1 /* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package libcore.javax.crypto; 18 19 import com.android.org.bouncycastle.asn1.x509.KeyUsage; 20 import java.io.ByteArrayOutputStream; 21 import java.io.PrintStream; 22 import java.math.BigInteger; 23 import java.nio.ByteBuffer; 24 import java.security.AlgorithmParameters; 25 import java.security.InvalidAlgorithmParameterException; 26 import java.security.InvalidKeyException; 27 import java.security.Key; 28 import java.security.KeyFactory; 29 import java.security.PrivateKey; 30 import java.security.Provider; 31 import java.security.PublicKey; 32 import java.security.SecureRandom; 33 import java.security.Security; 34 import java.security.cert.Certificate; 35 import java.security.interfaces.RSAPrivateKey; 36 import java.security.interfaces.RSAPublicKey; 37 import java.security.spec.AlgorithmParameterSpec; 38 import java.security.spec.RSAPrivateKeySpec; 39 import java.security.spec.RSAPublicKeySpec; 40 import java.util.ArrayList; 41 import java.util.Arrays; 42 import java.util.Collections; 43 import java.util.HashMap; 44 import java.util.HashSet; 45 import java.util.List; 46 import java.util.Locale; 47 import java.util.Map; 48 import java.util.Set; 49 import javax.crypto.BadPaddingException; 50 import javax.crypto.Cipher; 51 import javax.crypto.IllegalBlockSizeException; 52 import javax.crypto.KeyGenerator; 53 import javax.crypto.SecretKey; 54 import javax.crypto.SecretKeyFactory; 55 import javax.crypto.ShortBufferException; 56 import javax.crypto.spec.IvParameterSpec; 57 import javax.crypto.spec.PBEKeySpec; 58 import javax.crypto.spec.PBEParameterSpec; 59 import javax.crypto.spec.SecretKeySpec; 60 import junit.framework.TestCase; 61 import libcore.java.security.StandardNames; 62 import libcore.java.security.TestKeyStore; 63 import libcore.util.EmptyArray; 64 65 public final class CipherTest extends TestCase { 66 67 private static final String[] RSA_PROVIDERS = ((StandardNames.IS_RI) 68 ? new String[] { "SunJCE" } 69 : new String[] { "BC" , "AndroidOpenSSL" }); 70 71 private static final String[] AES_PROVIDERS = ((StandardNames.IS_RI) 72 ? new String[] { "SunJCE" } 73 : new String[] { "BC", "AndroidOpenSSL" }); 74 75 private static final boolean IS_UNLIMITED; 76 static { 77 boolean is_unlimited; 78 if (StandardNames.IS_RI) { 79 try { 80 String algorithm = "PBEWITHMD5ANDTRIPLEDES"; 81 Cipher.getInstance(algorithm).init(getEncryptMode(algorithm), 82 getEncryptKey(algorithm), 83 getEncryptAlgorithmParameterSpec(algorithm)); 84 is_unlimited = true; 85 } catch (Exception e) { 86 is_unlimited = false; 87 System.out.println("WARNING: Some tests disabled due to lack of " 88 + "'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'"); 89 } 90 } else { 91 is_unlimited = true; 92 } 93 IS_UNLIMITED = is_unlimited; 94 } 95 96 private static boolean isSupported(String algorithm, String provider) { 97 if (algorithm.equals("RC2")) { 98 return false; 99 } 100 if (algorithm.equals("PBEWITHMD5ANDRC2")) { 101 return false; 102 } 103 if (algorithm.startsWith("PBEWITHSHA1ANDRC2")) { 104 return false; 105 } 106 if (algorithm.equals("PBEWITHSHAAND40BITRC2-CBC")) { 107 return false; 108 } 109 if (algorithm.equals("PBEWITHSHAAND128BITRC2-CBC")) { 110 return false; 111 } 112 if (algorithm.equals("PBEWITHSHAANDTWOFISH-CBC")) { 113 return false; 114 } 115 if (!IS_UNLIMITED) { 116 if (algorithm.equals("PBEWITHMD5ANDTRIPLEDES")) { 117 return false; 118 } 119 } 120 // stream modes CFB, CTR, CTS, OFB with PKCS5Padding don't really make sense 121 if (!provider.equals("AndroidOpenSSL") && 122 (algorithm.equals("AES/CFB/PKCS5PADDING") 123 || algorithm.equals("AES/CTR/PKCS5PADDING") 124 || algorithm.equals("AES/CTS/PKCS5PADDING") 125 || algorithm.equals("AES/OFB/PKCS5PADDING"))) { 126 return false; 127 } 128 return true; 129 } 130 131 private static boolean isSupportedForWrapping(String algorithm) { 132 if (isOnlyWrappingAlgorithm(algorithm)) { 133 return true; 134 } 135 // http://b/9097343 RSA with NoPadding won't work since 136 // leading zeroes in the underlying key material are lost. 137 if (algorithm.equals("RSA/ECB/NOPADDING")) { 138 return false; 139 } 140 // AESWRAP should be used instead, fails with BC and SunJCE otherwise. 141 if (algorithm.startsWith("AES")) { 142 return false; 143 } 144 return true; 145 } 146 147 private synchronized static int getEncryptMode(String algorithm) throws Exception { 148 if (isOnlyWrappingAlgorithm(algorithm)) { 149 return Cipher.WRAP_MODE; 150 } 151 return Cipher.ENCRYPT_MODE; 152 } 153 154 private synchronized static int getDecryptMode(String algorithm) throws Exception { 155 if (isOnlyWrappingAlgorithm(algorithm)) { 156 return Cipher.UNWRAP_MODE; 157 } 158 return Cipher.DECRYPT_MODE; 159 } 160 161 private static String getBaseAlgorithm(String algorithm) { 162 if (algorithm.equals("AESWRAP")) { 163 return "AES"; 164 } 165 if (algorithm.startsWith("AES/")) { 166 return "AES"; 167 } 168 if (algorithm.equals("PBEWITHMD5AND128BITAES-CBC-OPENSSL")) { 169 return "AES"; 170 } 171 if (algorithm.equals("PBEWITHMD5AND192BITAES-CBC-OPENSSL")) { 172 return "AES"; 173 } 174 if (algorithm.equals("PBEWITHMD5AND256BITAES-CBC-OPENSSL")) { 175 return "AES"; 176 } 177 if (algorithm.equals("PBEWITHSHA256AND128BITAES-CBC-BC")) { 178 return "AES"; 179 } 180 if (algorithm.equals("PBEWITHSHA256AND192BITAES-CBC-BC")) { 181 return "AES"; 182 } 183 if (algorithm.equals("PBEWITHSHA256AND256BITAES-CBC-BC")) { 184 return "AES"; 185 } 186 if (algorithm.equals("PBEWITHSHAAND128BITAES-CBC-BC")) { 187 return "AES"; 188 } 189 if (algorithm.equals("PBEWITHSHAAND192BITAES-CBC-BC")) { 190 return "AES"; 191 } 192 if (algorithm.equals("PBEWITHSHAAND256BITAES-CBC-BC")) { 193 return "AES"; 194 } 195 if (algorithm.equals("PBEWITHMD5ANDDES")) { 196 return "DES"; 197 } 198 if (algorithm.equals("PBEWITHSHA1ANDDES")) { 199 return "DES"; 200 } 201 if (algorithm.equals("DESEDEWRAP")) { 202 return "DESEDE"; 203 } 204 if (algorithm.equals("PBEWITHSHAAND2-KEYTRIPLEDES-CBC")) { 205 return "DESEDE"; 206 } 207 if (algorithm.equals("PBEWITHSHAAND3-KEYTRIPLEDES-CBC")) { 208 return "DESEDE"; 209 } 210 if (algorithm.equals("PBEWITHMD5ANDTRIPLEDES")) { 211 return "DESEDE"; 212 } 213 if (algorithm.equals("PBEWITHSHA1ANDDESEDE")) { 214 return "DESEDE"; 215 } 216 if (algorithm.equals("RSA/ECB/NOPADDING")) { 217 return "RSA"; 218 } 219 if (algorithm.equals("RSA/ECB/PKCS1PADDING")) { 220 return "RSA"; 221 } 222 if (algorithm.equals("PBEWITHSHAAND40BITRC4")) { 223 return "ARC4"; 224 } 225 if (algorithm.equals("PBEWITHSHAAND128BITRC4")) { 226 return "ARC4"; 227 } 228 return algorithm; 229 } 230 231 private static boolean isAsymmetric(String algorithm) { 232 return getBaseAlgorithm(algorithm).equals("RSA"); 233 } 234 235 private static boolean isOnlyWrappingAlgorithm(String algorithm) { 236 return algorithm.endsWith("WRAP"); 237 } 238 239 private static boolean isPBE(String algorithm) { 240 return algorithm.startsWith("PBE"); 241 } 242 243 private static Map<String, Key> ENCRYPT_KEYS = new HashMap<String, Key>(); 244 private synchronized static Key getEncryptKey(String algorithm) throws Exception { 245 Key key = ENCRYPT_KEYS.get(algorithm); 246 if (key != null) { 247 return key; 248 } 249 if (algorithm.startsWith("RSA")) { 250 KeyFactory kf = KeyFactory.getInstance("RSA"); 251 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 252 RSA_2048_privateExponent); 253 key = kf.generatePrivate(keySpec); 254 } else if (isPBE(algorithm)) { 255 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 256 key = skf.generateSecret(new PBEKeySpec("secret".toCharArray())); 257 } else { 258 KeyGenerator kg = KeyGenerator.getInstance(getBaseAlgorithm(algorithm)); 259 key = kg.generateKey(); 260 } 261 ENCRYPT_KEYS.put(algorithm, key); 262 return key; 263 } 264 265 private static Map<String, Key> DECRYPT_KEYS = new HashMap<String, Key>(); 266 private synchronized static Key getDecryptKey(String algorithm) throws Exception { 267 Key key = DECRYPT_KEYS.get(algorithm); 268 if (key != null) { 269 return key; 270 } 271 if (algorithm.startsWith("RSA")) { 272 KeyFactory kf = KeyFactory.getInstance("RSA"); 273 RSAPublicKeySpec keySpec = new RSAPublicKeySpec(RSA_2048_modulus, 274 RSA_2048_publicExponent); 275 key = kf.generatePublic(keySpec); 276 } else { 277 assertFalse(algorithm, isAsymmetric(algorithm)); 278 key = getEncryptKey(algorithm); 279 } 280 DECRYPT_KEYS.put(algorithm, key); 281 return key; 282 } 283 284 private static Map<String, Integer> EXPECTED_BLOCK_SIZE = new HashMap<String, Integer>(); 285 static { 286 setExpectedBlockSize("AES", 16); 287 setExpectedBlockSize("AES/CBC/PKCS5PADDING", 16); 288 setExpectedBlockSize("AES/CBC/NOPADDING", 16); 289 setExpectedBlockSize("AES/CFB/PKCS5PADDING", 16); 290 setExpectedBlockSize("AES/CFB/NOPADDING", 16); 291 setExpectedBlockSize("AES/CTR/PKCS5PADDING", 16); 292 setExpectedBlockSize("AES/CTR/NOPADDING", 16); 293 setExpectedBlockSize("AES/CTS/PKCS5PADDING", 16); 294 setExpectedBlockSize("AES/CTS/NOPADDING", 16); 295 setExpectedBlockSize("AES/ECB/PKCS5PADDING", 16); 296 setExpectedBlockSize("AES/ECB/NOPADDING", 16); 297 setExpectedBlockSize("AES/OFB/PKCS5PADDING", 16); 298 setExpectedBlockSize("AES/OFB/NOPADDING", 16); 299 setExpectedBlockSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", 16); 300 setExpectedBlockSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", 16); 301 setExpectedBlockSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", 16); 302 setExpectedBlockSize("PBEWITHSHA256AND128BITAES-CBC-BC", 16); 303 setExpectedBlockSize("PBEWITHSHA256AND192BITAES-CBC-BC", 16); 304 setExpectedBlockSize("PBEWITHSHA256AND256BITAES-CBC-BC", 16); 305 setExpectedBlockSize("PBEWITHSHAAND128BITAES-CBC-BC", 16); 306 setExpectedBlockSize("PBEWITHSHAAND192BITAES-CBC-BC", 16); 307 setExpectedBlockSize("PBEWITHSHAAND256BITAES-CBC-BC", 16); 308 309 if (StandardNames.IS_RI) { 310 setExpectedBlockSize("AESWRAP", 16); 311 } else { 312 setExpectedBlockSize("AESWRAP", 0); 313 } 314 315 setExpectedBlockSize("ARC4", 0); 316 setExpectedBlockSize("ARCFOUR", 0); 317 setExpectedBlockSize("PBEWITHSHAAND40BITRC4", 0); 318 setExpectedBlockSize("PBEWITHSHAAND128BITRC4", 0); 319 320 setExpectedBlockSize("BLOWFISH", 8); 321 322 setExpectedBlockSize("DES", 8); 323 setExpectedBlockSize("PBEWITHMD5ANDDES", 8); 324 setExpectedBlockSize("PBEWITHSHA1ANDDES", 8); 325 326 setExpectedBlockSize("DESEDE", 8); 327 setExpectedBlockSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", 8); 328 setExpectedBlockSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", 8); 329 setExpectedBlockSize("PBEWITHMD5ANDTRIPLEDES", 8); 330 setExpectedBlockSize("PBEWITHSHA1ANDDESEDE", 8); 331 332 333 if (StandardNames.IS_RI) { 334 setExpectedBlockSize("DESEDEWRAP", 8); 335 } else { 336 setExpectedBlockSize("DESEDEWRAP", 0); 337 } 338 339 if (StandardNames.IS_RI) { 340 setExpectedBlockSize("RSA", 0); 341 setExpectedBlockSize("RSA/ECB/NoPadding", 0); 342 setExpectedBlockSize("RSA/ECB/PKCS1Padding", 0); 343 } else { 344 setExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, 256); 345 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, 256); 346 setExpectedBlockSize("RSA/ECB/PKCS1Padding", Cipher.ENCRYPT_MODE, 245); 347 348 // BC strips the leading 0 for us even when NoPadding is specified 349 setExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, "BC", 255); 350 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, "BC", 255); 351 352 setExpectedBlockSize("RSA", Cipher.DECRYPT_MODE, 256); 353 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, 256); 354 setExpectedBlockSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, 256); 355 } 356 } 357 358 private static String modeKey(String algorithm, int mode) { 359 return algorithm + ":" + mode; 360 } 361 362 private static String modeProviderKey(String algorithm, int mode, String provider) { 363 return algorithm + ":" + mode + ":" + provider; 364 } 365 366 private static void setExpectedSize(Map<String, Integer> map, 367 String algorithm, int value) { 368 algorithm = algorithm.toUpperCase(Locale.US); 369 map.put(algorithm, value); 370 } 371 372 private static void setExpectedSize(Map<String, Integer> map, 373 String algorithm, int mode, int value) { 374 setExpectedSize(map, modeKey(algorithm, mode), value); 375 } 376 377 private static void setExpectedSize(Map<String, Integer> map, 378 String algorithm, int mode, String provider, int value) { 379 setExpectedSize(map, modeProviderKey(algorithm, mode, provider), value); 380 } 381 382 private static int getExpectedSize(Map<String, Integer> map, String algorithm, int mode, String provider) { 383 algorithm = algorithm.toUpperCase(Locale.US); 384 provider = provider.toUpperCase(Locale.US); 385 Integer expected = map.get(modeProviderKey(algorithm, mode, provider)); 386 if (expected != null) { 387 return expected; 388 } 389 expected = map.get(modeKey(algorithm, mode)); 390 if (expected != null) { 391 return expected; 392 } 393 expected = map.get(algorithm); 394 assertNotNull("Algorithm " + algorithm + " with mode " + mode + " and provider " + provider 395 + " not found in " + map, expected); 396 return expected; 397 } 398 399 private static void setExpectedBlockSize(String algorithm, int value) { 400 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, value); 401 } 402 403 private static void setExpectedBlockSize(String algorithm, int mode, int value) { 404 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, value); 405 } 406 407 private static void setExpectedBlockSize(String algorithm, int mode, String provider, int value) { 408 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, provider, value); 409 } 410 411 private static int getExpectedBlockSize(String algorithm, int mode, String provider) { 412 return getExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, provider); 413 } 414 415 private static Map<String, Integer> EXPECTED_OUTPUT_SIZE = new HashMap<String, Integer>(); 416 static { 417 setExpectedOutputSize("AES/CBC/NOPADDING", 0); 418 setExpectedOutputSize("AES/CFB/NOPADDING", 0); 419 setExpectedOutputSize("AES/CTR/NOPADDING", 0); 420 setExpectedOutputSize("AES/CTS/NOPADDING", 0); 421 setExpectedOutputSize("AES/ECB/NOPADDING", 0); 422 setExpectedOutputSize("AES/OFB/NOPADDING", 0); 423 424 setExpectedOutputSize("AES", Cipher.ENCRYPT_MODE, 16); 425 setExpectedOutputSize("AES/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 426 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 427 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 428 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 429 setExpectedOutputSize("AES/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 