--- a/jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/CipherBlockChaining.java Wed Oct 09 13:07:58 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -135,9 +135,10 @@
* @param plainLen the length of the input data
* @param cipher the buffer for the result
* @param cipherOffset the offset in <code>cipher</code>
+ * @return the length of the encrypted data
*/
- void encrypt(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset)
+ int encrypt(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset)
{
int i;
int endIndex = plainOffset + plainLen;
@@ -150,6 +151,7 @@
embeddedCipher.encryptBlock(k, 0, cipher, cipherOffset);
System.arraycopy(cipher, cipherOffset, r, 0, blockSize);
}
+ return plainLen;
}
/**
@@ -174,13 +176,14 @@
* @param cipherLen the length of the input data
* @param plain the buffer for the result
* @param plainOffset the offset in <code>plain</code>
+ * @return the length of the decrypted data
*
* @exception IllegalBlockSizeException if input data whose length does
* not correspond to the embedded cipher's block size is passed to the
* embedded cipher
*/
- void decrypt(byte[] cipher, int cipherOffset, int cipherLen,
- byte[] plain, int plainOffset)
+ int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+ byte[] plain, int plainOffset)
{
int i;
byte[] cipherOrig=null;
@@ -195,7 +198,6 @@
// the plaintext result.
cipherOrig = cipher.clone();
}
-
for (; cipherOffset < endIndex;
cipherOffset += blockSize, plainOffset += blockSize) {
embeddedCipher.decryptBlock(cipher, cipherOffset, k, 0);
@@ -208,5 +210,6 @@
System.arraycopy(cipherOrig, cipherOffset, r, 0, blockSize);
}
}
+ return cipherLen;
}
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java Wed Oct 09 13:07:58 2013 -0700
@@ -310,49 +310,20 @@
* @return the required output buffer size (in bytes)
*/
int getOutputSize(int inputLen) {
- int totalLen = buffered + inputLen;
-
- // GCM: this call may be for either update() or doFinal(), so have to
- // return the larger value of both
- // Encryption: based on doFinal value: inputLen + tag
- // Decryption: based on update value: inputLen
- if (!decrypting && (cipherMode == GCM_MODE)) {
- return (totalLen + ((GaloisCounterMode) cipher).getTagLen());
- }
-
- if (padding == null) {
- return totalLen;
- }
-
- if (decrypting) {
- return totalLen;
- }
-
- if (unitBytes != blockSize) {
- if (totalLen < diffBlocksize) {
- return diffBlocksize;
- } else {
- return (totalLen + blockSize -
- ((totalLen - diffBlocksize) % blockSize));
- }
- } else {
- return totalLen + padding.padLength(totalLen);
- }
+ // estimate based on the maximum
+ return getOutputSizeByOperation(inputLen, true);
}
private int getOutputSizeByOperation(int inputLen, boolean isDoFinal) {
- int totalLen = 0;
+ int totalLen = buffered + inputLen + cipher.getBufferedLength();
switch (cipherMode) {
case GCM_MODE:
- totalLen = buffered + inputLen;
if (isDoFinal) {
int tagLen = ((GaloisCounterMode) cipher).getTagLen();
- if (decrypting) {
- // need to get the actual value from cipher??
- // deduct tagLen
+ if (!decrypting) {
+ totalLen += tagLen;
+ } else {
totalLen -= tagLen;
- } else {
- totalLen += tagLen;
}
}
if (totalLen < 0) {
@@ -360,8 +331,19 @@
}
break;
default:
- totalLen = getOutputSize(inputLen);
- break;
+ if (padding != null && !decrypting) {
+ if (unitBytes != blockSize) {
+ if (totalLen < diffBlocksize) {
+ totalLen = diffBlocksize;
+ } else {
+ int residue = (totalLen - diffBlocksize) % blockSize;
+ totalLen += (blockSize - residue);
+ }
+ } else {
+ totalLen += padding.padLength(totalLen);
+ }
+ }
+ break;
}
return totalLen;
}
@@ -729,36 +711,52 @@
len = (len > 0 ? (len - (len%unitBytes)) : 0);
// check output buffer capacity
- if ((output == null) || ((output.length - outputOffset) < len)) {
+ if ((output == null) ||
+ ((output.length - outputOffset) < len)) {
throw new ShortBufferException("Output buffer must be "
+ "(at least) " + len
+ " bytes long");
}
- if (len != 0) {
- // there is some work to do
- byte[] in = new byte[len];
-
- int inputConsumed = len - buffered;
- int bufferedConsumed = buffered;
- if (inputConsumed < 0) {
- inputConsumed = 0;
- bufferedConsumed = len;
+ int outLen = 0;
+ if (len != 0) { // there is some work to do
+ if (len <= buffered) {
+ // all to-be-processed data are from 'buffer'
+ if (decrypting) {
+ outLen = cipher.decrypt(buffer, 0, len, output, outputOffset);
+ } else {
+ outLen = cipher.encrypt(buffer, 0, len, output, outputOffset);
+ }
+ buffered -= len;
+ if (buffered != 0) {
+ System.arraycopy(buffer, len, buffer, 0, buffered);
+ }
+ } else { // len > buffered
+ if (buffered == 0) {
+ // all to-be-processed data are from 'input'
+ if (decrypting) {
+ outLen = cipher.decrypt(input, inputOffset, len, output, outputOffset);
+ } else {
+ outLen = cipher.encrypt(input, inputOffset, len, output, outputOffset);
+ }
+ inputOffset += len;
+ inputLen -= len;
+ } else {
+ // assemble the data using both 'buffer' and 'input'
+ byte[] in = new byte[len];
+ System.arraycopy(buffer, 0, in, 0, buffered);
+ int inConsumed = len - buffered;
+ System.arraycopy(input, inputOffset, in, buffered, inConsumed);
+ buffered = 0;
+ inputOffset += inConsumed;
+ inputLen -= inConsumed;
+ if (decrypting) {
+ outLen = cipher.decrypt(in, 0, len, output, outputOffset);
+ } else {
+ outLen = cipher.encrypt(in, 0, len, output, outputOffset);
+ }
+ }
}
-
- if (buffered != 0) {
- System.arraycopy(buffer, 0, in, 0, bufferedConsumed);
- }
- if (inputConsumed > 0) {
- System.arraycopy(input, inputOffset, in,
- bufferedConsumed, inputConsumed);
- }
- if (decrypting) {
- cipher.decrypt(in, 0, len, output, outputOffset);
- } else {
- cipher.encrypt(in, 0, len, output, outputOffset);
- }
-
// Let's keep track of how many bytes are needed to make
// the total input length a multiple of blocksize when
// padding is applied
@@ -770,23 +768,14 @@
((len - diffBlocksize) % blockSize);
}
}
-
- inputLen -= inputConsumed;
- inputOffset += inputConsumed;
- outputOffset += len;
- buffered -= bufferedConsumed;
- if (buffered > 0) {
- System.arraycopy(buffer, bufferedConsumed, buffer, 0,
- buffered);
- }
}
- // left over again
+ // Store remaining input into 'buffer' again
if (inputLen > 0) {
System.arraycopy(input, inputOffset, buffer, buffered,
inputLen);
+ buffered += inputLen;
}
- buffered += inputLen;
- return len;
+ return outLen;
}
/**
@@ -881,11 +870,24 @@
("Must use either different key or iv for GCM encryption");
}
- // calculate the total input length
- int totalLen = buffered + inputLen;
- int paddedLen = totalLen;
+ int estOutSize = getOutputSizeByOperation(inputLen, true);
+ // check output buffer capacity.
+ // if we are decrypting with padding applied, we can perform this
+ // check only after we have determined how many padding bytes there
+ // are.
+ int outputCapacity = output.length - outputOffset;
+ int minOutSize = (decrypting? (estOutSize - blockSize):estOutSize);
+ if ((output == null) || (outputCapacity < minOutSize)) {
+ throw new ShortBufferException("Output buffer must be "
+ + "(at least) " + minOutSize + " bytes long");
+ }
+
+ // calculate total input length
+ int len = buffered + inputLen;
+
+ // calculate padding length
+ int totalLen = len + cipher.getBufferedLength();
int paddingLen = 0;
-
// will the total input length be a multiple of blockSize?
if (unitBytes != blockSize) {
if (totalLen < diffBlocksize) {
@@ -898,40 +900,23 @@
paddingLen = padding.padLength(totalLen);
}
- if ((paddingLen > 0) && (paddingLen != blockSize) &&
- (padding != null) && decrypting) {
+ if (decrypting && (padding != null) &&
+ (paddingLen > 0) && (paddingLen != blockSize)) {
throw new IllegalBlockSizeException
("Input length must be multiple of " + blockSize +
" when decrypting with padded cipher");
}
- // if encrypting and padding not null, add padding
- if (!decrypting && padding != null) {
- paddedLen += paddingLen;
- }
-
- // check output buffer capacity.
- // if we are decrypting with padding applied, we can perform this
- // check only after we have determined how many padding bytes there
- // are.
- if (output == null) {
- throw new ShortBufferException("Output buffer is null");
- }
- int outputCapacity = output.length - outputOffset;
-
- if (((!decrypting) && (outputCapacity < paddedLen)) ||
- (decrypting && (outputCapacity < (paddedLen - blockSize)))) {
- throw new ShortBufferException("Output buffer too short: "
- + outputCapacity + " bytes given, "
- + paddedLen + " bytes needed");
- }
-
// prepare the final input avoiding copying if possible
byte[] finalBuf = input;
int finalOffset = inputOffset;
+ int finalBufLen = inputLen;
if ((buffered != 0) || (!decrypting && padding != null)) {
+ if (decrypting || padding == null) {
+ paddingLen = 0;
+ }
+ finalBuf = new byte[len + paddingLen];
finalOffset = 0;
- finalBuf = new byte[paddedLen];
if (buffered != 0) {
System.arraycopy(buffer, 0, finalBuf, 0, buffered);
}
@@ -939,50 +924,50 @@
System.arraycopy(input, inputOffset, finalBuf,
buffered, inputLen);
}
- if (!decrypting && padding != null) {
- padding.padWithLen(finalBuf, totalLen, paddingLen);
+ if (paddingLen != 0) {
+ padding.padWithLen(finalBuf, (buffered+inputLen), paddingLen);
}
+ finalBufLen = finalBuf.length;
}
-
+ int outLen = 0;
if (decrypting) {
// if the size of specified output buffer is less than
// the length of the cipher text, then the current
// content of cipher has to be preserved in order for
// users to retry the call with a larger buffer in the
// case of ShortBufferException.
- if (outputCapacity < paddedLen) {
+ if (outputCapacity < estOutSize) {
cipher.save();
}
// create temporary output buffer so that only "real"
// data bytes are passed to user's output buffer.
