1 /* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package libcore.javax.crypto; 18 19 import com.android.org.bouncycastle.asn1.x509.KeyUsage; 20 21 import java.io.ByteArrayOutputStream; 22 import java.io.PrintStream; 23 import java.math.BigInteger; 24 import java.nio.ByteBuffer; 25 import java.nio.charset.StandardCharsets; 26 import java.security.AlgorithmParameters; 27 import java.security.InvalidAlgorithmParameterException; 28 import java.security.InvalidKeyException; 29 import java.security.Key; 30 import java.security.KeyFactory; 31 import java.security.KeyPairGenerator; 32 import java.security.PrivateKey; 33 import java.security.Provider; 34 import java.security.PublicKey; 35 import java.security.SecureRandom; 36 import java.security.Security; 37 import java.security.cert.Certificate; 38 import java.security.spec.AlgorithmParameterSpec; 39 import java.security.spec.InvalidParameterSpecException; 40 import java.security.spec.MGF1ParameterSpec; 41 import java.security.spec.RSAPrivateCrtKeySpec; 42 import java.security.spec.RSAPublicKeySpec; 43 import java.util.ArrayList; 44 import java.util.Arrays; 45 import java.util.Collections; 46 import java.util.HashMap; 47 import java.util.HashSet; 48 import java.util.List; 49 import java.util.Locale; 50 import java.util.Map; 51 import java.util.Set; 52 import javax.crypto.AEADBadTagException; 53 import javax.crypto.BadPaddingException; 54 import javax.crypto.Cipher; 55 import javax.crypto.IllegalBlockSizeException; 56 import javax.crypto.KeyGenerator; 57 import javax.crypto.SecretKey; 58 import javax.crypto.SecretKeyFactory; 59 import javax.crypto.ShortBufferException; 60 import javax.crypto.spec.GCMParameterSpec; 61 import javax.crypto.spec.IvParameterSpec; 62 import javax.crypto.spec.OAEPParameterSpec; 63 import javax.crypto.spec.PBEKeySpec; 64 import javax.crypto.spec.PBEParameterSpec; 65 import javax.crypto.spec.PSource; 66 import javax.crypto.spec.SecretKeySpec; 67 import junit.framework.TestCase; 68 import libcore.java.security.StandardNames; 69 import libcore.java.security.TestKeyStore; 70 71 public final class CipherTest extends TestCase { 72 73 /** GCM tag size used for tests. */ 74 private static final int GCM_TAG_SIZE_BITS = 96; 75 76 private static final String[] RSA_PROVIDERS = ((StandardNames.IS_RI) 77 ? new String[] { "SunJCE" } 78 : new String[] { "BC" , "AndroidOpenSSL" }); 79 80 private static final String[] AES_PROVIDERS = ((StandardNames.IS_RI) 81 ? new String[] { "SunJCE" } 82 : new String[] { "BC", "AndroidOpenSSL" }); 83 84 private static boolean isSupported(String algorithm, String provider) { 85 if (algorithm.equals("RC2")) { 86 return false; 87 } 88 if (algorithm.equals("PBEWITHMD5ANDRC2")) { 89 return false; 90 } 91 if (algorithm.startsWith("PBEWITHSHA1ANDRC2")) { 92 return false; 93 } 94 if (algorithm.equals("PBEWITHSHAAND40BITRC2-CBC")) { 95 return false; 96 } 97 if (algorithm.equals("PBEWITHSHAAND128BITRC2-CBC")) { 98 return false; 99 } 100 if (algorithm.equals("PBEWITHSHAANDTWOFISH-CBC")) { 101 return false; 102 } 103 if (!IS_UNLIMITED) { 104 if (algorithm.equals("PBEWITHMD5ANDTRIPLEDES")) { 105 return false; 106 } 107 } 108 // stream modes CFB, CTR, CTS, OFB with PKCS5Padding or PKCS7Padding don't really make sense 109 if (!provider.equals("AndroidOpenSSL") && 110 (algorithm.equals("AES/CFB/PKCS5PADDING") 111 || algorithm.equals("AES/CFB/PKCS7PADDING") 112 || algorithm.equals("AES/CTR/PKCS5PADDING") 113 || algorithm.equals("AES/CTR/PKCS7PADDING") 114 || algorithm.equals("AES/CTS/PKCS5PADDING") 115 || algorithm.equals("AES/CTS/PKCS7PADDING") 116 || algorithm.equals("AES/OFB/PKCS5PADDING") 117 || algorithm.equals("AES/OFB/PKCS7PADDING"))) { 118 return false; 119 } 120 return true; 121 } 122 123 private static boolean isSupportedForWrapping(String algorithm) { 124 if (isOnlyWrappingAlgorithm(algorithm)) { 125 return true; 126 } 127 // http://b/9097343 RSA with NoPadding won't work since 128 // leading zeroes in the underlying key material are lost. 129 if (algorithm.equals("RSA/ECB/NOPADDING")) { 130 return false; 131 } 132 // AESWRAP should be used instead, fails with BC and SunJCE otherwise. 133 if (algorithm.startsWith("AES") || algorithm.startsWith("DESEDE")) { 134 return false; 135 } 136 return true; 137 } 138 139 private synchronized static int getEncryptMode(String algorithm) throws Exception { 140 if (isOnlyWrappingAlgorithm(algorithm)) { 141 return Cipher.WRAP_MODE; 142 } 143 return Cipher.ENCRYPT_MODE; 144 } 145 146 private synchronized static int getDecryptMode(String algorithm) throws Exception { 147 if (isOnlyWrappingAlgorithm(algorithm)) { 148 return Cipher.UNWRAP_MODE; 149 } 150 return Cipher.DECRYPT_MODE; 151 } 152 153 private static String getBaseAlgorithm(String algorithm) { 154 if (algorithm.equals("AESWRAP")) { 155 return "AES"; 156 } 157 if (algorithm.startsWith("AES/")) { 158 return "AES"; 159 } 160 if (algorithm.startsWith("AES_128/") || algorithm.startsWith("AES_256/")) { 161 return "AES"; 162 } 163 if (algorithm.equals("GCM")) { 164 return "AES"; 165 } 166 if (algorithm.startsWith("DESEDE/")) { 167 return "DESEDE"; 168 } 169 if (algorithm.equals("PBEWITHMD5AND128BITAES-CBC-OPENSSL")) { 170 return "AES"; 171 } 172 if (algorithm.equals("PBEWITHMD5AND192BITAES-CBC-OPENSSL")) { 173 return "AES"; 174 } 175 if (algorithm.equals("PBEWITHMD5AND256BITAES-CBC-OPENSSL")) { 176 return "AES"; 177 } 178 if (algorithm.equals("PBEWITHSHA256AND128BITAES-CBC-BC")) { 179 return "AES"; 180 } 181 if (algorithm.equals("PBEWITHSHA256AND192BITAES-CBC-BC")) { 182 return "AES"; 183 } 184 if (algorithm.equals("PBEWITHSHA256AND256BITAES-CBC-BC")) { 185 return "AES"; 186 } 187 if (algorithm.equals("PBEWITHSHAAND128BITAES-CBC-BC")) { 188 return "AES"; 189 } 190 if (algorithm.equals("PBEWITHSHAAND192BITAES-CBC-BC")) { 191 return "AES"; 192 } 193 if (algorithm.equals("PBEWITHSHAAND256BITAES-CBC-BC")) { 194 return "AES"; 195 } 196 if (algorithm.equals("PBEWITHMD5ANDDES")) { 197 return "DES"; 198 } 199 if (algorithm.equals("PBEWITHSHA1ANDDES")) { 200 return "DES"; 201 } 202 if (algorithm.equals("DESEDEWRAP")) { 203 return "DESEDE"; 204 } 205 if (algorithm.equals("PBEWITHSHAAND2-KEYTRIPLEDES-CBC")) { 206 return "DESEDE"; 207 } 208 if (algorithm.equals("PBEWITHSHAAND3-KEYTRIPLEDES-CBC")) { 209 return "DESEDE"; 210 } 211 if (algorithm.equals("PBEWITHMD5ANDTRIPLEDES")) { 212 return "DESEDE"; 213 } 214 if (algorithm.equals("PBEWITHSHA1ANDDESEDE")) { 215 return "DESEDE"; 216 } 217 if (algorithm.equals("RSA/ECB/NOPADDING")) { 218 return "RSA"; 219 } 220 if (algorithm.equals("RSA/ECB/PKCS1PADDING")) { 221 return "RSA"; 222 } 223 if (algorithm.equals("PBEWITHSHAAND40BITRC4")) { 224 return "ARC4"; 225 } 226 if (algorithm.equals("PBEWITHSHAAND128BITRC4")) { 227 return "ARC4"; 228 } 229 return algorithm; 230 } 231 232 private static boolean isAsymmetric(String algorithm) { 233 return getBaseAlgorithm(algorithm).equals("RSA"); 234 } 235 236 private static boolean isOnlyWrappingAlgorithm(String algorithm) { 237 return algorithm.endsWith("WRAP"); 238 } 239 240 private static boolean isPBE(String algorithm) { 241 return algorithm.startsWith("PBE"); 242 } 243 244 private static boolean isAEAD(String algorithm) { 245 return "GCM".equals(algorithm) || algorithm.contains("/GCM/"); 246 } 247 248 private static boolean isStreamMode(String algorithm) { 249 return algorithm.contains("/CTR/") || algorithm.contains("/OFB") 250 || algorithm.contains("/CFB"); 251 } 252 253 private static boolean isRandomizedEncryption(String algorithm) { 254 return algorithm.endsWith("/PKCS1PADDING") || algorithm.endsWith("/OAEPPADDING") 255 || algorithm.contains("/OAEPWITH"); 256 } 257 258 private static Map<String, Key> ENCRYPT_KEYS = new HashMap<String, Key>(); 259 260 /** 261 * Returns the key meant for enciphering for {@code algorithm}. 262 */ 263 private synchronized static Key getEncryptKey(String algorithm) { 264 Key key = ENCRYPT_KEYS.get(algorithm); 265 if (key != null) { 266 return key; 267 } 268 try { 269 if (algorithm.startsWith("RSA")) { 270 KeyFactory kf = KeyFactory.getInstance("RSA"); 271 RSAPublicKeySpec keySpec = new RSAPublicKeySpec(RSA_2048_modulus, 272 RSA_2048_publicExponent); 273 key = kf.generatePublic(keySpec); 274 } else if (isPBE(algorithm)) { 275 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 276 key = skf.generateSecret(new PBEKeySpec("secret".toCharArray())); 277 } else { 278 KeyGenerator kg = KeyGenerator.getInstance(getBaseAlgorithm(algorithm)); 279 if (algorithm.startsWith("AES_256/")) { 280 // This is the 256-bit constrained version, so we have to switch from the 281 // default of 128-bit keys. 282 kg.init(256); 283 } 284 key = kg.generateKey(); 285 } 286 } catch (Exception e) { 287 throw new AssertionError("Error generating keys for test setup", e); 288 } 289 ENCRYPT_KEYS.put(algorithm, key); 290 return key; 291 } 292 293 private static Map<String, Key> DECRYPT_KEYS = new HashMap<String, Key>(); 294 295 /** 296 * Returns the key meant for deciphering for {@code algorithm}. 297 */ 298 private synchronized static Key getDecryptKey(String algorithm) { 299 Key key = DECRYPT_KEYS.get(algorithm); 300 if (key != null) { 301 return key; 302 } 303 try { 304 if (algorithm.startsWith("RSA")) { 305 KeyFactory kf = KeyFactory.getInstance("RSA"); 306 RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(RSA_2048_modulus, 307 RSA_2048_publicExponent, RSA_2048_privateExponent, RSA_2048_primeP, 308 RSA_2048_primeQ, RSA_2048_primeExponentP, RSA_2048_primeExponentQ, 309 RSA_2048_crtCoefficient); 310 key = kf.generatePrivate(keySpec); 311 } else { 312 assertFalse(algorithm, isAsymmetric(algorithm)); 313 key = getEncryptKey(algorithm); 314 } 315 } catch (Exception e) { 316 throw new AssertionError("Error generating keys for test setup", e); 317 } 318 DECRYPT_KEYS.put(algorithm, key); 319 return key; 320 } 321 322 private static Map<String, Integer> EXPECTED_BLOCK_SIZE = new HashMap<String, Integer>(); 323 static { 324 setExpectedBlockSize("AES", 16); 325 setExpectedBlockSize("AES/CBC/PKCS5PADDING", 16); 326 setExpectedBlockSize("AES/CBC/PKCS7PADDING", 16); 327 setExpectedBlockSize("AES/CBC/NOPADDING", 16); 328 setExpectedBlockSize("AES/CFB/PKCS5PADDING", 16); 329 setExpectedBlockSize("AES/CFB/PKCS7PADDING", 16); 330 setExpectedBlockSize("AES/CFB/NOPADDING", 16); 331 setExpectedBlockSize("AES/CTR/PKCS5PADDING", 16); 332 setExpectedBlockSize("AES/CTR/PKCS7PADDING", 16); 333 setExpectedBlockSize("AES/CTR/NOPADDING", 16); 334 setExpectedBlockSize("AES/CTS/PKCS5PADDING", 16); 335 setExpectedBlockSize("AES/CTS/PKCS7PADDING", 16); 336 setExpectedBlockSize("AES/CTS/NOPADDING", 16); 337 setExpectedBlockSize("AES/ECB/PKCS5PADDING", 16); 338 setExpectedBlockSize("AES/ECB/PKCS7PADDING", 16); 339 setExpectedBlockSize("AES/ECB/NOPADDING", 16); 340 setExpectedBlockSize("AES/GCM/NOPADDING", 16); 341 setExpectedBlockSize("AES/OFB/PKCS5PADDING", 16); 342 setExpectedBlockSize("AES/OFB/PKCS7PADDING", 16); 343 setExpectedBlockSize("AES/OFB/NOPADDING", 16); 344 setExpectedBlockSize("AES_128/CBC/PKCS5PADDING", 16); 345 setExpectedBlockSize("AES_128/CBC/PKCS7PADDING", 16); 346 setExpectedBlockSize("AES_128/CBC/NOPADDING", 16); 347 setExpectedBlockSize("AES_128/ECB/PKCS5PADDING", 16); 348 setExpectedBlockSize("AES_128/ECB/PKCS7PADDING", 16); 349 setExpectedBlockSize("AES_128/ECB/NOPADDING", 16); 350 setExpectedBlockSize("AES_128/GCM/NOPADDING", 16); 351 setExpectedBlockSize("AES_256/CBC/PKCS5PADDING", 16); 352 setExpectedBlockSize("AES_256/CBC/PKCS7PADDING", 16); 353 setExpectedBlockSize("AES_256/CBC/NOPADDING", 16); 354 setExpectedBlockSize("AES_256/ECB/PKCS5PADDING", 16); 355 setExpectedBlockSize("AES_256/ECB/PKCS7PADDING", 16); 356 setExpectedBlockSize("AES_256/ECB/NOPADDING", 16); 357 setExpectedBlockSize("AES_256/GCM/NOPADDING", 16); 358 setExpectedBlockSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", 16); 359 setExpectedBlockSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", 16); 360 setExpectedBlockSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", 16); 361 setExpectedBlockSize("PBEWITHSHA256AND128BITAES-CBC-BC", 16); 362 setExpectedBlockSize("PBEWITHSHA256AND192BITAES-CBC-BC", 16); 363 setExpectedBlockSize("PBEWITHSHA256AND256BITAES-CBC-BC", 16); 364 setExpectedBlockSize("PBEWITHSHAAND128BITAES-CBC-BC", 16); 365 setExpectedBlockSize("PBEWITHSHAAND192BITAES-CBC-BC", 16); 366 setExpectedBlockSize("PBEWITHSHAAND256BITAES-CBC-BC", 16); 367 368 if (StandardNames.IS_RI) { 369 setExpectedBlockSize("AESWRAP", 16); 370 } else { 371 setExpectedBlockSize("AESWRAP", 0); 372 } 373 374 setExpectedBlockSize("ARC4", 0); 375 setExpectedBlockSize("ARCFOUR", 0); 376 setExpectedBlockSize("PBEWITHSHAAND40BITRC4", 0); 377 setExpectedBlockSize("PBEWITHSHAAND128BITRC4", 0); 378 379 setExpectedBlockSize("BLOWFISH", 8); 380 381 setExpectedBlockSize("DES", 8); 382 setExpectedBlockSize("PBEWITHMD5ANDDES", 8); 383 setExpectedBlockSize("PBEWITHSHA1ANDDES", 8); 384 385 setExpectedBlockSize("DESEDE", 8); 386 setExpectedBlockSize("DESEDE/CBC/PKCS5PADDING", 8); 387 setExpectedBlockSize("DESEDE/CBC/PKCS7PADDING", 8); 388 setExpectedBlockSize("DESEDE/CBC/NOPADDING", 8); 389 setExpectedBlockSize("DESEDE/CFB/PKCS5PADDING", 8); 390 setExpectedBlockSize("DESEDE/CFB/PKCS7PADDING", 8); 391 setExpectedBlockSize("DESEDE/CFB/NOPADDING", 8); 392 setExpectedBlockSize("DESEDE/CTR/PKCS5PADDING", 8); 393 setExpectedBlockSize("DESEDE/CTR/PKCS7PADDING", 8); 394 setExpectedBlockSize("DESEDE/CTR/NOPADDING", 8); 395 setExpectedBlockSize("DESEDE/CTS/PKCS5PADDING", 8); 396 setExpectedBlockSize("DESEDE/CTS/PKCS7PADDING", 8); 397 setExpectedBlockSize("DESEDE/CTS/NOPADDING", 8); 398 setExpectedBlockSize("DESEDE/ECB/PKCS5PADDING", 8); 399 setExpectedBlockSize("DESEDE/ECB/PKCS7PADDING", 8); 400 setExpectedBlockSize("DESEDE/ECB/NOPADDING", 8); 401 setExpectedBlockSize("DESEDE/OFB/PKCS5PADDING", 8); 402 setExpectedBlockSize("DESEDE/OFB/PKCS7PADDING", 8); 403 setExpectedBlockSize("DESEDE/OFB/NOPADDING", 8); 404 setExpectedBlockSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", 8); 405 setExpectedBlockSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", 8); 406 setExpectedBlockSize("PBEWITHMD5ANDTRIPLEDES", 8); 407 setExpectedBlockSize("PBEWITHSHA1ANDDESEDE", 8); 408 409 410 if (StandardNames.IS_RI) { 411 setExpectedBlockSize("DESEDEWRAP", 8); 412 } else { 413 setExpectedBlockSize("DESEDEWRAP", 0); 414 } 415 416 if (StandardNames.IS_RI) { 417 setExpectedBlockSize("RSA", 0); 418 setExpectedBlockSize("RSA/ECB/NoPadding", 0); 419 setExpectedBlockSize("RSA/ECB/PKCS1Padding", 0); 420 } else { 421 setExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, 256); 422 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, 256); 423 setExpectedBlockSize("RSA/ECB/PKCS1Padding", Cipher.ENCRYPT_MODE, 245); 424 425 // BC strips the leading 0 for us even when NoPadding is specified 426 setExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, "BC", 255); 427 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, "BC", 255); 428 429 setExpectedBlockSize("RSA", Cipher.DECRYPT_MODE, 256); 430 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, 256); 431 setExpectedBlockSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, 256); 432 433 // OAEP padding modes change the output and block size. SHA-1 is the default. 434 setExpectedBlockSize("RSA/ECB/OAEPPadding", Cipher.ENCRYPT_MODE, 214); 435 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", Cipher.ENCRYPT_MODE, 214); 436 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", Cipher.ENCRYPT_MODE, 198); 437 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", Cipher.ENCRYPT_MODE, 190); 438 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", Cipher.ENCRYPT_MODE, 158); 439 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", Cipher.ENCRYPT_MODE, 126); 440 441 setExpectedBlockSize("RSA/ECB/OAEPPadding", Cipher.DECRYPT_MODE, 256); 442 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 443 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 444 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 445 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 446 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 447 } 448 } 449 450 private static String modeKey(String algorithm, int mode) { 451 return algorithm + ":" + mode; 452 } 453 454 private static String modeProviderKey(String algorithm, int mode, String provider) { 455 return algorithm + ":" + mode + ":" + provider; 456 } 457 458 private static void setExpectedSize(Map<String, Integer> map, 459 String algorithm, int value) { 460 algorithm = algorithm.toUpperCase(Locale.US); 461 map.put(algorithm, value); 462 } 463 464 private static void setExpectedSize(Map<String, Integer> map, 465 String algorithm, int mode, int value) { 466 setExpectedSize(map, modeKey(algorithm, mode), value); 467 } 468 469 private static void setExpectedSize(Map<String, Integer> map, 470 String algorithm, int mode, String provider, int value) { 471 setExpectedSize(map, modeProviderKey(algorithm, mode, provider), value); 472 } 473 474 private static int getExpectedSize(Map<String, Integer> map, String algorithm, int mode, String provider) { 475 algorithm = algorithm.toUpperCase(Locale.US); 476 provider = provider.toUpperCase(Locale.US); 477 Integer expected = map.get(modeProviderKey(algorithm, mode, provider)); 478 if (expected != null) { 479 return expected; 480 } 481 expected = map.get(modeKey(algorithm, mode)); 482 if (expected != null) { 483 return expected; 484 } 485 expected = map.get(algorithm); 486 assertNotNull("Algorithm " + algorithm + " with mode " + mode + " and provider " + provider 487 + " not found in " + map, expected); 488 return expected; 489 } 490 491 private static void setExpectedBlockSize(String algorithm, int value) { 492 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, value); 493 } 494 495 private static void setExpectedBlockSize(String algorithm, int mode, int value) { 496 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, value); 497 } 498 499 private static void setExpectedBlockSize(String algorithm, int mode, String provider, int value) { 500 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, provider, value); 501 } 502 503 private static int getExpectedBlockSize(String algorithm, int mode, String provider) { 504 return getExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, provider); 505 } 506 507 private static Map<String, Integer> EXPECTED_OUTPUT_SIZE = new HashMap<String, Integer>(); 508 static { 509 setExpectedOutputSize("AES/CBC/NOPADDING", 0); 510 setExpectedOutputSize("AES/CFB/NOPADDING", 0); 511 setExpectedOutputSize("AES/CTR/NOPADDING", 0); 512 setExpectedOutputSize("AES/CTS/NOPADDING", 0); 513 setExpectedOutputSize("AES/ECB/NOPADDING", 0); 514 setExpectedOutputSize("AES/OFB/NOPADDING", 0); 515 setExpectedOutputSize("AES_128/CBC/NOPADDING", 0); 516 setExpectedOutputSize("AES_128/ECB/NOPADDING", 0); 517 setExpectedOutputSize("AES_256/CBC/NOPADDING", 0); 518 setExpectedOutputSize("AES_256/ECB/NOPADDING", 0); 519 520 setExpectedOutputSize("AES", Cipher.ENCRYPT_MODE, 16); 521 setExpectedOutputSize("AES/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 522 setExpectedOutputSize("AES/CBC/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 523 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 524 setExpectedOutputSize("AES/CFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 525 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 526 setExpectedOutputSize("AES/CTR/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 527 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 528 setExpectedOutputSize("AES/CTS/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 529 setExpectedOutputSize("AES/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 530 setExpectedOutputSize("AES/ECB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 531 setExpectedOutputSize("AES/GCM/NOPADDING", Cipher.ENCRYPT_MODE, GCM_TAG_SIZE_BITS / 8); 532 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 533 setExpectedOutputSize("AES/OFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 534 setExpectedOutputSize("AES_128/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 535 setExpectedOutputSize("AES_128/CBC/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 536 setExpectedOutputSize("AES_128/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 537 setExpectedOutputSize("AES_128/ECB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 538 setExpectedOutputSize("AES_128/GCM/NOPADDING", Cipher.ENCRYPT_MODE, GCM_TAG_SIZE_BITS / 8); 539 setExpectedOutputSize("AES_256/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 540 setExpectedOutputSize("AES_256/CBC/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 541 setExpectedOutputSize("AES_256/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 542 setExpectedOutputSize("AES_256/ECB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 543 setExpectedOutputSize("AES_256/GCM/NOPADDING", Cipher.ENCRYPT_MODE, GCM_TAG_SIZE_BITS / 8); 544 setExpectedOutputSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", 16); 545 setExpectedOutputSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", 16); 546 setExpectedOutputSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", 16); 547 setExpectedOutputSize("PBEWITHSHA256AND128BITAES-CBC-BC", 16); 548 setExpectedOutputSize("PBEWITHSHA256AND192BITAES-CBC-BC", 16); 549 setExpectedOutputSize("PBEWITHSHA256AND256BITAES-CBC-BC", 16); 550 setExpectedOutputSize("PBEWITHSHAAND128BITAES-CBC-BC", 16); 551 setExpectedOutputSize("PBEWITHSHAAND192BITAES-CBC-BC", 16); 552 setExpectedOutputSize("PBEWITHSHAAND256BITAES-CBC-BC", 16); 553 // AndroidOpenSSL returns zero for the non-block ciphers 554 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 555 setExpectedOutputSize("AES/CFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 556 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 557 setExpectedOutputSize("AES/CTR/PKCS7PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 558 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 559 setExpectedOutputSize("AES/CTS/PKCS7PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 560 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 561 setExpectedOutputSize("AES/OFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 562 563 setExpectedOutputSize("AES", Cipher.DECRYPT_MODE, 0); 564 setExpectedOutputSize("AES/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 565 setExpectedOutputSize("AES/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 566 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 567 setExpectedOutputSize("AES/CFB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 568 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 569 setExpectedOutputSize("AES/CTR/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 570 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 571 setExpectedOutputSize("AES/CTS/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 572 setExpectedOutputSize("AES/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 573 setExpectedOutputSize("AES/ECB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 574 setExpectedOutputSize("AES/GCM/NOPADDING", Cipher.DECRYPT_MODE, 0); 575 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 576 setExpectedOutputSize("AES/OFB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 577 setExpectedOutputSize("AES_128/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 578 setExpectedOutputSize("AES_128/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 579 setExpectedOutputSize("AES_128/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 580 setExpectedOutputSize("AES_128/ECB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 581 setExpectedOutputSize("AES_128/GCM/NOPADDING", Cipher.DECRYPT_MODE, 0); 582 setExpectedOutputSize("AES_256/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 583 setExpectedOutputSize("AES_256/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 584 setExpectedOutputSize("AES_256/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 585 setExpectedOutputSize("AES_256/ECB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 586 setExpectedOutputSize("AES_256/GCM/NOPADDING", Cipher.DECRYPT_MODE, 0); 587 setExpectedOutputSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 588 setExpectedOutputSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 589 setExpectedOutputSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 590 setExpectedOutputSize("PBEWITHSHA256AND128BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 591 setExpectedOutputSize("PBEWITHSHA256AND192BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 592 setExpectedOutputSize("PBEWITHSHA256AND256BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 593 setExpectedOutputSize("PBEWITHSHAAND128BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 594 setExpectedOutputSize("PBEWITHSHAAND192BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 595 setExpectedOutputSize("PBEWITHSHAAND256BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 596 setExpectedOutputSize("DESEDE/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, "AndroidOpenSSL", 0); 597 setExpectedOutputSize("DESEDE/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, "AndroidOpenSSL", 0); 598 599 if (StandardNames.IS_RI) { 600 setExpectedOutputSize("AESWRAP", Cipher.WRAP_MODE, 8); 601 setExpectedOutputSize("AESWRAP", Cipher.UNWRAP_MODE, 0); 602 } else { 603 setExpectedOutputSize("AESWRAP", -1); 604 } 605 606 setExpectedOutputSize("ARC4", 0); 607 setExpectedOutputSize("ARCFOUR", 0); 608 setExpectedOutputSize("PBEWITHSHAAND40BITRC4", 0); 609 setExpectedOutputSize("PBEWITHSHAAND128BITRC4", 0); 610 611 setExpectedOutputSize("BLOWFISH", Cipher.ENCRYPT_MODE, 8); 612 setExpectedOutputSize("BLOWFISH", Cipher.DECRYPT_MODE, 0); 613 614 setExpectedOutputSize("DES", Cipher.ENCRYPT_MODE, 8); 615 setExpectedOutputSize("PBEWITHMD5ANDDES", Cipher.ENCRYPT_MODE, 8); 616 setExpectedOutputSize("PBEWITHSHA1ANDDES", Cipher.ENCRYPT_MODE, 8); 617 618 setExpectedOutputSize("DES", Cipher.DECRYPT_MODE, 0); 619 setExpectedOutputSize("PBEWITHMD5ANDDES", Cipher.DECRYPT_MODE, 0); 620 setExpectedOutputSize("PBEWITHSHA1ANDDES", Cipher.DECRYPT_MODE, 0); 621 622 setExpectedOutputSize("DESEDE/CBC/NOPADDING", 0); 623 setExpectedOutputSize("DESEDE/CFB/NOPADDING", 0); 624 setExpectedOutputSize("DESEDE/CTR/NOPADDING", 0); 625 setExpectedOutputSize("DESEDE/CTS/NOPADDING", 0); 626 setExpectedOutputSize("DESEDE/ECB/NOPADDING", 0); 627 setExpectedOutputSize("DESEDE/OFB/NOPADDING", 0); 628 629 setExpectedOutputSize("DESEDE", Cipher.ENCRYPT_MODE, 8); 630 setExpectedOutputSize("DESEDE/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 631 setExpectedOutputSize("DESEDE/CBC/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 632 setExpectedOutputSize("DESEDE/CFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 633 setExpectedOutputSize("DESEDE/CFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 634 setExpectedOutputSize("DESEDE/CTR/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 635 setExpectedOutputSize("DESEDE/CTR/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 636 setExpectedOutputSize("DESEDE/CTS/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 637 setExpectedOutputSize("DESEDE/CTS/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 638 setExpectedOutputSize("DESEDE/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 639 setExpectedOutputSize("DESEDE/ECB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 640 setExpectedOutputSize("DESEDE/OFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 641 setExpectedOutputSize("DESEDE/OFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 642 setExpectedOutputSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", Cipher.ENCRYPT_MODE, 8); 643 setExpectedOutputSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", Cipher.ENCRYPT_MODE, 8); 644 setExpectedOutputSize("PBEWITHMD5ANDTRIPLEDES", Cipher.ENCRYPT_MODE, 8); 645 setExpectedOutputSize("PBEWITHSHA1ANDDESEDE", Cipher.ENCRYPT_MODE, 8); 646 647 setExpectedOutputSize("DESEDE", Cipher.DECRYPT_MODE, 0); 648 setExpectedOutputSize("DESEDE/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 649 setExpectedOutputSize("DESEDE/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 650 setExpectedOutputSize("DESEDE/CFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 651 setExpectedOutputSize("DESEDE/CFB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 652 setExpectedOutputSize("DESEDE/CTR/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 653 setExpectedOutputSize("DESEDE/CTR/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 654 setExpectedOutputSize("DESEDE/CTS/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 655 setExpectedOutputSize("DESEDE/CTS/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 656 setExpectedOutputSize("DESEDE/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 657 setExpectedOutputSize("DESEDE/ECB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 658 setExpectedOutputSize("DESEDE/OFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 659 setExpectedOutputSize("DESEDE/OFB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 660 setExpectedOutputSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", Cipher.DECRYPT_MODE, 0); 661 setExpectedOutputSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", Cipher.DECRYPT_MODE, 0); 662 setExpectedOutputSize("PBEWITHMD5ANDTRIPLEDES", Cipher.DECRYPT_MODE, 0); 663 setExpectedOutputSize("PBEWITHSHA1ANDDESEDE", Cipher.DECRYPT_MODE, 0); 664 665 if (StandardNames.IS_RI) { 666 setExpectedOutputSize("DESEDEWRAP", Cipher.WRAP_MODE, 16); 667 setExpectedOutputSize("DESEDEWRAP", Cipher.UNWRAP_MODE, 0); 668 } else { 669 setExpectedOutputSize("DESEDEWRAP", -1); 670 } 671 672 setExpectedOutputSize("RSA", Cipher.ENCRYPT_MODE, 256); 673 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, 256); 674 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.ENCRYPT_MODE, 256); 675 676 setExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, 256); 677 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, 256); 678 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, 245); 679 setExpectedOutputSize("RSA/ECB/OAEPPadding", Cipher.DECRYPT_MODE, 256); 680 681 // SunJCE returns the full for size even when PKCS1Padding is specified 682 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, "SunJCE", 256); 683 684 // BC strips the leading 0 for us even when NoPadding is specified 685 setExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, "BC", 255); 686 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, "BC", 255); 687 688 // OAEP padding modes change the output and block size. SHA-1 is the default. 