1 /* GENERATED SOURCE. DO NOT MODIFY. */ 2 /* 3 * Copyright (C) 2011 The Android Open Source Project 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package com.android.org.conscrypt.javax.crypto; 19 20 import static org.junit.Assert.assertEquals; 21 import static org.junit.Assert.assertFalse; 22 import static org.junit.Assert.assertNotNull; 23 import static org.junit.Assert.assertNull; 24 import static org.junit.Assert.assertThrows; 25 import static org.junit.Assert.assertTrue; 26 import static org.junit.Assert.fail; 27 28 import com.android.org.conscrypt.Conscrypt; 29 import com.android.org.conscrypt.TestUtils; 30 import com.android.org.conscrypt.java.security.StandardNames; 31 import com.android.org.conscrypt.java.security.TestKeyStore; 32 import java.io.ByteArrayOutputStream; 33 import java.io.PrintStream; 34 import java.math.BigInteger; 35 import java.nio.ByteBuffer; 36 import java.nio.charset.StandardCharsets; 37 import java.security.AlgorithmParameters; 38 import java.security.InvalidAlgorithmParameterException; 39 import java.security.InvalidKeyException; 40 import java.security.Key; 41 import java.security.KeyFactory; 42 import java.security.KeyPairGenerator; 43 import java.security.PrivateKey; 44 import java.security.Provider; 45 import java.security.PublicKey; 46 import java.security.SecureRandom; 47 import java.security.Security; 48 import java.security.cert.Certificate; 49 import java.security.spec.AlgorithmParameterSpec; 50 import java.security.spec.InvalidParameterSpecException; 51 import java.security.spec.MGF1ParameterSpec; 52 import java.security.spec.RSAPrivateCrtKeySpec; 53 import java.security.spec.RSAPublicKeySpec; 54 import java.util.ArrayList; 55 import java.util.Arrays; 56 import java.util.Collections; 57 import java.util.HashMap; 58 import java.util.HashSet; 59 import java.util.List; 60 import java.util.Locale; 61 import java.util.Map; 62 import java.util.Set; 63 import javax.crypto.AEADBadTagException; 64 import javax.crypto.BadPaddingException; 65 import javax.crypto.Cipher; 66 import javax.crypto.IllegalBlockSizeException; 67 import javax.crypto.KeyGenerator; 68 import javax.crypto.SecretKey; 69 import javax.crypto.SecretKeyFactory; 70 import javax.crypto.ShortBufferException; 71 import javax.crypto.spec.GCMParameterSpec; 72 import javax.crypto.spec.IvParameterSpec; 73 import javax.crypto.spec.OAEPParameterSpec; 74 import javax.crypto.spec.PBEKeySpec; 75 import javax.crypto.spec.PBEParameterSpec; 76 import javax.crypto.spec.PSource; 77 import javax.crypto.spec.SecretKeySpec; 78 import libcore.junit.util.EnableDeprecatedBouncyCastleAlgorithmsRule; 79 import libcore.test.annotation.NonCts; 80 import libcore.test.reasons.NonCtsReasons; 81 import org.bouncycastle.asn1.x509.KeyUsage; 82 import org.junit.Assume; 83 import org.junit.BeforeClass; 84 import org.junit.ClassRule; 85 import org.junit.Test; 86 import org.junit.rules.TestRule; 87 import org.junit.runner.RunWith; 88 import org.junit.runners.JUnit4; 89 90 /** 91 * @hide This class is not part of the Android public SDK API 92 */ 93 @RunWith(JUnit4.class) 94 public final class CipherTest { 95 96 // BEGIN Android-Added: Allow access to deprecated BC algorithms. 97 // Allow access to deprecated BC algorithms in this test, so we can ensure they 98 // continue to work 99 @ClassRule 100 public static TestRule enableDeprecatedBCAlgorithmsRule = 101 EnableDeprecatedBouncyCastleAlgorithmsRule.getInstance(); 102 // END Android-Added: Allow access to deprecated BC algorithms. 103 104 @BeforeClass setUp()105 public static void setUp() { 106 TestUtils.assumeAllowsUnsignedCrypto(); 107 } 108 109 /** GCM tag size used for tests. */ 110 private static final int GCM_TAG_SIZE_BITS = 96; 111 private static final int GCM_SIV_TAG_SIZE_BITS = 128; 112 113 private static final String[] RSA_PROVIDERS = StandardNames.IS_RI 114 ? new String[] { "SunJCE", StandardNames.JSSE_PROVIDER_NAME } 115 : new String[] { "BC" , StandardNames.JSSE_PROVIDER_NAME }; 116 117 private static final String[] AES_PROVIDERS = StandardNames.IS_RI 118 ? new String[] { "SunJCE", StandardNames.JSSE_PROVIDER_NAME } 119 : new String[] { "BC", StandardNames.JSSE_PROVIDER_NAME }; 120 isSupported(String algorithm, String provider)121 private static boolean isSupported(String algorithm, String provider) { 122 if (algorithm.equals("RC2")) { 123 return false; 124 } 125 if (algorithm.equals("PBEWITHMD5ANDRC2")) { 126 return false; 127 } 128 if (algorithm.startsWith("PBEWITHSHA1ANDRC2")) { 129 return false; 130 } 131 if (algorithm.equals("PBEWITHSHAAND40BITRC2-CBC")) { 132 return false; 133 } 134 if (algorithm.equals("PBEWITHSHAAND128BITRC2-CBC")) { 135 return false; 136 } 137 if (algorithm.equals("PBEWITHSHAANDTWOFISH-CBC")) { 138 return false; 139 } 140 if (!IS_UNLIMITED) { 141 if (algorithm.equals("PBEWITHMD5ANDTRIPLEDES")) { 142 return false; 143 } 144 } 145 // stream modes CFB, CTR, CTS, OFB with PKCS5Padding or PKCS7Padding don't really make sense 146 if (!provider.equals("AndroidOpenSSL") && 147 (algorithm.equals("AES/CFB/PKCS5PADDING") 148 || algorithm.equals("AES/CFB/PKCS7PADDING") 149 || algorithm.equals("AES/CTR/PKCS5PADDING") 150 || algorithm.equals("AES/CTR/PKCS7PADDING") 151 || algorithm.equals("AES/CTS/PKCS5PADDING") 152 || algorithm.equals("AES/CTS/PKCS7PADDING") 153 || algorithm.equals("AES/OFB/PKCS5PADDING") 154 || algorithm.equals("AES/OFB/PKCS7PADDING"))) { 155 return false; 156 } 157 158 if (provider.equals("BC")) { 159 return isSupportedByBC(algorithm); 160 } 161 162 return true; 163 } 164 165 /** 166 * Checks for algorithms removed from BC in Android 12 and so not usable for these 167 * tests. 