Examples with OAEPParameterSpec javax.crypto.spec.OAEPParameterSpec used on opensource projects

Example 31 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project wycheproof by google.

the class RsaOaepTest method testOaep.

/**
 * Tests the signature verification with test vectors in a given JSON file.
 *
 * <p> Example format for test vectors
 * { "algorithm" : "RSA-OAEP",
 *   "schema" : "rsaes_oaep_decrypt_schema.json",
 *   "generatorVersion" : "0.7",
 *   ...
 *   "testGroups" : [
 *     {
 *       "d" : "...",
 *       "e" : "10001",
 *       "n" : "...",
 *       "keysize" : 2048,
 *       "sha" : "SHA-256",
 *       "mgf" : "MGF1",
 *       "mgfSha" : "SHA-256",
 *       "privateKeyPem" : "-----BEGIN RSA PRIVATE KEY-----\n...",
 *       "privateKeyPkcs8" : "...",
 *       "type" : "RSAES",
 *       "tests" : [
 *         {
 *           "tcId" : 1,
 *           "comment" : "",
 *           "msg" : "30313233343030",
 *           "ct" : "...",
 *           "label" : "",
 *           "result" : "valid",
 *           "flags" : [],
 *         },
 *        ...
 *
 * @param filename the filename of the test vectors
 * @param allowSkippingKeys if true then keys that cannot be constructed will not fail the test.
 *        Most of the tests below are using allowSkippingKeys == false. The reason for doing this
 *        is that providers have distinctive defaults. E.g., no OAEPParameterSpec is given then
 *        BouncyCastle and Conscrypt use the same hash function for hashing the label and for the
 *        mask generation function, while jdk uses MGF1SHA1. This is unfortunate and probably
 *        difficult to fix. Hence, the tests below simply require that providers support each
 *        others default parameters under the assumption that the OAEPParameterSpec is fully
 *        specified.
 */
public void testOaep(String filename, boolean allowSkippingKeys) throws Exception {
    JsonObject test = JsonUtil.getTestVectors(filename);
    // Compares the expected and actual JSON schema of the test vector file.
    // Mismatched JSON schemas will likely lead to a test failure.
    String generatorVersion = getString(test, "generatorVersion");
    String expectedSchema = "rsaes_oaep_decrypt_schema.json";
    String actualSchema = getString(test, "schema");
    if (!expectedSchema.equals(actualSchema)) {
        System.out.println("Expecting test vectors with schema " + expectedSchema + " found vectors with schema " + actualSchema + " generatorVersion:" + generatorVersion);
    }
    int numTests = test.get("numberOfTests").getAsInt();
    int cntTests = 0;
    int errors = 0;
    int skippedKeys = 0;
    for (JsonElement g : test.getAsJsonArray("testGroups")) {
        JsonObject group = g.getAsJsonObject();
        PrivateKey key;
        try {
            key = getPrivateKey(group);
        } catch (GeneralSecurityException ex) {
            skippedKeys++;
            if (!allowSkippingKeys) {
                System.out.printf("Key generation throws:%s\n", ex.toString());
            }
            continue;
        }
        String algorithm = getOaepAlgorithmName(group);
        Cipher decrypter = Cipher.getInstance(algorithm);
        for (JsonElement t : group.getAsJsonArray("tests")) {
            cntTests++;
            JsonObject testcase = t.getAsJsonObject();
            int tcid = testcase.get("tcId").getAsInt();
            String messageHex = TestUtil.bytesToHex(getBytes(testcase, "msg"));
            OAEPParameterSpec params = getOaepParameters(group, testcase);
            byte[] ciphertext = getBytes(testcase, "ct");
            String ciphertextHex = TestUtil.bytesToHex(ciphertext);
            String result = getString(testcase, "result");
            decrypter.init(Cipher.DECRYPT_MODE, key, params);
            byte[] decrypted = null;
            try {
                decrypted = decrypter.doFinal(ciphertext);
            } catch (GeneralSecurityException ex) {
                decrypted = null;
            } catch (Exception ex) {
                // Other exceptions (i.e. unchecked exceptions) are considered as error
                // since a third party should never be able to cause such exceptions.
                System.out.printf("Decryption throws %s. filename:%s tcId:%d ct:%s\n", ex.toString(), filename, tcid, ciphertextHex);
                decrypted = null;
            // TODO(bleichen): BouncyCastle throws some non-conforming exceptions.
            // For the moment we do not count this as a problem to avoid that
            // more serious bugs remain hidden.
            // errors++;
            }
            if (decrypted == null && result.equals("valid")) {
                System.out.printf("Valid ciphertext not decrypted. filename:%s tcId:%d ct:%s\n", filename, tcid, ciphertextHex);
                errors++;
            } else if (decrypted != null) {
                String decryptedHex = TestUtil.bytesToHex(decrypted);
                if (result.equals("invalid")) {
                    System.out.printf("Invalid ciphertext decrypted. filename:%s tcId:%d expected:%s decrypted:%s\n", filename, tcid, messageHex, decryptedHex);
                    errors++;
                } else if (!decryptedHex.equals(messageHex)) {
                    System.out.printf("Incorrect decryption. filename:%s tcId:%d expected:%s decrypted:%s\n", filename, tcid, messageHex, decryptedHex);
                    errors++;
                }
            }
        }
    }
    assertEquals(0, errors);
    if (skippedKeys > 0) {
        System.out.println("RSAES-OAEP: file:" + filename + " skipped key:" + skippedKeys);
        assertTrue(allowSkippingKeys);
    } else {
        assertEquals(numTests, cntTests);
    }
}

