changeset 10269:28da5b382a13

8041781: Need new regression tests for PBE keys Reviewed-by: xuelei
author rhalade
date Thu, 10 Jul 2014 03:07:48 +0000
parents 4424a0319faa
children 2acafa554d2e
files test/com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java test/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java
diffstat 3 files changed, 652 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java	Thu Jul 10 03:07:48 2014 +0000
@@ -0,0 +1,173 @@
+/*
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.PrintStream;
+import java.security.AlgorithmParameters;
+import java.security.InvalidKeyException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.Random;
+import java.util.StringTokenizer;
+import javax.crypto.Cipher;
+import javax.crypto.SealedObject;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+/**
+ * @test
+ * @bug 8041781
+ * @summary test if seal/unseal works correctly with PBE algorithms
+ * @author Yun Ke
+ * @author Bill Situ
+ * @author Alexander Fomin
+ * @run main PBESealedObject
+ */
+public class PBESealedObject {
+
+    private static final String[] PBEAlgorithms = {
+        "pbeWithMD5ANDdes",
+        "PBEWithMD5AndDES/CBC/PKCS5Padding",
+        "PBEWithMD5AndTripleDES",
+        "PBEWithMD5AndTripleDES/CBC/PKCS5Padding",
+        "PBEwithSHA1AndDESede",
+        "PBEwithSHA1AndDESede/CBC/PKCS5Padding",
+        "PBEwithSHA1AndRC2_40",
+        "PBEwithSHA1Andrc2_40/CBC/PKCS5Padding",
+        "PBEWithSHA1AndRC2_128",
+        "PBEWithSHA1andRC2_128/CBC/PKCS5Padding",
+        "PBEWithSHA1AndRC4_40",
+        "PBEWithsha1AndRC4_40/ECB/NoPadding",
+        "PBEWithSHA1AndRC4_128",
+        "pbeWithSHA1AndRC4_128/ECB/NoPadding",
+        "PBEWithHmacSHA1AndAES_128",
+        "PBEWithHmacSHA224AndAES_128",
+        "PBEWithHmacSHA256AndAES_128",
+        "PBEWithHmacSHA384AndAES_128",
+        "PBEWithHmacSHA512AndAES_128",
+        "PBEWithHmacSHA1AndAES_256",
+        "PBEWithHmacSHA224AndAES_256",
+        "PBEWithHmacSHA256AndAES_256",
+        "PBEWithHmacSHA384AndAES_256",
+        "PBEWithHmacSHA512AndAES_256"
+    };
+
+    public static void main(String[] args) {
+        PBESealedObject test = new PBESealedObject();
+        Provider sunjce = Security.getProvider("SunJCE");
+
+        if (!test.runAll(sunjce, System.out)) {
+            throw new RuntimeException("One or more tests have failed....");
+        }
+    }
+
+    public boolean runAll(Provider p, PrintStream out) {
+        boolean finalResult = true;
+
+        for (String algorithm : PBEAlgorithms) {
+            out.println("Running test with " + algorithm + ":");
+            try {
+                if (!runTest(p, algorithm, out)) {
+                    finalResult = false;
+                    out.println("STATUS: Failed");
+                } else {
+                    out.println("STATUS: Passed");
+                }
+            } catch (Exception ex) {
+                finalResult = false;
+                ex.printStackTrace(out);
+                out.println("STATUS:Failed");
+            }
+        }
+
+        return finalResult;
+    }
+
+    // Have a generic throws Exception as it can throw many different exceptions
+    public boolean runTest(Provider p, String algo, PrintStream out)
+            throws Exception {
+
+        byte[] salt = new byte[8];
+        int ITERATION_COUNT = 1000;
+        AlgorithmParameters pbeParams = null;
+
+        String baseAlgo
+                = new StringTokenizer(algo, "/").nextToken().toUpperCase();
+        boolean isAES = baseAlgo.contains("AES");
+
+        try {
+            // Initialization
+            Cipher ci = Cipher.getInstance(algo, p);
+            new Random().nextBytes(salt);
+            AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
+                    ITERATION_COUNT);
+            SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