430 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 431 setExpectedOutputSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", 16); 432 setExpectedOutputSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", 16); 433 setExpectedOutputSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", 16); 434 setExpectedOutputSize("PBEWITHSHA256AND128BITAES-CBC-BC", 16); 435 setExpectedOutputSize("PBEWITHSHA256AND192BITAES-CBC-BC", 16); 436 setExpectedOutputSize("PBEWITHSHA256AND256BITAES-CBC-BC", 16); 437 setExpectedOutputSize("PBEWITHSHAAND128BITAES-CBC-BC", 16); 438 setExpectedOutputSize("PBEWITHSHAAND192BITAES-CBC-BC", 16); 439 setExpectedOutputSize("PBEWITHSHAAND256BITAES-CBC-BC", 16); 440 // AndroidOpenSSL returns zero for the non-block ciphers 441 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 442 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 443 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 444 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 445 446 setExpectedOutputSize("AES", Cipher.DECRYPT_MODE, 0); 447 setExpectedOutputSize("AES/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 448 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 449 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 450 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 451 setExpectedOutputSize("AES/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 452 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 453 setExpectedOutputSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 454 setExpectedOutputSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 455 setExpectedOutputSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 456 setExpectedOutputSize("PBEWITHSHA256AND128BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 457 setExpectedOutputSize("PBEWITHSHA256AND192BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 458 setExpectedOutputSize("PBEWITHSHA256AND256BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 459 setExpectedOutputSize("PBEWITHSHAAND128BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 460 setExpectedOutputSize("PBEWITHSHAAND192BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 461 setExpectedOutputSize("PBEWITHSHAAND256BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 462 // AndroidOpenSSL returns the block size for the block ciphers 463 setExpectedOutputSize("AES/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, "AndroidOpenSSL", 16); 464 setExpectedOutputSize("AES/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, "AndroidOpenSSL", 16); 465 466 if (StandardNames.IS_RI) { 467 setExpectedOutputSize("AESWRAP", Cipher.WRAP_MODE, 8); 468 setExpectedOutputSize("AESWRAP", Cipher.UNWRAP_MODE, 0); 469 } else { 470 setExpectedOutputSize("AESWRAP", -1); 471 } 472 473 setExpectedOutputSize("ARC4", 0); 474 setExpectedOutputSize("ARCFOUR", 0); 475 setExpectedOutputSize("PBEWITHSHAAND40BITRC4", 0); 476 setExpectedOutputSize("PBEWITHSHAAND128BITRC4", 0); 477 478 setExpectedOutputSize("BLOWFISH", Cipher.ENCRYPT_MODE, 8); 479 setExpectedOutputSize("BLOWFISH", Cipher.DECRYPT_MODE, 0); 480 481 setExpectedOutputSize("DES", Cipher.ENCRYPT_MODE, 8); 482 setExpectedOutputSize("PBEWITHMD5ANDDES", Cipher.ENCRYPT_MODE, 8); 483 setExpectedOutputSize("PBEWITHSHA1ANDDES", Cipher.ENCRYPT_MODE, 8); 484 485 setExpectedOutputSize("DES", Cipher.DECRYPT_MODE, 0); 486 setExpectedOutputSize("PBEWITHMD5ANDDES", Cipher.DECRYPT_MODE, 0); 487 setExpectedOutputSize("PBEWITHSHA1ANDDES", Cipher.DECRYPT_MODE, 0); 488 489 setExpectedOutputSize("DESEDE", Cipher.ENCRYPT_MODE, 8); 490 setExpectedOutputSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", Cipher.ENCRYPT_MODE, 8); 491 setExpectedOutputSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", Cipher.ENCRYPT_MODE, 8); 492 setExpectedOutputSize("PBEWITHMD5ANDTRIPLEDES", Cipher.ENCRYPT_MODE, 8); 493 setExpectedOutputSize("PBEWITHSHA1ANDDESEDE", Cipher.ENCRYPT_MODE, 8); 494 495 setExpectedOutputSize("DESEDE", Cipher.DECRYPT_MODE, 0); 496 setExpectedOutputSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", Cipher.DECRYPT_MODE, 0); 497 setExpectedOutputSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", Cipher.DECRYPT_MODE, 0); 498 setExpectedOutputSize("PBEWITHMD5ANDTRIPLEDES", Cipher.DECRYPT_MODE, 0); 499 setExpectedOutputSize("PBEWITHSHA1ANDDESEDE", Cipher.DECRYPT_MODE, 0); 500 501 if (StandardNames.IS_RI) { 502 setExpectedOutputSize("DESEDEWRAP", Cipher.WRAP_MODE, 16); 503 setExpectedOutputSize("DESEDEWRAP", Cipher.UNWRAP_MODE, 0); 504 } else { 505 setExpectedOutputSize("DESEDEWRAP", -1); 506 } 507 508 setExpectedOutputSize("RSA", Cipher.ENCRYPT_MODE, 256); 509 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, 256); 510 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.ENCRYPT_MODE, 256); 511 512 setExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, 256); 513 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, 256); 514 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, 245); 515 516 // SunJCE returns the full for size even when PKCS1Padding is specified 517 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, "SunJCE", 256); 518 519 // BC strips the leading 0 for us even when NoPadding is specified 520 setExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, "BC", 255); 521 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, "BC", 255); 522 } 523 524 private static void setExpectedOutputSize(String algorithm, int value) { 525 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, value); 526 } 527 528 private static void setExpectedOutputSize(String algorithm, int mode, int value) { 529 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, value); 530 } 531 532 private static void setExpectedOutputSize(String algorithm, int mode, String provider, int value) { 533 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, provider, value); 534 } 535 536 private static int getExpectedOutputSize(String algorithm, int mode, String provider) { 537 return getExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, provider); 538 } 539 540 private static byte[] ORIGINAL_PLAIN_TEXT = new byte[] { 0x0a, 0x0b, 0x0c }; 541 private static byte[] SIXTEEN_BYTE_BLOCK_PLAIN_TEXT = new byte[] { 0x0a, 0x0b, 0x0c, 0x00, 542 0x00, 0x00, 0x00, 0x00, 543 0x00, 0x00, 0x00, 0x00, 544 0x00, 0x00, 0x00, 0x00 }; 545 private static byte[] PKCS1_BLOCK_TYPE_00_PADDED_PLAIN_TEXT = new byte[] { 546 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 547 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 548 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 549 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 550 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 551 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 552 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 553 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 554 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 555 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 556 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 557 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 558 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 559 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 560 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 561 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0a, 0x0b, 0x0c 562 }; 563 private static byte[] PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT = new byte[] { 564 (byte) 0x00, (byte) 0x01, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 565 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 566 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 567 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 568 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 569 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 570 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 571 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 572 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 573 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 574 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 575 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 576 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 577 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 578 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 579 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 580 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 581 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 582 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 583 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 584 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 585 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 586 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 587 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 588 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 589 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 590 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 591 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 592 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 593 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 594 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 595 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c 596 }; 597 private static byte[] PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT = new byte[] { 598 (byte) 0x00, (byte) 0x02, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 599 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 600 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 601 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 602 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 603 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 604 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 605 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 606 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 607 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 608 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 609 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 610 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 611 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 612 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 613 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 614 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 615 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 616 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 617 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 618 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 619 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 620 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 621 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 622 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 623 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 624 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 625 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 626 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 627 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 628 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 629 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c 630 }; 631 632 633 private static byte[] getActualPlainText(String algorithm) { 634 // Block mode AES with NoPadding needs to match underlying block size 635 if (algorithm.equals("AES") 636 || algorithm.equals("AES/CBC/NOPADDING") 637 || algorithm.equals("AES/CTS/NOPADDING") 638 || algorithm.equals("AES/ECB/NOPADDING")) { 639 return SIXTEEN_BYTE_BLOCK_PLAIN_TEXT; 640 } 641 return ORIGINAL_PLAIN_TEXT; 642 } 643 644 private static byte[] getExpectedPlainText(String algorithm, String provider) { 645 // Block mode AES with NoPadding needs to match underlying block size 646 if (algorithm.equals("AES") 647 || algorithm.equals("AES/CBC/NOPADDING") 648 || algorithm.equals("AES/CTS/NOPADDING") 649 || algorithm.equals("AES/ECB/NOPADDING")) { 650 return SIXTEEN_BYTE_BLOCK_PLAIN_TEXT; 651 } 652 // BC strips the leading 0 for us even when NoPadding is specified 653 if (!provider.equals("BC") && algorithm.equals("RSA/ECB/NOPADDING")) { 654 return PKCS1_BLOCK_TYPE_00_PADDED_PLAIN_TEXT; 655 } 656 return ORIGINAL_PLAIN_TEXT; 657 } 658 659 private static AlgorithmParameterSpec getEncryptAlgorithmParameterSpec(String algorithm) { 660 if (isPBE(algorithm)) { 661 final byte[] salt = new byte[8]; 662 new SecureRandom().nextBytes(salt); 663 return new PBEParameterSpec(salt, 1024); 664 } 665 if (algorithm.equals("AES/CBC/NOPADDING") 666 || algorithm.equals("AES/CBC/PKCS5PADDING") 667 || algorithm.equals("AES/CFB/NOPADDING") 668 || algorithm.equals("AES/CTR/NOPADDING") 669 || algorithm.equals("AES/CTS/NOPADDING") 670 || algorithm.equals("AES/OFB/NOPADDING")) { 671 final byte[] iv = new byte[16]; 672 new SecureRandom().nextBytes(iv); 673 return new IvParameterSpec(iv); 674 } 675 return null; 676 } 677 678 private static AlgorithmParameterSpec getDecryptAlgorithmParameterSpec(AlgorithmParameterSpec encryptSpec, 679 Cipher encryptCipher) { 680 String algorithm = encryptCipher.getAlgorithm().toUpperCase(Locale.US); 681 if (isPBE(algorithm)) { 682 return encryptSpec; 683 } 684 if (isOnlyWrappingAlgorithm(algorithm)) { 685 return null; 686 } 687 byte[] iv = encryptCipher.getIV(); 688 if (iv != null) { 689 return new IvParameterSpec(iv); 690 } 691 return null; 692 } 693 694 public void test_getInstance() throws Exception { 695 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 696 PrintStream out = new PrintStream(errBuffer); 697 698 Set<String> seenBaseCipherNames = new HashSet<String>(); 699 Set<String> seenCiphersWithModeAndPadding = new HashSet<String>(); 700 701 Provider[] providers = Security.getProviders(); 702 for (Provider provider : providers) { 703 Set<Provider.Service> services = provider.getServices(); 704 for (Provider.Service service : services) { 705 String type = service.getType(); 706 if (!type.equals("Cipher")) { 707 continue; 708 } 709 710 String algorithm = service.getAlgorithm(); 711 712 /* 713 * Any specific modes and paddings aren't tested directly here, 714 * but we need to make sure we see the bare algorithm from some 715 * provider. We will test each mode specifically when we get the 716 * base cipher. 