| /* |
| * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| /* |
| * @test |
| * @modules java.base/com.sun.crypto.provider:+open |
| * @run main/othervm PBEKeyCleanupTest |
| * @summary Verify that key storage is cleared |
| */ |
| |
| import java.lang.ref.PhantomReference; |
| import java.lang.ref.Reference; |
| import java.lang.ref.ReferenceQueue; |
| import java.lang.reflect.Field; |
| import java.util.Arrays; |
| import java.util.Random; |
| |
| import javax.crypto.SecretKey; |
| import javax.crypto.SecretKeyFactory; |
| import javax.crypto.spec.PBEKeySpec; |
| |
| /** |
| * Test that the array holding the key bytes is cleared when it is |
| * no longer referenced by the key. |
| */ |
| public class PBEKeyCleanupTest { |
| |
| private final static String SunJCEProvider = "SunJCE"; |
| |
| private static final String PASS_PHRASE = "some hidden string"; |
| private static final int ITERATION_COUNT = 1000; |
| private static final int KEY_SIZE = 128; |
| |
| public static void main(String[] args) throws Exception { |
| testPBESecret("PBEWithMD5AndDES"); |
| testPBKSecret("PBKDF2WithHmacSHA1"); |
| } |
| |
| private static void testPBESecret(String algorithm) throws Exception { |
| char[] password = new char[] {'f', 'o', 'o'}; |
| PBEKeySpec pbeKeySpec = new PBEKeySpec(password); |
| SecretKeyFactory keyFac = |
| SecretKeyFactory.getInstance(algorithm, SunJCEProvider); |
| |
| testCleanupSecret(algorithm, keyFac.generateSecret(pbeKeySpec)); |
| } |
| |
| private static void testPBKSecret(String algorithm) throws Exception { |
| byte[] salt = new byte[8]; |
| new Random().nextBytes(salt); |
| char[] password = new char[] {'f', 'o', 'o'}; |
| PBEKeySpec pbeKeySpec = new PBEKeySpec(PASS_PHRASE.toCharArray(), salt, |
| ITERATION_COUNT, KEY_SIZE); |
| SecretKeyFactory keyFac = |
| SecretKeyFactory.getInstance(algorithm, SunJCEProvider); |
| |
| testCleanupSecret(algorithm, keyFac.generateSecret(pbeKeySpec)); |
| } |
| |
| static void testCleanupSecret(String algorithm, SecretKey key) throws Exception { |
| |
| // Break into the implementation to observe the key byte array. |
| Class<?> keyClass = key.getClass(); |
| Field keyField = keyClass.getDeclaredField("key"); |
| keyField.setAccessible(true); |
| byte[] array = (byte[])keyField.get(key); |
| |
| byte[] zeros = new byte[array.length]; |
| do { |
| // Wait for array to be cleared; if not cleared test will timeout |
| System.out.printf("%s array: %s%n", algorithm, Arrays.toString(array)); |
| key = null; |
| System.gc(); // attempt to reclaim the key |
| } while (Arrays.compare(zeros, array) != 0); |
| System.out.printf("%s array: %s%n", algorithm, Arrays.toString(array)); |
| |
| Reference.reachabilityFence(key); // Keep key alive |
| Reference.reachabilityFence(array); // Keep array alive |
| } |
| } |
| |
| |
| |