689 setExpectedOutputSize("RSA/ECB/OAEPPadding", Cipher.DECRYPT_MODE, 214); 690 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", Cipher.DECRYPT_MODE, 214); 691 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", Cipher.DECRYPT_MODE, 198); 692 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", Cipher.DECRYPT_MODE, 190); 693 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", Cipher.DECRYPT_MODE, 158); 694 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", Cipher.DECRYPT_MODE, 126); 695 696 setExpectedOutputSize("RSA/ECB/OAEPPadding", Cipher.ENCRYPT_MODE, 256); 697 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 698 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 699 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 700 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 701 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 702 } 703 704 private static void setExpectedOutputSize(String algorithm, int value) { 705 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, value); 706 } 707 708 private static void setExpectedOutputSize(String algorithm, int mode, int value) { 709 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, value); 710 } 711 712 private static void setExpectedOutputSize(String algorithm, int mode, String provider, int value) { 713 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, provider, value); 714 } 715 716 private static int getExpectedOutputSize(String algorithm, int mode, String provider) { 717 return getExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, provider); 718 } 719 720 private static byte[] ORIGINAL_PLAIN_TEXT = new byte[] { 0x0a, 0x0b, 0x0c }; 721 private static byte[] SIXTEEN_BYTE_BLOCK_PLAIN_TEXT = new byte[] { 0x0a, 0x0b, 0x0c, 0x00, 722 0x00, 0x00, 0x00, 0x00, 723 0x00, 0x00, 0x00, 0x00, 724 0x00, 0x00, 0x00, 0x00 }; 725 private static byte[] EIGHT_BYTE_BLOCK_PLAIN_TEXT = new byte[] { 0x0a, 0x0b, 0x0c, 0x00, 726 0x00, 0x00, 0x00, 0x00 }; 727 private static byte[] PKCS1_BLOCK_TYPE_00_PADDED_PLAIN_TEXT = new byte[] { 728 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 729 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 730 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 731 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 732 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 733 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 734 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 735 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 736 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 737 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 738 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 739 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 740 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 741 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 742 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 743 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0a, 0x0b, 0x0c 744 }; 745 private static byte[] PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT = new byte[] { 746 (byte) 0x00, (byte) 0x01, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 747 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 748 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 749 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 750 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 751 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 752 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 753 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 754 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 755 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 756 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 757 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 758 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 759 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 760 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 761 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 762 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 763 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 764 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 765 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 766 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 767 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 768 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 769 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 770 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 771 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 772 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 773 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 774 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 775 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 776 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 777 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c 778 }; 779 private static byte[] PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT = new byte[] { 780 (byte) 0x00, (byte) 0x02, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 781 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 782 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 783 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 784 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 785 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 786 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 787 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 788 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 789 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 790 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 791 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 792 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 793 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 794 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 795 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 796 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 797 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 798 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 799 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 800 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 801 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 802 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 803 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 804 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 805 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 806 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 807 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 808 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 809 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 810 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 811 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c 812 }; 813 814 815 private static byte[] getActualPlainText(String algorithm) { 816 // Block mode AES with NoPadding needs to match underlying block size 817 if (algorithm.equals("AES") 818 || algorithm.equals("AES/CBC/NOPADDING") 819 || algorithm.equals("AES/CTS/NOPADDING") 820 || algorithm.equals("AES/ECB/NOPADDING") 821 || algorithm.equals("AES_128/CBC/NOPADDING") 822 || algorithm.equals("AES_128/ECB/NOPADDING") 823 || algorithm.equals("AES_256/CBC/NOPADDING") 824 || algorithm.equals("AES_256/ECB/NOPADDING")) { 825 return SIXTEEN_BYTE_BLOCK_PLAIN_TEXT; 826 } 827 if (algorithm.equals("DESEDE") 828 || algorithm.equals("DESEDE/CBC/NOPADDING") 829 || algorithm.equals("DESEDE/ECB/NOPADDING")) { 830 return EIGHT_BYTE_BLOCK_PLAIN_TEXT; 831 } 832 return ORIGINAL_PLAIN_TEXT; 833 } 834 835 private static byte[] getExpectedPlainText(String algorithm, String provider) { 836 // Block mode AES with NoPadding needs to match underlying block size 837 if (algorithm.equals("AES") 838 || algorithm.equals("AES/CBC/NOPADDING") 839 || algorithm.equals("AES/CTS/NOPADDING") 840 || algorithm.equals("AES/ECB/NOPADDING") 841 || algorithm.equals("AES_128/CBC/NOPADDING") 842 || algorithm.equals("AES_128/ECB/NOPADDING") 843 || algorithm.equals("AES_256/CBC/NOPADDING") 844 || algorithm.equals("AES_256/ECB/NOPADDING")) { 845 return SIXTEEN_BYTE_BLOCK_PLAIN_TEXT; 846 } 847 if (algorithm.equals("DESEDE") 848 || algorithm.equals("DESEDE/CBC/NOPADDING") 849 || algorithm.equals("DESEDE/ECB/NOPADDING")) { 850 return EIGHT_BYTE_BLOCK_PLAIN_TEXT; 851 } 852 // BC strips the leading 0 for us even when NoPadding is specified 853 if (!provider.equals("BC") && algorithm.equals("RSA/ECB/NOPADDING")) { 854 return PKCS1_BLOCK_TYPE_00_PADDED_PLAIN_TEXT; 855 } 856 return ORIGINAL_PLAIN_TEXT; 857 } 858 859 private static AlgorithmParameterSpec getEncryptAlgorithmParameterSpec(String algorithm) { 860 if (isPBE(algorithm)) { 861 final byte[] salt = new byte[8]; 862 new SecureRandom().nextBytes(salt); 863 return new PBEParameterSpec(salt, 1024); 864 } 865 if (algorithm.equals("AES/GCM/NOPADDING") 866 || algorithm.equals("AES_128/GCM/NOPADDING") 867 || algorithm.equals("AES_256/GCM/NOPADDING")) { 868 final byte[] iv = new byte[12]; 869 new SecureRandom().nextBytes(iv); 870 return new GCMParameterSpec(GCM_TAG_SIZE_BITS, iv); 871 } 872 if (algorithm.equals("AES/CBC/NOPADDING") 873 || algorithm.equals("AES/CBC/PKCS5PADDING") 874 || algorithm.equals("AES/CBC/PKCS7PADDING") 875 || algorithm.equals("AES/CFB/NOPADDING") 876 || algorithm.equals("AES/CTR/NOPADDING") 877 || algorithm.equals("AES/CTS/NOPADDING") 878 || algorithm.equals("AES/OFB/NOPADDING") 879 || algorithm.equals("AES_128/CBC/NOPADDING") 880 || algorithm.equals("AES_128/CBC/PKCS5PADDING") 881 || algorithm.equals("AES_128/CBC/PKCS7PADDING") 882 || algorithm.equals("AES_256/CBC/NOPADDING") 883 || algorithm.equals("AES_256/CBC/PKCS5PADDING") 884 || algorithm.equals("AES_256/CBC/PKCS7PADDING")) { 885 final byte[] iv = new byte[16]; 886 new SecureRandom().nextBytes(iv); 887 return new IvParameterSpec(iv); 888 } 889 if (algorithm.equals("DESEDE/CBC/NOPADDING") 890 || algorithm.equals("DESEDE/CBC/PKCS5PADDING") 891 || algorithm.equals("DESEDE/CBC/PKCS7PADDING") 892 || algorithm.equals("DESEDE/CFB/NOPADDING") 893 || algorithm.equals("DESEDE/CTR/NOPADDING") 894 || algorithm.equals("DESEDE/CTS/NOPADDING") 895 || algorithm.equals("DESEDE/OFB/NOPADDING")) { 896 final byte[] iv = new byte[8]; 897 new SecureRandom().nextBytes(iv); 898 return new IvParameterSpec(iv); 899 } 900 return null; 901 } 902 903 private static AlgorithmParameterSpec getDecryptAlgorithmParameterSpec(AlgorithmParameterSpec encryptSpec, 904 Cipher encryptCipher) { 905 String algorithm = encryptCipher.getAlgorithm().toUpperCase(Locale.US); 906 if (isPBE(algorithm)) { 907 return encryptSpec; 908 } 909 if (isOnlyWrappingAlgorithm(algorithm)) { 910 return null; 911 } 912 byte[] iv = encryptCipher.getIV(); 913 if (iv != null) { 914 if ("AES/GCM/NOPADDING".equals(algorithm) 915 || "AES_128/GCM/NOPADDING".equals(algorithm) 916 || "AES_256/GCM/NOPADDING".equals(algorithm)) { 917 return new GCMParameterSpec(GCM_TAG_SIZE_BITS, iv); 918 } 919 return new IvParameterSpec(iv); 920 } 921 return null; 922 } 923 924 /* 925 * This must be below everything else to make sure the other static blocks 926 * have run first. 927 */ 928 private static final boolean IS_UNLIMITED; 929 static { 930 boolean is_unlimited; 931 if (StandardNames.IS_RI) { 932 try { 933 String algorithm = "PBEWITHMD5ANDTRIPLEDES"; 934 Cipher.getInstance(algorithm).init(getEncryptMode(algorithm), 935 getEncryptKey(algorithm), 936 getEncryptAlgorithmParameterSpec(algorithm)); 937 is_unlimited = true; 938 } catch (Exception e) { 939 is_unlimited = false; 940 System.out.println("WARNING: Some tests disabled due to lack of " 941 + "'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'"); 942 } 943 } else { 944 is_unlimited = true; 945 } 946 IS_UNLIMITED = is_unlimited; 947 } 948 949 private static abstract class MockProvider extends Provider { 950 public MockProvider(String name) { 951 super(name, 1.0, "Mock provider used for testing"); 952 setup(); 953 } 954 955 public abstract void setup(); 956 } 957 958 public void testCipher_getInstance_SuppliedProviderNotRegistered_Success() throws Exception { 959 Provider mockProvider = new MockProvider("MockProvider") { 960 public void setup() { 961 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 962 } 963 }; 964 965 { 966 Cipher c = Cipher.getInstance("FOO", mockProvider); 967 c.init(Cipher.ENCRYPT_MODE, new MockKey()); 968 assertEquals(mockProvider, c.getProvider()); 969 } 970 } 971 972 public void testCipher_getInstance_DoesNotSupportKeyClass_Success() throws Exception { 973 Provider mockProvider = new MockProvider("MockProvider") { 974 public void setup() { 975 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 976 put("Cipher.FOO SupportedKeyClasses", "None"); 977 } 978 }; 979 980 Security.addProvider(mockProvider); 981 try { 982 Cipher c = Cipher.getInstance("FOO", mockProvider); 983 c.init(Cipher.ENCRYPT_MODE, new MockKey()); 984 assertEquals(mockProvider, c.getProvider()); 985 } finally { 986 Security.removeProvider(mockProvider.getName()); 987 } 988 } 989 990 public void testCipher_getInstance_SuppliedProviderNotRegistered_MultipartTransform_Success() 991 throws Exception { 992 Provider mockProvider = new MockProvider("MockProvider") { 993 public void setup() { 994 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 995 } 996 }; 997 998 { 999 Cipher c = Cipher.getInstance("FOO/FOO/FOO", mockProvider); 1000 c.init(Cipher.ENCRYPT_MODE, new MockKey()); 1001 assertEquals(mockProvider, c.getProvider()); 1002 } 1003 } 1004 1005 public void testCipher_getInstance_OnlyUsesSpecifiedProvider_SameNameAndClass_Success() 1006 throws Exception { 1007 Provider mockProvider = new MockProvider("MockProvider") { 1008 public void setup() { 1009 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1010 } 1011 }; 1012 1013 Security.addProvider(mockProvider); 1014 try { 1015 { 1016 Provider mockProvider2 = new MockProvider("MockProvider") { 1017 public void setup() { 1018 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1019 } 1020 }; 1021 Cipher c = Cipher.getInstance("FOO", mockProvider2); 1022 assertEquals(mockProvider2, c.getProvider()); 1023 } 1024 } finally { 1025 Security.removeProvider(mockProvider.getName()); 1026 } 1027 } 1028 1029 public void testCipher_getInstance_DelayedInitialization_KeyType() throws Exception { 1030 Provider mockProviderSpecific = new MockProvider("MockProviderSpecific") { 1031 public void setup() { 1032 put("Cipher.FOO", MockCipherSpi.SpecificKeyTypes.class.getName()); 1033 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1034 } 1035 }; 1036 Provider mockProviderSpecific2 = new MockProvider("MockProviderSpecific2") { 1037 public void setup() { 1038 put("Cipher.FOO", MockCipherSpi.SpecificKeyTypes2.class.getName()); 1039 put("Cipher.FOO SupportedKeyClasses", MockKey2.class.getName()); 1040 } 1041 }; 1042 Provider mockProviderAll = new MockProvider("MockProviderAll") { 1043 public void setup() { 1044 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1045 } 1046 }; 1047 1048 Security.addProvider(mockProviderSpecific); 1049 Security.addProvider(mockProviderSpecific2); 1050 Security.addProvider(mockProviderAll); 1051 1052 try { 1053 { 1054 System.out.println(Arrays.deepToString(Security.getProviders("Cipher.FOO"))); 1055 Cipher c = Cipher.getInstance("FOO"); 1056 c.init(Cipher.ENCRYPT_MODE, new MockKey()); 1057 assertEquals(mockProviderSpecific, c.getProvider()); 1058 1059 try { 1060 c.init(Cipher.ENCRYPT_MODE, new MockKey2()); 1061 assertEquals(mockProviderSpecific2, c.getProvider()); 1062 if (StandardNames.IS_RI) { 1063 fail("RI was broken before; fix tests now that it works!"); 1064 } 1065 } catch (InvalidKeyException e) { 1066 if (!StandardNames.IS_RI) { 1067 fail("Non-RI should select the right provider"); 1068 } 1069 } 1070 } 1071 1072 { 1073 Cipher c = Cipher.getInstance("FOO"); 1074 c.init(Cipher.ENCRYPT_MODE, new Key() { 1075 @Override 1076 public String getAlgorithm() { 1077 throw new UnsupportedOperationException("not implemented"); 1078 } 1079 1080 @Override 1081 public String getFormat() { 1082 throw new UnsupportedOperationException("not implemented"); 1083 } 1084 1085 @Override 1086 public byte[] getEncoded() { 1087 throw new UnsupportedOperationException("not implemented"); 1088 } 1089 }); 1090 assertEquals(mockProviderAll, c.getProvider()); 1091 } 1092 1093 { 1094 Cipher c = Cipher.getInstance("FOO"); 1095 assertEquals(mockProviderSpecific, c.getProvider()); 1096 } 1097 } finally { 1098 Security.removeProvider(mockProviderSpecific.getName()); 1099 Security.removeProvider(mockProviderSpecific2.getName()); 1100 Security.removeProvider(mockProviderAll.getName()); 1101 } 1102 } 1103 1104 public void testCipher_getInstance_CorrectPriority_AlgorithmOnlyFirst() throws Exception { 1105 Provider mockProviderOnlyAlgorithm = new MockProvider("MockProviderOnlyAlgorithm") { 1106 public void setup() { 1107 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1108 } 1109 }; 1110 Provider mockProviderFullTransformSpecified = new MockProvider("MockProviderFull") { 1111 public void setup() { 1112 put("Cipher.FOO/FOO/FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1113 } 1114 }; 1115 1116 Security.addProvider(mockProviderOnlyAlgorithm); 1117 Security.addProvider(mockProviderFullTransformSpecified); 1118 try { 1119 Cipher c = Cipher.getInstance("FOO/FOO/FOO"); 1120 assertEquals(mockProviderOnlyAlgorithm, c.getProvider()); 1121 } finally { 1122 Security.removeProvider(mockProviderOnlyAlgorithm.getName()); 1123 Security.removeProvider(mockProviderFullTransformSpecified.getName()); 1124 } 1125 } 1126 1127 public void testCipher_getInstance_CorrectPriority_FullTransformFirst() throws Exception { 1128 Provider mockProviderOnlyAlgorithm = new MockProvider("MockProviderOnlyAlgorithm") { 1129 public void setup() { 1130 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1131 } 1132 }; 1133 Provider mockProviderFullTransformSpecified = new MockProvider("MockProviderFull") { 1134 public void setup() { 1135 put("Cipher.FOO/FOO/FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1136 } 1137 }; 1138 1139 Security.addProvider(mockProviderFullTransformSpecified); 1140 Security.addProvider(mockProviderOnlyAlgorithm); 1141 try { 1142 Cipher c = Cipher.getInstance("FOO/FOO/FOO"); 1143 assertEquals(mockProviderFullTransformSpecified, c.getProvider()); 1144 } finally { 1145 Security.removeProvider(mockProviderOnlyAlgorithm.getName()); 1146 Security.removeProvider(mockProviderFullTransformSpecified.getName()); 1147 } 1148 } 1149 1150 public void testCipher_getInstance_CorrectPriority_AliasedAlgorithmFirst() throws Exception { 1151 Provider mockProviderAliasedAlgorithm = new MockProvider("MockProviderAliasedAlgorithm") { 1152 public void setup() { 1153 put("Cipher.BAR", MockCipherSpi.AllKeyTypes.class.getName()); 1154 put("Alg.Alias.Cipher.FOO", "BAR"); 1155 } 1156 }; 1157 Provider mockProviderAlgorithmOnly = new MockProvider("MockProviderAlgorithmOnly") { 1158 public void setup() { 1159 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1160 } 1161 }; 1162 1163 Security.addProvider(mockProviderAliasedAlgorithm); 1164 Security.addProvider(mockProviderAlgorithmOnly); 1165 try { 1166 Cipher c = Cipher.getInstance("FOO/FOO/FOO"); 1167 assertEquals(mockProviderAliasedAlgorithm, c.getProvider()); 1168 } finally { 1169 Security.removeProvider(mockProviderAliasedAlgorithm.getName()); 1170 Security.removeProvider(mockProviderAlgorithmOnly.getName()); 1171 } 1172 } 1173 1174 public void testCipher_getInstance_WrongType_Failure() throws Exception { 1175 Provider mockProviderInvalid = new MockProvider("MockProviderInvalid") { 1176 public void setup() { 1177 put("Cipher.FOO", Object.class.getName()); 1178 } 1179 }; 1180 1181 Security.addProvider(mockProviderInvalid); 1182 try { 1183 Cipher c = Cipher.getInstance("FOO"); 1184 c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(new byte[16], "FOO")); 1185 fail("Should not find any matching providers; found: " + c); 1186 } catch (ClassCastException expected) { 1187 } finally { 1188 Security.removeProvider(mockProviderInvalid.getName()); 1189 } 1190 } 1191 1192 public void testCipher_init_CallsInitWithParams_AlgorithmParameterSpec() throws Exception { 1193 Provider mockProviderRejects = new MockProvider("MockProviderRejects") { 1194 public void setup() { 1195 put("Cipher.FOO", 1196 MockCipherSpi.MustInitWithAlgorithmParameterSpec_RejectsAll.class.getName()); 1197 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1198 } 1199 }; 1200 Provider mockProviderAccepts = new MockProvider("MockProviderAccepts") { 1201 public void setup() { 1202 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1203 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1204 } 1205 }; 1206 1207 Security.addProvider(mockProviderRejects); 1208 Security.addProvider(mockProviderAccepts); 1209 try { 1210 Cipher c = Cipher.getInstance("FOO"); 1211 c.init(Cipher.ENCRYPT_MODE, new MockKey(), new IvParameterSpec(new byte[12])); 1212 assertEquals(mockProviderAccepts, c.getProvider()); 1213 } finally { 1214 Security.removeProvider(mockProviderRejects.getName()); 1215 Security.removeProvider(mockProviderAccepts.getName()); 1216 } 1217 } 1218 1219 public void testCipher_init_CallsInitWithParams_AlgorithmParameters() throws Exception { 1220 Provider mockProviderRejects = new MockProvider("MockProviderRejects") { 1221 public void setup() { 1222 put("Cipher.FOO", 1223 MockCipherSpi.MustInitWithAlgorithmParameters_RejectsAll.class.getName()); 1224 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1225 } 1226 }; 1227 Provider mockProviderAccepts = new MockProvider("MockProviderAccepts") { 1228 public void setup() { 1229 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1230 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1231 } 1232 }; 1233 1234 Security.addProvider(mockProviderRejects); 1235 Security.addProvider(mockProviderAccepts); 1236 try { 1237 Cipher c = Cipher.getInstance("FOO"); 1238 c.init(Cipher.ENCRYPT_MODE, new MockKey(), AlgorithmParameters.getInstance("AES")); 1239 assertEquals(mockProviderAccepts, c.getProvider()); 1240 } finally { 1241 Security.removeProvider(mockProviderRejects.getName()); 1242 Security.removeProvider(mockProviderAccepts.getName()); 1243 } 1244 } 1245 1246 public void testCipher_init_CallsInitIgnoresRuntimeException() throws Exception { 1247 Provider mockProviderRejects = new MockProvider("MockProviderRejects") { 1248 public void setup() { 1249 put("Cipher.FOO", 1250 MockCipherSpi.MustInitWithAlgorithmParameters_ThrowsNull.class.getName()); 1251 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1252 } 1253 }; 1254 Provider mockProviderAccepts = new MockProvider("MockProviderAccepts") { 1255 public void setup() { 1256 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1257 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1258 } 1259 }; 1260 1261 Security.addProvider(mockProviderRejects); 1262 Security.addProvider(mockProviderAccepts); 1263 try { 1264 Cipher c = Cipher.getInstance("FOO"); 1265 c.init(Cipher.ENCRYPT_MODE, new MockKey(), AlgorithmParameters.getInstance("AES")); 1266 assertEquals(mockProviderAccepts, c.getProvider()); 1267 } finally { 1268 Security.removeProvider(mockProviderRejects.getName()); 1269 Security.removeProvider(mockProviderAccepts.getName()); 1270 } 1271 } 1272 1273 public void testCipher_init_CallsInitWithMode() throws Exception { 1274 Provider mockProviderOnlyEncrypt = new MockProvider("MockProviderOnlyEncrypt") { 1275 public void setup() { 1276 put("Cipher.FOO", MockCipherSpi.MustInitForEncryptModeOrRejects.class.getName()); 1277 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1278 } 1279 }; 1280 Provider mockProviderAcceptsAll = new MockProvider("MockProviderAcceptsAll") { 1281 public void setup() { 1282 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 1283 put("Cipher.FOO SupportedKeyClasses", MockKey.class.getName()); 1284 } 1285 }; 1286 1287 Security.addProvider(mockProviderOnlyEncrypt); 1288 Security.addProvider(mockProviderAcceptsAll); 1289 try { 1290 { 1291 Cipher c = Cipher.getInstance("FOO"); 1292 c.init(Cipher.DECRYPT_MODE, new MockKey(), AlgorithmParameters.getInstance("AES")); 1293 assertEquals(mockProviderAcceptsAll, c.getProvider()); 1294 } 1295 1296 { 1297 Cipher c = Cipher.getInstance("FOO"); 1298 c.init(Cipher.ENCRYPT_MODE, new MockKey(), AlgorithmParameters.getInstance("AES")); 1299 assertEquals(mockProviderOnlyEncrypt, c.getProvider()); 1300 } 1301 } finally { 1302 Security.removeProvider(mockProviderOnlyEncrypt.getName()); 1303 Security.removeProvider(mockProviderAcceptsAll.getName()); 1304 } 1305 } 1306 1307 public void test_getInstance() throws Exception { 1308 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 1309 PrintStream out = new PrintStream(errBuffer); 1310 1311 Set<String> seenBaseCipherNames = new HashSet<String>(); 1312 Set<String> seenCiphersWithModeAndPadding = new HashSet<String>(); 1313 1314 Provider[] providers = Security.getProviders(); 1315 for (Provider provider : providers) { 1316 Set<Provider.Service> services = provider.getServices(); 1317 for (Provider.Service service : services) { 1318 String type = service.getType(); 1319 if (!type.equals("Cipher")) { 1320 continue; 1321 } 1322 1323 String algorithm = service.getAlgorithm(); 1324 1325 /* 1326 * Any specific modes and paddings aren't tested directly here, 1327 * but we need to make sure we see the bare algorithm from some 1328 * provider. We will test each mode specifically when we get the 1329 * base cipher. 1330 */ 1331 final int firstSlash = algorithm.indexOf('/'); 1332 if (firstSlash == -1) { 1333 seenBaseCipherNames.add(algorithm); 1334 } else { 1335 final String baseCipherName = algorithm.substring(0, firstSlash); 1336 if (!seenBaseCipherNames.contains(baseCipherName) 1337 && !