Example 71 with IvParameterSpec
use of javax.crypto.spec.IvParameterSpec in project robovm by robovm.
the class CipherInputStreamTest method testCipherInputStream_TruncatedInput_Failure.
public void testCipherInputStream_TruncatedInput_Failure() throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(new byte[16], "AES"), new IvParameterSpec(new byte[16]));
InputStream is = new CipherInputStream(new ByteArrayInputStream(new byte[31]), cipher);
is.read(new byte[4]);
is.close();
}
Also used :
CipherInputStream(javax.crypto.CipherInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
CipherInputStream(javax.crypto.CipherInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
Example 72 with IvParameterSpec
use of javax.crypto.spec.IvParameterSpec in project robovm by robovm.
the class CipherTest method getEncryptAlgorithmParameterSpec.
private static AlgorithmParameterSpec getEncryptAlgorithmParameterSpec(String algorithm) {
if (isPBE(algorithm)) {
final byte[] salt = new byte[8];
new SecureRandom().nextBytes(salt);
return new PBEParameterSpec(salt, 1024);
}
if (algorithm.equals("AES/CBC/NOPADDING") || algorithm.equals("AES/CBC/PKCS5PADDING") || algorithm.equals("AES/CFB/NOPADDING") || algorithm.equals("AES/CTR/NOPADDING") || algorithm.equals("AES/CTS/NOPADDING") || algorithm.equals("AES/OFB/NOPADDING")) {
final byte[] iv = new byte[16];
new SecureRandom().nextBytes(iv);
return new IvParameterSpec(iv);
}
return null;
}
Also used :
SecureRandom(java.security.SecureRandom)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
Example 73 with IvParameterSpec
use of javax.crypto.spec.IvParameterSpec in project robovm by robovm.
the class CipherTest method test_Cipher.
private void test_Cipher(Cipher c) throws Exception {
String algorithm = c.getAlgorithm().toUpperCase(Locale.US);
String providerName = c.getProvider().getName();
if (!isSupported(algorithm, providerName)) {
return;
}
String cipherID = algorithm + ":" + providerName;
try {
c.getOutputSize(0);
} catch (IllegalStateException expected) {
}
// TODO: test keys from different factories (e.g. OpenSSLRSAPrivateKey vs JCERSAPrivateKey)
Key encryptKey = getEncryptKey(algorithm);
final AlgorithmParameterSpec encryptSpec = getEncryptAlgorithmParameterSpec(algorithm);
int encryptMode = getEncryptMode(algorithm);
// Bouncycastle doesn't return a default PBEParameterSpec
if (isPBE(algorithm) && !"BC".equals(providerName)) {
assertNotNull(cipherID + " getParameters()", c.getParameters());
assertNotNull(c.getParameters().getParameterSpec(PBEParameterSpec.class));
} else {
assertNull(cipherID + " getParameters()", c.getParameters());
}
try {
assertNull(cipherID + " getIV()", c.getIV());
} catch (NullPointerException e) {
// Bouncycastle apparently has a bug here with AESWRAP, et al.
if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) {
throw e;
}
}
c.init(encryptMode, encryptKey, encryptSpec);
assertEquals(cipherID + " getBlockSize() encryptMode", getExpectedBlockSize(algorithm, encryptMode, providerName), c.getBlockSize());
assertEquals(cipherID + " getOutputSize(0) encryptMode", getExpectedOutputSize(algorithm, encryptMode, providerName), c.getOutputSize(0));
final AlgorithmParameterSpec decryptSpec = getDecryptAlgorithmParameterSpec(encryptSpec, c);
int decryptMode = getDecryptMode(algorithm);
c.init(decryptMode, encryptKey, decryptSpec);
assertEquals(cipherID + " getBlockSize() decryptMode", getExpectedBlockSize(algorithm, decryptMode, providerName), c.getBlockSize());
assertEquals(cipherID + " getOutputSize(0) decryptMode", getExpectedOutputSize(algorithm, decryptMode, providerName), c.getOutputSize(0));
if (isPBE(algorithm)) {
if (algorithm.endsWith("RC4")) {
assertNull(cipherID + " getIV()", c.getIV());
} else {
assertNotNull(cipherID + " getIV()", c.getIV());
}
} else if (decryptSpec instanceof IvParameterSpec) {
assertEquals(cipherID + " getIV()", Arrays.toString(((IvParameterSpec) decryptSpec).getIV()), Arrays.toString(c.getIV()));
} else {
try {
assertNull(cipherID + " getIV()", c.getIV());
} catch (NullPointerException e) {
// Bouncycastle apparently has a bug here with AESWRAP, et al.
if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) {
throw e;
}
}
}
AlgorithmParameters params = c.getParameters();
if (decryptSpec == null) {
assertNull(cipherID + " getParameters()", params);
} else if (decryptSpec instanceof IvParameterSpec) {
IvParameterSpec ivDecryptSpec = (IvParameterSpec) params.getParameterSpec(IvParameterSpec.class);
assertEquals(cipherID + " getIV()", Arrays.toString(((IvParameterSpec) decryptSpec).getIV()), Arrays.toString(ivDecryptSpec.getIV()));
} else if (decryptSpec instanceof PBEParameterSpec) {
// Bouncycastle seems to be schizophrenic about whther it returns this or not
if (!"BC".equals(providerName)) {
assertNotNull(cipherID + " getParameters()", params);
}
}
assertNull(cipherID, c.getExemptionMechanism());
// Test wrapping a key. Every cipher should be able to wrap. Except those that can't.
if (isSupportedForWrapping(algorithm)) {
// Generate a small SecretKey for AES.