- byte[] outWithPadding = new byte[totalLen];
- totalLen = finalNoPadding(finalBuf, finalOffset, outWithPadding,
- 0, totalLen);
+ byte[] outWithPadding = new byte[estOutSize];
+ outLen = finalNoPadding(finalBuf, finalOffset, outWithPadding,
+ 0, finalBufLen);
if (padding != null) {
- int padStart = padding.unpad(outWithPadding, 0, totalLen);
+ int padStart = padding.unpad(outWithPadding, 0, outLen);
if (padStart < 0) {
throw new BadPaddingException("Given final block not "
+ "properly padded");
}
- totalLen = padStart;
+ outLen = padStart;
}
- if ((output.length - outputOffset) < totalLen) {
+ if (outputCapacity < outLen) {
// restore so users can retry with a larger buffer
cipher.restore();
throw new ShortBufferException("Output buffer too short: "
- + (output.length-outputOffset)
- + " bytes given, " + totalLen
+ + (outputCapacity)
+ + " bytes given, " + outLen
+ " bytes needed");
}
- for (int i = 0; i < totalLen; i++) {
- output[outputOffset + i] = outWithPadding[i];
- }
+ // copy the result into user-supplied output buffer
+ System.arraycopy(outWithPadding, 0, output, outputOffset, outLen);
} else { // encrypting
try {
- totalLen = finalNoPadding(finalBuf, finalOffset, output,
- outputOffset, paddedLen);
+ outLen = finalNoPadding(finalBuf, finalOffset, output,
+ outputOffset, finalBufLen);
} finally {
// reset after doFinal() for GCM encryption
requireReinit = (cipherMode == GCM_MODE);
@@ -994,12 +979,13 @@
if (cipherMode != ECB_MODE) {
cipher.reset();
}
- return totalLen;
+ return outLen;
}
private int finalNoPadding(byte[] in, int inOfs, byte[] out, int outOfs,
int len)
- throws IllegalBlockSizeException, AEADBadTagException {
+ throws IllegalBlockSizeException, AEADBadTagException,
+ ShortBufferException {
if ((cipherMode != GCM_MODE) && (in == null || len == 0)) {
return 0;
--- a/jdk/src/share/classes/com/sun/crypto/provider/CipherFeedback.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/CipherFeedback.java Wed Oct 09 13:07:58 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -150,9 +150,10 @@
* @param plainLen the length of the input data
* @param cipher the buffer for the result
* @param cipherOffset the offset in <code>cipher</code>
+ * @return the length of the encrypted data
*/
- void encrypt(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset)
+ int encrypt(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset)
{
int i, len;
len = blockSize - numBytes;
@@ -194,6 +195,7 @@
}
}
}
+ return plainLen;
}
/**
@@ -218,9 +220,10 @@
* @param cipherLen the length of the input data
* @param plain the buffer for the result
* @param plainOffset the offset in <code>plain</code>
+ * @return the length of the decrypted data
*/
- void decrypt(byte[] cipher, int cipherOffset, int cipherLen,
- byte[] plain, int plainOffset)
+ int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+ byte[] plain, int plainOffset)
{
int i, len;
len = blockSize - numBytes;
@@ -268,5 +271,6 @@
}
}
}
+ return cipherLen;
}
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/CounterMode.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/CounterMode.java Wed Oct 09 13:07:58 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 201313, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -149,9 +149,10 @@
* @param len the length of the input data
* @param out the buffer for the result
* @param outOff the offset in <code>cipher</code>
+ * @return the length of the encrypted data
*/
- void encrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
- crypt(in, inOff, len, out, outOff);
+ int encrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+ return crypt(in, inOff, len, out, outOff);
}
/**
@@ -176,9 +177,10 @@
* @param len the length of the input data
* @param out the buffer for the result
* @param outOff the offset in <code>plain</code>
+ * @return the length of the decrypted data
*/
- void decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
- crypt(in, inOff, len, out, outOff);
+ int decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+ return crypt(in, inOff, len, out, outOff);
}
/**
@@ -197,7 +199,8 @@
* keystream generated by encrypting the counter values. Counter values
* are encrypted on demand.
*/
- private void crypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+ private int crypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+ int result = len;
while (len-- > 0) {
if (used >= blockSize) {
embeddedCipher.encryptBlock(counter, 0, encryptedCounter, 0);
@@ -206,5 +209,6 @@
}
out[outOff++] = (byte)(in[inOff++] ^ encryptedCounter[used++]);
}
+ return result;
}
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Wed Oct 09 13:07:58 2013 -0700
@@ -58,6 +58,16 @@
// The source of randomness
private SecureRandom random = null;
+ private static void checkKeySize(int keysize)
+ throws InvalidAlgorithmParameterException {
+ if ((keysize != 2048) &&
+ ((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0))) {
+ throw new InvalidAlgorithmParameterException(
+ "Keysize must be multiple of 64 ranging from "
+ + "512 to 1024 (inclusive), or 2048");
+ }
+ }
+
/**
* Initializes this parameter generator for a certain keysize
* and source of randomness.
@@ -67,11 +77,11 @@
* @param random the source of randomness
*/
protected void engineInit(int keysize, SecureRandom random) {
- if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) {
- throw new InvalidParameterException("Keysize must be multiple "
- + "of 64, and can only range "
- + "from 512 to 2048 "
- + "(inclusive)");
+ // Re-uses DSA parameters and thus have the same range
+ try {
+ checkKeySize(keysize);
+ } catch (InvalidAlgorithmParameterException ex) {
+ throw new InvalidParameterException(ex.getMessage());
}
this.primeSize = keysize;
this.random = random;
@@ -91,31 +101,29 @@
protected void engineInit(AlgorithmParameterSpec genParamSpec,
SecureRandom random)
throws InvalidAlgorithmParameterException {
- if (!(genParamSpec instanceof DHGenParameterSpec)) {
- throw new InvalidAlgorithmParameterException
- ("Inappropriate parameter type");
- }
+ if (!(genParamSpec instanceof DHGenParameterSpec)) {
+ throw new InvalidAlgorithmParameterException
+ ("Inappropriate parameter type");
+ }
- DHGenParameterSpec dhParamSpec = (DHGenParameterSpec)genParamSpec;
+ DHGenParameterSpec dhParamSpec = (DHGenParameterSpec)genParamSpec;
+
+ primeSize = dhParamSpec.getPrimeSize();
+
+ // Re-uses DSA parameters and thus have the same range
+ checkKeySize(primeSize);
- primeSize = dhParamSpec.getPrimeSize();
- if ((primeSize<512) || (primeSize>2048) || (primeSize%64 != 0)) {
- throw new InvalidAlgorithmParameterException
- ("Modulus size must be multiple of 64, and can only range "
- + "from 512 to 2048 (inclusive)");
- }
+ exponentSize = dhParamSpec.getExponentSize();
+ if (exponentSize <= 0) {
+ throw new InvalidAlgorithmParameterException
+ ("Exponent size must be greater than zero");
+ }
- exponentSize = dhParamSpec.getExponentSize();
- if (exponentSize <= 0) {
- throw new InvalidAlgorithmParameterException
- ("Exponent size must be greater than zero");
- }
-
- // Require exponentSize < primeSize
- if (exponentSize >= primeSize) {
- throw new InvalidAlgorithmParameterException
- ("Exponent size must be less than modulus size");
- }
+ // Require exponentSize < primeSize
+ if (exponentSize >= primeSize) {
+ throw new InvalidAlgorithmParameterException
+ ("Exponent size must be less than modulus size");
+ }
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/ElectronicCodeBook.java Wed Oct 09 13:07:58 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -115,14 +115,15 @@
* @param len the length of the input data
* @param out the buffer for the result
* @param outOff the offset in <code>cipher</code>
+ * @return the length of the encrypted data
*/
- void encrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
- while (len >= blockSize) {
+ int encrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+ for (int i = len; i >= blockSize; i -= blockSize) {
embeddedCipher.encryptBlock(in, inOff, out, outOff);
- len -= blockSize;
inOff += blockSize;
outOff += blockSize;
}
+ return len;
}
/**
@@ -147,14 +148,14 @@
* @param len the length of the input data
* @param out the buffer for the result
* @param outOff the offset in <code>plain</code>
+ * @return the length of the decrypted data
*/
- void decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
- while (len >= blockSize) {
+ int decrypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
+ for (int i = len; i >= blockSize; i -= blockSize) {
embeddedCipher.decryptBlock(in, inOff, out, outOff);
- len -= blockSize;
inOff += blockSize;
outOff += blockSize;
}
+ return len;
}
-
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java Wed Oct 09 13:07:58 2013 -0700
@@ -133,9 +133,10 @@
* @param plainLen the length of the input data
* @param cipher the buffer for the encryption result
* @param cipherOffset the offset in <code>cipher</code>
+ * @return the number of bytes placed into <code>cipher</code>
*/
- abstract void encrypt(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset);
+ abstract int encrypt(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset);
/**
* Performs encryption operation for the last time.
*
@@ -154,10 +155,9 @@
*/
int encryptFinal(byte[] plain, int plainOffset, int plainLen,
byte[] cipher, int cipherOffset)
- throws IllegalBlockSizeException {
- encrypt(plain, plainOffset, plainLen, cipher, cipherOffset);
- return plainLen;
- }
+ throws IllegalBlockSizeException, ShortBufferException {
+ return encrypt(plain, plainOffset, plainLen, cipher, cipherOffset);
+ }
/**
* Performs decryption operation.
*
@@ -174,9 +174,10 @@
* @param cipherLen the length of the input data
* @param plain the buffer for the decryption result
* @param plainOffset the offset in <code>plain</code>
+ * @return the number of bytes placed into <code>plain</code>
*/
- abstract void decrypt(byte[] cipher, int cipherOffset, int cipherLen,
- byte[] plain, int plainOffset);
+ abstract int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+ byte[] plain, int plainOffset);
/**
* Performs decryption operation for the last time.
@@ -196,9 +197,9 @@
*/
int decryptFinal(byte[] cipher, int cipherOffset, int cipherLen,
byte[] plain, int plainOffset)
- throws IllegalBlockSizeException, AEADBadTagException {
- decrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
- return cipherLen;
+ throws IllegalBlockSizeException, AEADBadTagException,
+ ShortBufferException {
+ return decrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
}
/**
@@ -228,4 +229,15 @@
void updateAAD(byte[] src, int offset, int len) {
throw new IllegalStateException("No AAD accepted");
}
+
+ /**
+ * @return the number of bytes that are buffered internally inside
+ * this FeedbackCipher instance.
+ * @since 1.8
+ */
+ int getBufferedLength() {
+ // Currently only AEAD cipher impl, e.g. GCM, buffers data
+ // internally during decryption mode
+ return 0;
+ }
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/GCTR.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/GCTR.java Wed Oct 09 13:07:58 2013 -0700
@@ -54,7 +54,7 @@
private byte[] counter;
// needed for save/restore calls
- private byte[] counterSave;
+ private byte[] counterSave = null;
// NOTE: cipher should already be initialized
GCTR(SymmetricCipher cipher, byte[] initialCounterBlk) {
@@ -98,17 +98,16 @@
throw new IllegalBlockSizeException("Negative input size!");
} else if (inLen > 0) {
int lastBlockSize = inLen % AES_BLOCK_SIZE;
+ int completeBlkLen = inLen - lastBlockSize;
// process the complete blocks first
- update(in, inOfs, inLen - lastBlockSize, out, outOfs);
+ update(in, inOfs, completeBlkLen, out, outOfs);
if (lastBlockSize != 0) {
// do the last partial block
byte[] encryptedCntr = new byte[AES_BLOCK_SIZE];
aes.encryptBlock(counter, 0, encryptedCntr, 0);
-
- int processed = inLen - lastBlockSize;
for (int n = 0; n < lastBlockSize; n++) {
- out[outOfs + processed + n] =
- (byte) ((in[inOfs + processed + n] ^
+ out[outOfs + completeBlkLen + n] =
+ (byte) ((in[inOfs + completeBlkLen + n] ^
encryptedCntr[n]));
}
}
@@ -120,12 +119,11 @@
}
/**
- * Resets the current counter to its initial value.
- * This is used after the doFinal() is called so this object can be
- * reused w/o explicit re-initialization.
+ * Resets the content of this object to when it's first constructed.
*/
void reset() {
System.arraycopy(icb, 0, counter, 0, icb.length);
+ counterSave = null;
}
/**
--- a/jdk/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java Wed Oct 09 13:07:58 2013 -0700
@@ -35,10 +35,12 @@
* This class represents ciphers in GaloisCounter (GCM) mode.
*
* <p>This mode currently should only be used w/ AES cipher.
- * Although no checking is done here, caller should only
- * pass AES Cipher to the constructor.
+ * Although no checking is done, caller should only pass AES
+ * Cipher to the constructor.
*
- * <p>NOTE: This class does not deal with buffering or padding.
+ * <p>NOTE: Unlike other modes, when used for decryption, this class
+ * will buffer all processed outputs internally and won't return them
+ * until the tag has been successfully verified.