(baseCipherName.equals("AES_128") 1338 || baseCipherName.equals("AES_256"))) { 1339 seenCiphersWithModeAndPadding.add(baseCipherName); 1340 } 1341 if (!"AndroidOpenSSL".equals(provider.getName())) { 1342 continue; 1343 } 1344 } 1345 1346 try { 1347 test_Cipher_Algorithm(provider, algorithm); 1348 } catch (Throwable e) { 1349 out.append("Error encountered checking " + algorithm 1350 + " with provider " + provider.getName() + "\n"); 1351 e.printStackTrace(out); 1352 } 1353 1354 Set<String> modes = StandardNames.getModesForCipher(algorithm); 1355 if (modes != null) { 1356 for (String mode : modes) { 1357 Set<String> paddings = StandardNames.getPaddingsForCipher(algorithm); 1358 if (paddings != null) { 1359 for (String padding : paddings) { 1360 final String algorithmName = algorithm + "/" + mode + "/" + padding; 1361 try { 1362 test_Cipher_Algorithm(provider, algorithmName); 1363 } catch (Throwable e) { 1364 out.append("Error encountered checking " + algorithmName 1365 + " with provider " + provider.getName() + "\n"); 1366 e.printStackTrace(out); 1367 } 1368 } 1369 } 1370 } 1371 } 1372 } 1373 } 1374 1375 seenCiphersWithModeAndPadding.removeAll(seenBaseCipherNames); 1376 assertEquals("Ciphers seen with mode and padding but not base cipher", 1377 Collections.EMPTY_SET, seenCiphersWithModeAndPadding); 1378 1379 out.flush(); 1380 if (errBuffer.size() > 0) { 1381 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 1382 } 1383 } 1384 1385 private void test_Cipher_Algorithm(Provider provider, String algorithm) throws Exception { 1386 if (algorithm.equals("RSA") && provider.getName().equals("BC")) { 1387 // http://b/9097343 BC's Cipher.RSA defaults to NoPadding 1388 // which makes it fail the key wrapping test if the 1389 // generated AES key to wrap starts with a leading 1390 // zero. For the purposes of the test, use the same 1391 // default behavior as the RI. Real code really should 1392 // specify the exact mode and padding they need and not 1393 // rely on defaults. http://b/9097343 1394 algorithm = "RSA/ECB/PKCS1Padding"; 1395 } 1396 1397 // Cipher.getInstance(String) 1398 Cipher c1 = Cipher.getInstance(algorithm); 1399 if (provider.equals(c1.getProvider())) { 1400 assertEquals(algorithm, c1.getAlgorithm()); 1401 test_Cipher(c1); 1402 } 1403 1404 // Cipher.getInstance(String, Provider) 1405 Cipher c2 = Cipher.getInstance(algorithm, provider); 1406 assertEquals(algorithm, c2.getAlgorithm()); 1407 assertEquals(provider, c2.getProvider()); 1408 test_Cipher(c2); 1409 1410 // Cipher.getInstance(String, String) 1411 Cipher c3 = Cipher.getInstance(algorithm, provider.getName()); 1412 assertEquals(algorithm, c3.getAlgorithm()); 1413 assertEquals(provider, c3.getProvider()); 1414 test_Cipher(c3); 1415 } 1416 1417 private void test_Cipher(Cipher c) throws Exception { 1418 String algorithm = c.getAlgorithm().toUpperCase(Locale.US); 1419 String providerName = c.getProvider().getName(); 1420 if (!isSupported(algorithm, providerName)) { 1421 return; 1422 } 1423 String cipherID = algorithm + ":" + providerName; 1424 1425 try { 1426 c.getOutputSize(0); 1427 fail(); 1428 } catch (IllegalStateException expected) { 1429 } 1430 1431 // TODO: test keys from different factories (e.g. OpenSSLRSAPrivateKey vs BCRSAPrivateKey) 1432 Key encryptKey = getEncryptKey(algorithm); 1433 1434 final AlgorithmParameterSpec encryptSpec = getEncryptAlgorithmParameterSpec(algorithm); 1435 int encryptMode = getEncryptMode(algorithm); 1436 1437 // Bouncycastle doesn't return a default PBEParameterSpec 1438 if (isPBE(algorithm) && !"BC".equals(providerName)) { 1439 assertNotNull(cipherID + " getParameters()", c.getParameters()); 1440 assertNotNull(c.getParameters().getParameterSpec(PBEParameterSpec.class)); 1441 } else { 1442 assertNull(cipherID + " getParameters()", c.getParameters()); 1443 } 1444 try { 1445 assertNull(cipherID + " getIV()", c.getIV()); 1446 } catch (NullPointerException e) { 1447 // Bouncycastle apparently has a bug here with AESWRAP, et al. 1448 if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) { 1449 throw e; 1450 } 1451 } 1452 1453 test_Cipher_init_NullParameters(c, encryptMode, encryptKey); 1454 1455 c.init(encryptMode, encryptKey, encryptSpec); 1456 assertEquals(cipherID + " getBlockSize() encryptMode", 1457 getExpectedBlockSize(algorithm, encryptMode, providerName), c.getBlockSize()); 1458 assertTrue(cipherID + " getOutputSize(0) encryptMode", 1459 getExpectedOutputSize(algorithm, encryptMode, providerName) <= c.getOutputSize(0)); 1460 if ((algorithm.endsWith("/PKCS5PADDING") || algorithm.endsWith("/PKCS7PADDING")) 1461 && isStreamMode(algorithm)) { 1462 assertEquals(getExpectedOutputSize(algorithm, encryptMode, providerName), 1463 c.doFinal(new byte[1]).length); 1464 } 1465 1466 if (isPBE(algorithm)) { 1467 if (algorithm.endsWith("RC4")) { 1468 assertNull(cipherID + " getIV()", c.getIV()); 1469 } else { 1470 assertNotNull(cipherID + " getIV()", c.getIV()); 1471 } 1472 } else if (encryptSpec instanceof IvParameterSpec) { 1473 assertEquals(cipherID + " getIV()", 1474 Arrays.toString(((IvParameterSpec) encryptSpec).getIV()), 1475 Arrays.toString(c.getIV())); 1476 } else if (encryptSpec instanceof GCMParameterSpec) { 1477 assertNotNull(c.getIV()); 1478 assertEquals(cipherID + " getIV()", 1479 Arrays.toString(((GCMParameterSpec) encryptSpec).getIV()), 1480 Arrays.toString(c.getIV())); 1481 } else { 1482 try { 1483 assertNull(cipherID + " getIV()", c.getIV()); 1484 } catch (NullPointerException e) { 1485 // Bouncycastle apparently has a bug here with AESWRAP, et al. 1486 if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) { 1487 throw e; 1488 } 1489 } 1490 } 1491 1492 AlgorithmParameters encParams = c.getParameters(); 1493 assertCorrectAlgorithmParameters(providerName, cipherID, encryptSpec, encParams); 1494 1495 final AlgorithmParameterSpec decryptSpec = getDecryptAlgorithmParameterSpec(encryptSpec, c); 1496 int decryptMode = getDecryptMode(algorithm); 1497 1498 Key decryptKey = getDecryptKey(algorithm); 1499 1500 test_Cipher_init_Decrypt_NullParameters(c, decryptMode, decryptKey, decryptSpec != null); 1501 1502 c.init(decryptMode, decryptKey, decryptSpec); 1503 assertEquals(cipherID + " getBlockSize() decryptMode", 1504 getExpectedBlockSize(algorithm, decryptMode, providerName), c.getBlockSize()); 1505 assertEquals(cipherID + " getOutputSize(0) decryptMode", 1506 getExpectedOutputSize(algorithm, decryptMode, providerName), c.getOutputSize(0)); 1507 1508 if (isPBE(algorithm)) { 1509 if (algorithm.endsWith("RC4")) { 1510 assertNull(cipherID + " getIV()", c.getIV()); 1511 } else { 1512 assertNotNull(cipherID + " getIV()", c.getIV()); 1513 } 1514 } else if (decryptSpec instanceof IvParameterSpec) { 1515 assertEquals(cipherID + " getIV()", 1516 Arrays.toString(((IvParameterSpec) decryptSpec).getIV()), 1517 Arrays.toString(c.getIV())); 1518 } else if (decryptSpec instanceof GCMParameterSpec) { 1519 assertNotNull(c.getIV()); 1520 assertEquals(cipherID + " getIV()", 1521 Arrays.toString(((GCMParameterSpec) decryptSpec).getIV()), 1522 Arrays.toString(c.getIV())); 1523 } else { 1524 try { 1525 assertNull(cipherID + " getIV()", c.getIV()); 1526 } catch (NullPointerException e) { 1527 // Bouncycastle apparently has a bug here with AESWRAP, et al. 1528 if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) { 1529 throw e; 1530 } 1531 } 1532 } 1533 1534 AlgorithmParameters decParams = c.getParameters(); 1535 assertCorrectAlgorithmParameters(providerName, cipherID, decryptSpec, decParams); 1536 1537 assertNull(cipherID, c.getExemptionMechanism()); 1538 1539 // Test wrapping a key. Every cipher should be able to wrap. Except those that can't. 1540 /* Bouncycastle is broken for wrapping because getIV() fails. */ 1541 if (isSupportedForWrapping(algorithm) && !providerName.equals("BC")) { 1542 // Generate a small SecretKey for AES. 1543 KeyGenerator kg = KeyGenerator.getInstance("AES"); 1544 kg.init(128); 1545 SecretKey sk = kg.generateKey(); 1546 1547 // Wrap it 1548 c.init(Cipher.WRAP_MODE, encryptKey, encryptSpec); 1549 byte[] cipherText = c.wrap(sk); 1550 1551 // Unwrap it 1552 c.init(Cipher.UNWRAP_MODE, decryptKey, decryptSpec); 1553 Key decryptedKey = c.unwrap(cipherText, sk.getAlgorithm(), Cipher.SECRET_KEY); 1554 1555 assertEquals(cipherID 1556 + " sk.getAlgorithm()=" + sk.getAlgorithm() 1557 + " decryptedKey.getAlgorithm()=" + decryptedKey.getAlgorithm() 1558 + " encryptKey.getEncoded()=" + Arrays.toString(sk.getEncoded()) 1559 + " decryptedKey.getEncoded()=" + Arrays.toString(decryptedKey.getEncoded()), 1560 sk, decryptedKey); 1561 } 1562 1563 if (!isOnlyWrappingAlgorithm(algorithm)) { 1564 c.init(Cipher.ENCRYPT_MODE, encryptKey, encryptSpec); 1565 if (isAEAD(algorithm)) { 1566 c.updateAAD(new byte[24]); 1567 } 1568 byte[] cipherText = c.doFinal(getActualPlainText(algorithm)); 1569 if (!isRandomizedEncryption(algorithm) && !isAEAD(algorithm)) { 1570 byte[] cipherText2 = c.doFinal(getActualPlainText(algorithm)); 1571 assertEquals(cipherID, Arrays.toString(cipherText), Arrays.toString(cipherText2)); 1572 } 1573 c.init(Cipher.DECRYPT_MODE, decryptKey, decryptSpec); 1574 if (isAEAD(algorithm)) { 1575 c.updateAAD(new byte[24]); 1576 } 1577 byte[] decryptedPlainText = c.doFinal(cipherText); 1578 assertEquals(cipherID, 1579 Arrays.toString(getExpectedPlainText(algorithm, providerName)), 1580 Arrays.toString(decryptedPlainText)); 1581 if (isAEAD(algorithm)) { 1582 c.updateAAD(new byte[24]); 1583 } 1584 byte[] decryptedPlainText2 = c.doFinal(cipherText); 1585 assertEquals(cipherID, 1586 Arrays.toString(decryptedPlainText), 1587 Arrays.toString(decryptedPlainText2)); 1588 } 1589 } 1590 1591 private void assertCorrectAlgorithmParameters(String providerName, String cipherID, 1592 final AlgorithmParameterSpec spec, AlgorithmParameters params) 1593 throws InvalidParameterSpecException, Exception { 1594 if (spec == null) { 1595 return; 1596 } 1597 1598 // Bouncycastle has a bug where PBE algorithms sometimes return null parameters. 1599 if ("BC".equals(providerName) && isPBE(cipherID) && params == null) { 1600 return; 1601 } 1602 1603 assertNotNull(cipherID + " getParameters() should not be null", params); 1604 1605 if (spec instanceof GCMParameterSpec) { 1606 GCMParameterSpec gcmDecryptSpec = (GCMParameterSpec) params 1607 .getParameterSpec(GCMParameterSpec.class); 1608 assertEquals(cipherID + " getIV()", Arrays.toString(((GCMParameterSpec) spec).getIV()), 1609 Arrays.toString(gcmDecryptSpec.getIV())); 1610 assertEquals(cipherID + " getTLen()", ((GCMParameterSpec) spec).getTLen(), 1611 gcmDecryptSpec.getTLen()); 1612 } else if (spec instanceof IvParameterSpec) { 1613 IvParameterSpec ivDecryptSpec = (IvParameterSpec) params 1614 .getParameterSpec(IvParameterSpec.class); 1615 assertEquals(cipherID + " getIV()", Arrays.toString(((IvParameterSpec) spec).getIV()), 1616 Arrays.toString(ivDecryptSpec.getIV())); 1617 } else if (spec instanceof PBEParameterSpec) { 1618 // Bouncycastle seems to be undecided about whether it returns this 1619 // or not 1620 if (!"BC".equals(providerName)) { 1621 assertNotNull(cipherID + " getParameters()", params); 1622 } 1623 } else if (spec instanceof OAEPParameterSpec) { 1624 assertOAEPParametersEqual((OAEPParameterSpec) spec, 1625 params.getParameterSpec(OAEPParameterSpec.class)); 1626 } else { 1627 fail("Unhandled algorithm specification class: " + spec.getClass().getName()); 1628 } 1629 } 1630 1631 private static void assertOAEPParametersEqual(OAEPParameterSpec expectedOaepSpec, 1632 OAEPParameterSpec actualOaepSpec) throws Exception { 1633 assertEquals(expectedOaepSpec.getDigestAlgorithm(), actualOaepSpec.getDigestAlgorithm()); 1634 1635 assertEquals(expectedOaepSpec.getMGFAlgorithm(), actualOaepSpec.getMGFAlgorithm()); 1636 if ("MGF1".equals(expectedOaepSpec.getMGFAlgorithm())) { 1637 MGF1ParameterSpec expectedMgf1Spec = (MGF1ParameterSpec) expectedOaepSpec 1638 .getMGFParameters(); 1639 MGF1ParameterSpec actualMgf1Spec = (MGF1ParameterSpec) actualOaepSpec 1640 .getMGFParameters(); 1641 assertEquals(expectedMgf1Spec.getDigestAlgorithm(), 1642 actualMgf1Spec.getDigestAlgorithm()); 1643 } else { 1644 fail("Unknown MGF algorithm: " + expectedOaepSpec.getMGFAlgorithm()); 1645 } 1646 1647 if (expectedOaepSpec.getPSource() instanceof PSource.PSpecified 1648 && actualOaepSpec.getPSource() instanceof PSource.PSpecified) { 1649 assertEquals( 1650 Arrays.toString( 1651 ((PSource.PSpecified) expectedOaepSpec.getPSource()).getValue()), 1652 Arrays.toString( 1653 (((PSource.PSpecified) actualOaepSpec.getPSource()).getValue()))); 1654 } else { 1655 fail("Unknown PSource type"); 1656 } 1657 } 1658 1659 /** 1660 * Try various .init(...) calls with null parameters to make sure it is 1661 * handled. 1662 */ 1663 private void test_Cipher_init_NullParameters(Cipher c, int encryptMode, Key encryptKey) 1664 throws Exception { 1665 try { 1666 c.init(encryptMode, encryptKey, (AlgorithmParameterSpec) null); 1667 } catch (InvalidAlgorithmParameterException e) { 1668 if (!isPBE(c.getAlgorithm())) { 1669 throw e; 1670 } 1671 } 1672 1673 try { 1674 c.init(encryptMode, encryptKey, (AlgorithmParameterSpec) null, (SecureRandom) null); 1675 } catch (InvalidAlgorithmParameterException e) { 1676 if (!isPBE(c.getAlgorithm())) { 1677 throw e; 1678 } 1679 } 1680 1681 try { 1682 c.init(encryptMode, encryptKey, (AlgorithmParameters) null); 1683 } catch (InvalidAlgorithmParameterException e) { 1684 if (!isPBE(c.getAlgorithm())) { 1685 throw e; 1686 } 1687 } 1688 1689 try { 1690 c.init(encryptMode, encryptKey, (AlgorithmParameters) null, (SecureRandom) null); 1691 } catch (InvalidAlgorithmParameterException e) { 1692 if (!isPBE(c.getAlgorithm())) { 1693 throw e; 1694 } 1695 } 1696 } 1697 1698 private void test_Cipher_init_Decrypt_NullParameters(Cipher c, int decryptMode, Key encryptKey, 1699 boolean needsParameters) throws Exception { 1700 try { 1701 c.init(decryptMode, encryptKey, (AlgorithmParameterSpec) null); 1702 if (needsParameters) { 1703 fail("Should throw InvalidAlgorithmParameterException with null parameters"); 1704 } 1705 } catch (InvalidAlgorithmParameterException e) { 1706 if (!needsParameters) { 1707 throw e; 1708 } 1709 } 1710 1711 try { 1712 c.init(decryptMode, encryptKey, (AlgorithmParameterSpec) null, (SecureRandom) null); 1713 if (needsParameters) { 1714 fail("Should throw InvalidAlgorithmParameterException with null parameters"); 1715 } 1716 } catch (InvalidAlgorithmParameterException e) { 1717 if (!needsParameters) { 1718 throw e; 1719 } 1720 } 1721 1722 try { 1723 c.init(decryptMode, encryptKey, (AlgorithmParameters) null); 1724 if (needsParameters) { 1725 fail("Should throw InvalidAlgorithmParameterException with null parameters"); 1726 } 1727 } catch (InvalidAlgorithmParameterException e) { 1728 if (!needsParameters) { 1729 throw e; 1730 } 1731 } 1732 1733 try { 1734 c.init(decryptMode, encryptKey, (AlgorithmParameters) null, (SecureRandom) null); 1735 if (needsParameters) { 1736 fail("Should throw InvalidAlgorithmParameterException with null parameters"); 1737 } 1738 } catch (InvalidAlgorithmParameterException e) { 1739 if (!needsParameters) { 1740 throw e; 1741 } 1742 } 1743 } 1744 1745 public void testInputPKCS1Padding() throws Exception { 1746 for (String provider : RSA_PROVIDERS) { 1747 testInputPKCS1Padding(provider); 1748 } 1749 } 1750 1751 private void testInputPKCS1Padding(String provider) throws Exception { 1752 // Type 1 is for signatures (PrivateKey to "encrypt") 1753 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT, getDecryptKey("RSA"), getEncryptKey("RSA")); 1754 try { 1755 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT, getDecryptKey("RSA"), getEncryptKey("RSA")); 1756 fail(); 1757 } catch (BadPaddingException expected) { 1758 } 1759 1760 // Type 2 is for enciphering (PublicKey to "encrypt") 1761 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT, getEncryptKey("RSA"), getDecryptKey("RSA")); 1762 try { 1763 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT, getEncryptKey("RSA"), getDecryptKey("RSA")); 1764 fail(); 1765 } catch (BadPaddingException expected) { 1766 } 1767 } 1768 1769 private void testInputPKCS1Padding(String provider, byte[] prePaddedPlainText, Key encryptKey, Key decryptKey) throws Exception { 1770 Cipher encryptCipher = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1771 encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey); 1772 byte[] cipherText = encryptCipher.doFinal(prePaddedPlainText); 1773 encryptCipher.update(prePaddedPlainText); 1774 encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey); 1775 byte[] cipherText2 = encryptCipher.doFinal(prePaddedPlainText); 1776 assertEquals(Arrays.toString(cipherText), 1777 Arrays.toString(cipherText2)); 1778 1779 Cipher decryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider); 1780 decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey); 1781 byte[] plainText = decryptCipher.doFinal(cipherText); 1782 assertEquals(Arrays.toString(ORIGINAL_PLAIN_TEXT), 1783 Arrays.toString(plainText)); 1784 decryptCipher.update(prePaddedPlainText); 1785 decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey); 1786 byte[] plainText2 = decryptCipher.doFinal(cipherText); 1787 assertEquals(Arrays.toString(plainText), 1788 Arrays.toString(plainText2)); 1789 } 1790 1791 public void testOutputPKCS1Padding() throws Exception { 1792 for (String provider : RSA_PROVIDERS) { 1793 testOutputPKCS1Padding(provider); 1794 } 1795 } 1796 1797 private void testOutputPKCS1Padding(String provider) throws Exception { 1798 // Type 1 is for signatures (PrivateKey to "encrypt") 1799 testOutputPKCS1Padding(provider, (byte) 1, getDecryptKey("RSA"), getEncryptKey("RSA")); 1800 // Type 2 is for enciphering (PublicKey to "encrypt") 1801 testOutputPKCS1Padding(provider, (byte) 2, getEncryptKey("RSA"), getDecryptKey("RSA")); 1802 } 1803 1804 private void testOutputPKCS1Padding(String provider, byte expectedBlockType, Key encryptKey, Key decryptKey) throws Exception { 1805 Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider); 1806 encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey); 1807 byte[] cipherText = encryptCipher.doFinal(ORIGINAL_PLAIN_TEXT); 1808 Cipher decryptCipher = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1809 decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey); 1810 byte[] plainText = decryptCipher.doFinal(cipherText); 1811 assertPadding(provider, expectedBlockType, ORIGINAL_PLAIN_TEXT, plainText); 1812 } 1813 1814 private void assertPadding(String provider, byte expectedBlockType, byte[] expectedData, byte[] actualDataWithPadding) { 1815 assertNotNull(provider, actualDataWithPadding); 1816 int expectedOutputSize = getExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, provider); 1817 assertEquals(provider, expectedOutputSize, actualDataWithPadding.length); 1818 int expectedBlockTypeOffset; 1819 if (provider.equals("BC")) { 1820 // BC strips the leading 0 for us on decrypt even when NoPadding is specified... 1821 expectedBlockTypeOffset = 0; 1822 } else { 1823 expectedBlockTypeOffset = 1; 1824 assertEquals(provider, 0, actualDataWithPadding[0]); 1825 } 1826 byte actualBlockType = actualDataWithPadding[expectedBlockTypeOffset]; 1827 assertEquals(provider, expectedBlockType, actualBlockType); 1828 int actualDataOffset = actualDataWithPadding.length - expectedData.length; 1829 if (actualBlockType == 1) { 1830 int expectedDataOffset = expectedBlockTypeOffset + 1; 1831 for (int i = expectedDataOffset; i < actualDataOffset - 1; i++) { 1832 assertEquals(provider, (byte) 0xFF, actualDataWithPadding[i]); 1833 } 1834 } 1835 assertEquals(provider, 0x00, actualDataWithPadding[actualDataOffset-1]); 1836 byte[] actualData = new byte[expectedData.length]; 1837 System.arraycopy(actualDataWithPadding, actualDataOffset, actualData, 0, actualData.length); 1838 assertEquals(provider, Arrays.toString(expectedData), Arrays.toString(actualData)); 1839 } 1840 1841 public void testCipherInitWithCertificate () throws Exception { 1842 // no key usage specified, everything is fine 1843 assertCipherInitWithKeyUsage(0, true, true, true, true); 1844 1845 // common case is that encrypt/wrap is prohibited when special usage is specified 1846 assertCipherInitWithKeyUsage(KeyUsage.digitalSignature, false, true, false, true); 1847 assertCipherInitWithKeyUsage(KeyUsage.nonRepudiation, false, true, false, true); 1848 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement, false, true, false, true); 1849 assertCipherInitWithKeyUsage(KeyUsage.keyCertSign, false, true, false, true); 1850 assertCipherInitWithKeyUsage(KeyUsage.cRLSign, false, true, false, true); 1851 1852 // Note they encipherOnly/decipherOnly don't have to do with 1853 // ENCRYPT_MODE or DECRYPT_MODE, but restrict usage relative 1854 // to keyAgreement. There is not a *_MODE option that 1855 // corresponds to this in Cipher, the RI does not enforce 1856 // anything in Cipher. 1857 // http://code.google.com/p/android/issues/detail?id=12955 1858 assertCipherInitWithKeyUsage(KeyUsage.encipherOnly, false, true, false, true); 1859 assertCipherInitWithKeyUsage(KeyUsage.decipherOnly, false, true, false, true); 1860 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement | KeyUsage.encipherOnly, 1861 false, true, false, true); 1862 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement | KeyUsage.decipherOnly, 1863 false, true, false, true); 1864 1865 // except when wrapping a key is specifically allowed or 1866 assertCipherInitWithKeyUsage(KeyUsage.keyEncipherment, false, true, true, true); 1867 // except when wrapping data encryption is specifically allowed 1868 assertCipherInitWithKeyUsage(KeyUsage.dataEncipherment, true, true, false, true); 1869 } 1870 1871 private void assertCipherInitWithKeyUsage (int keyUsage, 1872 boolean allowEncrypt, 1873 boolean allowDecrypt, 1874 boolean allowWrap, 1875 boolean allowUnwrap) throws Exception { 1876 Certificate certificate = certificateWithKeyUsage(keyUsage); 1877 assertCipherInitWithKeyUsage(certificate, allowEncrypt, Cipher.ENCRYPT_MODE); 1878 assertCipherInitWithKeyUsage(certificate, allowDecrypt, Cipher.DECRYPT_MODE); 1879 assertCipherInitWithKeyUsage(certificate, allowWrap, Cipher.WRAP_MODE); 1880 assertCipherInitWithKeyUsage(certificate, allowUnwrap, Cipher.UNWRAP_MODE); 1881 } 1882 1883 private void assertCipherInitWithKeyUsage(Certificate certificate, 1884 boolean allowMode, 1885 int mode) throws Exception { 1886 Cipher cipher = Cipher.getInstance("RSA"); 1887 if (allowMode) { 1888 cipher.init(mode, certificate); 1889 } else { 1890 try { 1891 cipher.init(mode, certificate); 1892 String modeString; 1893 switch (mode) { 1894 case Cipher.ENCRYPT_MODE: 1895 modeString = "ENCRYPT_MODE"; 1896 break; 1897 case Cipher.DECRYPT_MODE: 1898 modeString = "DECRYPT_MODE"; 1899 break; 1900 case Cipher.WRAP_MODE: 1901 modeString = "WRAP_MODE"; 1902 break; 1903 case Cipher.UNWRAP_MODE: 1904 modeString = "UNWRAP_MODE"; 1905 break; 1906 default: 1907 throw new AssertionError("Unknown Cipher.*_MODE " + mode); 1908 } 1909 fail("Should have had InvalidKeyException for " + modeString 1910 + " for " + certificate); 1911 } catch (InvalidKeyException expected) { 1912 } 1913 } 1914 } 1915 1916 private Certificate certificateWithKeyUsage(int keyUsage) throws Exception { 1917 // note the rare usage of non-zero keyUsage 1918 return new TestKeyStore.Builder() 1919 .aliasPrefix("rsa-dsa-ec") 1920 .keyUsage(keyUsage) 1921 .build() 1922 .getPrivateKey("RSA", "RSA").getCertificate(); 1923 } 1924 1925 /* 1926 * Test vectors generated with this private key: 1927 * 1928 * -----BEGIN RSA PRIVATE KEY----- 1929 * MIIEpAIBAAKCAQEA4Ec+irjyKE/rnnQv+XSPoRjtmGM8kvUq63ouvg075gMpvnZq 1930 * 0Q62pRXQ0s/ZvqeTDwwwZTeJn3lYzT6FsB+IGFJNMSWEqUslHjYltUFB7b/uGYgI 1931 * 4buX/Hy0m56qr2jpyY19DtxTu8D6ADQ1bWMF+7zDxwAUBThqu8hzyw8+90JfPTPf 1932 * ezFa4DbSoLZq/UdQOxab8247UWJRW3Ff2oPeryxYrrmr+zCXw8yd2dvl7ylsF2E5 1933 * Ao6KZx5jBW1F9AGI0sQTNJCEXeUsJTTpxrJHjAe9rpKII7YtBmx3cPn2Pz26JH9T 1934 * CER0e+eqqF2FO4vSRKzsPePImrRkU6tNJMOsaQIDAQABAoIBADd4R3al8XaY9ayW 1935 * DfuDobZ1ZOZIvQWXz4q4CHGG8macJ6nsvdSA8Bl6gNBzCebGqW+SUzHlf4tKxvTU 1936 * XtpFojJpwJ/EKMB6Tm7fc4oV3sl/q9Lyu0ehTyDqcvz+TDbgGtp3vRN82NTaELsW 1937 * LpSkZilx8XX5hfoYjwVsuX7igW9Dq503R2Ekhs2owWGWwwgYqZXshdOEZ3kSZ7O/ 1938 * IfJzcQppJYYldoQcW2cSwS1L0govMpmtt8E12l6VFavadufK8qO+gFUdBzt4vxFi 1939 * xIrSt/R0OgI47k0lL31efmUzzK5kzLOTYAdaL9HgNOw65c6cQIzL8OJeQRQCFoez 1940 * 3UdUroECgYEA9UGIS8Nzeyki1BGe9F4t7izUy7dfRVBaFXqlAJ+Zxzot8HJKxGAk 1941 * MGMy6omBd2NFRl3G3x4KbxQK/ztzluaomUrF2qloc0cv43dJ0U6z4HXmKdvrNYMz 1942 * im82SdCiZUp6Qv2atr+krE1IHTkLsimwZL3DEcwb4bYxidp8QM3s8rECgYEA6hp0 1943 * LduIHO23KIyH442GjdekCdFaQ/RF1Td6C1cx3b/KLa8oqOE81cCvzsM0fXSjniNa 1944 * PNljPydN4rlPkt9DgzkR2enxz1jyfeLgj/RZZMcg0+whOdx8r8kSlTzeyy81Wi4s 1945 * NaUPrXVMs7IxZkJLo7bjESoriYw4xcFe2yOGkzkCgYBRgo8exv2ZYCmQG68dfjN7 1946 * pfCvJ+mE6tiVrOYr199O5FoiQInyzBUa880XP84EdLywTzhqLNzA4ANrokGfVFeS 1947 * YtRxAL6TGYSj76Bb7PFBV03AebOpXEqD5sQ/MhTW3zLVEt4ZgIXlMeYWuD/X3Z0f 1948 * TiYHwzM9B8VdEH0dOJNYcQKBgQDbT7UPUN6O21P/NMgJMYigUShn2izKBIl3WeWH 1949 * wkQBDa+GZNWegIPRbBZHiTAfZ6nweAYNg0oq29NnV1toqKhCwrAqibPzH8zsiiL+ 1950 * OVeVxcbHQitOXXSh6ajzDndZufwtY5wfFWc+hOk6XvFQb0MVODw41Fy9GxQEj0ch 1951 * 3IIyYQKBgQDYEUWTr0FfthLb8ZI3ENVNB0hiBadqO0MZSWjA3/HxHvD2GkozfV/T 1952 * dBu8lkDkR7i2tsR8OsEgQ1fTsMVbqShr2nP2KSlvX6kUbYl2NX08dR51FIaWpAt0 1953 * aFyCzjCQLWOdck/yTV4ulAfuNO3tLjtN9lqpvP623yjQe6aQPxZXaA== 1954 * -----END RSA PRIVATE KEY----- 1955 * 1956 */ 1957 1958 private static final BigInteger RSA_2048_modulus = new BigInteger(new byte[] { 1959 (byte) 0x00, (byte) 0xe0, (byte) 0x47, (byte) 0x3e, (byte) 0x8a, (byte) 0xb8, (byte) 0xf2, (byte) 0x28, 1960 (byte) 0x4f, (byte) 0xeb, (byte) 0x9e, (byte) 0x74, (byte) 0x2f, (byte) 0xf9, (byte) 0x74, (byte) 0x8f, 1961 (byte) 0xa1, (byte) 0x18, (byte) 0xed, (byte) 0x98, (byte) 0x63, (byte) 0x3c, (byte) 0x92, (byte) 0xf5, 1962 (byte) 0x2a, (byte) 0xeb, (byte) 0x7a, (byte) 0x2e, (byte) 0xbe, (byte) 0x0d, (byte) 0x3b, (byte) 0xe6, 1963 (byte) 0x03, (byte) 0x29, (byte) 0xbe, (byte) 0x76, (byte) 0x6a, (byte) 0xd1, (byte) 0x0e, (byte) 0xb6, 1964 (byte) 0xa5, (byte) 0x15, (byte) 0xd0, (byte) 0xd2, (byte) 0xcf, (byte) 0xd9, (byte) 0xbe, (byte) 0xa7, 1965 (byte) 0x93, (byte) 0x0f, (byte) 0x0c, (byte) 0x30, (byte) 0x65, (byte) 0x37, (byte) 0x89, (byte) 0x9f, 1966 (byte) 0x79, (byte) 0x58, (byte) 0xcd, (byte) 0x3e, (byte) 0x85, (byte) 0xb0, (byte) 0x1f, (byte) 0x88, 1967 (byte) 0x18, (byte) 0x52, (byte) 0x4d, (byte) 0x31, (byte) 0x25, (byte) 0x84, (byte) 0xa9, (byte) 0x4b, 1968 (byte) 0x25, (byte) 0x1e, (byte) 0x36, (byte) 0x25, (byte) 0xb5, (byte) 0x41, (byte) 0x41, (byte) 0xed, 1969 (byte) 0xbf, (byte) 0xee, (byte) 0x19, (byte) 0x88, (byte) 0x08, (byte) 0xe1, (byte) 0xbb, (byte) 0x97, 1970 (byte) 0xfc, (byte) 0x7c, (byte) 0xb4, (byte) 0x9b, (byte) 0x9e, (byte) 0xaa, (byte) 0xaf, (byte) 0x68, 1971 (byte) 0xe9, (byte) 0xc9, (byte) 0x8d, (byte) 0x7d, (byte) 0x0e, (byte) 0xdc, (byte) 0x53, (byte) 0xbb, 1972 (byte) 0xc0, (byte) 0xfa, (byte) 0x00, (byte) 0x34, (byte) 0x35, (byte) 0x6d, (byte) 0x63, (byte) 0x05, 1973 (byte) 0xfb, (byte) 0xbc, (byte) 0xc3, (byte) 0xc7, (byte) 0x00, (byte) 0x14, (byte) 0x05, (byte) 0x38, 1974 (byte) 0x6a, (byte) 0xbb, (byte) 0xc8, (byte) 0x73, (byte) 0xcb, (byte) 0x0f, (byte) 0x3e, (byte) 0xf7, 1975 (byte) 0x42, (byte) 0x5f, (byte) 0x3d, (byte) 0x33, (byte) 0xdf, (byte) 0x7b, (byte) 0x31, (byte) 0x5a, 1976 (byte) 0xe0, (byte) 0x36, (byte) 0xd2, (byte) 0xa0, (byte) 0xb6, (byte) 0x6a, (byte) 0xfd, (byte) 0x47, 1977 (byte) 0x50, (byte) 0x3b, (byte) 0x16, (byte) 0x9b, (byte) 0xf3, (byte) 0x6e, (byte) 0x3b, (byte) 0x51, 1978 (byte) 0x62, (byte) 0x51, (byte) 0x5b, (byte) 0x71, (byte) 0x5f, (byte) 0xda, (byte) 0x83, (byte) 0xde, 1979 (byte) 0xaf, (byte) 0x2c, (byte) 0x58, (byte) 0xae, (byte) 0xb9, (byte) 0xab, (byte) 0xfb, (byte) 0x30, 1980 (byte) 0x97, (byte) 0xc3, (byte) 0xcc, (byte) 0x9d, (byte) 0xd9, (byte) 0xdb, (byte) 0xe5, (byte) 0xef, 1981 (byte) 0x29, (byte) 0x6c, (byte) 0x17, (byte) 0x61, (byte) 0x39, (byte) 0x02, (byte) 0x8e, (byte) 0x8a, 1982 (byte) 0x67, (byte) 0x1e, (byte) 0x63, (byte) 0x05, (byte) 0x6d, (byte) 0x45, (byte) 0xf4, (byte) 0x01, 1983 (byte) 0x88, (byte) 0xd2, (byte) 0xc4, (byte) 0x13, (byte) 0x34, (byte) 0x90, (byte) 0x84, (byte) 0x5d, 1984 (byte) 0xe5, (byte) 0x2c, (byte) 0x25, (byte) 0x34, (byte) 0xe9, (byte) 0xc6, (byte) 0xb2, (byte) 0x47, 1985 (byte) 0x8c, (byte) 0x07, (byte) 0xbd, (byte) 0xae, (byte) 0x92, (byte) 0x88, (byte) 0x23, (byte) 0xb6, 1986 (byte) 0x2d, (byte) 0x06, (byte) 0x6c, (byte) 0x77, (byte) 0x70, (byte) 0xf9, (byte) 0xf6, (byte) 0x3f, 1987 (byte) 0x3d, (byte) 0xba, (byte) 0x24, (byte) 0x7f, (byte) 0x53, (byte) 0x08, (byte) 0x44, (byte) 0x74, 1988 (byte) 0x7b, (byte) 0xe7, (byte) 0xaa, (byte) 0xa8, (byte) 0x5d, (byte) 0x85, (byte) 0x3b, (byte) 0x8b, 1989 (byte) 0xd2, (byte) 0x44, (byte) 0xac, (byte) 0xec, (byte) 0x3d, (byte) 0xe3, (byte) 0xc8, (byte) 0x9a, 1990 (byte) 0xb4, (byte) 0x64, (byte) 0x53, (byte) 0xab, (byte) 0x4d, (byte) 0x24, (byte) 0xc3, (byte) 0xac, 1991 (byte) 0x69, 1992 }); 1993 1994 private static final BigInteger RSA_2048_privateExponent = new BigInteger(new byte[] { 1995 (byte) 0x37, (byte) 0x78, (byte) 0x47, (byte) 0x76, (byte) 0xa5, (byte) 0xf1, (byte) 0x76, (byte) 0x98, 1996 (byte) 0xf5, (byte) 0xac, (byte) 0x96, (byte) 0x0d, (byte) 0xfb, (byte) 0x83, (byte) 0xa1, (byte) 0xb6, 1997 (byte) 0x75, (byte) 0x64, (byte) 0xe6, (byte) 0x48, (byte) 0xbd, (byte) 0x05, (byte) 0x97, (byte) 0xcf, 1998 (byte) 0x8a, (byte) 0xb8, (byte) 0x08, (byte) 0x71, (byte) 0x86, (byte) 0xf2, (byte) 0x66, (byte) 0x9c, 1999 (byte) 0x27, (byte) 0xa9, (byte) 0xec, (byte) 0xbd, (byte) 0xd4, (byte) 0x80, (byte) 0xf0, (byte) 0x19, 2000 (byte) 0x7a, (byte) 0x80, (byte) 0xd0, (byte) 0x73, (byte) 0x09, (byte) 0xe6, (byte) 0xc6, (byte) 0xa9, 2001 (byte) 0x6f, (byte) 0x92, (byte) 0x53, (byte) 0x31, (byte) 0xe5, (byte) 0x7f, (byte) 0x8b, (byte) 0x4a, 2002 (byte) 0xc6, (byte) 0xf4, (byte) 0xd4, (byte) 0x5e, (byte) 0xda, (byte) 0x45, (byte) 0xa2, (byte) 0x32, 2003 (byte) 0x69, (byte) 0xc0, (byte) 0x9f, (byte) 0xc4, (byte) 0x28, (byte) 0xc0, (byte) 0x7a, (byte) 0x4e, 2004 (byte) 0x6e, (byte) 0xdf, (byte) 0x73, (byte) 0x8a, (byte) 0x15, (byte) 0xde, (byte) 0xc9, (byte) 0x7f, 2005 (byte) 0xab, (byte) 0xd2, (byte) 0xf2, (byte) 0xbb, (byte) 0x47, (byte) 0xa1, (byte) 0x4f, (byte) 0x20, 2006 (byte) 0xea, (byte) 0x72, (byte) 0xfc, (byte) 0xfe, (byte) 0x4c, (byte) 0x36, (byte) 0xe0, (byte) 0x1a, 2007 (byte) 0xda, (byte) 0x77, (byte) 0xbd, (byte) 0x13, (byte) 0x7c, (byte) 0xd8, (byte) 0xd4, (byte) 0xda, 2008 (byte) 0x10, (byte) 0xbb, (byte) 0x16, (byte) 0x2e, (byte) 0x94, (byte) 0xa4, (byte) 0x66, (byte) 0x29, 2009 (byte) 0x71, (byte) 0xf1, (byte) 0x75, (byte) 0xf9, (byte) 0x85, (byte) 0xfa, (byte) 0x18, (byte) 0x8f, 2010 (byte) 0x05, (byte) 0x6c, (byte) 0xb9, (byte) 0x7e, (byte) 0xe2, (byte) 0x81, (byte) 0x6f, (byte) 0x43, 2011 (byte) 0xab, (byte) 0x9d, (byte) 0x37, (byte) 0x47, (byte) 0x61, (byte) 0x24, (byte) 0x86, (byte) 0xcd, 2012 (byte) 0xa8, (byte) 0xc1, (byte) 0x61, (byte) 0x96, (byte) 0xc3, (byte) 0x08, (byte) 0x18, (byte) 0xa9, 2013 (byte) 0x95, (byte) 0xec, (byte) 0x85, (byte) 0xd3, (byte) 0x84, (byte) 0x67, (byte) 0x79, (byte) 0x12, 2014 (byte) 0x67, (byte) 0xb3, (byte) 0xbf, (byte) 0x21, (byte) 0xf2, (byte) 0x73, (byte) 0x71, (byte) 0x0a, 2015 (byte) 0x69, (byte) 0x25, (byte) 0x86, (byte) 0x25, (byte) 0x76, (byte) 0x84, (byte) 0x1c, (byte) 0x5b, 2016 (byte) 0x67, (byte) 0x12, (byte) 0xc1, (byte) 0x2d, (byte) 0x4b, (byte) 0xd2, (byte) 0x0a, (byte) 0x2f, 2017 (byte) 0x32, (byte) 0x99, (byte) 0xad, (byte) 0xb7, (byte) 0xc1, (byte) 0x35, (byte) 0xda, (byte) 0x5e, 2018 (byte) 0x95, (byte) 0x15, (byte) 0xab, (byte) 0xda, (byte) 0x76, (byte) 0xe7, (byte) 0xca, (byte) 0xf2, 2019 (byte) 0xa3, (byte) 0xbe, (byte) 0x80, (byte) 0x55, (byte) 0x1d, (byte) 0x07, (byte) 0x3b, (byte) 0x78, 2020 (byte) 0xbf, (byte) 0x11, (byte) 0x62, (byte) 0xc4, (byte) 0x8a, (byte) 0xd2, (byte) 0xb7, (byte) 0xf4, 2021 (byte) 0x74, (byte) 0x3a, (byte) 0x02, (byte) 0x38, (byte) 0xee, (byte) 0x4d, (byte) 0x25, (byte) 0x2f, 2022 (byte) 0x7d, (byte) 0x5e, (byte) 0x7e, (byte) 0x65, (byte) 0x33, (byte) 0xcc, (byte) 0xae, (byte) 0x64, 2023 (byte) 0xcc, (byte) 0xb3, (byte) 0x93, (byte) 0x60, (byte) 0x07, (byte) 0x5a, (byte) 0x2f, (byte) 0xd1, 2024 (byte) 0xe0, (byte) 0x34, (byte) 0xec, (byte) 0x3a, (byte) 0xe5, (byte) 0xce, (byte) 0x9c, (byte) 0x40, 2025 (byte) 0x8c, (byte) 0xcb, (byte) 0xf0, (byte) 0xe2, (byte) 0x5e, (byte) 0x41, (byte) 0x14, (byte) 0x02, 2026 (byte) 0x16, (byte) 0x87, (byte) 0xb3, (byte) 0xdd, (byte) 0x47, (byte) 0x54, (byte) 0xae, (byte) 