|
1 /* |
|
2 * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 /* |
|
25 * @test |
|
26 * @bug 8080462 |
|
27 * @library /test/lib .. |
|
28 * @modules jdk.crypto.cryptoki |
|
29 * @run main TestKATForGCM |
|
30 * @summary Known Answer Test for AES cipher with GCM mode support in |
|
31 * PKCS11 provider. |
|
32 */ |
|
33 import java.security.GeneralSecurityException; |
|
34 import java.security.Provider; |
|
35 import java.util.Arrays; |
|
36 import javax.crypto.Cipher; |
|
37 import javax.crypto.SecretKey; |
|
38 import javax.crypto.spec.GCMParameterSpec; |
|
39 import javax.crypto.spec.SecretKeySpec; |
|
40 |
|
41 public class TestKATForGCM extends PKCS11Test { |
|
42 |
|
43 // Utility methods |
|
44 private static byte[] HexToBytes(String hexVal) { |
|
45 if (hexVal == null) return new byte[0]; |
|
46 byte[] result = new byte[hexVal.length()/2]; |
|
47 for (int i = 0; i < result.length; i++) { |
|
48 // 2 characters at a time |
|
49 String byteVal = hexVal.substring(2*i, 2*i +2); |
|
50 result[i] = Integer.valueOf(byteVal, 16).byteValue(); |
|
51 } |
|
52 return result; |
|
53 } |
|
54 |
|
55 private static class TestVector { |
|
56 SecretKey key; |
|
57 byte[] plainText; |
|
58 byte[] aad; |
|
59 byte[] cipherText; |
|
60 byte[] tag; |
|
61 GCMParameterSpec spec; |
|
62 String info; |
|
63 |
|
64 TestVector(String key, String iv, String pt, String aad, |
|
65 String ct, String tag) { |
|
66 this.key = new SecretKeySpec(HexToBytes(key), "AES"); |
|
67 this.plainText = HexToBytes(pt); |
|
68 this.aad = HexToBytes(aad); |
|
69 this.cipherText = HexToBytes(ct); |
|
70 this.tag = HexToBytes(tag); |
|
71 this.spec = new GCMParameterSpec(this.tag.length * 8, HexToBytes(iv)); |
|
72 this.info = "key=" + key + ", iv=" + iv + ", pt=" + pt + |
|
73 ",aad=" + aad + ", ct=" + ct + ", tag=" + tag; |
|
74 } |
|
75 |
|
76 public String toString() { |
|
77 return info; |
|
78 } |
|
79 } |
|
80 |
|
81 // These test vectors are found off NIST's CAVP page |
|
82 // http://csrc.nist.gov/groups/STM/cavp/index.html |
|
83 // inside the link named "GCM Test Vectors", i.e. |
|
84 // http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmtestvectors.zip |
|
85 // CAVS 14.0, set of test vectors w/ count = 0, keysize = 128 |
|
86 private static TestVector[] testValues = { |
|
87 // 96-bit iv w/ 128/120/112/104/96-bit tags |
|
88 // no plain text, no aad |
|
89 new TestVector("11754cd72aec309bf52f7687212e8957", |
|
90 "3c819d9a9bed087615030b65", |
|
91 null, null, null, |
|
92 "250327c674aaf477aef2675748cf6971"), |
|
93 new TestVector("272f16edb81a7abbea887357a58c1917", |
|
94 "794ec588176c703d3d2a7a07", |
|
95 null, null, null, |
|
96 "b6e6f197168f5049aeda32dafbdaeb"), |
|
97 new TestVector("81b6844aab6a568c4556a2eb7eae752f", |
|
98 "ce600f59618315a6829bef4d", |
|
99 null, null, null, |
|
100 "89b43e9dbc1b4f597dbbc7655bb5"), |
|
101 new TestVector("cde2f9a9b1a004165ef9dc981f18651b", |
|
102 "29512c29566c7322e1e33e8e", |
|
103 null, null, null, |
|
104 "2e58ce7dabd107c82759c66a75"), |
|
105 new TestVector("b01e45cc3088aaba9fa43d81d481823f", |
|
106 "5a2c4a66468713456a4bd5e1", |
|
107 null, null, null, |
|
108 "014280f944f53c681164b2ff"), |
|
109 // 96-bit iv w/ 128/120/112/104/96-bit tags |
|
110 // no plain text, 16-byte aad |
|