*
* @since 1.8
*/
@@ -51,6 +53,9 @@
private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream();
private int sizeOfAAD = 0;
+ // buffer for storing input in decryption, not used for encryption
+ private ByteArrayOutputStream ibuffer = null;
+
// in bytes; need to convert to bits (default value 128) when needed
private int tagLenBytes = DEFAULT_TAG_LEN;
@@ -68,12 +73,14 @@
// additional variables for save/restore calls
private byte[] aadBufferSave = null;
private int sizeOfAADSave = 0;
+ private byte[] ibufferSave = null;
private int processedSave = 0;
// value must be 16-byte long; used by GCTR and GHASH as well
static void increment32(byte[] value) {
if (value.length != AES_BLOCK_SIZE) {
- throw new RuntimeException("Unexpected counter block length");
+ // should never happen
+ throw new ProviderException("Illegal counter block length");
}
// start from last byte and only go over 4 bytes, i.e. total 32 bits
int n = value.length - 1;
@@ -171,6 +178,9 @@
if (ghashAllToS != null) ghashAllToS.reset();
processed = 0;
sizeOfAAD = 0;
+ if (ibuffer != null) {
+ ibuffer.reset();
+ }
}
/**
@@ -184,6 +194,9 @@
null : aadBuffer.toByteArray());
if (gctrPAndC != null) gctrPAndC.save();
if (ghashAllToS != null) ghashAllToS.save();
+ if (ibuffer != null) {
+ ibufferSave = ibuffer.toByteArray();
+ }
}
/**
@@ -198,8 +211,12 @@
aadBuffer.write(aadBufferSave, 0, aadBufferSave.length);
}
}
- if (gctrPAndC != null) gctrPAndC.restore();
- if (ghashAllToS != null) ghashAllToS.restore();
+ if (gctrPAndC != null) gctrPAndC.restore();
+ if (ghashAllToS != null) ghashAllToS.restore();
+ if (ibuffer != null) {
+ ibuffer.reset();
+ ibuffer.write(ibufferSave, 0, ibufferSave.length);
+ }
}
/**
@@ -261,6 +278,9 @@
}
processed = 0;
sizeOfAAD = 0;
+ if (decrypting) {
+ ibuffer = new ByteArrayOutputStream();
+ }
}
/**
@@ -299,7 +319,7 @@
// Feed the AAD data to GHASH, pad if necessary
void processAAD() {
- if (aadBuffer != null) {
+ if (aadBuffer != null && aadBuffer.size() > 0) {
byte[] aad = aadBuffer.toByteArray();
sizeOfAAD = aad.length;
aadBuffer = null;
@@ -365,13 +385,14 @@
* @param out the buffer for the result
* @param outOfs the offset in <code>out</code>
*/
- void encrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
+ int encrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
processAAD();
if (len > 0) {
gctrPAndC.update(in, inOfs, len, out, outOfs);
processed += len;
ghashAllToS.update(out, outOfs, len);
}
+ return len;
}
/**
@@ -387,28 +408,28 @@
* @param outOfs the offset in <code>out</code>
* @return the number of bytes placed into the <code>out</code> buffer
*/
- int encryptFinal(byte[] in, int inOfs, int len, byte[] out, int outOfs)
- throws IllegalBlockSizeException {
- if (out.length - outOfs < (len + tagLenBytes)) {
- throw new RuntimeException("Output buffer too small");
- }
+ int encryptFinal(byte[] in, int inOfs, int len, byte[] out, int outOfs)
+ throws IllegalBlockSizeException, ShortBufferException {
+ if (out.length - outOfs < (len + tagLenBytes)) {
+ throw new ShortBufferException("Output buffer too small");
+ }
+
+ processAAD();
+ if (len > 0) {
+ doLastBlock(in, inOfs, len, out, outOfs, true);
+ }
- processAAD();
- if (len > 0) {
- //ByteUtil.dumpArray(Arrays.copyOfRange(in, inOfs, inOfs + len));
- doLastBlock(in, inOfs, len, out, outOfs, true);
- }
+ byte[] lengthBlock =
+ getLengthBlock(sizeOfAAD*8, processed*8);
+ ghashAllToS.update(lengthBlock);
+ byte[] s = ghashAllToS.digest();
+ byte[] sOut = new byte[s.length];
+ GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
+ gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
- byte[] lengthBlock = getLengthBlock(sizeOfAAD*8, processed*8);
- ghashAllToS.update(lengthBlock);
- byte[] s = ghashAllToS.digest();
- byte[] sOut = new byte[s.length];
- GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
- gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
-
- System.arraycopy(sOut, 0, out, (outOfs + len), tagLenBytes);
- return (len + tagLenBytes);
- }
+ System.arraycopy(sOut, 0, out, (outOfs + len), tagLenBytes);
+ return (len + tagLenBytes);
+ }
/**
* Performs decryption operation.
@@ -432,14 +453,16 @@
* @param out the buffer for the result
* @param outOfs the offset in <code>out</code>
*/
- void decrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
+ int decrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
processAAD();
- if (len > 0) { // must be at least AES_BLOCK_SIZE bytes long
- gctrPAndC.update(in, inOfs, len, out, outOfs);
- processed += len;
- ghashAllToS.update(in, inOfs, len);
+ if (len > 0) {
+ // store internally until decryptFinal is called because
+ // spec mentioned that only return recovered data after tag
+ // is successfully verified
+ ibuffer.write(in, inOfs, len);
}
+ return 0;
}
/**
@@ -458,44 +481,62 @@
* @param outOfs the offset in <code>plain</code>
* @return the number of bytes placed into the <code>out</code> buffer
*/
- int decryptFinal(byte[] in, int inOfs, int len,
- byte[] out, int outOfs)
- throws IllegalBlockSizeException, AEADBadTagException {
- if (len < tagLenBytes) {
- throw new RuntimeException("Input buffer too short - need tag");
- }
- if (out.length - outOfs < (len - tagLenBytes)) {
- throw new RuntimeException("Output buffer too small");
- }
- processAAD();
+ int decryptFinal(byte[] in, int inOfs, int len,
+ byte[] out, int outOfs)
+ throws IllegalBlockSizeException, AEADBadTagException,
+ ShortBufferException {
+ if (len < tagLenBytes) {
+ throw new AEADBadTagException("Input too short - need tag");
+ }
+ if (out.length - outOfs < ((ibuffer.size() + len) - tagLenBytes)) {
+ throw new ShortBufferException("Output buffer too small");
+ }
+ processAAD();
+ if (len != 0) {
+ ibuffer.write(in, inOfs, len);
+ }
- int processedOld = processed;
- byte[] tag = new byte[tagLenBytes];
- // get the trailing tag bytes from 'in'
- System.arraycopy(in, inOfs + len - tagLenBytes, tag, 0, tagLenBytes);
- len -= tagLenBytes;
+ // refresh 'in' to all buffered-up bytes
+ in = ibuffer.toByteArray();
+ inOfs = 0;
+ len = in.length;
+ ibuffer.reset();
- if (len > 0) {
- doLastBlock(in, inOfs, len, out, outOfs, false);
- }
+ byte[] tag = new byte[tagLenBytes];
+ // get the trailing tag bytes from 'in'
+ System.arraycopy(in, len - tagLenBytes, tag, 0, tagLenBytes);
+ len -= tagLenBytes;
- byte[] lengthBlock = getLengthBlock(sizeOfAAD*8, processed*8);
- ghashAllToS.update(lengthBlock);
+ if (len > 0) {
+ doLastBlock(in, inOfs, len, out, outOfs, false);
+ }
- byte[] s = ghashAllToS.digest();
- byte[] sOut = new byte[s.length];
- GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
- gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
- for (int i = 0; i < tagLenBytes; i++) {
- if (tag[i] != sOut[i]) {
- throw new AEADBadTagException("Tag mismatch!");
- }
- }
- return len;
- }
+ byte[] lengthBlock =
+ getLengthBlock(sizeOfAAD*8, processed*8);
+ ghashAllToS.update(lengthBlock);
+
+ byte[] s = ghashAllToS.digest();
+ byte[] sOut = new byte[s.length];
+ GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
+ gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
+ for (int i = 0; i < tagLenBytes; i++) {
+ if (tag[i] != sOut[i]) {
+ throw new AEADBadTagException("Tag mismatch!");
+ }
+ }
+ return len;
+ }
// return tag length in bytes
int getTagLen() {
return this.tagLenBytes;
}
+
+ int getBufferedLength() {
+ if (ibuffer == null) {
+ return 0;
+ } else {
+ return ibuffer.size();
+ }
+ }
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/OutputFeedback.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/OutputFeedback.java Wed Oct 09 13:07:58 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -149,9 +149,10 @@
* @param plainLen the length of the input data
* @param cipher the buffer for the result
* @param cipherOffset the offset in <code>cipher</code>
+ * @return the length of the encrypted data
*/
- void encrypt(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset)
+ int encrypt(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset)
{
int i;
int len = blockSize - numBytes;
@@ -195,6 +196,7 @@
System.arraycopy(k, 0, register, len, numBytes);
}
}
+ return plainLen;
}
/**
@@ -219,11 +221,12 @@
* @param cipherLen the length of the input data
* @param plain the buffer for the result
* @param plainOffset the offset in <code>plain</code>
+ * @return the length of the decrypted data
*/
- void decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+ int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
byte[] plain, int plainOffset)
{
// OFB encrypt and decrypt are identical
- encrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
+ return encrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
}
}
--- a/jdk/src/share/classes/com/sun/crypto/provider/PCBC.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PCBC.java Wed Oct 09 13:07:58 2013 -0700
@@ -136,8 +136,8 @@
* @param cipher the buffer for the result
* @param cipherOffset the offset in <code>cipher</code>
*/
- void encrypt(byte[] plain, int plainOffset, int plainLen,
- byte[] cipher, int cipherOffset)
+ int encrypt(byte[] plain, int plainOffset, int plainLen,
+ byte[] cipher, int cipherOffset)
{
int i;
int endIndex = plainOffset + plainLen;
@@ -152,6 +152,7 @@
k[i] = (byte)(plain[i+plainOffset] ^ cipher[i+cipherOffset]);
}
}
+ return plainLen;
}
/**
@@ -177,8 +178,8 @@
* @param plain the buffer for the result
* @param plainOffset the offset in <code>plain</code>
*/
- void decrypt(byte[] cipher, int cipherOffset, int cipherLen,
- byte[] plain, int plainOffset)
+ int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
+ byte[] plain, int plainOffset)
{
int i;
int endIndex = cipherOffset + cipherLen;
@@ -194,5 +195,6 @@
k[i] = (byte)(plain[i+plainOffset] ^ cipher[i+cipherOffset]);
}
}
+ return cipherLen;
}
}
--- a/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java Wed Oct 09 13:07:58 2013 -0700
@@ -237,7 +237,7 @@
private static String[] getTypeNames(Class<?> currentClass, Vector<String> v) {
getClassesAux(currentClass, v);
- Class[] members = currentClass.getInterfaces();
+ Class<?>[] members = currentClass.getInterfaces();
for (int i = 0; i < members.length; i++) {
getClassesAux(members[i], v);
}
--- a/jdk/src/share/classes/com/sun/jndi/ldap/LdapPoolManager.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/jndi/ldap/LdapPoolManager.java Wed Oct 09 13:07:58 2013 -0700
@@ -237,7 +237,7 @@
!socketFactory.equals(LdapCtx.DEFAULT_SSL_FACTORY)) {
try {
Class<?> socketFactoryClass = Obj.helper.loadClass(socketFactory);
- Class[] interfaces = socketFactoryClass.getInterfaces();
+ Class<?>[] interfaces = socketFactoryClass.getInterfaces();
for (int i = 0; i < interfaces.length; i++) {
if (interfaces[i].getCanonicalName().equals(COMPARATOR)) {
foundSockCmp = true;
--- a/jdk/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java Wed Oct 09 13:07:58 2013 -0700
@@ -404,6 +404,7 @@
return delegate.getContent();
}
+ @SuppressWarnings("rawtypes")
public Object getContent(Class[] classes) throws IOException {
return delegate.getContent(classes);
}
--- a/jdk/src/share/classes/java/lang/instrument/Instrumentation.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/java/lang/instrument/Instrumentation.java Wed Oct 09 13:07:58 2013 -0700
@@ -381,6 +381,7 @@
*
* @return an array containing all the classes loaded by the JVM, zero-length if there are none
*/
+ @SuppressWarnings("rawtypes")
Class[]
getAllLoadedClasses();
@@ -393,6 +394,7 @@
* @return an array containing all the classes for which loader is an initiating loader,
* zero-length if there are none
*/
+ @SuppressWarnings("rawtypes")
Class[]
getInitiatedClasses(ClassLoader loader);
--- a/jdk/src/share/classes/java/net/ContentHandler.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/java/net/ContentHandler.java Wed Oct 09 13:07:58 2013 -0700
@@ -96,6 +96,7 @@
* @exception IOException if an I/O error occurs while reading the object.
