0N/A/*
2362N/A * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/*
0N/A * @test
0N/A * @bug 5083253
0N/A * @run main CTSMode
0N/A * @summary Verify that CTR mode works as expected
0N/A * @author Valerie Peng
0N/A */
0N/A
0N/Aimport java.util.*;
0N/Aimport java.security.AlgorithmParameters;
0N/Aimport javax.crypto.*;
0N/Aimport javax.crypto.spec.*;
0N/A
0N/Apublic class CTSMode {
0N/A
0N/A private final static byte[] toByteArray(String s) {
0N/A char[] c = s.toCharArray();
0N/A byte[] t = new byte[c.length / 2];
0N/A int n = 0;
0N/A int d1 = -1;
0N/A int d2 = -1;
0N/A for (int i = 0; i < c.length; i++) {
0N/A char ch = c[i];
0N/A if (d1 == -1) {
0N/A d1 = Character.digit(ch, 16);
0N/A } else {
0N/A d2 = Character.digit(ch, 16);
0N/A if (d2 != -1) {
0N/A t[n++] = (byte)((d1 << 4) | d2);
0N/A d1 = -1;
0N/A d2 = -1;
0N/A }
0N/A }
0N/A }
0N/A if (d1 != -1) {
0N/A throw new RuntimeException();
0N/A }
0N/A if (n == t.length) {
0N/A return t;
0N/A }
0N/A byte[] b = new byte[n];
0N/A System.arraycopy(t, 0, b, 0, n);
0N/A return b;
0N/A }
0N/A
0N/A private final static SecretKey KEY1 =
0N/A new SecretKeySpec(toByteArray("636869636b656e207465726979616b69"),
0N/A "AES");
0N/A
0N/A private final static IvParameterSpec IV1 =
0N/A new IvParameterSpec(new byte[16]);
0N/A
0N/A /*
0N/A * Use test vectors, i.e. PLAIN1 and CIPHER1, from the appendix B
0N/A * of RFC 3962 "Advanced Encryption Standard (AES) Encryption for
0N/A * Kerberos 5".
0N/A */
0N/A private final static byte[][] PLAIN1 = {
0N/A toByteArray("4920776f756c64206c696b652074686520"),
0N/A toByteArray("4920776f756c64206c696b6520746865" +
0N/A "2047656e6572616c20476175277320"),
0N/A toByteArray("4920776f756c64206c696b6520746865" +
0N/A "2047656e6572616c2047617527732043"),
0N/A toByteArray("4920776f756c64206c696b6520746865" +
0N/A "2047656e6572616c2047617527732043" +
0N/A "6869636b656e2c20706c656173652c"),
0N/A toByteArray("4920776f756c64206c696b6520746865" +
0N/A "2047656e6572616c2047617527732043" +
0N/A "6869636b656e2c20706c656173652c20"),
0N/A toByteArray("4920776f756c64206c696b6520746865" +
0N/A "2047656e6572616c2047617527732043" +
0N/A "6869636b656e2c20706c656173652c20" +
0N/A "616e6420776f6e746f6e20736f75702e")
0N/A };
0N/A private final static byte[][] CIPHER1 = {
0N/A toByteArray("c6353568f2bf8cb4d8a580362da7ff7f97"),
0N/A toByteArray("fc00783e0efdb2c1d445d4c8eff7ed22" +
0N/A "97687268d6ecccc0c07b25e25ecfe5"),
0N/A toByteArray("39312523a78662d5be7fcbcc98ebf5a8" +
0N/A "97687268d6ecccc0c07b25e25ecfe584"),
0N/A toByteArray("97687268d6ecccc0c07b25e25ecfe584" +
0N/A "b3fffd940c16a18c1b5549d2f838029e" +
0N/A "39312523a78662d5be7fcbcc98ebf5"),
0N/A toByteArray("97687268d6ecccc0c07b25e25ecfe584" +
0N/A "9dad8bbb96c4cdc03bc103e1a194bbd8" +
0N/A "39312523a78662d5be7fcbcc98ebf5a8"),
0N/A toByteArray("97687268d6ecccc0c07b25e25ecfe584" +
0N/A "39312523a78662d5be7fcbcc98ebf5a8" +
0N/A "4807efe836ee89a526730dbc2f7bc840" +