0x81, 2027 }); 2028 2029 private static final BigInteger RSA_2048_publicExponent = new BigInteger(new byte[] { 2030 (byte) 0x01, (byte) 0x00, (byte) 0x01, 2031 }); 2032 2033 private static final BigInteger RSA_2048_primeP = new BigInteger(new byte[] { 2034 (byte) 0x00, (byte) 0xf5, (byte) 0x41, (byte) 0x88, (byte) 0x4b, (byte) 0xc3, (byte) 0x73, (byte) 0x7b, 2035 (byte) 0x29, (byte) 0x22, (byte) 0xd4, (byte) 0x11, (byte) 0x9e, (byte) 0xf4, (byte) 0x5e, (byte) 0x2d, 2036 (byte) 0xee, (byte) 0x2c, (byte) 0xd4, (byte) 0xcb, (byte) 0xb7, (byte) 0x5f, (byte) 0x45, (byte) 0x50, 2037 (byte) 0x5a, (byte) 0x15, (byte) 0x7a, (byte) 0xa5, (byte) 0x00, (byte) 0x9f, (byte) 0x99, (byte) 0xc7, 2038 (byte) 0x3a, (byte) 0x2d, (byte) 0xf0, (byte) 0x72, (byte) 0x4a, (byte) 0xc4, (byte) 0x60, (byte) 0x24, 2039 (byte) 0x30, (byte) 0x63, (byte) 0x32, (byte) 0xea, (byte) 0x89, (byte) 0x81, (byte) 0x77, (byte) 0x63, 2040 (byte) 0x45, (byte) 0x46, (byte) 0x5d, (byte) 0xc6, (byte) 0xdf, (byte) 0x1e, (byte) 0x0a, (byte) 0x6f, 2041 (byte) 0x14, (byte) 0x0a, (byte) 0xff, (byte) 0x3b, (byte) 0x73, (byte) 0x96, (byte) 0xe6, (byte) 0xa8, 2042 (byte) 0x99, (byte) 0x4a, (byte) 0xc5, (byte) 0xda, (byte) 0xa9, (byte) 0x68, (byte) 0x73, (byte) 0x47, 2043 (byte) 0x2f, (byte) 0xe3, (byte) 0x77, (byte) 0x49, (byte) 0xd1, (byte) 0x4e, (byte) 0xb3, (byte) 0xe0, 2044 (byte) 0x75, (byte) 0xe6, (byte) 0x29, (byte) 0xdb, (byte) 0xeb, (byte) 0x35, (byte) 0x83, (byte) 0x33, 2045 (byte) 0x8a, (byte) 0x6f, (byte) 0x36, (byte) 0x49, (byte) 0xd0, (byte) 0xa2, (byte) 0x65, (byte) 0x4a, 2046 (byte) 0x7a, (byte) 0x42, (byte) 0xfd, (byte) 0x9a, (byte) 0xb6, (byte) 0xbf, (byte) 0xa4, (byte) 0xac, 2047 (byte) 0x4d, (byte) 0x48, (byte) 0x1d, (byte) 0x39, (byte) 0x0b, (byte) 0xb2, (byte) 0x29, (byte) 0xb0, 2048 (byte) 0x64, (byte) 0xbd, (byte) 0xc3, (byte) 0x11, (byte) 0xcc, (byte) 0x1b, (byte) 0xe1, (byte) 0xb6, 2049 (byte) 0x31, (byte) 0x89, (byte) 0xda, (byte) 0x7c, (byte) 0x40, (byte) 0xcd, (byte) 0xec, (byte) 0xf2, 2050 (byte) 0xb1, 2051 }); 2052 2053 private static final BigInteger RSA_2048_primeQ = new BigInteger(new byte[] { 2054 (byte) 0x00, (byte) 0xea, (byte) 0x1a, (byte) 0x74, (byte) 0x2d, (byte) 0xdb, (byte) 0x88, (byte) 0x1c, 2055 (byte) 0xed, (byte) 0xb7, (byte) 0x28, (byte) 0x8c, (byte) 0x87, (byte) 0xe3, (byte) 0x8d, (byte) 0x86, 2056 (byte) 0x8d, (byte) 0xd7, (byte) 0xa4, (byte) 0x09, (byte) 0xd1, (byte) 0x5a, (byte) 0x43, (byte) 0xf4, 2057 (byte) 0x45, (byte) 0xd5, (byte) 0x37, (byte) 0x7a, (byte) 0x0b, (byte) 0x57, (byte) 0x31, (byte) 0xdd, 2058 (byte) 0xbf, (byte) 0xca, (byte) 0x2d, (byte) 0xaf, (byte) 0x28, (byte) 0xa8, (byte) 0xe1, (byte) 0x3c, 2059 (byte) 0xd5, (byte) 0xc0, (byte) 0xaf, (byte) 0xce, (byte) 0xc3, (byte) 0x34, (byte) 0x7d, (byte) 0x74, 2060 (byte) 0xa3, (byte) 0x9e, (byte) 0x23, (byte) 0x5a, (byte) 0x3c, (byte) 0xd9, (byte) 0x63, (byte) 0x3f, 2061 (byte) 0x27, (byte) 0x4d, (byte) 0xe2, (byte) 0xb9, (byte) 0x4f, (byte) 0x92, (byte) 0xdf, (byte) 0x43, 2062 (byte) 0x83, (byte) 0x39, (byte) 0x11, (byte) 0xd9, (byte) 0xe9, (byte) 0xf1, (byte) 0xcf, (byte) 0x58, 2063 (byte) 0xf2, (byte) 0x7d, (byte) 0xe2, (byte) 0xe0, (byte) 0x8f, (byte) 0xf4, (byte) 0x59, (byte) 0x64, 2064 (byte) 0xc7, (byte) 0x20, (byte) 0xd3, (byte) 0xec, (byte) 0x21, (byte) 0x39, (byte) 0xdc, (byte) 0x7c, 2065 (byte) 0xaf, (byte) 0xc9, (byte) 0x12, (byte) 0x95, (byte) 0x3c, (byte) 0xde, (byte) 0xcb, (byte) 0x2f, 2066 (byte) 0x35, (byte) 0x5a, (byte) 0x2e, (byte) 0x2c, (byte) 0x35, (byte) 0xa5, (byte) 0x0f, (byte) 0xad, 2067 (byte) 0x75, (byte) 0x4c, (byte) 0xb3, (byte) 0xb2, (byte) 0x31, (byte) 0x66, (byte) 0x42, (byte) 0x4b, 2068 (byte) 0xa3, (byte) 0xb6, (byte) 0xe3, (byte) 0x11, (byte) 0x2a, (byte) 0x2b, (byte) 0x89, (byte) 0x8c, 2069 (byte) 0x38, (byte) 0xc5, (byte) 0xc1, (byte) 0x5e, (byte) 0xdb, (byte) 0x23, (byte) 0x86, (byte) 0x93, 2070 (byte) 0x39, 2071 }); 2072 2073 private static final BigInteger RSA_2048_primeExponentP = new BigInteger(1, new byte[] { 2074 (byte) 0x51, (byte) 0x82, (byte) 0x8F, (byte) 0x1E, (byte) 0xC6, (byte) 0xFD, (byte) 0x99, (byte) 0x60, 2075 (byte) 0x29, (byte) 0x90, (byte) 0x1B, (byte) 0xAF, (byte) 0x1D, (byte) 0x7E, (byte) 0x33, (byte) 0x7B, 2076 (byte) 0xA5, (byte) 0xF0, (byte) 0xAF, (byte) 0x27, (byte) 0xE9, (byte) 0x84, (byte) 0xEA, (byte) 0xD8, 2077 (byte) 0x95, (byte) 0xAC, (byte) 0xE6, (byte) 0x2B, (byte) 0xD7, (byte) 0xDF, (byte) 0x4E, (byte) 0xE4, 2078 (byte) 0x5A, (byte) 0x22, (byte) 0x40, (byte) 0x89, (byte) 0xF2, (byte) 0xCC, (byte) 0x15, (byte) 0x1A, 2079 (byte) 0xF3, (byte) 0xCD, (byte) 0x17, (byte) 0x3F, (byte) 0xCE, (byte) 0x04, (byte) 0x74, (byte) 0xBC, 2080 (byte) 0xB0, (byte) 0x4F, (byte) 0x38, (byte) 0x6A, (byte) 0x2C, (byte) 0xDC, (byte) 0xC0, (byte) 0xE0, 2081 (byte) 0x03, (byte) 0x6B, (byte) 0xA2, (byte) 0x41, (byte) 0x9F, (byte) 0x54, (byte) 0x57, (byte) 0x92, 2082 (byte) 0x62, (byte) 0xD4, (byte) 0x71, (byte) 0x00, (byte) 0xBE, (byte) 0x93, (byte) 0x19, (byte) 0x84, 2083 (byte) 0xA3, (byte) 0xEF, (byte) 0xA0, (byte) 0x5B, (byte) 0xEC, (byte) 0xF1, (byte) 0x41, (byte) 0x57, 2084 (byte) 0x4D, (byte) 0xC0, (byte) 0x79, (byte) 0xB3, (byte) 0xA9, (byte) 0x5C, (byte) 0x4A, (byte) 0x83, 2085 (byte) 0xE6, (byte) 0xC4, (byte) 0x3F, (byte) 0x32, (byte) 0x14, (byte) 0xD6, (byte) 0xDF, (byte) 0x32, 2086 (byte) 0xD5, (byte) 0x12, (byte) 0xDE, (byte) 0x19, (byte) 0x80, (byte) 0x85, (byte) 0xE5, (byte) 0x31, 2087 (byte) 0xE6, (byte) 0x16, (byte) 0xB8, (byte) 0x3F, (byte) 0xD7, (byte) 0xDD, (byte) 0x9D, (byte) 0x1F, 2088 (byte) 0x4E, (byte) 0x26, (byte) 0x07, (byte) 0xC3, (byte) 0x33, (byte) 0x3D, (byte) 0x07, (byte) 0xC5, 2089 (byte) 0x5D, (byte) 0x10, (byte) 0x7D, (byte) 0x1D, (byte) 0x38, (byte) 0x93, (byte) 0x58, (byte) 0x71, 2090 }); 2091 2092 private static final BigInteger RSA_2048_primeExponentQ = new BigInteger(1, new byte[] { 2093 (byte) 0xDB, (byte) 0x4F, (byte) 0xB5, (byte) 0x0F, (byte) 0x50, (byte) 0xDE, (byte) 0x8E, (byte) 0xDB, 2094 (byte) 0x53, (byte) 0xFF, (byte) 0x34, (byte) 0xC8, (byte) 0x09, (byte) 0x31, (byte) 0x88, (byte) 0xA0, 2095 (byte) 0x51, (byte) 0x28, (byte) 0x67, (byte) 0xDA, (byte) 0x2C, (byte) 0xCA, (byte) 0x04, (byte) 0x89, 2096 (byte) 0x77, (byte) 0x59, (byte) 0xE5, (byte) 0x87, (byte) 0xC2, (byte) 0x44, (byte) 0x01, (byte) 0x0D, 2097 (byte) 0xAF, (byte) 0x86, (byte) 0x64, (byte) 0xD5, (byte) 0x9E, (byte) 0x80, (byte) 0x83, (byte) 0xD1, 2098 (byte) 0x6C, (byte) 0x16, (byte) 0x47, (byte) 0x89, (byte) 0x30, (byte) 0x1F, (byte) 0x67, (byte) 0xA9, 2099 (byte) 0xF0, (byte) 0x78, (byte) 0x06, (byte) 0x0D, (byte) 0x83, (byte) 0x4A, (byte) 0x2A, (byte) 0xDB, 2100 (byte) 0xD3, (byte) 0x67, (byte) 0x57, (byte) 0x5B, (byte) 0x68, (byte) 0xA8, (byte) 0xA8, (byte) 0x42, 2101 (byte) 0xC2, (byte) 0xB0, (byte) 0x2A, (byte) 0x89, (byte) 0xB3, (byte) 0xF3, (byte) 0x1F, (byte) 0xCC, 2102 (byte) 0xEC, (byte) 0x8A, (byte) 0x22, (byte) 0xFE, (byte) 0x39, (byte) 0x57, (byte) 0x95, (byte) 0xC5, 2103 (byte) 0xC6, (byte) 0xC7, (byte) 0x42, (byte) 0x2B, (byte) 0x4E, (byte) 0x5D, (byte) 0x74, (byte) 0xA1, 2104 (byte) 0xE9, (byte) 0xA8, (byte) 0xF3, (byte) 0x0E, (byte) 0x77, (byte) 0x59, (byte) 0xB9, (byte) 0xFC, 2105 (byte) 0x2D, (byte) 0x63, (byte) 0x9C, (byte) 0x1F, (byte) 0x15, (byte) 0x67, (byte) 0x3E, (byte) 0x84, 2106 (byte) 0xE9, (byte) 0x3A, (byte) 0x5E, (byte) 0xF1, (byte) 0x50, (byte) 0x6F, (byte) 0x43, (byte) 0x15, 2107 (byte) 0x38, (byte) 0x3C, (byte) 0x38, (byte) 0xD4, (byte) 0x5C, (byte) 0xBD, (byte) 0x1B, (byte) 0x14, 2108 (byte) 0x04, (byte) 0x8F, (byte) 0x47, (byte) 0x21, (byte) 0xDC, (byte) 0x82, (byte) 0x32, (byte) 0x61, 2109 }); 2110 2111 private static final BigInteger RSA_2048_crtCoefficient = new BigInteger(1, new byte[] { 2112 (byte) 0xD8, (byte) 0x11, (byte) 0x45, (byte) 0x93, (byte) 0xAF, (byte) 0x41, (byte) 0x5F, (byte) 0xB6, 2113 (byte) 0x12, (byte) 0xDB, (byte) 0xF1, (byte) 0x92, (byte) 0x37, (byte) 0x10, (byte) 0xD5, (byte) 0x4D, 2114 (byte) 0x07, (byte) 0x48, (byte) 0x62, (byte) 0x05, (byte) 0xA7, (byte) 0x6A, (byte) 0x3B, (byte) 0x43, 2115 (byte) 0x19, (byte) 0x49, (byte) 0x68, (byte) 0xC0, (byte) 0xDF, (byte) 0xF1, (byte) 0xF1, (byte) 0x1E, 2116 (byte) 0xF0, (byte) 0xF6, (byte) 0x1A, (byte) 0x4A, (byte) 0x33, (byte) 0x7D, (byte) 0x5F, (byte) 0xD3, 2117 (byte) 0x74, (byte) 0x1B, (byte) 0xBC, (byte) 0x96, (byte) 0x40, (byte) 0xE4, (byte) 0x47, (byte) 0xB8, 2118 (byte) 0xB6, (byte) 0xB6, (byte) 0xC4, (byte) 0x7C, (byte) 0x3A, (byte) 0xC1, (byte) 0x20, (byte) 0x43, 2119 (byte) 0x57, (byte) 0xD3, (byte) 0xB0, (byte) 0xC5, (byte) 0x5B, (byte) 0xA9, (byte) 0x28, (byte) 0x6B, 2120 (byte) 0xDA, (byte) 0x73, (byte) 0xF6, (byte) 0x29, (byte) 0x29, (byte) 0x6F, (byte) 0x5F, (byte) 0xA9, 2121 (byte) 0x14, (byte) 0x6D, (byte) 0x89, (byte) 0x76, (byte) 0x35, (byte) 0x7D, (byte) 0x3C, (byte) 0x75, 2122 (byte) 0x1E, (byte) 0x75, (byte) 0x14, (byte) 0x86, (byte) 0x96, (byte) 0xA4, (byte) 0x0B, (byte) 0x74, 2123 (byte) 0x68, (byte) 0x5C, (byte) 0x82, (byte) 0xCE, (byte) 0x30, (byte) 0x90, (byte) 0x2D, (byte) 0x63, 2124 (byte) 0x9D, (byte) 0x72, (byte) 0x4F, (byte) 0xF2, (byte) 0x4D, (byte) 0x5E, (byte) 0x2E, (byte) 0x94, 2125 (byte) 0x07, (byte) 0xEE, (byte) 0x34, (byte) 0xED, (byte) 0xED, (byte) 0x2E, (byte) 0x3B, (byte) 0x4D, 2126 (byte) 0xF6, (byte) 0x5A, (byte) 0xA9, (byte) 0xBC, (byte) 0xFE, (byte) 0xB6, (byte) 0xDF, (byte) 0x28, 2127 (byte) 0xD0, (byte) 0x7B, (byte) 0xA6, (byte) 0x90, (byte) 0x3F, (byte) 0x16, (byte) 0x57, (byte) 0x68, 2128 }); 2129 2130 /** 2131 * Test data is PKCS#1 padded "Android.\n" which can be generated by: 2132 * echo "Android." | openssl rsautl -inkey rsa.key -sign | openssl rsautl -inkey rsa.key -raw -verify | recode ../x1 2133 */ 2134 private static final byte[] RSA_2048_Vector1 = new byte[] { 2135 (byte) 0x00, (byte) 0x01, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2136 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2137 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2138 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2139 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2140 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2141 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2142 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2143 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2144 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2145 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2146 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2147 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2148 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2149 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2150 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2151 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2152 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2153 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2154 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2155 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2156 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2157 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2158 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2159 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2160 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2161 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2162 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2163 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2164 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2165 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2166 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2167 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2168 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2169 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2170 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2171 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2172 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2173 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2174 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2175 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2176 (byte) 0x00, (byte) 0x41, (byte) 0x6E, (byte) 0x64, (byte) 0x72, (byte) 0x6F, 2177 (byte) 0x69, (byte) 0x64, (byte) 0x2E, (byte) 0x0A, 2178 }; 2179 2180 /** 2181 * This vector is simply "Android.\n" which is too short. 2182 */ 2183 private static final byte[] TooShort_Vector = new byte[] { 2184 (byte) 0x41, (byte) 0x6E, (byte) 0x64, (byte) 0x72, (byte) 0x6F, (byte) 0x69, 2185 (byte) 0x64, (byte) 0x2E, (byte) 0x0A, 2186 }; 2187 2188 /** 2189 * This vector is simply "Android.\n" padded with zeros. 2190 */ 2191 private static final byte[] TooShort_Vector_Zero_Padded = new byte[] { 2192 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2193 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2194 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2195 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2196 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2197 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2198 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2199 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2200 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2201 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2202 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2203 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2204 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2205 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2206 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2207 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2208 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2209 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2210 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2211 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2212 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2213 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2214 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2215 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2216 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2217 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2218 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2219 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2220 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2221 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2222 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2223 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2224 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2225 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2226 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2227 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2228 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2229 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2230 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2231 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2232 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2233 (byte) 0x00, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, 2234 (byte) 0x69, (byte) 0x64, (byte) 0x2e, (byte) 0x0a, 2235 }; 2236 2237 /** 2238 * openssl rsautl -raw -sign -inkey rsa.key | recode ../x1 | sed 's/0x/(byte) 0x/g' 2239 */ 2240 private static final byte[] RSA_Vector1_Encrypt_Private = new byte[] { 2241 (byte) 0x35, (byte) 0x43, (byte) 0x38, (byte) 0x44, (byte) 0xAD, (byte) 0x3F, 2242 (byte) 0x97, (byte) 0x02, (byte) 0xFB, (byte) 0x59, (byte) 0x1F, (byte) 0x4A, 2243 (byte) 0x2B, (byte) 0xB9, (byte) 0x06, (byte) 0xEC, (byte) 0x66, (byte) 0xE6, 2244 (byte) 0xD2, (byte) 0xC5, (byte) 0x8B, (byte) 0x7B, (byte) 0xE3, (byte) 0x18, 2245 (byte) 0xBF, (byte) 0x07, (byte) 0xD6, (byte) 0x01, (byte) 0xF9, (byte) 0xD9, 2246 (byte) 0x89, (byte) 0xC4, (byte) 0xDB, (byte) 0x00, (byte) 0x68, (byte) 0xFF, 2247 (byte) 0x9B, (byte) 0x43, (byte) 0x90, (byte) 0xF2, (byte) 0xDB, (byte) 0x83, 2248 (byte) 0xF4, (byte) 0x7E, (byte) 0xC6, (byte) 0x81, (byte) 0x01, (byte) 0x3A, 2249 (byte) 0x0B, (byte) 0xE5, (byte) 0xED, (byte) 0x08, (byte) 0x73, (byte) 0x3E, 2250 (byte) 0xE1, (byte) 0x3F, (byte) 0xDF, (byte) 0x1F, (byte) 0x07, (byte) 0x6D, 2251 (byte) 0x22, (byte) 0x8D, (byte) 0xCC, (byte) 0x4E, (byte) 0xE3, (byte) 0x9A, 2252 (byte) 0xBC, (byte) 0xCC, (byte) 0x8F, (byte) 0x9E, (byte) 0x9B, (byte) 0x02, 2253 (byte) 0x48, (byte) 0x00, (byte) 0xAC, (byte) 0x9F, (byte) 0xA4, (byte) 0x8F, 2254 (byte) 0x87, (byte) 0xA1, (byte) 0xA8, (byte) 0xE6, (byte) 0x9D, (byte) 0xCD, 2255 (byte) 0x8B, (byte) 0x05, (byte) 0xE9, (byte) 0xD2, (byte) 0x05, (byte) 0x8D, 2256 (byte) 0xC9, (byte) 0x95, (byte) 0x16, (byte) 0xD0, (byte) 0xCD, (byte) 0x43, 2257 (byte) 0x25, (byte) 0x8A, (byte) 0x11, (byte) 0x46, (byte) 0xD7, (byte) 0x74, 2258 (byte) 0x4C, (byte) 0xCF, (byte) 0x58, (byte) 0xF9, (byte) 0xA1, (byte) 0x30, 2259 (byte) 0x84, (byte) 0x52, (byte) 0xC9, (byte) 0x01, (byte) 0x5F, (byte) 0x24, 2260 (byte) 0x4C, (byte) 0xB1, (byte) 0x9F, (byte) 0x7D, (byte) 0x12, (byte) 0x38, 2261 (byte) 0x27, (byte) 0x0F, (byte) 0x5E, (byte) 0xFF, (byte) 0xE0, (byte) 0x55, 2262 (byte) 0x8B, (byte) 0xA3, (byte) 0xAD, (byte) 0x60, (byte) 0x35, (byte) 0x83, 2263 (byte) 0x58, (byte) 0xAF, (byte) 0x99, (byte) 0xDE, (byte) 0x3F, (byte) 0x5D, 2264 (byte) 0x80, (byte) 0x80, (byte) 0xFF, (byte) 0x9B, (byte) 0xDE, (byte) 0x5C, 2265 (byte) 0xAB, (byte) 0x97, (byte) 0x43, (byte) 0x64, (byte) 0xD9, (byte) 0x9F, 2266 (byte) 0xFB, (byte) 0x67, (byte) 0x65, (byte) 0xA5, (byte) 0x99, (byte) 0xE7, 2267 (byte) 0xE6, (byte) 0xEB, (byte) 0x05, (byte) 0x95, (byte) 0xFC, (byte) 0x46, 2268 (byte) 0x28, (byte) 0x4B, (byte) 0xD8, (byte) 0x8C, (byte) 0xF5, (byte) 0x0A, 2269 (byte) 0xEB, (byte) 0x1F, (byte) 0x30, (byte) 0xEA, (byte) 0xE7, (byte) 0x67, 2270 (byte) 0x11, (byte) 0x25, (byte) 0xF0, (byte) 0x44, (byte) 0x75, (byte) 0x74, 2271 (byte) 0x94, (byte) 0x06, (byte) 0x78, (byte) 0xD0, (byte) 0x21, (byte) 0xF4, 2272 (byte) 0x3F, (byte) 0xC8, (byte) 0xC4, (byte) 0x4A, (byte) 0x57, (byte) 0xBE, 2273 (byte) 0x02, (byte) 0x3C, (byte) 0x93, (byte) 0xF6, (byte) 0x95, (byte) 0xFB, 2274 (byte) 0xD1, (byte) 0x77, (byte) 0x8B, (byte) 0x43, (byte) 0xF0, (byte) 0xB9, 2275 (byte) 0x7D, (byte) 0xE0, (byte) 0x32, (byte) 0xE1, (byte) 0x72, (byte) 0xB5, 2276 (byte) 0x62, (byte) 0x3F, (byte) 0x86, (byte) 0xC3, (byte) 0xD4, (byte) 0x5F, 2277 (byte) 0x5E, (byte) 0x54, (byte) 0x1B, (byte) 0x5B, (byte) 0xE6, (byte) 0x74, 2278 (byte) 0xA1, (byte) 0x0B, (byte) 0xE5, (byte) 0x18, (byte) 0xD2, (byte) 0x4F, 2279 (byte) 0x93, (byte) 0xF3, (byte) 0x09, (byte) 0x58, (byte) 0xCE, (byte) 0xF0, 2280 (byte) 0xA3, (byte) 0x61, (byte) 0xE4, (byte) 0x6E, (byte) 0x46, (byte) 0x45, 2281 (byte) 0x89, (byte) 0x50, (byte) 0xBD, (byte) 0x03, (byte) 0x3F, (byte) 0x38, 2282 (byte) 0xDA, (byte) 0x5D, (byte) 0xD0, (byte) 0x1B, (byte) 0x1F, (byte) 0xB1, 2283 (byte) 0xEE, (byte) 0x89, (byte) 0x59, (byte) 0xC5, 2284 }; 2285 2286 private static final byte[] RSA_Vector1_ZeroPadded_Encrypted = new byte[] { 2287 (byte) 0x60, (byte) 0x4a, (byte) 0x12, (byte) 0xa3, (byte) 0xa7, (byte) 0x4a, 2288 (byte) 0xa4, (byte) 0xbf, (byte) 0x6c, (byte) 0x36, (byte) 0xad, (byte) 0x66, 2289 (byte) 0xdf, (byte) 0xce, (byte) 0xf1, (byte) 0xe4, (byte) 0x0f, (byte) 0xd4, 2290 (byte) 0x54, (byte) 0x5f, (byte) 0x03, (byte) 0x15, (byte) 0x4b, (byte) 0x9e, 2291 (byte) 0xeb, (byte) 0xfe, (byte) 0x9e, (byte) 0x24, (byte) 0xce, (byte) 0x8e, 2292 (byte) 0xc3, (byte) 0x36, (byte) 0xa5, (byte) 0x76, (byte) 0xf6, (byte) 0x54, 2293 (byte) 0xb7, (byte) 0x84, (byte) 0x48, (byte) 0x2f, (byte) 0xd4, (byte) 0x45, 2294 (byte) 0x74, (byte) 0x48, (byte) 0x5f, (byte) 0x08, (byte) 0x4e, (byte) 0x9c, 2295 (byte) 0x89, (byte) 0xcc, (byte) 0x34, (byte) 0x40, (byte) 0xb1, (byte) 0x5f, 2296 (byte) 0xa7, (byte) 0x0e, (byte) 0x11, (byte) 0x4b, (byte) 0xb5, (byte) 0x94, 2297 (byte) 0xbe, (byte) 0x14, (byte) 0xaa, (byte) 0xaa, (byte) 0xe0, (byte) 0x38, 2298 (byte) 0x1c, (byte) 0xce, (byte) 0x40, (byte) 0x61, (byte) 0xfc, (byte) 0x08, 2299 (byte) 0xcb, (byte) 0x14, (byte) 0x2b, (byte) 0xa6, (byte) 0x54, (byte) 0xdf, 2300 (byte) 0x05, (byte) 0x5c, (byte) 0x9b, (byte) 0x4f, (byte) 0x14, (byte) 0x93, 2301 (byte) 0xb0, (byte) 0x70, (byte) 0xd9, (byte) 0x32, (byte) 0xdc, (byte) 0x24, 2302 (byte) 0xe0, (byte) 0xae, (byte) 0x48, (byte) 0xfc, (byte) 0x53, (byte) 0xee, 2303 (byte) 0x7c, (byte) 0x9f, (byte) 0x69, (byte) 0x34, (byte) 0xf4, (byte) 0x76, 2304 (byte) 0xee, (byte) 0x67, (byte) 0xb2, (byte) 0xa7, (byte) 0x33, (byte) 0x1c, 2305 (byte) 0x47, (byte) 0xff, (byte) 0x5c, (byte) 0xf0, (byte) 0xb8, (byte) 0x04, 2306 (byte) 0x2c, (byte) 0xfd, (byte) 0xe2, (byte) 0xb1, (byte) 0x4a, (byte) 0x0a, 2307 (byte) 0x69, (byte) 0x1c, (byte) 0x80, (byte) 0x2b, (byte) 0xb4, (byte) 0x50, 2308 (byte) 0x65, (byte) 0x5c, (byte) 0x76, (byte) 0x78, (byte) 0x9a, (byte) 0x0c, 2309 (byte) 0x05, (byte) 0x62, (byte) 0xf0, (byte) 0xc4, (byte) 0x1c, (byte) 0x38, 2310 (byte) 0x15, (byte) 0xd0, (byte) 0xe2, (byte) 0x5a, (byte) 0x3d, (byte) 0xb6, 2311 (byte) 0xe0, (byte) 0x88, (byte) 0x85, (byte) 0xd1, (byte) 0x4f, (byte) 0x7e, 2312 (byte) 0xfc, (byte) 0x77, (byte) 0x0d, (byte) 0x2a, (byte) 0x45, (byte) 0xd5, 2313 (byte) 0xf8, (byte) 0x3c, (byte) 0x7b, (byte) 0x2d, (byte) 0x1b, (byte) 0x82, 2314 (byte) 0xfe, (byte) 0x58, (byte) 0x22, (byte) 0x47, (byte) 0x06, (byte) 0x58, 2315 (byte) 0x8b, (byte) 0x4f, (byte) 0xfb, (byte) 0x9b, (byte) 0x1c, (byte) 0x70, 2316 (byte) 0x36, (byte) 0x12, (byte) 0x04, (byte) 0x17, (byte) 0x47, (byte) 0x8a, 2317 (byte) 0x0a, (byte) 0xec, (byte) 0x12, (byte) 0x3b, (byte) 0xf8, (byte) 0xd2, 2318 (byte) 0xdc, (byte) 0x3c, (byte) 0xc8, (byte) 0x46, (byte) 0xc6, (byte) 0x51, 2319 (byte) 0x06, (byte) 0x06, (byte) 0xcb, (byte) 0x84, (byte) 0x67, (byte) 0xb5, 2320 (byte) 0x68, (byte) 0xd9, (byte) 0x9c, (byte) 0xd4, (byte) 0x16, (byte) 0x5c, 2321 (byte) 0xb4, (byte) 0xe2, (byte) 0x55, (byte) 0xe6, (byte) 0x3a, (byte) 0x73, 2322 (byte) 0x01, (byte) 0x1d, (byte) 0x6f, (byte) 0x30, (byte) 0x31, (byte) 0x59, 2323 (byte) 0x8b, (byte) 0x2f, (byte) 0x4c, (byte) 0xe7, (byte) 0x86, (byte) 0x4c, 2324 (byte) 0x39, (byte) 0x4e, (byte) 0x67, (byte) 0x3b, (byte) 0x22, (byte) 0x9b, 2325 (byte) 0x85, (byte) 0x5a, (byte) 0xc3, (byte) 0x29, (byte) 0xaf, (byte) 0x8c, 2326 (byte) 0x7c, (byte) 0x59, (byte) 0x4a, (byte) 0x24, (byte) 0xfa, (byte) 0xba, 2327 (byte) 0x55, (byte) 0x40, (byte) 0x13, (byte) 0x64, (byte) 0xd8, (byte) 0xcb, 2328 (byte) 0x4b, (byte) 0x98, (byte) 0x3f, (byte) 0xae, (byte) 0x20, (byte) 0xfd, 2329 (byte) 0x8a, (byte) 0x50, (byte) 0x73, (byte) 0xe4, 2330 }; 2331 /* 2332 * echo -n 'This is a test of OAEP' | xxd -p -i | sed 's/0x/(byte) 0x/g' 2333 */ 2334 public static final byte[] RSA_Vector2_Plaintext = new byte[] { 2335 (byte) 0x54, (byte) 0x68, (byte) 0x69, (byte) 0x73, (byte) 0x20, (byte) 0x69, 2336 (byte) 0x73, (byte) 0x20, (byte) 0x61, (byte) 0x20, (byte) 0x74, (byte) 0x65, 2337 (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20, 2338 (byte) 0x4f, (byte) 0x41, (byte) 0x45, (byte) 0x50 2339 }; 2340 2341 /* 2342 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey rsakey.pem \ 2343 * -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha1 -pkeyopt rsa_mgf1_md:sha1 \ 2344 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2345 */ 2346 public static final byte[] RSA_Vector2_OAEP_SHA1_MGF1_SHA1 = new byte[] { 2347 (byte) 0x53, (byte) 0x71, (byte) 0x84, (byte) 0x2e, (byte) 0x01, (byte) 0x74, 2348 (byte) 0x82, (byte) 0xb3, (byte) 0x01, (byte) 0xac, (byte) 0x2b, (byte) 0xbd, 2349 (byte) 0x40, (byte) 0xa7, (byte) 0x5b, (byte) 0x60, (byte) 0xf1, (byte) 0xde, 2350 (byte) 0x54, (byte) 0x1d, (byte) 0x94, (byte) 0xc1, (byte) 0x10, (byte) 0x31, 2351 (byte) 0x6f, (byte) 0xa3, (byte) 0xd8, (byte) 0x41, (byte) 0x2e, (byte) 0x82, 2352 (byte) 0xad, (byte) 0x07, (byte) 0x6f, (byte) 0x25, (byte) 0x6c, (byte) 0xb5, 2353 (byte) 0xef, (byte) 0xc6, (byte) 0xa6, (byte) 0xfb, (byte) 0xb1, (byte) 0x9d, 2354 (byte) 0x75, (byte) 0x67, (byte) 0xb0, (byte) 0x97, (byte) 0x21, (byte) 0x3c, 2355 (byte) 0x17, (byte) 0x04, (byte) 0xdc, (byte) 0x4e, (byte) 0x7e, (byte) 0x3f, 2356 (byte) 0x5c, (byte) 0x13, (byte) 0x5e, (byte) 0x15, (byte) 0x0f, (byte) 0xe2, 2357 (byte) 0xa7, (byte) 0x62, (byte) 0x6a, (byte) 0x08, (byte) 0xb1, (byte) 0xbc, 2358 (byte) 0x2f, (byte) 0xcb, (byte) 0xb5, (byte) 0x96, (byte) 0x2d, (byte) 0xec, 2359 (byte) 0x71, (byte) 0x4d, (byte) 0x59, (byte) 0x6e, (byte) 0x27, (byte) 0x85, 2360 (byte) 0x87, (byte) 0x9b, (byte) 0xcc, (byte) 0x40, (byte) 0x32, (byte) 0x09, 2361 (byte) 0x06, (byte) 0xe6, (byte) 0x7d, (byte) 0xdf, (byte) 0xeb, (byte) 0x2f, 2362 (byte) 0xa8, (byte) 0x1c, (byte) 0x53, (byte) 0xdb, (byte) 0xa7, (byte) 0x48, 2363 (byte) 0xf5, (byte) 0xbf, (byte) 0x2f, (byte) 0xbb, (byte) 0xee, (byte) 0xc7, 2364 (byte) 0x55, (byte) 0x5e, (byte) 0xc4, (byte) 0x1c, (byte) 0x84, (byte) 0xed, 2365 (byte) 0x97, (byte) 0x7e, (byte) 0xce, (byte) 0xa5, (byte) 0x69, (byte) 0x73, 2366 (byte) 0xb3, (byte) 0xe0, (byte) 0x8c, (byte) 0x2a, (byte) 0xf2, (byte) 0xc7, 2367 (byte) 0x65, (byte) 0xff, (byte) 0x10, (byte) 0xed, (byte) 0x25, (byte) 0xf0, 2368 (byte) 0xf8, (byte) 0xda, (byte) 0x2f, (byte) 0x7f, (byte) 0xe0, (byte) 0x69, 2369 (byte) 0xed, (byte) 0xb1, (byte) 0x0e, (byte) 0xcb, (byte) 0x43, (byte) 0xe4, 2370 (byte) 0x31, (byte) 0xe6, (byte) 0x52, (byte) 0xfd, (byte) 0xa7, (byte) 0xe5, 2371 (byte) 0x21, (byte) 0xd0, (byte) 0x67, (byte) 0x0a, (byte) 0xc1, (byte) 0xa1, 2372 (byte) 0xb9, (byte) 0x04, (byte) 0xdb, (byte) 0x98, (byte) 0x4f, (byte) 0xf9, 2373 (byte) 0x5c, (byte) 0x60, (byte) 0x4d, (byte) 0xac, (byte) 0x7a, (byte) 0x69, 2374 (byte) 0xbd, (byte) 0x63, (byte) 0x0d, (byte) 0xb2, (byte) 0x01, (byte) 0x83, 2375 (byte) 0xd7, (byte) 0x22, (byte) 0x5d, (byte) 0xed, (byte) 0xbd, (byte) 0x32, 2376 (byte) 0x98, (byte) 0xd1, (byte) 0x4a, (byte) 0x2e, (byte) 0xb7, (byte) 0xb1, 2377 (byte) 0x6d, (byte) 0x8a, (byte) 0x8f, (byte) 0xef, (byte) 0xc3, (byte) 0x89, 2378 (byte) 0xdf, (byte) 0xa5, (byte) 0xac, (byte) 0xfb, (byte) 0x38, (byte) 0x61, 2379 (byte) 0x32, (byte) 0xc5, (byte) 0x19, (byte) 0x83, (byte) 0x1f, (byte) 0x9c, 2380 (byte) 0x45, (byte) 0x58, (byte) 0xdd, (byte) 0xa3, (byte) 0x57, (byte) 0xe4, 2381 (byte) 0x91, (byte) 0xd2, (byte) 0x11, (byte) 0xf8, (byte) 0x96, (byte) 0x36, 2382 (byte) 0x67, (byte) 0x99, (byte) 0x2b, (byte) 0x62, (byte) 0x21, (byte) 0xe3, 2383 (byte) 0xa8, (byte) 0x5e, (byte) 0xa4, (byte) 0x2e, (byte) 0x0c, (byte) 0x29, 2384 (byte) 0xf9, (byte) 0xcd, (byte) 0xfa, (byte) 0xbe, (byte) 0x3f, (byte) 0xd8, 2385 (byte) 0xec, (byte) 0x6b, (byte) 0x32, (byte) 0xb3, (byte) 0x40, (byte) 0x4f, 2386 (byte) 0x48, (byte) 0xe3, (byte) 0x14, (byte) 0x87, (byte) 0xa7, (byte) 0x5c, 2387 (byte) 0xba, (byte) 0xdf, (byte) 0x0e, (byte) 0x64, (byte) 0xdc, (byte) 0xe2, 2388 (byte) 0x51, (byte) 0xf4, (byte) 0x41, (byte) 0x25, (byte) 0x23, (byte) 0xc8, 2389 (byte) 0x50, (byte) 0x1e, (byte) 0x9e, (byte) 0xb0 2390 }; 2391 2392 /* 2393 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey rsakey.