openjdk · myankelev · Nov 4, 2025
diff --git a/test/jdk/sun/security/pkcs11/Cipher/KeyWrap/NISTWrapKAT.java b/test/jdk/sun/security/pkcs11/Cipher/KeyWrap/NISTWrapKAT.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2021, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,13 +29,19 @@
  * @summary Verify that the AES-Key-Wrap and AES-Key-Wrap-Pad ciphers
  * work as expected using NIST test vectors.
  */
+import jtreg.SkippedException;
+
 import java.security.Key;
 import java.security.AlgorithmParameters;
 import java.security.Provider;
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.math.BigInteger;
+import java.util.List;
 
 // adapted from com/sun/crypto/provider/Cipher/KeyWrap/NISTWrapKAT.java
 public class NISTWrapKAT extends PKCS11Test {
@@ -73,8 +79,11 @@ public class NISTWrapKAT extends PKCS11Test {
             "308D49692B5F8CF638D54BB4B985633504237329964C76EBB3F669870A708DBC";
     private static String KWP_AES256_224 =
             "0942747DB07032A3F04CDB2E7DE1CBA038F92BC355393AE9A0E4AE8C901912AC3D3AF0F16D240607";
-     // from RFC 5649 sec6
-     private static String KEK2 = "5840DF6E29B02AF1AB493B705BF16EA1AE8338F4DCC176A8";
+    // from RFC 5649 sec6
+    private static String KEK2 =
+            "5840DF6E29B02AF1AB493B705BF16EA1AE8338F4DCC176A8";
+
+    private static final List<String> skippedList = new ArrayList <>();
 
     private static byte[] toBytes(String hex, int hexLen) {
         if (hexLen < hex.length()) {
@@ -91,10 +100,18 @@ private static byte[] toBytes(String hex, int hexLen) {
             byte[] out = new byte[outLen];
             if (val.length < outLen) {
                 // enlarge
-                System.arraycopy(val, 0, out, outLen - val.length, val.length);
+                System.arraycopy(val,
+                        0,
+                        out,
+                        outLen - val.length,
+                        val.length);
             } else {
                 // truncate
-                System.arraycopy(val, val.length - outLen, out, 0, outLen);
+                System.arraycopy(val,
+                        val.length - outLen,
+                        out,
+                        0,
+                        outLen);
             }
             return out;
         }
@@ -143,7 +160,8 @@ public Object[][] testData() {
               "AFBEB0F07DFBF5419200F2CCB50BB24F" },
             { "AES/KWP/NoPadding", KEK2, 24,
               "C37B7E6492584340BED12207808941155068F738", 20,
-              "138BDEAA9B8FA7FC61F97742E72248EE5AE6AE5360D1AE6A5F54F373FA543B6A" },
+              "138BDEAA9B8FA7FC61F97742E72248EE5AE6AE5360D1AE6A5F54F373FA543B6A"
+            },
             // some more test vectors for KW and KWP
             // from csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
             { "AES/KW/NoPadding", "7575da3a93607cc2bfd8cec7aadfd9a6", 16,
@@ -257,6 +275,9 @@ public void testKeyWrap(String algo, String key, int keyLen,
         int allowed = Cipher.getMaxAllowedKeyLength("AES");
         if (keyLen > allowed) {
             System.out.println("=> skip, exceeds max allowed size " + allowed);
+            skippedList.add(algo + " Cipher with wrapping " +
+                            dataLen + "-byte key with " + 8 * keyLen +
+                            "-bit KEK exceeds max allowed size " + allowed);
             return;
         }
         Cipher c1 = Cipher.getInstance(algo,
@@ -275,7 +296,8 @@ public void testKeyWrap(String algo, String key, int keyLen,
         c1.init(Cipher.WRAP_MODE, cipherKey);
         IvParameterSpec ivSpec = new IvParameterSpec(c1.getIV());
         c2.init(Cipher.WRAP_MODE, cipherKey, ivSpec);
-        AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
+        AlgorithmParameters params =
+                AlgorithmParameters.getInstance("AES");
         params.init(ivSpec);
         c3.init(Cipher.WRAP_MODE, cipherKey, params);
 