0N/A "9dad8bbb96c4cdc03bc103e1a194bbd8"),
0N/A };
0N/A
0N/A private final static byte[] IV2_SRC =
0N/A toByteArray("11223344556677880011223344556677");
0N/A
0N/A private final static String[] ALGORITHMS2 = {
0N/A "DES", "DESede", "Blowfish", "AES"
0N/A };
0N/A private final static int[] KEYSIZES2 = {
0N/A 8, 24, 16, 16
0N/A };
0N/A
0N/A private static String toString(byte[] b) {
0N/A StringBuffer sb = new StringBuffer(b.length * 3);
0N/A for (int i = 0; i < b.length; i++) {
0N/A int k = b[i] & 0xff;
0N/A if (i != 0) {
0N/A sb.append(':');
0N/A }
0N/A sb.append(Character.forDigit(k >> 4, 16));
0N/A sb.append(Character.forDigit(k & 0xf, 16));
0N/A }
0N/A return sb.toString();
0N/A }
0N/A
0N/A public static void main(String[] args) throws Exception {
0N/A test1();
0N/A test2();
0N/A test3();
0N/A }
0N/A
0N/A /**
0N/A * Test with the test vectors and see if results match.
0N/A */
0N/A private static void test1() throws Exception {
0N/A for (int i = 0; i < PLAIN1.length; i++) {
0N/A String algo = KEY1.getAlgorithm();
0N/A int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo);
0N/A if (KEY1.getEncoded().length > MAX_KEYSIZE) {
0N/A // skip tests using keys whose length exceeds
0N/A // what's configured in jce jurisdiction policy files.
0N/A continue;
0N/A }
0N/A System.out.println("Running test1_" + i + " (" + algo + ")");
0N/A Cipher cipher = Cipher.getInstance(algo+ "/CTS/NoPadding",
0N/A "SunJCE");
0N/A byte[] plainText = PLAIN1[i];
0N/A byte[] cipherText = CIPHER1[i];
0N/A cipher.init(Cipher.ENCRYPT_MODE, KEY1, IV1);
0N/A byte[] enc = cipher.doFinal(plainText);
0N/A if (Arrays.equals(cipherText, enc) == false) {
0N/A System.out.println("plain: " + toString(plainText));
0N/A System.out.println("cipher: " + toString(cipherText));
0N/A System.out.println("actual: " + toString(enc));
0N/A throw new RuntimeException("Encryption failure for test " + i);
0N/A }
0N/A cipher.init(Cipher.DECRYPT_MODE, KEY1, IV1);
0N/A byte[] dec = cipher.doFinal(cipherText);
0N/A if (Arrays.equals(plainText, dec) == false) {
0N/A System.out.println("cipher: " + toString(cipherText));
0N/A System.out.println("plain: " + toString(plainText));
0N/A System.out.println("actual: " + toString(enc));
0N/A throw new RuntimeException("Decryption failure for test " + i);
0N/A }
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Test with a combination of update/doFinal calls and make
0N/A * sure that same data is recovered after decryption.
0N/A */
0N/A private static void test2() throws Exception {
0N/A for (int i = 0; i < ALGORITHMS2.length; i++) {
0N/A String algo = ALGORITHMS2[i];
0N/A System.out.println("Running test2_" + i + " (" + algo + ")");
0N/A int keySize = KEYSIZES2[i];
0N/A int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo);
0N/A if (keySize > MAX_KEYSIZE) {
0N/A // skip tests using keys whose length exceeds
0N/A // what's configured in jce jurisdiction policy files.