168 * 169 * TODO(prb): make this version aware, as this test runs against BC on older Android 170 * versions via MTS and should continue to test these algorithms there. 171 * 172 */ isSupportedByBC(String algorithm)173 private static boolean isSupportedByBC(String algorithm) { 174 String[] removedBcPrefices = new String[] {"AES/ECB", "AES/CBC", "AES/GCM"}; 175 for (String prefix : removedBcPrefices) { 176 if (algorithm.startsWith(prefix)) { 177 return false; 178 } 179 } 180 return true; 181 } 182 isSupportedForWrapping(String algorithm)183 private static boolean isSupportedForWrapping(String algorithm) { 184 if (isOnlyWrappingAlgorithm(algorithm)) { 185 return true; 186 } 187 // http://b/9097343 RSA with NoPadding won't work since 188 // leading zeroes in the underlying key material are lost. 189 if (algorithm.equals("RSA/ECB/NOPADDING")) { 190 return false; 191 } 192 // AESWRAP should be used instead, fails with BC and SunJCE otherwise. 193 if (algorithm.startsWith("AES") || algorithm.startsWith("DESEDE")) { 194 return false; 195 } 196 return true; 197 } 198 getEncryptMode(String algorithm)199 private synchronized static int getEncryptMode(String algorithm) throws Exception { 200 if (isOnlyWrappingAlgorithm(algorithm)) { 201 return Cipher.WRAP_MODE; 202 } 203 return Cipher.ENCRYPT_MODE; 204 } 205 getDecryptMode(String algorithm)206 private synchronized static int getDecryptMode(String algorithm) throws Exception { 207 if (isOnlyWrappingAlgorithm(algorithm)) { 208 return Cipher.UNWRAP_MODE; 209 } 210 return Cipher.DECRYPT_MODE; 211 } 212 getBaseAlgorithm(String algorithm)213 private static String getBaseAlgorithm(String algorithm) { 214 if (algorithm.equals("AESWRAP")) { 215 return "AES"; 216 } 217 if (algorithm.startsWith("AES/")) { 218 return "AES"; 219 } 220 if (algorithm.startsWith("AES_128/") || algorithm.startsWith("AES_256/")) { 221 return "AES"; 222 } 223 if (algorithm.equals("GCM")) { 224 return "AES"; 225 } 226 if (algorithm.startsWith("CHACHA20/")) { 227 return "CHACHA20"; 228 } 229 if (algorithm.startsWith("DESEDE/")) { 230 return "DESEDE"; 231 } 232 if (algorithm.equals("PBEWITHMD5AND128BITAES-CBC-OPENSSL")) { 233 return "AES"; 234 } 235 if (algorithm.equals("PBEWITHMD5AND192BITAES-CBC-OPENSSL")) { 236 return "AES"; 237 } 238 if (algorithm.equals("PBEWITHMD5AND256BITAES-CBC-OPENSSL")) { 239 return "AES"; 240 } 241 if (algorithm.equals("PBEWITHSHA256AND128BITAES-CBC-BC")) { 242 return "AES"; 243 } 244 if (algorithm.equals("PBEWITHSHA256AND192BITAES-CBC-BC")) { 245 return "AES"; 246 } 247 if (algorithm.equals("PBEWITHSHA256AND256BITAES-CBC-BC")) { 248 return "AES"; 249 } 250 if (algorithm.equals("PBEWITHSHAAND128BITAES-CBC-BC")) { 251 return "AES"; 252 } 253 if (algorithm.equals("PBEWITHSHAAND192BITAES-CBC-BC")) { 254 return "AES"; 255 } 256 if (algorithm.equals("PBEWITHSHAAND256BITAES-CBC-BC")) { 257 return "AES"; 258 } 259 if (algorithm.equals("PBEWITHMD5ANDDES")) { 260 return "DES"; 261 } 262 if (algorithm.equals("PBEWITHSHA1ANDDES")) { 263 return "DES"; 264 } 265 if (algorithm.equals("DESEDEWRAP")) { 266 return "DESEDE"; 267 } 268 if (algorithm.equals("PBEWITHSHAAND2-KEYTRIPLEDES-CBC")) { 269 return "DESEDE"; 270 } 271 if (algorithm.equals("PBEWITHSHAAND3-KEYTRIPLEDES-CBC")) { 272 return "DESEDE"; 273 } 274 if (algorithm.equals("PBEWITHMD5ANDTRIPLEDES")) { 275 return "DESEDE"; 276 } 277 if (algorithm.equals("PBEWITHSHA1ANDDESEDE")) { 278 return "DESEDE"; 279 } 280 if (algorithm.equals("RSA/ECB/NOPADDING")) { 281 return "RSA"; 282 } 283 if (algorithm.equals("RSA/ECB/PKCS1PADDING")) { 284 return "RSA"; 285 } 286 if (algorithm.equals("PBEWITHSHAAND40BITRC4")) { 287 return "ARC4"; 288 } 289 if (algorithm.equals("PBEWITHSHAAND128BITRC4")) { 290 return "ARC4"; 291 } 292 return algorithm; 293 } 294 isAsymmetric(String algorithm)295 private static boolean isAsymmetric(String algorithm) { 296 return getBaseAlgorithm(algorithm).equals("RSA"); 297 } 298 isOnlyWrappingAlgorithm(String algorithm)299 private static boolean isOnlyWrappingAlgorithm(String algorithm) { 300 return algorithm.endsWith("WRAP"); 301 } 302 isPBE(String algorithm)303 private static boolean isPBE(String algorithm) { 304 return algorithm.startsWith("PBE"); 305 } 306 isAEAD(String algorithm)307 private static boolean isAEAD(String algorithm) { 308 return "GCM".equals(algorithm) || algorithm.contains("/GCM/") 309 || algorithm.contains("/GCM-SIV/") 310 || algorithm.equals("CHACHA20/POLY1305/NOPADDING"); 311 } 312 isStreamMode(String algorithm)313 private static boolean isStreamMode(String algorithm) { 314 return algorithm.contains("/CTR/") || algorithm.contains("/OFB") 315 || algorithm.contains("/CFB"); 316 } 317 isRandomizedEncryption(String algorithm)318 private static boolean isRandomizedEncryption(String algorithm) { 319 return algorithm.endsWith("/PKCS1PADDING") || algorithm.endsWith("/OAEPPADDING") 320 || algorithm.contains("/OAEPWITH"); 321 } 322 323 private static Map<String, Key> ENCRYPT_KEYS = new HashMap<String, Key>(); 324 325 /** 326 * Returns the key meant for enciphering for {@code algorithm}. 