+            SecretKey key = skf.generateSecret(
+                    new PBEKeySpec("Secret Lover".toCharArray()));
+
+            // Seal
+            if (isAES) {
+                ci.init(Cipher.ENCRYPT_MODE, key);
+                pbeParams = ci.getParameters();
+            } else {
+                ci.init(Cipher.ENCRYPT_MODE, key, aps);
+            }
+
+            SealedObject so = new SealedObject(key, ci);
+
+            // Unseal and compare
+            if (isAES) {
+                ci.init(Cipher.DECRYPT_MODE, key, pbeParams);
+            } else {
+                ci.init(Cipher.DECRYPT_MODE, key, aps);
+            }
+
+            SecretKey unsealedKey;
+
+            unsealedKey = (SecretKey) so.getObject(ci);
+            if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
+                return false;
+            }
+
+            unsealedKey = (SecretKey) so.getObject(key);
+            if (!Arrays.equals(unsealedKey.getEncoded(), key.getEncoded())) {
+                return false;
+            }
+
+            unsealedKey = (SecretKey) so.getObject(key, "SunJCE");
+            return Arrays.equals(unsealedKey.getEncoded(), key.getEncoded());
+        } catch (InvalidKeyException ex) {
+            if (baseAlgo.endsWith("TRIPLEDES") || baseAlgo.endsWith("AES_256")) {
+                out.println(
+                        "Expected exception , keyStrength > 128 within" + algo);
+                return true;
+            }
+
+            throw ex;
+        }
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java	Thu Jul 10 03:07:48 2014 +0000
@@ -0,0 +1,311 @@
+/*
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.spec.InvalidKeySpecException;
+import java.util.Arrays;
+import java.util.Random;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.interfaces.PBEKey;
+import javax.crypto.spec.PBEKeySpec;
+
+/**
+ * @test
+ * @bug 8041781
+ * @summary Verify if the SecretKeyFactory.translateKey() method works
+ * @author Alexander Fomin
+ * @run main PBKDF2Translate
+ */
+public class PBKDF2Translate {
+
+    private static final String[] ALGO_TO_TEST = {
+        "PBKDF2WithHmacSHA1",
+        "PBKDF2WithHmacSHA224",
+        "PBKDF2WithHmacSHA256",
+        "PBKDF2WithHmacSHA384",
+        "PBKDF2WithHmacSHA512"
+    };
+
+    private static final String PASS_PHRASE = "some hidden string";
+    private static final int ITERATION_COUNT = 1000;
+    private static final int KEY_SIZE = 128;
+
+    private final String algoToTest;
+    private final byte[] salt = new byte[8];
+
+    public static void main(String[] args) throws Exception {
+
+        boolean failed = false;
+
+        for (String algo : ALGO_TO_TEST) {
+
+            System.out.println("Testing " + algo + ":");
+            PBKDF2Translate theTest = new PBKDF2Translate(algo);
+
+            try {
+                if (!theTest.testMyOwnSecretKey()
+                        || !theTest.generateAndTranslateKey()
+                        || !theTest.translateSpoiledKey()) {
+                    // we don't want to set failed to false
+                    failed = true;
+                }
+            } catch (InvalidKeyException | NoSuchAlgorithmException |
+                    InvalidKeySpecException e) {
+                e.printStackTrace(System.err);
+                failed = true;
+            }
+        }
+
+        if (failed) {
+            throw new RuntimeException("One or more tests failed....");
+        }
+    }
+
+    public PBKDF2Translate(String algoToTest) {
+        this.algoToTest = algoToTest;
+        new Random().nextBytes(this.salt);
+    }
+
+    /**
+     * The test case scenario implemented in the method: - derive PBKDF2 key
+     * using the given algorithm; - translate the key - check if the translated
+     * and original keys have the same key value.
+     *
+     * @return true if the test case passed; false - otherwise.