@@ -300,9 +322,12 @@ public void testKeyWrap(String algo, String key, int keyLen,
         params.init(ivSpec);
         c3.init(Cipher.UNWRAP_MODE, cipherKey, params);
 
-        Key unwrapped = c1.unwrap(wrapped, "AES", Cipher.SECRET_KEY);
-        Key unwrapped2 = c2.unwrap(wrapped, "AES", Cipher.SECRET_KEY);
-        Key unwrapped3 = c3.unwrap(wrapped, "AES", Cipher.SECRET_KEY);
+        Key unwrapped =
+                c1.unwrap(wrapped, "AES", Cipher.SECRET_KEY);
+        Key unwrapped2 =
+                c2.unwrap(wrapped, "AES", Cipher.SECRET_KEY);
+        Key unwrapped3 =
+                c3.unwrap(wrapped, "AES", Cipher.SECRET_KEY);
 
         if (!Arrays.equals(unwrapped.getEncoded(), dataVal) ||
                 !Arrays.equals(unwrapped2.getEncoded(), dataVal) ||
@@ -320,6 +345,9 @@ public void testEnc(String algo, String key, int keyLen, String data,
         int allowed = Cipher.getMaxAllowedKeyLength("AES");
         if (keyLen > allowed) {
             System.out.println("=> skip, exceeds max allowed size " + allowed);
+            skippedList.add(algo + " Cipher with enc " +
+                            dataLen + "-byte data with " + 8 * keyLen +
+                            "-bit KEK exceeds max allowed size " + allowed);
             return;
         }
         Cipher c1 = Cipher.getInstance(algo,
@@ -336,7 +364,8 @@ public void testEnc(String algo, String key, int keyLen, String data,
         c1.init(Cipher.ENCRYPT_MODE, cipherKey);
         IvParameterSpec ivSpec = new IvParameterSpec(c1.getIV());
         c2.init(Cipher.ENCRYPT_MODE, cipherKey, ivSpec);
-        AlgorithmParameters params = AlgorithmParameters.getInstance("AES");
+        AlgorithmParameters params =
+                AlgorithmParameters.getInstance("AES");
         params.init(ivSpec);
         c3.init(Cipher.ENCRYPT_MODE, cipherKey, params);
 
@@ -384,18 +413,22 @@ public static void main(String[] args) throws Exception {
     @Override
     public void main(Provider p) throws Exception {
         Object[][] testDatum = testData();
-        for (int i = 0; i < testDatum.length; i++) {
-            Object[] td = testDatum[i];
+        for (Object[] td : testDatum) {
             String algo = (String) td[0];
             if (p.getService("Cipher", algo) == null) {
-                System.out.println("Skip, due to no support:  " + algo);
-                continue;
+                skippedList.add("No support for " + algo);
             }
-            testKeyWrap(algo, (String)td[1], (int)td[2], (String)td[3],
-                    (int)td[4], (String)td[5], p);
-            testEnc(algo, (String)td[1], (int)td[2], (String)td[3],
-                    (int)td[4], (String)td[5], p);
+            testKeyWrap(algo, (String) td[1], (int) td[2], (String) td[3],
+                    (int) td[4], (String) td[5], p);
+            testEnc(algo, (String) td[1], (int) td[2], (String) td[3],
+                    (int) td[4], (String) td[5], p);
+        }
+
+        if (!skippedList.isEmpty()) {
+            throw new SkippedException("One or more tests skipped "
+                                       + skippedList);
+        } else {
+            System.out.println("All Tests Passed");
         }
-        System.out.println("Test Passed");
     }
 }
diff --git a/test/jdk/sun/security/pkcs11/Cipher/KeyWrap/TestGeneral.java b/test/jdk/sun/security/pkcs11/Cipher/KeyWrap/TestGeneral.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2021, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,18 +29,30 @@
  * @library /test/lib ../..
  * @run main/othervm TestGeneral
  */
+import jtreg.SkippedException;
+
 import java.nio.ByteBuffer;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.Key;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HexFormat;
-import java.security.*;
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.util.List;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
 