* @since 1.3
*/
+ @SuppressWarnings("rawtypes")
public Object getContent(URLConnection urlc, Class[] classes) throws IOException {
Object obj = getContent(urlc);
--- a/jdk/src/share/classes/javax/crypto/CipherSpi.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/javax/crypto/CipherSpi.java Wed Oct 09 13:07:58 2013 -0700
@@ -786,7 +786,9 @@
int total = 0;
do {
int chunk = Math.min(inLen, inArray.length);
- input.get(inArray, 0, chunk);
+ if (chunk > 0) {
+ input.get(inArray, 0, chunk);
+ }
int n;
if (isUpdate || (inLen != chunk)) {
n = engineUpdate(inArray, 0, chunk, outArray, outOfs);
@@ -814,8 +816,9 @@
int total = 0;
boolean resized = false;
do {
- int chunk = Math.min(inLen, outSize);
- if ((a1 == false) && (resized == false)) {
+ int chunk =
+ Math.min(inLen, (outSize == 0? inArray.length : outSize));
+ if (!a1 && !resized && chunk > 0) {
input.get(inArray, 0, chunk);
inOfs = 0;
}
@@ -829,8 +832,10 @@
resized = false;
inOfs += chunk;
inLen -= chunk;
- output.put(outArray, 0, n);
- total += n;
+ if (n > 0) {
+ output.put(outArray, 0, n);
+ total += n;
+ }
} catch (ShortBufferException e) {
if (resized) {
// we just resized the output buffer, but it still
@@ -840,11 +845,13 @@
}
// output buffer is too small, realloc and try again
resized = true;
- int newOut = engineGetOutputSize(chunk);
- outArray = new byte[newOut];
+ outSize = engineGetOutputSize(chunk);
+ outArray = new byte[outSize];
}
} while (inLen > 0);
- input.position(inLimit);
+ if (a1) {
+ input.position(inLimit);
+ }
return total;
}
}
--- a/jdk/src/share/classes/javax/crypto/JceSecurityManager.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/javax/crypto/JceSecurityManager.java Wed Oct 09 13:07:58 2013 -0700
@@ -230,7 +230,7 @@
// See bug 4341369 & 4334690 for more info.
boolean isCallerTrusted() {
// Get the caller and its codebase.
- Class[] context = getClassContext();
+ Class<?>[] context = getClassContext();
URL callerCodeBase = null;
int i;
for (i=0; i<context.length; i++) {
--- a/jdk/src/share/classes/sun/instrument/InstrumentationImpl.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/instrument/InstrumentationImpl.java Wed Oct 09 13:07:58 2013 -0700
@@ -170,11 +170,13 @@
redefineClasses0(mNativeAgent, definitions);
}
+ @SuppressWarnings("rawtypes")
public Class[]
getAllLoadedClasses() {
return getAllLoadedClasses0(mNativeAgent);
}
+ @SuppressWarnings("rawtypes")
public Class[]
getInitiatedClasses(ClassLoader loader) {
return getInitiatedClasses0(mNativeAgent, loader);
@@ -255,9 +257,11 @@
redefineClasses0(long nativeAgent, ClassDefinition[] definitions)
throws ClassNotFoundException;
+ @SuppressWarnings("rawtypes")
private native Class[]
getAllLoadedClasses0(long nativeAgent);
+ @SuppressWarnings("rawtypes")
private native Class[]
getInitiatedClasses0(long nativeAgent, ClassLoader loader);
--- a/jdk/src/share/classes/sun/net/www/content/image/gif.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/net/www/content/image/gif.java Wed Oct 09 13:07:58 2013 -0700
@@ -37,6 +37,7 @@
return new URLImageSource(urlc);
}
+ @SuppressWarnings("rawtypes")
public Object getContent(URLConnection urlc, Class[] classes) throws IOException {
Class<?>[] cls = classes;
for (int i = 0; i < cls.length; i++) {
--- a/jdk/src/share/classes/sun/net/www/content/image/jpeg.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/net/www/content/image/jpeg.java Wed Oct 09 13:07:58 2013 -0700
@@ -36,6 +36,7 @@
return new URLImageSource(urlc);
}
+ @SuppressWarnings("rawtypes")
public Object getContent(URLConnection urlc, Class[] classes) throws IOException {
Class<?>[] cls = classes;
for (int i = 0; i < cls.length; i++) {
--- a/jdk/src/share/classes/sun/net/www/content/image/png.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/net/www/content/image/png.java Wed Oct 09 13:07:58 2013 -0700
@@ -36,6 +36,7 @@
return new URLImageSource(urlc);
}
+ @SuppressWarnings("rawtypes")
public Object getContent(URLConnection urlc, Class[] classes) throws IOException {
Class<?>[] cls = classes;
for (int i = 0; i < cls.length; i++) {
--- a/jdk/src/share/classes/sun/net/www/content/image/x_xbitmap.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/net/www/content/image/x_xbitmap.java Wed Oct 09 13:07:58 2013 -0700
@@ -35,6 +35,7 @@
return new URLImageSource(urlc);
}
+ @SuppressWarnings("rawtypes")
public Object getContent(URLConnection urlc, Class[] classes) throws java.io.IOException {
Class<?>[] cls = classes;
for (int i = 0; i < cls.length; i++) {
--- a/jdk/src/share/classes/sun/net/www/content/image/x_xpixmap.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/net/www/content/image/x_xpixmap.java Wed Oct 09 13:07:58 2013 -0700
@@ -35,6 +35,7 @@
return new URLImageSource(urlc);
}
+ @SuppressWarnings("rawtypes")
public Object getContent(URLConnection urlc, Class[] classes) throws java.io.IOException {
Class<?>[] cls = classes;
for (int i = 0; i < cls.length; i++) {
--- a/jdk/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java Wed Oct 09 13:07:58 2013 -0700
@@ -434,6 +434,7 @@
return delegate.getContent();
}
+ @SuppressWarnings("rawtypes")
public Object getContent(Class[] classes) throws IOException {
return delegate.getContent(classes);
}
--- a/jdk/src/share/classes/sun/reflect/misc/MethodUtil.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/reflect/misc/MethodUtil.java Wed Oct 09 13:07:58 2013 -0700
@@ -217,7 +217,7 @@
*/
private static class Signature {
private String methodName;
- private Class[] argClasses;
+ private Class<?>[] argClasses;
private volatile int hashCode = 0;
@@ -299,7 +299,7 @@
new PrivilegedExceptionAction<Method>() {
public Method run() throws Exception {
Class<?> t = getTrampolineClass();
- Class[] types = {
+ Class<?>[] types = {
Method.class, Object.class, Object[].class
};
Method b = t.getDeclaredMethod("invoke", types);
--- a/jdk/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Wed Oct 09 13:07:58 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -70,20 +70,67 @@
// for RSA, selected or default value of public exponent, always valid
private BigInteger rsaPublicExponent = RSAKeyGenParameterSpec.F4;
+ // the supported keysize range of the native PKCS11 library
+ // if the value cannot be retrieved or unspecified, -1 is used.
+ private final int minKeySize;
+ private final int maxKeySize;
+
// SecureRandom instance, if specified in init
private SecureRandom random;
P11KeyPairGenerator(Token token, String algorithm, long mechanism)
throws PKCS11Exception {
super();
+ int minKeyLen = -1;
+ int maxKeyLen = -1;
+ try {
+ CK_MECHANISM_INFO mechInfo = token.getMechanismInfo(mechanism);
+ if (mechInfo != null) {
+ minKeyLen = (int) mechInfo.ulMinKeySize;
+ maxKeyLen = (int) mechInfo.ulMaxKeySize;
+ }
+ } catch (PKCS11Exception p11e) {
+ // Should never happen
+ throw new ProviderException
+ ("Unexpected error while getting mechanism info", p11e);
+ }
+ // set default key sizes and apply our own algorithm-specific limits
+ // override lower limit to disallow unsecure keys being generated
+ // override upper limit to deter DOS attack
+ if (algorithm.equals("EC")) {
+ keySize = 256;
+ if ((minKeyLen == -1) || (minKeyLen < 112)) {
+ minKeyLen = 112;
+ }
+ if ((maxKeyLen == -1) || (maxKeyLen > 2048)) {
+ maxKeyLen = 2048;
+ }
+ } else {
+ // RSA, DH, and DSA
+ keySize = 1024;
+ if ((minKeyLen == -1) || (minKeyLen < 512)) {
+ minKeyLen = 512;
+ }
+ if (algorithm.equals("RSA")) {
+ if ((maxKeyLen == -1) || (maxKeyLen > 64 * 1024)) {
+ maxKeyLen = 64 * 1024;
+ }
+ }
+ }
+
+ // auto-adjust default keysize in case it's out-of-range
+ if ((minKeyLen != -1) && (keySize < minKeyLen)) {
+ keySize = minKeyLen;
+ }
+ if ((maxKeyLen != -1) && (keySize > maxKeyLen)) {
+ keySize = maxKeyLen;
+ }
this.token = token;
this.algorithm = algorithm;
this.mechanism = mechanism;
- if (algorithm.equals("EC")) {
- initialize(256, null);
- } else {
- initialize(1024, null);
- }
+ this.minKeySize = minKeyLen;
+ this.maxKeySize = maxKeyLen;
+ initialize(keySize, null);
}
// see JCA spec
@@ -94,9 +141,7 @@
} catch (InvalidAlgorithmParameterException e) {
throw new InvalidParameterException(e.getMessage());
}
- this.keySize = keySize;
this.params = null;
- this.random = random;
if (algorithm.equals("EC")) {
params = P11ECKeyFactory.getECParameterSpec(keySize);
if (params == null) {
@@ -105,33 +150,35 @@
+ keySize + " bits");
}
}
+ this.keySize = keySize;
+ this.random = random;
}
// see JCA spec
public void initialize(AlgorithmParameterSpec params, SecureRandom random)
throws InvalidAlgorithmParameterException {
token.ensureValid();
+ int tmpKeySize;
if (algorithm.equals("DH")) {
if (params instanceof DHParameterSpec == false) {
throw new InvalidAlgorithmParameterException
("DHParameterSpec required for Diffie-Hellman");
}
- DHParameterSpec dhParams = (DHParameterSpec)params;
- int tmpKeySize = dhParams.getP().bitLength();
- checkKeySize(tmpKeySize, dhParams);
- this.keySize = tmpKeySize;
- this.params = dhParams;
+ DHParameterSpec dhParams = (DHParameterSpec) params;
+ tmpKeySize = dhParams.getP().bitLength();
+ checkKeySize(tmpKeySize, null);
// XXX sanity check params
} else if (algorithm.equals("RSA")) {
if (params instanceof RSAKeyGenParameterSpec == false) {
throw new InvalidAlgorithmParameterException
("RSAKeyGenParameterSpec required for RSA");
}
- RSAKeyGenParameterSpec rsaParams = (RSAKeyGenParameterSpec)params;
- int tmpKeySize = rsaParams.getKeysize();
+ RSAKeyGenParameterSpec rsaParams =
+ (RSAKeyGenParameterSpec) params;
+ tmpKeySize = rsaParams.getKeysize();
checkKeySize(tmpKeySize, rsaParams);
- this.keySize = tmpKeySize;
- this.params = null;
+ // override the supplied params to null
+ params = null;
this.rsaPublicExponent = rsaParams.getPublicExponent();
// XXX sanity check params
} else if (algorithm.equals("DSA")) {
@@ -139,11 +186,9 @@
throw new InvalidAlgorithmParameterException
("DSAParameterSpec required for DSA");
}
- DSAParameterSpec dsaParams = (DSAParameterSpec)params;
- int tmpKeySize = dsaParams.getP().bitLength();
- checkKeySize(tmpKeySize, dsaParams);
- this.keySize = tmpKeySize;
- this.params = dsaParams;
+ DSAParameterSpec dsaParams = (DSAParameterSpec) params;
+ tmpKeySize = dsaParams.getP().bitLength();
+ checkKeySize(tmpKeySize, null);
// XXX sanity check params
} else if (algorithm.equals("EC")) {
ECParameterSpec ecParams;
@@ -155,28 +200,42 @@
("Unsupported curve: " + params);
}
} else if (params instanceof ECGenParameterSpec) {
- String name = ((ECGenParameterSpec)params).getName();
+ String name = ((ECGenParameterSpec) params).getName();
ecParams = P11ECKeyFactory.getECParameterSpec(name);
if (ecParams == null) {
throw new InvalidAlgorithmParameterException
("Unknown curve name: " + name);
}
+ // override the supplied params with the derived one
+ params = ecParams;
} else {
throw new InvalidAlgorithmParameterException
("ECParameterSpec or ECGenParameterSpec required for EC");
}
- int tmpKeySize = ecParams.getCurve().getField().getFieldSize();
- checkKeySize(tmpKeySize, ecParams);
- this.keySize = tmpKeySize;
- this.params = ecParams;
+ tmpKeySize = ecParams.getCurve().getField().getFieldSize();
+ checkKeySize(tmpKeySize, null);
} else {
throw new ProviderException("Unknown algorithm: " + algorithm);
}
+ this.keySize = tmpKeySize;
+ this.params = params;
this.random = random;
}
- private void checkKeySize(int keySize, AlgorithmParameterSpec params)
- throws InvalidAlgorithmParameterException {
+ // NOTE: 'params' is only used for checking RSA keys currently.