327 */ getEncryptKey(String algorithm)328 private synchronized static Key getEncryptKey(String algorithm) { 329 Key key = ENCRYPT_KEYS.get(algorithm); 330 if (key != null) { 331 return key; 332 } 333 try { 334 if (algorithm.startsWith("RSA")) { 335 KeyFactory kf = KeyFactory.getInstance("RSA"); 336 RSAPublicKeySpec keySpec = new RSAPublicKeySpec(RSA_2048_modulus, 337 RSA_2048_publicExponent); 338 key = kf.generatePublic(keySpec); 339 } else if (isPBE(algorithm)) { 340 SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); 341 key = skf.generateSecret(new PBEKeySpec("secret".toCharArray())); 342 } else { 343 KeyGenerator kg = KeyGenerator.getInstance(getBaseAlgorithm(algorithm)); 344 if (algorithm.startsWith("AES_256/")) { 345 // This is the 256-bit constrained version, so we have to switch from the 346 // default of 128-bit keys. 347 kg.init(256); 348 } 349 key = kg.generateKey(); 350 } 351 } catch (Exception e) { 352 throw new AssertionError("Error generating keys for test setup", e); 353 } 354 ENCRYPT_KEYS.put(algorithm, key); 355 return key; 356 } 357 358 private static Map<String, Key> DECRYPT_KEYS = new HashMap<String, Key>(); 359 360 /** 361 * Returns the key meant for deciphering for {@code algorithm}. 362 */ getDecryptKey(String algorithm)363 private synchronized static Key getDecryptKey(String algorithm) { 364 Key key = DECRYPT_KEYS.get(algorithm); 365 if (key != null) { 366 return key; 367 } 368 try { 369 if (algorithm.startsWith("RSA")) { 370 KeyFactory kf = KeyFactory.getInstance("RSA"); 371 RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(RSA_2048_modulus, 372 RSA_2048_publicExponent, RSA_2048_privateExponent, RSA_2048_primeP, 373 RSA_2048_primeQ, RSA_2048_primeExponentP, RSA_2048_primeExponentQ, 374 RSA_2048_crtCoefficient); 375 key = kf.generatePrivate(keySpec); 376 } else { 377 assertFalse(algorithm, isAsymmetric(algorithm)); 378 key = getEncryptKey(algorithm); 379 } 380 } catch (Exception e) { 381 throw new AssertionError("Error generating keys for test setup", e); 382 } 383 DECRYPT_KEYS.put(algorithm, key); 384 return key; 385 } 386 387 private static Map<String, Integer> EXPECTED_BLOCK_SIZE = new HashMap<String, Integer>(); 388 static { 389 setExpectedBlockSize("AES", 16); 390 setExpectedBlockSize("AES/CBC/PKCS5PADDING", 16); 391 setExpectedBlockSize("AES/CBC/PKCS7PADDING", 16); 392 setExpectedBlockSize("AES/CBC/NOPADDING", 16); 393 setExpectedBlockSize("AES/CFB/PKCS5PADDING", 16); 394 setExpectedBlockSize("AES/CFB/PKCS7PADDING", 16); 395 setExpectedBlockSize("AES/CFB/NOPADDING", 16); 396 setExpectedBlockSize("AES/CTR/PKCS5PADDING", 16); 397 setExpectedBlockSize("AES/CTR/PKCS7PADDING", 16); 398 setExpectedBlockSize("AES/CTR/NOPADDING", 16); 399 setExpectedBlockSize("AES/CTS/PKCS5PADDING", 16); 400 setExpectedBlockSize("AES/CTS/PKCS7PADDING", 16); 401 setExpectedBlockSize("AES/CTS/NOPADDING", 16); 402 setExpectedBlockSize("AES/ECB/PKCS5PADDING", 16); 403 setExpectedBlockSize("AES/ECB/PKCS7PADDING", 16); 404 setExpectedBlockSize("AES/ECB/NOPADDING", 16); 405 setExpectedBlockSize("AES/GCM/NOPADDING", 16); 406 setExpectedBlockSize("AES/GCM-SIV/NOPADDING", 16); 407 setExpectedBlockSize("AES/OFB/PKCS5PADDING", 16); 408 setExpectedBlockSize("AES/OFB/PKCS7PADDING", 16); 409 setExpectedBlockSize("AES/OFB/NOPADDING", 16); 410 setExpectedBlockSize("AES_128/CBC/PKCS5PADDING", 16); 411 setExpectedBlockSize("AES_128/CBC/NOPADDING", 16); 412 setExpectedBlockSize("AES_128/ECB/PKCS5PADDING", 16); 413 setExpectedBlockSize("AES_128/ECB/NOPADDING", 16); 414 setExpectedBlockSize("AES_128/GCM/NOPADDING", 16); 415 setExpectedBlockSize("AES_128/GCM-SIV/NOPADDING", 16); 416 setExpectedBlockSize("AES_256/CBC/PKCS5PADDING", 16); 417 setExpectedBlockSize("AES_256/CBC/NOPADDING", 16); 418 setExpectedBlockSize("AES_256/ECB/PKCS5PADDING", 16); 419 setExpectedBlockSize("AES_256/ECB/NOPADDING", 16); 420 setExpectedBlockSize("AES_256/GCM/NOPADDING", 16); 421 setExpectedBlockSize("AES_256/GCM-SIV/NOPADDING", 16); 422 setExpectedBlockSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", 16); 423 setExpectedBlockSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", 16); 424 setExpectedBlockSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", 16); 425 setExpectedBlockSize("PBEWITHSHA256AND128BITAES-CBC-BC", 16); 426 setExpectedBlockSize("PBEWITHSHA256AND192BITAES-CBC-BC", 16); 427 setExpectedBlockSize("PBEWITHSHA256AND256BITAES-CBC-BC", 16); 428 setExpectedBlockSize("PBEWITHSHAAND128BITAES-CBC-BC", 16); 429 setExpectedBlockSize("PBEWITHSHAAND192BITAES-CBC-BC", 16); 430 setExpectedBlockSize("PBEWITHSHAAND256BITAES-CBC-BC", 16); 431 432 if (StandardNames.IS_RI) { 433 setExpectedBlockSize("AESWRAP", 16); 434 } else { 435 setExpectedBlockSize("AESWRAP", 0); 436 } 437 438 setExpectedBlockSize("ARC4", 0); 439 setExpectedBlockSize("CHACHA20", 0); 440 setExpectedBlockSize("CHACHA20/POLY1305/NOPADDING", 0); 441 setExpectedBlockSize("PBEWITHSHAAND40BITRC4", 0); 442 setExpectedBlockSize("PBEWITHSHAAND128BITRC4", 0); 443 444 setExpectedBlockSize("BLOWFISH", 8); 445 446 setExpectedBlockSize("DES", 8); 447 setExpectedBlockSize("PBEWITHMD5ANDDES", 8); 448 setExpectedBlockSize("PBEWITHSHA1ANDDES", 8); 449 450 setExpectedBlockSize("DESEDE", 8); 451 setExpectedBlockSize("DESEDE/CBC/PKCS5PADDING", 8); 452 setExpectedBlockSize("DESEDE/CBC/NOPADDING", 8); 453 setExpectedBlockSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", 8); 454 setExpectedBlockSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", 8); 455 456 457 if (StandardNames.IS_RI) { 458 setExpectedBlockSize("DESEDEWRAP", 8); 459 } else { 460 setExpectedBlockSize("DESEDEWRAP", 0); 461 } 462 463 setExpectedBlockSize("RSA", "SunJCE",0); 464 setExpectedBlockSize("RSA/ECB/NoPadding", "SunJCE", 0); 465 setExpectedBlockSize("RSA/ECB/PKCS1Padding", "SunJCE", 