1 /* 2 * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @modules java.base/com.sun.crypto.provider:+open 27 * @run main/othervm PBEKeyCleanupTest 28 * @summary Verify that key storage is cleared 29 */ 30 31 import java.lang.ref.PhantomReference; 32 import java.lang.ref.Reference; 33 import java.lang.ref.ReferenceQueue; 34 import java.lang.reflect.Field; 35 import java.util.Arrays; 36 import java.util.Random; 37 38 import javax.crypto.SecretKey; 39 import javax.crypto.SecretKeyFactory; 40 import javax.crypto.spec.PBEKeySpec; 41 42 /** 43 * Test that the array holding the key bytes is cleared when it is 44 * no longer referenced by the key. 45 */ 46 public class PBEKeyCleanupTest { 47 48 private final static String SunJCEProvider = "SunJCE"; 49 50 private static final String PASS_PHRASE = "some hidden string"; 51 private static final int ITERATION_COUNT = 1000; 52 private static final int KEY_SIZE = 128; 53 main(String[] args)54 public static void main(String[] args) throws Exception { 55 testPBESecret("PBEWithMD5AndDES"); 56 testPBKSecret("PBKDF2WithHmacSHA1"); 57 } 58 testPBESecret(String algorithm)59 private static void testPBESecret(String algorithm) throws Exception { 60 char[] password = new char[] {'f', 'o', 'o'}; 61 PBEKeySpec pbeKeySpec = new PBEKeySpec(password); 62 SecretKeyFactory keyFac = 63 SecretKeyFactory.getInstance(algorithm, SunJCEProvider); 64 65 testCleanupSecret(algorithm, keyFac.generateSecret(pbeKeySpec)); 66 } 67 testPBKSecret(String algorithm)68 private static void testPBKSecret(String algorithm) throws Exception { 69 byte[] salt = new byte[8]; 70 new Random().nextBytes(salt); 71 char[] password = new char[] {'f', 'o', 'o'}; 72 PBEKeySpec pbeKeySpec = new PBEKeySpec(PASS_PHRASE.toCharArray(), salt, 73 ITERATION_COUNT, KEY_SIZE); 74 SecretKeyFactory keyFac = 75 SecretKeyFactory.getInstance(algorithm, SunJCEProvider); 76 77 testCleanupSecret(algorithm, keyFac.generateSecret(pbeKeySpec)); 78 } 79 testCleanupSecret(String algorithm, SecretKey key)80 static void testCleanupSecret(String algorithm, SecretKey key) throws Exception { 81 82 // Break into the implementation to observe the key byte array. 83 Class<?> keyClass = key.getClass(); 84 Field keyField = keyClass.getDeclaredField("key"); 85 keyField.setAccessible(true); 86 byte[] array = (byte[])keyField.get(key); 87 88 byte[] zeros = new byte[array.length]; 89 do { 90 // Wait for array to be cleared; if not cleared test will timeout 91 System.out.printf("%s array: %s%n", algorithm, Arrays.toString(array)); 92 key = null; 93 System.gc(); // attempt to reclaim the key 94 } while (Arrays.compare(zeros, array) != 0); 95 System.out.printf("%s array: %s%n", algorithm, Arrays.toString(array)); 96 97 Reference.reachabilityFence(key); // Keep key alive 98 Reference.reachabilityFence(array); // Keep array alive 99 } 100 } 101 102 103 104