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1 | xxd -p -i | sed 's/0x/(byte) 0x/g' 2394 */ 2395 public static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA1 = new byte[] { 2396 (byte) 0x25, (byte) 0x9f, (byte) 0xc3, (byte) 0x69, (byte) 0xbc, (byte) 0x3f, 2397 (byte) 0xe7, (byte) 0x9e, (byte) 0x76, (byte) 0xef, (byte) 0x6c, (byte) 0xd2, 2398 (byte) 0x2b, (byte) 0x7b, (byte) 0xf0, (byte) 0xeb, (byte) 0xc2, (byte) 0x28, 2399 (byte) 0x40, (byte) 0x4e, (byte) 0x9b, (byte) 0x2a, (byte) 0x4e, (byte) 0xa4, 2400 (byte) 0x79, (byte) 0x66, (byte) 0xf1, (byte) 0x10, (byte) 0x96, (byte) 0x8c, 2401 (byte) 0x58, (byte) 0x92, (byte) 0xb7, (byte) 0x70, (byte) 0xed, (byte) 0x3a, 2402 (byte) 0xe0, (byte) 0x99, (byte) 0xd1, (byte) 0x80, (byte) 0x4b, (byte) 0x53, 2403 (byte) 0x70, (byte) 0x9b, (byte) 0x51, (byte) 0xbf, (byte) 0xc1, (byte) 0x3a, 2404 (byte) 0x70, (byte) 0xc5, (byte) 0x79, (byte) 0x21, (byte) 0x6e, (byte) 0xb3, 2405 (byte) 0xf7, (byte) 0xa9, (byte) 0xe6, (byte) 0xcb, (byte) 0x70, (byte) 0xe4, 2406 (byte) 0xf3, (byte) 0x4f, (byte) 0x45, (byte) 0xcf, (byte) 0xb7, (byte) 0x2b, 2407 (byte) 0x38, (byte) 0xfd, (byte) 0x5d, (byte) 0x9a, (byte) 0x53, (byte) 0xc5, 2408 (byte) 0x05, (byte) 0x74, (byte) 0x8d, (byte) 0x1d, (byte) 0x6e, (byte) 0x83, 2409 (byte) 0xaa, (byte) 0x71, (byte) 0xc5, (byte) 0xe1, (byte) 0xa1, (byte) 0xa6, 2410 (byte) 0xf3, (byte) 0xee, (byte) 0x5f, (byte) 0x9e, (byte) 0x4f, (byte) 0xe8, 2411 (byte) 0x15, (byte) 0xd5, (byte) 0xa9, (byte) 0x1b, (byte) 0xa6, (byte) 0x41, 2412 (byte) 0x2b, (byte) 0x18, (byte) 0x13, (byte) 0x20, (byte) 0x9f, (byte) 0x6b, 2413 (byte) 0xf1, (byte) 0xd8, (byte) 0xf4, (byte) 0x87, (byte) 0xfa, (byte) 0x80, 2414 (byte) 0xec, (byte) 0x0e, (byte) 0xa4, (byte) 0x4b, (byte) 0x24, (byte) 0x03, 2415 (byte) 0x14, (byte) 0x25, (byte) 0xf2, (byte) 0x20, (byte) 0xfc, (byte) 0x52, 2416 (byte) 0xf9, (byte) 0xd6, (byte) 0x7a, (byte) 0x4a, (byte) 0x45, (byte) 0x33, 2417 (byte) 0xec, (byte) 0xde, (byte) 0x3c, (byte) 0x5b, (byte) 0xf2, (byte) 0xdc, 2418 (byte) 0x8e, (byte) 0xc6, (byte) 0xb3, (byte) 0x26, (byte) 0xd3, (byte) 0x68, 2419 (byte) 0xa7, (byte) 0xd8, (byte) 0x3a, (byte) 0xde, (byte) 0xa9, (byte) 0x25, 2420 (byte) 0x1d, (byte) 0x42, (byte) 0x75, (byte) 0x66, (byte) 0x16, (byte) 0x29, 2421 (byte) 0xad, (byte) 0x09, (byte) 0x74, (byte) 0x41, (byte) 0xbb, (byte) 0x45, 2422 (byte) 0x39, (byte) 0x04, (byte) 0x7a, (byte) 0x93, (byte) 0xad, (byte) 0x1c, 2423 (byte) 0xa6, (byte) 0x38, (byte) 0xf4, (byte) 0xac, (byte) 0xca, (byte) 0x5a, 2424 (byte) 0xab, (byte) 0x92, (byte) 0x76, (byte) 0x26, (byte) 0x3c, (byte) 0xeb, 2425 (byte) 0xda, (byte) 0xfc, (byte) 0x25, (byte) 0x93, (byte) 0x23, (byte) 0x01, 2426 (byte) 0xe2, (byte) 0xac, (byte) 0x5e, (byte) 0x4c, (byte) 0xb7, (byte) 0xbc, 2427 (byte) 0x5b, (byte) 0xaa, (byte) 0x14, (byte) 0xe9, (byte) 0xbf, (byte) 0x2d, 2428 (byte) 0x3a, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x4d, (byte) 0x0e, 2429 (byte) 0x0a, (byte) 0x82, (byte) 0x3c, (byte) 0xd9, (byte) 0x32, (byte) 0xc1, 2430 (byte) 0xc4, (byte) 0xa2, (byte) 0x46, (byte) 0x71, (byte) 0x10, (byte) 0x54, 2431 (byte) 0x1a, (byte) 0xa6, (byte) 0xaa, (byte) 0x64, (byte) 0xe7, (byte) 0xc2, 2432 (byte) 0xae, (byte) 0xbc, (byte) 0x3d, (byte) 0xa4, (byte) 0xa8, (byte) 0xd1, 2433 (byte) 0xb7, (byte) 0x27, (byte) 0xef, (byte) 0x5f, (byte) 0xe7, (byte) 0xa7, 2434 (byte) 0x5d, (byte) 0xa0, (byte) 0xcd, (byte) 0x57, (byte) 0xf1, (byte) 0xe0, 2435 (byte) 0xd8, (byte) 0x42, (byte) 0x10, (byte) 0x77, (byte) 0xc3, (byte) 0xa7, 2436 (byte) 0x1e, (byte) 0x0c, (byte) 0x37, (byte) 0x16, (byte) 0x11, (byte) 0x94, 2437 (byte) 0x21, (byte) 0xf2, (byte) 0xca, (byte) 0x60, (byte) 0xce, (byte) 0xca, 2438 (byte) 0x59, (byte) 0xf9, (byte) 0xe5, (byte) 0xe4 2439 }; 2440 2441 /* 2442 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1 -pkeyopt rsa_oaep_label:010203FFA00A | xxd -p -i | sed 's/0x/(byte) 0x/g' 2443 */ 2444 public static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA1_LABEL = new byte[] { 2445 (byte) 0x80, (byte) 0xb1, (byte) 0xf2, (byte) 0xc2, (byte) 0x03, (byte) 0xc5, 2446 (byte) 0xdf, (byte) 0xbd, (byte) 0xed, (byte) 0xfe, (byte) 0xe6, (byte) 0xff, 2447 (byte) 0xd3, (byte) 0x38, (byte) 0x1e, (byte) 0x6d, (byte) 0xae, (byte) 0x47, 2448 (byte) 0xfe, (byte) 0x19, (byte) 0xf9, (byte) 0x8c, (byte) 0xf1, (byte) 0x4d, 2449 (byte) 0x18, (byte) 0x2b, (byte) 0x7e, (byte) 0x8e, (byte) 0x47, (byte) 0x39, 2450 (byte) 0xa8, (byte) 0x04, (byte) 0xc4, (byte) 0x7d, (byte) 0x56, (byte) 0x03, 2451 (byte) 0x15, (byte) 0x92, (byte) 0x18, (byte) 0xde, (byte) 0x56, (byte) 0xb3, 2452 (byte) 0x01, (byte) 0x93, (byte) 0x16, (byte) 0xe3, (byte) 0xfa, (byte) 0xaa, 2453 (byte) 0xf3, (byte) 0x73, (byte) 0x39, (byte) 0x26, (byte) 0xfb, (byte) 0xb0, 2454 (byte) 0x18, (byte) 0x20, (byte) 0xdb, (byte) 0xa1, (byte) 0xbf, (byte) 0x31, 2455 (byte) 0x22, (byte) 0xc8, (byte) 0x1d, (byte) 0xdb, (byte) 0xa0, (byte) 0x5a, 2456 (byte) 0x22, (byte) 0xcd, (byte) 0x09, (byte) 0xb3, (byte) 0xcb, (byte) 0xa2, 2457 (byte) 0x46, (byte) 0x14, (byte) 0x35, (byte) 0x66, (byte) 0xe8, (byte) 0xb8, 2458 (byte) 0x07, (byte) 0x23, (byte) 0xc5, (byte) 0xae, (byte) 0xe6, (byte) 0xf1, 2459 (byte) 0x7a, (byte) 0x8f, (byte) 0x5c, (byte) 0x44, (byte) 0x34, (byte) 0xbf, 2460 (byte) 0xd6, (byte) 0xf8, (byte) 0x0c, (byte) 0xc7, (byte) 0x8d, (byte) 0xcd, 2461 (byte) 0x23, (byte) 0x84, (byte) 0xbe, (byte) 0x9b, (byte) 0xbf, (byte) 0x9a, 2462 (byte) 0x70, (byte) 0x0f, (byte) 0x18, (byte) 0xc0, (byte) 0x6f, (byte) 0x23, 2463 (byte) 0x67, (byte) 0xf8, (byte) 0xbb, (byte) 0xce, (byte) 0xc2, (byte) 0x47, 2464 (byte) 0x82, (byte) 0xa0, (byte) 0xa5, (byte) 0x60, (byte) 0xcd, (byte) 0x25, 2465 (byte) 0xa5, (byte) 0x4b, (byte) 0xe4, (byte) 0x06, (byte) 0x7f, (byte) 0x46, 2466 (byte) 0x62, (byte) 0x86, (byte) 0x94, (byte) 0xbc, (byte) 0x7f, (byte) 0xb0, 2467 (byte) 0x2e, (byte) 0xc1, (byte) 0x8c, (byte) 0x6c, (byte) 0x58, (byte) 0x05, 2468 (byte) 0x6f, (byte) 0x35, (byte) 0x76, (byte) 0xd3, (byte) 0xdf, (byte) 0xc0, 2469 (byte) 0xdd, (byte) 0x66, (byte) 0xbe, (byte) 0xa1, (byte) 0x7e, (byte) 0x52, 2470 (byte) 0xed, (byte) 0x81, (byte) 0x0e, (byte) 0x2d, (byte) 0x5b, (byte) 0x2b, 2471 (byte) 0xe3, (byte) 0x52, (byte) 0x0e, (byte) 0x56, (byte) 0x9b, (byte) 0x05, 2472 (byte) 0x72, (byte) 0xa8, (byte) 0xc8, (byte) 0x57, (byte) 0x22, (byte) 0x67, 2473 (byte) 0x0e, (byte) 0x5f, (byte) 0x01, (byte) 0xf2, (byte) 0x69, (byte) 0x66, 2474 (byte) 0x6a, (byte) 0x47, (byte) 0x4f, (byte) 0x78, (byte) 0xb3, (byte) 0x1e, 2475 (byte) 0x7d, (byte) 0xce, (byte) 0xb3, (byte) 0x35, (byte) 0xdf, (byte) 0x23, 2476 (byte) 0xac, (byte) 0xf8, (byte) 0x88, (byte) 0xa1, (byte) 0xde, (byte) 0x38, 2477 (byte) 0x96, (byte) 0xfd, (byte) 0xa2, (byte) 0x5d, (byte) 0x09, (byte) 0x52, 2478 (byte) 0x11, (byte) 0x2b, (byte) 0x21, (byte) 0xf0, (byte) 0x0d, (byte) 0x4c, 2479 (byte) 0x15, (byte) 0xc3, (byte) 0x88, (byte) 0x2b, (byte) 0xf6, (byte) 0x2b, 2480 (byte) 0xe3, (byte) 0xfd, (byte) 0x52, (byte) 0xf0, (byte) 0x09, (byte) 0x5c, 2481 (byte) 0x4f, (byte) 0x5b, (byte) 0x8b, (byte) 0x84, (byte) 0x71, (byte) 0x72, 2482 (byte) 0x8d, (byte) 0xaa, (byte) 0x6c, (byte) 0x55, (byte) 0xba, (byte) 0xe7, 2483 (byte) 0x9c, (byte) 0xba, (byte) 0xbf, (byte) 0xf4, (byte) 0x09, (byte) 0x0a, 2484 (byte) 0x60, (byte) 0xec, (byte) 0x53, (byte) 0xa4, (byte) 0x01, (byte) 0xa5, 2485 (byte) 0xf2, (byte) 0x58, (byte) 0xab, (byte) 0x95, (byte) 0x68, (byte) 0x79, 2486 (byte) 0x0b, (byte) 0xc3, (byte) 0xc4, (byte) 0x00, (byte) 0x68, (byte) 0x19, 2487 (byte) 0xca, (byte) 0x07, (byte) 0x0d, (byte) 0x32 2488 }; 2489 2490 /* 2491 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey rsakey.pem \ 2492 * -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha224 -pkeyopt rsa_mgf1_md:sha224 \ 2493 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2494 */ 2495 public static final byte[] RSA_Vector2_OAEP_SHA224_MGF1_SHA224 = new byte[] { 2496 (byte) 0xae, (byte) 0xdd, (byte) 0xe6, (byte) 0xab, (byte) 0x00, (byte) 0xd6, 2497 (byte) 0x1e, (byte) 0x7e, (byte) 0x85, (byte) 0x63, (byte) 0xab, (byte) 0x51, 2498 (byte) 0x79, (byte) 0x92, (byte) 0xf1, (byte) 0xb9, (byte) 0x4f, (byte) 0x23, 2499 (byte) 0xae, (byte) 0xf7, (byte) 0x1b, (byte) 0x5f, (byte) 0x10, (byte) 0x5b, 2500 (byte) 0xa5, (byte) 0x15, (byte) 0x87, (byte) 0xa3, (byte) 0xbb, (byte) 0x26, 2501 (byte) 0xfe, (byte) 0x7f, (byte) 0xc0, (byte) 0xa3, (byte) 0x67, (byte) 0x95, 2502 (byte) 0xda, (byte) 0xc4, (byte) 0x6f, (byte) 0x6e, (byte) 0x08, (byte) 0x23, 2503 (byte) 0x28, (byte) 0x0b, (byte) 0xdd, (byte) 0x29, (byte) 0x29, (byte) 0xdc, 2504 (byte) 0xb0, (byte) 0x35, (byte) 0x16, (byte) 0x2e, (byte) 0x0f, (byte) 0xb9, 2505 (byte) 0x1d, (byte) 0x90, (byte) 0x27, (byte) 0x68, (byte) 0xc7, (byte) 0x92, 2506 (byte) 0x52, (byte) 0x8a, (byte) 0x1d, (byte) 0x48, (byte) 0x6a, (byte) 0x7d, 2507 (byte) 0x0b, (byte) 0xf6, (byte) 0x35, (byte) 0xca, (byte) 0xe1, (byte) 0x57, 2508 (byte) 0xdd, (byte) 0x36, (byte) 0x3b, (byte) 0x51, (byte) 0x45, (byte) 0x77, 2509 (byte) 0x28, (byte) 0x4f, (byte) 0x98, (byte) 0xc0, (byte) 0xe0, (byte) 0xa7, 2510 (byte) 0x51, (byte) 0x98, (byte) 0x84, (byte) 0x7a, (byte) 0x29, (byte) 0x05, 2511 (byte) 0x9f, (byte) 0x60, (byte) 0x66, (byte) 0xf6, (byte) 0x83, (byte) 0xcd, 2512 (byte) 0x03, (byte) 0x3e, (byte) 0x82, (byte) 0x0f, (byte) 0x57, (byte) 0x4b, 2513 (byte) 0x27, (byte) 0x14, (byte) 0xf6, (byte) 0xc8, (byte) 0x5b, (byte) 0xed, 2514 (byte) 0xc3, (byte) 0x77, (byte) 0x6f, (byte) 0xec, (byte) 0x0e, (byte) 0xae, 2515 (byte) 0x59, (byte) 0xbe, (byte) 0x68, (byte) 0x76, (byte) 0x16, (byte) 0x17, 2516 (byte) 0x77, (byte) 0xe2, (byte) 0xbd, (byte) 0xe0, (byte) 0x5a, (byte) 0x14, 2517 (byte) 0xd9, (byte) 0xf4, (byte) 0x3f, (byte) 0x50, (byte) 0x31, (byte) 0xf0, 2518 (byte) 0x0c, (byte) 0x82, (byte) 0x6c, (byte) 0xcc, (byte) 0x81, (byte) 0x84, 2519 (byte) 0x3e, (byte) 0x63, (byte) 0x93, (byte) 0xe7, (byte) 0x12, (byte) 0x2d, 2520 (byte) 0xc9, (byte) 0xa3, (byte) 0xe3, (byte) 0xce, (byte) 0xfd, (byte) 0xc7, 2521 (byte) 0xe1, (byte) 0xef, (byte) 0xa4, (byte) 0x16, (byte) 0x5c, (byte) 0x60, 2522 (byte) 0xb1, (byte) 0x80, (byte) 0x31, (byte) 0x15, (byte) 0x5c, (byte) 0x35, 2523 (byte) 0x25, (byte) 0x0b, (byte) 0x89, (byte) 0xe4, (byte) 0x56, (byte) 0x74, 2524 (byte) 0x8b, (byte) 0xaf, (byte) 0x8e, (byte) 0xe9, (byte) 0xe2, (byte) 0x37, 2525 (byte) 0x17, (byte) 0xe6, (byte) 0x7b, (byte) 0x78, (byte) 0xd8, (byte) 0x2c, 2526 (byte) 0x27, (byte) 0x52, (byte) 0x21, (byte) 0x96, (byte) 0xa0, (byte) 0x92, 2527 (byte) 0x95, (byte) 0x64, (byte) 0xc3, (byte) 0x7f, (byte) 0x45, (byte) 0xfc, 2528 (byte) 0x3d, (byte) 0x48, (byte) 0x4a, (byte) 0xd5, (byte) 0xa4, (byte) 0x0a, 2529 (byte) 0x57, (byte) 0x07, (byte) 0x57, (byte) 0x95, (byte) 0x9f, (byte) 0x2f, 2530 (byte) 0x75, (byte) 0x32, (byte) 0x2a, (byte) 0x4d, (byte) 0x64, (byte) 0xbd, 2531 (byte) 0xb1, (byte) 0xe0, (byte) 0x46, (byte) 0x4f, (byte) 0xe8, (byte) 0x6c, 2532 (byte) 0x4b, (byte) 0x77, (byte) 0xcc, (byte) 0x36, (byte) 0x87, (byte) 0x05, 2533 (byte) 0x56, (byte) 0x9a, (byte) 0xe4, (byte) 0x2c, (byte) 0x43, (byte) 0xfd, 2534 (byte) 0x34, (byte) 0x97, (byte) 0xf8, (byte) 0xd7, (byte) 0x91, (byte) 0xff, 2535 (byte) 0x56, (byte) 0x86, (byte) 0x17, (byte) 0x49, (byte) 0x0a, (byte) 0x52, 2536 (byte) 0xfb, (byte) 0xe5, (byte) 0x49, (byte) 0xdf, (byte) 0xc1, (byte) 0x28, 2537 (byte) 0x9d, (byte) 0x85, (byte) 0x66, (byte) 0x9d, (byte) 0x1d, (byte) 0xa4, 2538 (byte) 0x7e, (byte) 0x9a, (byte) 0x5b, (byte) 0x30 2539 }; 2540 2541 /* 2542 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt \ 2543 * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 \ 2544 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2545 */ 2546 public static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA256 = new byte[] { 2547 (byte) 0x6a, (byte) 0x2b, (byte) 0xb2, (byte) 0xa3, (byte) 0x26, (byte) 0xa6, 2548 (byte) 0x7a, (byte) 0x4a, (byte) 0x1f, (byte) 0xe5, (byte) 0xc8, (byte) 0x94, 2549 (byte) 0x11, (byte) 0x1a, (byte) 0x92, (byte) 0x07, (byte) 0x0a, (byte) 0xf4, 2550 (byte) 0x07, (byte) 0x0b, (byte) 0xd6, (byte) 0x37, (byte) 0xa5, (byte) 0x5d, 2551 (byte) 0x16, (byte) 0x0a, (byte) 0x7d, (byte) 0x13, (byte) 0x27, (byte) 0x32, 2552 (byte) 0x5a, (byte) 0xc3, (byte) 0x0d, (byte) 0x7a, (byte) 0x54, (byte) 0xfe, 2553 (byte) 0x02, (byte) 0x28, (byte) 0xc6, (byte) 0x8e, (byte) 0x32, (byte) 0x7b, 2554 (byte) 0x0a, (byte) 0x52, (byte) 0xf8, (byte) 0xe6, (byte) 0xab, (byte) 0x16, 2555 (byte) 0x77, (byte) 0x7c, (byte) 0x53, (byte) 0xcd, (byte) 0xb0, (byte) 0xb6, 2556 (byte) 0x90, (byte) 0xce, (byte) 0x7b, (byte) 0xa5, (byte) 0xdb, (byte) 0xab, 2557 (byte) 0xfd, (byte) 0xf5, (byte) 0xbb, (byte) 0x49, (byte) 0x63, (byte) 0xb7, 2558 (byte) 0xa8, (byte) 0x3e, (byte) 0x53, (byte) 0xf1, (byte) 0x00, (byte) 0x4d, 2559 (byte) 0x72, (byte) 0x15, (byte) 0x34, (byte) 0xa8, (byte) 0x5b, (byte) 0x00, 2560 (byte) 0x01, (byte) 0x75, (byte) 0xdc, (byte) 0xb6, (byte) 0xd1, (byte) 0xdf, 2561 (byte) 0xcb, (byte) 0x93, (byte) 0xf3, (byte) 0x31, (byte) 0x04, (byte) 0x7e, 2562 (byte) 0x48, (byte) 0x3e, (byte) 0xc9, (byte) 0xaf, (byte) 0xd7, (byte) 0xbd, 2563 (byte) 0x9e, (byte) 0x73, (byte) 0x01, (byte) 0x79, (byte) 0xf8, (byte) 0xdc, 2564 (byte) 0x46, (byte) 0x31, (byte) 0x55, (byte) 0x83, (byte) 0x21, (byte) 0xd1, 2565 (byte) 0x19, (byte) 0x0b, (byte) 0x57, (byte) 0xf1, (byte) 0x06, (byte) 0xb9, 2566 (byte) 0x32, (byte) 0x0e, (byte) 0x9d, (byte) 0x38, (byte) 0x53, (byte) 0x94, 2567 (byte) 0x96, (byte) 0xd4, (byte) 0x6d, (byte) 0x18, (byte) 0xe2, (byte) 0xe3, 2568 (byte) 0xcd, (byte) 0xfa, (byte) 0xfe, (byte) 0xb3, (byte) 0xe3, (byte) 0x27, 2569 (byte) 0xd7, (byte) 0x45, (byte) 0xe8, (byte) 0x46, (byte) 0x6b, (byte) 0x06, 2570 (byte) 0x0f, (byte) 0x5e, (byte) 0x24, (byte) 0x02, (byte) 0xef, (byte) 0xa2, 2571 (byte) 0x69, (byte) 0xe6, (byte) 0x15, (byte) 0xb3, (byte) 0x8f, (byte) 0x71, 2572 (byte) 0x97, (byte) 0x39, (byte) 0xfb, (byte) 0x32, (byte) 0xe0, (byte) 0xe5, 2573 (byte) 0xac, (byte) 0x46, (byte) 0xb4, (byte) 0xe7, (byte) 0x3d, (byte) 0x89, 2574 (byte) 0xba, (byte) 0xd9, (byte) 0x4c, (byte) 0x25, (byte) 0x97, (byte) 0xef, 2575 (byte) 0xe6, (byte) 0x17, (byte) 0x23, (byte) 0x4e, (byte) 0xc8, (byte) 0xdb, 2576 (byte) 0x18, (byte) 0x9b, (byte) 0xba, (byte) 0xb5, (byte) 0x7e, (byte) 0x19, 2577 (byte) 0x4d, (byte) 0x95, (byte) 0x7d, (byte) 0x60, (byte) 0x1b, (byte) 0xa7, 2578 (byte) 0x06, (byte) 0x1e, (byte) 0x99, (byte) 0x4a, (byte) 0xf2, (byte) 0x82, 2579 (byte) 0x71, (byte) 0x62, (byte) 0x41, (byte) 0xa4, (byte) 0xa7, (byte) 0xdb, 2580 (byte) 0x88, (byte) 0xb0, (byte) 0x4a, (byte) 0xc7, (byte) 0x3b, (byte) 0xce, 2581 (byte) 0x91, (byte) 0x4f, (byte) 0xc7, (byte) 0xca, (byte) 0x6f, (byte) 0x89, 2582 (byte) 0xac, (byte) 0x1a, (byte) 0x36, (byte) 0x84, (byte) 0x0c, (byte) 0x97, 2583 (byte) 0xa0, (byte) 0x1a, (byte) 0x08, (byte) 0x6f, (byte) 0x70, (byte) 0xf3, 2584 (byte) 0x94, (byte) 0xa0, (byte) 0x0f, (byte) 0x44, (byte) 0xdd, (byte) 0x86, 2585 (byte) 0x9d, (byte) 0x2c, (byte) 0xac, (byte) 0x43, (byte) 0xed, (byte) 0xb8, 2586 (byte) 0xa1, (byte) 0x66, (byte) 0xf3, (byte) 0xd3, (byte) 0x5c, (byte) 0xe5, 2587 (byte) 0xe2, (byte) 0x4c, (byte) 0x7e, (byte) 0xda, (byte) 0x20, (byte) 0xbd, 2588 (byte) 0x5a, (byte) 0x75, (byte) 0x12, (byte) 0x31, (byte) 0x23, (byte) 0x02, 2589 (byte) 0xb5, (byte) 0x1f, (byte) 0x38, (byte) 0x98 2590 }; 2591 2592 /* 2593 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt \ 2594 * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha384 -pkeyopt rsa_mgf1_md:sha384 \ 2595 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2596 */ 2597 public static final byte[] RSA_Vector2_OAEP_SHA384_MGF1_SHA384 = new byte[] { 2598 (byte) 0xa1, (byte) 0xb3, (byte) 0x3b, (byte) 0x34, (byte) 0x69, (byte) 0x9e, 2599 (byte) 0xd8, (byte) 0xa0, (byte) 0x37, (byte) 0x2c, (byte) 0xeb, (byte) 0xef, 2600 (byte) 0xf2, (byte) 0xaf, (byte) 0xfa, (byte) 0x63, (byte) 0x5d, (byte) 0x88, 2601 (byte) 0xac, (byte) 0x51, (byte) 0xd4, (byte) 0x7f, (byte) 0x85, (byte) 0xf0, 2602 (byte) 0x5e, (byte) 0xb4, (byte) 0x81, (byte) 0x7c, (byte) 0x82, (byte) 0x4f, 2603 (byte) 0x92, (byte) 0xf7, (byte) 0x77, (byte) 0x48, (byte) 0x4c, (byte) 0xb1, 2604 (byte) 0x42, (byte) 0xb3, (byte) 0x0e, (byte) 0x94, (byte) 0xc8, (byte) 0x5a, 2605 (byte) 0xae, (byte) 0xed, (byte) 0x8d, (byte) 0x51, (byte) 0x72, (byte) 0x6b, 2606 (byte) 0xa9, (byte) 0xd4, (byte) 0x1e, (byte) 0xbe, (byte) 0x38, (byte) 0x2c, 2607 (byte) 0xd0, (byte) 0x43, (byte) 0xae, (byte) 0xb4, (byte) 0x30, (byte) 0xa9, 2608 (byte) 0x93, (byte) 0x47, (byte) 0xb5, (byte) 0x9d, (byte) 0x03, (byte) 0x92, 2609 (byte) 0x25, (byte) 0x74, (byte) 0xed, (byte) 0xfa, (byte) 0xfe, (byte) 0xf1, 2610 (byte) 0xba, (byte) 0x04, (byte) 0x3a, (byte) 0x4d, (byte) 0x6d, (byte) 0x9a, 2611 (byte) 0x0d, (byte) 0x95, (byte) 0x02, (byte) 0xb0, (byte) 0xac, (byte) 0x77, 2612 (byte) 0x11, (byte) 0x44, (byte) 0xeb, (byte) 0xd2, (byte) 0x02, (byte) 0x90, 2613 (byte) 0xea, (byte) 0x2f, (byte) 0x68, (byte) 0x2a, (byte) 0x69, (byte) 0xcf, 2614 (byte) 0x45, (byte) 0x34, (byte) 0xff, (byte) 0x00, (byte) 0xc6, (byte) 0x3c, 2615 (byte) 0x0b, (byte) 0x2c, (byte) 0x5f, (byte) 0x8c, (byte) 0x2c, (byte) 0xbf, 2616 (byte) 0xc2, (byte) 0x4b, (byte) 0x16, (byte) 0x07, (byte) 0x84, (byte) 0x74, 2617 (byte) 0xf0, (byte) 0x7a, (byte) 0x01, (byte) 0x7e, (byte) 0x74, (byte) 0x01, 2618 (byte) 0x88, (byte) 0xce, (byte) 0xda, (byte) 0xe4, (byte) 0x21, (byte) 0x89, 2619 (byte) 0xfc, (byte) 0xac, (byte) 0x68, (byte) 0xdb, (byte) 0xfc, (byte) 0x5f, 2620 (byte) 0x3f, (byte) 0x00, (byte) 0xd9, (byte) 0x32, (byte) 0x1d, (byte) 0xa5, 2621 (byte) 0xec, (byte) 0x72, (byte) 0x46, (byte) 0x23, (byte) 0xe5, (byte) 0x7f, 2622 (byte) 0x49, (byte) 0x0e, (byte) 0x3e, (byte) 0xf2, (byte) 0x2b, (byte) 0x16, 2623 (byte) 0x52, (byte) 0x9f, (byte) 0x9d, (byte) 0x0c, (byte) 0xfe, (byte) 0xab, 2624 (byte) 0xdd, (byte) 0x77, (byte) 0x77, (byte) 0x94, (byte) 0xa4, (byte) 0x92, 2625 (byte) 0xa2, (byte) 0x41, (byte) 0x0d, (byte) 0x4b, (byte) 0x57, (byte) 0x80, 2626 (byte) 0xd6, (byte) 0x74, (byte) 0x63, (byte) 0xd5, (byte) 0xbf, (byte) 0x5c, 2627 (byte) 0xa0, (byte) 0xda, (byte) 0x3c, (byte) 0xe6, (byte) 0xbf, (byte) 0xa4, 2628 (byte) 0xc3, (byte) 0xfb, (byte) 0x46, (byte) 0x3b, (byte) 0x73, (byte) 0x30, 2629 (byte) 0x4b, (byte) 0x57, (byte) 0x27, (byte) 0x0c, (byte) 0x81, (byte) 0xde, 2630 (byte) 0x8a, (byte) 0x01, (byte) 0xe5, (byte) 0x7e, (byte) 0xe0, (byte) 0x16, 2631 (byte) 0x11, (byte) 0x24, (byte) 0x34, (byte) 0x22, (byte) 0x01, (byte) 0x9f, 2632 (byte) 0xe6, (byte) 0xa9, (byte) 0xfb, (byte) 0xad, (byte) 0x55, (byte) 0x17, 2633 (byte) 0x2a, (byte) 0x92, (byte) 0x87, (byte) 0xf3, (byte) 0x72, (byte) 0xc9, 2634 (byte) 0x3d, (byte) 0xc9, (byte) 0x2e, (byte) 0x32, (byte) 0x8e, (byte) 0xbb, 2635 (byte) 0xdc, (byte) 0x1b, (byte) 0xa7, (byte) 0x7b, (byte) 0x73, (byte) 0xd7, 2636 (byte) 0xf4, (byte) 0xad, (byte) 0xa9, (byte) 0x3a, (byte) 0xf7, (byte) 0xa8, 2637 (byte) 0x82, (byte) 0x92, (byte) 0x40, (byte) 0xd4, (byte) 0x51, (byte) 0x87, 2638 (byte) 0xe1, (byte) 0xb7, (byte) 0x4f, (byte) 0x91, (byte) 0x75, (byte) 0x5b, 2639 (byte) 0x03, (byte) 0x9d, (byte) 0xa1, (byte) 0xd4, (byte) 0x00, (byte) 0x05, 2640 (byte) 0x79, (byte) 0x42, (byte) 0x93, (byte) 0x76 2641 }; 2642 2643 /* 2644 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt \ 2645 * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha512 -pkeyopt rsa_mgf1_md:sha512 \ 2646 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2647 */ 2648 public static final byte[] RSA_Vector2_OAEP_SHA512_MGF1_SHA512 = new byte[] { 2649 (byte) 0x75, (byte) 0x0f, (byte) 0xf9, (byte) 0x21, (byte) 0xca, (byte) 0xcc, 2650 (byte) 0x0e, (byte) 0x13, (byte) 0x9e, (byte) 0x38, (byte) 0xa4, (byte) 0xa7, 2651 (byte) 0xee, (byte) 0x61, (byte) 0x6d, (byte) 0x56, (byte) 0xea, (byte) 0x36, 2652 (byte) 0xeb, (byte) 0xec, (byte) 0xfa, (byte) 0x1a, (byte) 0xeb, (byte) 0x0c, 2653 (byte) 0xb2, (byte) 0x58, (byte) 0x9d, (byte) 0xde, (byte) 0x47, (byte) 0x27, 2654 (byte) 0x2d, (byte) 0xbd, (byte) 0x8b, (byte) 0xa7, (byte) 0xf1, (byte) 0x8b, 2655 (byte) 0xba, (byte) 0x4c, (byte) 0xab, (byte) 0x39, (byte) 0x6a, (byte) 0x82, 2656 (byte) 0x0d, (byte) 0xaf, (byte) 0x4c, (byte) 0xde, (byte) 0xdb, (byte) 0x5e, 2657 (byte) 0xdb, (byte) 0x08, (byte) 0x98, (byte) 0x06, (byte) 0xc5, (byte) 0x99, 2658 (byte) 0xb6, (byte) 0x6d, (byte) 0xbc, (byte) 0x5b, (byte) 0xf9, (byte) 0xe4, 2659 (byte) 0x97, (byte) 0x0b, (byte) 0xba, (byte) 0xe3, (byte) 0x17, (byte) 0xa9, 2660 (byte) 0x3c, (byte) 0x4b, (byte) 0x21, (byte) 0xd8, (byte) 0x29, (byte) 0xf8, 2661 (byte) 0xa7, (byte) 0x1c, (byte) 0x15, (byte) 0xd7, (byte) 0xf6, (byte) 0xfc, 2662 (byte) 0x53, (byte) 0x64, (byte) 0x97, (byte) 0x9e, (byte) 0x22, (byte) 0xb1, 2663 (byte) 0x93, (byte) 0x26, (byte) 0x80, (byte) 0xdc, (byte) 0xaa, (byte) 0x1b, 2664 (byte) 0xae, (byte) 0x69, (byte) 0x0f, (byte) 0x74, (byte) 0x3d, (byte) 0x61, 2665 (byte) 0x80, (byte) 0x68, (byte) 0xb8, (byte) 0xaf, (byte) 0x63, (byte) 0x72, 2666 (byte) 0x37, (byte) 0x4f, (byte) 0xf3, (byte) 0x29, (byte) 0x4a, (byte) 0x75, 2667 (byte) 0x4f, (byte) 0x29, (byte) 0x40, (byte) 0x01, (byte) 0xd3, (byte) 0xc6, 2668 (byte) 0x56, (byte) 0x1a, (byte) 0xaf, (byte) 0xc3, (byte) 0xb3, (byte) 0xd2, 2669 (byte) 0xb9, (byte) 0x91, (byte) 0x35, (byte) 0x1b, (byte) 0x89, (byte) 0x4c, 2670 (byte) 0x61, (byte) 0xa2, (byte) 0x8e, (byte) 0x6f, (byte) 0x12, (byte) 0x4a, 2671 (byte) 0x10, (byte) 0xc2, (byte) 0xcc, (byte) 0xab, (byte) 0x51, (byte) 0xec, 2672 (byte) 0x1b, (byte) 0xb5, (byte) 0xfe, (byte) 0x20, (byte) 0x16, (byte) 0xb2, 2673 (byte) 0xc5, (byte) 0x0f, (byte) 0xe1, (byte) 0x6a, (byte) 0xb4, (byte) 0x6c, 2674 (byte) 0x27, (byte) 0xd9, (byte) 0x42, (byte) 0xb9, (byte) 0xb6, (byte) 0x55, 2675 (byte) 0xa8, (byte) 0xbc, (byte) 0x1c, (byte) 0x32, (byte) 0x54, (byte) 0x84, 2676 (byte) 0xec, (byte) 0x1e, (byte) 0x95, (byte) 0xd8, (byte) 0xae, (byte) 0xca, 2677 (byte) 0xc1, (byte) 0xad, (byte) 0x4c, (byte) 0x65, (byte) 0xd6, (byte) 0xc2, 2678 (byte) 0x19, (byte) 0x66, (byte) 0xad, (byte) 0x9f, (byte) 0x55, (byte) 0x15, 2679 (byte) 0xe1, (byte) 0x5d, (byte) 0x8f, (byte) 0xab, (byte) 0x18, (byte) 0x68, 2680 (byte) 0x42, (byte) 0x7c, (byte) 0x48, (byte) 0xb7, (byte) 0x2c, (byte) 0xfd, 2681 (byte) 0x1a, (byte) 0x07, (byte) 0xa1, (byte) 0x6a, (byte) 0xfb, (byte) 0x81, 2682 (byte) 0xc6, (byte) 0x93, (byte) 0xbf, (byte) 0xa3, (byte) 0x5d, (byte) 0xfd, 2683 (byte) 0xce, (byte) 0xf3, (byte) 0x17, (byte) 0x26, (byte) 0xf0, (byte) 0xda, 2684 (byte) 0x0e, (byte) 0xd1, (byte) 0x86, (byte) 0x9d, (byte) 0x61, (byte) 0xd1, 2685 (byte) 0x8a, (byte) 0xdb, (byte) 0x36, (byte) 0x39, (byte) 0x1c, (byte) 0xd4, 2686 (byte) 0x99, (byte) 0x53, (byte) 0x30, (byte) 0x5a, (byte) 0x01, (byte) 0xf4, 2687 (byte) 0xa0, (byte) 0xca, (byte) 0x94, (byte) 0x72, (byte) 0x3d, (byte) 0xe3, 2688 (byte) 0x50, (byte) 0x95, (byte) 0xcb, (byte) 0xa9, (byte) 0x37, (byte) 0xeb, 2689 (byte) 0x66, (byte) 0x21, (byte) 0x20, (byte) 0x2e, (byte) 0xf2, (byte) 0xfd, 2690 (byte) 0xfa, (byte) 0x54, (byte) 0xbf, (byte) 0x17, (byte) 0x23, (byte) 0xbb, 2691 (byte) 0x9e, (byte) 0x77, (byte) 0xe0, (byte) 0xaa 2692 }; 2693 2694 /* 2695 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512 -pkeyopt rsa_mgf1_md:sha512 -pkeyopt rsa_oaep_label:010203FFA00A | xxd -p -i | sed 's/0x/(byte) 0x/g' 2696 */ 2697 public static final byte[] RSA_Vector2_OAEP_SHA512_MGF1_SHA512_LABEL = new byte[] { 2698 (byte) 0x31, (byte) 0x3b, (byte) 0x23, (byte) 0xcf, (byte) 0x40, (byte) 0xfe, 2699 (byte) 0x15, (byte) 0x94, (byte) 0xd6, (byte) 0x81, (byte) 0x21, (byte) 0x69, 2700 (byte) 0x8e, (byte) 0x58, (byte) 0xd5, (byte) 0x0f, (byte) 0xa8, (byte) 0x72, 2701 (byte) 0x94, (byte) 0x13, (byte) 0xfe, (byte) 0xf9, (byte) 0xa1, (byte) 0x47, 2702 (byte) 0x49, (byte) 0x91, (byte) 0xcb, (byte) 0x66, (byte) 0xe6, (byte) 0x5d, 2703 (byte) 0x02, (byte) 0xad, (byte) 0xd4, (byte) 0x2f, (byte) 0x4f, (byte) 0xab, 2704 (byte) 0xb7, (byte) 0x9e, (byte) 0xc0, (byte) 0xf0, (byte) 0x3d, (byte) 0x66, 2705 (byte) 0x0e, (byte) 0x20, (byte) 0x82, (byte) 0x7f, (byte) 0x22, (byte) 0x8f, 2706 (byte) 0x81, (byte) 0xba, (byte) 0x47, (byte) 0xc7, (byte) 0xaf, (byte) 0xb6, 2707 (byte) 0x0e, (byte) 0x78, (byte) 0xe3, (byte) 0x30, (byte) 0xd7, (byte) 0x6c, 2708 (byte) 0x81, (byte) 0xc2, (byte) 0x05, (byte) 0x7e, (byte) 0xe9, (byte) 0xac, 2709 (byte) 0x8d, (byte) 0x45, (byte) 0x25, (byte) 0xe8, (byte) 0x26, (byte) 0x39, 2710 (byte) 0x88, (byte) 0x64, (byte) 0x2e, (byte) 0xc6, (byte) 0xed, (byte) 0xd4, 2711 (byte) 0xad, (byte) 0x94, (byte) 0xc8, (byte) 0x4e, (byte) 0x4a, (byte) 0x71, 2712 (byte) 0x1e, (byte) 0x11, (byte) 0x14, (byte) 0x03, (byte) 0x56, (byte) 0x02, 2713 (byte) 0x28, (byte) 0x32, (byte) 0x8f, (byte) 0xe2, (byte) 0x16, (byte) 0x4a, 2714 (byte) 0x62, (byte) 0xa6, (byte) 0x9a, (byte) 0x8d, (byte) 0xf8, (byte) 0x33, 2715 (byte) 0x35, (byte) 0xa2, (byte) 0xc7, (byte) 0x70, (byte) 0xcc, (byte) 0x26, 2716 (byte) 0x1e, (byte) 0x4d, (byte) 0x9c, (byte) 0x4e, (byte) 0x2b, (byte) 0xe8, 2717 (byte) 0xfd, (byte) 0x07, (byte) 0x33, (byte) 0x15, (byte) 0x53, (byte) 0x11, 2718 (byte) 0x5c, (byte) 0x6f, (byte) 0x5d, (byte) 0x23, (byte) 0x7b, (byte) 0x3f, 2719 (byte) 0x73, (byte) 0xff, (byte) 0xf4, (byte) 0xbe, (byte) 0x1f, (byte) 0xe6, 2720 (byte) 0x5a, (byte) 0xb8, (byte) 0x2b, (byte) 0xd2, (byte) 0xbe, (byte) 0xa0, 2721 (byte) 0x91, (byte) 0x5d, (byte) 0xca, (byte) 0x89, (byte) 0xb3, (byte) 0xce, 2722 (byte) 0x0a, (byte) 0x2b, (byte) 0xce, (byte) 0xb9, (byte) 0xbe, (byte) 0x5d, 2723 (byte) 0xb2, (byte) 0xc2, (byte) 0xd6, (byte) 0xa9, (byte) 0xbc, (byte) 0x37, 2724 (byte) 0xed, (byte) 0x9a, (byte) 0xba, (byte) 0x35, (byte) 0xf8, (byte) 0x6e, 2725 (byte) 0x63, (byte) 0x76, (byte) 0xd1, (byte) 0x12, (byte) 0xf5, (byte) 0x89, 2726 (byte) 0xf0, (byte) 0x13, (byte) 0x86, (byte) 0xe7, (byte) 0x1b, (byte) 0x94, 2727 (byte) 0xcb, (byte) 0xc8, (byte) 0x5c, (byte) 0x4c, (byte) 0x1b, (byte) 0x8a, 2728 (byte) 0x2d, (byte) 0x6b, (byte) 0x24, (byte) 0x1a, (byte) 0x38, (byte) 0x14, 2729 (byte) 0x77, (byte) 0x49, (byte) 0xe5, (byte) 0x08, (byte) 0x25, (byte) 0xe4, 2730 (byte) 0xa6, (byte) 0xcf, (byte) 0x62, (byte) 0xfd, (byte) 0x66, (byte) 0x28, 2731 (byte) 0xf0, (byte) 0x3a, (byte) 0x9c, (byte) 0x31, (byte) 0xef, (byte) 0x48, 2732 (byte) 0x2a, (byte) 0xd3, (byte) 0x3e, (byte) 0x29, (byte) 0xfa, (byte) 0x18, 2733 (byte) 0x8f, (byte) 0xd6, (byte) 0xaa, (byte) 0x1d, (byte) 0x10, (byte) 0xcd, 2734 (byte) 0x35, (byte) 0x25, (byte) 0x92, (byte) 0x48, (byte) 0xa0, (byte) 0x2c, 2735 (byte) 0xc1, (byte) 0x31, (byte) 0xeb, (byte) 0x47, (byte) 0x5b, (byte) 0x22, 2736 (byte) 0x52, (byte) 0x7c, (byte) 0xf5, (byte) 0xec, (byte) 0x76, (byte) 0x90, 2737 (byte) 0x94, (byte) 0x58, (byte) 0xd9, (byte) 0xd6, (byte) 0xe0, (byte) 0x0a, 2738 (byte) 0x3f, (byte) 0x09, (byte) 0x98, (byte) 0x03, (byte) 0xc5, (byte) 0x07, 2739 (byte) 0x8f, (byte) 0x89, (byte) 0x1e, (byte) 0x62, (byte) 0x2c, (byte) 0xea, 2740 (byte) 0x17, (byte) 0x0a, (byte) 0x2e, (byte) 0x68 2741 }; 2742 2743 public void testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success() throws Exception { 2744 for (String provider : RSA_PROVIDERS) { 2745 testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success(provider); 2746 } 2747 } 2748 2749 private void testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success(String provider) throws Exception { 2750 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2751 2752 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2753 2754 /* 2755 * You're actually decrypting with private keys, but there is no 2756 * distinction made here. It's all keyed off of what kind of key you're 2757 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2758 */ 2759 c.init(Cipher.ENCRYPT_MODE, privKey); 2760 byte[] encrypted = c.doFinal(RSA_2048_Vector1); 2761 assertTrue("Encrypted should match expected", 2762 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2763 2764 c.init(Cipher.DECRYPT_MODE, privKey); 2765 encrypted = c.doFinal(RSA_2048_Vector1); 2766 assertTrue("Encrypted should match expected", 2767 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2768 } 2769 2770 public void testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success() throws Exception { 2771 for (String provider : RSA_PROVIDERS) { 2772 testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success(provider); 2773 } 2774 } 2775 2776 private void testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success(String provider) throws Exception { 2777 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2778 2779 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2780 2781 /* 2782 * You're actually decrypting with private keys, but there is no 2783 * distinction made here. It's all keyed off of what kind of key you're 2784 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2785 */ 2786 c.init(Cipher.ENCRYPT_MODE, privKey); 2787 c.update(RSA_2048_Vector1); 2788 byte[] encrypted = c.doFinal(); 2789 assertTrue("Encrypted should match expected", 2790 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2791 2792 c.init(Cipher.DECRYPT_MODE, privKey); 2793 c.update(RSA_2048_Vector1); 2794 encrypted = c.doFinal(); 2795 assertTrue("Encrypted should match expected", 2796 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2797 } 2798 2799 public void testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success() 2800 throws Exception { 2801 for (String provider : RSA_PROVIDERS) { 2802 testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success(provider); 2803 } 2804 } 2805 2806 private void testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success(String provider) 2807 throws Exception { 2808 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2809 2810 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2811 2812 /* 2813 * You're actually decrypting with private keys, but there is no 2814 * distinction made here. It's all keyed off of what kind of key you're 2815 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2816 */ 2817 c.init(Cipher.ENCRYPT_MODE, privKey); 2818 int i; 2819 for (i = 0; i < RSA_2048_Vector1.length / 2; i++) { 2820 c.update(RSA_2048_Vector1, i, 1); 2821 } 2822 byte[] encrypted = c.doFinal(RSA_2048_Vector1, i, RSA_2048_Vector1.length - i); 2823 assertTrue("Encrypted should match expected", 2824 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2825 2826 c.init(Cipher.DECRYPT_MODE, privKey); 2827 for (i = 0; i < RSA_2048_Vector1.length / 2; i++) { 2828 c.update(RSA_2048_Vector1, i, 1); 2829 } 2830 encrypted = c.doFinal(RSA_2048_Vector1, i, RSA_2048_Vector1.length - i); 2831 assertTrue("Encrypted should match expected", 2832 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2833 } 2834 2835 public void testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success() throws Exception { 2836 for (String provider : RSA_PROVIDERS) { 2837 testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success(provider); 2838 } 2839 } 2840 2841 private void testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success(String provider) throws Exception { 2842 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2843 2844 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2845 2846 /* 2847 * You're actually decrypting with private keys, but there is no 2848 * distinction made here. It's all keyed off of what kind of key you're 2849 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2850 */ 2851 c.init(Cipher.ENCRYPT_MODE, privKey); 2852 byte[] encrypted = new byte[RSA_Vector1_Encrypt_Private.length]; 2853 final int encryptLen = c 2854 .doFinal(RSA_2048_Vector1, 0, RSA_2048_Vector1.length, encrypted, 0); 2855 assertEquals("Encrypted size should match expected", RSA_Vector1_Encrypt_Private.length, 2856 encryptLen); 2857 assertTrue("Encrypted should match expected", 2858 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2859 2860 c.init(Cipher.DECRYPT_MODE, privKey); 2861 final int decryptLen = c 2862 .doFinal(RSA_2048_Vector1, 0, RSA_2048_Vector1.length, encrypted, 0); 2863 assertEquals("Encrypted size should match expected", RSA_Vector1_Encrypt_Private.length, 2864 decryptLen); 2865 assertTrue("Encrypted should match expected", 2866 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2867 } 2868 2869 public void testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success() throws Exception { 2870 for (String provider : RSA_PROVIDERS) { 2871 testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success(provider); 2872 } 2873 } 2874 2875 private void testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success(String provider) throws Exception { 2876 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2877 2878 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2879 2880 /* 2881 * You're actually encrypting with public keys, but there is no 2882 * distinction made here. It's all keyed off of what kind of key you're 2883 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2884 */ 2885 c.init(Cipher.ENCRYPT_MODE, pubKey); 2886 byte[] encrypted = c.doFinal(RSA_Vector1_Encrypt_Private); 2887 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 2888 2889 c.init(Cipher.DECRYPT_MODE, pubKey); 2890 encrypted = c.doFinal(RSA_Vector1_Encrypt_Private); 2891 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 2892 } 2893 2894 public void testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success() throws Exception { 2895 for (String provider : RSA_PROVIDERS) { 2896 testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success(provider); 2897 } 2898 } 2899 2900 private void testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success(String provider) throws Exception { 2901 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2902 2903 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2904 2905 /* 2906 * You're actually encrypting with public keys, but there is no 2907 * distinction made here. It's all keyed off of what kind of key you're 2908 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2909 */ 2910 c.init(Cipher.ENCRYPT_MODE, pubKey); 2911 byte[] encrypted = new byte[RSA_2048_Vector1.length]; 2912 final int encryptLen = c.doFinal(RSA_Vector1_Encrypt_Private, 0, 2913 RSA_Vector1_Encrypt_Private.length, encrypted, 0); 2914 assertEquals("Encrypted size should match expected", RSA_2048_Vector1.length, encryptLen); 2915 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 2916 2917 c.init(Cipher.DECRYPT_MODE, pubKey); 2918 int decryptLen = c.doFinal(RSA_Vector1_Encrypt_Private, 0, 2919 RSA_Vector1_Encrypt_Private.length, encrypted, 0); 2920 if (provider.equals("BC")) { 2921 // BC strips the leading 0 for us on decrypt even when NoPadding is specified... 