+ private void checkKeySize(int keySize, RSAKeyGenParameterSpec params)
+ throws InvalidAlgorithmParameterException {
+ // check native range first
+ if ((minKeySize != -1) && (keySize < minKeySize)) {
+ throw new InvalidAlgorithmParameterException(algorithm +
+ " key must be at least " + minKeySize + " bits");
+ }
+ if ((maxKeySize != -1) && (keySize > maxKeySize)) {
+ throw new InvalidAlgorithmParameterException(algorithm +
+ " key must be at most " + maxKeySize + " bits");
+ }
+
+ // check our own algorithm-specific limits also
if (algorithm.equals("EC")) {
if (keySize < 112) {
throw new InvalidAlgorithmParameterException
@@ -187,41 +246,45 @@
throw new InvalidAlgorithmParameterException
("Key size must be at most 2048 bit");
}
- return;
- } else if (algorithm.equals("RSA")) {
- BigInteger tmpExponent = rsaPublicExponent;
- if (params != null) {
- // Already tested for instanceof RSAKeyGenParameterSpec above
- tmpExponent =
- ((RSAKeyGenParameterSpec)params).getPublicExponent();
- }
- try {
- // This provider supports 64K or less.
- RSAKeyFactory.checkKeyLengths(keySize, tmpExponent,
- 512, 64 * 1024);
- } catch (InvalidKeyException e) {
- throw new InvalidAlgorithmParameterException(e.getMessage());
+ } else {
+ // RSA, DH, DSA
+ if (keySize < 512) {
+ throw new InvalidAlgorithmParameterException
+ ("Key size must be at least 512 bit");
}
- return;
- }
-
- if (keySize < 512) {
- throw new InvalidAlgorithmParameterException
- ("Key size must be at least 512 bit");
- }
- if (algorithm.equals("DH") && (params != null)) {
- // sanity check, nobody really wants keys this large
- if (keySize > 64 * 1024) {
- throw new InvalidAlgorithmParameterException
- ("Key size must be at most 65536 bit");
- }
- } else {
- // this restriction is in the spec for DSA
- // since we currently use DSA parameters for DH as well,
- // it also applies to DH if no parameters are specified
- if ((keySize > 1024) || ((keySize & 0x3f) != 0)) {
- throw new InvalidAlgorithmParameterException
- ("Key size must be a multiple of 64 and at most 1024 bit");
+ if (algorithm.equals("RSA")) {
+ BigInteger tmpExponent = rsaPublicExponent;
+ if (params != null) {
+ tmpExponent = params.getPublicExponent();
+ }
+ try {
+ // Reuse the checking in SunRsaSign provider.
+ // If maxKeySize is -1, then replace it with
+ // Integer.MAX_VALUE to indicate no limit.
+ RSAKeyFactory.checkKeyLengths(keySize, tmpExponent,
+ minKeySize,
+ (maxKeySize==-1? Integer.MAX_VALUE:maxKeySize));
+ } catch (InvalidKeyException e) {
+ throw new InvalidAlgorithmParameterException(e.getMessage());
+ }
+ } else {
+ if (algorithm.equals("DH") && (params != null)) {
+ // sanity check, nobody really wants keys this large
+ if (keySize > 64 * 1024) {
+ throw new InvalidAlgorithmParameterException
+ ("Key size must be at most 65536 bit");
+ }
+ } else {
+ // this restriction is in the spec for DSA
+ // since we currently use DSA parameters for DH as well,
+ // it also applies to DH if no parameters are specified
+ if ((keySize != 2048) &&
+ ((keySize > 1024) || ((keySize & 0x3f) != 0))) {
+ throw new InvalidAlgorithmParameterException(algorithm +
+ " key must be multiples of 64 if less than 1024 bits" +
+ ", or 2048 bits");
+ }
+ }
}
}
}
@@ -325,5 +388,4 @@
token.releaseSession(session);
}
}
-
}
--- a/jdk/src/share/classes/sun/security/provider/AuthPolicyFile.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/security/provider/AuthPolicyFile.java Wed Oct 09 13:07:58 2013 -0700
@@ -91,7 +91,7 @@
private boolean ignoreIdentityScope = true;
// for use with the reflection API
- private static final Class[] PARAMS = { String.class, String.class};
+ private static final Class<?>[] PARAMS = { String.class, String.class};
/**
* Initializes the Policy object and reads the default policy
--- a/jdk/src/share/classes/sun/security/provider/SubjectCodeSource.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/security/provider/SubjectCodeSource.java Wed Oct 09 13:07:58 2013 -0700
@@ -58,7 +58,7 @@
private Subject subject;
private LinkedList<PrincipalEntry> principals;
- private static final Class[] PARAMS = { String.class };
+ private static final Class<?>[] PARAMS = { String.class };
private static final sun.security.util.Debug debug =
sun.security.util.Debug.getInstance("auth", "\t[Auth Access]");
private ClassLoader sysClassLoader;
--- a/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/security/tools/jarsigner/Main.java Wed Oct 09 13:07:58 2013 -0700
@@ -93,7 +93,7 @@
// prefix for new signature-related files in META-INF directory
private static final String SIG_PREFIX = META_INF + "SIG-";
- private static final Class[] PARAM_STRING = { String.class };
+ private static final Class<?>[] PARAM_STRING = { String.class };
private static final String NONE = "NONE";
private static final String P11KEYSTORE = "PKCS11";
--- a/jdk/src/share/classes/sun/security/tools/keytool/Main.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/security/tools/keytool/Main.java Wed Oct 09 13:07:58 2013 -0700
@@ -309,7 +309,7 @@
}
};
- private static final Class[] PARAM_STRING = { String.class };
+ private static final Class<?>[] PARAM_STRING = { String.class };
private static final String NONE = "NONE";
private static final String P11KEYSTORE = "PKCS11";
--- a/jdk/src/share/classes/sun/security/tools/policytool/PolicyTool.java Wed Oct 09 11:47:48 2013 -0700
+++ b/jdk/src/share/classes/sun/security/tools/policytool/PolicyTool.java Wed Oct 09 13:07:58 2013 -0700
@@ -77,9 +77,9 @@
boolean modified = false;
private static final boolean testing = false;
- private static final Class[] TWOPARAMS = { String.class, String.class };
- private static final Class[] ONEPARAMS = { String.class };
- private static final Class[] NOPARAMS = {};
+ private static final Class<?>[] TWOPARAMS = { String.class, String.class };
+ private static final Class<?>[] ONEPARAMS = { String.class };
+ private static final Class<?>[] NOPARAMS = {};
/*
* All of the policy entries are read in from the
* policy file and stored here. Updates to the policy entries
--- a/jdk/test/com/oracle/security/ucrypto/TestAES.java Wed Oct 09 11:47:48 2013 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,339 +0,0 @@
-/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 7088989
- * @summary Ensure the AES ciphers of OracleUcrypto provider works correctly
- */
-import java.io.*;
-import java.security.*;
-import java.security.spec.*;
-import java.util.*;
-import javax.crypto.*;
-import javax.crypto.spec.*;
-
-public class TestAES extends UcryptoTest {
-
- private static final String[] PADDEDCIPHER_ALGOS = {
- "AES/ECB/PKCS5Padding",
- "AES/CBC/PKCS5Padding",
- "AES/CFB128/PKCS5Padding"
- };
-
- private static final String[] CIPHER_ALGOS = {
- "AES/ECB/NoPadding",
- "AES/CBC/NoPadding",
- "AES/CFB128/NoPadding",
- "AES/CTR/NoPadding",
- };
-
- private static final SecretKey CIPHER_KEY =
- new SecretKeySpec(new byte[16], "AES");
-
- public static void main(String[] args) throws Exception {
- main(new TestAES(), null);
- }
-
- public void doTest(Provider prov) throws Exception {
- // Provider for testing Interoperability
- Provider sunJCEProv = Security.getProvider("SunJCE");
-
- testCipherInterop(CIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
- testCipherInterop(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
-
- testCipherOffset(CIPHER_ALGOS, CIPHER_KEY, prov);
- testCipherOffset(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov);
-
- testCipherKeyWrapping(PADDEDCIPHER_ALGOS, CIPHER_KEY, prov, sunJCEProv);
- testCipherGCM(CIPHER_KEY, prov);
- }
-
- private static void testCipherInterop(String[] algos, SecretKey key,
- Provider p,
- Provider interopP) {
- boolean testPassed = true;
- byte[] in = new byte[32];
- (new SecureRandom()).nextBytes(in);
-
- for (String algo : algos) {
- try {
- // check ENC
- Cipher c;
- try {
- c = Cipher.getInstance(algo, p);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skipping Unsupported CIP algo: " + algo);
- continue;
- }
- c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null);
- byte[] eout = c.doFinal(in, 0, in.length);
-
- AlgorithmParameters params = c.getParameters();
- Cipher c2 = Cipher.getInstance(algo, interopP);
- c2.init(Cipher.ENCRYPT_MODE, key, params, null);
- byte[] eout2 = c2.doFinal(in, 0, in.length);
-
- if (!Arrays.equals(eout, eout2)) {
- System.out.println(algo + ": DIFF FAILED");
- testPassed = false;
- } else {
- System.out.println(algo + ": ENC Passed");
- }
-
- // check DEC
- c.init(Cipher.DECRYPT_MODE, key, params, null);
- byte[] dout = c.doFinal(eout);
- c2.init(Cipher.DECRYPT_MODE, key, params, null);
- byte[] dout2 = c2.doFinal(eout2);
-
- if (!Arrays.equals(dout, dout2)) {
- System.out.println(algo + ": DIFF FAILED");
- testPassed = false;
- } else {
- System.out.println(algo + ": DEC Passed");
- }
- } catch(Exception ex) {
- System.out.println("Unexpected Exception: " + algo);
- ex.printStackTrace();
- testPassed = false;
- }
- }
-
- if (!testPassed) {
- throw new RuntimeException("One or more CIPHER test failed!");
- } else {
- System.out.println("CIPHER Interop Tests Passed");
- }
- }
-
- private static void testCipherOffset(String[] algos, SecretKey key,
- Provider p) {
- boolean testPassed = true;
- byte[] in = new byte[16];
- (new SecureRandom()).nextBytes(in);
- int blockSize = 16;
-
- for (int j = 1; j < (in.length - 1); j++) {
- System.out.println("Input offset size: " + j);
- for (int i = 0; i < algos.length; i++) {
- try {
- // check ENC
- Cipher c;
- try {
- c = Cipher.getInstance(algos[i], p);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skip Unsupported CIP algo: " + algos[i]);
- continue;
- }
- c.init(Cipher.ENCRYPT_MODE, key, (AlgorithmParameters)null, null);
- byte[] eout = new byte[c.getOutputSize(in.length)];
- int firstPartLen = in.length - j - 1;
- //System.out.print("1st UPDATE: " + firstPartLen);
- int k = c.update(in, 0, firstPartLen, eout, 0);