0N/A continue;
0N/A }
0N/A Cipher cipher =
0N/A Cipher.getInstance(algo+"/CTS/NoPadding", "SunJCE");
0N/A int blockSize = cipher.getBlockSize();
0N/A SecretKeySpec key = new SecretKeySpec(new byte[keySize], algo);
0N/A // Make sure encryption works for inputs with valid length
0N/A byte[] plainText = PLAIN1[3];
0N/A cipher.init(Cipher.ENCRYPT_MODE, key);
0N/A byte[] cipherText = new byte[plainText.length];
0N/A int firstPartLen = blockSize + 1;
0N/A int processed1 = cipher.update(plainText, 0, firstPartLen,
0N/A cipherText, 0);
0N/A int processed2 = cipher.doFinal(plainText, firstPartLen,
0N/A plainText.length-firstPartLen,
0N/A cipherText, processed1);
0N/A AlgorithmParameters params = cipher.getParameters();
0N/A if ((processed1 + processed2) != plainText.length) {
0N/A System.out.println("processed1 = " + processed1);
0N/A System.out.println("processed2 = " + processed2);
0N/A System.out.println("total length = " + plainText.length);
0N/A throw new RuntimeException("Encryption failure for test " + i);
0N/A }
0N/A // Make sure IllegalBlockSizeException is thrown for inputs
0N/A // with less-than-a-block length
0N/A try {
0N/A cipher.doFinal(new byte[blockSize-1]);
0N/A throw new RuntimeException("Expected IBSE is not thrown");
0N/A } catch (IllegalBlockSizeException ibse) {
0N/A }
0N/A // Make sure data is encrypted as in CBC mode for inputs
0N/A // which is exactly one block long
0N/A IvParameterSpec iv2 = new IvParameterSpec(IV2_SRC, 0, blockSize);
0N/A cipher.init(Cipher.ENCRYPT_MODE, key, iv2);
0N/A Cipher cipher2 =
0N/A Cipher.getInstance(algo+"/CBC/NoPadding", "SunJCE");
0N/A cipher2.init(Cipher.ENCRYPT_MODE, key, iv2);
0N/A
0N/A byte[] eout = cipher.doFinal(IV2_SRC, 0, blockSize);
0N/A byte[] eout2 = cipher2.doFinal(IV2_SRC, 0, blockSize);
0N/A if (!Arrays.equals(eout, eout2)) {
0N/A throw new RuntimeException("Different encryption output " +
0N/A "for CBC and CTS");
0N/A }
0N/A // Make sure decryption works for inputs with valid length
0N/A cipher.init(Cipher.DECRYPT_MODE, key, params);
0N/A byte[] recoveredText =
0N/A new byte[cipher.getOutputSize(cipherText.length)];
0N/A processed1 = cipher.update(cipherText, 0, firstPartLen,
0N/A recoveredText, 0);
0N/A processed2 = cipher.update(cipherText, firstPartLen,
0N/A cipherText.length-firstPartLen,
0N/A recoveredText, processed1);
0N/A int processed3 =
0N/A cipher.doFinal(recoveredText, processed1+processed2);
0N/A if ((processed1 + processed2 + processed3) != plainText.length) {
0N/A System.out.println("processed1 = " + processed1);
0N/A System.out.println("processed2 = " + processed2);
0N/A System.out.println("processed3 = " + processed3);
0N/A System.out.println("total length = " + plainText.length);
0N/A throw new RuntimeException("Decryption failure for test " + i);
0N/A }
0N/A if (Arrays.equals(plainText, recoveredText) == false) {
0N/A System.out.println("plain: " + toString(plainText));
0N/A System.out.println("recovered: " + toString(recoveredText));
0N/A throw new RuntimeException("Decryption failure for test " + i);
0N/A }
0N/A // Make sure IllegalBlockSizeException is thrown for inputs
0N/A // with less-than-a-block length
0N/A try {
0N/A cipher.doFinal(new byte[blockSize-1]);
0N/A throw new RuntimeException("Expected IBSE is not thrown");
0N/A } catch (IllegalBlockSizeException ibse) {
0N/A }
0N/A // Make sure data is decrypted as in CBC mode for inputs
0N/A // which is exactly one block long
0N/A cipher.init(Cipher.DECRYPT_MODE, key, iv2);
0N/A cipher2.init(Cipher.DECRYPT_MODE, key, iv2);
0N/A byte[] dout = cipher.doFinal(eout);
0N/A byte[] dout2 = cipher2.doFinal(eout2);
0N/A if (!Arrays.equals(dout, dout2)) {
0N/A throw new RuntimeException("Different decryption output " +
0N/A "for CBC and CTS");
0N/A }
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * Test with a shortBuffer and see if encryption/decryption
0N/A * still works correctly afterwards.