2922 decryptLen++; 2923 encrypted = Arrays.copyOf(encrypted, encrypted.length - 1); 2924 } 2925 assertEquals("Encrypted size should match expected", RSA_2048_Vector1.length, decryptLen); 2926 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 2927 } 2928 2929 public void testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success() throws Exception { 2930 for (String provider : RSA_PROVIDERS) { 2931 testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success(provider); 2932 } 2933 } 2934 2935 private void testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success(String provider) throws Exception { 2936 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2937 2938 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2939 2940 /* 2941 * You're actually encrypting with public keys, but there is no 2942 * distinction made here. It's all keyed off of what kind of key you're 2943 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2944 */ 2945 c.init(Cipher.ENCRYPT_MODE, pubKey); 2946 c.update(RSA_Vector1_Encrypt_Private); 2947 byte[] encrypted = c.doFinal(); 2948 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 2949 2950 c.init(Cipher.DECRYPT_MODE, pubKey); 2951 c.update(RSA_Vector1_Encrypt_Private); 2952 encrypted = c.doFinal(); 2953 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 2954 } 2955 2956 public void testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success() 2957 throws Exception { 2958 for (String provider : RSA_PROVIDERS) { 2959 testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success(provider); 2960 } 2961 } 2962 2963 private void testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success(String provider) 2964 throws Exception { 2965 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2966 2967 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2968 2969 /* 2970 * You're actually encrypting with public keys, but there is no 2971 * distinction made here. It's all keyed off of what kind of key you're 2972 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2973 */ 2974 c.init(Cipher.ENCRYPT_MODE, pubKey); 2975 int i; 2976 for (i = 0; i < RSA_Vector1_Encrypt_Private.length / 2; i++) { 2977 c.update(RSA_Vector1_Encrypt_Private, i, 1); 2978 } 2979 byte[] encrypted = c.doFinal(RSA_Vector1_Encrypt_Private, i, RSA_2048_Vector1.length - i); 2980 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 2981 2982 c.init(Cipher.DECRYPT_MODE, pubKey); 2983 for (i = 0; i < RSA_Vector1_Encrypt_Private.length / 2; i++) { 2984 c.update(RSA_Vector1_Encrypt_Private, i, 1); 2985 } 2986 encrypted = c.doFinal(RSA_Vector1_Encrypt_Private, i, RSA_2048_Vector1.length - i); 2987 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 2988 } 2989 2990 public void testRSA_ECB_NoPadding_Public_TooSmall_Success() throws Exception { 2991 for (String provider : RSA_PROVIDERS) { 2992 testRSA_ECB_NoPadding_Public_TooSmall_Success(provider); 2993 } 2994 } 2995 2996 private void testRSA_ECB_NoPadding_Public_TooSmall_Success(String provider) throws Exception { 2997 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2998 2999 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3000 3001 /* 3002 * You're actually encrypting with public keys, but there is no 3003 * distinction made here. It's all keyed off of what kind of key you're 3004 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 3005 */ 3006 c.init(Cipher.ENCRYPT_MODE, pubKey); 3007 byte[] encrypted = c.doFinal(TooShort_Vector); 3008 assertTrue("Encrypted should match expected", 3009 Arrays.equals(RSA_Vector1_ZeroPadded_Encrypted, encrypted)); 3010 3011 c.init(Cipher.DECRYPT_MODE, pubKey); 3012 encrypted = c.doFinal(TooShort_Vector); 3013 assertTrue("Encrypted should match expected", 3014 Arrays.equals(RSA_Vector1_ZeroPadded_Encrypted, encrypted)); 3015 } 3016 3017 public void testRSA_ECB_NoPadding_Private_TooSmall_Success() throws Exception { 3018 for (String provider : RSA_PROVIDERS) { 3019 testRSA_ECB_NoPadding_Private_TooSmall_Success(provider); 3020 } 3021 } 3022 3023 private void testRSA_ECB_NoPadding_Private_TooSmall_Success(String provider) throws Exception { 3024 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 3025 3026 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3027 3028 /* 3029 * You're actually encrypting with public keys, but there is no 3030 * distinction made here. It's all keyed off of what kind of key you're 3031 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 3032 */ 3033 c.init(Cipher.ENCRYPT_MODE, privKey); 3034 byte[] encrypted = c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 3035 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, 3036 TooShort_Vector_Zero_Padded, encrypted); 3037 3038 c.init(Cipher.DECRYPT_MODE, privKey); 3039 encrypted = c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 3040 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, 3041 TooShort_Vector_Zero_Padded, encrypted); 3042 } 3043 3044 private static void assertEncryptedEqualsNoPadding(String provider, int mode, 3045 byte[] expected, byte[] actual) { 3046 if (provider.equals("BC") && mode == Cipher.DECRYPT_MODE) { 3047 // BouncyCastle does us the favor of stripping leading zeroes in DECRYPT_MODE 3048 int nonZeroOffset = 0; 3049 for (byte b : expected) { 3050 if (b != 0) { 3051 break; 3052 } 3053 nonZeroOffset++; 3054 } 3055 expected = Arrays.copyOfRange(expected, nonZeroOffset, expected.length); 3056 } 3057 assertEquals("Encrypted should match expected", 3058 Arrays.toString(expected), Arrays.toString(actual)); 3059 } 3060 3061 public void testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure() 3062 throws Exception { 3063 for (String provider : RSA_PROVIDERS) { 3064 testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure(provider); 3065 } 3066 } 3067 3068 private void testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure(String provider) 3069 throws Exception { 3070 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 3071 3072 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3073 3074 /* 3075 * You're actually encrypting with public keys, but there is no 3076 * distinction made here. It's all keyed off of what kind of key you're 3077 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 3078 */ 3079 c.init(Cipher.ENCRYPT_MODE, privKey); 3080 c.update(RSA_Vector1_ZeroPadded_Encrypted); 3081 3082 try { 3083 c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 3084 fail("Should have error when block size is too big."); 3085 } catch (IllegalBlockSizeException success) { 3086 assertFalse(provider, "BC".equals(provider)); 3087 } catch (ArrayIndexOutOfBoundsException success) { 3088 assertEquals("BC", provider); 3089 } 3090 } 3091 3092 public void testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure() 3093 throws Exception { 3094 for (String provider : RSA_PROVIDERS) { 3095 testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure(provider); 3096 } 3097 } 3098 3099 private void testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure(String provider) 3100 throws Exception { 3101 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 3102 3103 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3104 3105 /* 3106 * You're actually encrypting with public keys, but there is no 3107 * distinction made here. It's all keyed off of what kind of key you're 3108 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 3109 */ 3110 c.init(Cipher.ENCRYPT_MODE, privKey); 3111 3112 byte[] output = new byte[RSA_2048_Vector1.length]; 3113 c.update(RSA_Vector1_ZeroPadded_Encrypted, 0, RSA_Vector1_ZeroPadded_Encrypted.length, 3114 output); 3115 3116 try { 3117 c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 3118 fail("Should have error when block size is too big."); 3119 } catch (IllegalBlockSizeException success) { 3120 assertFalse(provider, "BC".equals(provider)); 3121 } catch (ArrayIndexOutOfBoundsException success) { 3122 assertEquals("BC", provider); 3123 } 3124 } 3125 3126 public void testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure() throws Exception { 3127 for (String provider : RSA_PROVIDERS) { 3128 testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure(provider); 3129 } 3130 } 3131 3132 private void testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure(String provider) throws Exception { 3133 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 3134 3135 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3136 3137 /* 3138 * You're actually encrypting with public keys, but there is no 3139 * distinction made here. It's all keyed off of what kind of key you're 3140 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 3141 */ 3142 c.init(Cipher.ENCRYPT_MODE, privKey); 3143 3144 byte[] tooBig_Vector = new byte[RSA_Vector1_ZeroPadded_Encrypted.length * 2]; 3145 System.arraycopy(RSA_Vector1_ZeroPadded_Encrypted, 0, tooBig_Vector, 0, 3146 RSA_Vector1_ZeroPadded_Encrypted.length); 3147 System.arraycopy(RSA_Vector1_ZeroPadded_Encrypted, 0, tooBig_Vector, 3148 RSA_Vector1_ZeroPadded_Encrypted.length, RSA_Vector1_ZeroPadded_Encrypted.length); 3149 3150 try { 3151 c.doFinal(tooBig_Vector); 3152 fail("Should have error when block size is too big."); 3153 } catch (IllegalBlockSizeException success) { 3154 assertFalse(provider, "BC".equals(provider)); 3155 } catch (ArrayIndexOutOfBoundsException success) { 3156 assertEquals("BC", provider); 3157 } 3158 } 3159 3160 public void testRSA_ECB_NoPadding_GetBlockSize_Success() throws Exception { 3161 for (String provider : RSA_PROVIDERS) { 3162 testRSA_ECB_NoPadding_GetBlockSize_Success(provider); 3163 } 3164 } 3165 3166 private void testRSA_ECB_NoPadding_GetBlockSize_Success(String provider) throws Exception { 3167 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3168 if (StandardNames.IS_RI) { 3169 assertEquals(0, c.getBlockSize()); 3170 } else { 3171 try { 3172 c.getBlockSize(); 3173 fail(); 3174 } catch (IllegalStateException expected) { 3175 } 3176 } 3177 3178 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 3179 c.init(Cipher.ENCRYPT_MODE, pubKey); 3180 assertEquals(getExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, provider), c.getBlockSize()); 3181 } 3182 3183 public void testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure() throws Exception { 3184 for (String provider : RSA_PROVIDERS) { 3185 testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure(provider); 3186 } 3187 } 3188 3189 private void testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure(String provider) throws Exception { 3190 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3191 try { 3192 c.getOutputSize(RSA_2048_Vector1.length); 3193 fail("Should throw IllegalStateException if getOutputSize is called before init"); 3194 } catch (IllegalStateException success) { 3195 } 3196 } 3197 3198 public void testRSA_ECB_NoPadding_GetOutputSize_Success() throws Exception { 3199 for (String provider : RSA_PROVIDERS) { 3200 testRSA_ECB_NoPadding_GetOutputSize_Success(provider); 3201 } 3202 } 3203 3204 private void testRSA_ECB_NoPadding_GetOutputSize_Success(String provider) throws Exception { 3205 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 3206 3207 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3208 c.init(Cipher.ENCRYPT_MODE, pubKey); 3209 3210 final int modulusInBytes = RSA_2048_modulus.bitLength() / 8; 3211 assertEquals(modulusInBytes, c.getOutputSize(RSA_2048_Vector1.length)); 3212 assertEquals(modulusInBytes, c.getOutputSize(RSA_2048_Vector1.length * 2)); 3213 assertEquals(modulusInBytes, c.getOutputSize(0)); 3214 } 3215 3216 public void testRSA_ECB_NoPadding_GetIV_Success() throws Exception { 3217 for (String provider : RSA_PROVIDERS) { 3218 testRSA_ECB_NoPadding_GetIV_Success(provider); 3219 } 3220 } 3221 3222 private void testRSA_ECB_NoPadding_GetIV_Success(String provider) throws Exception { 3223 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 3224 3225 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3226 assertNull("ECB mode has no IV and should be null", c.getIV()); 3227 3228 c.init(Cipher.ENCRYPT_MODE, pubKey); 3229 3230 assertNull("ECB mode has no IV and should be null", c.getIV()); 3231 } 3232 3233 public void testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success() throws Exception { 3234 for (String provider : RSA_PROVIDERS) { 3235 testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success(provider); 3236 } 3237 } 3238 3239 private void testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success(String provider) throws Exception { 3240 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3241 assertNull("Parameters should be null", c.getParameters()); 3242 } 3243 3244 /* 3245 * Test vector generation: 3246 * openssl rand -hex 16 | sed 's/\(..\)/(byte) 0x\1, /g' 3247 */ 3248 private static final SecretKeySpec DES_112_KEY = new SecretKeySpec(new byte[] { 3249 (byte) 0x6b, (byte) 0xb3, (byte) 0x85, (byte) 0x1c, (byte) 0x3d, (byte) 0x50, 3250 (byte) 0xd4, (byte) 0x95, (byte) 0x39, (byte) 0x48, (byte) 0x77, (byte) 0x30, 3251 (byte) 0x1a, (byte) 0xd7, (byte) 0x86, (byte) 0x57, 3252 }, "DESede"); 3253 3254 /* 3255 * Test vector generation: 3256 * openssl rand -hex 24 | sed 's/\(..\)/(byte) 0x\1, /g' 3257 */ 3258 private static final SecretKeySpec DES_168_KEY = new SecretKeySpec(new byte[] { 3259 (byte) 0xfe, (byte) 0xd4, (byte) 0xd7, (byte) 0xc9, (byte) 0x8a, (byte) 0x13, 3260 (byte) 0x6a, (byte) 0xa8, (byte) 0x5a, (byte) 0xb8, (byte) 0x19, (byte) 0xb8, 3261 (byte) 0xcf, (byte) 0x3c, (byte) 0x5f, (byte) 0xe0, (byte) 0xa2, (byte) 0xf7, 3262 (byte) 0x7b, (byte) 0x65, (byte) 0x43, (byte) 0xc0, (byte) 0xc4, (byte) 0xe1, 3263 }, "DESede"); 3264 3265 /* 3266 * Test vector generation: 3267 * openssl rand -hex 5 | sed 's/\(..\)/(byte) 0x\1, /g' 3268 */ 3269 private static final SecretKeySpec ARC4_40BIT_KEY = new SecretKeySpec(new byte[] { 3270 (byte) 0x9c, (byte) 0xc8, (byte) 0xb9, (byte) 0x94, (byte) 0x98, 3271 }, "ARC4"); 3272 3273 /* 3274 * Test vector generation: 3275 * openssl rand -hex 24 | sed 's/\(..\)/(byte) 0x\1, /g' 3276 */ 3277 private static final SecretKeySpec ARC4_128BIT_KEY = new SecretKeySpec(new byte[] { 3278 (byte) 0xbc, (byte) 0x0a, (byte) 0x3c, (byte) 0xca, (byte) 0xb5, (byte) 0x42, 3279 (byte) 0xfa, (byte) 0x5d, (byte) 0x86, (byte) 0x5b, (byte) 0x44, (byte) 0x87, 3280 (byte) 0x83, (byte) 0xd8, (byte) 0xcb, (byte) 0xd4, 3281 }, "ARC4"); 3282 3283 /* 3284 * Test vector generation: 3285 * openssl rand -hex 16 3286 * echo '3d4f8970b1f27537f40a39298a41555f' | sed 's/\(..\)/(byte) 0x\1, /g' 3287 */ 3288 private static final SecretKeySpec AES_128_KEY = new SecretKeySpec(new byte[] { 3289 (byte) 0x3d, (byte) 0x4f, (byte) 0x89, (byte) 0x70, (byte) 0xb1, (byte) 0xf2, 3290 (byte) 0x75, (byte) 0x37, (byte) 0xf4, (byte) 0x0a, (byte) 0x39, (byte) 0x29, 3291 (byte) 0x8a, (byte) 0x41, (byte) 0x55, (byte) 0x5f, 3292 }, "AES"); 3293 3294 /* 3295 * Test key generation: 3296 * openssl rand -hex 24 3297 * echo '5a7a3d7e40b64ed996f7afa15f97fd595e27db6af428e342' | sed 's/\(..\)/(byte) 0x\1, /g' 3298 */ 3299 private static final SecretKeySpec AES_192_KEY = new SecretKeySpec(new byte[] { 3300 (byte) 0x5a, (byte) 0x7a, (byte) 0x3d, (byte) 0x7e, (byte) 0x40, (byte) 0xb6, 3301 (byte) 0x4e, (byte) 0xd9, (byte) 0x96, (byte) 0xf7, (byte) 0xaf, (byte) 0xa1, 3302 (byte) 0x5f, (byte) 0x97, (byte) 0xfd, (byte) 0x59, (byte) 0x5e, (byte) 0x27, 3303 (byte) 0xdb, (byte) 0x6a, (byte) 0xf4, (byte) 0x28, (byte) 0xe3, (byte) 0x42, 3304 }, "AES"); 3305 3306 /* 3307 * Test key generation: 3308 * openssl rand -hex 32 3309 * echo 'ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935' | sed 's/\(..\)/(byte) 0x\1, /g' 3310 */ 3311 private static final SecretKeySpec AES_256_KEY = new SecretKeySpec(new byte[] { 3312 (byte) 0xec, (byte) 0x53, (byte) 0xc6, (byte) 0xd5, (byte) 0x1d, (byte) 0x2c, 3313 (byte) 0x49, (byte) 0x73, (byte) 0x58, (byte) 0x5f, (byte) 0xb0, (byte) 0xb8, 3314 (byte) 0xe5, (byte) 0x1c, (byte) 0xd2, (byte) 0xe3, (byte) 0x99, (byte) 0x15, 3315 (byte) 0xff, (byte) 0x07, (byte) 0xa1, (byte) 0x83, (byte) 0x78, (byte) 0x72, 3316 (byte) 0x71, (byte) 0x5d, (byte) 0x61, (byte) 0x21, (byte) 0xbf, (byte) 0x86, 3317 (byte) 0x19, (byte) 0x35, 3318 }, "AES"); 3319 3320 /* 3321 * Test vector generation: 3322 * echo -n 'Testing rocks!' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3323 */ 3324 private static final byte[] DES_Plaintext1 = new byte[] { 3325 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x69, (byte) 0x6E, 3326 (byte) 0x67, (byte) 0x20, (byte) 0x72, (byte) 0x6F, (byte) 0x63, (byte) 0x6B, 3327 (byte) 0x73, (byte) 0x21 3328 }; 3329 3330 3331 /* 3332 * Test vector generation: take DES_Plaintext1 and PKCS #5 pad it manually (it's not hard). 3333 */ 3334 private static final byte[] DES_Plaintext1_PKCS5_Padded = new byte[] { 3335 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x69, (byte) 0x6E, 3336 (byte) 0x67, (byte) 0x20, (byte) 0x72, (byte) 0x6F, (byte) 0x63, (byte) 0x6B, 3337 (byte) 0x73, (byte) 0x21, (byte) 0x02, (byte) 0x02, 3338 }; 3339 3340 /* 3341 * Test vector generation: 3342 * openssl rand -hex 8 | sed 's/\(..\)/(byte) 0x\1, /g' 3343 */ 3344 private static final byte[] DES_IV1 = new byte[] { 3345 (byte) 0x5c, (byte) 0x47, (byte) 0x5e, (byte) 0x57, (byte) 0x0c, (byte) 0x46, 3346 (byte) 0xcb, (byte) 0x47, 3347 }; 3348 3349 /* 3350 * Test vector generation: 3351 * openssl enc -des-ede-cbc -K 6bb3851c3d50d495394877301ad78657 -iv 5c475e570c46cb47 -in blah 3352 * | recode ../x1 | sed 's/0x/(byte) 0x/g' 3353 */ 3354 private static final byte[] 3355 DES_Plaintext1_Encrypted_With_DES_112_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 = 3356 new byte[] { 3357 (byte) 0x09, (byte) 0xA5, (byte) 0x5D, (byte) 0x94, (byte) 0x94, (byte) 0xAA, 3358 (byte) 0x3F, (byte) 0xC8, (byte) 0xB7, (byte) 0x73, (byte) 0x94, (byte) 0x0E, 3359 (byte) 0xFC, (byte) 0xF4, (byte) 0xA5, (byte) 0x28, 3360 }; 3361 3362 3363 /* 3364 * Test vector generation: 3365 * openssl enc -des-ede3-cbc -K fed4d7c98a136aa85ab819b8cf3c5fe0a2f77b6543c0c4e1 3366 * -iv 5c475e570c46cb47 -in blah | recode ../x1 | sed 's/0x/(byte) 0x/g' 3367 */ 3368 private static final byte[] 3369 DES_Plaintext1_Encrypted_With_DES_168_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 = 3370 new byte[] { 3371 (byte) 0xC9, (byte) 0xF1, (byte) 0x83, (byte) 0x1F, (byte) 0x24, (byte) 0x83, 3372 (byte) 0x2C, (byte) 0x7B, (byte) 0x66, (byte) 0x66, (byte) 0x99, (byte) 0x98, 3373 (byte) 0x27, (byte) 0xB0, (byte) 0xED, (byte) 0x47 3374 }; 3375 3376 3377 /* 3378 * Test vector generation: 3379 * echo -n 'Plaintext for arc4' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3380 */ 3381 private static final byte[] ARC4_Plaintext1 = new byte[] { 3382 (byte) 0x50, (byte) 0x6C, (byte) 0x61, (byte) 0x69, (byte) 0x6E, (byte) 0x74, 3383 (byte) 0x65, (byte) 0x78, (byte) 0x74, (byte) 0x20, (byte) 0x66, (byte) 0x6F, 3384 (byte) 0x72, (byte) 0x20, (byte) 0x61, (byte) 0x72, (byte) 0x63, (byte) 0x34 3385 }; 3386 3387 /* 3388 * Test vector generation: 3389 * echo -n 'Plaintext for arc4' | openssl enc -rc4-40 -K 9cc8b99498 | recode ../x1 \ 3390 * | sed 's/0x/(byte) 0x/g' 3391 */ 3392 private static final byte[] ARC4_Plaintext1_Encrypted_With_ARC4_40Bit_Key = new byte[] { 3393 (byte) 0x63, (byte) 0xF7, (byte) 0x11, (byte) 0x90, (byte) 0x63, (byte) 0xEF, 3394 (byte) 0x5E, (byte) 0xB3, (byte) 0x93, (byte) 0xB3, (byte) 0x46, (byte) 0x3F, 3395 (byte) 0x1B, (byte) 0x02, (byte) 0x53, (byte) 0x9B, (byte) 0xD9, (byte) 0xE0 3396 }; 3397 3398 /* 3399 * Test vector generation: 3400 * echo -n 'Plaintext for arc4' | openssl enc -rc4 -K bc0a3ccab542fa5d865b448783d8cbd4 \ 3401 * | recode ../x1 | sed 's/0x/(byte) 0x/g' 3402 */ 3403 private static final byte[] ARC4_Plaintext1_Encrypted_With_ARC4_128Bit_Key = new byte[] { 3404 (byte) 0x25, (byte) 0x14, (byte) 0xA9, (byte) 0x72, (byte) 0x4D, (byte) 0xA9, 3405 (byte) 0xF6, (byte) 0xA7, (byte) 0x2F, (byte) 0xB7, (byte) 0x0D, (byte) 0x60, 3406 (byte) 0x09, (byte) 0xBE, (byte) 0x41, (byte) 0x9B, (byte) 0x32, (byte) 0x2B 3407 }; 3408 3409 /* 3410 * Test vector creation: 3411 * echo -n 'Hello, world!' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3412 */ 3413 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext = new byte[] { 3414 (byte) 0x48, (byte) 0x65, (byte) 0x6C, (byte) 0x6C, (byte) 0x6F, (byte) 0x2C, 3415 (byte) 0x20, (byte) 0x77, (byte) 0x6F, (byte) 0x72, (byte) 0x6C, (byte) 0x64, 3416 (byte) 0x21, 3417 }; 3418 3419 /* 3420 * Test vector creation: 3421 * openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -in blah|openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -nopad -d|recode ../x1 | sed 's/0x/(byte) 0x/g' 3422 */ 3423 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded = new byte[] { 3424 (byte) 0x48, (byte) 0x65, (byte) 0x6C, (byte) 0x6C, (byte) 0x6F, (byte) 0x2C, 3425 (byte) 0x20, (byte) 0x77, (byte) 0x6F, (byte) 0x72, (byte) 0x6C, (byte) 0x64, 3426 (byte) 0x21, (byte) 0x03, (byte) 0x03, (byte) 0x03 3427 }; 3428 3429 /* 3430 * Test vector generation: 3431 * openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -in blah|recode ../x1 | sed 's/0x/(byte) 0x/g' 3432 */ 3433 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted = new byte[] { 3434 (byte) 0x65, (byte) 0x3E, (byte) 0x86, (byte) 0xFB, (byte) 0x05, (byte) 0x5A, 3435 (byte) 0x52, (byte) 0xEA, (byte) 0xDD, (byte) 0x08, (byte) 0xE7, (byte) 0x48, 3436 (byte) 0x33, (byte) 0x01, (byte) 0xFC, (byte) 0x5A, 3437 }; 3438 3439 /* 3440 * Taken from BoringSSL test vectors. 3441 */ 3442 private static final SecretKeySpec AES_128_GCM_TestVector_1_Key = new SecretKeySpec(new byte[] { 3443 (byte) 0xca, (byte) 0xbd, (byte) 0xcf, (byte) 0x54, (byte) 0x1a, (byte) 0xeb, 3444 (byte) 0xf9, (byte) 0x17, (byte) 0xba, (byte) 0xc0, (byte) 0x19, (byte) 0xf1, 3445 (byte) 0x39, (byte) 0x25, (byte) 0xd2, (byte) 0x67, 3446 }, "AES"); 3447 3448 /* 3449 * Taken from BoringSSL test vectors. 3450 */ 3451 private static final byte[] AES_128_GCM_TestVector_1_IV = new byte[] { 3452 (byte) 0x2c, (byte) 0x34, (byte) 0xc0, (byte) 0x0c, (byte) 0x42, (byte) 0xda, 3453 (byte) 0xe3, (byte) 0x82, (byte) 0x27, (byte) 0x9d, (byte) 0x79, (byte) 0x74, 3454 }; 3455 3456 /* 3457 * Taken from BoringSSL test vectors. 3458 */ 3459 private static final byte[] AES_128_GCM_TestVector_1_AAD = new byte[] { 3460 (byte) 0xdd, (byte) 0x10, (byte) 0xe3, (byte) 0x71, (byte) 0xb2, (byte) 0x2e, 3461 (byte) 0x15, (byte) 0x67, (byte) 0x1c, (byte) 0x31, (byte) 0xaf, (byte) 0xee, 3462 (byte) 0x55, (byte) 0x2b, (byte) 0xf1, (byte) 0xde, (byte) 0xa0, (byte) 0x7c, 3463 (byte) 0xbb, (byte) 0xf6, (byte) 0x85, (byte) 0xe2, (byte) 0xca, (byte) 0xa0, 3464 (byte) 0xe0, (byte) 0x36, (byte) 0x37, (byte) 0x16, (byte) 0xa2, (byte) 0x76, 3465 (byte) 0xe1, (byte) 0x20, (byte) 0xc6, (byte) 0xc0, (byte) 0xeb, (byte) 0x4a, 3466 (byte) 0xcb, (byte) 0x1a, (byte) 0x4d, (byte) 0x1b, (byte) 0xa7, (byte) 0x3f, 3467 (byte) 0xde, (byte) 0x66, (byte) 0x15, (byte) 0xf7, (byte) 0x08, (byte) 0xaa, 3468 (byte) 0xa4, (byte) 0x6b, (byte) 0xc7, (byte) 0x6c, (byte) 0x7f, (byte) 0xf3, 3469 (byte) 0x45, (byte) 0xa4, (byte) 0xf7, (byte) 0x6b, (byte) 0xda, (byte) 0x11, 3470 (byte) 0x7f, (byte) 0xe5, (byte) 0x6f, (byte) 0x0d, (byte) 0xc9, (byte) 0xb9, 3471 (byte) 0x39, (byte) 0x04, (byte) 0x0d, (byte) 0xdd, 3472 }; 3473 3474 /* 3475 * Taken from BoringSSL test vectors. 3476 */ 3477 private static final byte[] AES_128_GCM_TestVector_1_Plaintext = new byte[] { 3478 (byte) 0x88, (byte) 0xcc, (byte) 0x1e, (byte) 0x07, (byte) 0xdf, (byte) 0xde, 3479 (byte) 0x8e, (byte) 0x08, (byte) 0x08, (byte) 0x2e, (byte) 0x67, (byte) 0x66, 3480 (byte) 0xe0, (byte) 0xa8, (byte) 0x81, (byte) 0x03, (byte) 0x38, (byte) 0x47, 3481 (byte) 0x42, (byte) 0xaf, (byte) 0x37, (byte) 0x8d, (byte) 0x7b, (byte) 0x6b, 3482 (byte) 0x8a, (byte) 0x87, (byte) 0xfc, (byte) 0xe0, (byte) 0x36, (byte) 0xaf, 3483 (byte) 0x74, (byte) 0x41, (byte) 0xc1, (byte) 0x39, (byte) 0x61, (byte) 0xc2, 3484 (byte) 0x5a, (byte) 0xfe, (byte) 0xa7, (byte) 0xf6, (byte) 0xe5, (byte) 0x61, 3485 (byte) 0x93, (byte) 0xf5, (byte) 0x4b, (byte) 0xee, (byte) 0x00, (byte) 0x11, 3486 (byte) 0xcb, (byte) 0x78, (byte) 0x64, (byte) 0x2c, (byte) 0x3a, (byte) 0xb9, 3487 (byte) 0xe6, (byte) 0xd5, (byte) 0xb2, (byte) 0xe3, (byte) 0x58, (byte) 0x33, 3488 (byte) 0xec, (byte) 0x16, (byte) 0xcd, (byte) 0x35, (byte) 0x55, (byte) 0x15, 3489 (byte) 0xaf, (byte) 0x1a, (byte) 0x19, (byte) 0x0f, 3490 }; 3491 3492 /* 3493 * Taken from BoringSSL test vectors. 3494 */ 3495 private static final byte[] AES_128_GCM_TestVector_1_Encrypted = new byte[] { 3496 (byte) 0x04, (byte) 0x94, (byte) 0x53, (byte) 0xba, (byte) 0xf1, (byte) 0x57, 3497 (byte) 0x87, (byte) 0x87, (byte) 0xd6, (byte) 0x8e, (byte) 0xd5, (byte) 0x47, 3498 (byte) 0x87, (byte) 0x26, (byte) 0xc0, (byte) 0xb8, (byte) 0xa6, (byte) 0x36, 3499 (byte) 0x33, (byte) 0x7a, (byte) 0x0b, (byte) 0x8a, (byte) 0x82, (byte) 0xb8, 3500 (byte) 0x68, (byte) 0x36, (byte) 0xf9, (byte) 0x1c, (byte) 0xde, (byte) 0x25, 3501 (byte) 0xe6, (byte) 0xe4, (byte) 0x4c, (byte) 0x34, (byte) 0x59, (byte) 0x40, 3502 (byte) 0xe8, (byte) 0x19, (byte) 0xa0, (byte) 0xc5, (byte) 0x05, (byte) 0x75, 3503 (byte) 0x1e, (byte) 0x60, (byte) 0x3c, (byte) 0xb8, (byte) 0xf8, (byte) 0xc4, 3504 (byte) 0xfe, (byte) 0x98, (byte) 0x71, (byte) 0x91, (byte) 0x85, (byte) 0x56, 3505 (byte) 0x27, (byte) 0x94, (byte) 0xa1, (byte) 0x85, (byte) 0xe5, (byte) 0xde, 3506 (byte) 0xc4, (byte) 0x15, (byte) 0xc8, (byte) 0x1f, (byte) 0x2f, (byte) 0x16, 3507 (byte) 0x2c, (byte) 0xdc, (byte) 0xd6, (byte) 0x50, (byte) 0xdc, (byte) 0xe7, 3508 (byte) 0x19, (byte) 0x87, (byte) 0x28, (byte) 0xbf, (byte) 0xc1, (byte) 0xb5, 3509 (byte) 0xf9, (byte) 0x49, (byte) 0xb9, (byte) 0xb5, (byte) 0x37, (byte) 0x41, 3510 (byte) 0x99, (byte) 0xc6, 3511 }; 3512 3513 /* 3514 * Test key generation: 3515 * openssl rand -hex 16 3516 * echo '787bdeecf05556eac5d3d865e435f6d9' | sed 's/\(..\)/(byte) 0x\1, /g' 3517 */ 3518 private static final byte[] AES_192_CTR_NoPadding_TestVector_1_IV = new byte[] { 3519 (byte) 0x78, (byte) 0x7b, (byte) 0xde, (byte) 0xec, (byte) 0xf0, (byte) 0x55, 3520 (byte) 0x56, (byte) 0xea, (byte) 0xc5, (byte) 0xd3, (byte) 0xd8, (byte) 0x65, 3521 (byte) 0xe4, (byte) 0x35, (byte) 0xf6, (byte) 0xd9, 3522 3523 }; 3524 3525 /* 3526 * Test vector generation: 3527 * echo -n 'AES-192 is a silly option' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3528 */ 3529 private static final byte[] AES_192_CTR_NoPadding_TestVector_1_Plaintext = new byte[] { 3530 (byte) 0x41, (byte) 0x45, (byte) 0x53, (byte) 0x2D, (byte) 0x31, (byte) 0x39, 3531 (byte) 0x32, (byte) 0x20, (byte) 0x69, (byte) 0x73, (byte) 0x20, (byte) 0x61, 3532 (byte) 0x20, (byte) 0x73, (byte) 0x69, (byte) 0x6C, (byte) 0x6C, (byte) 0x79, 3533 (byte) 0x20, (byte) 0x6F, (byte) 0x70, (byte) 0x74, (byte) 0x69, (byte) 0x6F, 3534 (byte) 0x6E 3535 }; 3536 3537 /* 3538 * Test vector generation: 3539 * echo -n 'AES-192 is a silly option' | openssl enc -aes-192-ctr -K 5a7a3d7e40b64ed996f7afa15f97fd595e27db6af428e342 -iv 787bdeecf05556eac5d3d865e435f6d9 | recode ../x1 | sed 's/0x/(byte) 0x/g' 3540 */ 3541 private static final byte[] AES_192_CTR_NoPadding_TestVector_1_Ciphertext = new byte[] { 3542 (byte) 0xE9, (byte) 0xC6, (byte) 0xA0, (byte) 0x40, (byte) 0xC2, (byte) 0x6A, 3543 (byte) 0xB5, (byte) 0x20, (byte) 0xFE, (byte) 0x9E, (byte) 0x65, (byte) 0xB7, 3544 (byte) 0x7C, (byte) 0x5E, (byte) 0xFE, (byte) 0x1F, (byte) 0xF1, (byte) 0x6F, 3545 (byte) 0x20, (byte) 0xAC, (byte) 0x37, (byte) 0xE9, (byte) 0x75, (byte) 0xE3, 3546 (byte) 0x52 3547 }; 3548 3549 /* 3550 * Test key generation: openssl rand -hex 16 echo 3551 * 'ceaa31952dfd3d0f5af4b2042ba06094' | sed 's/\(..