|
| 1 | +/* |
| 2 | + * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. |
| 3 | + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | + * |
| 5 | + * This code is free software; you can redistribute it and/or modify it |
| 6 | + * under the terms of the GNU General Public License version 2 only, as |
| 7 | + * published by the Free Software Foundation. |
| 8 | + * |
| 9 | + * This code is distributed in the hope that it will be useful, but WITHOUT |
| 10 | + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 11 | + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 12 | + * version 2 for more details (a copy is included in the LICENSE file that |
| 13 | + * accompanied this code). |
| 14 | + * |
| 15 | + * You should have received a copy of the GNU General Public License version |
| 16 | + * 2 along with this work; if not, write to the Free Software Foundation, |
| 17 | + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 18 | + * |
| 19 | + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| 20 | + * or visit www.oracle.com if you need additional information or have any |
| 21 | + * questions. |
| 22 | + */ |
| 23 | + |
| 24 | +/** |
| 25 | + * @test |
| 26 | + * @summary Check for 128-bit AES/CTR wraparound |
| 27 | + * @library /test/lib / |
| 28 | + * @build jdk.test.whitebox.WhiteBox |
| 29 | + * @run driver jdk.test.lib.helpers.ClassFileInstaller jdk.test.whitebox.WhiteBox |
| 30 | + * |
| 31 | + * @run main/othervm -Xbatch |
| 32 | + * -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI -Xbootclasspath/a:. |
| 33 | + * compiler.codegen.aes.CTR_Wraparound 32 |
| 34 | + * @run main/othervm -Xbatch |
| 35 | + * -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI -Xbootclasspath/a:. |
| 36 | + * compiler.codegen.aes.CTR_Wraparound 1009 |
| 37 | + * @run main/othervm -Xbatch |
| 38 | + * -XX:+UnlockDiagnosticVMOptions -XX:+WhiteBoxAPI -Xbootclasspath/a:. |
| 39 | + * compiler.codegen.aes.CTR_Wraparound 2048 |
| 40 | + */ |
| 41 | + |
| 42 | +package compiler.codegen.aes; |
| 43 | + |
| 44 | +import java.util.Arrays; |
| 45 | +import java.util.Random; |
| 46 | +import javax.crypto.Cipher; |
| 47 | +import javax.crypto.spec.IvParameterSpec; |
| 48 | +import javax.crypto.spec.SecretKeySpec; |
| 49 | + |
| 50 | +import compiler.whitebox.CompilerWhiteBoxTest; |
| 51 | +import jdk.test.whitebox.code.Compiler; |
| 52 | +import jdk.test.lib.Utils; |
| 53 | +import jtreg.SkippedException; |
| 54 | + |
| 55 | +public class CTR_Wraparound { |
| 56 | + private static final String ALGO = "AES/CTR/NoPadding"; |
| 57 | + private static final int LOOPS = 100000; |
| 58 | + |
| 59 | + public static void main(String[] args) throws Exception { |
| 60 | + int length = Integer.parseInt(args[0]); |
| 61 | + int maxOffset = 60; |
| 62 | + if (args.length > 1) { |
| 63 | + maxOffset = Integer.parseInt(args[1]); |
| 64 | + System.out.println("InitialOffset = " + maxOffset); |
| 65 | + } |
| 66 | + |
| 67 | + if (!Compiler.isIntrinsicAvailable(CompilerWhiteBoxTest.COMP_LEVEL_FULL_OPTIMIZATION, "com.sun.crypto.provider.CounterMode", "implCrypt", byte[].class, int.class, int.class, byte[].class, int.class)) { |
| 68 | + throw new SkippedException("AES-CTR intrinsic is not available"); |
| 69 | + } |
| 70 | + |
| 71 | + Random random = Utils.getRandomInstance(); |
| 72 | + |
| 73 | + byte[] keyBytes = new byte[32]; |
| 74 | + Arrays.fill(keyBytes, (byte)0xff); |
| 75 | + SecretKeySpec key = new SecretKeySpec(keyBytes, "AES"); |
| 76 | + |
| 77 | + byte[] ivBytes = new byte[16]; |
| 78 | + |
| 79 | + Arrays.fill(ivBytes, (byte)0xff); |
| 80 | + |
| 81 | + byte[][] plaintext = new byte[maxOffset][]; |
| 82 | + byte[][] ciphertext = new byte[maxOffset][]; |
| 83 | + |
| 84 | + for (int offset = 0; offset < maxOffset; offset++) { |
| 85 | + ivBytes[ivBytes.length - 1] = (byte)-offset; |
| 86 | + IvParameterSpec iv = new IvParameterSpec(ivBytes); |
| 87 | + |
| 88 | + Cipher encryptCipher = Cipher.getInstance(ALGO); |
| 89 | + Cipher decryptCipher = Cipher.getInstance(ALGO); |
| 90 | + |
| 91 | + encryptCipher.init(Cipher.ENCRYPT_MODE, key, iv); |
| 92 | + decryptCipher.init(Cipher.DECRYPT_MODE, key, iv); |
| 93 | + |
| 94 | + plaintext[offset] = new byte[length]; |
| 95 | + ciphertext[offset] = new byte[length]; |
| 96 | + random.nextBytes(plaintext[offset]); |
| 97 | + |
| 98 | + byte[] decrypted = new byte[length]; |
| 99 | + |
| 100 | + encryptCipher.doFinal(plaintext[offset], 0, length, ciphertext[offset]); |
| 101 | + decryptCipher.doFinal(ciphertext[offset], 0, length, decrypted); |
| 102 | + |
| 103 | + if (!Arrays.equals(plaintext[offset], decrypted)) { |
| 104 | + throw new Exception("mismatch in setup at offset " + offset); |
| 105 | + } |
| 106 | + } |
| 107 | + |
| 108 | + for (int offset = 0; offset < maxOffset; offset++) { |
| 109 | + ivBytes[ivBytes.length - 1] = (byte)-offset; |
| 110 | + IvParameterSpec iv = new IvParameterSpec(ivBytes); |
| 111 | + |
| 112 | + Cipher encryptCipher = Cipher.getInstance(ALGO); |
| 113 | + |
| 114 | + encryptCipher.init(Cipher.ENCRYPT_MODE, key, iv); |
| 115 | + |
| 116 | + byte[] encrypted = new byte[length]; |
| 117 | + |
| 118 | + for (int i = 0; i < LOOPS; i++) { |
| 119 | + encryptCipher.doFinal(plaintext[offset], 0, length, encrypted); |
| 120 | + if (!Arrays.equals(ciphertext[offset], encrypted)) { |
| 121 | + throw new Exception("array mismatch at offset " + offset |
| 122 | + + " with length " + length); |
| 123 | + } |
| 124 | + } |
| 125 | + } |
| 126 | + } |
| 127 | +} |
0 commit comments