Projects
home:dingli:branches:openEuler:24.09-openjdk
openjdk-1.8.0
_service:tar_scm:Extending-the-IV-Length-Suppor...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:Extending-the-IV-Length-Supported-by-KAEProvider-AES.patch of Package openjdk-1.8.0
From f4b0357c01f51e813642c3ac5c8ff33c1576eb72 Mon Sep 17 00:00:00 2001 Subject: Extending the IV Length Supported by KAEProvider AES/Gcm --- .../security/openssl/kae_symmetric_cipher.c | 23 ++++++-- .../security/openssl/KAEGcmIvLenTest.java | 52 +++++++++++++++++++ 2 files changed, 72 insertions(+), 3 deletions(-) create mode 100644 jdk/test/org/openeuler/security/openssl/KAEGcmIvLenTest.java diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c index ec8894f1a..7618d6e16 100644 --- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c +++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_symmetric_cipher.c @@ -146,6 +146,7 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en const EVP_CIPHER* cipher = NULL; ENGINE* kaeEngine = NULL; int keyLength = (*env)->GetArrayLength(env, key); + int ivLength = 0; const char* algo = (*env)->GetStringUTFChars(env, cipherType, 0); if (StartsWith("aes", algo)) { @@ -158,7 +159,6 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en KAE_TRACE("KAESymmetricCipherBase_nativeInit: kaeEngine => %p", kaeEngine); - (*env)->ReleaseStringUTFChars(env, cipherType, algo); if (cipher == NULL) { KAE_ThrowOOMException(env, "create EVP_CIPHER fail"); goto cleanup; @@ -170,19 +170,35 @@ Java_org_openeuler_security_openssl_KAESymmetricCipherBase_nativeInit(JNIEnv* en if (iv != NULL) { ivBytes = (*env)->GetByteArrayElements(env, iv, NULL); + ivLength = (*env)->GetArrayLength(env, iv); } if (key != NULL) { keyBytes = (*env)->GetByteArrayElements(env, key, NULL); } - if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, (const unsigned char*)keyBytes, - (const unsigned char*)ivBytes, encrypt ? 1 : 0)) { + if (!EVP_CipherInit_ex(ctx, cipher, kaeEngine, NULL, + NULL, encrypt ? 1 : 0)) { KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex failed", KAE_ThrowRuntimeException); goto cleanup; } + if (strcasecmp(algo + 8, "gcm") == 0) { + /* Set IV length if default 12 bytes (96 bits) is not appropriate */ + if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, ivLength, NULL)) { + KAE_ThrowFromOpenssl(env, "EVP_CIPHER_CTX_ctrl failed", KAE_ThrowRuntimeException); + goto cleanup; + } + } + + if (!EVP_CipherInit_ex(ctx, NULL, kaeEngine, (const unsigned char*)keyBytes, + (const unsigned char*)ivBytes, encrypt ? 1 : 0)) { + KAE_ThrowFromOpenssl(env, "EVP_CipherInit_ex int key & iv failed", KAE_ThrowRuntimeException); + goto cleanup; + } + EVP_CIPHER_CTX_set_padding(ctx, padding ? 1 : 0); + (*env)->ReleaseStringUTFChars(env, cipherType, algo); FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength); return (jlong)ctx; @@ -190,6 +206,7 @@ cleanup: if (ctx != NULL) { EVP_CIPHER_CTX_free(ctx); } + (*env)->ReleaseStringUTFChars(env, cipherType, algo); FreeMemoryFromInit(env, iv, ivBytes, key, keyBytes, keyLength); return 0; } diff --git a/jdk/test/org/openeuler/security/openssl/KAEGcmIvLenTest.java b/jdk/test/org/openeuler/security/openssl/KAEGcmIvLenTest.java new file mode 100644 index 000000000..c9e2257aa --- /dev/null +++ b/jdk/test/org/openeuler/security/openssl/KAEGcmIvLenTest.java @@ -0,0 +1,52 @@ +import org.openeuler.security.openssl.KAEProvider; + +import javax.crypto.Cipher; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.nio.charset.StandardCharsets; +import java.security.Security; +import java.util.Arrays; + +/** + * @test + * @summary Basic test for AES/GCM Iv + * @requires os.arch=="aarch64" + * @run main KAEGcmIvLenTest + */ +public class KAEGcmIvLenTest { + private static String plainText = "helloworldhellow"; // 16bytes for NoPadding + private static String shortPlainText = "helloworld"; // 5 bytes for padding + private static SecretKeySpec ks = new SecretKeySpec("AESEncryptionKey".getBytes(StandardCharsets.UTF_8), "AES"); // key has 16 bytes + private static int[] ivLens = {12, 16}; + public static void main(String[] args) throws Exception { + Security.addProvider(new KAEProvider()); + for (int ivLen : ivLens) { + testGcm(plainText,"AES/GCM/NoPadding", "KAEProvider", "SunJCE", ivLen); + testGcm(plainText,"AES/GCM/NoPadding", "SunJCE", "KAEProvider", ivLen); + testGcm(shortPlainText,"AES/GCM/PKCS5Padding", "KAEProvider", "SunJCE", ivLen); + testGcm(shortPlainText,"AES/GCM/PKCS5Padding", "SunJCE", "KAEProvider", ivLen); + } + + } + + private static void testGcm(String plainText, String algo, String encryptProvider, String decryptProvider, int ivLen) throws Exception { + Cipher enCipher = Cipher.getInstance(algo, encryptProvider); + enCipher.init(Cipher.ENCRYPT_MODE, ks, getIv(ivLen)); + byte[] cipherText = enCipher.doFinal(plainText.getBytes()); + + Cipher deCipher = Cipher.getInstance(algo, decryptProvider); + deCipher.init(Cipher.DECRYPT_MODE, ks, getIv(ivLen)); + byte[] origin = deCipher.doFinal(cipherText); + + if (!Arrays.equals(plainText.getBytes(), origin)) { + throw new RuntimeException("gcm decryption failed, algo = " + algo); + } + } + + private static GCMParameterSpec getIv(int ivLen) { + if (ivLen == 16) { + return new GCMParameterSpec(128, "abcdefghabcdefgh".getBytes(StandardCharsets.UTF_8)); + } + return new GCMParameterSpec(96, "abcdefghabcd".getBytes(StandardCharsets.UTF_8)); + } +} -- 2.19.1
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2