jdk-sandbox: comparison test/jdk/com/sun/crypto/provider/Cipher/ChaCha20/OutputSizeTest.java

equal deleted inserted replaced

-:094ef5a91b68
+:34bbd91b1522
+/*
+* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+*
+* This code is free software; you can redistribute it and/or modify it
+* under the terms of the GNU General Public License version 2 only, as
+* published by the Free Software Foundation.
+*
+* This code is distributed in the hope that it will be useful, but WITHOUT
+* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+* version 2 for more details (a copy is included in the LICENSE file that
+* accompanied this code).
+*
+* You should have received a copy of the GNU General Public License version
+* 2 along with this work; if not, write to the Free Software Foundation,
+* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+*
+* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+* or visit www.oracle.com if you need additional information or have any
+* questions.
+*/
+/**
+* @test
+* @bug 8224997
+* @summary ChaCha20-Poly1305 TLS cipher suite decryption throws ShortBufferException
+* @library /test/lib
+* @build jdk.test.lib.Convert
+* @run main OutputSizeTest
+*/
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.SecureRandom;
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.spec.ChaCha20ParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
+public class OutputSizeTest {
+private static final SecureRandom SR = new SecureRandom();
+public static void main(String args[]) throws Exception {
+testCC20GetOutSize();
+testCC20P1305GetOutSize();
+testMultiPartAEADDec();
+}
+private static void testCC20GetOutSize()
+throws GeneralSecurityException {
+boolean result = true;
+KeyGenerator kg = KeyGenerator.getInstance("ChaCha20", "SunJCE");
+kg.init(256);
+// ChaCha20 encrypt
+Cipher cc20 = Cipher.getInstance("ChaCha20", "SunJCE");
+cc20.init(Cipher.ENCRYPT_MODE, kg.generateKey(),
+new ChaCha20ParameterSpec(getRandBuf(12), 10));
+testOutLen(cc20, 0, 0);
+testOutLen(cc20, 5, 5);
+testOutLen(cc20, 5120, 5120);
+// perform an update, then test with a final block
+byte[] input = new byte[5120];
+SR.nextBytes(input);
+cc20.update(input);
+testOutLen(cc20, 1024, 1024);
+// Decryption lengths should be calculated the same way as encryption
+cc20.init(Cipher.DECRYPT_MODE, kg.generateKey(),
+new ChaCha20ParameterSpec(getRandBuf(12), 10));
+testOutLen(cc20, 0, 0);
+testOutLen(cc20, 5, 5);
+testOutLen(cc20, 5120, 5120);
+// perform an update, then test with a final block
+cc20.update(input);
+testOutLen(cc20, 1024, 1024);
+}
+private static void testCC20P1305GetOutSize()
+throws GeneralSecurityException {
+KeyGenerator kg = KeyGenerator.getInstance("ChaCha20", "SunJCE");
+kg.init(256);
+// ChaCha20 encrypt
+Cipher cc20 = Cipher.getInstance("ChaCha20-Poly1305", "SunJCE");
+cc20.init(Cipher.ENCRYPT_MODE, kg.generateKey(),
+new IvParameterSpec(getRandBuf(12)));
+// Encryption lengths are calculated as the input length plus the tag
+// length (16).
+testOutLen(cc20, 0, 16);
+testOutLen(cc20, 5, 21);
+testOutLen(cc20, 5120, 5136);
+// perform an update, then test with a final block
+byte[] input = new byte[5120];
+SR.nextBytes(input);
+cc20.update(input);
+testOutLen(cc20, 1024, 1040);
+// Decryption lengths are handled differently for AEAD mode.  The length
+// should be zero for anything up to and including the first 16 bytes
+// (since that's the tag).  Anything above that should be the input
+// length plus any unprocessed input (via update calls), minus the
+// 16 byte tag.
+cc20.init(Cipher.DECRYPT_MODE, kg.generateKey(),
+new IvParameterSpec(getRandBuf(12)));
+testOutLen(cc20, 0, 0);
+testOutLen(cc20, 5, 0);
+testOutLen(cc20, 16, 0);
+testOutLen(cc20, 5120, 5104);
+// Perform an update, then test with a the length of a final chunk
+// of data.
+cc20.update(input);
+testOutLen(cc20, 1024, 6128);
+}
+private static void testMultiPartAEADDec() throws GeneralSecurityException {
+KeyGenerator kg = KeyGenerator.getInstance("ChaCha20", "SunJCE");
+kg.init(256);
+Key key = kg.generateKey();
+IvParameterSpec ivps = new IvParameterSpec(getRandBuf(12));
+// Encrypt some data so we can test decryption.
+byte[] pText = getRandBuf(2048);
+ByteBuffer pTextBase = ByteBuffer.wrap(pText);
+Cipher enc = Cipher.getInstance("ChaCha20-Poly1305", "SunJCE");
+enc.init(Cipher.ENCRYPT_MODE, key, ivps);
+ByteBuffer ctBuf = ByteBuffer.allocateDirect(
+enc.getOutputSize(pText.length));
+enc.doFinal(pTextBase, ctBuf);
+// Create a new direct plain text ByteBuffer which will catch the
+// decrypted data.
+ByteBuffer ptBuf = ByteBuffer.allocateDirect(pText.length);
+// Set the cipher text buffer limit to roughly half the data so we can
+// do an update/final sequence.
+ctBuf.position(0).limit(1024);
+Cipher dec = Cipher.getInstance("ChaCha20-Poly1305", "SunJCE");
+dec.init(Cipher.DECRYPT_MODE, key, ivps);
+dec.update(ctBuf, ptBuf);
+System.out.println("CTBuf: " + ctBuf);
+System.out.println("PTBuf: " + ptBuf);
+ctBuf.limit(ctBuf.capacity());
+dec.doFinal(ctBuf, ptBuf);
+ptBuf.flip();
+pTextBase.flip();
+System.out.println("PT Base:" + pTextBase);
+System.out.println("PT Actual:" + ptBuf);
+if (pTextBase.compareTo(ptBuf) != 0) {
+StringBuilder sb = new StringBuilder();
+sb.append("Plaintext mismatch: Original: ").
+append(pTextBase.toString()).append("\nActual :").
+append(ptBuf);
+throw new RuntimeException(sb.toString());
+}
+}
+private static void testOutLen(Cipher c, int inLen, int expOut) {
+int actualOut = c.getOutputSize(inLen);
+if (actualOut != expOut) {
+throw new RuntimeException("Cipher " + c + ", in: " + inLen +
+", expOut: " + expOut + ", actual: " + actualOut);
+}
+}
+private static byte[] getRandBuf(int len) {
+byte[] buf = new byte[len];
+SR.nextBytes(buf);
+return buf;
+}
+}