search

WilburZjh / openj9-openjdk-jdk17

Extensions for OpenJDK 17 for Eclipse OpenJ9
GNU General Public License v2.0
0 stars 0 forks source link

AES-GCM related #1

Open WilburZjh opened 1 year ago

WilburZjh commented 1 year ago

AES-GCM is a non-Approved mode in FIPS mode com/sun/crypto/provider/Cipher/AEAD/GCMBufferTest.java.GCMBufferTest com/sun/crypto/provider/Cipher/AEAD/GCMShortBuffer.java.GCMShortBuffer com/sun/crypto/provider/Cipher/AEAD/OverlapByteBuffer.java.OverlapByteBuffer

WilburZjh commented 1 year ago

Fo GCMBufferTest, Grinder result is 

Algo: AES/GCM/NoPadding     Ops: [BYTE]
Encrypt:  Data Index: 1
    input len: 51  inOfs 0  outOfs 0  in/out buffer: different
    input len: 51  inOfs 0  outOfs 0  in/out buffer: in-place
Decrypt:  Data Index: 1
    input len: 67  inOfs 0  outOfs 0  in/out buffer: different
java.lang.Exception: Wrong doFinal return len (BYTE):  rlen=51, expected output len=67
    at GCMBufferTest.crypto(GCMBufferTest.java:494)
    at GCMBufferTest.decrypt(GCMBufferTest.java:341)
    at GCMBufferTest.test(GCMBufferTest.java:300)
    at GCMBufferTest.main(GCMBufferTest.java:644)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:568)
    at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:312)
    at java.base/java.lang.Thread.run(Thread.java:857)

JavaTest Message: Test threw exception: java.lang.Exception
JavaTest Message: shutting down test
WilburZjh commented 1 year ago

It aims to test whether a single/multiple part entrypt/decrypt works.

This test can be considered as three parts.

Under FIPS mode, a single byte array test is not passing due to the java.lang.Exception: Wrong doFinal return len (BYTE): rlen=51, expected output len=67. It will initial a cipher object and invoke the getOutputSize method during the doFinal procedure. The getOutputSize method will invoke the spi.engineGetOutputSize(inputLen) method. When a FIPS mode is enabled, the specific subclass during runtime is P11AEADCipher. In P11AEADCipher, the engineGetOutputSize will invoke doFinalLength. However, in the doFinalLength function, during decrypt, the result doesnt consider to delete the tag. Therefore, it causes a different length. After I added another conditional statement in the if-else in doFinalLength, this exception disappeared. The commit can be found at here