1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17 package libcore.javax.crypto; 18 19 import static java.nio.charset.StandardCharsets.UTF_8; 20 21 import java.security.InvalidKeyException; 22 import java.security.Provider; 23 import java.security.Security; 24 import java.util.Arrays; 25 import javax.crypto.Mac; 26 import javax.crypto.SecretKey; 27 import javax.crypto.SecretKeyFactory; 28 import javax.crypto.spec.PBEKeySpec; 29 import junit.framework.TestCase; 30 31 import dalvik.system.VMRuntime; 32 import sun.security.jca.Providers; 33 34 public class MacTest extends TestCase { 35 36 // Allow access to deprecated BC algorithms in this test, so we can ensure they 37 // continue to work 38 @Override 39 public void setUp() throws Exception { 40 super.setUp(); 41 Providers.setMaximumAllowableApiLevelForBcDeprecation( 42 VMRuntime.getRuntime().getTargetSdkVersion()); 43 } 44 45 @Override 46 public void tearDown() throws Exception { 47 Providers.setMaximumAllowableApiLevelForBcDeprecation( 48 Providers.DEFAULT_MAXIMUM_ALLOWABLE_TARGET_API_LEVEL_FOR_BC_DEPRECATION); 49 super.tearDown(); 50 } 51 52 private static abstract class MockProvider extends Provider { 53 public MockProvider(String name) { 54 super(name, 1.0, "Mock provider used for testing"); 55 setup(); 56 } 57 58 public abstract void setup(); 59 } 60 61 /** 62 * Several exceptions can be thrown by init. Check that in this case we throw the right one, 63 * as the error could fall under the umbrella of other exceptions. 64 * http://b/18987633 65 */ 66 public void testMac_init_DoesNotSupportKeyClass_throwsInvalidKeyException() 67 throws Exception { 68 Provider mockProvider = new MockProvider("MockProvider") { 69 @Override 70 public void setup() { 71 put("Mac.FOO", MockMacSpi.AllKeyTypes.class.getName()); 72 put("Mac.FOO SupportedKeyClasses", "none"); 73 74 } 75 }; 76 77 Security.addProvider(mockProvider); 78 try { 79 Mac c = Mac.getInstance("FOO"); 80 c.init(new MockKey()); 81 fail("Expected InvalidKeyException"); 82 } catch (InvalidKeyException expected) { 83 } finally { 84 Security.removeProvider(mockProvider.getName()); 85 } 86 } 87 88 /** 89 * Aliases used to be wrong due to a typo. 90 * http://b/31114355 91 */ 92 public void testMac_correctAlias() throws Exception { 93 Provider androidOpenSSLProvider = Security.getProvider("AndroidOpenSSL"); 94 assertEquals("HmacSHA224", androidOpenSSLProvider.get("Alg.Alias.Mac.1.2.840.113549.2.8")); 95 assertEquals("HmacSHA256", androidOpenSSLProvider.get("Alg.Alias.Mac.1.2.840.113549.2.9")); 96 } 97 98 // Known answers from the SunJCE provider using the code below. Run with 99 // vogar --classpath sunjce_provider.jar 100 // 101 // secretKeyFactory = SecretKeyFactory.getInstance("PBEWithHmacSHA" + shaVariant + "AndAES_128", 102 // new com.sun.crypto.provider.SunJCE()); 103 // pbeKeySpec = new PBEKeySpec(password); 104 // 105 // secretKey = secretKeyFactory.generateSecret(pbeKeySpec); 106 // mac = Mac.getInstance("PBEWITHHMACSHA" + shaVariant, new com.sun.crypto.provider.SunJCE()); 107 // mac.init(secretKey, new PBEParameterSpec(salt, iterationCount)); 108 // byte[] sunResult = mac.doFinal(plaintext); 109 private final byte[][] SUN_JCA_KNOWN_ANSWERS_FOR_SHA_VARIANTS = { 110 { 44, -78, -97, -109, -125, 49, 68, 58, -9, -99, -27, -122, 58, 27, 7, 45, 87, -92, 111 -74, 64 }, 112 { 59, -13, 28, 53, 79, -79, -127, 117, 3, -23, -75, -127, -44, -47, -43, 28, 76, -114, 113 -110, 26, 59, 70, -91, 19, -52, 36, -64, -54 }, 114 { 88, 54, -105, -122, 14, 73, -40, -43, 52, -21, -33, -103, 32, 81, 115, 53, 111, 78, 115 32, -108, 71, -74, -84, 125, 80, 13, -35, -36, 27, 56, 32, 104 }, 116 { -83, 60, -92, 44, -58, 86, -121, 104, 114, -67, 14, 80, 84, -48, -14, 38, 14, -62, 117 -96, 118, 53, -59, -33, -90, 85, -110, 105, -119, -81, 57, 43, -66, 99, 106, 35, 118 -16, -115, 29, -56, -52, -39, 102, -1, -90, 110, -52, 48, -32}, 119 { -22, -69, -77, 11, -14, -128, -121, 5, 48, 18, 107, -22, 64, -45, 18, 60, 24, -42, 120 -67, 111, 110, -99, -19, 14, -21, -43, 26, 68, -40, 82, 123, 39, 115, 34, 6, 121 -67, 27, -73, -63, -56, -39, 65, -75, -14, -5, -94, -8, 126, -44, -97, 95, 31, 122 61, 123, -17, 14, 117, 71, -45, 53, -76, -91, 91, -121} 123 }; 124 125 /** 126 * Test that BC has the same results as the SunJCA provider for 127 */ 128 public void test_PBEWITHHMACSHA_Variants() throws Exception { 129 byte[] plaintext = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 130 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34 }; 131 byte[] salt = "saltsalt".getBytes(UTF_8); 132 char[] password = "password".toCharArray(); 133 int iterationCount = 100; 134 int[] shaVariants = { 1, 224, 256, 384, 512 }; 135 136 for (int shaVariantIndex = 0; shaVariantIndex < shaVariants.length; shaVariantIndex++) { 137 int shaVariant = shaVariants[shaVariantIndex]; 138 SecretKeyFactory secretKeyFactory = 139 SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA" + shaVariant, "BC"); 140 PBEKeySpec pbeKeySpec = new PBEKeySpec(password, 141 salt, 142 iterationCount, 143 // Key depending on block size! 144 (shaVariant < 384) ? 64 : 128); 145 SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec); 146 Mac mac = Mac.getInstance("PBEWITHHMACSHA" + shaVariant, "BC"); 147 mac.init(secretKey); 148 byte[] bcResult = mac.doFinal(plaintext); 149 assertEquals( 150 Arrays.toString(SUN_JCA_KNOWN_ANSWERS_FOR_SHA_VARIANTS[shaVariantIndex]), 151 Arrays.toString(bcResult)); 152 } 153 } 154 } 155