717 */ 718 final int firstSlash = algorithm.indexOf('/'); 719 if (firstSlash == -1) { 720 seenBaseCipherNames.add(algorithm); 721 } else { 722 final String baseCipherName = algorithm.substring(0, firstSlash); 723 if (!seenBaseCipherNames.contains(baseCipherName)) { 724 seenCiphersWithModeAndPadding.add(baseCipherName); 725 } 726 continue; 727 } 728 729 try { 730 test_Cipher_Algorithm(provider, algorithm); 731 } catch (Throwable e) { 732 out.append("Error encountered checking " + algorithm 733 + " with provider " + provider.getName() + "\n"); 734 e.printStackTrace(out); 735 } 736 737 Set<String> modes = StandardNames.getModesForCipher(algorithm); 738 if (modes != null) { 739 for (String mode : modes) { 740 Set<String> paddings = StandardNames.getPaddingsForCipher(algorithm); 741 if (paddings != null) { 742 for (String padding : paddings) { 743 final String algorithmName = algorithm + "/" + mode + "/" + padding; 744 try { 745 test_Cipher_Algorithm(provider, algorithmName); 746 } catch (Throwable e) { 747 out.append("Error encountered checking " + algorithmName 748 + " with provider " + provider.getName() + "\n"); 749 e.printStackTrace(out); 750 } 751 } 752 } 753 } 754 } 755 } 756 } 757 758 seenCiphersWithModeAndPadding.removeAll(seenBaseCipherNames); 759 assertEquals("Ciphers seen with mode and padding but not base cipher", 760 Collections.EMPTY_SET, seenCiphersWithModeAndPadding); 761 762 out.flush(); 763 if (errBuffer.size() > 0) { 764 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 765 } 766 } 767 768 private void test_Cipher_Algorithm(Provider provider, String algorithm) throws Exception { 769 if (algorithm.equals("RSA") && provider.getName().equals("BC")) { 770 // http://b/9097343 BC's Cipher.RSA defaults to NoPadding 771 // which makes it fail the key wrapping test if the 772 // generated AES key to wrap starts with a leading 773 // zero. For the purposes of the test, use the same 774 // default behavior as the RI. Real code really should 775 // specify the exact mode and padding they need and not 776 // rely on defaults. http://b/9097343 777 algorithm = "RSA/ECB/PKCS1Padding"; 778 } 779 780 // Cipher.getInstance(String) 781 Cipher c1 = Cipher.getInstance(algorithm); 782 if (provider.equals(c1.getProvider())) { 783 assertEquals(algorithm, c1.getAlgorithm()); 784 test_Cipher(c1); 785 } 786 787 // Cipher.getInstance(String, Provider) 788 Cipher c2 = Cipher.getInstance(algorithm, provider); 789 assertEquals(algorithm, c2.getAlgorithm()); 790 assertEquals(provider, c2.getProvider()); 791 test_Cipher(c2); 792 793 // Cipher.getInstance(String, String) 794 Cipher c3 = Cipher.getInstance(algorithm, provider.getName()); 795 assertEquals(algorithm, c3.getAlgorithm()); 796 assertEquals(provider, c3.getProvider()); 797 test_Cipher(c3); 798 } 799 800 private void test_Cipher(Cipher c) throws Exception { 801 String algorithm = c.getAlgorithm().toUpperCase(Locale.US); 802 String providerName = c.getProvider().getName(); 803 if (!isSupported(algorithm, providerName)) { 804 return; 805 } 806 String cipherID = algorithm + ":" + providerName; 807 808 try { 809 c.getOutputSize(0); 810 } catch (IllegalStateException expected) { 811 } 812 813 // TODO: test keys from different factories (e.g. OpenSSLRSAPrivateKey vs JCERSAPrivateKey) 814 Key encryptKey = getEncryptKey(algorithm); 815 816 final AlgorithmParameterSpec encryptSpec = getEncryptAlgorithmParameterSpec(algorithm); 817 int encryptMode = getEncryptMode(algorithm); 818 819 // Bouncycastle doesn't return a default PBEParameterSpec 820 if (isPBE(algorithm) && !"BC".equals(providerName)) { 821 assertNotNull(cipherID + " getParameters()", c.getParameters()); 822 assertNotNull(c.getParameters().getParameterSpec(PBEParameterSpec.class)); 823 } else { 824 assertNull(cipherID + " getParameters()", c.getParameters()); 825 } 826 try { 827 assertNull(cipherID + " getIV()", c.getIV()); 828 } catch (NullPointerException e) { 829 // Bouncycastle apparently has a bug here with AESWRAP, et al. 830 if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) { 831 throw e; 832 } 833 } 834 835 c.init(encryptMode, encryptKey, encryptSpec); 836 assertEquals(cipherID + " getBlockSize() encryptMode", 837 getExpectedBlockSize(algorithm, encryptMode, providerName), c.getBlockSize()); 838 assertEquals(cipherID + " getOutputSize(0) encryptMode", 839 getExpectedOutputSize(algorithm, encryptMode, providerName), c.getOutputSize(0)); 840 841 final AlgorithmParameterSpec decryptSpec = getDecryptAlgorithmParameterSpec(encryptSpec, c); 842 int decryptMode = getDecryptMode(algorithm); 843 c.init(decryptMode, encryptKey, decryptSpec); 844 assertEquals(cipherID + " getBlockSize() decryptMode", 845 getExpectedBlockSize(algorithm, decryptMode, providerName), c.getBlockSize()); 846 assertEquals(cipherID + " getOutputSize(0) decryptMode", 847 getExpectedOutputSize(algorithm, decryptMode, providerName), c.getOutputSize(0)); 848 849 if (isPBE(algorithm)) { 850 if (algorithm.endsWith("RC4")) { 851 assertNull(cipherID + " getIV()", c.getIV()); 852 } else { 853 assertNotNull(cipherID + " getIV()", c.getIV()); 854 } 855 } else if (decryptSpec instanceof IvParameterSpec) { 856 assertEquals(cipherID + " getIV()", 857 Arrays.toString(((IvParameterSpec) decryptSpec).getIV()), 858 Arrays.toString(c.getIV())); 859 } else { 860 try { 861 assertNull(cipherID + " getIV()", c.getIV()); 862 } catch (NullPointerException e) { 863 // Bouncycastle apparently has a bug here with AESWRAP, et al. 864 if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) { 865 throw e; 866 } 867 } 868 } 869 870 AlgorithmParameters params = c.getParameters(); 871 if (decryptSpec == null) { 872 assertNull(cipherID + " getParameters()", params); 873 } else if (decryptSpec instanceof IvParameterSpec) { 874 IvParameterSpec ivDecryptSpec = (IvParameterSpec) params.getParameterSpec(IvParameterSpec.class); 875 assertEquals(cipherID + " getIV()", 876 Arrays.toString(((IvParameterSpec) decryptSpec).getIV()), 877 Arrays.toString(ivDecryptSpec.getIV())); 878 } else if (decryptSpec instanceof PBEParameterSpec) { 879 // Bouncycastle seems to be schizophrenic about whther it returns this or not 880 if (!"BC".equals(providerName)) { 881 assertNotNull(cipherID + " getParameters()", params); 882 } 883 } 884 885 assertNull(cipherID, c.getExemptionMechanism()); 886 887 // Test wrapping a key. Every cipher should be able to wrap. Except those that can't. 888 if (isSupportedForWrapping(algorithm)) { 889 // Generate a small SecretKey for AES. 890 KeyGenerator kg = KeyGenerator.getInstance("AES"); 891 kg.init(128); 892 SecretKey sk = kg.generateKey(); 893 894 // Wrap it 895 c.init(Cipher.WRAP_MODE, encryptKey, encryptSpec); 896 byte[] cipherText = c.wrap(sk); 897 898 // Unwrap it 899 c.init(Cipher.UNWRAP_MODE, getDecryptKey(algorithm), decryptSpec); 900 Key decryptedKey = c.unwrap(cipherText, sk.getAlgorithm(), Cipher.SECRET_KEY); 901 902 assertEquals(cipherID 903 + " sk.getAlgorithm()=" + sk.getAlgorithm() 904 + " decryptedKey.getAlgorithm()=" + decryptedKey.getAlgorithm() 905 + " encryptKey.getEncoded()=" + Arrays.toString(sk.getEncoded()) 906 + " decryptedKey.getEncoded()=" + Arrays.toString(decryptedKey.getEncoded()), 907 sk, decryptedKey); 908 } 909 910 if (!isOnlyWrappingAlgorithm(algorithm)) { 911 c.init(Cipher.ENCRYPT_MODE, encryptKey, encryptSpec); 912 byte[] cipherText = c.doFinal(getActualPlainText(algorithm)); 913 c.init(Cipher.DECRYPT_MODE, getDecryptKey(algorithm), decryptSpec); 914 byte[] decryptedPlainText = c.doFinal(cipherText); 915 assertEquals(cipherID, 916 Arrays.toString(getExpectedPlainText(algorithm, providerName)), 917 Arrays.toString(decryptedPlainText)); 918 } 919 } 920 921 public void testInputPKCS1Padding() throws Exception { 922 for (String provider : RSA_PROVIDERS) { 923 testInputPKCS1Padding(provider); 924 } 925 } 926 927 private void testInputPKCS1Padding(String provider) throws Exception { 928 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT, getEncryptKey("RSA"), getDecryptKey("RSA")); 929 try { 930 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT, getEncryptKey("RSA"), getDecryptKey("RSA")); 931 fail(); 932 } catch (BadPaddingException expected) { 933 } 934 try { 935 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT, getDecryptKey("RSA"), getEncryptKey("RSA")); 936 fail(); 937 } catch (BadPaddingException expected) { 938 } 939 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT, getDecryptKey("RSA"), getEncryptKey("RSA")); 940 } 941 942 private void testInputPKCS1Padding(String provider, byte[] prePaddedPlainText, Key encryptKey, Key decryptKey) throws Exception { 943 Cipher encryptCipher = Cipher.getInstance("RSA/ECB/NoPadding", provider); 944 encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey); 945 byte[] cipherText = encryptCipher.doFinal(prePaddedPlainText); 946 Cipher decryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider); 947 decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey); 948 byte[] plainText = decryptCipher.doFinal(cipherText); 949 assertEquals(Arrays.toString(ORIGINAL_PLAIN_TEXT), 950 Arrays.toString(plainText)); 951 } 952 953 public void testOutputPKCS1Padding() throws Exception { 954 for (String provider : RSA_PROVIDERS) { 955 testOutputPKCS1Padding(provider); 956 } 957 } 958 959 private void testOutputPKCS1Padding(String provider) throws Exception { 960 testOutputPKCS1Padding(provider, (byte) 1, getEncryptKey("RSA"), getDecryptKey("RSA")); 961 testOutputPKCS1Padding(provider, (byte) 2, getDecryptKey("RSA"), getEncryptKey("RSA")); 962 } 963 964 private void testOutputPKCS1Padding(String provider, byte expectedBlockType, Key encryptKey, Key decryptKey) throws Exception { 965 Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider); 966 encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey); 967 byte[] cipherText = encryptCipher.doFinal(ORIGINAL_PLAIN_TEXT); 968 Cipher decryptCipher = Cipher.getInstance("RSA/ECB/NoPadding", provider); 969 decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey); 970 byte[] plainText = decryptCipher.doFinal(cipherText); 971 assertPadding(provider, expectedBlockType, ORIGINAL_PLAIN_TEXT, plainText); 972 } 973 974 private void assertPadding(String provider, byte expectedBlockType, byte[] expectedData, byte[] actualDataWithPadding) { 975 assertNotNull(provider, actualDataWithPadding); 976 int expectedOutputSize = getExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, provider); 977 assertEquals(provider, expectedOutputSize, actualDataWithPadding.length); 978 int expectedBlockTypeOffset; 979 if (provider.equals("BC")) { 980 // BC strips the leading 0 for us on decrypt even when NoPadding is specified... 981 expectedBlockTypeOffset = 0; 982 } else { 983 expectedBlockTypeOffset = 1; 984 assertEquals(provider, 0, actualDataWithPadding[0]); 985 } 986 byte actualBlockType = actualDataWithPadding[expectedBlockTypeOffset]; 987 assertEquals(provider, expectedBlockType, actualBlockType); 988 int actualDataOffset = actualDataWithPadding.length - expectedData.length; 989 if (actualBlockType == 1) { 990 int expectedDataOffset = expectedBlockTypeOffset + 1; 991 for (int i = expectedDataOffset; i < actualDataOffset - 1; i++) { 992 assertEquals(provider, (byte) 0xFF, actualDataWithPadding[i]); 993 } 994 } 995 assertEquals(provider, 0x00, actualDataWithPadding[actualDataOffset-1]); 996 byte[] actualData = new byte[expectedData.length]; 997 System.arraycopy(actualDataWithPadding, actualDataOffset, actualData, 0, actualData.length); 998 assertEquals(provider, Arrays.toString(expectedData), Arrays.toString(actualData)); 999 } 1000 1001 public void testCipherInitWithCertificate () throws Exception { 1002 // no key usage specified, everything is fine 1003 assertCipherInitWithKeyUsage(0, true, true, true, true); 1004 1005 // common case is that encrypt/wrap is prohibited when special usage is specified 1006 assertCipherInitWithKeyUsage(KeyUsage.digitalSignature, false, true, false, true); 1007 assertCipherInitWithKeyUsage(KeyUsage.nonRepudiation, false, true, false, true); 1008 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement, false, true, false, true); 1009 assertCipherInitWithKeyUsage(KeyUsage.keyCertSign, false, true, false, true); 1010 assertCipherInitWithKeyUsage(KeyUsage.cRLSign, false, true, false, true); 1011 1012 // Note they encipherOnly/decipherOnly don't have to do with 1013 // ENCRYPT_MODE or DECRYPT_MODE, but restrict usage relative 1014 // to keyAgreement. There is not a *_MODE option that 1015 // corresponds to this in Cipher, the RI does not enforce 1016 // anything in Cipher. 1017 // http://code.google.com/p/android/issues/detail?id=12955 1018 assertCipherInitWithKeyUsage(KeyUsage.encipherOnly, false, true, false, true); 1019 assertCipherInitWithKeyUsage(KeyUsage.decipherOnly, false, true, false, true); 1020 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement | KeyUsage.encipherOnly, 1021 false, true, false, true); 1022 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement | KeyUsage.decipherOnly, 1023 false, true, false, true); 1024 1025 // except when wrapping a key is specifically allowed or 1026 assertCipherInitWithKeyUsage(KeyUsage.keyEncipherment, false, true, true, true); 1027 // except when wrapping data encryption is specifically allowed 1028 assertCipherInitWithKeyUsage(KeyUsage.dataEncipherment, true, true, false, true); 1029 } 1030 1031 private void assertCipherInitWithKeyUsage (int keyUsage, 1032 boolean allowEncrypt, 1033 boolean allowDecrypt, 1034 boolean allowWrap, 1035 boolean allowUnwrap) throws Exception { 1036 Certificate certificate = certificateWithKeyUsage(keyUsage); 1037 assertCipherInitWithKeyUsage(certificate, allowEncrypt, Cipher.ENCRYPT_MODE); 1038 assertCipherInitWithKeyUsage(certificate, allowDecrypt, Cipher.DECRYPT_MODE); 1039 assertCipherInitWithKeyUsage(certificate, allowWrap, Cipher.WRAP_MODE); 1040 assertCipherInitWithKeyUsage(certificate, allowUnwrap, Cipher.UNWRAP_MODE); 1041 } 1042 1043 private void assertCipherInitWithKeyUsage(Certificate certificate, 1044 boolean allowMode, 1045 int mode) throws Exception { 1046 Cipher cipher = Cipher.getInstance("RSA"); 1047 if (allowMode) { 1048 cipher.init(mode, certificate); 1049 } else { 1050 try { 1051 cipher.init(mode, certificate); 1052 String modeString; 1053 switch (mode) { 1054 case Cipher.ENCRYPT_MODE: 1055 modeString = "ENCRYPT_MODE"; 1056 break; 1057 case Cipher.DECRYPT_MODE: 1058 modeString = "DECRYPT_MODE"; 1059 break; 1060 case Cipher.WRAP_MODE: 1061 modeString = "WRAP_MODE"; 1062 break; 1063 case Cipher.UNWRAP_MODE: 1064 modeString = "UNWRAP_MODE"; 1065 break; 1066 default: 1067 throw new AssertionError("Unknown Cipher.