111 new TestVector("77be63708971c4e240d1cb79e8d77feb", |
|
112 "e0e00f19fed7ba0136a797f3", |
|
113 null, |
|
114 "7a43ec1d9c0a5a78a0b16533a6213cab", |
|
115 null, |
|
116 "209fcc8d3675ed938e9c7166709dd946"), |
|
117 new TestVector("da0b615656135194ba6d3c851099bc48", |
|
118 "d39d4b4d3cc927885090e6c3", |
|
119 null, |
|
120 "e7e5e6f8dac913036cb2ff29e8625e0e", |
|
121 null, |
|
122 "ab967711a5770461724460b07237e2"), |
|
123 new TestVector("7e0986937a88eef894235aba4a2f43b2", |
|
124 "92c4a631695907166b422d60", |
|
125 null, |
|
126 "85c185f8518f9f2cd597a8f9208fc76b", |
|
127 null, |
|
128 "3bb916b728df94fe9d1916736be1"), |
|
129 new TestVector("c3db570d7f0c21e86b028f11465d1dc9", |
|
130 "f86970f58ceef89fc7cb679e", |
|
131 null, |
|
132 "c095240708c0f57c288d86090ae34ee1", |
|
133 null, |
|
134 "e043c52160d652e82c7262fcf4"), |
|
135 new TestVector("bea48ae4980d27f357611014d4486625", |
|
136 "32bddb5c3aa998a08556454c", |
|
137 null, |
|
138 "8a50b0b8c7654bced884f7f3afda2ead", |
|
139 null, |
|
140 "8e0f6d8bf05ffebe6f500eb1"), |
|
141 // 96-bit iv w/ 128/120/112/104/96-bit tags |
|
142 // no plain text, 20-byte aad |
|
143 new TestVector("2fb45e5b8f993a2bfebc4b15b533e0b4", |
|
144 "5b05755f984d2b90f94b8027", |
|
145 null, |
|
146 "e85491b2202caf1d7dce03b97e09331c32473941", |
|
147 null, |
|
148 "c75b7832b2a2d9bd827412b6ef5769db"), |
|
149 new TestVector("9bf406339fcef9675bbcf156aa1a0661", |
|
150 "8be4a9543d40f542abacac95", |
|
151 null, |
|
152 "7167cbf56971793186333a6685bbd58d47d379b3", |
|
153 null, |
|
154 "5e7968d7bbd5ba58cfcc750e2ef8f1"), |
|
155 new TestVector("a2e962fff70fd0f4d63be728b80556fc", |
|
156 "1fa7103483de43d09bc23db4", |
|
157 null, |
|
158 "2a58edf1d53f46e4e7ee5e77ee7aeb60fc360658", |
|
159 null, |
|
160 "fa37f2dbbefab1451eae1d0d74ca"), |
|
161 new TestVector("6bf4fdce82926dcdfc52616ed5f23695", |
|
162 "cc0f5899a10615567e1193ed", |
|
163 null, |
|
164 "3340655592374c1da2f05aac3ee111014986107f", |
|
165 null, |
|
166 "8ad3385cce3b5e7c985908192c"), |
|
167 new TestVector("4df7a13e43c3d7b66b1a72fac5ba398e", |
|
168 "97179a3a2d417908dcf0fb28", |
|
169 null, |
|
170 "cbb7fc0010c255661e23b07dbd804b1e06ae70ac", |
|
171 null, |
|
172 "37791edae6c137ea946cfb40"), |
|
173 // 96-bit iv w/ 128-bit tags, 13/16/32/51-byte plain text, no aad |
|
174 new TestVector("fe9bb47deb3a61e423c2231841cfd1fb", |
|
175 "4d328eb776f500a2f7fb47aa", |
|
176 "f1cc3818e421876bb6b8bbd6c9", |
|
177 null, |
|
178 "b88c5c1977b35b517b0aeae967", |
|
179 "43fd4727fe5cdb4b5b42818dea7ef8c9"), |
|
180 new TestVector("7fddb57453c241d03efbed3ac44e371c", |
|
181 "ee283a3fc75575e33efd4887", |
|
182 "d5de42b461646c255c87bd2962d3b9a2", |
|
183 null, |
|
184 "2ccda4a5415cb91e135c2a0f78c9b2fd", |
|
185 "b36d1df9b9d5e596f83e8b7f52971cb3"), |
|
186 new TestVector("9971071059abc009e4f2bd69869db338", |
|
187 "07a9a95ea3821e9c13c63251", |
|
188 "f54bc3501fed4f6f6dfb5ea80106df0bd836e6826225b75c0222f6e859b35983", |
|
189 null, |
|
190 "0556c159f84ef36cb1602b4526b12009c775611bffb64dc0d9ca9297cd2c6a01", |
|
191 "7870d9117f54811a346970f1de090c41"), |
|
192 new TestVector("594157ec4693202b030f33798b07176d", |
|
193 "49b12054082660803a1df3df", |
|
194 |
|
195 "3feef98a976a1bd634f364ac428bb59cd51fb159ec1789946918dbd50ea6c9d594a3a31a5269b0da6936c29d063a5fa2cc8a1c", |
|
196 null, |
|
197 |
|
