Examples with NoPresubmitTest com.google.security.wycheproof.WycheproofRunner.NoPresubmitTest used on opensource projects

Example 6 with NoPresubmitTest

use of com.google.security.wycheproof.WycheproofRunner.NoPresubmitTest in project wycheproof by google.

the class RsaPssTest method testEncodeDecodePublic.

/**
 * Tries encoding and decoding of RSASSA-PSS keys generated with RSASSA-PSS.
 *
 * RSASSA-PSS keys contain the PSSParameters, hence their encodings are
 * somewhat different than plain RSA keys.
 */
@NoPresubmitTest(providers = { ProviderType.OPENJDK }, bugs = { "b/120406853" })
@Test
public void testEncodeDecodePublic() throws Exception {
    int keySizeInBits = 2048;
    PublicKey pub;
    try {
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSASSA-PSS");
        keyGen.initialize(keySizeInBits);
        KeyPair keypair = keyGen.genKeyPair();
        pub = keypair.getPublic();
    } catch (NoSuchAlgorithmException ex) {
        System.out.println("Key generation for RSASSA-PSS is not supported.");
        return;
    }
    byte[] encoded = pub.getEncoded();
    assertEquals("The test assumes that the public key is in X.509 format", "X.509", pub.getFormat());
    System.out.println("Generated RSA-PSS key");
    System.out.println(TestUtil.bytesToHex(encoded));
    KeyFactory kf = KeyFactory.getInstance("RSASSA-PSS");
    X509EncodedKeySpec spec = new X509EncodedKeySpec(encoded);
    kf.generatePublic(spec);
    // Tries to generate another pair or keys. This time the generator is given an
    // RSAKeyGenParameterSpec containing the key size an the PSS parameters.
    String sha = "SHA-256";
    String mgf = "MGF1";
    int saltLength = 20;
    try {
        RSAKeyGenParameterSpec params = getPssAlgorithmParameters(keySizeInBits, sha, mgf, sha, saltLength);
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSASSA-PSS");
        keyGen.initialize(params);
        KeyPair keypair = keyGen.genKeyPair();
        pub = keypair.getPublic();
    } catch (NoSuchAlgorithmException | NoSuchMethodException ex) {
        System.out.println("Key generation for RSASSA-PSS is not supported.");
        return;
    }
    byte[] encoded2 = pub.getEncoded();
    System.out.println("Generated RSA-PSS key with PSS parameters");
    System.out.println(TestUtil.bytesToHex(encoded2));
    X509EncodedKeySpec spec2 = new X509EncodedKeySpec(encoded2);
    kf.generatePublic(spec2);
}

Example 7 with NoPresubmitTest

use of com.google.security.wycheproof.WycheproofRunner.NoPresubmitTest in project wycheproof by google.

the class RsaKeyTest method testEncodeDecodePrivate.

@NoPresubmitTest(providers = { ProviderType.CONSCRYPT }, bugs = { "b/145113402" })
@Test
public void testEncodeDecodePrivate() throws Exception {
    int keySizeInBits = 2048;
    KeyFactory kf = KeyFactory.getInstance("RSA");
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(keySizeInBits);
    KeyPair keypair = keyGen.genKeyPair();
    RSAPrivateKey priv = (RSAPrivateKey) keypair.getPrivate();
    assertTrue("Expecting an RSA private key with CRT parameters", priv instanceof RSAPrivateCrtKey);
    byte[] encoded = priv.getEncoded();
    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(encoded);
    RSAPrivateKey priv2 = (RSAPrivateKey) kf.generatePrivate(spec);
    // Checks that priv2 equivalent to priv1.
    assertEquals(priv2.getModulus(), priv.getModulus());
    assertEquals(priv2.getPrivateExponent(), priv.getPrivateExponent());
    // But there is OpenSSLRSAPrivateCrtKey
    if (priv instanceof RSAPrivateCrtKey) {
        checkPrivateCrtKey((RSAPrivateCrtKey) priv, keySizeInBits);
    } else {
        // Using a CRT key leads to 6-7 times better performance than not using the CRT.
        fail("Expecting an RSAPrivateCrtKey instead of " + priv.getClass().getName());
    }
}

Example 8 with NoPresubmitTest

use of com.google.security.wycheproof.WycheproofRunner.NoPresubmitTest in project wycheproof by google.

the class AesGcmTest method testLargeArrayAlias.