*_MODE " + mode); 1068 } 1069 fail("Should have had InvalidKeyException for " + modeString 1070 + " for " + certificate); 1071 } catch (InvalidKeyException expected) { 1072 } 1073 } 1074 } 1075 1076 private Certificate certificateWithKeyUsage(int keyUsage) throws Exception { 1077 // note the rare usage of non-zero keyUsage 1078 return new TestKeyStore.Builder() 1079 .aliasPrefix("rsa-dsa-ec") 1080 .keyUsage(keyUsage) 1081 .build() 1082 .getPrivateKey("RSA", "RSA").getCertificate(); 1083 } 1084 1085 /* 1086 * Test vectors generated with this private key: 1087 * 1088 * -----BEGIN RSA PRIVATE KEY----- 1089 * MIIEpAIBAAKCAQEA4Ec+irjyKE/rnnQv+XSPoRjtmGM8kvUq63ouvg075gMpvnZq 1090 * 0Q62pRXQ0s/ZvqeTDwwwZTeJn3lYzT6FsB+IGFJNMSWEqUslHjYltUFB7b/uGYgI 1091 * 4buX/Hy0m56qr2jpyY19DtxTu8D6ADQ1bWMF+7zDxwAUBThqu8hzyw8+90JfPTPf 1092 * ezFa4DbSoLZq/UdQOxab8247UWJRW3Ff2oPeryxYrrmr+zCXw8yd2dvl7ylsF2E5 1093 * Ao6KZx5jBW1F9AGI0sQTNJCEXeUsJTTpxrJHjAe9rpKII7YtBmx3cPn2Pz26JH9T 1094 * CER0e+eqqF2FO4vSRKzsPePImrRkU6tNJMOsaQIDAQABAoIBADd4R3al8XaY9ayW 1095 * DfuDobZ1ZOZIvQWXz4q4CHGG8macJ6nsvdSA8Bl6gNBzCebGqW+SUzHlf4tKxvTU 1096 * XtpFojJpwJ/EKMB6Tm7fc4oV3sl/q9Lyu0ehTyDqcvz+TDbgGtp3vRN82NTaELsW 1097 * LpSkZilx8XX5hfoYjwVsuX7igW9Dq503R2Ekhs2owWGWwwgYqZXshdOEZ3kSZ7O/ 1098 * IfJzcQppJYYldoQcW2cSwS1L0govMpmtt8E12l6VFavadufK8qO+gFUdBzt4vxFi 1099 * xIrSt/R0OgI47k0lL31efmUzzK5kzLOTYAdaL9HgNOw65c6cQIzL8OJeQRQCFoez 1100 * 3UdUroECgYEA9UGIS8Nzeyki1BGe9F4t7izUy7dfRVBaFXqlAJ+Zxzot8HJKxGAk 1101 * MGMy6omBd2NFRl3G3x4KbxQK/ztzluaomUrF2qloc0cv43dJ0U6z4HXmKdvrNYMz 1102 * im82SdCiZUp6Qv2atr+krE1IHTkLsimwZL3DEcwb4bYxidp8QM3s8rECgYEA6hp0 1103 * LduIHO23KIyH442GjdekCdFaQ/RF1Td6C1cx3b/KLa8oqOE81cCvzsM0fXSjniNa 1104 * PNljPydN4rlPkt9DgzkR2enxz1jyfeLgj/RZZMcg0+whOdx8r8kSlTzeyy81Wi4s 1105 * NaUPrXVMs7IxZkJLo7bjESoriYw4xcFe2yOGkzkCgYBRgo8exv2ZYCmQG68dfjN7 1106 * pfCvJ+mE6tiVrOYr199O5FoiQInyzBUa880XP84EdLywTzhqLNzA4ANrokGfVFeS 1107 * YtRxAL6TGYSj76Bb7PFBV03AebOpXEqD5sQ/MhTW3zLVEt4ZgIXlMeYWuD/X3Z0f 1108 * TiYHwzM9B8VdEH0dOJNYcQKBgQDbT7UPUN6O21P/NMgJMYigUShn2izKBIl3WeWH 1109 * wkQBDa+GZNWegIPRbBZHiTAfZ6nweAYNg0oq29NnV1toqKhCwrAqibPzH8zsiiL+ 1110 * OVeVxcbHQitOXXSh6ajzDndZufwtY5wfFWc+hOk6XvFQb0MVODw41Fy9GxQEj0ch 1111 * 3IIyYQKBgQDYEUWTr0FfthLb8ZI3ENVNB0hiBadqO0MZSWjA3/HxHvD2GkozfV/T 1112 * dBu8lkDkR7i2tsR8OsEgQ1fTsMVbqShr2nP2KSlvX6kUbYl2NX08dR51FIaWpAt0 1113 * aFyCzjCQLWOdck/yTV4ulAfuNO3tLjtN9lqpvP623yjQe6aQPxZXaA== 1114 * -----END RSA PRIVATE KEY----- 1115 * 1116 */ 1117 1118 private static final BigInteger RSA_2048_modulus = new BigInteger(new byte[] { 1119 (byte) 0x00, (byte) 0xe0, (byte) 0x47, (byte) 0x3e, (byte) 0x8a, (byte) 0xb8, (byte) 0xf2, (byte) 0x28, 1120 (byte) 0x4f, (byte) 0xeb, (byte) 0x9e, (byte) 0x74, (byte) 0x2f, (byte) 0xf9, (byte) 0x74, (byte) 0x8f, 1121 (byte) 0xa1, (byte) 0x18, (byte) 0xed, (byte) 0x98, (byte) 0x63, (byte) 0x3c, (byte) 0x92, (byte) 0xf5, 1122 (byte) 0x2a, (byte) 0xeb, (byte) 0x7a, (byte) 0x2e, (byte) 0xbe, (byte) 0x0d, (byte) 0x3b, (byte) 0xe6, 1123 (byte) 0x03, (byte) 0x29, (byte) 0xbe, (byte) 0x76, (byte) 0x6a, (byte) 0xd1, (byte) 0x0e, (byte) 0xb6, 1124 (byte) 0xa5, (byte) 0x15, (byte) 0xd0, (byte) 0xd2, (byte) 0xcf, (byte) 0xd9, (byte) 0xbe, (byte) 0xa7, 1125 (byte) 0x93, (byte) 0x0f, (byte) 0x0c, (byte) 0x30, (byte) 0x65, (byte) 0x37, (byte) 0x89, (byte) 0x9f, 1126 (byte) 0x79, (byte) 0x58, (byte) 0xcd, (byte) 0x3e, (byte) 0x85, (byte) 0xb0, (byte) 0x1f, (byte) 0x88, 1127 (byte) 0x18, (byte) 0x52, (byte) 0x4d, (byte) 0x31, (byte) 0x25, (byte) 0x84, (byte) 0xa9, (byte) 0x4b, 1128 (byte) 0x25, (byte) 0x1e, (byte) 0x36, (byte) 0x25, (byte) 0xb5, (byte) 0x41, (byte) 0x41, (byte) 0xed, 1129 (byte) 0xbf, (byte) 0xee, (byte) 0x19, (byte) 0x88, (byte) 0x08, (byte) 0xe1, (byte) 0xbb, (byte) 0x97, 1130 (byte) 0xfc, (byte) 0x7c, (byte) 0xb4, (byte) 0x9b, (byte) 0x9e, (byte) 0xaa, (byte) 0xaf, (byte) 0x68, 1131 (byte) 0xe9, (byte) 0xc9, (byte) 0x8d, (byte) 0x7d, (byte) 0x0e, (byte) 0xdc, (byte) 0x53, (byte) 0xbb, 1132 (byte) 0xc0, (byte) 0xfa, (byte) 0x00, (byte) 0x34, (byte) 0x35, (byte) 0x6d, (byte) 0x63, (byte) 0x05, 1133 (byte) 0xfb, (byte) 0xbc, (byte) 0xc3, (byte) 0xc7, (byte) 0x00, (byte) 0x14, (byte) 0x05, (byte) 0x38, 1134 (byte) 0x6a, (byte) 0xbb, (byte) 0xc8, (byte) 0x73, (byte) 0xcb, (byte) 0x0f, (byte) 0x3e, (byte) 0xf7, 1135 (byte) 0x42, (byte) 0x5f, (byte) 0x3d, (byte) 0x33, (byte) 0xdf, (byte) 0x7b, (byte) 0x31, (byte) 0x5a, 1136 (byte) 0xe0, (byte) 0x36, (byte) 0xd2, (byte) 0xa0, (byte) 0xb6, (byte) 0x6a, (byte) 0xfd, (byte) 0x47, 1137 (byte) 0x50, (byte) 0x3b, (byte) 0x16, (byte) 0x9b, (byte) 0xf3, (byte) 0x6e, (byte) 0x3b, (byte) 0x51, 1138 (byte) 0x62, (byte) 0x51, (byte) 0x5b, (byte) 0x71, (byte) 0x5f, (byte) 0xda, (byte) 0x83, (byte) 0xde, 1139 (byte) 0xaf, (byte) 0x2c, (byte) 0x58, (byte) 0xae, (byte) 0xb9, (byte) 0xab, (byte) 0xfb, (byte) 0x30, 1140 (byte) 0x97, (byte) 0xc3, (byte) 0xcc, (byte) 0x9d, (byte) 0xd9, (byte) 0xdb, (byte) 0xe5, (byte) 0xef, 1141 (byte) 0x29, (byte) 0x6c, (byte) 0x17, (byte) 0x61, (byte) 0x39, (byte) 0x02, (byte) 0x8e, (byte) 0x8a, 1142 (byte) 0x67, (byte) 0x1e, (byte) 0x63, (byte) 0x05, (byte) 0x6d, (byte) 0x45, (byte) 0xf4, (byte) 0x01, 1143 (byte) 0x88, (byte) 0xd2, (byte) 0xc4, (byte) 0x13, (byte) 0x34, (byte) 0x90, (byte) 0x84, (byte) 0x5d, 1144 (byte) 0xe5, (byte) 0x2c, (byte) 0x25, (byte) 0x34, (byte) 0xe9, (byte) 0xc6, (byte) 0xb2, (byte) 0x47, 1145 (byte) 0x8c, (byte) 0x07, (byte) 0xbd, (byte) 0xae, (byte) 0x92, (byte) 0x88, (byte) 0x23, (byte) 0xb6, 1146 (byte) 0x2d, (byte) 0x06, (byte) 0x6c, (byte) 0x77, (byte) 0x70, (byte) 0xf9, (byte) 0xf6, (byte) 0x3f, 1147 (byte) 0x3d, (byte) 0xba, (byte) 0x24, (byte) 0x7f, (byte) 0x53, (byte) 0x08, (byte) 0x44, (byte) 0x74, 1148 (byte) 0x7b, (byte) 0xe7, (byte) 0xaa, (byte) 0xa8, (byte) 0x5d, (byte) 0x85, (byte) 0x3b, (byte) 0x8b, 1149 (byte) 0xd2, (byte) 0x44, (byte) 0xac, (byte) 0xec, (byte) 0x3d, (byte) 0xe3, (byte) 0xc8, (byte) 0x9a, 1150 (byte) 0xb4, (byte) 0x64, (byte) 0x53, (byte) 0xab, (byte) 0x4d, (byte) 0x24, (byte) 0xc3, (byte) 0xac, 1151 (byte) 0x69, 1152 }); 1153 1154 private static final BigInteger RSA_2048_privateExponent = new BigInteger(new byte[] { 1155 (byte) 0x37, (byte) 0x78, (byte) 0x47, (byte) 0x76, (byte) 0xa5, (byte) 0xf1, (byte) 0x76, (byte) 0x98, 1156 (byte) 0xf5, (byte) 0xac, (byte) 0x96, (byte) 0x0d, (byte) 0xfb, (byte) 0x83, (byte) 0xa1, (byte) 0xb6, 1157 (byte) 0x75, (byte) 0x64, (byte) 0xe6, (byte) 0x48, (byte) 0xbd, (byte) 0x05, (byte) 0x97, (byte) 0xcf, 1158 (byte) 0x8a, (byte) 0xb8, (byte) 0x08, (byte) 0x71, (byte) 0x86, (byte) 0xf2, (byte) 0x66, (byte) 0x9c, 1159 (byte) 0x27, (byte) 0xa9, (byte) 0xec, (byte) 0xbd, (byte) 0xd4, (byte) 0x80, (byte) 0xf0, (byte) 0x19, 1160 (byte) 0x7a, (byte) 0x80, (byte) 0xd0, (byte) 0x73, (byte) 0x09, (byte) 0xe6, (byte) 0xc6, (byte) 0xa9, 1161 (byte) 0x6f, (byte) 0x92, (byte) 0x53, (byte) 0x31, (byte) 0xe5, (byte) 0x7f, (byte) 0x8b, (byte) 0x4a, 1162 (byte) 0xc6, (byte) 0xf4, (byte) 0xd4, (byte) 0x5e, (byte) 0xda, (byte) 0x45, (byte) 0xa2, (byte) 0x32, 1163 (byte) 0x69, (byte) 0xc0, (byte) 0x9f, (byte) 0xc4, (byte) 0x28, (byte) 0xc0, (byte) 0x7a, (byte) 0x4e, 1164 (byte) 0x6e, (byte) 0xdf, (byte) 0x73, (byte) 0x8a, (byte) 0x15, (byte) 0xde, (byte) 0xc9, (byte) 0x7f, 1165 (byte) 0xab, (byte) 0xd2, (byte) 0xf2, (byte) 0xbb, (byte) 0x47, (byte) 0xa1, (byte) 0x4f, (byte) 0x20, 1166 (byte) 0xea, (byte) 0x72, (byte) 0xfc, (byte) 0xfe, (byte) 0x4c, (byte) 0x36, (byte) 0xe0, (byte) 0x1a, 1167 (byte) 0xda, (byte) 0x77, (byte) 0xbd, (byte) 0x13, (byte) 0x7c, (byte) 0xd8, (byte) 0xd4, (byte) 0xda, 1168 (byte) 0x10, (byte) 0xbb, (byte) 0x16, (byte) 0x2e, (byte) 0x94, (byte) 0xa4, (byte) 0x66, (byte) 0x29, 1169 (byte) 0x71, (byte) 0xf1, (byte) 0x75, (byte) 0xf9, (byte) 0x85, (byte) 0xfa, (byte) 0x18, (byte) 0x8f, 1170 (byte) 0x05, (byte) 0x6c, (byte) 0xb9, (byte) 0x7e, (byte) 0xe2, (byte) 0x81, (byte) 0x6f, (byte) 0x43, 1171 (byte) 0xab, (byte) 0x9d, (byte) 0x37, (byte) 0x47, (byte) 0x61, (byte) 0x24, (byte) 0x86, (byte) 0xcd, 1172 (byte) 0xa8, (byte) 0xc1, (byte) 0x61, (byte) 0x96, (byte) 0xc3, (byte) 0x08, (byte) 0x18, (byte) 0xa9, 1173 (byte) 0x95, (byte) 0xec, (byte) 0x85, (byte) 0xd3, (byte) 0x84, (byte) 0x67, (byte) 0x79, (byte) 0x12, 1174 (byte) 0x67, (byte) 0xb3, (byte) 0xbf, (byte) 0x21, (byte) 0xf2, (byte) 0x73, (byte) 0x71, (byte) 0x0a, 1175 (byte) 0x69, (byte) 0x25, (byte) 0x86, (byte) 0x25, (byte) 0x76, (byte) 0x84, (byte) 0x1c, (byte) 0x5b, 1176 (byte) 0x67, (byte) 0x12, (byte) 0xc1, (byte) 0x2d, (byte) 0x4b, (byte) 0xd2, (byte) 0x0a, (byte) 0x2f, 1177 (byte) 0x32, (byte) 0x99, (byte) 0xad, (byte) 0xb7, (byte) 0xc1, (byte) 0x35, (byte) 0xda, (byte) 0x5e, 1178 (byte) 0x95, (byte) 0x15, (byte) 0xab, (byte) 0xda, (byte) 0x76, (byte) 0xe7, (byte) 0xca, (byte) 0xf2, 1179 (byte) 0xa3, (byte) 0xbe, (byte) 0x80, (byte) 0x55, (byte) 0x1d, (byte) 0x07, (byte) 0x3b, (byte) 0x78, 1180 (byte) 0xbf, (byte) 0x11, (byte) 0x62, (byte) 0xc4, (byte) 0x8a, (byte) 0xd2, (byte) 0xb7, (byte) 0xf4, 1181 (byte) 0x74, (byte) 0x3a, (byte) 0x02, (byte) 0x38, (byte) 0xee, (byte) 0x4d, (byte) 0x25, (byte) 0x2f, 1182 (byte) 0x7d, (byte) 0x5e, (byte) 0x7e, (byte) 0x65, (byte) 0x33, (byte) 0xcc, (byte) 0xae, (byte) 0x64, 1183 (byte) 0xcc, (byte) 0xb3, (byte) 0x93, (byte) 0x60, (byte) 0x07, (byte) 0x5a, (byte) 0x2f, (byte) 0xd1, 1184 (byte) 0xe0, (byte) 0x34, (byte) 0xec, (byte) 0x3a, (byte) 0xe5, (byte) 0xce, (byte) 0x9c, (byte) 0x40, 1185 (byte) 0x8c, (byte) 0xcb, (byte) 0xf0, (byte) 0xe2, (byte) 0x5e, (byte) 0x41, (byte) 0x14, (byte) 0x02, 1186 (byte) 0x16, (byte) 0x87, (byte) 0xb3, (byte) 0xdd, (byte) 0x47, (byte) 0x54, (byte) 0xae, (byte) 0x81, 1187 }); 1188 1189 private static final BigInteger RSA_2048_publicExponent = new BigInteger(new byte[] { 1190 (byte) 0x01, (byte) 0x00, (byte) 0x01, 1191 }); 1192 1193 private static final BigInteger RSA_2048_primeP = new BigInteger(new byte[] { 1194 (byte) 0x00, (byte) 0xf5, (byte) 0x41, (byte) 0x88, (byte) 0x4b, (byte) 0xc3, (byte) 0x73, (byte) 0x7b, 1195 (byte) 0x29, (byte) 0x22, (byte) 0xd4, (byte) 0x11, (byte) 0x9e, (byte) 0xf4, (byte) 0x5e, (byte) 0x2d, 1196 (byte) 0xee, (byte) 0x2c, (byte) 0xd4, (byte) 0xcb, (byte) 0xb7, (byte) 0x5f, (byte) 0x45, (byte) 0x50, 1197 (byte) 0x5a, (byte) 0x15, (byte) 0x7a, (byte) 0xa5, (byte) 0x00, (byte) 0x9f, (byte) 0x99, (byte) 0xc7, 1198 (byte) 0x3a, (byte) 0x2d, (byte) 0xf0, (byte) 0x72, (byte) 0x4a, (byte) 0xc4, (byte) 0x60, (byte) 0x24, 1199 (byte) 0x30, (byte) 0x63, (byte) 0x32, (byte) 0xea, (byte) 0x89, (byte) 0x81, (byte) 0x77, (byte) 0x63, 1200 (byte) 0x45, (byte) 0x46, (byte) 0x5d, (byte) 0xc6, (byte) 0xdf, (byte) 0x1e, (byte) 0x0a, (byte) 0x6f, 1201 (byte) 0x14, (byte) 0x0a, (byte) 0xff, (byte) 0x3b, (byte) 0x73, (byte) 0x96, (byte) 0xe6, (byte) 0xa8, 1202 (byte) 0x99, (byte) 0x4a, (byte) 0xc5, (byte) 0xda, (byte) 0xa9, (byte) 0x68, (byte) 0x73, (byte) 0x47, 1203 (byte) 0x2f, (byte) 0xe3, (byte) 0x77, (byte) 0x49, (byte) 0xd1, (byte) 0x4e, (byte) 0xb3, (byte) 0xe0, 1204 (byte) 0x75, (byte) 0xe6, (byte) 0x29, (byte) 0xdb, (byte) 0xeb, (byte) 0x35, (byte) 0x83, (byte) 0x33, 1205 (byte) 0x8a, (byte) 0x6f, (byte) 0x36, (byte) 0x49, (byte) 0xd0, (byte) 0xa2, (byte) 0x65, (byte) 0x4a, 1206 (byte) 0x7a, (byte) 0x42, (byte) 0xfd, (byte) 0x9a, (byte) 0xb6, (byte) 0xbf, (byte) 0xa4, (byte) 0xac, 1207 (byte) 0x4d, (byte) 0x48, (byte) 0x1d, (byte) 0x39, (byte) 0x0b, (byte) 0xb2, (byte) 0x29, (byte) 0xb0, 1208 (byte) 0x64, (byte) 0xbd, (byte) 0xc3, (byte) 0x11, (byte) 0xcc, (byte) 0x1b, (byte) 0xe1, (byte) 0xb6, 1209 (byte) 0x31, (byte) 0x89, (byte) 0xda, (byte) 0x7c, (byte) 0x40, (byte) 0xcd, (byte) 0xec, (byte) 0xf2, 1210 (byte) 0xb1, 1211 }); 1212 1213 private static final BigInteger RSA_2048_primeQ = new BigInteger(new byte[] { 1214 (byte) 0x00, (byte) 0xea, (byte) 0x1a, (byte) 0x74, (byte) 0x2d, (byte) 0xdb, (byte) 0x88, (byte) 0x1c, 1215 (byte) 0xed, (byte) 0xb7, (byte) 0x28, (byte) 0x8c, (byte) 0x87, (byte) 0xe3, (byte) 0x8d, (byte) 0x86, 1216 (byte) 0x8d, (byte) 0xd7, (byte) 0xa4, (byte) 0x09, (byte) 0xd1, (byte) 0x5a, (byte) 0x43, (byte) 0xf4, 1217 (byte) 0x45, (byte) 0xd5, (byte) 0x37, (byte) 0x7a, (byte) 0x0b, (byte) 0x57, (byte) 0x31, (byte) 0xdd, 1218 (byte) 0xbf, (byte) 0xca, (byte) 0x2d, (byte) 0xaf, (byte) 0x28, (byte) 0xa8, (byte) 0xe1, (byte) 0x3c, 1219 (byte) 0xd5, (byte) 0xc0, (byte) 0xaf, (byte) 0xce, (byte) 0xc3, (byte) 0x34, (byte) 0x7d, (byte) 0x74, 1220 (byte) 0xa3, (byte) 0x9e, (byte) 0x23, (byte) 0x5a, (byte) 0x3c, (byte) 0xd9, (byte) 0x63, (byte) 0x3f, 1221 (byte) 0x27, (byte) 0x4d, (byte) 0xe2, (byte) 0xb9, (byte) 0x4f, (byte) 0x92, (byte) 0xdf, (byte) 0x43, 1222 (byte) 0x83, (byte) 0x39, (byte) 0x11, (byte) 0xd9, (byte) 0xe9, (byte) 0xf1, (byte) 0xcf, (byte) 0x58, 1223 (byte) 0xf2, (byte) 0x7d, (byte) 0xe2, (byte) 0xe0, (byte) 0x8f, (byte) 0xf4, (byte) 0x59, (byte) 0x64, 1224 (byte) 0xc7, (byte) 0x20, (byte) 0xd3, (byte) 0xec, (byte) 0x21, (byte) 0x39, (byte) 0xdc, (byte) 0x7c, 1225 (byte) 0xaf, (byte) 0xc9, (byte) 0x12, (byte) 0x95, (byte) 0x3c, (byte) 0xde, (byte) 0xcb, (byte) 0x2f, 1226 (byte) 0x35, (byte) 0x5a, (byte) 0x2e, (byte) 0x2c, (byte) 0x35, (byte) 0xa5, (byte) 0x0f, (byte) 0xad, 1227 (byte) 0x75, (byte) 0x4c, (byte) 0xb3, (byte) 0xb2, (byte) 0x31, (byte) 0x66, (byte) 0x42, (byte) 0x4b, 1228 (byte) 0xa3, (byte) 0xb6, (byte) 0xe3, (byte) 0x11, (byte) 0x2a, (byte) 0x2b, (byte) 0x89, (byte) 0x8c, 1229 (byte) 0x38, (byte) 0xc5, (byte) 0xc1, (byte) 0x5e, (byte) 0xdb, (byte) 0x23, (byte) 0x86, (byte) 0x93, 1230 (byte) 0x39, 1231 }); 1232 1233 /** 1234 * Test data is PKCS#1 padded "Android.