+     * @throws NoSuchAlgorithmException
+     * @throws InvalidKeySpecException
+     * @throws InvalidKeyException
+     */
+    public boolean generateAndTranslateKey() throws NoSuchAlgorithmException,
+            InvalidKeySpecException, InvalidKeyException {
+        // derive PBKDF2 key
+        SecretKey key1 = getSecretKeyForPBKDF2(algoToTest);
+
+        // translate key
+        SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToTest);
+        SecretKey key2 = skf.translateKey(key1);
+
+        // check if it still the same after translation
+        if (!Arrays.equals(key1.getEncoded(), key2.getEncoded())) {
+            System.err.println("generateAndTranslateKey test case failed: the "
+                    + "key1 and key2 values in its primary encoding format are "
+                    + "not the same for " + algoToTest + "algorithm.");
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * The test case scenario implemented in the method: - derive Key1 for the
+     * given PBKDF2 algorithm - create my own secret Key2 as an instance of a
+     * class implements PBEKey - translate Key2 - check if the key value of the
+     * translated key and Key1 are the same.
+     *
+     * @return true if the test case passed; false - otherwise.
+     * @throws NoSuchAlgorithmException
+     * @throws InvalidKeySpecException
+     * @throws InvalidKeyException
+     */
+    public boolean testMyOwnSecretKey()
+            throws NoSuchAlgorithmException, InvalidKeySpecException,
+            InvalidKeyException {
+        SecretKey key1 = getSecretKeyForPBKDF2(algoToTest);
+        SecretKey key2 = getMyOwnSecretKey();
+
+        // Is it actually the same?
+        if (!Arrays.equals(key1.getEncoded(), key2.getEncoded())) {
+            System.err.println("We shouldn't be here. The key1 and key2 values "
+                    + "in its primary encoding format have to be the same!");
+            return false;
+        }
+
+        // Translate key
+        SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToTest);
+        SecretKey key3 = skf.translateKey(key2);
+
+        // Check if it still the same after translation
+        if (!Arrays.equals(key1.getEncoded(), key3.getEncoded())) {
+            System.err.println("testMyOwnSecretKey test case failed: the key1 "
+                    + "and key3 values in its primary encoding format are not "
+                    + "the same for " + algoToTest + "algorithm.");
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * The test case scenario implemented in the method: - create my own secret
+     * Key2 as an instance of a class implements PBEKey - spoil the key (set
+     * iteration count to 0, for example) - try to translate key -
+     * InvalidKeyException is expected.
+     *
+     * @return true if InvalidKeyException occurred; false - otherwise.
+     * @throws NoSuchAlgorithmException
+     * @throws InvalidKeySpecException
+     */
+    public boolean translateSpoiledKey() throws NoSuchAlgorithmException,
+            InvalidKeySpecException {
+        // derive the key
+        SecretKey key1 = getMyOwnSecretKey();
+
+        // spoil the key
+        ((MyPBKDF2SecretKey) key1).spoil();
+
+        // translate key
+        SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToTest);
+        try {
+            SecretKey key2 = skf.translateKey(key1);
+        } catch (InvalidKeyException ike) {
+            // this is expected
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Generate a PBKDF2 secret key using given algorithm.
+     *
+     * @param algoToDeriveKey PBKDF2 algorithm
+     * @return PBKDF2 secret key
+     * @throws NoSuchAlgorithmException
+     * @throws InvalidKeySpecException
+     */
+    private SecretKey getSecretKeyForPBKDF2(String algoToDeriveKey)
+            throws NoSuchAlgorithmException, InvalidKeySpecException {
+        SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToDeriveKey);
+
+        PBEKeySpec spec = new PBEKeySpec(PASS_PHRASE.toCharArray(),
+                this.salt, ITERATION_COUNT, KEY_SIZE);
+
+        return skf.generateSecret(spec);
+    }
+
+    /**
+     * Generate a secrete key as an instance of a class implements PBEKey.