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128);
SecretKey sk = kg.generateKey();
// Wrap it
c.init(Cipher.WRAP_MODE, encryptKey, encryptSpec);
byte[] cipherText = c.wrap(sk);
// Unwrap it
c.init(Cipher.UNWRAP_MODE, getDecryptKey(algorithm), decryptSpec);
Key decryptedKey = c.unwrap(cipherText, sk.getAlgorithm(), Cipher.SECRET_KEY);
assertEquals(cipherID + " sk.getAlgorithm()=" + sk.getAlgorithm() + " decryptedKey.getAlgorithm()=" + decryptedKey.getAlgorithm() + " encryptKey.getEncoded()=" + Arrays.toString(sk.getEncoded()) + " decryptedKey.getEncoded()=" + Arrays.toString(decryptedKey.getEncoded()), sk, decryptedKey);
}
if (!isOnlyWrappingAlgorithm(algorithm)) {
c.init(Cipher.ENCRYPT_MODE, encryptKey, encryptSpec);
byte[] cipherText = c.doFinal(getActualPlainText(algorithm));
c.init(Cipher.DECRYPT_MODE, getDecryptKey(algorithm), decryptSpec);
byte[] decryptedPlainText = c.doFinal(cipherText);
assertEquals(cipherID, Arrays.toString(getExpectedPlainText(algorithm, providerName)), Arrays.toString(decryptedPlainText));
}
}
Also used :
SecretKey(javax.crypto.SecretKey)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
KeyGenerator(javax.crypto.KeyGenerator)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PublicKey(java.security.PublicKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
PBEParameterSpec(javax.crypto.spec.PBEParameterSpec)
AlgorithmParameters(java.security.AlgorithmParameters)
Example 74 with IvParameterSpec
use of javax.crypto.spec.IvParameterSpec in project robovm by robovm.
the class CipherTest method checkCipher.
private void checkCipher(CipherTestParam p, String provider) throws Exception {
SecretKey key = new SecretKeySpec(p.key, "AES");
Cipher c = Cipher.getInstance(p.mode + "/PKCS5Padding", provider);
AlgorithmParameterSpec spec = null;
if (p.iv != null) {
spec = new IvParameterSpec(p.iv);
}
c.init(Cipher.ENCRYPT_MODE, key, spec);
final byte[] actualCiphertext = c.doFinal(p.plaintext);
assertEquals(Arrays.toString(p.ciphertext), Arrays.toString(actualCiphertext));
byte[] emptyCipherText = c.doFinal();
assertNotNull(emptyCipherText);
c.init(Cipher.DECRYPT_MODE, key, spec);
try {
c.updateAAD(new byte[8]);
fail("Cipher should not support AAD");
} catch (UnsupportedOperationException expected) {
}
byte[] emptyPlainText = c.doFinal(emptyCipherText);
assertEquals(Arrays.toString(EmptyArray.BYTE), Arrays.toString(emptyPlainText));
// empty decrypt
{
if (StandardNames.IS_RI) {
assertEquals(Arrays.toString(EmptyArray.BYTE), Arrays.toString(c.doFinal()));
c.update(EmptyArray.BYTE);
assertEquals(Arrays.toString(EmptyArray.BYTE), Arrays.toString(c.doFinal()));
} else if (provider.equals("BC")) {
try {
c.doFinal();
fail();
} catch (IllegalBlockSizeException expected) {
}
try {
c.update(EmptyArray.BYTE);
c.doFinal();
fail();
} catch (IllegalBlockSizeException expected) {
}
} else if (provider.equals("AndroidOpenSSL")) {
assertNull(c.doFinal());
c.update(EmptyArray.BYTE);
assertNull(c.doFinal());
} else {
throw new AssertionError("Define your behavior here for " + provider);
}
}
// .doFinal(input)
{
final byte[] actualPlaintext = c.doFinal(p.ciphertext);
assertEquals(Arrays.toString(p.plaintext), Arrays.toString(actualPlaintext));
}
// .doFinal(input, offset, len, output)
{
final byte[] largerThanCiphertext = new byte[p.ciphertext.length + 5];
System.arraycopy(p.ciphertext, 0, largerThanCiphertext, 5, p.ciphertext.length);
final byte[] actualPlaintext = new byte[c.getOutputSize(p.ciphertext.length)];
assertEquals(p.plaintext.length, c.doFinal(largerThanCiphertext, 5, p.ciphertext.length, actualPlaintext));
assertEquals(Arrays.toString(p.plaintext), Arrays.toString(Arrays.copyOfRange(actualPlaintext, 0, p.plaintext.length)));
}
// .doFinal(input, offset, len, output, offset)
{
final byte[] largerThanCiphertext = new byte[p.ciphertext.length + 10];
System.arraycopy(p.ciphertext, 0, largerThanCiphertext, 5, p.ciphertext.length);
final byte[] actualPlaintext = new byte[c.getOutputSize(p.ciphertext.length) + 2];
assertEquals(p.plaintext.length, c.doFinal(largerThanCiphertext, 5, p.ciphertext.length, actualPlaintext, 1));
assertEquals(Arrays.toString(p.plaintext), Arrays.toString(Arrays.copyOfRange(actualPlaintext, 1, p.plaintext.length + 1)));
}
Cipher cNoPad = Cipher.getInstance(p.mode + "/NoPadding", provider);
cNoPad.init(Cipher.DECRYPT_MODE, key, spec);
final byte[] actualPlaintextPadded = cNoPad.doFinal(p.ciphertext);
assertEquals(Arrays.toString(p.plaintextPadded), Arrays.toString(actualPlaintextPadded));
// Test wrapping a key. Every cipher should be able to wrap.