Example 32 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project wycheproof by google.

the class RsaOaepTest method getOaepParameters.

protected static OAEPParameterSpec getOaepParameters(JsonObject group, JsonObject test) throws Exception {
    String sha = getString(group, "sha");
    String mgf = getString(group, "mgf");
    String mgfSha = getString(group, "mgfSha");
    PSource p = PSource.PSpecified.DEFAULT;
    if (test.has("label")) {
        p = new PSource.PSpecified(getBytes(test, "label"));
    }
    return new OAEPParameterSpec(sha, mgf, new MGF1ParameterSpec(mgfSha), p);
}

Example 33 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project wycheproof by google.

the class RsaOaepTest method printParameters.

protected static void printParameters(AlgorithmParameterSpec params) {
    if (params instanceof OAEPParameterSpec) {
        OAEPParameterSpec oaepParams = (OAEPParameterSpec) params;
        System.out.println("OAEPParameterSpec");
        System.out.println("digestAlgorithm:" + oaepParams.getDigestAlgorithm());
        System.out.println("mgfAlgorithm:" + oaepParams.getMGFAlgorithm());
        printParameters(oaepParams.getMGFParameters());
    } else if (params instanceof MGF1ParameterSpec) {
        MGF1ParameterSpec mgf1Params = (MGF1ParameterSpec) params;
        System.out.println("MGF1ParameterSpec");
        System.out.println("digestAlgorithm:" + mgf1Params.getDigestAlgorithm());
    } else {
        System.out.println(params.toString());
    }
}

Example 34 with OAEPParameterSpec

use of javax.crypto.spec.OAEPParameterSpec in project wycheproof by google.

the class RsaOaepTest method testDefaults.

/**
 * This is not a real test. The JCE algorithm names only specify one hash algorithm. But OAEP
 * uses two hases. One hash algorithm is used to hash the labels. The other hash algorithm is
 * used for the mask generation function.
 *
 * <p>Different provider use different default values for the hash function that is not specified
 * in the algorithm name. Jdk uses mgfsha1 as default. BouncyCastle and Conscrypt use the same
 * hash for labels and mgf. Every provider allows to specify all the parameters using
 * an OAEPParameterSpec instance.
 *
 * <p>This test simply tries a number of algorithm names for RSA-OAEP and prints the OAEP
 * parameters for the case where no OAEPParameterSpec is used.
 */
// TODO(bleichen): jdk11 will also add parameters to the RSA keys. This will need more tests.
@Test
public void testDefaults() throws Exception {
    String pubKey = "30820122300d06092a864886f70d01010105000382010f003082010a02820101" + "00bdf90898577911c71c4d9520c5f75108548e8dfd389afdbf9c997769b8594e" + "7dc51c6a1b88d1670ec4bb03fa550ba6a13d02c430bfe88ae4e2075163017f4d" + "8926ce2e46e068e88962f38112fc2dbd033e84e648d4a816c0f5bd89cadba0b4" + "d6cac01832103061cbb704ebacd895def6cff9d988c5395f2169a6807207333d" + "569150d7f569f7ebf4718ddbfa2cdbde4d82a9d5d8caeb467f71bfc0099b0625" + "a59d2bad12e3ff48f2fd50867b89f5f876ce6c126ced25f28b1996ee21142235" + "fb3aef9fe58d9e4ef6e4922711a3bbcd8adcfe868481fd1aa9c13e5c658f5172" + "617204314665092b4d8dca1b05dc7f4ecd7578b61edeb949275be8751a5a1fab" + "c30203010001";
    KeyFactory kf;
    kf = KeyFactory.getInstance("RSA");
    X509EncodedKeySpec x509keySpec = new X509EncodedKeySpec(TestUtil.hexToBytes(pubKey));
    PublicKey key = kf.generatePublic(x509keySpec);
    for (String oaepName : OaepAlgorithmNames) {
        try {
            Cipher c = Cipher.getInstance(oaepName);
            c.init(Cipher.ENCRYPT_MODE, key);
            System.out.println("Algorithm " + oaepName + " uses the following defaults");
            AlgorithmParameters params = c.getParameters();
            printParameters(params.getParameterSpec(OAEPParameterSpec.class));
        } catch (NoSuchAlgorithmException ex) {
            continue;
        }
    }
}