8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy
Summary: Updated the failed cipher tests to work under unlimited policy
Reviewed-by: xuelei
--- a/jdk/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -150,19 +150,8 @@
int offset = ci.update(plainText, 0, plainText.length, cipherText,
0);
ci.doFinal(cipherText, offset);
+ ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
- if (!mo.equalsIgnoreCase("ECB")) {
- iv = ci.getIV();
- aps = new IvParameterSpec(iv);
- } else {
- aps = null;
- }
-
- if (!mo.equalsIgnoreCase("GCM")) {
- ci.init(Cipher.DECRYPT_MODE, key, aps);
- } else {
- ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
- }
byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)];
int len = ci.doFinal(cipherText, 0, cipherText.length,
recoveredText);
@@ -174,12 +163,14 @@
result = Arrays.equals(plainText, tmp);
} catch (NoSuchAlgorithmException nsaEx) {
- nsaEx.printStackTrace();
// CFB7 and OFB150 are negative test,SunJCE not support this
// algorithm
result = mo.equalsIgnoreCase("CFB7")
|| mo.equalsIgnoreCase("OFB150");
-
+ if (!result) {
+ // only report unexpected exception
+ nsaEx.printStackTrace();
+ }
}
return result;
}
--- a/jdk/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@
"OFB", "OFB8", "OFB16", "OFB24", "OFB32", "OFB40", "OFB48", "OFB56",
"OFB64"},
new String[]{"NoPaDDing", "PKCS5Padding"},
- true);
+ 32, 448);
}
public static void main(String[] args) throws Exception {
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
import java.io.PrintStream;
import java.security.AlgorithmParameters;
import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
@@ -69,6 +70,15 @@
*/
@Override
public boolean execute(int edMode, byte[] inputText, int offset, int len) {
+ boolean isUnlimited;
+ try {
+ isUnlimited =
+ (Cipher.getMaxAllowedKeyLength(this.algo) == Integer.MAX_VALUE);
+ } catch (NoSuchAlgorithmException nsae) {
+ out.println("Got unexpected exception for " + this.algo);
+ nsae.printStackTrace(out);
+ return false;
+ }
try {
// init Cipher
if (Cipher.ENCRYPT_MODE == edMode) {
@@ -78,6 +88,11 @@
ci.init(Cipher.DECRYPT_MODE, this.key, pbeParams);
}
+ if (this.algo.endsWith("AES_256") && !isUnlimited) {
+ out.print("Expected exception not thrown for " + this.algo);
+ return false;
+ }
+
// First, generate the cipherText at an allocated buffer
byte[] outputText = ci.doFinal(inputText, offset, len);
@@ -86,29 +101,19 @@
int off = ci.update(inputText, offset, len, inputText, myoff);
ci.doFinal(inputText, myoff + off);
- if (this.algo.endsWith("AES_256")) {
- out.print("Expected exception uncaught, "
- + "keyStrength > 128 within " + this.algo);
-
- return false;
- }
-
// Compare to see whether the two results are the same or not
return equalsBlock(inputText, myoff, outputText, 0,
outputText.length);
} catch (Exception ex) {
if ((ex instanceof InvalidKeyException)
- && this.algo.endsWith("AES_256")) {
- out.println("Expected InvalidKeyException exception: "
- + ex.getMessage());
-
+ && this.algo.endsWith("AES_256") && !isUnlimited) {
+ out.println("Expected InvalidKeyException thrown");
return true;
+ } else {
+ out.println("Got unexpected exception for " + algo);
+ ex.printStackTrace(out);
+ return false;
}
-
- out.println("Catch unexpected exception within " + algo);
- ex.printStackTrace(out);
-
- return false;
}
}
}
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@
import java.util.StringTokenizer;
import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.io.PrintStream;
@@ -64,9 +65,25 @@
StringTokenizer st = new StringTokenizer(algo, "/");
String baseAlgo = st.nextToken().toUpperCase();
+ boolean isUnlimited;
+ try {
+ isUnlimited =
+ (Cipher.getMaxAllowedKeyLength(this.algo) == Integer.MAX_VALUE);
+ } catch (NoSuchAlgorithmException nsae) {
+ out.println("Got unexpected exception for " + this.algo);
+ nsae.printStackTrace(out);
+ return false;
+ }
+
// Perform encryption or decryption depends on the specified edMode
try {
ci.init(edMode, key, aps);