+     *
+     * @return secrete key
+     * @throws InvalidKeySpecException
+     * @throws NoSuchAlgorithmException
+     */
+    private SecretKey getMyOwnSecretKey() throws InvalidKeySpecException,
+            NoSuchAlgorithmException {
+        return new MyPBKDF2SecretKey(PASS_PHRASE, this.algoToTest, this.salt,
+                ITERATION_COUNT, KEY_SIZE);
+    }
+}
+
+/**
+ * An utility class to check the SecretKeyFactory.translateKey() method.
+ */
+class MyPBKDF2SecretKey implements PBEKey {
+
+    private final byte[] key;
+    private final byte[] salt;
+    private final String algorithm;
+    private final int keySize, keyLength;
+    private int itereationCount;
+    private final String pass;
+
+    @Override
+    public String getAlgorithm() {
+        return algorithm;
+    }
+
+    @Override
+    public String getFormat() {
+        return "RAW";
+    }
+
+    @Override
+    public byte[] getEncoded() {
+        byte[] copy = new byte[keyLength];
+        System.arraycopy(this.key, 0, copy, 0, keyLength);
+        return copy;
+    }
+
+    /**
+     * The key is generating by SecretKeyFactory and its value just copying in
+     * the key field of MySecretKey class. So, this is real key derived using
+     * the given algorithm.
+     *
+     * @param passPhrase some string intended to be a password
+     * @param algo PBKDF2 algorithm
+     * @param salt slat for PBKDF2
+     * @param iterationCount iteration count
+     * @param keySize key size in bits
+     * @throws InvalidKeySpecException
+     * @throws NoSuchAlgorithmException
+     */
+    public MyPBKDF2SecretKey(String passPhrase, String algo, byte[] salt,
+            int iterationCount, int keySize)
+            throws InvalidKeySpecException, NoSuchAlgorithmException {
+        this.algorithm = algo;
+        this.salt = salt;
+        this.itereationCount = iterationCount;
+        this.keySize = keySize;
+        this.pass = passPhrase;
+
+        PBEKeySpec spec = new PBEKeySpec(passPhrase.toCharArray(),
+                this.salt, iterationCount, this.keySize);
+
+        SecretKeyFactory keyFactory
+                = SecretKeyFactory.getInstance(algo);
+
+        SecretKey realKey = keyFactory.generateSecret(spec);
+
+        this.keyLength = realKey.getEncoded().length;
+
+        this.key = new byte[this.keyLength];
+        System.arraycopy(realKey.getEncoded(), 0, this.key, 0,
+                this.keyLength);
+    }
+
+    @Override
+    public int getIterationCount() {
+        return itereationCount;
+    }
+
+    @Override
+    public byte[] getSalt() {
+        return salt;
+    }
+
+    @Override
+    public char[] getPassword() {
+        return this.pass.toCharArray();
+    }
+
+    /**
+     * Spoil the generated key (before translation) to cause an
+     * InvalidKeyException
+     */
+    public void spoil() {
+        this.itereationCount = -1;
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java	Thu Jul 10 03:07:48 2014 +0000
@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.PrintStream;
+import java.security.AlgorithmParameters;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.Random;
+import java.util.StringTokenizer;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+/**
+ * @test
+ * @bug 8041781
+ * @summary Test to see if key wrapper works correctly with PBEKey
+ * @author Yu-Ching (Valerie) PENG
+ * @author Bill Situ
+ * @author Yun Ke
+ * @run main TestCipherKeyWrapperPBEKey
+ */
+public class TestCipherKeyWrapperPBEKey {
+
+    private static final String[] PBEAlgorithms = {
+        "pbeWithMD5ANDdes",
+        "PBEWithMD5AndDES/CBC/PKCS5Padding",
+        "PBEWithMD5AndTripleDES",
+        "PBEWithMD5AndTripleDES/CBC/PKCS5Padding",
+        "PBEwithSHA1AndDESede",
+        "PBEwithSHA1AndDESede/CBC/PKCS5Padding",
+        "PBEwithSHA1AndRC2_40",