0N/A */
0N/A private static void test3() throws Exception {
0N/A // Skip PLAIN1[0, 1, 2] due to their lengths
0N/A for (int i = 3; i < PLAIN1.length; i++) {
0N/A String algo = KEY1.getAlgorithm();
0N/A System.out.println("Running test3_" + i + " (" + algo + ")");
0N/A int MAX_KEYSIZE = Cipher.getMaxAllowedKeyLength(algo);
0N/A if (KEY1.getEncoded().length > MAX_KEYSIZE) {
0N/A // skip tests using keys whose length exceeds
0N/A // what's configured in jce jurisdiction policy files.
0N/A continue;
0N/A }
0N/A Cipher cipher =
0N/A Cipher.getInstance(algo+ "/CTS/NoPadding", "SunJCE");
0N/A byte[] plainText = PLAIN1[i];
0N/A byte[] cipherText = CIPHER1[i];
0N/A byte[] enc = new byte[plainText.length];
0N/A cipher.init(Cipher.ENCRYPT_MODE, KEY1, IV1);
0N/A int halfInput = plainText.length/2;
0N/A int processed1 = cipher.update(plainText, 0, halfInput,
0N/A enc, 0);
0N/A try {
0N/A cipher.doFinal(plainText, halfInput,
0N/A plainText.length-halfInput,
0N/A new byte[1], 0);
0N/A throw new RuntimeException("Expected Exception is not thrown");
0N/A } catch (ShortBufferException sbe) {
0N/A // expected exception thrown; retry
0N/A int processed2 =
0N/A cipher.doFinal(plainText, halfInput,
0N/A plainText.length-halfInput,
0N/A enc, processed1);
0N/A if ((processed1 + processed2) != enc.length) {
0N/A System.out.println("processed1 = " + processed1);
0N/A System.out.println("processed2 = " + processed2);
0N/A System.out.println("total length = " + enc.length);
0N/A throw new RuntimeException("Encryption length check " +
0N/A "failed");
0N/A }
0N/A }
0N/A if (Arrays.equals(cipherText, enc) == false) {
0N/A System.out.println("plain: " + toString(plainText));
0N/A System.out.println("cipher: " + toString(cipherText));
0N/A System.out.println("actual: " + toString(enc));
0N/A throw new RuntimeException("Encryption failure for test " + i);
0N/A }
0N/A cipher.init(Cipher.DECRYPT_MODE, KEY1, IV1);
0N/A byte[] dec =
0N/A new byte[cipher.getOutputSize(cipherText.length)];
0N/A processed1 = cipher.update(cipherText, 0, halfInput,
0N/A dec, 0);
0N/A try {
0N/A cipher.update(cipherText, halfInput,
0N/A cipherText.length-halfInput,
0N/A new byte[1], 0);
0N/A throw new RuntimeException("Expected Exception is not thrown");
0N/A } catch (ShortBufferException sbe) {
0N/A // expected exception thrown; retry
0N/A int processed2 = cipher.update(cipherText, halfInput,
0N/A cipherText.length-halfInput,
0N/A dec, processed1);
0N/A int processed3 =
0N/A cipher.doFinal(dec, processed1+processed2);
0N/A if ((processed1 + processed2 + processed3) != dec.length) {
0N/A System.out.println("processed1 = " + processed1);
0N/A System.out.println("processed2 = " + processed2);
0N/A System.out.println("processed3 = " + processed3);
0N/A System.out.println("total length = " + dec.length);
0N/A throw new RuntimeException("Decryption length check " +
0N/A "failed");
0N/A }
0N/A }
0N/A if (Arrays.equals(plainText, dec) == false) {
0N/A System.out.println("cipher: " + toString(cipherText));
0N/A System.out.println("plain: " + toString(plainText));
0N/A System.out.println("actualD: " + toString(dec));
0N/A throw new RuntimeException("Decryption failure for test " + i);
0N/A }
0N/A }
0N/A }
0N/A}