+ if ((baseAlgo.endsWith("TRIPLEDES")
+ || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
+ out.print("Expected InvalidKeyException not thrown: "
+ + this.algo);
+ return false;
+ }
// First, generate the cipherText at an allocated buffer
byte[] outputText = ci.doFinal(inputText, offset, len);
@@ -78,33 +95,24 @@
ci.doFinal(inputText, myoff + off);
- if (baseAlgo.endsWith("TRIPLEDES")
- || baseAlgo.endsWith("AES_256")) {
- out.print("Expected exception uncaught,"
- + "keyStrength > 128 within " + this.algo);
-
- return false;
- }
-
// Compare to see whether the two results are the same or not
boolean result = equalsBlock(inputText, myoff, outputText, 0,
outputText.length);
return result;
} catch (Exception ex) {
- if ((ex instanceof InvalidKeyException)
- && (baseAlgo.endsWith("TRIPLEDES")
- || baseAlgo.endsWith("AES_256"))) {
- out.println("Expected InvalidKeyException exception: "
- + ex.getMessage());
-
+ if ((ex instanceof InvalidKeyException) &&
+ (baseAlgo.endsWith("TRIPLEDES")
+ || baseAlgo.endsWith("AES_256")) &&
+ !isUnlimited) {
+ out.println("Expected InvalidKeyException thrown for "
+ + algo);
return true;
+ } else {
+ out.println("Got unexpected exception for " + algo);
+ ex.printStackTrace(out);
+ return false;
}
-
- out.println("Catch unexpected exception within " + algo);
- ex.printStackTrace(out);
-
- return false;
}
}
}
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -120,6 +120,9 @@
= new StringTokenizer(algo, "/").nextToken().toUpperCase();
boolean isAES = baseAlgo.contains("AES");
+ boolean isUnlimited =
+ (Cipher.getMaxAllowedKeyLength(algo) == Integer.MAX_VALUE);
+
try {
// Initialization
new Random().nextBytes(salt);
@@ -129,7 +132,6 @@
SecretKey key = skf.generateSecret(new PBEKeySpec(
"Secret Key".toCharArray()));
Cipher ci = Cipher.getInstance(algo);
-
if (isAES) {
ci.init(Cipher.WRAP_MODE, key);
pbeParams = ci.getParameters();
@@ -146,10 +148,10 @@
Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
- if (baseAlgo.endsWith("TRIPLEDES")
- || baseAlgo.endsWith("AES_256")) {
+ if ((baseAlgo.endsWith("TRIPLEDES")
+ || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
out.print(
- "InvalidKeyException not thrown when keyStrength > 128");
+ "Expected InvalidKeyException not thrown");
return false;
}
@@ -158,8 +160,9 @@
} catch (InvalidKeyException ex) {
if ((baseAlgo.endsWith("TRIPLEDES")
- || baseAlgo.endsWith("AES_256"))) {
- out.println("Expected InvalidKeyException, keyStrength > 128");
+ || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
+ out.print(
+ "Expected InvalidKeyException thrown");
return true;
} else {
throw ex;
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -79,6 +79,9 @@
out.println("=> Testing: " + algorithm);
+ boolean isUnlimited =
+ (Cipher.getMaxAllowedKeyLength(algorithm) == Integer.MAX_VALUE);
+
try {
// Initialization
AlgorithmParameterSpec algoParamSpec
@@ -98,9 +101,9 @@
ci.init(Cipher.DECRYPT_MODE, secretKey, algoParamSpec);
byte[] recoveredText = ci.doFinal(cipherText);
- if (algorithm.contains("TripleDES")) {
+ if (algorithm.contains("TripleDES") && !isUnlimited) {
throw new RuntimeException(
- "Expected InvalidKeyException exception uncaugh");
+ "Expected InvalidKeyException not thrown");
}
// Comparison
@@ -110,8 +113,8 @@
}
out.println("Test Passed.");
} catch (InvalidKeyException ex) {
- if (algorithm.contains("TripleDES")) {
- out.println("Expected InvalidKeyException raised");
+ if (algorithm.contains("TripleDES") && !isUnlimited) {
+ out.println("Expected InvalidKeyException thrown");
} else {
throw new RuntimeException(ex);
}
--- a/jdk/test/com/sun/crypto/provider/Cipher/TestCipher.java Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/TestCipher.java Mon Dec 05 23:23:27 2016 +0000
@@ -49,14 +49,13 @@
private final String[] MODES;
private final String[] PADDINGS;
- /* Used to test cipher with different key strengths
- Key size tested is increment of KEYCUTTER from MINIMUM_KEY_SIZE to
- maximum allowed keysize.