- k += c.update(in, firstPartLen, 1, eout, k);
- k += c.doFinal(in, firstPartLen+1, j, eout, k);
-
- AlgorithmParameters params = c.getParameters();
-
- Cipher c2 = Cipher.getInstance(algos[i], p);
- c2.init(Cipher.ENCRYPT_MODE, key, params, null);
- byte[] eout2 = new byte[c2.getOutputSize(in.length)];
- int k2 = c2.update(in, 0, j, eout2, 0);
- k2 += c2.update(in, j, 1, eout2, k2);
- k2 += c2.doFinal(in, j+1, firstPartLen, eout2, k2);
-
- if (!checkArrays(eout, k, eout2, k2)) testPassed = false;
-
- // check DEC
- c.init(Cipher.DECRYPT_MODE, key, params, null);
- byte[] dout = new byte[c.getOutputSize(eout.length)];
- k = c.update(eout, 0, firstPartLen, dout, 0);
- k += c.update(eout, firstPartLen, 1, dout, k);
- k += c.doFinal(eout, firstPartLen+1, eout.length - firstPartLen - 1, dout, k);
- if (!checkArrays(in, in.length, dout, k)) testPassed = false;
- } catch(Exception ex) {
- System.out.println("Unexpected Exception: " + algos[i]);
- ex.printStackTrace();
- testPassed = false;
- }
- }
- }
- if (!testPassed) {
- throw new RuntimeException("One or more CIPHER test failed!");
- } else {
- System.out.println("CIPHER Offset Tests Passed");
- }
- }
-
- private static void testCipherKeyWrapping(String[] algos, SecretKey key,
- Provider p, Provider interopP)
- throws NoSuchAlgorithmException {
- boolean testPassed = true;
-
- // Test SecretKey, PrivateKey and PublicKey
- Key[] tbwKeys = new Key[3];
- int[] tbwKeyTypes = { Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, Cipher.PUBLIC_KEY };
- tbwKeys[0] = new SecretKeySpec(new byte[20], "Blowfish");
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
- kpg.initialize(1024);
- KeyPair kp = kpg.generateKeyPair();
- tbwKeys[1] = kp.getPrivate();
- tbwKeys[2] = kp.getPublic();
-
- for (int i = 0; i < algos.length; i++) {
- try {
- System.out.println(algos[i] + " - Native WRAP/Java UNWRAP");
-
- Cipher c1;
- try {
- c1 = Cipher.getInstance(algos[i], p);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skipping Unsupported CIP algo: " + algos[i]);
- continue;
- }
- c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null);
- AlgorithmParameters params = c1.getParameters();
- Cipher c2 = Cipher.getInstance(algos[i], interopP);
- c2.init(Cipher.UNWRAP_MODE, key, params, null);
-
- for (int j = 0; j < tbwKeys.length ; j++) {
- byte[] wrappedKey = c1.wrap(tbwKeys[j]);
- Key recovered = c2.unwrap(wrappedKey,
- tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]);
- if (!checkKeys(tbwKeys[j], recovered)) testPassed = false;
- }
-
- System.out.println(algos[i] + " - Java WRAP/Native UNWRAP");
- c1 = Cipher.getInstance(algos[i], interopP);
- c1.init(Cipher.WRAP_MODE, key, (AlgorithmParameters)null, null);
- params = c1.getParameters();
- c2 = Cipher.getInstance(algos[i], p);
- c2.init(Cipher.UNWRAP_MODE, key, params, null);
-
- for (int j = 0; j < tbwKeys.length ; j++) {
- byte[] wrappedKey = c1.wrap(tbwKeys[j]);
- Key recovered = c2.unwrap(wrappedKey,
- tbwKeys[j].getAlgorithm(), tbwKeyTypes[j]);
- if (!checkKeys(tbwKeys[j], recovered)) testPassed = false;
- }
-
- } catch(Exception ex) {
- System.out.println("Unexpected Exception: " + algos[i]);
- ex.printStackTrace();
- testPassed = false;
- }
- }
- if (!testPassed) {
- throw new RuntimeException("One or more CIPHER test failed!");
- } else {
- System.out.println("CIPHER KeyWrapping Tests Passed");
- }
- }
-
-
- private static void testCipherGCM(SecretKey key,
- Provider p) {
- boolean testPassed = true;
- byte[] in = new byte[16];
- (new SecureRandom()).nextBytes(in);
-
- byte[] iv = new byte[16];
- (new SecureRandom()).nextBytes(iv);
-
-
- String algo = "AES/GCM/NoPadding";
- int tagLen[] = { 128, 120, 112, 104, 96, 64, 32 };
-
- try {
- Cipher c;
- try {
- c = Cipher.getInstance(algo, p);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skipping Unsupported CIP algo: " + algo);
- return;
- }
- for (int i = 0; i < tagLen.length; i++) {
- AlgorithmParameterSpec paramSpec = new GCMParameterSpec(tagLen[i], iv);
- // check ENC
- c.init(Cipher.ENCRYPT_MODE, key, paramSpec, null);
- c.updateAAD(iv);
- byte[] eout = c.doFinal(in, 0, in.length);
-
- AlgorithmParameters param = c.getParameters();
- // check DEC
- c.init(Cipher.DECRYPT_MODE, key, param, null);
- c.updateAAD(iv);
- byte[] dout = c.doFinal(eout, 0, eout.length);
-
- if (!Arrays.equals(dout, in)) {
- System.out.println(algo + ": PT and RT DIFF FAILED");
- testPassed = false;
- } else {
- System.out.println(algo + ": tagLen " + tagLen[i] + " done");
- }
- }
- } catch(Exception ex) {
- System.out.println("Unexpected Exception: " + algo);
- ex.printStackTrace();
- testPassed = false;
- }
- if (!testPassed) {
- throw new RuntimeException("One or more CIPHER test failed!");
- } else {
- System.out.println("CIPHER GCM Tests Passed");
- }
- }
-
- private static boolean checkArrays(byte[] a1, int a1Len, byte[] a2, int a2Len) {
- boolean equal = true;
- if (a1Len != a2Len) {
- System.out.println("DIFFERENT OUT LENGTH");
- equal = false;
- } else {
- for (int p = 0; p < a1Len; p++) {
- if (a1[p] != a2[p]) {
- System.out.println("DIFF FAILED");
- equal = false;
- break;
- }
- }
- }
- return equal;
- }
-
- private static boolean checkKeys(Key k1, Key k2) {
- boolean equal = true;
- if (!k1.getAlgorithm().equalsIgnoreCase(k2.getAlgorithm())) {
- System.out.println("DIFFERENT Key Algorithm");
- equal = false;
- } else if (!k1.getFormat().equalsIgnoreCase(k2.getFormat())) {
- System.out.println("DIFFERENT Key Format");
- equal = false;
- } else if (!Arrays.equals(k1.getEncoded(), k2.getEncoded())) {
- System.out.println("DIFFERENT Key Encoding");
- equal = false;
- }
- return equal;
- }
-}
--- a/jdk/test/com/oracle/security/ucrypto/TestDigest.java Wed Oct 09 11:47:48 2013 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 7088989
- * @summary Ensure the various message digests works correctly
- */
-import java.io.*;
-import java.security.*;
-import java.security.spec.*;
-import java.util.*;
-import javax.crypto.*;
-import javax.crypto.spec.*;
-
-public class TestDigest extends UcryptoTest {
-
- private static final String[] MD_ALGOS = {
- "MD5",
- "SHA",
- "SHA-256",
- "SHA-384",
- "SHA-512"
- };
-
- public static void main(String[] args) throws Exception {
- main(new TestDigest(), null);
- }
-
- public void doTest(Provider p) {
- boolean testPassed = true;
- byte[] msg = new byte[200];
- (new SecureRandom()).nextBytes(msg);
- String interopProvName = "SUN";
-
- for (String a : MD_ALGOS) {
- try {
- MessageDigest md, md2;
- try {
- md = MessageDigest.getInstance(a, p);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skipping Unsupported MD algo: " + a);
- continue;
- }
- md2 = MessageDigest.getInstance(a, interopProvName);
- // Test Interoperability for update+digest calls
- for (int i = 0; i < 3; i++) {
- md.update(msg);
- byte[] digest = md.digest();
- md2.update(msg);
- byte[] digest2 = md2.digest();
- if (!Arrays.equals(digest, digest2)) {
- System.out.println("DIFF1 FAILED for: " + a + " at iter " + i);
- testPassed = false;
- }
- }
-
- // Test Interoperability for digest calls
- md = MessageDigest.getInstance(a, p);
- md2 = MessageDigest.getInstance(a, interopProvName);
-
- for (int i = 0; i < 3; i++) {
- byte[] digest = md.digest();
- byte[] digest2 = md2.digest();
- if (!Arrays.equals(digest, digest2)) {
- System.out.println("DIFF2 FAILED for: " + a + " at iter " + i);
- testPassed = false;
- }
- }
-
- // Test Cloning functionality
- md = MessageDigest.getInstance(a, p);
- md2 = (MessageDigest) md.clone(); // clone right after construction
- byte[] digest = md.digest();
- byte[] digest2 = md2.digest();
- if (!Arrays.equals(digest, digest2)) {
- System.out.println("DIFF-3.1 FAILED for: " + a);
- testPassed = false;
- }
- md.update(msg);
- md2 = (MessageDigest) md.clone(); // clone again after update call
- digest = md.digest();
- digest2 = md2.digest();
- if (!Arrays.equals(digest, digest2)) {
- System.out.println("DIFF-3.2 FAILED for: " + a);
- testPassed = false;
- }
- md2 = (MessageDigest) md.clone(); // clone after digest
- digest = md.digest();
- digest2 = md2.digest();
- if (!Arrays.equals(digest, digest2)) {
- System.out.println("DIFF-3.3 FAILED for: " + a);
- testPassed = false;
- }
- } catch(Exception ex) {
- System.out.println("Unexpected Exception: " + a);
- ex.printStackTrace();
- testPassed = false;
- }
- }
- if (!testPassed) {
- throw new RuntimeException("One or more MD test failed!");
- } else {
- System.out.println("MD Tests Passed");
- }
- }
-}
--- a/jdk/test/com/oracle/security/ucrypto/TestRSA.java Wed Oct 09 11:47:48 2013 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,421 +0,0 @@
-/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 7088989
- * @summary Ensure the RSA ciphers and signatures works correctly
- */
-import java.io.*;
-import java.security.*;
-import java.security.spec.*;
-import java.util.*;
-import java.math.*;
-import javax.crypto.*;
-
-public class TestRSA extends UcryptoTest {
-
- // KAT
- private static final byte PLAINTEXT[] = Arrays.copyOf
- (new String("Known plaintext message utilized" +
- "for RSA Encryption & Decryption" +
- "block, SHA1, SHA256, SHA384 and" +
- "SHA512 RSA Signature KAT tests.").getBytes(), 128);
-
- private static final byte MOD[] = {
- (byte)0xd5, (byte)0x84, (byte)0x95, (byte)0x07, (byte)0xf4, (byte)0xd0,
- (byte)0x1f, (byte)0x82, (byte)0xf3, (byte)0x79, (byte)0xf4, (byte)0x99,
- (byte)0x48, (byte)0x10, (byte)0xe1, (byte)0x71, (byte)0xa5, (byte)0x62,
- (byte)0x22, (byte)0xa3, (byte)0x4b, (byte)0x00, (byte)0xe3, (byte)0x5b,
- (byte)0x3a, (byte)0xcc, (byte)0x10, (byte)0x83, (byte)0xe0, (byte)0xaf,
- (byte)0x61, (byte)0x13, (byte)0x54, (byte)0x6a, (byte)0xa2, (byte)0x6a,
- (byte)0x2c, (byte)0x5e, (byte)0xb3, (byte)0xcc, (byte)0xa3, (byte)0x71,
- (byte)0x9a, (byte)0xb2, (byte)0x3e, (byte)0x78, (byte)0xec, (byte)0xb5,
- (byte)0x0e, (byte)0x6e, (byte)0x31, (byte)0x3b, (byte)0x77, (byte)0x1f,