 // adapted from com/sun/crypto/provider/Cipher/KeyWrap/TestGeneral.java
 public class TestGeneral extends PKCS11Test {
 
     private static final byte[] DATA_32 =
-            Arrays.copyOf("1234567890123456789012345678901234".getBytes(), 32);
+            Arrays.copyOf("1234567890123456789012345678901234".getBytes(),
+                    32);
     private static final SecretKey KEY =
             new SecretKeySpec(DATA_32, 0, 16, "AES");
     private static final int KW_IV_LEN = 8;
@@ -49,7 +61,8 @@ public class TestGeneral extends PKCS11Test {
     private static final int MAX_KWP_PAD_LEN = 7; // 0-7
 
     public static void testEnc(Cipher c, byte[] in, int startLen, int inc,
-            IvParameterSpec[] ivs, int maxPadLen) throws Exception {
+                               IvParameterSpec[] ivs, int maxPadLen)
+            throws Exception {
 
         System.out.println("testEnc, input len=" + startLen + " w/ inc=" +
                 inc);
@@ -96,7 +109,7 @@ public static void testEnc(Cipher c, byte[] in, int startLen, int inc,
     }
 
     public static void testKAT(Cipher c, String keyStr, String inStr,
-            String expectedStr) throws Exception {
+                               String expectedStr) throws Exception {
 
         System.out.println("testKAT, input len: " + inStr.length()/2);
 
@@ -245,16 +258,21 @@ public void main(Provider p) throws Exception {
         SecretKey aes256 = new SecretKeySpec(DATA_32, "AES");
         SecretKey any256 = new SecretKeySpec(DATA_32, "ANY");
         PrivateKey priv = KeyPairGenerator.getInstance
-                ("RSA", System.getProperty("test.provider.name","SunRsaSign"))
+                ("RSA",
+                        System.getProperty(
+                                "test.provider.name",
+                                "SunRsaSign"))
                 .generateKeyPair().getPrivate();
 
         String[] algos = {
             "AES/KW/PKCS5Padding", "AES/KW/NoPadding", "AES/KWP/NoPadding"
         };
+
+        final List<String> skippedList  = new ArrayList<>();
+
         for (String a : algos) {
             if (p.getService("Cipher", a) == null) {
-                System.out.println("Skip, due to no support:  " + a);
-                continue;
+                skippedList.add(a);
             }
 
             System.out.println("Testing " + a);
@@ -329,6 +347,12 @@ public void main(Provider p) throws Exception {
             testWrap(c, keys, ivs, padLen);
             testIv(c, ivLen, allowCustomIv);
         }
-        System.out.println("All Tests Passed");
+
+        if (!skippedList.isEmpty()) {
+            throw new SkippedException("One or more tests skipped " +
+                                       "due to no support " + skippedList);
+        } else {
+            System.out.println("All Tests Passed");
+        }
     }
 }
diff --git a/test/jdk/sun/security/pkcs11/Cipher/KeyWrap/XMLEncKAT.java b/test/jdk/sun/security/pkcs11/Cipher/KeyWrap/XMLEncKAT.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2021, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,16 @@
  * @library /test/lib ../..
  * @run main/othervm XMLEncKAT
  */
+import jtreg.SkippedException;
+
 import java.util.Base64;
 import java.security.Key;
-import java.security.AlgorithmParameters;
 import java.security.Provider;
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.UnsupportedEncodingException;
-import java.io.IOException;
 
 // adapted from com/sun/crypto/provider/Cipher/KeyWrap/XMLEncKAT.java
 public class XMLEncKAT extends PKCS11Test {
@@ -105,7 +107,9 @@ private void testKeyWrap(Provider p, String cAlg, byte[] cKeyVal,
         // first test UNWRAP with known values
         for (int i = 0; i < base64Wrapped.length; i++) {
             byte[] wrappedKey = base64D.decode(base64Wrapped[i]);
-            key[i] = c.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
+            key[i] = c.unwrap(wrappedKey,
+                    "AES",
+                    Cipher.SECRET_KEY);
             if (c.getIV() != null) {
                 params[i] = new IvParameterSpec(c.getIV());
             }
@@ -131,8 +135,7 @@ public void main(Provider p) throws Exception {
         String wrapAlg = "AESWrap";
 
         if (p.getService("Cipher", wrapAlg) == null) {
-            System.out.println("Skip, due to no support:  " + wrapAlg);
-            return;
+            throw new SkippedException("No support " + wrapAlg);
         }
 
         String keyAlg = "AES";