0); 466 setExpectedBlockSize("RSA/ECB/OAEPPadding", "SunJCE", 0); 467 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", "SunJCE", 0); 468 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", "SunJCE", 0); 469 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", "SunJCE", 0); 470 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", "SunJCE", 0); 471 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", "SunJCE", 0); 472 473 setExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, 256); 474 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, 256); 475 setExpectedBlockSize("RSA/ECB/PKCS1Padding", Cipher.ENCRYPT_MODE, 245); 476 477 // BC strips the leading 0 for us even when NoPadding is specified 478 setExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, "BC", 255); 479 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, "BC", 255); 480 481 setExpectedBlockSize("RSA", Cipher.DECRYPT_MODE, 256); 482 setExpectedBlockSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, 256); 483 setExpectedBlockSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, 256); 484 485 // OAEP padding modes change the output and block size. SHA-1 is the default. 486 setExpectedBlockSize("RSA/ECB/OAEPPadding", Cipher.ENCRYPT_MODE, 214); 487 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", Cipher.ENCRYPT_MODE, 214); 488 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", Cipher.ENCRYPT_MODE, 198); 489 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", Cipher.ENCRYPT_MODE, 190); 490 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", Cipher.ENCRYPT_MODE, 158); 491 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", Cipher.ENCRYPT_MODE, 126); 492 493 setExpectedBlockSize("RSA/ECB/OAEPPadding", Cipher.DECRYPT_MODE, 256); 494 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 495 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 496 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 497 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 498 setExpectedBlockSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", Cipher.DECRYPT_MODE, 256); 499 } 500 modeKey(String algorithm, int mode)501 private static String modeKey(String algorithm, int mode) { 502 return algorithm + ":" + mode; 503 } 504 modeProviderKey(String algorithm, int mode, String provider)505 private static String modeProviderKey(String algorithm, int mode, String provider) { 506 return algorithm + ":" + mode + ":" + provider; 507 } 508 providerKey(String algorithm, String provider)509 private static String providerKey(String algorithm, String provider) { 510 return algorithm + ":" + provider; 511 } 512 setExpectedSize(Map<String, Integer> map, String algorithm, int value)513 private static void setExpectedSize(Map<String, Integer> map, 514 String algorithm, int value) { 515 algorithm = algorithm.toUpperCase(Locale.US); 516 map.put(algorithm, value); 517 } 518 setExpectedSize(Map<String, Integer> map, String algorithm, int mode, int value)519 private static void setExpectedSize(Map<String, Integer> map, 520 String algorithm, int mode, int value) { 521 setExpectedSize(map, modeKey(algorithm, mode), value); 522 } 523 setExpectedSize(Map<String, Integer> map, String algorithm, int mode, String provider, int value)524 private static void setExpectedSize(Map<String, Integer> map, 525 String algorithm, int mode, String provider, int value) { 526 setExpectedSize(map, modeProviderKey(algorithm, mode, provider), value); 527 } 528 setExpectedSize(Map<String, Integer> map, String algorithm, String provider, int value)529 private static void setExpectedSize(Map<String, Integer> map, 530 String algorithm, String provider, int value) { 531 setExpectedSize(map, providerKey(algorithm, provider), value); 532 } 533 getExpectedSize(Map<String, Integer> map, String algorithm, int mode, String provider)534 private static int getExpectedSize(Map<String, Integer> map, String algorithm, int mode, String provider) { 535 algorithm = algorithm.toUpperCase(Locale.US); 536 provider = provider.toUpperCase(Locale.US); 537 Integer expected = map.get(modeProviderKey(algorithm, mode, provider)); 538 if (expected != null) { 539 return expected; 540 } 541 expected = map.get(providerKey(algorithm, provider)); 542 if (expected != null) { 543 return expected; 544 } 545 expected = map.get(modeKey(algorithm, mode)); 546 if (expected != null) { 547 return expected; 548 } 549 expected = map.get(algorithm); 550 assertNotNull("Algorithm " + algorithm + " with mode " + mode + " and provider " + provider 551 + " not found in " + map, expected); 552 return expected; 553 } 554 setExpectedBlockSize(String algorithm, int value)555 private static void setExpectedBlockSize(String algorithm, int value) { 556 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, value); 557 } 558 setExpectedBlockSize(String algorithm, int mode, int value)559 private static void setExpectedBlockSize(String algorithm, int mode, int value) { 560 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, value); 561 } 562 setExpectedBlockSize(String algorithm, String provider, int value)563 private static void setExpectedBlockSize(String algorithm, String provider, int value) { 564 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, provider, value); 565 } 566 setExpectedBlockSize(String algorithm, int mode, String provider, int value)567 private static void setExpectedBlockSize(String algorithm, int mode, String provider, int value) { 568 setExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, provider, value); 569 } 570 getExpectedBlockSize(String algorithm, int mode, String provider)571 private static int getExpectedBlockSize(String algorithm, int mode, String provider) { 572 return getExpectedSize(EXPECTED_BLOCK_SIZE, algorithm, mode, provider); 573 } 574 575 private static Map<String, Integer> EXPECTED_OUTPUT_SIZE = new HashMap<String, Integer>(); 576 static { 577 setExpectedOutputSize("AES/CBC/NOPADDING", 0); 578 setExpectedOutputSize("AES/CFB/NOPADDING", 0); 579 setExpectedOutputSize("AES/CTR/NOPADDING", 0); 580 setExpectedOutputSize("AES/CTS/NOPADDING", 0); 581 setExpectedOutputSize("AES/ECB/NOPADDING", 0); 582 setExpectedOutputSize("AES/OFB/NOPADDING", 0); 583 setExpectedOutputSize("AES_128/CBC/NOPADDING", 0); 584 setExpectedOutputSize("AES_128/ECB/NOPADDING", 0); 585 setExpectedOutputSize("AES_256/CBC/NOPADDING", 0); 586 setExpectedOutputSize("AES_256/ECB/NOPADDING", 0); 587 588 setExpectedOutputSize("AES", Cipher.ENCRYPT_MODE, 16); 589 setExpectedOutputSize("AES/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 590 setExpectedOutputSize("AES/CBC/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 591 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 592 setExpectedOutputSize("AES/CFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 593 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 594 setExpectedOutputSize("AES/CTR/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 595 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 596 setExpectedOutputSize("AES/CTS/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 597 setExpectedOutputSize("AES/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 598 setExpectedOutputSize("AES/ECB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 599 setExpectedOutputSize("AES/GCM/NOPADDING", Cipher.ENCRYPT_MODE, GCM_TAG_SIZE_BITS / 8); 600 setExpectedOutputSize("AES/GCM-SIV/NOPADDING", Cipher.ENCRYPT_MODE, GCM_SIV_TAG_SIZE_BITS / 8); 601 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 602 setExpectedOutputSize("AES/OFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 603 setExpectedOutputSize("AES_128/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 604 setExpectedOutputSize("AES_128/CBC/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 605 setExpectedOutputSize("AES_128/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 606 setExpectedOutputSize("AES_128/ECB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 607 setExpectedOutputSize("AES_128/GCM/NOPADDING", Cipher.ENCRYPT_MODE, GCM_TAG_SIZE_BITS / 8); 608 setExpectedOutputSize("AES_128/GCM-SIV/NOPADDING", Cipher.ENCRYPT_MODE, GCM_SIV_TAG_SIZE_BITS / 8); 609 setExpectedOutputSize("AES_256/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 610 setExpectedOutputSize("AES_256/CBC/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 611 setExpectedOutputSize("AES_256/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 16); 612 setExpectedOutputSize("AES_256/ECB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 16); 613 setExpectedOutputSize("AES_256/GCM/NOPADDING", Cipher.ENCRYPT_MODE, GCM_TAG_SIZE_BITS / 8); 614 setExpectedOutputSize("AES_256/GCM-SIV/NOPADDING", Cipher.ENCRYPT_MODE, GCM_SIV_TAG_SIZE_BITS / 8); 615 setExpectedOutputSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", 16); 616 setExpectedOutputSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", 16); 617 setExpectedOutputSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", 16); 618 setExpectedOutputSize("PBEWITHSHA256AND128BITAES-CBC-BC", 16); 619 setExpectedOutputSize("PBEWITHSHA256AND192BITAES-CBC-BC", 16); 620 setExpectedOutputSize("PBEWITHSHA256AND256BITAES-CBC-BC", 16); 621 setExpectedOutputSize("PBEWITHSHAAND128BITAES-CBC-BC", 16); 622 setExpectedOutputSize("PBEWITHSHAAND192BITAES-CBC-BC", 16); 623 setExpectedOutputSize("PBEWITHSHAAND256BITAES-CBC-BC", 16); 624 // AndroidOpenSSL returns zero for the non-block ciphers 625 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 626 setExpectedOutputSize("AES/CFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 627 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 628 setExpectedOutputSize("AES/CTR/PKCS7PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 629 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 630 setExpectedOutputSize("AES/CTS/PKCS7PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 631 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 632 setExpectedOutputSize("AES/OFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, "AndroidOpenSSL", 0); 633 634 setExpectedOutputSize("AES", Cipher.DECRYPT_MODE, 0); 635 setExpectedOutputSize("AES/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 636 setExpectedOutputSize("AES/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 637 setExpectedOutputSize("AES/CFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 638 setExpectedOutputSize("AES/CFB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 639 setExpectedOutputSize("AES/CTR/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 640 setExpectedOutputSize("AES/CTR/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 641 setExpectedOutputSize("AES/CTS/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 642 setExpectedOutputSize("AES/CTS/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 643 setExpectedOutputSize("AES/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 644 setExpectedOutputSize("AES/ECB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 