\n" which can be generated by: 1235 * echo "Android." | openssl rsautl -inkey rsa.key -sign | openssl rsautl -inkey rsa.key -raw -verify | recode ../x1 1236 */ 1237 private static final byte[] RSA_2048_Vector1 = new byte[] { 1238 (byte) 0x00, (byte) 0x01, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1239 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1240 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1241 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1242 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1243 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1244 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1245 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1246 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1247 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1248 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1249 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1250 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1251 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1252 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1253 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1254 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1255 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1256 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1257 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1258 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1259 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1260 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1261 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1262 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1263 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1264 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1265 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1266 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1267 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1268 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1269 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1270 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1271 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1272 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1273 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1274 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1275 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1276 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1277 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1278 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1279 (byte) 0x00, (byte) 0x41, (byte) 0x6E, (byte) 0x64, (byte) 0x72, (byte) 0x6F, 1280 (byte) 0x69, (byte) 0x64, (byte) 0x2E, (byte) 0x0A, 1281 }; 1282 1283 /** 1284 * This vector is simply "Android.\n" which is too short. 1285 */ 1286 private static final byte[] TooShort_Vector = new byte[] { 1287 (byte) 0x41, (byte) 0x6E, (byte) 0x64, (byte) 0x72, (byte) 0x6F, (byte) 0x69, 1288 (byte) 0x64, (byte) 0x2E, (byte) 0x0A, 1289 }; 1290 1291 /** 1292 * This vector is simply "Android.\n" padded with zeros. 1293 */ 1294 private static final byte[] TooShort_Vector_Zero_Padded = new byte[] { 1295 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1296 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1297 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1298 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1299 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1300 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1301 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1302 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1303 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1304 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1305 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1306 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1307 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1308 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1309 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1310 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1311 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1312 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1313 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1314 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1315 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1316 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1317 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1318 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1319 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1320 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1321 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1322 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1323 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1324 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1325 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1326 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1327 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1328 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1329 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1330 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1331 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1332 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1333 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1334 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1335 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 1336 (byte) 0x00, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, 1337 (byte) 0x69, (byte) 0x64, (byte) 0x2e, (byte) 0x0a, 1338 }; 1339 1340 /** 1341 * openssl rsautl -raw -sign -inkey rsa.key | recode ../x1 | sed 's/0x/(byte) 0x/g' 1342 */ 1343 private static final byte[] RSA_Vector1_Encrypt_Private = new byte[] { 1344 (byte) 0x35, (byte) 0x43, (byte) 0x38, (byte) 0x44, (byte) 0xAD, (byte) 0x3F, 1345 (byte) 0x97, (byte) 0x02, (byte) 0xFB, (byte) 0x59, (byte) 0x1F, (byte) 0x4A, 1346 (byte) 0x2B, (byte) 0xB9, (byte) 0x06, (byte) 0xEC, (byte) 0x66, (byte) 0xE6, 1347 (byte) 0xD2, (byte) 0xC5, (byte) 0x8B, (byte) 0x7B, (byte) 0xE3, (byte) 0x18, 1348 (byte) 0xBF, (byte) 0x07, (byte) 0xD6, (byte) 0x01, (byte) 0xF9, (byte) 0xD9, 1349 (byte) 0x89, (byte) 0xC4, (byte) 0xDB, (byte) 0x00, (byte) 0x68, (byte) 0xFF, 1350 (byte) 0x9B, (byte) 0x43, (byte) 0x90, (byte) 0xF2, (byte) 0xDB, (byte) 0x83, 1351 (byte) 0xF4, (byte) 0x7E, (byte) 0xC6, (byte) 0x81, (byte) 0x01, (byte) 0x3A, 1352 (byte) 0x0B, (byte) 0xE5, (byte) 0xED, (byte) 0x08, (byte) 0x73, (byte) 0x3E, 1353 (byte) 0xE1, (byte) 0x3F, (byte) 0xDF, (byte) 0x1F, (byte) 0x07, (byte) 0x6D, 1354 (byte) 0x22, (byte) 0x8D, (byte) 0xCC, (byte) 0x4E, (byte) 0xE3, (byte) 0x9A, 1355 (byte) 0xBC, (byte) 0xCC, (byte) 0x8F, (byte) 0x9E, (byte) 0x9B, (byte) 0x02, 1356 (byte) 0x48, (byte) 0x00, (byte) 0xAC, (byte) 0x9F, (byte) 0xA4, (byte) 0x8F, 1357 (byte) 0x87, (byte) 0xA1, (byte) 0xA8, (byte) 0xE6, (byte) 0x9D, (byte) 0xCD, 1358 (byte) 0x8B, (byte) 0x05, (byte) 0xE9, (byte) 0xD2, (byte) 0x05, (byte) 0x8D, 1359 (byte) 0xC9, (byte) 0x95, (byte) 0x16, (byte) 0xD0, (byte) 0xCD, (byte) 0x43, 1360 (byte) 0x25, (byte) 0x8A, (byte) 0x11, (byte) 0x46, (byte) 0xD7, (byte) 0x74, 1361 (byte) 0x4C, (byte) 0xCF, (byte) 0x58, (byte) 0xF9, (byte) 0xA1, (byte) 0x30, 1362 (byte) 0x84, (byte) 0x52, (byte) 0xC9, (byte) 0x01, (byte) 0x5F, (byte) 0x24, 1363 (byte) 0x4C, (byte) 0xB1, (byte) 0x9F, (byte) 0x7D, (byte) 0x12, (byte) 0x38, 1364 (byte) 0x27, (byte) 0x0F, (byte) 0x5E, (byte) 0xFF, (byte) 0xE0, (byte) 0x55, 1365 (byte) 0x8B, (byte) 0xA3, (byte) 0xAD, (byte) 0x60, (byte) 0x35, (byte) 0x83, 1366 (byte) 0x58, (byte) 0xAF, (byte) 0x99, (byte) 0xDE, (byte) 0x3F, (byte) 0x5D, 1367 (byte) 0x80, (byte) 0x80, (byte) 0xFF, (byte) 0x9B, (byte) 0xDE, (byte) 0x5C, 1368 (byte) 0xAB, (byte) 0x97, (byte) 0x43, (byte) 0x64, (byte) 0xD9, (byte) 0x9F, 1369 (byte) 0xFB, (byte) 0x67, (byte) 0x65, (byte) 0xA5, (byte) 0x99, (byte) 0xE7, 1370 (byte) 0xE6, (byte) 0xEB, (byte) 0x05, (byte) 0x95, (byte) 0xFC, (byte) 0x46, 1371 (byte) 0x28, (byte) 0x4B, (byte) 0xD8, (byte) 0x8C, (byte) 0xF5, (byte) 0x0A, 1372 (byte) 0xEB, (byte) 0x1F, (byte) 0x30, (byte) 0xEA, (byte) 0xE7, (byte) 0x67, 1373 (byte) 0x11, (byte) 0x25, (byte) 0xF0, (byte) 0x44, (byte) 0x75, (byte) 0x74, 1374 (byte) 0x94, (byte) 0x06, (byte) 0x78, (byte) 0xD0, (byte) 0x21, (byte) 0xF4, 1375 (byte) 0x3F, (byte) 0xC8, (byte) 0xC4, (byte) 0x4A, (byte) 0x57, (byte) 0xBE, 1376 (byte) 0x02, (byte) 0x3C, (byte) 0x93, (byte) 0xF6, (byte) 0x95, (byte) 0xFB, 1377 (byte) 0xD1, (byte) 0x77, (byte) 0x8B, (byte) 0x43, (byte) 0xF0, (byte) 0xB9, 1378 (byte) 0x7D, (byte) 0xE0, (byte) 0x32, (byte) 0xE1, (byte) 0x72, (byte) 0xB5, 1379 (byte) 0x62, (byte) 0x3F, (byte) 0x86, (byte) 0xC3, (byte) 0xD4, (byte) 0x5F, 1380 (byte) 0x5E, (byte) 0x54, (byte) 0x1B, (byte) 0x5B, (byte) 0xE6, (byte) 0x74, 1381 (byte) 0xA1, (byte) 0x0B, (byte) 0xE5, (byte) 0x18, (byte) 0xD2, (byte) 0x4F, 1382 (byte) 0x93, (byte) 0xF3, (byte) 0x09, (byte) 0x58, (byte) 0xCE, (byte) 0xF0, 1383 (byte) 0xA3, (byte) 0x61, (byte) 0xE4, (byte) 0x6E, (byte) 0x46, (byte) 0x45, 1384 (byte) 0x89, (byte) 0x50, (byte) 0xBD, (byte) 0x03, (byte) 0x3F, (byte) 0x38, 1385 (byte) 0xDA, (byte) 0x5D, (byte) 0xD0, (byte) 0x1B, (byte) 0x1F, (byte) 0xB1, 1386 (byte) 0xEE, (byte) 0x89, (byte) 0x59, (byte) 0xC5, 1387 }; 1388 1389 private static final byte[] RSA_Vector1_ZeroPadded_Encrypted = new byte[] { 1390 (byte) 0x60, (byte) 0x4a, (byte) 0x12, (byte) 0xa3, (byte) 0xa7, (byte) 0x4a, 1391 (byte) 0xa4, (byte) 0xbf, (byte) 0x6c, (byte) 0x36, (byte) 0xad, (byte) 0x66, 1392 (byte) 0xdf, (byte) 0xce, (byte) 0xf1, (byte) 0xe4, (byte) 0x0f, (byte) 0xd4, 1393 (byte) 0x54, (byte) 0x5f, (byte) 0x03, (byte) 0x15, (byte) 0x4b, (byte) 0x9e, 1394 (byte) 0xeb, (byte) 0xfe, (byte) 0x9e, (byte) 0x24, (byte) 0xce, (byte) 0x8e, 1395 (byte) 0xc3, (byte) 0x36, (byte) 0xa5, (byte) 0x76, (byte) 0xf6, (byte) 0x54, 1396 (byte) 0xb7, (byte) 0x84, (byte) 0x48, (byte) 0x2f, (byte) 0xd4, (byte) 0x45, 1397 (byte) 0x74, (byte) 0x48, (byte) 0x5f, (byte) 0x08, (byte) 0x4e, (byte) 0x9c, 1398 (byte) 0x89, (byte) 0xcc, (byte) 0x34, (byte) 0x40, (byte) 0xb1, (byte) 0x5f, 1399 (byte) 0xa7, (byte) 0x0e, (byte) 0x11, (byte) 0x4b, (byte) 0xb5, (byte) 0x94, 1400 (byte) 0xbe, (byte) 0x14, (byte) 0xaa, (byte) 0xaa, (byte) 0xe0, (byte) 0x38, 1401 (byte) 0x1c, (byte) 0xce, (byte) 0x40, (byte) 0x61, (byte) 0xfc, (byte) 0x08, 1402 (byte) 0xcb, (byte) 0x14, (byte) 0x2b, (byte) 0xa6, (byte) 0x54, (byte) 0xdf, 1403 (byte) 0x05, (byte) 0x5c, (byte) 0x9b, (byte) 0x4f, (byte) 0x14, (byte) 0x93, 1404 (byte) 0xb0, (byte) 0x70, (byte) 0xd9, (byte) 0x32, (byte) 0xdc, (byte) 0x24, 1405 (byte) 0xe0, (byte) 0xae, (byte) 0x48, (byte) 0xfc, (byte) 0x53, (byte) 0xee, 1406 (byte) 0x7c, (byte) 0x9f, (byte) 0x69, (byte) 0x34, (byte) 0xf4, (byte) 0x76, 1407 (byte) 0xee, (byte) 0x67, (byte) 0xb2, (byte) 0xa7, (byte) 0x33, (byte) 0x1c, 1408 (byte) 0x47, (byte) 0xff, (byte) 0x5c, (byte) 0xf0, (byte) 0xb8, (byte) 0x04, 1409 (byte) 0x2c, (byte) 0xfd, (byte) 0xe2, (byte) 0xb1, (byte) 0x4a, (byte) 0x0a, 1410 (byte) 0x69, (byte) 0x1c, (byte) 0x80, (byte) 0x2b, (byte) 0xb4, (byte) 0x50, 1411 (byte) 0x65, (byte) 0x5c, (byte) 0x76, (byte) 0x78, (byte) 0x9a, (byte) 0x0c, 1412 (byte) 0x05, (byte) 0x62, (byte) 0xf0, (byte) 0xc4, (byte) 0x1c, (byte) 0x38, 1413 (byte) 0x15, (byte) 0xd0, (byte) 0xe2, (byte) 0x5a, (byte) 0x3d, (byte) 0xb6, 1414 (byte) 0xe0, (byte) 0x88, (byte) 0x85, (byte) 0xd1, (byte) 0x4f, (byte) 0x7e, 1415 (byte) 0xfc, (byte) 0x77, (byte) 0x0d, (byte) 0x2a, (byte) 0x45, (byte) 0xd5, 1416 (byte) 0xf8, (byte) 0x3c, (byte) 0x7b, (byte) 0x2d, (byte) 0x1b, (byte) 0x82, 1417 (byte) 0xfe, (byte) 0x58, (byte) 0x22, (byte) 0x47, (byte) 0x06, (byte) 0x58, 1418 (byte) 0x8b, (byte) 0x4f, (byte) 0xfb, (byte) 0x9b, (byte) 0x1c, (byte) 0x70, 1419 (byte) 0x36, (byte) 0x12, (byte) 0x04, (byte) 0x17, (byte) 0x47, (byte) 0x8a, 1420 (byte) 0x0a, (byte) 0xec, (byte) 0x12, (byte) 0x3b, (byte) 0xf8, (byte) 0xd2, 1421 (byte) 0xdc, (byte) 0x3c, (byte) 0xc8, (byte) 0x46, (byte) 0xc6, (byte) 0x51, 1422 (byte) 0x06, (byte) 0x06, (byte) 0xcb, (byte) 0x84, (byte) 0x67, (byte) 0xb5, 1423 (byte) 0x68, (byte) 0xd9, (byte) 0x9c, (byte) 0xd4, (byte) 0x16, (byte) 0x5c, 1424 (byte) 0xb4, (byte) 0xe2, (byte) 0x55, (byte) 0xe6, (byte) 0x3a, (byte) 0x73, 1425 (byte) 0x01, (byte) 0x1d, (byte) 0x6f, (byte) 0x30, (byte) 0x31, (byte) 0x59, 1426 (byte) 0x8b, (byte) 0x2f, (byte) 0x4c, (byte) 0xe7, (byte) 0x86, (byte) 0x4c, 1427 (byte) 0x39, (byte) 0x4e, (byte) 0x67, (byte) 0x3b, (byte) 0x22, (byte) 0x9b, 1428 (byte) 0x85, (byte) 0x5a, (byte) 0xc3, (byte) 0x29, (byte) 0xaf, (byte) 0x8c, 1429 (byte) 0x7c, (byte) 0x59, (byte) 0x4a, (byte) 0x24, (byte) 0xfa, (byte) 0xba, 1430 (byte) 0x55, (byte) 0x40, (byte) 0x13, (byte) 0x64, (byte) 0xd8, (byte) 0xcb, 1431 (byte) 0x4b, (byte) 0x98, (byte) 0x3f, (byte) 0xae, (byte) 0x20, (byte) 0xfd, 1432 (byte) 0x8a, (byte) 0x50, (byte) 0x73, (byte) 0xe4, 1433 }; 1434 1435 public void testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success() throws Exception { 1436 for (String provider : RSA_PROVIDERS) { 1437 testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success(provider); 1438 } 1439 } 1440 1441 private void testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success(String provider) throws Exception { 1442 KeyFactory kf = KeyFactory.getInstance("RSA"); 1443 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 1444 RSA_2048_privateExponent); 1445 1446 final PrivateKey privKey = kf.generatePrivate(keySpec); 1447 1448 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1449 1450 /* 1451 * You're actually decrypting with private keys, but there is no 1452 * distinction made here. It's all keyed off of what kind of key you're 1453 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1454 */ 1455 c.init(Cipher.ENCRYPT_MODE, privKey); 1456 byte[] encrypted = c.doFinal(RSA_2048_Vector1); 1457 assertTrue("Encrypted should match expected", 1458 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 1459 1460 c.init(Cipher.DECRYPT_MODE, privKey); 1461 encrypted = c.doFinal(RSA_2048_Vector1); 1462 assertTrue("Encrypted should match expected", 1463 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 1464 } 1465 1466 public void testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success() throws Exception { 1467 for (String provider : RSA_PROVIDERS) { 1468 testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success(provider); 1469 } 1470 } 1471 1472 private void testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success(String provider) throws Exception { 1473 KeyFactory kf = KeyFactory.getInstance("RSA"); 1474 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 1475 RSA_2048_privateExponent); 1476 1477 final PrivateKey privKey = kf.generatePrivate(keySpec); 1478 1479 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1480 1481 /* 1482 * You're actually decrypting with private keys, but there is no 1483 * distinction made here. It's all keyed off of what kind of key you're 1484 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1485 */ 1486 c.init(Cipher.ENCRYPT_MODE, privKey); 1487 c.update(RSA_2048_Vector1); 1488 byte[] encrypted = c.doFinal(); 1489 assertTrue("Encrypted should match expected", 1490 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 1491 1492 c.init(Cipher.DECRYPT_MODE, privKey); 1493 c.update(RSA_2048_Vector1); 1494 encrypted = c.doFinal(); 1495 assertTrue("Encrypted should match expected", 1496 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 1497 } 1498 1499 public void testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success() 1500 throws Exception { 1501 for (String provider : RSA_PROVIDERS) { 1502 testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success(provider); 1503 } 1504 } 1505 1506 private void testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success(String provider) 1507 throws Exception { 1508 KeyFactory kf = KeyFactory.getInstance("RSA"); 1509 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 1510 RSA_2048_privateExponent); 1511 1512 final PrivateKey privKey = kf.generatePrivate(keySpec); 1513 1514 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1515 1516 /* 1517 * You're actually decrypting with private keys, but there is no 1518 * distinction made here. It's all keyed off of what kind of key you're 1519 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1520 */ 1521 c.init(Cipher.ENCRYPT_MODE, privKey); 1522 int i; 1523 for (i = 0; i < RSA_2048_Vector1.length / 2; i++) { 1524 c.update(RSA_2048_Vector1, i, 1); 1525 } 1526 byte[] encrypted = c.doFinal(RSA_2048_Vector1, i, RSA_2048_Vector1.length - i); 1527 assertTrue("Encrypted should match expected", 1528 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 1529 1530 c.init(Cipher.DECRYPT_MODE, privKey); 1531 for (i = 0; i < RSA_2048_Vector1.length / 2; i++) { 1532 c.update(RSA_2048_Vector1, i, 1); 1533 } 1534 encrypted = c.doFinal(RSA_2048_Vector1, i, RSA_2048_Vector1.length - i); 1535 assertTrue("Encrypted should match expected", 1536 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 1537 } 1538 1539 public void testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success() throws Exception { 1540 for (String provider : RSA_PROVIDERS) { 1541 testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success(provider); 1542 } 1543 } 1544 1545 private void testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success(String provider) throws Exception { 1546 KeyFactory kf = KeyFactory.getInstance("RSA"); 1547 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 1548 RSA_2048_privateExponent); 1549 final PrivateKey privKey = kf.generatePrivate(keySpec); 1550 1551 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1552 1553 /* 1554 * You're actually decrypting with private keys, but there is no 1555 * distinction made here. It's all keyed off of what kind of key you're 1556 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1557 */ 1558 c.init(Cipher.ENCRYPT_MODE, privKey); 1559 byte[] encrypted = new byte[RSA_Vector1_Encrypt_Private.length]; 1560 final int encryptLen = c 1561 .doFinal(RSA_2048_Vector1, 0, RSA_2048_Vector1.length, encrypted, 0); 1562 assertEquals("Encrypted size should match expected", RSA_Vector1_Encrypt_Private.length, 1563 encryptLen); 1564 assertTrue("Encrypted should match expected", 1565 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 1566 1567 c.init(Cipher.DECRYPT_MODE, privKey); 1568 final int decryptLen = c 1569 .doFinal(RSA_2048_Vector1, 0, RSA_2048_Vector1.length, encrypted, 0); 1570 assertEquals("Encrypted size should match expected", RSA_Vector1_Encrypt_Private.length, 1571 decryptLen); 1572 assertTrue("Encrypted should match expected", 1573 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 1574 } 1575 1576 public void testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success() throws Exception { 1577 for (String provider : RSA_PROVIDERS) { 1578 testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success(provider); 1579 } 1580 } 1581 1582 private void testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success(String provider) throws Exception { 1583 KeyFactory kf = KeyFactory.getInstance("RSA"); 1584 RSAPublicKeySpec keySpec = new RSAPublicKeySpec(RSA_2048_modulus, RSA_2048_publicExponent); 1585 1586 final PublicKey privKey = kf.generatePublic(keySpec); 1587 1588 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1589 1590 /* 1591 * You're actually encrypting with public keys, but there is no 1592 * distinction made here. It's all keyed off of what kind of key you're 1593 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1594 */ 1595 c.init(Cipher.ENCRYPT_MODE, privKey); 1596 byte[] encrypted = c.doFinal(RSA_Vector1_Encrypt_Private); 1597 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 1598 1599 c.init(Cipher.DECRYPT_MODE, privKey); 1600 encrypted = c.doFinal(RSA_Vector1_Encrypt_Private); 1601 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 1602 } 1603 1604 public void testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success() throws Exception { 1605 for (String provider : RSA_PROVIDERS) { 1606 testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success(provider); 1607 } 1608 } 1609 1610 private void testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success(String provider) throws Exception { 1611 KeyFactory kf = KeyFactory.getInstance("RSA"); 1612 RSAPublicKeySpec keySpec = new RSAPublicKeySpec(RSA_2048_modulus, RSA_2048_publicExponent); 1613 1614 final PublicKey pubKey = kf.generatePublic(keySpec); 1615 1616 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1617 1618 /* 1619 * You're actually encrypting with public keys, but there is no 1620 * distinction made here. It's all keyed off of what kind of key you're 1621 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1622 */ 1623 c.init(Cipher.ENCRYPT_MODE, pubKey); 1624 byte[] encrypted = new byte[RSA_2048_Vector1.length]; 1625 final int encryptLen = c.doFinal(RSA_Vector1_Encrypt_Private, 0, 1626 RSA_Vector1_Encrypt_Private.length, encrypted, 0); 1627 assertEquals("Encrypted size should match expected", RSA_2048_Vector1.length, encryptLen); 1628 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 1629 1630 c.init(Cipher.DECRYPT_MODE, pubKey); 1631 int decryptLen = c.doFinal(RSA_Vector1_Encrypt_Private, 0, 1632 RSA_Vector1_Encrypt_Private.length, encrypted, 0); 1633 if (provider.equals("BC")) { 1634 // BC strips the leading 0 for us on decrypt even when NoPadding is specified... 1635 decryptLen++; 1636 encrypted = Arrays.copyOf(encrypted, encrypted.length - 1); 1637 } 1638 assertEquals("Encrypted size should match expected", RSA_2048_Vector1.length, decryptLen); 1639 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 1640 } 1641 1642 public void testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success() throws Exception { 1643 for (String provider : RSA_PROVIDERS) { 1644 testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success(provider); 1645 } 1646 } 1647 1648 private void testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success(String provider) throws Exception { 1649 KeyFactory kf = KeyFactory.getInstance("RSA"); 1650 RSAPublicKeySpec keySpec = new RSAPublicKeySpec(RSA_2048_modulus, RSA_2048_publicExponent); 1651 1652 final PublicKey privKey = kf.generatePublic(keySpec); 1653 1654 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1655 1656 /* 1657 * You're actually encrypting with public keys, but there is no 1658 * distinction made here. It's all keyed off of what kind of key you're 1659 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1660 */ 1661 c.init(Cipher.ENCRYPT_MODE, privKey); 1662 c.update(RSA_Vector1_Encrypt_Private); 1663 byte[] encrypted = c.doFinal(); 1664 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 1665 1666 c.init(Cipher.DECRYPT_MODE, privKey); 1667 c.update(RSA_Vector1_Encrypt_Private); 1668 encrypted = c.doFinal(); 1669 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 1670 } 1671 1672 public void testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success() 1673 throws Exception { 1674 for (String provider : RSA_PROVIDERS) { 1675 testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success(provider); 1676 } 1677 } 1678 1679 private void testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success(String provider) 1680 throws Exception { 1681 KeyFactory kf = KeyFactory.getInstance("RSA"); 1682 RSAPublicKeySpec keySpec = new RSAPublicKeySpec(RSA_2048_modulus, RSA_2048_publicExponent); 1683 1684 final PublicKey privKey = kf.generatePublic(keySpec); 1685 1686 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1687 1688 /* 1689 * You're actually encrypting with public keys, but there is no 1690 * distinction made here. It's all keyed off of what kind of key you're 1691 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1692 */ 1693 c.init(Cipher.ENCRYPT_MODE, privKey); 1694 int i; 1695 for (i = 0; i < RSA_Vector1_Encrypt_Private.length / 2; i++) { 1696 c.update(RSA_Vector1_Encrypt_Private, i, 1); 1697 } 1698 byte[] encrypted = c.doFinal(RSA_Vector1_Encrypt_Private, i, RSA_2048_Vector1.length - i); 1699 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 1700 1701 c.init(Cipher.DECRYPT_MODE, privKey); 1702 for (i = 0; i < RSA_Vector1_Encrypt_Private.length / 2; i++) { 1703 c.update(RSA_Vector1_Encrypt_Private, i, 1); 1704 } 1705 encrypted = c.doFinal(RSA_Vector1_Encrypt_Private, i, RSA_2048_Vector1.length - i); 1706 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 1707 } 1708 1709 public void testRSA_ECB_NoPadding_Public_TooSmall_Success() throws Exception { 1710 for (String provider : RSA_PROVIDERS) { 1711 testRSA_ECB_NoPadding_Public_TooSmall_Success(provider); 1712 } 1713 } 1714 1715 private void testRSA_ECB_NoPadding_Public_TooSmall_Success(String provider) throws Exception { 1716 KeyFactory kf = KeyFactory.getInstance("RSA"); 1717 RSAPublicKeySpec keySpec = new RSAPublicKeySpec(RSA_2048_modulus, RSA_2048_publicExponent); 1718 1719 final PublicKey privKey = kf.generatePublic(keySpec); 1720 1721 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1722 1723 /* 1724 * You're actually encrypting with public keys, but there is no 1725 * distinction made here. It's all keyed off of what kind of key you're 1726 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1727 */ 1728 c.init(Cipher.ENCRYPT_MODE, privKey); 1729 byte[] encrypted = c.doFinal(TooShort_Vector); 1730 assertTrue("Encrypted should match expected", 1731 Arrays.equals(RSA_Vector1_ZeroPadded_Encrypted, encrypted)); 1732 1733 c.init(Cipher.DECRYPT_MODE, privKey); 1734 encrypted = c.doFinal(TooShort_Vector); 1735 assertTrue("Encrypted should match expected", 1736 Arrays.equals(RSA_Vector1_ZeroPadded_Encrypted, encrypted)); 1737 } 1738 1739 public void testRSA_ECB_NoPadding_Private_TooSmall_Success() throws Exception { 1740 for (String provider : RSA_PROVIDERS) { 1741 testRSA_ECB_NoPadding_Private_TooSmall_Success(provider); 1742 } 1743 } 1744 1745 private void testRSA_ECB_NoPadding_Private_TooSmall_Success(String provider) throws Exception { 1746 KeyFactory kf = KeyFactory.getInstance("RSA"); 1747 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 1748 RSA_2048_privateExponent); 1749 1750 final PrivateKey privKey = kf.generatePrivate(keySpec); 1751 1752 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1753 1754 /* 1755 * You're actually encrypting with public keys, but there is no 1756 * distinction made here. It's all keyed off of what kind of key you're 1757 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1758 */ 1759 c.init(Cipher.ENCRYPT_MODE, privKey); 1760 byte[] encrypted = c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 1761 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, 1762 TooShort_Vector_Zero_Padded, encrypted); 1763 1764 c.init(Cipher.DECRYPT_MODE, privKey); 1765 encrypted = c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 1766 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, 1767 TooShort_Vector_Zero_Padded, encrypted); 1768 } 1769 1770 private static void assertEncryptedEqualsNoPadding(String provider, int mode, 1771 byte[] expected, byte[] actual) { 1772 if (provider.equals("BC") && mode == Cipher.DECRYPT_MODE) { 1773 // BouncyCastle does us the favor of stripping leading zeroes in DECRYPT_MODE 1774 int nonZeroOffset = 0; 1775 for (byte b : expected) { 1776 if (b != 0) { 1777 break; 1778 } 1779 nonZeroOffset++; 1780 } 1781 expected = Arrays.copyOfRange(expected, nonZeroOffset, expected.length); 1782 } 1783 assertEquals("Encrypted should match expected", 1784 Arrays.toString(expected), Arrays.toString(actual)); 1785 } 1786 1787 public void testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure() 1788 throws Exception { 1789 for (String provider : RSA_PROVIDERS) { 1790 testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure(provider); 1791 } 1792 } 1793 1794 private void testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure(String provider) 1795 throws Exception { 1796 KeyFactory kf = KeyFactory.getInstance("RSA"); 1797 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 1798 RSA_2048_privateExponent); 1799 1800 final PrivateKey privKey = kf.generatePrivate(keySpec); 1801 1802 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1803 1804 /* 1805 * You're actually encrypting with public keys, but there is no 1806 * distinction made here. It's all keyed off of what kind of key you're 1807 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1808 */ 1809 c.init(Cipher.ENCRYPT_MODE, privKey); 1810 c.update(RSA_Vector1_ZeroPadded_Encrypted); 1811 1812 try { 1813 c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 1814 fail("Should have error when block size is too big."); 1815 } catch (IllegalBlockSizeException success) { 1816 assertFalse(provider, "BC".equals(provider)); 1817 } catch (ArrayIndexOutOfBoundsException success) { 1818 assertEquals("BC", provider); 1819 } 1820 } 1821 1822 public void testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure() 1823 throws Exception { 1824 for (String provider : RSA_PROVIDERS) { 1825 testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure(provider); 1826 } 1827 } 1828 1829 private void testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure(String provider) 1830 throws Exception { 1831 KeyFactory kf = KeyFactory.getInstance("RSA"); 1832 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 1833 RSA_2048_privateExponent); 1834 1835 final PrivateKey privKey = kf.generatePrivate(keySpec); 1836 1837 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1838 1839 /* 1840 * You're actually encrypting with public keys, but there is no 1841 * distinction made here. It's all keyed off of what kind of key you're 1842 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1843 */ 1844 c.init(Cipher.ENCRYPT_MODE, privKey); 1845 1846 byte[] output = new byte[RSA_2048_Vector1.length]; 1847 c.update(RSA_Vector1_ZeroPadded_Encrypted, 0, RSA_Vector1_ZeroPadded_Encrypted.length, 1848 output); 1849 1850 try { 1851 c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 1852 fail("Should have error when block size is too big."); 1853 } catch (IllegalBlockSizeException success) { 1854 assertFalse(provider, "BC".equals(provider)); 