- DES/DESede/Blowfish work with currently selected key sizes.
+ /* Used to test variable-key-length ciphers:
+ Key size tested is increment of KEYCUTTER from minKeySize
+ to min(maxKeySize, Cipher.getMaxAllowedKeyLength(algo)).
*/
- private final int variousKeySize;
private final int KEYCUTTER = 8;
- private final int MINIMUM_KEY_SIZE = 32;
+ private final int minKeySize;
+ private final int maxKeySize;
// Used to assert that Encryption/Decryption works with same buffer
// TEXT_LEN is multiple of blocks in order to work against ciphers w/ NoPadding
@@ -68,23 +67,28 @@
private final byte[] IV;
private final byte[] INPUT_TEXT;
+ // for variable-key-length ciphers
TestCipher(String algo, String[] modes, String[] paddings,
- boolean keyStrength) throws NoSuchAlgorithmException {
+ int minKeySize, int maxKeySize) throws NoSuchAlgorithmException {
ALGORITHM = algo;
MODES = modes;
PADDINGS = paddings;
- this.variousKeySize
- = keyStrength ? Cipher.getMaxAllowedKeyLength(ALGORITHM) : 0;
-
+ this.minKeySize = minKeySize;
+ int maxAllowedKeySize = Cipher.getMaxAllowedKeyLength(ALGORITHM);
+ if (maxKeySize > maxAllowedKeySize) {
+ maxKeySize = maxAllowedKeySize;
+ }
+ this.maxKeySize = maxKeySize;
IV = generateBytes(8);
INPUT_TEXT = generateBytes(TEXT_LEN + PAD_BYTES + ENC_OFFSET);
}
+ // for fixed-key-length ciphers
TestCipher(String algo, String[] modes, String[] paddings) {
ALGORITHM = algo;
MODES = modes;
PADDINGS = paddings;
- variousKeySize = 0;
+ this.minKeySize = this.maxKeySize = 0;
IV = generateBytes(8);
INPUT_TEXT = generateBytes(TEXT_LEN + PAD_BYTES + ENC_OFFSET);
@@ -98,8 +102,8 @@
return bytes;
}
- private boolean isKeyStrenthSupported() {
- return (variousKeySize != 0);
+ private boolean isMultipleKeyLengthSupported() {
+ return (maxKeySize != minKeySize);
}
public void runAll() throws InvalidKeyException,
@@ -110,11 +114,11 @@
for (String mode : MODES) {
for (String padding : PADDINGS) {
- if (!isKeyStrenthSupported()) {
- runTest(mode, padding, 0);
+ if (!isMultipleKeyLengthSupported()) {
+ runTest(mode, padding, minKeySize);
} else {
- int keySize = variousKeySize;
- while (keySize >= MINIMUM_KEY_SIZE) {
+ int keySize = maxKeySize;
+ while (keySize >= minKeySize) {
out.println("With Key Strength: " + keySize);
runTest(mode, padding, keySize);
keySize -= KEYCUTTER;
@@ -139,6 +143,7 @@
if (keySize != 0) {
kg.init(keySize);
}
+
SecretKey key = kg.generateKey();
SecretKeySpec skeySpec = new SecretKeySpec(key.getEncoded(), ALGORITHM);
@@ -150,7 +155,6 @@
}
// Encryption
-
byte[] plainText = INPUT_TEXT.clone();
// Generate cipher and save to separate buffer