645 setExpectedOutputSize("AES/GCM/NOPADDING", Cipher.DECRYPT_MODE, 0); 646 setExpectedOutputSize("AES/GCM-SIV/NOPADDING", Cipher.DECRYPT_MODE, 0); 647 setExpectedOutputSize("AES/OFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 648 setExpectedOutputSize("AES/OFB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 649 setExpectedOutputSize("AES_128/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 650 setExpectedOutputSize("AES_128/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 651 setExpectedOutputSize("AES_128/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 652 setExpectedOutputSize("AES_128/ECB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 653 setExpectedOutputSize("AES_128/GCM/NOPADDING", Cipher.DECRYPT_MODE, 0); 654 setExpectedOutputSize("AES_128/GCM-SIV/NOPADDING", Cipher.DECRYPT_MODE, 0); 655 setExpectedOutputSize("AES_256/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 656 setExpectedOutputSize("AES_256/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 657 setExpectedOutputSize("AES_256/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 658 setExpectedOutputSize("AES_256/ECB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 659 setExpectedOutputSize("AES_256/GCM/NOPADDING", Cipher.DECRYPT_MODE, 0); 660 setExpectedOutputSize("AES_256/GCM-SIV/NOPADDING", Cipher.DECRYPT_MODE, 0); 661 setExpectedOutputSize("PBEWITHMD5AND128BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 662 setExpectedOutputSize("PBEWITHMD5AND192BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 663 setExpectedOutputSize("PBEWITHMD5AND256BITAES-CBC-OPENSSL", Cipher.DECRYPT_MODE, 0); 664 setExpectedOutputSize("PBEWITHSHA256AND128BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 665 setExpectedOutputSize("PBEWITHSHA256AND192BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 666 setExpectedOutputSize("PBEWITHSHA256AND256BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 667 setExpectedOutputSize("PBEWITHSHAAND128BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 668 setExpectedOutputSize("PBEWITHSHAAND192BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 669 setExpectedOutputSize("PBEWITHSHAAND256BITAES-CBC-BC", Cipher.DECRYPT_MODE, 0); 670 setExpectedOutputSize("DESEDE/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, "AndroidOpenSSL", 0); 671 setExpectedOutputSize("DESEDE/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, "AndroidOpenSSL", 0); 672 673 if (StandardNames.IS_RI) { 674 setExpectedOutputSize("AESWRAP", Cipher.WRAP_MODE, 8); 675 setExpectedOutputSize("AESWRAP", Cipher.UNWRAP_MODE, 0); 676 } else { 677 setExpectedOutputSize("AESWRAP", -1); 678 } 679 680 setExpectedOutputSize("ARC4", 0); 681 setExpectedOutputSize("ARCFOUR", 0); 682 setExpectedOutputSize("CHACHA20", 0); 683 setExpectedOutputSize("CHACHA20/POLY1305/NOPADDING", 0); 684 setExpectedOutputSize("PBEWITHSHAAND40BITRC4", 0); 685 setExpectedOutputSize("PBEWITHSHAAND128BITRC4", 0); 686 687 setExpectedOutputSize("BLOWFISH", Cipher.ENCRYPT_MODE, 8); 688 setExpectedOutputSize("BLOWFISH", Cipher.DECRYPT_MODE, 0); 689 690 setExpectedOutputSize("DES", Cipher.ENCRYPT_MODE, 8); 691 setExpectedOutputSize("PBEWITHMD5ANDDES", Cipher.ENCRYPT_MODE, 8); 692 setExpectedOutputSize("PBEWITHSHA1ANDDES", Cipher.ENCRYPT_MODE, 8); 693 694 setExpectedOutputSize("DES", Cipher.DECRYPT_MODE, 0); 695 setExpectedOutputSize("PBEWITHMD5ANDDES", Cipher.DECRYPT_MODE, 0); 696 setExpectedOutputSize("PBEWITHSHA1ANDDES", Cipher.DECRYPT_MODE, 0); 697 698 setExpectedOutputSize("DESEDE/CBC/NOPADDING", 0); 699 setExpectedOutputSize("DESEDE/CFB/NOPADDING", 0); 700 setExpectedOutputSize("DESEDE/CTR/NOPADDING", 0); 701 setExpectedOutputSize("DESEDE/CTS/NOPADDING", 0); 702 setExpectedOutputSize("DESEDE/ECB/NOPADDING", 0); 703 setExpectedOutputSize("DESEDE/OFB/NOPADDING", 0); 704 705 setExpectedOutputSize("DESEDE", Cipher.ENCRYPT_MODE, 8); 706 setExpectedOutputSize("DESEDE/CBC/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 707 setExpectedOutputSize("DESEDE/CBC/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 708 setExpectedOutputSize("DESEDE/CFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 709 setExpectedOutputSize("DESEDE/CFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 710 setExpectedOutputSize("DESEDE/CTR/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 711 setExpectedOutputSize("DESEDE/CTR/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 712 setExpectedOutputSize("DESEDE/CTS/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 713 setExpectedOutputSize("DESEDE/CTS/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 714 setExpectedOutputSize("DESEDE/ECB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 715 setExpectedOutputSize("DESEDE/ECB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 716 setExpectedOutputSize("DESEDE/OFB/PKCS5PADDING", Cipher.ENCRYPT_MODE, 8); 717 setExpectedOutputSize("DESEDE/OFB/PKCS7PADDING", Cipher.ENCRYPT_MODE, 8); 718 setExpectedOutputSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", Cipher.ENCRYPT_MODE, 8); 719 setExpectedOutputSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", Cipher.ENCRYPT_MODE, 8); 720 setExpectedOutputSize("PBEWITHMD5ANDTRIPLEDES", Cipher.ENCRYPT_MODE, 8); 721 setExpectedOutputSize("PBEWITHSHA1ANDDESEDE", Cipher.ENCRYPT_MODE, 8); 722 723 setExpectedOutputSize("DESEDE", Cipher.DECRYPT_MODE, 0); 724 setExpectedOutputSize("DESEDE/CBC/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 725 