+        "PBEwithSHA1Andrc2_40/CBC/PKCS5Padding",
+        "PBEWithSHA1AndRC2_128",
+        "PBEWithSHA1andRC2_128/CBC/PKCS5Padding",
+        "PBEWithSHA1AndRC4_40",
+        "PBEWithsha1AndRC4_40/ECB/NoPadding",
+        "PBEWithSHA1AndRC4_128",
+        "pbeWithSHA1AndRC4_128/ECB/NoPadding",
+        "PBEWithHmacSHA1AndAES_128",
+        "PBEWithHmacSHA224AndAES_128",
+        "PBEWithHmacSHA256AndAES_128",
+        "PBEWithHmacSHA384AndAES_128",
+        "PBEWithHmacSHA512AndAES_128",
+        "PBEWithHmacSHA1AndAES_256",
+        "PBEWithHmacSHA224AndAES_256",
+        "PBEWithHmacSHA256AndAES_256",
+        "PBEWithHmacSHA384AndAES_256",
+        "PBEWithHmacSHA512AndAES_256"
+    };
+
+    public static void main(String[] args) {
+
+        TestCipherKeyWrapperPBEKey test = new TestCipherKeyWrapperPBEKey();
+        Provider sunjce = Security.getProvider("SunJCE");
+
+        if (!test.runAll(sunjce, System.out)) {
+            throw new RuntimeException("One or more tests have failed....");
+        }
+    }
+
+    public boolean runAll(Provider p, PrintStream out) {
+        boolean finalResult = true;
+
+        for (String algorithm : PBEAlgorithms) {
+            out.println("Running test with " + algorithm + ":");
+            try {
+                if (!runTest(p, algorithm, out)) {
+                    finalResult = false;
+                    out.println("STATUS: Failed");
+                } else {
+                    out.println("STATUS: Passed");
+                }
+            } catch (Exception ex) {
+                finalResult = false;
+                ex.printStackTrace(out);
+                out.println("STATUS:Failed");
+            }
+        }
+
+        return finalResult;
+    }
+
+    // Have a generic throws Exception as it can throw many different exceptions
+    public boolean runTest(Provider p, String algo, PrintStream out)
+            throws Exception {
+
+        byte[] salt = new byte[8];
+        int ITERATION_COUNT = 1000;
+        AlgorithmParameters pbeParams = null;
+
+        String baseAlgo
+                = new StringTokenizer(algo, "/").nextToken().toUpperCase();
+        boolean isAES = baseAlgo.contains("AES");
+
+        try {
+            // Initialization
+            new Random().nextBytes(salt);
+            AlgorithmParameterSpec aps = new PBEParameterSpec(salt,
+                    ITERATION_COUNT);
+            SecretKeyFactory skf = SecretKeyFactory.getInstance(baseAlgo, p);
+            SecretKey key = skf.generateSecret(new PBEKeySpec(
+                    "Secret Key".toCharArray()));
+            Cipher ci = Cipher.getInstance(algo);
+
+            if (isAES) {
+                ci.init(Cipher.WRAP_MODE, key);
+                pbeParams = ci.getParameters();
+            } else {
+                ci.init(Cipher.WRAP_MODE, key, aps);
+            }
+
+            byte[] keyWrapper = ci.wrap(key);
+            if (isAES) {
+                ci.init(Cipher.UNWRAP_MODE, key, pbeParams);
+            } else {
+                ci.init(Cipher.UNWRAP_MODE, key, aps);
+            }
+
+            Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
+
+            if (baseAlgo.endsWith("TRIPLEDES")
+                    || baseAlgo.endsWith("AES_256")) {
+                out.print(
+                        "InvalidKeyException not thrown when keyStrength > 128");
+                return false;
+            }
+
+            return (Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded()));
+
+        } catch (InvalidKeyException ex) {
+
+            if ((baseAlgo.endsWith("TRIPLEDES")
+                    || baseAlgo.endsWith("AES_256"))) {
+                out.println("Expected InvalidKeyException, keyStrength > 128");
+                return true;
+            } else {
+                throw ex;
+            }
+        }
+    }
+}