changeset 42362:7b70c5bfe82e

8170245: [TEST_BUG] Cipher tests fail when running with unlimited policy Summary: Updated the failed cipher tests to work under unlimited policy Reviewed-by: xuelei
author valeriep
date Mon, 05 Dec 2016 23:23:27 +0000
parents b64a8f0c668e
children 2098a88da9b0
files jdk/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java jdk/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java jdk/test/com/sun/crypto/provider/Cipher/TestCipher.java
diffstat 7 files changed, 98 insertions(+), 84 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java	Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/AES/TestAESCiphers/Dynamic.java	Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -150,19 +150,8 @@
             int offset = ci.update(plainText, 0, plainText.length, cipherText,
                     0);
             ci.doFinal(cipherText, offset);
+            ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
 
-            if (!mo.equalsIgnoreCase("ECB")) {
-                iv = ci.getIV();
-                aps = new IvParameterSpec(iv);
-            } else {
-                aps = null;
-            }
-
-            if (!mo.equalsIgnoreCase("GCM")) {
-                ci.init(Cipher.DECRYPT_MODE, key, aps);
-            } else {
-                ci.init(Cipher.DECRYPT_MODE, key, ci.getParameters());
-            }
             byte[] recoveredText = new byte[ci.getOutputSize(cipherText.length)];
             int len = ci.doFinal(cipherText, 0, cipherText.length,
                     recoveredText);
@@ -174,12 +163,14 @@
 
             result = Arrays.equals(plainText, tmp);
         } catch (NoSuchAlgorithmException nsaEx) {
-            nsaEx.printStackTrace();
             // CFB7 and OFB150 are negative test,SunJCE not support this
             // algorithm
             result = mo.equalsIgnoreCase("CFB7")
                     || mo.equalsIgnoreCase("OFB150");
-
+            if (!result) {
+                // only report unexpected exception
+                nsaEx.printStackTrace();
+            }
         }
         return result;
     }
--- a/jdk/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java	Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/Blowfish/TestCipherBlowfish.java	Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@
                     "OFB", "OFB8", "OFB16", "OFB24", "OFB32", "OFB40", "OFB48", "OFB56",
                     "OFB64"},
                 new String[]{"NoPaDDing", "PKCS5Padding"},
-                true);
+                32, 448);
     }
 
     public static void main(String[] args) throws Exception {
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java	Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/AESPBEWrapper.java	Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
 import java.io.PrintStream;
 import java.security.AlgorithmParameters;
 import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import javax.crypto.Cipher;
 import javax.crypto.SecretKeyFactory;
@@ -69,6 +70,15 @@
      */
     @Override
     public boolean execute(int edMode, byte[] inputText, int offset, int len) {
+        boolean isUnlimited;
+        try {
+            isUnlimited =
+                (Cipher.getMaxAllowedKeyLength(this.algo) == Integer.MAX_VALUE);
+        } catch (NoSuchAlgorithmException nsae) {
+            out.println("Got unexpected exception for " + this.algo);
+            nsae.printStackTrace(out);
+            return false;
+        }
         try {
             // init Cipher
             if (Cipher.ENCRYPT_MODE == edMode) {
@@ -78,6 +88,11 @@
                 ci.init(Cipher.DECRYPT_MODE, this.key, pbeParams);
             }
 
+            if (this.algo.endsWith("AES_256") && !isUnlimited) {
+                out.print("Expected exception not thrown for " + this.algo);
+                return false;
+            }
+
             // First, generate the cipherText at an allocated buffer
             byte[] outputText = ci.doFinal(inputText, offset, len);
 
@@ -86,29 +101,19 @@
             int off = ci.update(inputText, offset, len, inputText, myoff);
             ci.doFinal(inputText, myoff + off);
 
-            if (this.algo.endsWith("AES_256")) {
-                out.print("Expected exception uncaught, "
-                        + "keyStrength > 128 within " + this.algo);
-
-                return false;
-            }
-
             // Compare to see whether the two results are the same or not
             return equalsBlock(inputText, myoff, outputText, 0,
                     outputText.length);
         } catch (Exception ex) {
             if ((ex instanceof InvalidKeyException)
-                    && this.algo.endsWith("AES_256")) {
-                out.println("Expected InvalidKeyException exception: "
-                        + ex.getMessage());
-
+                    && this.algo.endsWith("AES_256") && !isUnlimited) {
+                out.println("Expected InvalidKeyException thrown");
                 return true;
+            } else {
+                out.println("Got unexpected exception for " + algo);
+                ex.printStackTrace(out);
+                return false;
             }
-
-            out.println("Catch unexpected exception within " + algo);
-            ex.printStackTrace(out);
-
-            return false;
         }
     }
 }
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java	Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/PBESameBuffer/PBECipherWrapper.java	Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@
 import java.util.StringTokenizer;
 
 import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 
 import java.io.PrintStream;
@@ -64,9 +65,25 @@
         StringTokenizer st = new StringTokenizer(algo, "/");
         String baseAlgo = st.nextToken().toUpperCase();
 