setExpectedOutputSize("DESEDE/CBC/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 726 setExpectedOutputSize("DESEDE/CFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 727 setExpectedOutputSize("DESEDE/CFB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 728 setExpectedOutputSize("DESEDE/CTR/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 729 setExpectedOutputSize("DESEDE/CTR/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 730 setExpectedOutputSize("DESEDE/CTS/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 731 setExpectedOutputSize("DESEDE/CTS/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 732 setExpectedOutputSize("DESEDE/ECB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 733 setExpectedOutputSize("DESEDE/ECB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 734 setExpectedOutputSize("DESEDE/OFB/PKCS5PADDING", Cipher.DECRYPT_MODE, 0); 735 setExpectedOutputSize("DESEDE/OFB/PKCS7PADDING", Cipher.DECRYPT_MODE, 0); 736 setExpectedOutputSize("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", Cipher.DECRYPT_MODE, 0); 737 setExpectedOutputSize("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", Cipher.DECRYPT_MODE, 0); 738 setExpectedOutputSize("PBEWITHMD5ANDTRIPLEDES", Cipher.DECRYPT_MODE, 0); 739 setExpectedOutputSize("PBEWITHSHA1ANDDESEDE", Cipher.DECRYPT_MODE, 0); 740 741 if (StandardNames.IS_RI) { 742 setExpectedOutputSize("DESEDEWRAP", Cipher.WRAP_MODE, 16); 743 setExpectedOutputSize("DESEDEWRAP", Cipher.UNWRAP_MODE, 0); 744 } else { 745 setExpectedOutputSize("DESEDEWRAP", -1); 746 } 747 748 setExpectedOutputSize("RSA", Cipher.ENCRYPT_MODE, 256); 749 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.ENCRYPT_MODE, 256); 750 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.ENCRYPT_MODE, 256); 751 752 setExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, 256); 753 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, 256); 754 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, 245); 755 setExpectedOutputSize("RSA/ECB/OAEPPadding", Cipher.DECRYPT_MODE, 256); 756 757 // SunJCE returns the full for size even when PKCS1Padding is specified 758 setExpectedOutputSize("RSA/ECB/PKCS1Padding", Cipher.DECRYPT_MODE, "SunJCE", 256); 759 760 // BC strips the leading 0 for us even when NoPadding is specified 761 setExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, "BC", 255); 762 setExpectedOutputSize("RSA/ECB/NoPadding", Cipher.DECRYPT_MODE, "BC", 255); 763 764 // OAEP padding modes change the output and block size. SHA-1 is the default. 765 setExpectedOutputSize("RSA/ECB/OAEPPadding", Cipher.DECRYPT_MODE, 214); 766 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", Cipher.DECRYPT_MODE, 214); 767 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", Cipher.DECRYPT_MODE, 198); 768 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", Cipher.DECRYPT_MODE, 190); 769 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", Cipher.DECRYPT_MODE, 158); 770 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", Cipher.DECRYPT_MODE, 126); 771 772 setExpectedOutputSize("RSA/ECB/OAEPPadding", Cipher.ENCRYPT_MODE, 256); 773 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 774 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 775 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 776 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 777 setExpectedOutputSize("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", Cipher.ENCRYPT_MODE, 256); 778 } 779 setExpectedOutputSize(String algorithm, int value)780 private static void setExpectedOutputSize(String algorithm, int value) { 781 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, value); 782 } 783 setExpectedOutputSize(String algorithm, int mode, int value)784 private static void setExpectedOutputSize(String algorithm, int mode, int value) { 785 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, value); 786 } 787 setExpectedOutputSize(String algorithm, int mode, String provider, int value)788 private static void setExpectedOutputSize(String algorithm, int mode, String provider, int value) { 789 setExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, provider, value); 790 } 791 getExpectedOutputSize(String algorithm, int mode, String provider)792 private static int getExpectedOutputSize(String algorithm, int mode, String provider) { 793 return getExpectedSize(EXPECTED_OUTPUT_SIZE, algorithm, mode, provider); 794 } 795 796 private static byte[] ORIGINAL_PLAIN_TEXT = new byte[] { 0x0a, 0x0b, 0x0c }; 797 private static byte[] SIXTEEN_BYTE_BLOCK_PLAIN_TEXT = new byte[] { 0x0a, 0x0b, 0x0c, 0x00, 798 0x00, 0x00, 0x00, 0x00, 799 0x00, 0x00, 0x00, 0x00, 800 0x00, 0x00, 0x00, 0x00 }; 801 private static byte[] EIGHT_BYTE_BLOCK_PLAIN_TEXT = new byte[] { 0x0a, 0x0b, 0x0c, 0x00, 802 0x00, 0x00, 0x00, 0x00 }; 803 private static byte[] PKCS1_BLOCK_TYPE_00_PADDED_PLAIN_TEXT = new byte[] { 804 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 805 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 806 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 807 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 808 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 809 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 810 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 811 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 812 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 813 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 814 