\)/(byte) 0x\1, /g' 3552 */ 3553 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_IV = new byte[] { 3554 (byte) 0xce, (byte) 0xaa, (byte) 0x31, (byte) 0x95, (byte) 0x2d, (byte) 0xfd, 3555 (byte) 0x3d, (byte) 0x0f, (byte) 0x5a, (byte) 0xf4, (byte) 0xb2, (byte) 0x04, 3556 (byte) 0x2b, (byte) 0xa0, (byte) 0x60, (byte) 0x94, 3557 }; 3558 3559 /* 3560 * Test vector generation: 3561 * echo -n 'I only regret that I have but one test to write.' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3562 */ 3563 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext = new byte[] { 3564 (byte) 0x49, (byte) 0x20, (byte) 0x6F, (byte) 0x6E, (byte) 0x6C, (byte) 0x79, 3565 (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x67, (byte) 0x72, (byte) 0x65, 3566 (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x61, (byte) 0x74, 3567 (byte) 0x20, (byte) 0x49, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x76, 3568 (byte) 0x65, (byte) 0x20, (byte) 0x62, (byte) 0x75, (byte) 0x74, (byte) 0x20, 3569 (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x65, 3570 (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x6F, (byte) 0x20, 3571 (byte) 0x77, (byte) 0x72, (byte) 0x69, (byte) 0x74, (byte) 0x65, (byte) 0x2E 3572 }; 3573 3574 /* 3575 * Test vector generation: 3576 * echo -n 'I only regret that I have but one test to write.' | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 -d -nopad | recode ../x1 | sed 's/0x/(byte) 0x/g' 3577 */ 3578 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded = new byte[] { 3579 (byte) 0x49, (byte) 0x20, (byte) 0x6F, (byte) 0x6E, (byte) 0x6C, (byte) 0x79, 3580 (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x67, (byte) 0x72, (byte) 0x65, 3581 (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x61, (byte) 0x74, 3582 (byte) 0x20, (byte) 0x49, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x76, 3583 (byte) 0x65, (byte) 0x20, (byte) 0x62, (byte) 0x75, (byte) 0x74, (byte) 0x20, 3584 (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x65, 3585 (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x6F, (byte) 0x20, 3586 (byte) 0x77, (byte) 0x72, (byte) 0x69, (byte) 0x74, (byte) 0x65, (byte) 0x2E, 3587 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, 3588 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, 3589 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10 3590 }; 3591 3592 /* 3593 * Test vector generation: 3594 * echo -n 'I only regret that I have but one test to write.' | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 | recode ../x1 | sed 's/0x/(byte) 0x/g' 3595 */ 3596 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext = new byte[] { 3597 (byte) 0x90, (byte) 0x65, (byte) 0xDD, (byte) 0xAF, (byte) 0x7A, (byte) 0xCE, 3598 (byte) 0xAE, (byte) 0xBF, (byte) 0xE8, (byte) 0xF6, (byte) 0x9E, (byte) 0xDB, 3599 (byte) 0xEA, (byte) 0x65, (byte) 0x28, (byte) 0xC4, (byte) 0x9A, (byte) 0x28, 3600 (byte) 0xEA, (byte) 0xA3, (byte) 0x95, (byte) 0x2E, (byte) 0xFF, (byte) 0xF1, 3601 (byte) 0xA0, (byte) 0xCA, (byte) 0xC2, (byte) 0xA4, (byte) 0x65, (byte) 0xCD, 3602 (byte) 0xBF, (byte) 0xCE, (byte) 0x9E, (byte) 0xF1, (byte) 0x57, (byte) 0xF6, 3603 (byte) 0x32, (byte) 0x2E, (byte) 0x8F, (byte) 0x93, (byte) 0x2E, (byte) 0xAE, 3604 (byte) 0x41, (byte) 0x33, (byte) 0x54, (byte) 0xD0, (byte) 0xEF, (byte) 0x8C, 3605 (byte) 0x52, (byte) 0x14, (byte) 0xAC, (byte) 0x2D, (byte) 0xD5, (byte) 0xA4, 3606 (byte) 0xF9, (byte) 0x20, (byte) 0x77, (byte) 0x25, (byte) 0x91, (byte) 0x3F, 3607 (byte) 0xD1, (byte) 0xB9, (byte) 0x00, (byte) 0x3E 3608 }; 3609 3610 private static class CipherTestParam { 3611 public final String transformation; 3612 3613 public final AlgorithmParameterSpec spec; 3614 3615 public final Key encryptKey; 3616 3617 public final Key decryptKey; 3618 3619 public final byte[] aad; 3620 3621 public final byte[] plaintext; 3622 3623 public final byte[] ciphertext; 3624 3625 public final byte[] plaintextPadded; 3626 3627 public final boolean isStreamCipher; 3628 3629 public CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key encryptKey, 3630 Key decryptKey, byte[] aad, byte[] plaintext, byte[] plaintextPadded, 3631 byte[] ciphertext, boolean isStreamCipher) { 3632 this.transformation = transformation.toUpperCase(Locale.ROOT); 3633 this.spec = spec; 3634 this.encryptKey = encryptKey; 3635 this.decryptKey = decryptKey; 3636 this.aad = aad; 3637 this.plaintext = plaintext; 3638 this.plaintextPadded = plaintextPadded; 3639 this.ciphertext = ciphertext; 3640 this.isStreamCipher = isStreamCipher; 3641 } 3642 3643 public CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key key, 3644 byte[] aad, byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext, 3645 boolean isStreamCipher) { 3646 this(transformation, spec, key, key, aad, plaintext, plaintextPadded, ciphertext, 3647 isStreamCipher); 3648 } 3649 3650 public CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key key, 3651 byte[] aad, byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext) { 3652 this(transformation, spec, key, aad, plaintext, plaintextPadded, ciphertext, 3653 false /* isStreamCipher */); 3654 } 3655 } 3656 3657 private static class OAEPCipherTestParam extends CipherTestParam { 3658 public OAEPCipherTestParam(String transformation, OAEPParameterSpec spec, 3659 PublicKey encryptKey, PrivateKey decryptKey, byte[] plaintext, byte[] ciphertext) { 3660 super(transformation, spec, encryptKey, decryptKey, null, plaintext, plaintext, ciphertext, 3661 false); 3662 } 3663 } 3664 3665 private static List<CipherTestParam> DES_CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 3666 static { 3667 DES_CIPHER_TEST_PARAMS.add(new CipherTestParam( 3668 "DESede/CBC/PKCS5Padding", 3669 new IvParameterSpec(DES_IV1), 3670 DES_112_KEY, 3671 null, 3672 DES_Plaintext1, 3673 DES_Plaintext1_PKCS5_Padded, 3674 DES_Plaintext1_Encrypted_With_DES_112_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 3675 )); 3676 DES_CIPHER_TEST_PARAMS.add(new CipherTestParam( 3677 "DESede/CBC/PKCS5Padding", 3678 new IvParameterSpec(DES_IV1), 3679 DES_168_KEY, 3680 null, 3681 DES_Plaintext1, 3682 DES_Plaintext1_PKCS5_Padded, 3683 DES_Plaintext1_Encrypted_With_DES_168_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 3684 )); 3685 } 3686 3687 private static List<CipherTestParam> ARC4_CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 3688 static { 3689 ARC4_CIPHER_TEST_PARAMS.add(new CipherTestParam( 3690 "ARC4", 3691 null, 3692 ARC4_40BIT_KEY, 3693 null, // aad 3694 ARC4_Plaintext1, 3695 null, // padded 3696 ARC4_Plaintext1_Encrypted_With_ARC4_40Bit_Key, 3697 true /*isStreamCipher */ 3698 )); 3699 ARC4_CIPHER_TEST_PARAMS.add(new CipherTestParam( 3700 "ARC4", 3701 null, 3702 ARC4_128BIT_KEY, 3703 null, // aad 3704 ARC4_Plaintext1, 3705 null, // padded 3706 ARC4_Plaintext1_Encrypted_With_ARC4_128Bit_Key, 3707 true /*isStreamCipher */ 3708 )); 3709 } 3710 3711 private static List<CipherTestParam> CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 3712 static { 3713 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3714 "AES/ECB/PKCS5Padding", 3715 null, 3716 AES_128_KEY, 3717 null, 3718 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext, 3719 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, 3720 AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted)); 3721 // PKCS#5 is assumed to be equivalent to PKCS#7 -- same test vectors are thus used for both. 3722 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3723 "AES/ECB/PKCS7Padding", 3724 null, 3725 AES_128_KEY, 3726 null, 3727 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext, 3728 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, 3729 AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted)); 3730 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3731 "AES/GCM/NOPADDING", 3732 new GCMParameterSpec( 3733 (AES_128_GCM_TestVector_1_Encrypted.length - 3734 AES_128_GCM_TestVector_1_Plaintext.length) * 8, 3735 AES_128_GCM_TestVector_1_IV), 3736 AES_128_GCM_TestVector_1_Key, 3737 AES_128_GCM_TestVector_1_AAD, 3738 AES_128_GCM_TestVector_1_Plaintext, 3739 AES_128_GCM_TestVector_1_Plaintext, 3740 AES_128_GCM_TestVector_1_Encrypted)); 3741 if (IS_UNLIMITED) { 3742 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3743 "AES/CTR/NoPadding", 3744 new IvParameterSpec(AES_192_CTR_NoPadding_TestVector_1_IV), 3745 AES_192_KEY, 3746 null, 3747 AES_192_CTR_NoPadding_TestVector_1_Plaintext, 3748 AES_192_CTR_NoPadding_TestVector_1_Plaintext, 3749 AES_192_CTR_NoPadding_TestVector_1_Ciphertext)); 3750 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3751 "AES/CBC/PKCS5Padding", 3752 new IvParameterSpec(AES_256_CBC_PKCS5Padding_TestVector_1_IV), 3753 AES_256_KEY, 3754 null, 3755 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext, 3756 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded, 3757 AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext)); 3758 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3759 "AES/CBC/PKCS7Padding", 3760 new IvParameterSpec(AES_256_CBC_PKCS5Padding_TestVector_1_IV), 3761 AES_256_KEY, 3762 null, 3763 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext, 3764 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded, 3765 AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext)); 3766 } 3767 } 3768 3769 private static final List<CipherTestParam> RSA_OAEP_CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 3770 static { 3771 addRsaOaepTest("SHA-1", MGF1ParameterSpec.SHA1, RSA_Vector2_OAEP_SHA1_MGF1_SHA1); 3772 addRsaOaepTest("SHA-256", MGF1ParameterSpec.SHA1, RSA_Vector2_OAEP_SHA256_MGF1_SHA1); 3773 addRsaOaepTest("SHA-224", MGF1ParameterSpec.SHA224, RSA_Vector2_OAEP_SHA224_MGF1_SHA224); 3774 addRsaOaepTest("SHA-256", MGF1ParameterSpec.SHA256, RSA_Vector2_OAEP_SHA256_MGF1_SHA256); 3775 addRsaOaepTest("SHA-384", MGF1ParameterSpec.SHA384, RSA_Vector2_OAEP_SHA384_MGF1_SHA384); 3776 addRsaOaepTest("SHA-512", MGF1ParameterSpec.SHA512, RSA_Vector2_OAEP_SHA512_MGF1_SHA512); 3777 addRsaOaepTest("SHA-256", MGF1ParameterSpec.SHA1, RSA_Vector2_OAEP_SHA256_MGF1_SHA1_LABEL, 3778 new byte[] { 0x01, 0x02, 0x03, (byte) 0xFF, (byte) 0xA0, 0x0A }); 3779 addRsaOaepTest("SHA-512", MGF1ParameterSpec.SHA512, RSA_Vector2_OAEP_SHA512_MGF1_SHA512_LABEL, 3780 new byte[] { 0x01, 0x02, 0x03, (byte) 0xFF, (byte) 0xA0, 0x0A }); 3781 } 3782 3783 private static void addRsaOaepTest(String digest, MGF1ParameterSpec mgf1Spec, byte[] vector) { 3784 addRsaOaepTest(digest, mgf1Spec, vector, null); 3785 } 3786 3787 private static void addRsaOaepTest(String digest, MGF1ParameterSpec mgf1Spec, byte[] vector, byte[] label) { 3788 final PSource pSource; 3789 if (label == null) { 3790 pSource = PSource.PSpecified.DEFAULT; 3791 } else { 3792 pSource = new PSource.PSpecified(label); 3793 } 3794 3795 if (mgf1Spec.getDigestAlgorithm().equals(digest) && label == null) { 3796 RSA_OAEP_CIPHER_TEST_PARAMS.add(new OAEPCipherTestParam( 3797 "RSA/ECB/OAEPWith" + digest + "AndMGF1Padding", 3798 null, 3799 (PublicKey) getEncryptKey("RSA"), 3800 (PrivateKey) getDecryptKey("RSA"), 3801 RSA_Vector2_Plaintext, 3802 vector)); 3803 } 3804 3805 RSA_OAEP_CIPHER_TEST_PARAMS.add(new OAEPCipherTestParam( 3806 "RSA/ECB/OAEPWith" + digest + "AndMGF1Padding", 3807 new OAEPParameterSpec(digest, "MGF1", mgf1Spec, pSource), 3808 (PublicKey) getEncryptKey("RSA"), 3809 (PrivateKey) getDecryptKey("RSA"), 3810 RSA_Vector2_Plaintext, 3811 vector)); 3812 3813 RSA_OAEP_CIPHER_TEST_PARAMS.add(new OAEPCipherTestParam( 3814 "RSA/ECB/OAEPPadding", 3815 new OAEPParameterSpec(digest, "MGF1", mgf1Spec, pSource), 3816 (PublicKey) getEncryptKey("RSA"), 3817 (PrivateKey) getDecryptKey("RSA"), 3818 RSA_Vector2_Plaintext, 3819 vector)); 3820 } 3821 3822 public void testCipher_Success() throws Exception { 3823 for (String provider : AES_PROVIDERS) { 3824 testCipher_Success(provider); 3825 } 3826 3827 testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( 3828 DES_CIPHER_TEST_PARAMS); 3829 testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( 3830 ARC4_CIPHER_TEST_PARAMS); 3831 testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( 3832 RSA_OAEP_CIPHER_TEST_PARAMS); 3833 } 3834 3835 /** 3836 * For each test vector in the list, tests that the transformation is supported by at least one 3837 * provider and that all implementations of the transformation pass the Known Answer Test (KAT) 3838 * as well as other functional tests. 3839 */ 3840 private void testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( 3841 List<CipherTestParam> testVectors) throws Exception { 3842 ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 3843 PrintStream out = new PrintStream(errBuffer); 3844 for (CipherTestParam testVector : testVectors) { 3845 ArrayList<Provider> providers = new ArrayList<>(); 3846 3847 Provider[] providerArray = Security.getProviders("Cipher." + testVector.transformation); 3848 if (providerArray != null) { 3849 Collections.addAll(providers, providerArray); 3850 } 3851 3852 if (testVector.transformation.indexOf('/') > 0) { 3853 Provider[] baseTransformProviderArray = Security.getProviders("Cipher." 3854 + testVector.transformation.substring( 3855 0, testVector.transformation.indexOf('/'))); 3856 if (baseTransformProviderArray != null) { 3857 Collections.addAll(providers, baseTransformProviderArray); 3858 } 3859 } 3860 3861 if (providers.isEmpty()) { 3862 out.append("No providers offer " + testVector.transformation + "\n"); 3863 continue; 3864 } 3865 3866 for (Provider provider : providers) { 3867 // Do not test AndroidKeyStore's Signature. It needs an AndroidKeyStore-specific key. 3868 // It's OKish not to test AndroidKeyStore's Signature here because it's tested 3869 // by cts/tests/test/keystore. 3870 if (provider.getName().startsWith("AndroidKeyStore")) { 3871 continue; 3872 } 3873 3874 try { 3875 checkCipher(testVector, provider.getName()); 3876 } catch (Throwable e) { 3877 logTestFailure(out, provider.getName(), testVector, e); 3878 } 3879 } 3880 } 3881 out.flush(); 3882 if (errBuffer.size() > 0) { 3883 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 3884 } 3885 } 3886 3887 private void testCipher_Success(String provider) throws Exception { 3888 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 3889 PrintStream out = new PrintStream(errBuffer); 3890 for (CipherTestParam p : CIPHER_TEST_PARAMS) { 3891 try { 3892 checkCipher(p, provider); 3893 } catch (Throwable e) { 3894 logTestFailure(out, provider, p, e); 3895 } 3896 } 3897 out.flush(); 3898 if (errBuffer.size() > 0) { 3899 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 3900 } 3901 } 3902 3903 private void logTestFailure(PrintStream logStream, String provider, CipherTestParam params, 3904 Throwable e) { 3905 logStream.append("Error encountered checking " + params.transformation); 3906 3907 if (params.encryptKey instanceof SecretKey) { 3908 logStream.append(", keySize=" + (params.encryptKey.getEncoded().length * 8)); 3909 } 3910 3911 if (params.spec instanceof OAEPParameterSpec) { 3912 OAEPParameterSpec oaepSpec = (OAEPParameterSpec) params.spec; 3913 logStream.append(", OAEPSpec{digest=" + oaepSpec.getDigestAlgorithm() + ", mgfAlg=" 3914 + oaepSpec.getMGFAlgorithm()); 3915 if (oaepSpec.getMGFParameters() instanceof MGF1ParameterSpec) { 3916 MGF1ParameterSpec mgf1Spec = (MGF1ParameterSpec) oaepSpec.getMGFParameters(); 3917 logStream.append(", mgf1Hash=" + mgf1Spec.getDigestAlgorithm()); 3918 } 3919 logStream.append(", pSource="); 3920 PSource pSource = oaepSpec.getPSource(); 3921 logStream.append(pSource.getAlgorithm()); 3922 if (pSource.getAlgorithm().equals("PSpecified")) { 3923 logStream.append(":{"); 3924 logStream.append(Arrays.toString(((PSource.PSpecified) pSource).getValue())); 3925 logStream.append('}'); 3926 } 3927 logStream.append('}'); 3928 } 3929 3930 logStream.append(" with provider " + provider + "\n"); 3931 e.printStackTrace(logStream); 3932 } 3933 3934 private void checkCipher(CipherTestParam p, String provider) throws Exception { 3935 Cipher c = Cipher.getInstance(p.transformation, provider); 3936 3937 c.init(Cipher.ENCRYPT_MODE, p.encryptKey, p.spec); 3938 3939 // This doesn't quite work on OAEPPadding unless it's the default case, 3940 // because its size depends on the message digest algorithms used. 3941 if (!p.transformation.endsWith("OAEPPADDING")) { 3942 assertEquals(p.transformation + " getBlockSize() ENCRYPT_MODE", 3943 getExpectedBlockSize(p.transformation, Cipher.ENCRYPT_MODE, provider), 3944 c.getBlockSize()); 3945 } 3946 assertTrue(p.transformation + " getOutputSize(0) ENCRYPT_MODE", 3947 getExpectedOutputSize(p.transformation, Cipher.ENCRYPT_MODE, provider) <= c 3948 .getOutputSize(0)); 3949 3950 if (p.aad != null) { 3951 c.updateAAD(p.aad); 3952 } 3953 final byte[] actualCiphertext = c.doFinal(p.plaintext); 3954 if (!isRandomizedEncryption(p.transformation)) { 3955 assertEquals(p.transformation + " " + provider, Arrays.toString(p.ciphertext), 3956 Arrays.toString(actualCiphertext)); 3957 } 3958 3959 c = Cipher.getInstance(p.transformation, provider); 3960 c.init(Cipher.ENCRYPT_MODE, p.encryptKey, p.spec); 3961 if (!(p instanceof OAEPCipherTestParam) || p.spec != null) { 3962 assertCorrectAlgorithmParameters(provider, p.transformation, p.spec, c.getParameters()); 3963 } 3964 3965 byte[] emptyCipherText = c.doFinal(); 3966 assertNotNull(emptyCipherText); 3967 3968 c.init(Cipher.DECRYPT_MODE, p.decryptKey, p.spec); 3969 3970 assertEquals(p.transformation + " getBlockSize() DECRYPT_MODE", 3971 getExpectedBlockSize(p.transformation, Cipher.DECRYPT_MODE, provider), 3972 c.getBlockSize()); 3973 3974 // This doesn't quite work on OAEPPadding unless it's the default case, 3975 // because its size depends on the message digest algorithms used. 3976 if (!p.transformation.endsWith("OAEPPADDING")) { 3977 assertTrue(p.transformation + " getOutputSize(0) DECRYPT_MODE", 3978 getExpectedOutputSize(p.transformation, Cipher.DECRYPT_MODE, provider) <= c 3979 .getOutputSize(0)); 3980 } 3981 3982 if (!isAEAD(p.transformation)) { 3983 try { 3984 c.updateAAD(new byte[8]); 3985 fail("Cipher should not support AAD"); 3986 } catch (UnsupportedOperationException | IllegalStateException expected) { 3987 } 3988 } 3989 3990 try { 3991 byte[] emptyPlainText = c.doFinal(emptyCipherText); 3992 assertEquals(Arrays.toString(new byte[0]), Arrays.toString(emptyPlainText)); 3993 } catch (AEADBadTagException maybe) { 3994 if (!"AndroidOpenSSL".equals(provider) || !isAEAD(p.transformation)) { 3995 throw maybe; 3996 } 3997 } catch (BadPaddingException maybe) { 3998 // BC's OAEP has a bug where it doesn't support decrypt of a zero-length plaintext 3999 if (!("BC".equals(provider) && p.transformation.contains("OAEP"))) { 4000 throw maybe; 4001 } 4002 } 4003 4004 // decrypt an empty ciphertext; not valid for RSA 4005 if (!p.transformation.contains("OAEP")) { 4006 if ((!isAEAD(p.transformation) 4007 && (StandardNames.IS_RI || provider.equals("AndroidOpenSSL") || 4008 (provider.equals("BC") && p.transformation.contains("/CTR/")))) 4009 || p.transformation.equals("ARC4")) { 4010 assertEquals(Arrays.toString(new byte[0]), 4011 Arrays.toString(c.doFinal())); 4012 4013 c.update(new byte[0]); 4014 assertEquals(Arrays.toString(new byte[0]), 4015 Arrays.toString(c.doFinal())); 4016 } else if (provider.equals("BC") || isAEAD(p.transformation)) { 4017 try { 4018 c.doFinal(); 4019 fail(p.transformation + " " + provider); 4020 } catch (IllegalBlockSizeException maybe) { 4021 if (isAEAD(p.transformation)) { 4022 throw maybe; 4023 } 4024 } catch (AEADBadTagException maybe) { 4025 if (!isAEAD(p.transformation)) { 4026 throw maybe; 4027 } 4028 } 4029 try { 4030 c.update(new byte[0]); 4031 c.doFinal(); 4032 fail(p.transformation + " " + provider); 4033 } catch (IllegalBlockSizeException maybe) { 4034 if (isAEAD(p.transformation)) { 4035 throw maybe; 4036 } 4037 } catch (AEADBadTagException maybe) { 4038 if (!isAEAD(p.transformation)) { 4039 throw maybe; 4040 } 4041 } 4042 } else { 4043 throw new AssertionError("Define your behavior here for " + provider); 4044 } 4045 } 4046 4047 // Cipher might be in unspecified state from failures above. 4048 c.init(Cipher.DECRYPT_MODE, p.decryptKey, p.spec); 4049 4050 // .doFinal(input) 4051 { 4052 if (p.aad != null) { 4053 c.updateAAD(p.aad); 4054 } 4055 final byte[] actualPlaintext = c.doFinal(p.ciphertext); 4056 assertEquals(Arrays.toString(p.plaintext), Arrays.toString(actualPlaintext)); 4057 } 4058 4059 // .doFinal(input, offset, len, output) 4060 { 4061 final byte[] largerThanCiphertext = new byte[p.ciphertext.length + 5]; 4062 System.arraycopy(p.ciphertext, 0, largerThanCiphertext, 5, p.ciphertext.length); 4063 4064 if (p.aad != null) { 4065 final byte[] largerThanAad = new byte[p.aad.length + 100]; 4066 System.arraycopy(p.aad, 0, largerThanAad, 50, p.aad.length); 4067 assertTrue(p.aad.length > 1); 4068 c.updateAAD(largerThanAad, 50, 1); 4069 c.updateAAD(largerThanAad, 51, p.aad.length - 1); 4070 } 4071 4072 final byte[] actualPlaintext = new byte[c.getOutputSize(p.ciphertext.length)]; 4073 assertEquals(p.plaintext.length, 4074 c.doFinal(largerThanCiphertext, 5, p.ciphertext.length, actualPlaintext)); 4075 assertEquals(Arrays.toString(p.plaintext), 4076 Arrays.toString(Arrays.copyOfRange(actualPlaintext, 0, p.plaintext.length))); 4077 } 4078 4079 // .doFinal(input, offset, len, output, offset) 4080 { 4081 final byte[] largerThanCiphertext = new byte[p.ciphertext.length + 10]; 4082 System.arraycopy(p.ciphertext, 0, largerThanCiphertext, 5, p.ciphertext.length); 4083 4084 if (p.aad != null) { 4085 final byte[] largerThanAad = new byte[p.aad.length + 2]; 4086 System.arraycopy(p.aad, 0, largerThanAad, 2, p.aad.length); 4087 c.updateAAD(largerThanAad, 2, p.aad.length); 4088 } 4089 4090 final byte[] actualPlaintext = new byte[c.getOutputSize(p.ciphertext.length) + 2]; 4091 assertEquals(p.plaintext.length, 4092 c.doFinal(largerThanCiphertext, 5, p.ciphertext.length, actualPlaintext, 1)); 4093 assertEquals(Arrays.toString(p.plaintext), 4094 Arrays.toString(Arrays.copyOfRange(actualPlaintext, 1, p.plaintext.length + 1))); 4095 } 4096 4097 if (!p.isStreamCipher && !p.transformation.endsWith("NOPADDING") 4098 && !isRandomizedEncryption(p.transformation)) { 4099 Cipher cNoPad = Cipher.getInstance( 4100 getCipherTransformationWithNoPadding(p.transformation), provider); 4101 cNoPad.init(Cipher.DECRYPT_MODE, p.decryptKey, p.spec); 4102 4103 if (p.aad != null) { 4104 c.updateAAD(p.aad); 4105 } 4106 final byte[] actualPlaintextPadded = cNoPad.doFinal(p.ciphertext); 4107 assertEquals(provider + ":" + cNoPad.getAlgorithm(), 4108 Arrays.toString(p.plaintextPadded), Arrays.toString(actualPlaintextPadded)); 4109 } 4110 4111 // Test wrapping a key. Every cipher should be able to wrap. 4112 { 4113 // Generate a small SecretKey for AES. 4114 KeyGenerator kg = KeyGenerator.getInstance("AES"); 4115 kg.init(128); 4116 SecretKey sk = kg.generateKey(); 4117 4118 // Wrap it 4119 c = Cipher.getInstance(p.transformation, provider); 4120 c.init(Cipher.WRAP_MODE, p.encryptKey, p.spec); 4121 byte[] cipherText = c.wrap(sk); 4122 4123 // Unwrap it 4124 c.init(Cipher.UNWRAP_MODE, p.decryptKey, p.spec); 4125 Key decryptedKey = c.unwrap(cipherText, sk.getAlgorithm(), Cipher.SECRET_KEY); 4126 4127 assertEquals( 4128 "sk.getAlgorithm()=" + sk.getAlgorithm() + " decryptedKey.getAlgorithm()=" 4129 + decryptedKey.getAlgorithm() + " encryptKey.getEncoded()=" 4130 + Arrays.toString(sk.getEncoded()) + " decryptedKey.getEncoded()=" 4131 + Arrays.toString(decryptedKey.getEncoded()), sk, decryptedKey); 4132 } 4133 } 4134 4135 /** 4136 * Gets the Cipher transformation with the same algorithm and mode as the provided one but 4137 * which uses no padding. 4138 */ 4139 private static String getCipherTransformationWithNoPadding(String transformation) { 4140 // The transformation is assumed to be in the Algorithm/Mode/Padding format. 4141 int paddingModeDelimiterIndex = transformation.lastIndexOf('/'); 4142 if (paddingModeDelimiterIndex == -1) { 4143 fail("No padding mode delimiter: " + transformation); 4144 } 4145 String paddingMode = transformation.substring(paddingModeDelimiterIndex + 1); 4146 if (!paddingMode.toLowerCase().endsWith("padding")) { 4147 fail("No padding mode specified:" + transformation); 4148 } 4149 return transformation.substring(0, paddingModeDelimiterIndex) + "/NoPadding"; 4150 } 4151 4152 public void testCipher_updateAAD_BeforeInit_Failure() throws Exception { 4153 Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 4154 4155 try { 4156 c.updateAAD((byte[]) null); 4157 fail("should not be able to call updateAAD before Cipher is initialized"); 4158 } catch (IllegalArgumentException expected) { 4159 } 4160 4161 try { 4162 c.updateAAD((ByteBuffer) null); 4163 fail("should not be able to call updateAAD before Cipher is initialized"); 4164 } catch (IllegalStateException expected) { 4165 } 4166 4167 try { 4168 c.updateAAD(new byte[8]); 4169 fail("should not be able to call updateAAD before Cipher is initialized"); 4170 } catch (IllegalStateException expected) { 4171 } 4172 4173 try { 4174 c.updateAAD(null, 0, 8); 4175 fail("should not be able to call updateAAD before Cipher is initialized"); 4176 } catch (IllegalStateException expected) { 4177 } 4178 4179 ByteBuffer bb = ByteBuffer.allocate(8); 4180 try { 4181 c.updateAAD(bb); 4182 fail("should not be able to call updateAAD before Cipher is initialized"); 4183 } catch (IllegalStateException expected) { 4184 } 4185 } 4186 4187 public void testCipher_updateAAD_AfterInit_Failure() throws Exception { 4188 Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 4189 c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(new byte[128 / 8], "AES")); 4190 4191 try { 4192 c.updateAAD((byte[]) null); 4193 fail("should not be able to call updateAAD with null input"); 4194 } catch (IllegalArgumentException expected) { 4195 } 4196 4197 try { 4198 c.updateAAD((ByteBuffer) null); 4199 fail("should not be able to call updateAAD with null input"); 4200 } catch (IllegalArgumentException expected) { 4201 } 4202 4203 try { 4204 c.updateAAD(null, 0, 8); 4205 fail("should not be able to call updateAAD with null input"); 4206 } catch (IllegalArgumentException expected) { 4207 } 4208 4209 try { 4210 c.updateAAD(new byte[8], -1, 7); 4211 fail("should not be able to call updateAAD with invalid offset"); 4212 } catch (IllegalArgumentException expected) { 4213 } 4214 4215 try { 4216 c.updateAAD(new byte[8], 0, -1); 4217 fail("should not be able to call updateAAD with negative length"); 4218 } catch (IllegalArgumentException expected) { 4219 } 4220 4221 try { 4222 c.updateAAD(new byte[8], 0, 8 + 1); 4223 fail("should not be able to call updateAAD with too large length"); 4224 } catch (IllegalArgumentException expected) { 4225 } 4226 4227 try { 4228 c.updateAAD(new byte[8]); 4229 fail("should not be able to call updateAAD on non-AEAD cipher"); 4230 } catch (UnsupportedOperationException | IllegalStateException expected) { 4231 } 4232 } 4233 4234 public void testCipher_updateAAD_AfterInit_WithGcm_Success() throws Exception { 4235 Cipher c = Cipher.getInstance("AES/GCM/NoPadding"); 4236 c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(new byte[128 / 8], "AES")); 4237 c.updateAAD(new byte[8]); 4238 c.updateAAD(new byte[8]); 4239 } 4240 4241 public void testCipher_updateAAD_AfterUpdate_WithGcm_Sucess() throws Exception { 4242 Cipher c = Cipher.getInstance("AES/GCM/NoPadding"); 4243 c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(new byte[128 / 8], "AES")); 4244 c.updateAAD(new byte[8]); 4245 c.update(new byte[8]); 4246 c.updateAAD(new byte[8]); 4247 } 4248 4249 public void testCipher_ShortBlock_Failure() throws Exception { 4250 for (String provider : AES_PROVIDERS) { 4251 testCipher_ShortBlock_Failure(provider); 4252 } 4253 } 4254 4255 private void testCipher_ShortBlock_Failure(String provider) throws Exception { 4256 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 4257 PrintStream out = new PrintStream(errBuffer); 4258 for (CipherTestParam p : CIPHER_TEST_PARAMS) { 4259 try { 4260 checkCipher_ShortBlock_Failure(p, provider); 4261 } catch (Exception e) { 4262 logTestFailure(out, provider, p, e); 4263 } 4264 } 4265 out.flush(); 4266 if (errBuffer.size() > 0) { 4267 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 4268 } 4269 } 4270 4271 public void testCipher_DoFinal_wrapMode_Failure() throws Exception { 4272 checkCipher_DoFinal_invalidMode_Failure(Cipher.WRAP_MODE); 4273 } 4274 4275 public void testCipher_DoFinal_unwrapMode_Failure() throws Exception { 4276 checkCipher_DoFinal_invalidMode_Failure(Cipher.UNWRAP_MODE); 4277 } 4278 4279 /** 4280 * Helper for testing that Cipher.doFinal() throws IllegalStateException when 4281 * initialized in modes other than DECRYPT or ENCRYPT. 4282 */ 4283 private static void checkCipher_DoFinal_invalidMode_Failure(int opmode) throws Exception { 4284 String msg = String.format(Locale.US, 4285 "doFinal() should throw IllegalStateException [mode=%d]", opmode); 4286 int bs = createAesCipher(opmode).getBlockSize(); 4287 assertEquals(16, bs); // check test is set up correctly 4288 try { 4289 createAesCipher(opmode).doFinal(); 4290 fail(msg); 4291 } catch (IllegalStateException expected) { 4292 } 4293 4294 try { 4295 createAesCipher(opmode).doFinal(new byte[0]); 4296 fail(msg); 4297 } catch (IllegalStateException expected) { 4298 } 4299 4300 try { 4301 createAesCipher(opmode).doFinal(new byte[2 * bs], 0, bs); 4302 fail(msg); 4303 } catch (IllegalStateException expected) { 4304 } 4305 4306 try { 4307 createAesCipher(opmode).doFinal(new byte[2 * bs], 0, bs, new byte[2 * bs], 0); 4308 fail(msg); 4309 } catch (IllegalStateException expected) { 4310 } 4311 } 4312 4313 public void testCipher_Update_wrapMode_Failure() throws Exception { 4314 checkCipher_Update_invalidMode_Failure(Cipher.WRAP_MODE); 4315 } 4316 4317 public void testCipher_Update_unwrapMode_Failure() throws Exception { 4318 checkCipher_Update_invalidMode_Failure(Cipher.UNWRAP_MODE); 4319 } 4320 4321 /** 4322 * Helper for testing that Cipher.update() throws IllegalStateException when 4323 * initialized in modes other than DECRYPT or ENCRYPT. 