+        boolean isUnlimited;
+        try {
+            isUnlimited =
+                (Cipher.getMaxAllowedKeyLength(this.algo) == Integer.MAX_VALUE);
+        } catch (NoSuchAlgorithmException nsae) {
+            out.println("Got unexpected exception for " + this.algo);
+            nsae.printStackTrace(out);
+            return false;
+        }
+
         // Perform encryption or decryption depends on the specified edMode
         try {
             ci.init(edMode, key, aps);
+            if ((baseAlgo.endsWith("TRIPLEDES")
+                    || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
+                out.print("Expected InvalidKeyException not thrown: "
+                    + this.algo);
+                return false;
+            }
 
             // First, generate the cipherText at an allocated buffer
             byte[] outputText = ci.doFinal(inputText, offset, len);
@@ -78,33 +95,24 @@
 
             ci.doFinal(inputText, myoff + off);
 
-            if (baseAlgo.endsWith("TRIPLEDES")
-                    || baseAlgo.endsWith("AES_256")) {
-                out.print("Expected exception uncaught,"
-                        + "keyStrength > 128 within " + this.algo);
-
-                return false;
-            }
-
             // Compare to see whether the two results are the same or not
             boolean result = equalsBlock(inputText, myoff, outputText, 0,
                     outputText.length);
 
             return result;
         } catch (Exception ex) {
-            if ((ex instanceof InvalidKeyException)
-                    && (baseAlgo.endsWith("TRIPLEDES")
-                    || baseAlgo.endsWith("AES_256"))) {
-                out.println("Expected InvalidKeyException exception: "
-                        + ex.getMessage());
-
+            if ((ex instanceof InvalidKeyException) &&
+                    (baseAlgo.endsWith("TRIPLEDES")
+                        || baseAlgo.endsWith("AES_256")) &&
+                !isUnlimited) {
+                out.println("Expected InvalidKeyException thrown for "
+                    + algo);
                 return true;
+            } else {
+                out.println("Got unexpected exception for " + algo);
+                ex.printStackTrace(out);
+                return false;
             }
-
-            out.println("Catch unexpected exception within " + algo);
-            ex.printStackTrace(out);
-
-            return false;
         }
     }
 }
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java	Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java	Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -120,6 +120,9 @@
                 = new StringTokenizer(algo, "/").nextToken().toUpperCase();
         boolean isAES = baseAlgo.contains("AES");
 
+        boolean isUnlimited =
+            (Cipher.getMaxAllowedKeyLength(algo) == Integer.MAX_VALUE);
+
         try {
             // Initialization
             new Random().nextBytes(salt);
@@ -129,7 +132,6 @@
             SecretKey key = skf.generateSecret(new PBEKeySpec(
                     "Secret Key".toCharArray()));
             Cipher ci = Cipher.getInstance(algo);
-
             if (isAES) {
                 ci.init(Cipher.WRAP_MODE, key);
                 pbeParams = ci.getParameters();
@@ -146,10 +148,10 @@
 
             Key unwrappedKey = ci.unwrap(keyWrapper, algo, Cipher.SECRET_KEY);
 
-            if (baseAlgo.endsWith("TRIPLEDES")
-                    || baseAlgo.endsWith("AES_256")) {
+            if ((baseAlgo.endsWith("TRIPLEDES")
+                    || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
                 out.print(
-                        "InvalidKeyException not thrown when keyStrength > 128");
+                        "Expected InvalidKeyException not thrown");
                 return false;
             }
 
@@ -158,8 +160,9 @@
         } catch (InvalidKeyException ex) {
 
             if ((baseAlgo.endsWith("TRIPLEDES")
-                    || baseAlgo.endsWith("AES_256"))) {
-                out.println("Expected InvalidKeyException, keyStrength > 128");
+                    || baseAlgo.endsWith("AES_256")) && !isUnlimited) {
+                out.print(
+                        "Expected InvalidKeyException thrown");
                 return true;
             } else {
                 throw ex;
--- a/jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java	Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/PBE/TestCipherPBE.java	Mon Dec 05 23:23:27 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -79,6 +79,9 @@
 
         out.println("=> Testing: " + algorithm);
 
+        boolean isUnlimited =
+            (Cipher.getMaxAllowedKeyLength(algorithm) == Integer.MAX_VALUE);
+
         try {
             // Initialization
             AlgorithmParameterSpec algoParamSpec
@@ -98,9 +101,9 @@
             ci.init(Cipher.DECRYPT_MODE, secretKey, algoParamSpec);
             byte[] recoveredText = ci.doFinal(cipherText);
 