198 "c1b7a46a335f23d65b8db4008a49796906e225474f4fe7d39e55bf2efd97fd82d4167de082ae30fa01e465a601235d8d68bc69", |
|
199 "ba92d3661ce8b04687e8788d55417dc2"), |
|
200 // 96-bit iv w/ 128-bit tags, 16-byte plain text, 16/20/48/90-byte aad |
|
201 new TestVector("c939cc13397c1d37de6ae0e1cb7c423c", |
|
202 "b3d8cc017cbb89b39e0f67e2", |
|
203 "c3b3c41f113a31b73d9a5cd432103069", |
|
204 "24825602bd12a984e0092d3e448eda5f", |
|
205 "93fe7d9e9bfd10348a5606e5cafa7354", |
|
206 "0032a1dc85f1c9786925a2e71d8272dd"), |
|
207 new TestVector("d4a22488f8dd1d5c6c19a7d6ca17964c", |
|
208 "f3d5837f22ac1a0425e0d1d5", |
|
209 "7b43016a16896497fb457be6d2a54122", |
|
210 "f1c5d424b83f96c6ad8cb28ca0d20e475e023b5a", |
|
211 "c2bd67eef5e95cac27e3b06e3031d0a8", |
|
212 "f23eacf9d1cdf8737726c58648826e9c"), |
|
213 new TestVector("89850dd398e1f1e28443a33d40162664", |
|
214 "e462c58482fe8264aeeb7231", |
|
215 "2805cdefb3ef6cc35cd1f169f98da81a", |
|
216 |
|
217 "d74e99d1bdaa712864eec422ac507bddbe2b0d4633cd3dff29ce5059b49fe868526c59a2a3a604457bc2afea866e7606", |
|
218 "ba80e244b7fc9025cd031d0f63677e06", |
|
219 "d84a8c3eac57d1bb0e890a8f461d1065"), |
|
220 new TestVector("bd7c5c63b7542b56a00ebe71336a1588", |
|
221 "87721f23ba9c3c8ea5571abc", |
|
222 "de15ddbb1e202161e8a79af6a55ac6f3", |
|
223 |
|
224 "a6ec8075a0d3370eb7598918f3b93e48444751624997b899a87fa6a9939f844e008aa8b70e9f4c3b1a19d3286bf543e7127bfecba1ad17a5ec53fccc26faecacc4c75369498eaa7d706aef634d0009279b11e4ba6c993e5e9ed9", |
|
225 "41eb28c0fee4d762de972361c863bc80", |
|
226 "9cb567220d0b252eb97bff46e4b00ff8"), |
|
227 // 8/1024-bit iv w/ 128-bit tag, no plain text, no aad |
|
228 new TestVector("1672c3537afa82004c6b8a46f6f0d026", |
|
229 "05", |
|
230 null, null, null, |
|
231 "8e2ad721f9455f74d8b53d3141f27e8e"), |
|
232 new TestVector("d0f1f4defa1e8c08b4b26d576392027c", |
|
233 |
|
234 "42b4f01eb9f5a1ea5b1eb73b0fb0baed54f387ecaa0393c7d7dffc6af50146ecc021abf7eb9038d4303d91f8d741a11743166c0860208bcc02c6258fd9511a2fa626f96d60b72fcff773af4e88e7a923506e4916ecbd814651e9f445adef4ad6a6b6c7290cc13b956130eef5b837c939fcac0cbbcc9656cd75b13823ee5acdac", |
|
235 null, null, null, |
|
236 "7ab49b57ddf5f62c427950111c5c4f0d"), |
|
237 // 8-bit iv w/ 128-bit tag, 13-byte plain text, 90-byte aad |
|
238 new TestVector("9f79239f0904eace50784b863e723f6b", |
|
239 "d9", |
|
240 "bdb0bb10c87965acd34d146171", |
|
241 |
|
242 "44db436089327726c5f01139e1f339735c9e85514ccc2f167bad728010fb34a9072a9794c8a5e7361b1d0dbcdc9ac4091e354bb2896561f0486645252e9c78c86beece91bfa4f7cc4a8794ce1f305b1b735efdbf1ed1563c0be0", |
|
243 "7e5a7c8dadb3f0c7335b4d9d8d", |
|
244 "6b6ef1f53723a89f3bb7c6d043840717"), |
|
245 // 1024-bit iv w/ 128-bit tag, 51-byte plain text, 48-byte aad |
|
246 new TestVector("141f1ce91989b07e7eb6ae1dbd81ea5e", |
|
247 |
|
248 "49451da24bd6074509d3cebc2c0394c972e6934b45a1d91f3ce1d3ca69e194aa1958a7c21b6f21d530ce6d2cc5256a3f846b6f9d2f38df0102c4791e57df038f6e69085646007df999751e248e06c47245f4cd3b8004585a7470dee1690e9d2d63169a58d243c0b57b3e5b4a481a3e4e8c60007094ef3adea2e8f05dd3a1396f", |
|
249 |
|
250 "d384305af2388699aa302f510913fed0f2cb63ba42efa8c5c9de2922a2ec2fe87719dadf1eb0aef212b51e74c9c5b934104a43", |
|
251 |
|
252 "630cf18a91cc5a6481ac9eefd65c24b1a3c93396bd7294d6b8ba323951727666c947a21894a079ef061ee159c05beeb4", |
|
253 |
|