- (byte)0x6e, (byte)0x94, (byte)0x41, (byte)0x60, (byte)0xd5, (byte)0x6e,
- (byte)0xd9, (byte)0xc6, (byte)0xf9, (byte)0x29, (byte)0xc3, (byte)0x40,
- (byte)0x36, (byte)0x25, (byte)0xdb, (byte)0xea, (byte)0x0b, (byte)0x07,
- (byte)0xae, (byte)0x76, (byte)0xfd, (byte)0x99, (byte)0x29, (byte)0xf4,
- (byte)0x22, (byte)0xc1, (byte)0x1a, (byte)0x8f, (byte)0x05, (byte)0xfe,
- (byte)0x98, (byte)0x09, (byte)0x07, (byte)0x05, (byte)0xc2, (byte)0x0f,
- (byte)0x0b, (byte)0x11, (byte)0x83, (byte)0x39, (byte)0xca, (byte)0xc7,
- (byte)0x43, (byte)0x63, (byte)0xff, (byte)0x33, (byte)0x80, (byte)0xe7,
- (byte)0xc3, (byte)0x78, (byte)0xae, (byte)0xf1, (byte)0x73, (byte)0x52,
- (byte)0x98, (byte)0x1d, (byte)0xde, (byte)0x5c, (byte)0x53, (byte)0x6e,
- (byte)0x01, (byte)0x73, (byte)0x0d, (byte)0x12, (byte)0x7e, (byte)0x77,
- (byte)0x03, (byte)0xf1, (byte)0xef, (byte)0x1b, (byte)0xc8, (byte)0xa8,
- (byte)0x0f, (byte)0x97
- };
-
- private static final byte PUB_EXP[] = {(byte)0x01, (byte)0x00, (byte)0x01};
-
- private static final byte PRIV_EXP[] = {
- (byte)0x85, (byte)0x27, (byte)0x47, (byte)0x61, (byte)0x4c, (byte)0xd4,
- (byte)0xb5, (byte)0xb2, (byte)0x0e, (byte)0x70, (byte)0x91, (byte)0x8f,
- (byte)0x3d, (byte)0x97, (byte)0xf9, (byte)0x5f, (byte)0xcc, (byte)0x09,
- (byte)0x65, (byte)0x1c, (byte)0x7c, (byte)0x5b, (byte)0xb3, (byte)0x6d,
- (byte)0x63, (byte)0x3f, (byte)0x7b, (byte)0x55, (byte)0x22, (byte)0xbb,
- (byte)0x7c, (byte)0x48, (byte)0x77, (byte)0xae, (byte)0x80, (byte)0x56,
- (byte)0xc2, (byte)0x10, (byte)0xd5, (byte)0x03, (byte)0xdb, (byte)0x31,
- (byte)0xaf, (byte)0x8d, (byte)0x54, (byte)0xd4, (byte)0x48, (byte)0x99,
- (byte)0xa8, (byte)0xc4, (byte)0x23, (byte)0x43, (byte)0xb8, (byte)0x48,
- (byte)0x0b, (byte)0xc7, (byte)0xbc, (byte)0xf5, (byte)0xcc, (byte)0x64,
- (byte)0x72, (byte)0xbf, (byte)0x59, (byte)0x06, (byte)0x04, (byte)0x1c,
- (byte)0x32, (byte)0xf5, (byte)0x14, (byte)0x2e, (byte)0x6e, (byte)0xe2,
- (byte)0x0f, (byte)0x5c, (byte)0xde, (byte)0x36, (byte)0x3c, (byte)0x6e,
- (byte)0x7c, (byte)0x4d, (byte)0xcc, (byte)0xd3, (byte)0x00, (byte)0x6e,
- (byte)0xe5, (byte)0x45, (byte)0x46, (byte)0xef, (byte)0x4d, (byte)0x25,
- (byte)0x46, (byte)0x6d, (byte)0x7f, (byte)0xed, (byte)0xbb, (byte)0x4f,
- (byte)0x4d, (byte)0x9f, (byte)0xda, (byte)0x87, (byte)0x47, (byte)0x8f,
- (byte)0x74, (byte)0x44, (byte)0xb7, (byte)0xbe, (byte)0x9d, (byte)0xf5,
- (byte)0xdd, (byte)0xd2, (byte)0x4c, (byte)0xa5, (byte)0xab, (byte)0x74,
- (byte)0xe5, (byte)0x29, (byte)0xa1, (byte)0xd2, (byte)0x45, (byte)0x3b,
- (byte)0x33, (byte)0xde, (byte)0xd5, (byte)0xae, (byte)0xf7, (byte)0x03,
- (byte)0x10, (byte)0x21
- };
-
- private static final byte PRIME_P[] = {
- (byte)0xf9, (byte)0x74, (byte)0x8f, (byte)0x16, (byte)0x02, (byte)0x6b,
- (byte)0xa0, (byte)0xee, (byte)0x7f, (byte)0x28, (byte)0x97, (byte)0x91,
- (byte)0xdc, (byte)0xec, (byte)0xc0, (byte)0x7c, (byte)0x49, (byte)0xc2,
- (byte)0x85, (byte)0x76, (byte)0xee, (byte)0x66, (byte)0x74, (byte)0x2d,
- (byte)0x1a, (byte)0xb8, (byte)0xf7, (byte)0x2f, (byte)0x11, (byte)0x5b,
- (byte)0x36, (byte)0xd8, (byte)0x46, (byte)0x33, (byte)0x3b, (byte)0xd8,
- (byte)0xf3, (byte)0x2d, (byte)0xa1, (byte)0x03, (byte)0x83, (byte)0x2b,
- (byte)0xec, (byte)0x35, (byte)0x43, (byte)0x32, (byte)0xff, (byte)0xdd,
- (byte)0x81, (byte)0x7c, (byte)0xfd, (byte)0x65, (byte)0x13, (byte)0x04,
- (byte)0x7c, (byte)0xfc, (byte)0x03, (byte)0x97, (byte)0xf0, (byte)0xd5,
- (byte)0x62, (byte)0xdc, (byte)0x0d, (byte)0xbf
- };
-
- private static final byte PRIME_Q[] = {
- (byte)0xdb, (byte)0x1e, (byte)0xa7, (byte)0x3d, (byte)0xe7, (byte)0xfa,
- (byte)0x8b, (byte)0x04, (byte)0x83, (byte)0x48, (byte)0xf3, (byte)0xa5,
- (byte)0x31, (byte)0x9d, (byte)0x35, (byte)0x5e, (byte)0x4d, (byte)0x54,
- (byte)0x77, (byte)0xcc, (byte)0x84, (byte)0x09, (byte)0xf3, (byte)0x11,
- (byte)0x0d, (byte)0x54, (byte)0xed, (byte)0x85, (byte)0x39, (byte)0xa9,
- (byte)0xca, (byte)0xa8, (byte)0xea, (byte)0xae, (byte)0x19, (byte)0x9c,
- (byte)0x75, (byte)0xdb, (byte)0x88, (byte)0xb8, (byte)0x04, (byte)0x8d,
- (byte)0x54, (byte)0xc6, (byte)0xa4, (byte)0x80, (byte)0xf8, (byte)0x93,
- (byte)0xf0, (byte)0xdb, (byte)0x19, (byte)0xef, (byte)0xd7, (byte)0x87,
- (byte)0x8a, (byte)0x8f, (byte)0x5a, (byte)0x09, (byte)0x2e, (byte)0x54,
- (byte)0xf3, (byte)0x45, (byte)0x24, (byte)0x29
- };
-
- private static final byte EXP_P[] = {
- (byte)0x6a, (byte)0xd1, (byte)0x25, (byte)0x80, (byte)0x18, (byte)0x33,
- (byte)0x3c, (byte)0x2b, (byte)0x44, (byte)0x19, (byte)0xfe, (byte)0xa5,
- (byte)0x40, (byte)0x03, (byte)0xc4, (byte)0xfc, (byte)0xb3, (byte)0x9c,
- (byte)0xef, (byte)0x07, (byte)0x99, (byte)0x58, (byte)0x17, (byte)0xc1,
- (byte)0x44, (byte)0xa3, (byte)0x15, (byte)0x7d, (byte)0x7b, (byte)0x22,
- (byte)0x22, (byte)0xdf, (byte)0x03, (byte)0x58, (byte)0x66, (byte)0xf5,
- (byte)0x24, (byte)0x54, (byte)0x52, (byte)0x91, (byte)0x2d, (byte)0x76,
- (byte)0xfe, (byte)0x63, (byte)0x64, (byte)0x4e, (byte)0x0f, (byte)0x50,
- (byte)0x2b, (byte)0x65, (byte)0x79, (byte)0x1f, (byte)0xf1, (byte)0xbf,
- (byte)0xc7, (byte)0x41, (byte)0x26, (byte)0xcc, (byte)0xc6, (byte)0x1c,
- (byte)0xa9, (byte)0x83, (byte)0x6f, (byte)0x03
- };
-
- private static final byte EXP_Q[] = {
- (byte)0x12, (byte)0x84, (byte)0x1a, (byte)0x99, (byte)0xce, (byte)0x9a,
- (byte)0x8b, (byte)0x58, (byte)0xcc, (byte)0x47, (byte)0x43, (byte)0xdf,
- (byte)0x77, (byte)0xbb, (byte)0xd3, (byte)0x20, (byte)0xae, (byte)0xe4,
- (byte)0x2e, (byte)0x63, (byte)0x67, (byte)0xdc, (byte)0xf7, (byte)0x5f,
- (byte)0x3f, (byte)0x83, (byte)0x27, (byte)0xb7, (byte)0x14, (byte)0x52,
- (byte)0x56, (byte)0xbf, (byte)0xc3, (byte)0x65, (byte)0x06, (byte)0xe1,
- (byte)0x03, (byte)0xcc, (byte)0x93, (byte)0x57, (byte)0x09, (byte)0x7b,
- (byte)0x6f, (byte)0xe8, (byte)0x81, (byte)0x4a, (byte)0x2c, (byte)0xb7,
- (byte)0x43, (byte)0xa9, (byte)0x20, (byte)0x1d, (byte)0xf6, (byte)0x56,
- (byte)0x8b, (byte)0xcc, (byte)0xe5, (byte)0x4c, (byte)0xd5, (byte)0x4f,
- (byte)0x74, (byte)0x67, (byte)0x29, (byte)0x51
- };
-
- private static final byte CRT_COEFF[] = {
- (byte)0x23, (byte)0xab, (byte)0xf4, (byte)0x03, (byte)0x2f, (byte)0x29,
- (byte)0x95, (byte)0x74, (byte)0xac, (byte)0x1a, (byte)0x33, (byte)0x96,
- (byte)0x62, (byte)0xed, (byte)0xf7, (byte)0xf6, (byte)0xae, (byte)0x07,
- (byte)0x2a, (byte)0x2e, (byte)0xe8, (byte)0xab, (byte)0xfb, (byte)0x1e,
- (byte)0xb9, (byte)0xb2, (byte)0x88, (byte)0x1e, (byte)0x85, (byte)0x05,
- (byte)0x42, (byte)0x64, (byte)0x03, (byte)0xb2, (byte)0x8b, (byte)0xc1,
- (byte)0x81, (byte)0x75, (byte)0xd7, (byte)0xba, (byte)0xaa, (byte)0xd4,
- (byte)0x31, (byte)0x3c, (byte)0x8a, (byte)0x96, (byte)0x23, (byte)0x9d,
- (byte)0x3f, (byte)0x06, (byte)0x3e, (byte)0x44, (byte)0xa9, (byte)0x62,
- (byte)0x2f, (byte)0x61, (byte)0x5a, (byte)0x51, (byte)0x82, (byte)0x2c,
- (byte)0x04, (byte)0x85, (byte)0x73, (byte)0xd1
- };
-
- private static KeyPair genRSAKey(int keyLength) throws Exception {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
- kpg.initialize(keyLength);
- return kpg.generateKeyPair();
- }
-
- private static KeyPair genPredefinedRSAKeyPair() throws Exception {
- KeyFactory kf = KeyFactory.getInstance("RSA");
- BigInteger mod = new BigInteger(MOD);
- BigInteger pub = new BigInteger(PUB_EXP);
-
- PrivateKey privKey = kf.generatePrivate
- (new RSAPrivateCrtKeySpec
- (mod, pub, new BigInteger(PRIV_EXP),
- new BigInteger(PRIME_P), new BigInteger(PRIME_Q),
- new BigInteger(EXP_P), new BigInteger(EXP_Q),
- new BigInteger(CRT_COEFF)));
- PublicKey pubKey = kf.generatePublic(new RSAPublicKeySpec(mod, pub));
- return new KeyPair(pubKey, privKey);
- }
-
- private static final String CIP_ALGOS[] = {
- "RSA/ECB/NoPadding",
- "RSA/ECB/PKCS1Padding"
- };
- private static final int INPUT_SIZE_REDUCTION[] = {
- 0,
- 11,
- };
- private static final String SIG_ALGOS[] = {
- "MD5WithRSA",
- "SHA1WithRSA",
- "SHA256WithRSA",
- "SHA384WithRSA",
- "SHA512WithRSA"
- };
-
- private static KeyPair kp[] = null;
-
- public static void main(String argv[]) throws Exception {
- main(new TestRSA(), null);
- }
-
- public void doTest(Provider prov) throws Exception {
- // first test w/ predefine KeyPair
- KeyPair pkp = genPredefinedRSAKeyPair();
- System.out.println("Test against Predefined RSA Key Pair");
- testCipher(pkp, 128, true, prov);
- testSignature(pkp, true, prov);
-
- for (int i = 0; i < 10; i++) {
- // then test w/ various key lengths
- int keyLens[] = { 1024, 2048 };
- kp = new KeyPair[keyLens.length];
-
- testCipher(keyLens, false, prov);
- testSignature(keyLens, false, prov);
- }
- }
-
-
- private static void testCipher(KeyPair kp, int inputSizeInBytes,
- boolean checkInterop, Provider prov)
- throws Exception {
- Cipher c1, c2;
- for (int i = 0; i < CIP_ALGOS.length; i++) {
- String algo = CIP_ALGOS[i];
- try {
- c1 = Cipher.getInstance(algo, prov);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skip unsupported Cipher algo: " + algo);
- continue;
- }
-
- if (checkInterop) {
- c2 = Cipher.getInstance(algo, "SunJCE");
- } else {
- c2 = Cipher.getInstance(algo, prov);
- }
- byte[] data = Arrays.copyOf
- (PLAINTEXT, inputSizeInBytes - INPUT_SIZE_REDUCTION[i]);
-
- testEncryption(c1, c2, kp, data);
- }
- }
-
- private static void testCipher(int keyLens[], boolean checkInterop,
- Provider prov)
- throws Exception {
- // RSA CipherText will always differ due to the random nonce in padding
- // so we check whether both
- // 1) Java Encrypt/C Decrypt
- // 2) C Encrypt/Java Decrypt
- // works
- Cipher c1, c2;
- for (int i = 0; i < CIP_ALGOS.length; i++) {
- String algo = CIP_ALGOS[i];
- try {
- c1 = Cipher.getInstance(algo, prov);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skip unsupported Cipher algo: " + algo);
- continue;
- }
-
- if (checkInterop) {
- c2 = Cipher.getInstance(algo, "SunJCE");
- } else {
- c2 = Cipher.getInstance(algo, prov);
- }
-
- for (int h = 0; h < keyLens.length; h++) {
- // Defer key pair generation until now when it'll soon be used.
