Google Git
Sign in
android / platform / libcore / 71f2c75111e87091616f0f3b86bea6c4d345dad1 / . / test / jdk / com / sun / crypto / provider / Cipher / ChaCha20 / OutputSizeTest.java
blob: c2e30c87aa3e9833cf5f106f8fdc88ddeb333783 [file] [log] [blame]
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 8224997
* @summary ChaCha20-Poly1305 TLS cipher suite decryption throws ShortBufferException
* @library /test/lib
* @build jdk.test.lib.Convert
* @run main OutputSizeTest
*/
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.ChaCha20ParameterSpec;
import javax.crypto.spec.IvParameterSpec;
public class OutputSizeTest {
private static final SecureRandom SR = new SecureRandom();
public static void main(String args[]) throws Exception {
testCC20GetOutSize();
testCC20P1305GetOutSize();
testMultiPartAEADDec();
}
private static void testCC20GetOutSize()
throws GeneralSecurityException {
boolean result = true;
KeyGenerator kg = KeyGenerator.getInstance("ChaCha20", "SunJCE");
kg.init(256);
// ChaCha20 encrypt
Cipher cc20 = Cipher.getInstance("ChaCha20", "SunJCE");
cc20.init(Cipher.ENCRYPT_MODE, kg.generateKey(),
new ChaCha20ParameterSpec(getRandBuf(12), 10));
testOutLen(cc20, 0, 0);
testOutLen(cc20, 5, 5);
testOutLen(cc20, 5120, 5120);
// perform an update, then test with a final block
byte[] input = new byte[5120];
SR.nextBytes(input);
cc20.update(input);
testOutLen(cc20, 1024, 1024);
// Decryption lengths should be calculated the same way as encryption
cc20.init(Cipher.DECRYPT_MODE, kg.generateKey(),
new ChaCha20ParameterSpec(getRandBuf(12), 10));
testOutLen(cc20, 0, 0);
testOutLen(cc20, 5, 5);
testOutLen(cc20, 5120, 5120);
// perform an update, then test with a final block
cc20.update(input);
testOutLen(cc20, 1024, 1024);
}
private static void testCC20P1305GetOutSize()
throws GeneralSecurityException {
KeyGenerator kg = KeyGenerator.getInstance("ChaCha20", "SunJCE");
kg.init(256);
// ChaCha20 encrypt
Cipher cc20 = Cipher.getInstance("ChaCha20-Poly1305", "SunJCE");
cc20.init(Cipher.ENCRYPT_MODE, kg.generateKey(),
new IvParameterSpec(getRandBuf(12)));
// Encryption lengths are calculated as the input length plus the tag
// length (16).
testOutLen(cc20, 0, 16);
testOutLen(cc20, 5, 21);
testOutLen(cc20, 5120, 5136);
// perform an update, then test with a final block
byte[] input = new byte[5120];
SR.nextBytes(input);
cc20.update(input);
testOutLen(cc20, 1024, 1040);
// Decryption lengths are handled differently for AEAD mode. The length
// should be zero for anything up to and including the first 16 bytes
// (since that's the tag). Anything above that should be the input
// length plus any unprocessed input (via update calls), minus the
// 16 byte tag.
cc20.init(Cipher.DECRYPT_MODE, kg.generateKey(),
new IvParameterSpec(getRandBuf(12)));
testOutLen(cc20, 0, 0);
testOutLen(cc20, 5, 0);
testOutLen(cc20, 16, 0);
testOutLen(cc20, 5120, 5104);
// Perform an update, then test with a the length of a final chunk
// of data.
cc20.update(input);
testOutLen(cc20, 1024, 6128);
}
private static void testMultiPartAEADDec() throws GeneralSecurityException {
KeyGenerator kg = KeyGenerator.getInstance("ChaCha20", "SunJCE");
kg.init(256);
Key key = kg.generateKey();
IvParameterSpec ivps = new IvParameterSpec(getRandBuf(12));
// Encrypt some data so we can test decryption.
byte[] pText = getRandBuf(2048);
ByteBuffer pTextBase = ByteBuffer.wrap(pText);
Cipher enc = Cipher.getInstance("ChaCha20-Poly1305", "SunJCE");
enc.init(Cipher.ENCRYPT_MODE, key, ivps);
ByteBuffer ctBuf = ByteBuffer.allocateDirect(
enc.getOutputSize(pText.length));
enc.doFinal(pTextBase, ctBuf);
// Create a new direct plain text ByteBuffer which will catch the
// decrypted data.
ByteBuffer ptBuf = ByteBuffer.allocateDirect(pText.length);
// Set the cipher text buffer limit to roughly half the data so we can
// do an update/final sequence.
ctBuf.position(0).limit(1024);
Cipher dec = Cipher.getInstance("ChaCha20-Poly1305", "SunJCE");
dec.init(Cipher.DECRYPT_MODE, key, ivps);
dec.update(ctBuf, ptBuf);
System.out.println("CTBuf: " + ctBuf);
System.out.println("PTBuf: " + ptBuf);
ctBuf.limit(ctBuf.capacity());
dec.doFinal(ctBuf, ptBuf);
ptBuf.flip();
pTextBase.flip();
System.out.println("PT Base:" + pTextBase);
System.out.println("PT Actual:" + ptBuf);
if (pTextBase.compareTo(ptBuf) != 0) {
StringBuilder sb = new StringBuilder();
sb.append("Plaintext mismatch: Original: ").
append(pTextBase.toString()).append("\nActual :").
append(ptBuf);
throw new RuntimeException(sb.toString());
}
}
private static void testOutLen(Cipher c, int inLen, int expOut) {
int actualOut = c.getOutputSize(inLen);
if (actualOut != expOut) {
throw new RuntimeException("Cipher " + c + ", in: " + inLen +
", expOut: " + expOut + ", actual: " + actualOut);
}
}
private static byte[] getRandBuf(int len) {
byte[] buf = new byte[len];
SR.nextBytes(buf);
return buf;
}
}