Open WilburZjh opened 1 year ago
Fo GCMBufferTest, Grinder result is
Algo: AES/GCM/NoPadding Ops: [BYTE]
Encrypt: Data Index: 1
input len: 51 inOfs 0 outOfs 0 in/out buffer: different
input len: 51 inOfs 0 outOfs 0 in/out buffer: in-place
Decrypt: Data Index: 1
input len: 67 inOfs 0 outOfs 0 in/out buffer: different
java.lang.Exception: Wrong doFinal return len (BYTE): rlen=51, expected output len=67
at GCMBufferTest.crypto(GCMBufferTest.java:494)
at GCMBufferTest.decrypt(GCMBufferTest.java:341)
at GCMBufferTest.test(GCMBufferTest.java:300)
at GCMBufferTest.main(GCMBufferTest.java:644)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:312)
at java.base/java.lang.Thread.run(Thread.java:857)
JavaTest Message: Test threw exception: java.lang.Exception
JavaTest Message: shutting down test
It aims to test whether a single/multiple part entrypt/decrypt works.
This test can be considered as three parts.
Under FIPS mode, a single byte array test is not passing due to the java.lang.Exception: Wrong doFinal return len (BYTE): rlen=51, expected output len=67
. It will initial a cipher object and invoke the getOutputSize
method during the doFinal
procedure. The getOutputSize
method will invoke the spi.engineGetOutputSize(inputLen)
method. When a FIPS mode is enabled, the specific subclass during runtime is P11AEADCipher. In P11AEADCipher, the engineGetOutputSize
will invoke doFinalLength
. However, in the doFinalLength
function, during decrypt
, the result doesnt consider to delete the tag. Therefore, it causes a different length. After I added another conditional statement in the if-else in doFinalLength
, this exception disappeared. The commit can be found at here
AES-GCM is a non-Approved mode in FIPS mode com/sun/crypto/provider/Cipher/AEAD/GCMBufferTest.java.GCMBufferTest com/sun/crypto/provider/Cipher/AEAD/GCMShortBuffer.java.GCMShortBuffer com/sun/crypto/provider/Cipher/AEAD/OverlapByteBuffer.java.OverlapByteBuffer