-            if (algorithm.contains("TripleDES")) {
+            if (algorithm.contains("TripleDES") && !isUnlimited) {
                 throw new RuntimeException(
-                        "Expected InvalidKeyException exception uncaugh");
+                        "Expected InvalidKeyException not thrown");
             }
 
             // Comparison
@@ -110,8 +113,8 @@
             }
             out.println("Test Passed.");
         } catch (InvalidKeyException ex) {
-            if (algorithm.contains("TripleDES")) {
-                out.println("Expected InvalidKeyException raised");
+            if (algorithm.contains("TripleDES") && !isUnlimited) {
+                out.println("Expected InvalidKeyException thrown");
             } else {
                 throw new RuntimeException(ex);
             }
--- a/jdk/test/com/sun/crypto/provider/Cipher/TestCipher.java	Mon Dec 05 13:00:32 2016 -0800
+++ b/jdk/test/com/sun/crypto/provider/Cipher/TestCipher.java	Mon Dec 05 23:23:27 2016 +0000
@@ -49,14 +49,13 @@
     private final String[] MODES;
     private final String[] PADDINGS;
 
-    /* Used to test cipher with different key strengths
-       Key size tested is increment of KEYCUTTER from MINIMUM_KEY_SIZE to
-       maximum allowed keysize.
-       DES/DESede/Blowfish work with currently selected key sizes.
+    /* Used to test variable-key-length ciphers:
+       Key size tested is increment of KEYCUTTER from minKeySize
+       to min(maxKeySize, Cipher.getMaxAllowedKeyLength(algo)).
     */
-    private final int variousKeySize;
     private final int KEYCUTTER = 8;
-    private final int MINIMUM_KEY_SIZE = 32;
+    private final int minKeySize;
+    private final int maxKeySize;
 
     // Used to assert that Encryption/Decryption works with same buffer
     // TEXT_LEN is multiple of blocks in order to work against ciphers w/ NoPadding
@@ -68,23 +67,28 @@
     private final byte[] IV;
     private final byte[] INPUT_TEXT;
 
+    // for variable-key-length ciphers
     TestCipher(String algo, String[] modes, String[] paddings,
-            boolean keyStrength) throws NoSuchAlgorithmException {
+            int minKeySize, int maxKeySize) throws NoSuchAlgorithmException {
         ALGORITHM = algo;
         MODES = modes;
         PADDINGS = paddings;
-        this.variousKeySize
-                = keyStrength ? Cipher.getMaxAllowedKeyLength(ALGORITHM) : 0;
-
+        this.minKeySize = minKeySize;
+        int maxAllowedKeySize = Cipher.getMaxAllowedKeyLength(ALGORITHM);
+        if (maxKeySize > maxAllowedKeySize) {
+            maxKeySize = maxAllowedKeySize;
+        }
+        this.maxKeySize = maxKeySize;
         IV = generateBytes(8);
         INPUT_TEXT = generateBytes(TEXT_LEN + PAD_BYTES + ENC_OFFSET);
     }
 
+    // for fixed-key-length ciphers
     TestCipher(String algo, String[] modes, String[] paddings) {
         ALGORITHM = algo;
         MODES = modes;
         PADDINGS = paddings;
-        variousKeySize = 0;
+        this.minKeySize = this.maxKeySize = 0;
 
         IV = generateBytes(8);
         INPUT_TEXT = generateBytes(TEXT_LEN + PAD_BYTES + ENC_OFFSET);
@@ -98,8 +102,8 @@
         return bytes;
     }
 
-    private boolean isKeyStrenthSupported() {
-        return (variousKeySize != 0);
+    private boolean isMultipleKeyLengthSupported() {
+        return (maxKeySize != minKeySize);
     }
 
     public void runAll() throws InvalidKeyException,
@@ -110,11 +114,11 @@
 
         for (String mode : MODES) {
             for (String padding : PADDINGS) {
-                if (!isKeyStrenthSupported()) {
-                    runTest(mode, padding, 0);
+                if (!isMultipleKeyLengthSupported()) {
+                    runTest(mode, padding, minKeySize);
                 } else {
-                    int keySize = variousKeySize;
-                    while (keySize >= MINIMUM_KEY_SIZE) {
+                    int keySize = maxKeySize;
+                    while (keySize >= minKeySize) {
                         out.println("With Key Strength: " + keySize);
                         runTest(mode, padding, keySize);
                         keySize -= KEYCUTTER;
@@ -139,6 +143,7 @@
         if (keySize != 0) {
             kg.init(keySize);
         }
+
         SecretKey key = kg.generateKey();
         SecretKeySpec skeySpec = new SecretKeySpec(key.getEncoded(), ALGORITHM);
 
@@ -150,7 +155,6 @@
         }
 
         // Encryption
-
         byte[] plainText = INPUT_TEXT.clone();
 
         // Generate cipher and save to separate buffer