(Cipher.DECRYPT_MODE, key, params); byte[] recoveredText = new byte[cipher.getOutputSize(cipherText.length)]; processed1 = cipher.update(cipherText, 0, firstPartLen, recoveredText, 0); processed2 = cipher.update(cipherText, firstPartLen, cipherText.length-firstPartLen, recoveredText, processed1); int processed3 = cipher.doFinal(recoveredText, processed1+processed2); if ((processed1 + processed2 + processed3) != plainText.length) { System.out.println("processed1 = " + processed1); System.out.println("processed2 = " + processed2); System.out.println("processed3 = " + processed3); System.out.println("total length = " + plainText.length); throw new RuntimeException("Decryption failure for test " + i); } if (Arrays.equals(plainText, recoveredText) == false) { System.out.println("plain: " + toString(plainText)); System.out.println("recovered: " + toString(recoveredText)); throw new RuntimeException("Decryption failure for test " + i); } // Make sure IllegalBlockSizeException is thrown for inputs // with less-than-a-block length try { cipher.doFinal(new byte[blockSize-1]); throw new RuntimeException("Expected IBSE is not thrown"); } catch (IllegalBlockSizeException ibse) { } // Make sure data is decrypted as in CBC mode for inputs // which is exactly one block long cipher.init(Cipher.DECRYPT_MODE, key, iv2); cipher2.init(Cipher.DECRYPT_MODE, key, iv2); byte[] dout = cipher.doFinal(eout); byte[] dout2 = cipher2.doFinal(eout2); if (!Arrays.equals(dout, dout2)) { throw new RuntimeException("Different decryption output " + "for CBC and CTS"); } } } /** * Test with a shortBuffer and see if encryption/decryption * still works correctly afterwards. */ private static void test3() throws Exception { // Skip PLAIN1[0, 1, 2] due to their lengths for (int i = 3; i < PLAIN1.length; i++) { String algo = KEY1.getAlgorithm(); System.out.println("Running test3_" + i + " (" + algo + ")"); int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo); if (KEY1.getEncoded().length > MAX_KEYSIZE) { // skip tests using keys whose length exceeds // what's configured in jce jurisdiction policy files. continue; } Cipher cipher = Cipher.getInstance(algo+ "/CTS/NoPadding", "SunJCE"); byte[] plainText = PLAIN1[i]; byte[] cipherText = CIPHER1[i]; byte[] enc = new byte[plainText.length]; cipher.init(Cipher.ENCRYPT_MODE, KEY1, IV1); int halfInput = plainText.length/2; int processed1 = cipher.update(plainText, 0, halfInput, enc, 0); try { cipher.doFinal(plainText, halfInput, plainText.length-halfInput, new byte[1], 0); throw new RuntimeException("Expected Exception is not thrown"); } catch (ShortBufferException sbe) { // expected exception thrown; retry int processed2 = cipher.doFinal(plainText, halfInput, plainText.length-halfInput, enc, processed1); if ((processed1 + processed2) != enc.length) { System.out.println("processed1 = " + processed1); System.out.println("processed2 = " + processed2); System.out.println("total length = " + enc.length); throw new RuntimeException("Encryption length check " + "failed"); } } if (Arrays.equals(cipherText, enc) == false) { System.out.println("plain: " + toString(plainText)); System.out.println("cipher: " + toString(cipherText)); System.out.println("actual: " + toString(enc)); throw new RuntimeException("Encryption failure for test " + i); } cipher.init(Cipher.DECRYPT_MODE, KEY1, IV1); byte[] dec = new byte[cipher.getOutputSize(cipherText.length)]; processed1 = cipher.update(cipherText, 0, halfInput, dec, 0); try { cipher.update(cipherText, halfInput, cipherText.length-halfInput, new byte[1], 0); throw new RuntimeException("Expected Exception is not thrown"); } catch (ShortBufferException sbe) { // expected exception thrown; retry int processed2 = cipher.update(cipherText, halfInput, cipherText.length-halfInput, dec, processed1); int processed3 = cipher.doFinal(dec, processed1+processed2); if ((processed1 + processed2 + processed3) != dec.length) { System.out.println("processed1 = " + processed1); System.out.println("processed2 = " + processed2); System.out.println("processed3 = " + processed3); System.out.println("total length = " + dec.length); throw new RuntimeException("Decryption length check " + "failed"); } } if (Arrays.equals(plainText, dec) == false) { System.out.println("cipher: " + toString(cipherText)); System.out.println("plain: " + toString(plainText)); System.out.println("actualD: " + toString(dec)); throw new RuntimeException("Decryption failure for test " + i); } } } }