- if (kp[h] == null) {
- kp[h] = genRSAKey(keyLens[h]);
- }
- System.out.println("\tTesting Cipher " + algo + " w/ KeySize " + keyLens[h]);
- byte[] data = Arrays.copyOf
- (PLAINTEXT, keyLens[h]/8 - INPUT_SIZE_REDUCTION[i]);
- testEncryption(c1, c2, kp[h], data);
- }
- }
- }
-
- private static void testEncryption(Cipher c1, Cipher c2, KeyPair kp, byte[] data)
- throws Exception {
- // C1 Encrypt + C2 Decrypt
- byte[] out1 = null;
- byte[] recoveredText = null;
- try {
- c1.init(Cipher.ENCRYPT_MODE, kp.getPublic());
- out1 = c1.doFinal(data);
- c2.init(Cipher.DECRYPT_MODE, kp.getPrivate());
- recoveredText = c2.doFinal(out1);
- } catch (Exception ex) {
- System.out.println("\tDEC ERROR: unexpected exception");
- ex.printStackTrace();
- throw ex;
- }
- if(!Arrays.equals(recoveredText, data)) {
- throw new RuntimeException("\tDEC ERROR: different PT bytes!");
- }
- // C2 Encrypt + C1 Decrypt
- byte[] cipherText = null;
- try {
- c2.init(Cipher.ENCRYPT_MODE, kp.getPublic());
- cipherText = c2.doFinal(data);
- c1.init(Cipher.DECRYPT_MODE, kp.getPrivate());
- try {
- out1 = c1.doFinal(cipherText);
- } catch (Exception ex) {
- System.out.println("\tENC ERROR: invalid encrypted output");
- ex.printStackTrace();
- throw ex;
- }
- } catch (Exception ex) {
- System.out.println("\tENC ERROR: unexpected exception");
- ex.printStackTrace();
- throw ex;
- }
- if (!Arrays.equals(out1, data)) {
- throw new RuntimeException("\tENC ERROR: Decrypted result DIFF!");
- }
- System.out.println("\t=> PASS");
- }
-
- private static void testSignature(KeyPair kp, boolean checkInterop,
- Provider prov) throws Exception {
- byte[] data = PLAINTEXT;
- Signature sig1, sig2;
- for (int i = 0; i < SIG_ALGOS.length; i++) {
- String algo = SIG_ALGOS[i];
- try {
- sig1 = Signature.getInstance(algo, prov);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skip unsupported Signature algo: " + algo);
- continue;
- }
-
- if (checkInterop) {
- sig2 = Signature.getInstance(algo, "SunRsaSign");
- } else {
- sig2 = Signature.getInstance(algo, prov);
- }
- testSigning(sig1, sig2, kp, data);
- }
- }
-
- private static void testSignature(int keyLens[], boolean checkInterop,
- Provider prov) throws Exception {
- byte[] data = PLAINTEXT;
- Signature sig1, sig2;
- for (int i = 0; i < SIG_ALGOS.length; i++) {
- String algo = SIG_ALGOS[i];
- try {
- sig1 = Signature.getInstance(algo, prov);
- } catch (NoSuchAlgorithmException nsae) {
- System.out.println("Skip unsupported Signature algo: " + algo);
- continue;
- }
-
- if (checkInterop) {
- sig2 = Signature.getInstance(algo, "SunRsaSign");
- } else {
- sig2 = Signature.getInstance(algo, prov);
- }
-
- for (int h = 0; h < keyLens.length; h++) {
- // Defer key pair generation until now when it'll soon be used.
- if (kp[h] == null) {
- kp[h] = genRSAKey(keyLens[h]);
- }
- System.out.println("\tTesting Signature " + algo + " w/ KeySize " + keyLens[h]);
-
- testSigning(sig1, sig2, kp[h], data);
- }
- }
- }
-
- private static void testSigning(Signature sig1, Signature sig2, KeyPair kp, byte[] data)
- throws Exception {
- boolean sameSig = false;
- byte[] out = null;
- try {
- sig1.initSign(kp.getPrivate());
- sig1.update(data);
- out = sig1.sign();
- } catch (Exception ex) {
- System.out.println("\tSIGN ERROR: unexpected exception!");
- ex.printStackTrace();
- }
-
- sig2.initSign(kp.getPrivate());
- sig2.update(data);
- byte[] out2 = sig2.sign();
- if (!Arrays.equals(out2, out)) {
- throw new RuntimeException("\tSIGN ERROR: Signature DIFF!");
- }
-
- boolean verify = false;
- try {
- System.out.println("\tVERIFY1 using native out");
- sig1.initVerify(kp.getPublic());
- sig1.update(data);
- verify = sig1.verify(out);
- if (!verify) {
- throw new RuntimeException("VERIFY1 FAIL!");
- }
- } catch (Exception ex) {
- System.out.println("\tVERIFY1 ERROR: unexpected exception!");
- ex.printStackTrace();
- throw ex;
- }
- System.out.println("\t=> PASS");
- }
-}
--- a/jdk/test/com/oracle/security/ucrypto/UcryptoTest.java Wed Oct 09 11:47:48 2013 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-
-// common infrastructure for OracleUcrypto provider tests
-
-import java.io.*;
-import java.util.*;
-import java.lang.reflect.*;
-
-import java.security.*;
-
-public abstract class UcryptoTest {
-
- protected static final boolean hasUcrypto;
- static {
- hasUcrypto = (Security.getProvider("OracleUcrypto") != null);
- }
-
- private static Provider getCustomizedUcrypto(String config) throws Exception {
- Class clazz = Class.forName("com.oracle.security.ucrypto.OracleUcrypto");
- Constructor cons = clazz.getConstructor(new Class[] {String.class});
- Object obj = cons.newInstance(new Object[] {config});
- return (Provider)obj;
- }
-
- public abstract void doTest(Provider p) throws Exception;
-
- public static void main(UcryptoTest test, String config) throws Exception {
- Provider prov = null;
- if (hasUcrypto) {
- if (config != null) {
- prov = getCustomizedUcrypto(config);
- } else {
- prov = Security.getProvider("OracleUcrypto");
- }
- }
- if (prov == null) {
- // un-available, skip testing...
- System.out.println("No OracleUcrypto provider found, skipping test");
- return;
- }
- test.doTest(prov);
- }
-}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/crypto/provider/Cipher/AES/TestCICOWithGCMAndAAD.java Wed Oct 09 13:07:58 2013 -0700
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8012900
+ * @library ../UTIL
+ * @build TestUtil
+ * @run main TestCICOWithGCMAndAAD
+ * @summary Test CipherInputStream/OutputStream with AES GCM mode with AAD.
+ * @author Valerie Peng
+ */
+import java.io.*;
+import java.security.*;
+import java.util.*;
+import javax.crypto.*;
+
+public class TestCICOWithGCMAndAAD {
+ public static void main(String[] args) throws Exception {
+ //init Secret Key
+ KeyGenerator kg = KeyGenerator.getInstance("AES", "SunJCE");
+ kg.init(128);
+ SecretKey key = kg.generateKey();
+
+ //Do initialization of the plainText
+ byte[] plainText = new byte[700];
+ Random rdm = new Random();
+ rdm.nextBytes(plainText);
+
+ byte[] aad = new byte[128];
+ rdm.nextBytes(aad);
+ byte[] aad2 = aad.clone();
+ aad2[50]++;
+
+ Cipher encCipher = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
+ encCipher.init(Cipher.ENCRYPT_MODE, key);
+ encCipher.updateAAD(aad);
+ Cipher decCipher = Cipher.getInstance("AES/GCM/NoPadding", "SunJCE");
+ decCipher.init(Cipher.DECRYPT_MODE, key, encCipher.getParameters());
+ decCipher.updateAAD(aad);
+
+ byte[] recovered = test(encCipher, decCipher, plainText);
+ if (!Arrays.equals(plainText, recovered)) {
+ throw new Exception("sameAAD: diff check failed!");
+ } else System.out.println("sameAAD: passed");
+
+ encCipher.init(Cipher.ENCRYPT_MODE, key);
+ encCipher.updateAAD(aad2);
+ recovered = test(encCipher, decCipher, plainText);
+ if (recovered != null && recovered.length != 0) {
+ throw new Exception("diffAAD: no data should be returned!");
+ } else System.out.println("diffAAD: passed");
+ }
+
+ private static byte[] test(Cipher encCipher, Cipher decCipher, byte[] plainText)
+ throws Exception {
+ //init cipher streams
+ ByteArrayInputStream baInput = new ByteArrayInputStream(plainText);
+ CipherInputStream ciInput = new CipherInputStream(baInput, encCipher);
+ ByteArrayOutputStream baOutput = new ByteArrayOutputStream();
+ CipherOutputStream ciOutput = new CipherOutputStream(baOutput, decCipher);
+
+ //do test
+ byte[] buffer = new byte[200];
+ int len = ciInput.read(buffer);
+ System.out.println("read " + len + " bytes from input buffer");
+
+ while (len != -1) {
+ ciOutput.write(buffer, 0, len);
+ System.out.println("wite " + len + " bytes to output buffer");
+ len = ciInput.read(buffer);
+ if (len != -1) {
+ System.out.println("read " + len + " bytes from input buffer");
+ } else {
+ System.out.println("finished reading");
+ }
+ }
+
+ ciOutput.flush();
+ ciInput.close();
+ ciOutput.close();
+
+ return baOutput.toByteArray();
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java Wed Oct 09 13:07:58 2013 -0700
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 7196382
+ * @summary Ensure that 2048-bit DH key pairs can be generated
+ * @author Valerie Peng
+ * @library ..
+ */
+
+import java.io.*;
+import java.util.*;
+
+import java.security.*;
+
+import javax.crypto.*;
+
+public class TestDH2048 extends PKCS11Test {
+
+ private static void checkUnsupportedKeySize(KeyPairGenerator kpg, int ks)
+ throws Exception {
+ try {
+ kpg.initialize(ks);
+ throw new Exception("Expected IPE not thrown for " + ks);
+ } catch (InvalidParameterException ipe) {
+ }
+ }
+
+ public void main(Provider p) throws Exception {
+ if (p.getService("KeyPairGenerator", "DH") == null) {
+ System.out.println("KPG for DH not supported, skipping");
+ return;
+ }
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH", p);
+ kpg.initialize(2048);
+ KeyPair kp1 = kpg.generateKeyPair();
+ checkUnsupportedKeySize(kpg, 1536);
+ checkUnsupportedKeySize(kpg, 2176);
+ checkUnsupportedKeySize(kpg, 3072);
+ }
+
+ public static void main(String[] args) throws Exception {
+ main(new TestDH2048());
+ }
+}