4324 */ 4325 private static void checkCipher_Update_invalidMode_Failure(int opmode) throws Exception { 4326 String msg = "update() should throw IllegalStateException [mode=" + opmode + "]"; 4327 int bs = createAesCipher(opmode).getBlockSize(); 4328 assertEquals(16, bs); // check test is set up correctly 4329 assertIllegalStateException(msg, () -> createAesCipher(opmode).update(new byte[0])); 4330 assertIllegalStateException(msg, () -> createAesCipher(opmode).update(new byte[2 * bs])); 4331 assertIllegalStateException(msg, () -> createAesCipher(opmode).update( 4332 new byte[2 * bs] /* input */, bs /* inputOffset */, 0 /* inputLen */)); 4333 try { 4334 createAesCipher(opmode).update(new byte[2*bs] /* input */, 0 /* inputOffset */, 4335 2 * bs /* inputLen */, new byte[2 * bs] /* output */, 0 /* outputOffset */); 4336 fail(msg); 4337 } catch (IllegalStateException expected) { 4338 } 4339 } 4340 4341 public void testCipher_Update_WithZeroLengthInput_ReturnsNull() throws Exception { 4342 Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 4343 c.init(Cipher.ENCRYPT_MODE, AES_128_KEY); 4344 assertNull(c.update(new byte[0])); 4345 assertNull(c.update(new byte[c.getBlockSize() * 2], 0, 0)); 4346 4347 // Try with non-zero offset just in case the implementation mixes up offset and inputLen 4348 assertNull(c.update(new byte[c.getBlockSize() * 2], 16, 0)); 4349 } 4350 4351 public void testCipher_Wrap_decryptMode_Failure() throws Exception { 4352 checkCipher_Wrap_invalidMode_Failure(Cipher.DECRYPT_MODE); 4353 } 4354 4355 public void testCipher_Wrap_encryptMode_Failure() throws Exception { 4356 checkCipher_Wrap_invalidMode_Failure(Cipher.ENCRYPT_MODE); 4357 } 4358 4359 public void testCipher_Wrap_unwrapMode_Failure() throws Exception { 4360 checkCipher_Wrap_invalidMode_Failure(Cipher.UNWRAP_MODE); 4361 } 4362 4363 /** 4364 * Helper for testing that Cipher.wrap() throws IllegalStateException when 4365 * initialized in modes other than WRAP. 4366 */ 4367 private static void checkCipher_Wrap_invalidMode_Failure(int opmode) throws Exception { 4368 KeyGenerator kg = KeyGenerator.getInstance("AES"); 4369 kg.init(128); 4370 SecretKey key = kg.generateKey(); 4371 Cipher cipher = createAesCipher(opmode); 4372 try { 4373 cipher.wrap(key); 4374 fail("wrap() should throw IllegalStateException [mode=" + opmode + "]"); 4375 } catch (IllegalStateException expected) { 4376 } 4377 } 4378 4379 public void testCipher_Unwrap_decryptMode_Failure() throws Exception { 4380 checkCipher_Unwrap_invalidMode_Failure(Cipher.DECRYPT_MODE); 4381 } 4382 4383 public void testCipher_Unwrap_encryptMode_Failure() throws Exception { 4384 checkCipher_Unwrap_invalidMode_Failure(Cipher.ENCRYPT_MODE); 4385 } 4386 4387 public void testCipher_Unwrap_wrapMode_Failure() throws Exception { 4388 checkCipher_Unwrap_invalidMode_Failure(Cipher.WRAP_MODE); 4389 } 4390 4391 /** 4392 * Helper for testing that Cipher.unwrap() throws IllegalStateException when 4393 * initialized in modes other than UNWRAP. 4394 */ 4395 private static void checkCipher_Unwrap_invalidMode_Failure(int opmode) throws Exception { 4396 KeyGenerator kg = KeyGenerator.getInstance("AES"); 4397 kg.init(128); 4398 SecretKey key = kg.generateKey(); 4399 Cipher cipher = createAesCipher(opmode); 4400 byte[] wrappedKey = createAesCipher(Cipher.WRAP_MODE).wrap(key); 4401 try { 4402 cipher.unwrap(wrappedKey, key.getAlgorithm(), Cipher.PRIVATE_KEY); 4403 fail("unwrap() should throw IllegalStateException [mode=" + opmode + "]"); 4404 } catch (IllegalStateException expected) { 4405 } 4406 } 4407 4408 private void checkCipher_ShortBlock_Failure(CipherTestParam p, String provider) throws Exception { 4409 // Do not try to test ciphers with no padding already. 4410 String noPaddingTransform = getCipherTransformationWithNoPadding(p.transformation); 4411 if (p.transformation.equals(noPaddingTransform)) { 4412 return; 4413 } 4414 4415 Cipher c = Cipher.getInstance( 4416 getCipherTransformationWithNoPadding(p.transformation), provider); 4417 if (c.getBlockSize() == 0) { 4418 return; 4419 } 4420 4421 if (!p.transformation.endsWith("NOPADDING")) { 4422 c.init(Cipher.ENCRYPT_MODE, p.encryptKey); 4423 try { 4424 c.doFinal(new byte[] { 0x01, 0x02, 0x03 }); 4425 fail("Should throw IllegalBlockSizeException on wrong-sized block; transform=" 4426 + p.transformation + " provider=" + provider); 4427 } catch (IllegalBlockSizeException expected) { 4428 } 4429 } 4430 } 4431 4432 // Test that when reading GCM parameters encoded using ASN1, a value for the tag size 4433 // not present indicates a value of 12. 4434 // https://b/29876633 4435 public void test_DefaultGCMTagSizeAlgorithmParameterSpec() throws Exception { 4436 final String AES = "AES"; 4437 final String AES_GCM = "AES/GCM/NoPadding"; 4438 byte[] input = new byte[16]; 4439 byte[] key = new byte[16]; 4440 Cipher cipher = Cipher.getInstance(AES_GCM, "BC"); 4441 AlgorithmParameters param = AlgorithmParameters.getInstance("GCM"); 4442 param.init(new byte[] { 4443 (byte) 48, // DER encoding : tag_Sequence 4444 (byte) 14, // DER encoding : total length 4445 (byte) 4, // DER encoding : tag_OctetString 4446 (byte) 12, // DER encoding : counter length 4447 (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, 4448 (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0 }); 4449 cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, AES), param); 4450 byte[] ciphertext = cipher.update(input); 4451 byte[] tag = cipher.doFinal(); 4452 assertEquals(12, tag.length); 4453 } 4454 4455 public void testAES_ECB_PKCS5Padding_ShortBuffer_Failure() throws Exception { 4456 for (String provider : AES_PROVIDERS) { 4457 testAES_ECB_PKCS5Padding_ShortBuffer_Failure(provider); 4458 } 4459 } 4460 4461 private void testAES_ECB_PKCS5Padding_ShortBuffer_Failure(String provider) throws Exception { 4462 Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding", provider); 4463 c.init(Cipher.ENCRYPT_MODE, AES_128_KEY); 4464 4465 final byte[] fragmentOutput = c.update(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext); 4466 if (fragmentOutput != null) { 4467 assertEquals(0, fragmentOutput.length); 4468 } 4469 4470 // Provide null buffer. 4471 { 4472 try { 4473 c.doFinal(null, 0); 4474 fail("Should throw NullPointerException on null output buffer"); 4475 } catch (NullPointerException expected) { 4476 } catch (IllegalArgumentException expected) { 4477 } 4478 } 4479 4480 // Provide short buffer. 4481 { 4482 final byte[] output = new byte[c.getBlockSize() - 1]; 4483 try { 4484 c.doFinal(output, 0); 4485 fail("Should throw ShortBufferException on short output buffer"); 4486 } catch (ShortBufferException expected) { 4487 } 4488 } 4489 4490 // Start 1 byte into output buffer. 4491 { 4492 final byte[] output = new byte[c.getBlockSize()]; 4493 try { 4494 c.doFinal(output, 1); 4495 fail("Should throw ShortBufferException on short output buffer"); 4496 } catch (ShortBufferException expected) { 4497 } 4498 } 4499 4500 // Should keep data for real output buffer 4501 { 4502 final byte[] output = new byte[c.getBlockSize()]; 4503 assertEquals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted.length, c.doFinal(output, 0)); 4504 assertTrue(Arrays.equals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted, output)); 4505 } 4506 } 4507 4508 public void testAES_ECB_NoPadding_IncrementalUpdate_Success() throws Exception { 4509 for (String provider : AES_PROVIDERS) { 4510 testAES_ECB_NoPadding_IncrementalUpdate_Success(provider); 4511 } 4512 } 4513 4514 private void testAES_ECB_NoPadding_IncrementalUpdate_Success(String provider) throws Exception { 4515 Cipher c = Cipher.getInstance("AES/ECB/NoPadding", provider); 4516 assertEquals(provider, c.getProvider().getName()); 4517 c.init(Cipher.ENCRYPT_MODE, AES_128_KEY); 4518 4519 for (int i = 0; i < AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length - 1; i++) { 4520 final byte[] outputFragment = c.update(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, i, 1); 4521 if (outputFragment != null) { 4522 assertEquals(0, outputFragment.length); 4523 } 4524 } 4525 4526 final byte[] output = c.doFinal(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, 4527 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length - 1, 1); 4528 assertNotNull(provider, output); 4529 assertEquals(provider, AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length, 4530 output.length); 4531 4532 assertTrue(provider, Arrays.equals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted, output)); 4533 } 4534 4535 private static final byte[] AES_IV_ZEROES = new byte[] { 4536 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 4537 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 4538 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 4539 }; 4540 4541 public void testAES_ECB_NoPadding_IvParameters_Failure() throws Exception { 4542 for (String provider : AES_PROVIDERS) { 4543 testAES_ECB_NoPadding_IvParameters_Failure(provider); 4544 } 4545 } 4546 4547 private void testAES_ECB_NoPadding_IvParameters_Failure(String provider) throws Exception { 4548 Cipher c = Cipher.getInstance("AES/ECB/NoPadding", provider); 4549 4550 AlgorithmParameterSpec spec = new IvParameterSpec(AES_IV_ZEROES); 4551 try { 4552 c.init(Cipher.ENCRYPT_MODE, AES_128_KEY, spec); 4553 fail("Should not accept an IV in ECB mode; provider=" + provider); 4554 } catch (InvalidAlgorithmParameterException expected) { 4555 } 4556 } 4557 4558 public void testRC4_MultipleKeySizes() throws Exception { 4559 final int SMALLEST_KEY_SIZE = 40; 4560 final int LARGEST_KEY_SIZE = 1024; 4561 4562 /* Make an array of keys for our tests */ 4563 SecretKey[] keys = new SecretKey[LARGEST_KEY_SIZE - SMALLEST_KEY_SIZE]; 4564 { 4565 KeyGenerator kg = KeyGenerator.getInstance("ARC4"); 4566 for (int keysize = SMALLEST_KEY_SIZE; keysize < LARGEST_KEY_SIZE; keysize++) { 4567 final int index = keysize - SMALLEST_KEY_SIZE; 4568 kg.init(keysize); 4569 keys[index] = kg.generateKey(); 4570 } 4571 } 4572 4573 /* 4574 * Use this to compare the output of the first provider against 4575 * subsequent providers. 4576 */ 4577 String[] expected = new String[LARGEST_KEY_SIZE - SMALLEST_KEY_SIZE]; 4578 4579 /* Find all providers that provide ARC4. We must have at least one! */ 4580 Map<String, String> filter = new HashMap<String, String>(); 4581 filter.put("Cipher.ARC4", ""); 4582 Provider[] providers = Security.getProviders(filter); 4583 assertTrue("There must be security providers of Cipher.ARC4", providers.length > 0); 4584 4585 /* Keep track of this for later error messages */ 4586 String firstProvider = providers[0].getName(); 4587 4588 for (Provider p : providers) { 4589 Cipher c = Cipher.getInstance("ARC4", p); 4590 4591 for (int keysize = SMALLEST_KEY_SIZE; keysize < LARGEST_KEY_SIZE; keysize++) { 4592 final int index = keysize - SMALLEST_KEY_SIZE; 4593 final SecretKey sk = keys[index]; 4594 4595 /* 4596 * Test that encryption works. Donig this in a loop also has the 4597 * benefit of testing that re-initialization works for this 4598 * cipher. 4599 */ 4600 c.init(Cipher.ENCRYPT_MODE, sk); 4601 byte[] cipherText = c.doFinal(ORIGINAL_PLAIN_TEXT); 4602 assertNotNull(cipherText); 4603 4604 /* 4605 * Compare providers against eachother to make sure they're all 4606 * in agreement. This helps when you add a brand new provider. 4607 */ 4608 if (expected[index] == null) { 4609 expected[index] = Arrays.toString(cipherText); 4610 } else { 4611 assertEquals(firstProvider + " should output the same as " + p.getName() 4612 + " for key size " + keysize, expected[index], 4613 Arrays.toString(cipherText)); 4614 } 4615 4616 c.init(Cipher.DECRYPT_MODE, sk); 4617 byte[] actualPlaintext = c.doFinal(cipherText); 4618 assertEquals("Key size: " + keysize, Arrays.toString(ORIGINAL_PLAIN_TEXT), 4619 Arrays.toString(actualPlaintext)); 4620 } 4621 } 4622 } 4623 4624 public void testAES_keyConstrained() throws Exception { 4625 Provider[] providers = Security.getProviders(); 4626 for (Provider p : providers) { 4627 for (Provider.Service s : p.getServices()) { 4628 if (s.getType().equals("Cipher")) { 4629 if (s.getAlgorithm().startsWith("AES_128/")) { 4630 Cipher c = Cipher.getInstance(s.getAlgorithm(), p); 4631 assertTrue(s.getAlgorithm(), checkAES_keyConstraint(c, 128)); 4632 assertFalse(s.getAlgorithm(), checkAES_keyConstraint(c, 192)); 4633 assertFalse(s.getAlgorithm(), checkAES_keyConstraint(c, 256)); 4634 } else if (s.getAlgorithm().startsWith("AES_256/")) { 4635 Cipher c = Cipher.getInstance(s.getAlgorithm(), p); 4636 assertFalse(s.getAlgorithm(), checkAES_keyConstraint(c, 128)); 4637 assertFalse(s.getAlgorithm(), checkAES_keyConstraint(c, 192)); 4638 assertTrue(s.getAlgorithm(), checkAES_keyConstraint(c, 256)); 4639 } 4640 } 4641 } 4642 } 4643 } 4644 4645 private boolean checkAES_keyConstraint(Cipher c, int keySize) throws Exception { 4646 KeyGenerator kg = KeyGenerator.getInstance(getBaseAlgorithm(c.getAlgorithm())); 4647 kg.init(keySize); 4648 SecretKey key = kg.generateKey(); 4649 try { 4650 c.init(Cipher.ENCRYPT_MODE, key); 4651 return true; 4652 } catch (InvalidKeyException e) { 4653 return false; 4654 } 4655 } 4656 4657 /** 4658 * Several exceptions can be thrown by init. Check that in this case we throw the right one, 4659 * as the error could fall under the umbrella of other exceptions. 4660 * http://b/18987633 4661 */ 4662 public void testCipher_init_DoesNotSupportKeyClass_throwsInvalidKeyException() 4663 throws Exception { 4664 Provider mockProvider = new MockProvider("MockProvider") { 4665 public void setup() { 4666 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 4667 put("Cipher.FOO SupportedKeyClasses", "none"); 4668 } 4669 }; 4670 4671 Security.addProvider(mockProvider); 4672 try { 4673 Cipher c = Cipher.getInstance("FOO"); 4674 c.init(Cipher.DECRYPT_MODE, new MockKey()); 4675 fail("Expected InvalidKeyException"); 4676 } catch (InvalidKeyException expected) { 4677 } finally { 4678 Security.removeProvider(mockProvider.getName()); 4679 } 4680 } 4681 4682 /* 4683 * When in decrypt mode and using padding, the buffer shouldn't necessarily have room for an 4684 * extra block when using padding. 4685 * http://b/19186852 4686 */ 4687 public void testDecryptBufferMultipleBlockSize_mustNotThrowException() throws Exception { 4688 String testString = "Hello, World!"; 4689 byte[] testKey = "0123456789012345".getBytes(StandardCharsets.US_ASCII); 4690 String testedCipher = "AES/ECB/PKCS7Padding"; 4691 4692 Cipher encCipher = Cipher.getInstance(testedCipher); 4693 encCipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(testKey, "AES")); 4694 byte[] plainBuffer = testString.getBytes(StandardCharsets.US_ASCII); 4695 byte[] encryptedBuffer = new byte[16]; 4696 int encryptedLength = encCipher.doFinal( 4697 plainBuffer, 0, plainBuffer.length, encryptedBuffer); 4698 assertEquals(16, encryptedLength); 4699 4700 Cipher cipher = Cipher.getInstance(testedCipher); 4701 cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(testKey, "AES")); 4702 // Must not throw exception. 4703 int unencryptedBytes = cipher.doFinal( 4704 encryptedBuffer, 0, encryptedBuffer.length, encryptedBuffer); 4705 assertEquals(testString, 4706 new String(encryptedBuffer, 0, unencryptedBytes, StandardCharsets.US_ASCII)); 4707 } 4708 4709 /** 4710 * When using padding in decrypt mode, ensure that empty buffers decode to empty strings 4711 * (no padding needed for the empty buffer). 4712 * http://b/19186852 4713 */ 4714 public void testDecryptBufferZeroSize_mustDecodeToEmptyString() throws Exception { 4715 String[] androidOpenSSLCiphers = { "AES/CBC/PKCS5PADDING", "AES/CBC/PKCS7PADDING", 4716 "AES/ECB/PKCS5PADDING", "AES/ECB/PKCS7PADDING", "DESEDE/CBC/PKCS5PADDING", 4717 "DESEDE/CBC/PKCS7PADDING" }; 4718 for (String c : androidOpenSSLCiphers) { 4719 Cipher cipher = Cipher.getInstance(c); 4720 if (c.contains("/CBC/")) { 4721 cipher.init(Cipher.DECRYPT_MODE, 4722 new SecretKeySpec("0123456789012345".getBytes(StandardCharsets.US_ASCII), 4723 (c.startsWith("AES/")) ? "AES" : "DESEDE"), 4724 new IvParameterSpec( 4725 ("01234567" + ((c.startsWith("AES/")) ? "89012345" : "")) 4726 .getBytes(StandardCharsets.US_ASCII))); 4727 } else { 4728 cipher.init(Cipher.DECRYPT_MODE, 4729 new SecretKeySpec("0123456789012345".getBytes(StandardCharsets.US_ASCII), 4730 (c.startsWith("AES/")) ? "AES" : "DESEDE")); 4731 } 4732 4733 byte[] buffer = new byte[0]; 4734 int bytesProduced = cipher.doFinal(buffer, 0, buffer.length, buffer); 4735 assertEquals("", new String(buffer, 0, bytesProduced, StandardCharsets.US_ASCII)); 4736 } 4737 } 4738 4739 /** 4740 * If a provider rejects a key for "Cipher/Mode/Padding"", there might be another that 4741 * accepts the key for "Cipher". Don't throw InvalidKeyException when trying the first one. 4742 * http://b/22208820 4743 */ 4744 public void testCipher_init_tryAllCombinationsBeforeThrowingInvalidKey() 4745 throws Exception { 4746 Provider mockProvider = new MockProvider("MockProvider") { 4747 public void setup() { 4748 put("Cipher.FOO/FOO/FOO", MockCipherSpi.AllKeyTypes.class.getName()); 4749 put("Cipher.FOO/FOO/FOO SupportedKeyClasses", "none"); 4750 } 4751 }; 4752 4753 Provider mockProvider2 = new MockProvider("MockProvider2") { 4754 public void setup() { 4755 put("Cipher.FOO", MockCipherSpi.AllKeyTypes.class.getName()); 4756 } 4757 }; 4758 4759 Security.addProvider(mockProvider); 4760 4761 try { 4762 try { 4763 // The provider installed doesn't accept the key. 4764 Cipher c = Cipher.getInstance("FOO/FOO/FOO"); 4765 c.init(Cipher.DECRYPT_MODE, new MockKey()); 4766 fail("Expected InvalidKeyException"); 4767 } catch (InvalidKeyException expected) { 4768 } 4769 4770 Security.addProvider(mockProvider2); 4771 4772 try { 4773 // The new provider accepts "FOO" with this key. Use it despite the other provider 4774 // accepts "FOO/FOO/FOO" but doesn't accept the key. 4775 Cipher c = Cipher.getInstance("FOO/FOO/FOO"); 4776 c.init(Cipher.DECRYPT_MODE, new MockKey()); 4777 assertEquals("MockProvider2", c.getProvider().getName()); 4778 } finally { 4779 Security.removeProvider(mockProvider2.getName()); 4780 } 4781 } finally { 4782 Security.removeProvider(mockProvider.getName()); 4783 } 4784 } 4785 4786 /** 4787 * Check that RSA with OAEPPadding is supported. 4788 * http://b/22208820 4789 */ 4790 public void test_RSA_OAEPPadding() throws Exception { 4791 KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); 4792 keyGen.initialize(1024, SecureRandom.getInstance("SHA1PRNG")); 4793 Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPPadding"); 4794 cipher.init(Cipher.ENCRYPT_MODE, keyGen.generateKeyPair().getPublic()); 4795 cipher.doFinal(new byte[] {1,2,3,4}); 4796 } 4797 4798 /* 4799 * Check that two AAD updates are equivalent to one. 4800 * http://b/27371173 4801 */ 4802 public void test_AESGCMNoPadding_UpdateAADTwice_Success() throws Exception { 4803 SecretKeySpec key = new SecretKeySpec(new byte[16], "AES"); 4804 GCMParameterSpec spec = new GCMParameterSpec(128, new byte[12]); 4805 Cipher c1 = Cipher.getInstance("AES/GCM/NoPadding"); 4806 Cipher c2 = Cipher.getInstance("AES/GCM/NoPadding"); 4807 4808 c1.init(Cipher.ENCRYPT_MODE, key, spec); 4809 c1.updateAAD(new byte[] { 4810 0x01, 0x02, 0x03, 0x04, 0x05, 4811 }); 4812 c1.updateAAD(new byte[] { 4813 0x06, 0x07, 0x08, 0x09, 0x10, 4814 }); 4815 4816 c2.init(Cipher.ENCRYPT_MODE, key, spec); 4817 c2.updateAAD(new byte[] { 4818 0x01, 0x02, 0x03, 0x04, 0x05, 4819 0x06, 0x07, 0x08, 0x09, 0x10, 4820 }); 4821 4822 assertEquals(Arrays.toString(c1.doFinal()), Arrays.toString(c2.doFinal())); 4823 } 4824 4825 /* 4826 * Check that GCM encryption with old and new instances update correctly. 4827 * http://b/26694388 4828 */ 4829 public void test_AESGCMNoPadding_Reuse_Success() throws Exception { 4830 SecretKeySpec key = new SecretKeySpec(new byte[16], "AES"); 4831 GCMParameterSpec spec = new GCMParameterSpec(128, new byte[12]); 4832 Cipher c1 = Cipher.getInstance("AES/GCM/NoPadding"); 4833 Cipher c2 = Cipher.getInstance("AES/GCM/NoPadding"); 4834 4835 // Pollute the c1 cipher with AAD 4836 c1.init(Cipher.ENCRYPT_MODE, key, spec); 4837 c1.updateAAD(new byte[] { 4838 0x01, 0x02, 0x03, 0x04, 0x05, 4839 }); 4840 4841 // Now init each again and make sure the outputs are the same 4842 c1.init(Cipher.ENCRYPT_MODE, key, spec); 4843 c2.init(Cipher.ENCRYPT_MODE, key, spec); 4844 4845 byte[] aad = new byte[] { 4846 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 4847 }; 4848 c1.updateAAD(aad); 4849 c2.updateAAD(aad); 4850 4851 assertEquals(Arrays.toString(c1.doFinal()), Arrays.toString(c2.doFinal())); 4852 4853 // .doFinal should also not allow reuse without re-initialization 4854 byte[] aad2 = new byte[] { 4855 0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11, 4856 }; 4857 try { 4858 c1.updateAAD(aad2); 4859 fail("Should not allow updateAAD without re-initialization"); 4860 } catch (IllegalStateException expected) { 4861 } 4862 4863 try { 4864 c1.update(new byte[8]); 4865 fail("Should not allow update without re-initialization"); 4866 } catch (IllegalStateException expected) { 4867 } 4868 4869 try { 4870 c1.doFinal(); 4871 fail("Should not allow doFinal without re-initialization"); 4872 } catch (IllegalStateException expected) { 4873 } 4874 } 4875 4876 /** 4877 * http://b/27224566 4878 * http://b/27994930 4879 * Check that a PBKDF2WITHHMACSHA1 secret key factory works well with a 4880 * PBEWITHSHAAND128BITAES-CBC-BC cipher. The former is PKCS5 and the latter is PKCS12, and so 4881 * mixing them is not recommended. However, until 1.52 BouncyCastle was accepting this mixture, 4882 * assuming the IV was a 0 vector. Some apps still use this functionality. This 4883 * compatibility is likely to be removed in later versions of Android. 4884 * TODO(27995180): consider whether we keep this compatibility. Consider whether we only allow 4885 * if an IV is passed in the parameters. 4886 */ 4887 public void test_PBKDF2WITHHMACSHA1_SKFactory_and_PBEAESCBC_Cipher_noIV() throws Exception { 4888 byte[] plaintext = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 4889 17, 18, 19 }; 4890 byte[] ciphertext = new byte[] { 92, -65, -128, 16, -102, -115, -44, 52, 16, 124, -34, 4891 -45, 58, -70, -17, 127, 119, -67, 87, 91, 63, -13, -40, 9, 97, -17, -71, 97, 10, 4892 -61, -19, -73 }; 4893 SecretKeyFactory skf = 4894 SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA1"); 4895 PBEKeySpec pbeks = new PBEKeySpec("password".toCharArray(), 4896 "salt".getBytes(), 4897 100, 128); 4898 SecretKey secretKey = skf.generateSecret(pbeks); 4899 4900 Cipher cipher = 4901 Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC"); 4902 PBEParameterSpec paramSpec = new PBEParameterSpec("salt".getBytes(), 100); 4903 cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec); 4904 assertEquals(Arrays.toString(ciphertext), Arrays.toString(cipher.doFinal(plaintext))); 4905 4906 secretKey = skf.generateSecret(pbeks); 4907 cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec); 4908 assertEquals(Arrays.toString(plaintext), Arrays.toString(cipher.doFinal(ciphertext))); 4909 } 4910 4911 /** 4912 * http://b/27224566 4913 * http://b/27994930 4914 * Check that a PBKDF2WITHHMACSHA1 secret key factory works well with a 4915 * PBEWITHSHAAND128BITAES-CBC-BC cipher. The former is PKCS5 and the latter is PKCS12, and so 4916 * mixing them is not recommended. However, until 1.52 BouncyCastle was accepting this mixture, 4917 * assuming the IV was a 0 vector. Some apps still use this functionality. This 4918 * compatibility is likely to be removed in later versions of Android. 4919 * TODO(27995180): consider whether we keep this compatibility. Consider whether we only allow 4920 * if an IV is passed in the parameters. 4921 */ 4922 public void test_PBKDF2WITHHMACSHA1_SKFactory_and_PBEAESCBC_Cipher_withIV() throws Exception { 4923 byte[] plaintext = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 4924 17, 18, 19 }; 4925 byte[] ciphertext = { 68, -87, 71, -6, 32, -77, 124, 3, 35, -26, 96, -16, 100, -17, 52, -32, 4926 110, 26, -117, 112, -25, -113, -58, -30, 19, -46, -21, 59, -126, -8, -70, -89 }; 4927 byte[] iv = new byte[] { 15, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; 4928 SecretKeyFactory skf = 4929 SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA1"); 4930 PBEKeySpec pbeks = new PBEKeySpec("password".toCharArray(), 4931 "salt".getBytes(), 4932 100, 128); 4933 SecretKey secretKey = skf.generateSecret(pbeks); 4934 Cipher cipher = 4935 Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC"); 4936 cipher.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv)); 4937 assertEquals(Arrays.toString(ciphertext), Arrays.toString(cipher.doFinal(plaintext))); 4938 4939 secretKey = skf.generateSecret(pbeks); 4940 cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv)); 4941 assertEquals(Arrays.toString(plaintext), Arrays.toString(cipher.doFinal(ciphertext))); 4942 } 4943 4944 private static Cipher createAesCipher(int opmode) { 4945 try { 4946 final Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 4947 c.init(opmode, AES_128_KEY); 4948 return c; 4949 } catch (Exception e) { 4950 fail("Unexpected Exception: " + e.getMessage()); 4951 return null; // unreachable 4952 } 4953 } 4954 4955 /** 4956 * Asserts that running the given runnable results in an IllegalStateException 4957 */ 4958 private static void assertIllegalStateException(String failureMessage, Runnable runnable) { 4959 try { 4960 runnable.run(); 4961 fail(failureMessage); 4962 } catch (IllegalStateException expected) { 4963 // expected 4964 } 4965 } 4966 4967 /** 4968 * http://b/29038928 4969 * If in a second call to init the current spi doesn't support the new specified key, look for 4970 * another suitable spi. 4971 */ 4972 public void test_init_onKeyTypeChange_reInitCipher() throws Exception { 4973 Provider mockProvider = new MockProvider("MockProvider") { 4974 public void setup() { 4975 put("Cipher.FOO", MockCipherSpi.SpecificKeyTypes.class.getName()); 4976 } 4977 }; 4978 Provider mockProvider2 = new MockProvider("MockProvider2") { 4979 public void setup() { 4980 put("Cipher.FOO", MockCipherSpi.SpecificKeyTypes2.class.getName()); 4981 } 4982 }; 4983 try { 4984 Security.addProvider(mockProvider); 4985 Security.addProvider(mockProvider2); 4986 Cipher cipher = Cipher.getInstance("FOO"); 4987 cipher.init(Cipher.ENCRYPT_MODE, new MockKey()); 4988 assertEquals("MockProvider", cipher.getProvider().getName()); 4989 // Using a different key... 4990 cipher.init(Cipher.ENCRYPT_MODE, new MockKey2()); 4991 // ...results in a different provider. 4992 assertEquals("MockProvider2", cipher.getProvider().getName()); 4993 } finally { 4994 Security.removeProvider(mockProvider.getName()); 4995 Security.removeProvider(mockProvider2.getName()); 4996 } 4997 } 4998 4999 /** 5000 * http://b/29038928 5001 * If in a second call to init the current spi doesn't support the new specified 5002 * {@link AlgorithmParameterSpec}, look for another suitable spi. 5003 */ 5004 public void test_init_onAlgorithmParameterTypeChange_reInitCipher() throws Exception { 5005 Provider mockProvider = new MockProvider("MockProvider") { 5006 public void setup() { 5007 put("Cipher.FOO", 5008 MockCipherSpi.SpecificAlgorithmParameterSpecTypes.class.getName()); 5009 } 5010 }; 5011 Provider mockProvider2 = new MockProvider("MockProvider2") { 5012 public void setup() { 5013 put("Cipher.FOO", 5014 MockCipherSpi.SpecificAlgorithmParameterSpecTypes2.class.getName()); 5015 } 5016 }; 5017 try { 5018 Security.addProvider(mockProvider); 5019 Security.addProvider(mockProvider2); 5020 Cipher cipher = Cipher.getInstance("FOO"); 5021 cipher.init(Cipher.ENCRYPT_MODE, 5022 new MockKey(), 5023 new MockCipherSpi.MockAlgorithmParameterSpec()); 5024 assertEquals("MockProvider", cipher.getProvider().getName()); 5025 // Using a different AlgorithmParameterSpec... 5026 cipher.init(Cipher.ENCRYPT_MODE, 5027 new MockKey(), 5028 new MockCipherSpi.MockAlgorithmParameterSpec2()); 5029 // ...results in a different provider. 5030 assertEquals("MockProvider2", cipher.getProvider().getName()); 5031 } finally { 5032 Security.removeProvider(mockProvider.getName()); 5033 Security.removeProvider(mockProvider2.getName()); 5034 } 5035 } 5036 5037 /** 5038 * http://b/29038928 5039 * If in a second call to init the current spi doesn't support the new specified 5040 * {@link AlgorithmParameters}, look for another suitable spi. 5041 */ 5042 public void test_init_onAlgorithmParametersChange_reInitCipher() throws Exception { 5043 Provider mockProvider = new MockProvider("MockProvider") { 5044 public void setup() { 5045 put("Cipher.FOO", 5046 MockCipherSpi.SpecificAlgorithmParameterAesAlgorithm.class.getName()); 5047 } 5048 }; 5049 Provider mockProvider2 = new MockProvider("MockProvider2") { 5050 public void setup() { 5051 put("Cipher.FOO", 5052 MockCipherSpi.SpecificAlgorithmParametersDesAlgorithm.class.getName()); 5053 } 5054 }; 5055 try { 5056 Security.addProvider(mockProvider); 5057 Security.addProvider(mockProvider2); 5058 Cipher cipher = Cipher.getInstance("FOO"); 5059 cipher.init(Cipher.ENCRYPT_MODE, 5060 new MockKey(), 5061 AlgorithmParameters.getInstance("AES")); 5062 assertEquals("MockProvider", cipher.getProvider().getName()); 5063 // Using a different AlgorithmParameters... 5064 cipher.init(Cipher.ENCRYPT_MODE, 5065 new MockKey(), 5066 AlgorithmParameters.getInstance("DES")); 5067 // ...results in a different provider. 5068 assertEquals("MockProvider2", cipher.getProvider().getName()); 5069 } finally { 5070 Security.removeProvider(mockProvider.getName()); 5071 Security.removeProvider(mockProvider2.getName()); 5072 } 5073 } 5074 } 5075