1855 } catch (ArrayIndexOutOfBoundsException success) { 1856 assertEquals("BC", provider); 1857 } 1858 } 1859 1860 public void testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure() throws Exception { 1861 for (String provider : RSA_PROVIDERS) { 1862 testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure(provider); 1863 } 1864 } 1865 1866 private void testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure(String provider) throws Exception { 1867 KeyFactory kf = KeyFactory.getInstance("RSA"); 1868 RSAPrivateKeySpec keySpec = new RSAPrivateKeySpec(RSA_2048_modulus, 1869 RSA_2048_privateExponent); 1870 1871 final PrivateKey privKey = kf.generatePrivate(keySpec); 1872 1873 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1874 1875 /* 1876 * You're actually encrypting with public keys, but there is no 1877 * distinction made here. It's all keyed off of what kind of key you're 1878 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 1879 */ 1880 c.init(Cipher.ENCRYPT_MODE, privKey); 1881 1882 byte[] tooBig_Vector = new byte[RSA_Vector1_ZeroPadded_Encrypted.length * 2]; 1883 System.arraycopy(RSA_Vector1_ZeroPadded_Encrypted, 0, tooBig_Vector, 0, 1884 RSA_Vector1_ZeroPadded_Encrypted.length); 1885 System.arraycopy(RSA_Vector1_ZeroPadded_Encrypted, 0, tooBig_Vector, 1886 RSA_Vector1_ZeroPadded_Encrypted.length, RSA_Vector1_ZeroPadded_Encrypted.length); 1887 1888 try { 1889 c.doFinal(tooBig_Vector); 1890 fail("Should have error when block size is too big."); 1891 } catch (IllegalBlockSizeException success) { 1892 assertFalse(provider, "BC".equals(provider)); 1893 } catch (ArrayIndexOutOfBoundsException success) { 1894 assertEquals("BC", provider); 1895 } 1896 } 1897 1898 public void testRSA_ECB_NoPadding_GetBlockSize_Success() throws Exception { 1899 for (String provider : RSA_PROVIDERS) { 1900 testRSA_ECB_NoPadding_GetBlockSize_Success(provider); 1901 } 1902 } 1903 1904 private void testRSA_ECB_NoPadding_GetBlockSize_Success(String provider) throws Exception { 1905 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1906 if (StandardNames.IS_RI) { 1907 assertEquals(0, c.getBlockSize()); 1908 } else { 1909 try { 1910 c.getBlockSize(); 1911 fail(); 1912 } catch (IllegalStateException expected) { 1913 } 1914 } 1915 1916 KeyFactory kf = KeyFactory.getInstance("RSA"); 1917 RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(RSA_2048_modulus, 1918 RSA_2048_publicExponent); 1919 final PublicKey pubKey = kf.generatePublic(pubKeySpec); 1920 c.init(Cipher.ENCRYPT_MODE, pubKey); 1921 assertEquals(getExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, provider), c.getBlockSize()); 1922 } 1923 1924 public void testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure() throws Exception { 1925 for (String provider : RSA_PROVIDERS) { 1926 testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure(provider); 1927 } 1928 } 1929 1930 private void testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure(String provider) throws Exception { 1931 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1932 try { 1933 c.getOutputSize(RSA_2048_Vector1.length); 1934 fail("Should throw IllegalStateException if getOutputSize is called before init"); 1935 } catch (IllegalStateException success) { 1936 } 1937 } 1938 1939 public void testRSA_ECB_NoPadding_GetOutputSize_Success() throws Exception { 1940 for (String provider : RSA_PROVIDERS) { 1941 testRSA_ECB_NoPadding_GetOutputSize_Success(provider); 1942 } 1943 } 1944 1945 private void testRSA_ECB_NoPadding_GetOutputSize_Success(String provider) throws Exception { 1946 KeyFactory kf = KeyFactory.getInstance("RSA"); 1947 RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(RSA_2048_modulus, 1948 RSA_2048_publicExponent); 1949 final PublicKey pubKey = kf.generatePublic(pubKeySpec); 1950 1951 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1952 c.init(Cipher.ENCRYPT_MODE, pubKey); 1953 1954 final int modulusInBytes = RSA_2048_modulus.bitLength() / 8; 1955 assertEquals(modulusInBytes, c.getOutputSize(RSA_2048_Vector1.length)); 1956 assertEquals(modulusInBytes, c.getOutputSize(RSA_2048_Vector1.length * 2)); 1957 assertEquals(modulusInBytes, c.getOutputSize(0)); 1958 } 1959 1960 public void testRSA_ECB_NoPadding_GetIV_Success() throws Exception { 1961 for (String provider : RSA_PROVIDERS) { 1962 testRSA_ECB_NoPadding_GetIV_Success(provider); 1963 } 1964 } 1965 1966 private void testRSA_ECB_NoPadding_GetIV_Success(String provider) throws Exception { 1967 KeyFactory kf = KeyFactory.getInstance("RSA"); 1968 RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(RSA_2048_modulus, 1969 RSA_2048_publicExponent); 1970 final PublicKey pubKey = kf.generatePublic(pubKeySpec); 1971 1972 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1973 assertNull("ECB mode has no IV and should be null", c.getIV()); 1974 1975 c.init(Cipher.ENCRYPT_MODE, pubKey); 1976 1977 assertNull("ECB mode has no IV and should be null", c.getIV()); 1978 } 1979 1980 public void testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success() throws Exception { 1981 for (String provider : RSA_PROVIDERS) { 1982 testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success(provider); 1983 } 1984 } 1985 1986 private void testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success(String provider) throws Exception { 1987 KeyFactory kf = KeyFactory.getInstance("RSA"); 1988 RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(RSA_2048_modulus, 1989 RSA_2048_publicExponent); 1990 final PublicKey pubKey = kf.generatePublic(pubKeySpec); 1991 1992 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1993 assertNull("Parameters should be null", c.getParameters()); 1994 } 1995 1996 /* 1997 * Test vector generation: 1998 * openssl rand -hex 16 1999 * echo '3d4f8970b1f27537f40a39298a41555f' | sed 's/\(..\)/(byte) 0x\1, /g' 2000 */ 2001 private static final byte[] AES_128_KEY = new byte[] { 2002 (byte) 0x3d, (byte) 0x4f, (byte) 0x89, (byte) 0x70, (byte) 0xb1, (byte) 0xf2, 2003 (byte) 0x75, (byte) 0x37, (byte) 0xf4, (byte) 0x0a, (byte) 0x39, (byte) 0x29, 2004 (byte) 0x8a, (byte) 0x41, (byte) 0x55, (byte) 0x5f, 2005 }; 2006 2007 /* 2008 * Test key generation: 2009 * openssl rand -hex 24 2010 * echo '5a7a3d7e40b64ed996f7afa15f97fd595e27db6af428e342' | sed 's/\(..\)/(byte) 0x\1, /g' 2011 */ 2012 private static final byte[] AES_192_KEY = new byte[] { 2013 (byte) 0x5a, (byte) 0x7a, (byte) 0x3d, (byte) 0x7e, (byte) 0x40, (byte) 0xb6, 2014 (byte) 0x4e, (byte) 0xd9, (byte) 0x96, (byte) 0xf7, (byte) 0xaf, (byte) 0xa1, 2015 (byte) 0x5f, (byte) 0x97, (byte) 0xfd, (byte) 0x59, (byte) 0x5e, (byte) 0x27, 2016 (byte) 0xdb, (byte) 0x6a, (byte) 0xf4, (byte) 0x28, (byte) 0xe3, (byte) 0x42, 2017 }; 2018 2019 /* 2020 * Test key generation: 2021 * openssl rand -hex 32 2022 * echo 'ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935' | sed 's/\(..\)/(byte) 0x\1, /g' 2023 */ 2024 private static final byte[] AES_256_KEY = new byte[] { 2025 (byte) 0xec, (byte) 0x53, (byte) 0xc6, (byte) 0xd5, (byte) 0x1d, (byte) 0x2c, 2026 (byte) 0x49, (byte) 0x73, (byte) 0x58, (byte) 0x5f, (byte) 0xb0, (byte) 0xb8, 2027 (byte) 0xe5, (byte) 0x1c, (byte) 0xd2, (byte) 0xe3, (byte) 0x99, (byte) 0x15, 2028 (byte) 0xff, (byte) 0x07, (byte) 0xa1, (byte) 0x83, (byte) 0x78, (byte) 0x72, 2029 (byte) 0x71, (byte) 0x5d, (byte) 0x61, (byte) 0x21, (byte) 0xbf, (byte) 0x86, 2030 (byte) 0x19, (byte) 0x35, 2031 }; 2032 2033 private static final byte[][] AES_KEYS = new byte[][] { 2034 AES_128_KEY, AES_192_KEY, AES_256_KEY, 2035 }; 2036 2037 private static final String[] AES_MODES = new String[] { 2038 "AES/ECB", 2039 "AES/CBC", 2040 "AES/CFB", 2041 "AES/CTR", 2042 "AES/OFB", 2043 }; 2044 2045 /* 2046 * Test vector creation: 2047 * echo -n 'Hello, world!' | recode ../x1 | sed 's/0x/(byte) 0x/g' 2048 */ 2049 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext = new byte[] { 2050 (byte) 0x48, (byte) 0x65, (byte) 0x6C, (byte) 0x6C, (byte) 0x6F, (byte) 0x2C, 2051 (byte) 0x20, (byte) 0x77, (byte) 0x6F, (byte) 0x72, (byte) 0x6C, (byte) 0x64, 2052 (byte) 0x21, 2053 }; 2054 2055 /* 2056 * Test vector creation: 2057 * openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -in blah|openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -nopad -d|recode ../x1 | sed 's/0x/(byte) 0x/g' 2058 */ 2059 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded = new byte[] { 2060 (byte) 0x48, (byte) 0x65, (byte) 0x6C, (byte) 0x6C, (byte) 0x6F, (byte) 0x2C, 2061 (byte) 0x20, (byte) 0x77, (byte) 0x6F, (byte) 0x72, (byte) 0x6C, (byte) 0x64, 2062 (byte) 0x21, (byte) 0x03, (byte) 0x03, (byte) 0x03 2063 }; 2064 2065 /* 2066 * Test vector generation: 2067 * openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -in blah|recode ../x1 | sed 's/0x/(byte) 0x/g' 2068 */ 2069 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted = new byte[] { 2070 (byte) 0x65, (byte) 0x3E, (byte) 0x86, (byte) 0xFB, (byte) 0x05, (byte) 0x5A, 2071 (byte) 0x52, (byte) 0xEA, (byte) 0xDD, (byte) 0x08, (byte) 0xE7, (byte) 0x48, 2072 (byte) 0x33, (byte) 0x01, (byte) 0xFC, (byte) 0x5A, 2073 }; 2074 2075 /* 2076 * Test key generation: 2077 * openssl rand -hex 16 2078 * echo 'ceaa31952dfd3d0f5af4b2042ba06094' | sed 's/\(..\)/(byte) 0x\1, /g' 2079 */ 2080 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_IV = new byte[] { 2081 (byte) 0xce, (byte) 0xaa, (byte) 0x31, (byte) 0x95, (byte) 0x2d, (byte) 0xfd, 2082 (byte) 0x3d, (byte) 0x0f, (byte) 0x5a, (byte) 0xf4, (byte) 0xb2, (byte) 0x04, 2083 (byte) 0x2b, (byte) 0xa0, (byte) 0x60, (byte) 0x94, 2084 }; 2085 2086 /* 2087 * Test vector generation: 2088 * echo -n 'I only regret that I have but one test to write.' | recode ../x1 | sed 's/0x/(byte) 0x/g' 2089 */ 2090 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext = new byte[] { 2091 (byte) 0x49, (byte) 0x20, (byte) 0x6F, (byte) 0x6E, (byte) 0x6C, (byte) 0x79, 2092 (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x67, (byte) 0x72, (byte) 0x65, 2093 (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x61, (byte) 0x74, 2094 (byte) 0x20, (byte) 0x49, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x76, 2095 (byte) 0x65, (byte) 0x20, (byte) 0x62, (byte) 0x75, (byte) 0x74, (byte) 0x20, 2096 (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x65, 2097 (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x6F, (byte) 0x20, 2098 (byte) 0x77, (byte) 0x72, (byte) 0x69, (byte) 0x74, (byte) 0x65, (byte) 0x2E 2099 }; 2100 2101 /* 2102 * Test vector generation: 2103 * echo -n 'I only regret that I have but one test to write.' | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 -d -nopad | recode ../x1 | sed 's/0x/(byte) 0x/g' 2104 */ 2105 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded = new byte[] { 2106 (byte) 0x49, (byte) 0x20, (byte) 0x6F, (byte) 0x6E, (byte) 0x6C, (byte) 0x79, 2107 (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x67, (byte) 0x72, (byte) 0x65, 2108 (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x61, (byte) 0x74, 2109 (byte) 0x20, (byte) 0x49, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x76, 2110 (byte) 0x65, (byte) 0x20, (byte) 0x62, (byte) 0x75, (byte) 0x74, (byte) 0x20, 2111 (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x65, 2112 (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x6F, (byte) 0x20, 2113 (byte) 0x77, (byte) 0x72, (byte) 0x69, (byte) 0x74, (byte) 0x65, (byte) 0x2E, 2114 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, 2115 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, 2116 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10 2117 }; 2118 2119 /* 2120 * Test vector generation: 2121 * echo -n 'I only regret that I have but one test to write.' | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 | recode ../x1 | sed 's/0x/(byte) 0x/g' 2122 */ 2123 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext = new byte[] { 2124 (byte) 0x90, (byte) 0x65, (byte) 0xDD, (byte) 0xAF, (byte) 0x7A, (byte) 0xCE, 2125 (byte) 0xAE, (byte) 0xBF, (byte) 0xE8, (byte) 0xF6, (byte) 0x9E, (byte) 0xDB, 2126 (byte) 0xEA, (byte) 0x65, (byte) 0x28, (byte) 0xC4, (byte) 0x9A, (byte) 0x28, 2127 (byte) 0xEA, (byte) 0xA3, (byte) 0x95, (byte) 0x2E, (byte) 0xFF, (byte) 0xF1, 2128 (byte) 0xA0, (byte) 0xCA, (byte) 0xC2, (byte) 0xA4, (byte) 0x65, (byte) 0xCD, 2129 (byte) 0xBF, (byte) 0xCE, (byte) 0x9E, (byte) 0xF1, (byte) 0x57, (byte) 0xF6, 2130 (byte) 0x32, (byte) 0x2E, (byte) 0x8F, (byte) 0x93, (byte) 0x2E, (byte) 0xAE, 2131 (byte) 0x41, (byte) 0x33, (byte) 0x54, (byte) 0xD0, (byte) 0xEF, (byte) 0x8C, 2132 (byte) 0x52, (byte) 0x14, (byte) 0xAC, (byte) 0x2D, (byte) 0xD5, (byte) 0xA4, 2133 (byte) 0xF9, (byte) 0x20, (byte) 0x77, (byte) 0x25, (byte) 0x91, (byte) 0x3F, 2134 (byte) 0xD1, (byte) 0xB9, (byte) 0x00, (byte) 0x3E 2135 }; 2136 2137 private static class CipherTestParam { 2138 public final String mode; 2139 2140 public final byte[] key; 2141 2142 public final byte[] iv; 2143 2144 public final byte[] plaintext; 2145 2146 public final byte[] ciphertext; 2147 2148 public final byte[] plaintextPadded; 2149 2150 public CipherTestParam(String mode, byte[] key, byte[] iv, byte[] plaintext, 2151 byte[] plaintextPadded, byte[] ciphertext) { 2152 this.mode = mode; 2153 this.key = key; 2154 this.iv = iv; 2155 this.plaintext = plaintext; 2156 this.plaintextPadded = plaintextPadded; 2157 this.ciphertext = ciphertext; 2158 } 2159 } 2160 2161 private static List<CipherTestParam> CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 2162 static { 2163 CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/ECB", AES_128_KEY, 2164 null, 2165 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext, 2166 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, 2167 AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted)); 2168 if (IS_UNLIMITED) { 2169 CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/CBC", AES_256_KEY, 2170 AES_256_CBC_PKCS5Padding_TestVector_1_IV, 2171 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext, 2172 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded, 2173 AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext)); 2174 } 2175 } 2176 2177 public void testCipher_Success() throws Exception { 2178 for (String provider : AES_PROVIDERS) { 2179 testCipher_Success(provider); 2180 } 2181 } 2182 2183 private void testCipher_Success(String provider) throws Exception { 2184 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 2185 PrintStream out = new PrintStream(errBuffer); 2186 for (CipherTestParam p : CIPHER_TEST_PARAMS) { 2187 try { 2188 checkCipher(p, provider); 2189 } catch (Exception e) { 2190 out.append("Error encountered checking " + p.mode + ", keySize=" 2191 + (p.key.length * 8) 2192 + " with provider " + provider + "\n"); 2193 2194 e.printStackTrace(out); 2195 } 2196 } 2197 out.flush(); 2198 if (errBuffer.size() > 0) { 2199 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 2200 } 2201 } 2202 2203 private void checkCipher(CipherTestParam p, String provider) throws Exception { 2204 SecretKey key = new SecretKeySpec(p.key, "AES"); 2205 Cipher c = Cipher.getInstance(p.mode + "/PKCS5Padding", provider); 2206 AlgorithmParameterSpec spec = null; 2207 if (p.iv != null) { 2208 spec = new IvParameterSpec(p.iv); 2209 } 2210 c.init(Cipher.ENCRYPT_MODE, key, spec); 2211 2212 final byte[] actualCiphertext = c.doFinal(p.plaintext); 2213 assertEquals(Arrays.toString(p.ciphertext), Arrays.toString(actualCiphertext)); 2214 2215 byte[] emptyCipherText = c.doFinal(); 2216 assertNotNull(emptyCipherText); 2217 2218 c.init(Cipher.DECRYPT_MODE, key, spec); 2219 2220 try { 2221 c.updateAAD(new byte[8]); 2222 fail("Cipher should not support AAD"); 2223 } catch (UnsupportedOperationException expected) { 2224 } 2225 2226 byte[] emptyPlainText = c.doFinal(emptyCipherText); 2227 assertEquals(Arrays.toString(EmptyArray.BYTE), Arrays.toString(emptyPlainText)); 2228 2229 // empty decrypt 2230 { 2231 if (StandardNames.IS_RI) { 2232 assertEquals(Arrays.toString(EmptyArray.BYTE), 2233 Arrays.toString(c.doFinal())); 2234 2235 c.update(EmptyArray.BYTE); 2236 assertEquals(Arrays.toString(EmptyArray.BYTE), 2237 Arrays.toString(c.doFinal())); 2238 } else if (provider.equals("BC")) { 2239 try { 2240 c.doFinal(); 2241 fail(); 2242 } catch (IllegalBlockSizeException expected) { 2243 } 2244 try { 2245 c.update(EmptyArray.BYTE); 2246 c.doFinal(); 2247 fail(); 2248 } catch (IllegalBlockSizeException expected) { 2249 } 2250 } else if (provider.equals("AndroidOpenSSL")) { 2251 assertNull(c.doFinal()); 2252 2253 c.update(EmptyArray.BYTE); 2254 assertNull(c.doFinal()); 2255 } else { 2256 throw new AssertionError("Define your behavior here for " + provider); 2257 } 2258 } 2259 2260 // .doFinal(input) 2261 { 2262 final byte[] actualPlaintext = c.doFinal(p.ciphertext); 2263 assertEquals(Arrays.toString(p.plaintext), Arrays.toString(actualPlaintext)); 2264 } 2265 2266 // .doFinal(input, offset, len, output) 2267 { 2268 final byte[] largerThanCiphertext = new byte[p.ciphertext.length + 5]; 2269 System.arraycopy(p.ciphertext, 0, largerThanCiphertext, 5, p.ciphertext.length); 2270 2271 final byte[] actualPlaintext = new byte[c.getOutputSize(p.ciphertext.length)]; 2272 assertEquals(p.plaintext.length, 2273 c.doFinal(largerThanCiphertext, 5, p.ciphertext.length, actualPlaintext)); 2274 assertEquals(Arrays.toString(p.plaintext), 2275 Arrays.toString(Arrays.copyOfRange(actualPlaintext, 0, p.plaintext.length))); 2276 } 2277 2278 // .doFinal(input, offset, len, output, offset) 2279 { 2280 final byte[] largerThanCiphertext = new byte[p.ciphertext.length + 10]; 2281 System.arraycopy(p.ciphertext, 0, largerThanCiphertext, 5, p.ciphertext.length); 2282 2283 final byte[] actualPlaintext = new byte[c.getOutputSize(p.ciphertext.length) + 2]; 2284 assertEquals(p.plaintext.length, 2285 c.doFinal(largerThanCiphertext, 5, p.ciphertext.length, actualPlaintext, 1)); 2286 assertEquals(Arrays.toString(p.plaintext), 2287 Arrays.toString(Arrays.copyOfRange(actualPlaintext, 1, p.plaintext.length + 1))); 2288 } 2289 2290 Cipher cNoPad = Cipher.getInstance(p.mode + "/NoPadding", provider); 2291 cNoPad.init(Cipher.DECRYPT_MODE, key, spec); 2292 2293 final byte[] actualPlaintextPadded = cNoPad.doFinal(p.ciphertext); 2294 assertEquals(Arrays.toString(p.plaintextPadded), Arrays.toString(actualPlaintextPadded)); 2295 2296 // Test wrapping a key. Every cipher should be able to wrap. 2297 { 2298 // Generate a small SecretKey for AES. 2299 KeyGenerator kg = KeyGenerator.getInstance("AES"); 2300 kg.init(128); 2301 SecretKey sk = kg.generateKey(); 2302 2303 // Wrap it 2304 c.init(Cipher.WRAP_MODE, key, spec); 2305 byte[] cipherText = c.wrap(sk); 2306 2307 // Unwrap it 2308 c.init(Cipher.UNWRAP_MODE, key, spec); 2309 Key decryptedKey = c.unwrap(cipherText, sk.getAlgorithm(), Cipher.SECRET_KEY); 2310 2311 assertEquals( 2312 "sk.getAlgorithm()=" + sk.getAlgorithm() + " decryptedKey.getAlgorithm()=" 2313 + decryptedKey.getAlgorithm() + " encryptKey.getEncoded()=" 2314 + Arrays.toString(sk.getEncoded()) + " decryptedKey.getEncoded()=" 2315 + Arrays.toString(decryptedKey.getEncoded()), sk, decryptedKey); 2316 } 2317 } 2318 2319 public void testCipher_updateAAD_BeforeInit_Failure() throws Exception { 2320 Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 2321 2322 try { 2323 c.updateAAD((byte[]) null); 2324 fail("should not be able to call updateAAD before Cipher is initialized"); 2325 } catch (IllegalArgumentException expected) { 2326 } 2327 2328 try { 2329 c.updateAAD((ByteBuffer) null); 2330 fail("should not be able to call updateAAD before Cipher is initialized"); 2331 } catch (IllegalStateException expected) { 2332 } 2333 2334 try { 2335 c.updateAAD(new byte[8]); 2336 fail("should not be able to call updateAAD before Cipher is initialized"); 2337 } catch (IllegalStateException expected) { 2338 } 2339 2340 try { 2341 c.updateAAD(null, 0, 8); 2342 fail("should not be able to call updateAAD before Cipher is initialized"); 2343 } catch (IllegalStateException expected) { 2344 } 2345 2346 ByteBuffer bb = ByteBuffer.allocate(8); 2347 try { 2348 c.updateAAD(bb); 2349 fail("should not be able to call updateAAD before Cipher is initialized"); 2350 } catch (IllegalStateException expected) { 2351 } 2352 } 2353 2354 public void testCipher_updateAAD_AfterInit_Failure() throws Exception { 2355 Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 2356 c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(new byte[128 / 8], "AES")); 2357 2358 try { 2359 c.updateAAD((byte[]) null); 2360 fail("should not be able to call updateAAD with null input"); 2361 } catch (IllegalArgumentException expected) { 2362 } 2363 2364 try { 2365 c.updateAAD((ByteBuffer) null); 2366 fail("should not be able to call updateAAD with null input"); 2367 } catch (IllegalArgumentException expected) { 2368 } 2369 2370 try { 2371 c.updateAAD(null, 0, 8); 2372 fail("should not be able to call updateAAD with null input"); 2373 } catch (IllegalArgumentException expected) { 2374 } 2375 2376 try { 2377 c.updateAAD(new byte[8], -1, 7); 2378 fail("should not be able to call updateAAD with invalid offset"); 2379 } catch (IllegalArgumentException expected) { 2380 } 2381 2382 try { 2383 c.updateAAD(new byte[8], 0, -1); 2384 fail("should not be able to call updateAAD with negative length"); 2385 } catch (IllegalArgumentException expected) { 2386 } 2387 2388 try { 2389 c.updateAAD(new byte[8], 0, 8 + 1); 2390 fail("should not be able to call updateAAD with too large length"); 2391 } catch (IllegalArgumentException expected) { 2392 } 2393 } 2394 2395 public void testCipher_ShortBlock_Failure() throws Exception { 2396 for (String provider : AES_PROVIDERS) { 2397 testCipher_ShortBlock_Failure(provider); 2398 } 2399 } 2400 2401 private void testCipher_ShortBlock_Failure(String provider) throws Exception { 2402 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 2403 PrintStream out = new PrintStream(errBuffer); 2404 for (CipherTestParam p : CIPHER_TEST_PARAMS) { 2405 try { 2406 checkCipher_ShortBlock_Failure(p, provider); 2407 } catch (Exception e) { 2408 out.append("Error encountered checking " + p.mode + ", keySize=" 2409 + (p.key.length * 8) 2410 + " with provider " + provider + "\n"); 2411 e.printStackTrace(out); 2412 } 2413 } 2414 out.flush(); 2415 if (errBuffer.size() > 0) { 2416 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 2417 } 2418 } 2419 2420 private void checkCipher_ShortBlock_Failure(CipherTestParam p, String provider) throws Exception { 2421 SecretKey key = new SecretKeySpec(p.key, "AES"); 2422 Cipher c = Cipher.getInstance(p.mode + "/NoPadding", provider); 2423 if (c.getBlockSize() == 0) { 2424 return; 2425 } 2426 2427 c.init(Cipher.ENCRYPT_MODE, key); 2428 try { 2429 c.doFinal(new byte[] { 0x01, 0x02, 0x03 }); 2430 fail("Should throw IllegalBlockSizeException on wrong-sized block"); 2431 } catch (IllegalBlockSizeException expected) { 2432 } 2433 } 2434 2435 public void testAES_ECB_PKCS5Padding_ShortBuffer_Failure() throws Exception { 2436 for (String provider : AES_PROVIDERS) { 2437 testAES_ECB_PKCS5Padding_ShortBuffer_Failure(provider); 2438 } 2439 } 2440 2441 private void testAES_ECB_PKCS5Padding_ShortBuffer_Failure(String provider) throws Exception { 2442 SecretKey key = new SecretKeySpec(AES_128_KEY, "AES"); 2443 Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding", provider); 2444 c.init(Cipher.ENCRYPT_MODE, key); 2445 2446 final byte[] fragmentOutput = c.update(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext); 2447 if (fragmentOutput != null) { 2448 assertEquals(0, fragmentOutput.length); 2449 } 2450 2451 // Provide null buffer. 2452 { 2453 try { 2454 c.doFinal(null, 0); 2455 fail("Should throw NullPointerException on null output buffer"); 2456 } catch (NullPointerException expected) { 2457 } catch (IllegalArgumentException expected) { 2458 } 2459 } 2460 2461 // Provide short buffer. 2462 { 2463 final byte[] output = new byte[c.getBlockSize() - 1]; 2464 try { 2465 c.doFinal(output, 0); 2466 fail("Should throw ShortBufferException on short output buffer"); 2467 } catch (ShortBufferException expected) { 2468 } 2469 } 2470 2471 // Start 1 byte into output buffer. 2472 { 2473 final byte[] output = new byte[c.getBlockSize()]; 2474 try { 2475 c.doFinal(output, 1); 2476 fail("Should throw ShortBufferException on short output buffer"); 2477 } catch (ShortBufferException expected) { 2478 } 2479 } 2480 2481 // Should keep data for real output buffer 2482 { 2483 final byte[] output = new byte[c.getBlockSize()]; 2484 assertEquals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted.length, c.doFinal(output, 0)); 2485 assertTrue(Arrays.equals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted, output)); 2486 } 2487 } 2488 2489 public void testAES_ECB_NoPadding_IncrementalUpdate_Success() throws Exception { 2490 for (String provider : AES_PROVIDERS) { 2491 testAES_ECB_NoPadding_IncrementalUpdate_Success(provider); 2492 } 2493 } 2494 2495 private void testAES_ECB_NoPadding_IncrementalUpdate_Success(String provider) throws Exception { 2496 SecretKey key = new SecretKeySpec(AES_128_KEY, "AES"); 2497 Cipher c = Cipher.getInstance("AES/ECB/NoPadding", provider); 2498 c.init(Cipher.ENCRYPT_MODE, key); 2499 2500 for (int i = 0; i < AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length - 1; i++) { 2501 final byte[] outputFragment = c.update(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, i, 1); 2502 if (outputFragment != null) { 2503 assertEquals(0, outputFragment.length); 2504 } 2505 } 2506 2507 final byte[] output = c.doFinal(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, 2508 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length - 1, 1); 2509 assertNotNull(output); 2510 assertEquals(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length, output.length); 2511 2512 assertTrue(Arrays.equals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted, output)); 2513 } 2514 2515 private static final byte[] AES_IV_ZEROES = new byte[] { 2516 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2517 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2518 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2519 }; 2520 2521 public void testAES_ECB_NoPadding_IvParameters_Failure() throws Exception { 2522 for (String provider : AES_PROVIDERS) { 2523 testAES_ECB_NoPadding_IvParameters_Failure(provider); 2524 } 2525 } 2526 2527 private void testAES_ECB_NoPadding_IvParameters_Failure(String provider) throws Exception { 2528 SecretKey key = new SecretKeySpec(AES_128_KEY, "AES"); 2529 Cipher c = Cipher.getInstance("AES/ECB/NoPadding", provider); 2530 2531 AlgorithmParameterSpec spec = new IvParameterSpec(AES_IV_ZEROES); 2532 try { 2533 c.init(Cipher.ENCRYPT_MODE, key, spec); 2534 fail("Should not accept an IV in ECB mode"); 2535 } catch (InvalidAlgorithmParameterException expected) { 2536 } 2537 } 2538 2539 public void testRC4_MultipleKeySizes() throws Exception { 2540 final int SMALLEST_KEY_SIZE = 40; 2541 final int LARGEST_KEY_SIZE = 1024; 2542 2543 /* Make an array of keys for our tests */ 2544 SecretKey[] keys = new SecretKey[LARGEST_KEY_SIZE - SMALLEST_KEY_SIZE]; 2545 { 2546 KeyGenerator kg = KeyGenerator.getInstance("ARC4"); 2547 for (int keysize = SMALLEST_KEY_SIZE; keysize < LARGEST_KEY_SIZE; keysize++) { 2548 final int index = keysize - SMALLEST_KEY_SIZE; 2549 kg.init(keysize); 2550 keys[index] = kg.generateKey(); 2551 } 2552 } 2553 2554 /* 2555 * Use this to compare the output of the first provider against 2556 * subsequent providers. 2557 */ 2558 String[] expected = new String[LARGEST_KEY_SIZE - SMALLEST_KEY_SIZE]; 2559 2560 /* Find all providers that provide ARC4. We must have at least one! */ 2561 Map<String, String> filter = new HashMap<String, String>(); 2562 filter.put("Cipher.ARC4", ""); 2563 Provider[] providers = Security.getProviders(filter); 2564 assertTrue("There must be security providers of Cipher.ARC4", providers.length > 0); 2565 2566 /* Keep track of this for later error messages */ 2567 String firstProvider = providers[0].getName(); 2568 2569 for (Provider p : providers) { 2570 Cipher c = Cipher.getInstance("ARC4", p); 2571 2572 for (int keysize = SMALLEST_KEY_SIZE; keysize < LARGEST_KEY_SIZE; keysize++) { 2573 final int index = keysize - SMALLEST_KEY_SIZE; 2574 final SecretKey sk = keys[index]; 2575 2576 /* 2577 * Test that encryption works. Donig this in a loop also has the 2578 * benefit of testing that re-initialization works for this 2579 * cipher. 2580 */ 2581 c.init(Cipher.ENCRYPT_MODE, sk); 2582 byte[] cipherText = c.doFinal(ORIGINAL_PLAIN_TEXT); 2583 assertNotNull(cipherText); 2584 2585 /* 2586 * Compare providers against eachother to make sure they're all 2587 * in agreement. This helps when you add a brand new provider. 2588 */ 2589 if (expected[index] == null) { 2590 expected[index] = Arrays.toString(cipherText); 2591 } else { 2592 assertEquals(firstProvider + " should output the same as " + p.getName() 2593 + " for key size " + keysize, expected[index], 2594 Arrays.toString(cipherText)); 2595 } 2596 2597 c.init(Cipher.DECRYPT_MODE, sk); 2598 byte[] actualPlaintext = c.doFinal(cipherText); 2599 assertEquals("Key size: " + keysize, Arrays.toString(ORIGINAL_PLAIN_TEXT), 2600 Arrays.toString(actualPlaintext)); 2601 } 2602 } 2603 } 2604 } 2605