/**
 * Encryption and decryption with large arrays should be copy-safe.
 */
@NoPresubmitTest(providers = { ProviderType.BOUNCY_CASTLE }, bugs = { "b/64378943" })
@Test
public void testLargeArrayAlias() throws Exception {
    byte[] ptVector = new byte[8192];
    // this offset is relative to the start of the input, not the start of the buffer.
    for (int outputOffset = -32; outputOffset <= 32; outputOffset++) {
        // try with doFinal directly as well as with update followed by doFinal
        for (int useUpdate = 0; useUpdate <= 1; useUpdate++) {
            SecretKeySpec key = new SecretKeySpec(new byte[16], "AES");
            GCMParameterSpec parameters = new GCMParameterSpec(128, new byte[12]);
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(Cipher.ENCRYPT_MODE, key, parameters);
            // these offsets are relative to the start of the buffer
            int inputOffsetInBuffer = 32;
            int outputOffsetInBuffer = inputOffsetInBuffer + outputOffset;
            int sliceLength = cipher.getOutputSize(ptVector.length);
            byte[] inBuf = new byte[sliceLength + Math.max(inputOffsetInBuffer, outputOffsetInBuffer)];
            byte[] outBuf = inBuf;
            System.arraycopy(ptVector, 0, inBuf, inputOffsetInBuffer, ptVector.length);
            try {
                int ctLength = 0;
                if (useUpdate > 0) {
                    ctLength += cipher.update(inBuf, inputOffsetInBuffer, ptVector.length, outBuf, outputOffsetInBuffer);
                    ctLength += cipher.doFinal(inBuf, 0, 0, outBuf, outputOffsetInBuffer + ctLength);
                } else {
                    ctLength += cipher.doFinal(inBuf, inputOffsetInBuffer, ptVector.length, outBuf, outputOffsetInBuffer);
                }
                System.arraycopy(outBuf, outputOffsetInBuffer, inBuf, inputOffsetInBuffer, ctLength);
                cipher = Cipher.getInstance("AES/GCM/NoPadding");
                cipher.init(Cipher.DECRYPT_MODE, key, parameters);
                int resultPtLength = 0;
                if (useUpdate > 0) {
                    resultPtLength += cipher.update(inBuf, inputOffsetInBuffer, ctLength, outBuf, outputOffsetInBuffer);
                    resultPtLength += cipher.doFinal(inBuf, 0, 0, outBuf, outputOffsetInBuffer + resultPtLength);
                } else {
                    resultPtLength += cipher.doFinal(inBuf, inputOffsetInBuffer, ctLength, outBuf, outputOffsetInBuffer);
                }
                assertEquals(resultPtLength, ptVector.length);
                assertArrayEquals(ptVector, Arrays.copyOfRange(outBuf, outputOffsetInBuffer, outputOffsetInBuffer + resultPtLength));
            } catch (Throwable t) {
                throw new AssertionError("testLargeByteBufferAlias failed with outputOffset=" + outputOffset, t);
            }
        }
    }
}

Example 9 with NoPresubmitTest

use of com.google.security.wycheproof.WycheproofRunner.NoPresubmitTest in project wycheproof by google.

the class AesGcmTest method testDecryptWithEmptyIv.

@NoPresubmitTest(providers = { ProviderType.OPENJDK }, bugs = { "b/35746778" })
@Test
public void testDecryptWithEmptyIv() throws Exception {
    byte[] emptyIv = new byte[0];
    byte[] key = TestUtil.hexToBytes("56aae7bd5cbefc71d31c4338e6ddd6c5");
    SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    try {
        cipher.init(Cipher.DECRYPT_MODE, keySpec, new GCMParameterSpec(16 * 8, emptyIv));
        String ciphertext = "2b65876c00d77facf8f3d0e5be792b129bab10b25bcb739b92d6e2eab241245ff449";
        String tag = "c2b2d7086e7fa84ca795a881b540";
        byte[] pt1 = cipher.update(TestUtil.hexToBytes(ciphertext));
        byte[] pt2 = cipher.doFinal(TestUtil.hexToBytes(tag));
        // We shouldn't get here. If a provider releases unverified plaintext additionally to
        // accepting empty IVs then chosen ciphertext attacks might be possible.
        System.out.println("testDecryptWithEmptyIv:");
        System.out.println("pt1:" + TestUtil.bytesToHex(pt1));
        System.out.println("pt2:" + TestUtil.bytesToHex(pt2));
        fail("AES-GCM must not accept an IV of size 0.");
    } catch (GeneralSecurityException expected) {
        System.out.println("testDecryptWithEmptyIv:" + expected.toString());
    }
}

Example 10 with NoPresubmitTest

use of com.google.security.wycheproof.WycheproofRunner.NoPresubmitTest in project wycheproof by google.

the class DhTest method testDefaultKeyPairGenerator.

/**
 * Tests the default Diffie-Hellman key pair generation.
 *
 * <p>This test uses NIST SP 800-57 part1, revision 4
 * http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf . Table 2 on page
 * 53 recommends 2048 bits as the minimal key length for Diffie-Hellman for new keys that expire
 * before the year 2030.
 *
 * <p>Note that JCE documentation is outdated. According to
 * https://docs.oracle.com/javase/7/docs/api/java/security/KeyPairGenerator.html an implementation
 * of the Java platform is only required to support 1024 bit keys.
 */
@NoPresubmitTest(providers = { ProviderType.OPENJDK, ProviderType.BOUNCY_CASTLE }, bugs = { "b/33190860", "b/33190677" })
@SlowTest(providers = { ProviderType.BOUNCY_CASTLE, ProviderType.SPONGY_CASTLE })
@Test
public void testDefaultKeyPairGenerator() throws Exception {
    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DH");
    KeyPair keyPair;
    try {
        keyPair = keyGen.generateKeyPair();
    } catch (Exception ex) {
        // When a provider decides not to implement a default key size then this is still better than
        // implementing a default that is out of date. Hence the test should not fail in this case.
        System.out.println("Cannot generate a DH key without initialize: " + ex.getMessage());
        return;
    }
    DHPrivateKey priv = (DHPrivateKey) keyPair.getPrivate();
    int keySize = priv.getParams().getP().bitLength();
    assertTrue("Default key size for DH is too small. Key size = " + keySize, keySize >= 2048);
    testKeyPair(keyPair, keySize);
}