254 "f4c34e5fbe74c0297313268296cd561d59ccc95bbfcdfcdc71b0097dbd83240446b28dc088abd42b0fc687f208190ff24c0548", |
|
255 "dbb93bbb56d0439cd09f620a57687f5d"), |
|
256 }; |
|
257 |
|
258 public boolean execute(TestVector[] testValues, Cipher c) throws Exception { |
|
259 boolean testFailed = false; |
|
260 for (int i = 0; i < testValues.length; i++) { |
|
261 try { |
|
262 c.init(Cipher.ENCRYPT_MODE, testValues[i].key, testValues[i].spec); |
|
263 c.updateAAD(testValues[i].aad); |
|
264 byte[] ctPlusTag = c.doFinal(testValues[i].plainText); |
|
265 |
|
266 c.init(Cipher.DECRYPT_MODE, testValues[i].key, testValues[i].spec); |
|
267 c.updateAAD(testValues[i].aad); |
|
268 byte[] pt = c.doFinal(ctPlusTag); // should fail if tag mismatched |
|
269 |
|
270 // check encryption/decryption results just to be sure |
|
271 if (!Arrays.equals(testValues[i].plainText, pt)) { |
|
272 System.out.println("PlainText diff failed for test# " + i); |
|
273 testFailed = true; |
|
274 } |
|
275 int ctLen = testValues[i].cipherText.length; |
|
276 if (!Arrays.equals(testValues[i].cipherText, |
|
277 Arrays.copyOf(ctPlusTag, ctLen))) { |
|
278 System.out.println("CipherText diff failed for test# " + i); |
|
279 testFailed = true; |
|
280 } |
|
281 int tagLen = testValues[i].tag.length; |
|
282 if (!Arrays.equals |
|
283 (testValues[i].tag, |
|
284 Arrays.copyOfRange(ctPlusTag, ctLen, ctLen+tagLen))) { |
|
285 System.out.println("Tag diff failed for test# " + i); |
|
286 testFailed = true; |
|
287 } |
|
288 } catch (Exception ex) { |
|
289 // continue testing other test vectors |
|
290 System.out.println("Failed Test Vector: " + testValues[i]); |
|
291 ex.printStackTrace(); |
|
292 testFailed = true; |
|
293 continue; |
|
294 } |
|
295 } |
|
296 if (testFailed) { |
|
297 throw new Exception("Test Failed"); |
|
298 } |
|
299 // passed all tests...hooray! |
|
300 return true; |
|
301 } |
|
302 |
|
303 public static void main(String[] args) throws Exception { |
|
304 main(new TestKATForGCM(), args); |
|
305 } |
|
306 |
|
307 @Override |
|
308 public void main(Provider p) throws Exception { |
|
309 Cipher c; |
|
310 String transformation = "AES/GCM/NoPadding"; |
|
311 try { |
|
312 c = Cipher.getInstance(transformation, p); |
|
313 } catch (GeneralSecurityException e) { |
|
314 System.out.println("Skip testing " + p.getName() + |
|
315 ", no support for " + transformation); |
|
316 return; |
|
317 } |
|
318 try { |
|
319 if (execute(testValues, c)) { |
|
320 System.out.println("Test Passed!"); |
|
321 } |
|
322 } catch (Exception e) { |
|
323 System.out.println("Exception occured using " + p.getName() + " version " + p.getVersionStr()); |
|
324 |
|
325 if (isNSS(p)) { |
|
326 double ver = getNSSInfo("nss"); |
|
327 String osName = System.getProperty("os.name"); |
|
328 if (ver < 3.251d && osName.equals("SunOS")) { |
|
329 // buggy behaviour from solaris on 11.2 OS (nss < 3.251) |
|
330 System.out.println("Skipping: SunPKCS11-NSS: Old NSS: " + ver); |
|
331 return; // OK |
|
332 } else if (ver > 3.139 && ver < 3.15 && osName.equals("Linux")) { |
|
333 // warn about buggy behaviour on Linux with nss 3.14 |
|
334 System.out.println("Warning: old NSS " + ver + " might be problematic, consider upgrading it"); |
|
335 } |
|
336 } |
|
337 throw e; |
|
338 } |
|
339 } |
|
340 } |
|
341 |