{
// Generate a small SecretKey for AES.
KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(128);
SecretKey sk = kg.generateKey();
// Wrap it
c.init(Cipher.WRAP_MODE, key, spec);
byte[] cipherText = c.wrap(sk);
// Unwrap it
c.init(Cipher.UNWRAP_MODE, key, spec);
Key decryptedKey = c.unwrap(cipherText, sk.getAlgorithm(), Cipher.SECRET_KEY);
assertEquals("sk.getAlgorithm()=" + sk.getAlgorithm() + " decryptedKey.getAlgorithm()=" + decryptedKey.getAlgorithm() + " encryptKey.getEncoded()=" + Arrays.toString(sk.getEncoded()) + " decryptedKey.getEncoded()=" + Arrays.toString(decryptedKey.getEncoded()), sk, decryptedKey);
}
}
Also used :
SecretKey(javax.crypto.SecretKey)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
KeyGenerator(javax.crypto.KeyGenerator)
RSAPublicKey(java.security.interfaces.RSAPublicKey)
RSAPrivateKey(java.security.interfaces.RSAPrivateKey)
PublicKey(java.security.PublicKey)
Key(java.security.Key)
PrivateKey(java.security.PrivateKey)
SecretKey(javax.crypto.SecretKey)
Example 75 with IvParameterSpec
use of javax.crypto.spec.IvParameterSpec in project robovm by robovm.
the class CipherTest method test_doFinal$BII.
public void test_doFinal$BII() throws Exception {
byte[] b = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20 };
byte[] b1 = new byte[30];
AlgorithmParameterSpec ap = new IvParameterSpec(IV);
Cipher c = Cipher.getInstance("DES/CBC/NoPadding");
c.init(Cipher.ENCRYPT_MODE, CIPHER_KEY_DES, ap);
try {
c.doFinal(b, 0, 10);
fail();
} catch (IllegalBlockSizeException expected) {
}
c = Cipher.getInstance("DES/CBC/NoPadding");
try {
c.doFinal(b, 0, 10);
fail();
} catch (IllegalStateException expected) {
}
c = Cipher.getInstance("DES/CBC/NoPadding");
c.init(Cipher.ENCRYPT_MODE, CIPHER_KEY_DES, ap);
int len1 = c.doFinal(b, 0, 16).length;
assertEquals(16, len1);
c.init(Cipher.ENCRYPT_MODE, CIPHER_KEY_DES, ap);
int len2 = c.doFinal(b, 0, 16, b1, 0);
assertEquals(16, len2);
c = Cipher.getInstance("DES/CBC/PKCS5Padding");
c.init(Cipher.DECRYPT_MODE, CIPHER_KEY_DES, ap);
try {
c.doFinal(b1, 0, 24);
fail();
} catch (BadPaddingException expected) {
}
}
Also used :
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
MyCipher(org.apache.harmony.crypto.tests.support.MyCipher)
BadPaddingException(javax.crypto.BadPaddingException)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
Aggregations
IvParameterSpec (javax.crypto.spec.IvParameterSpec)229
Cipher (javax.crypto.Cipher)150
SecretKeySpec (javax.crypto.spec.SecretKeySpec)107
SecretKey (javax.crypto.SecretKey)49
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)46
InvalidKeyException (java.security.InvalidKeyException)43
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)42
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)39
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)30
BadPaddingException (javax.crypto.BadPaddingException)28
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)25
Key (java.security.Key)21
KeyGenerator (javax.crypto.KeyGenerator)21
IOException (java.io.IOException)19
SecureRandom (java.security.SecureRandom)17
GeneralSecurityException (java.security.GeneralSecurityException)15
MyCipher (org.apache.harmony.crypto.tests.support.MyCipher)15
PBEParameterSpec (javax.crypto.spec.PBEParameterSpec)14
MessageDigest (java.security.MessageDigest)13
KeyParameter (org.bouncycastle.crypto.params.KeyParameter)13