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 815 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 816 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 817 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 818 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 819 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x0a, 0x0b, 0x0c 820 }; 821 private static byte[] PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT = new byte[] { 822 (byte) 0x00, (byte) 0x01, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 823 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 824 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 825 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 826 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 827 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 828 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 829 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 830 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 831 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 832 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 833 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 834 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 835 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 836 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 837 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 838 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 839 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 840 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 841 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 842 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 843 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 844 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 845 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 846 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 847 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 848 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 849 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 850 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 851 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 852 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 853 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c 854 }; 855 private static byte[] PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT = new byte[] { 856 (byte) 0x00, (byte) 0x02, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 857 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 858 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 859 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 860 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 861 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 862 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 863 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 864 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 865 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 866 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 867 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 868 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 869 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 870 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 871 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 872 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 873 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 874 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 875 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 876 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 877 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 878 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 879 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 880 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 881 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 882 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 883 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 884 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 885 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 886 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, 887 (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0xff, (byte) 0x00, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c 888 }; 889 890 getActualPlainText(String algorithm)891 private static byte[] getActualPlainText(String algorithm) { 892 // Block mode AES with NoPadding needs to match underlying block size 893 if (algorithm.equals("AES") 894 || algorithm.equals("AES/CBC/NOPADDING") 895 || algorithm.equals("AES/CTS/NOPADDING") 896 || algorithm.equals("AES/ECB/NOPADDING") 897 || algorithm.equals("AES_128/CBC/NOPADDING") 898 || algorithm.equals("AES_128/ECB/NOPADDING") 899 || algorithm.equals("AES_256/CBC/NOPADDING") 900 || algorithm.equals("AES_256/ECB/NOPADDING")) { 901 return SIXTEEN_BYTE_BLOCK_PLAIN_TEXT; 902 } 903 if (algorithm.equals("DESEDE") 904 || algorithm.equals("DESEDE/CBC/NOPADDING") 905 || algorithm.equals("DESEDE/ECB/NOPADDING")) { 906 return EIGHT_BYTE_BLOCK_PLAIN_TEXT; 907 } 908 return ORIGINAL_PLAIN_TEXT; 909 } 910 getExpectedPlainText(String algorithm, String provider)911 private static byte[] getExpectedPlainText(String algorithm, String provider) { 912 // Block mode AES with NoPadding needs to match underlying block size 913 if (algorithm.equals("AES") 914 || algorithm.equals("AES/CBC/NOPADDING") 915 || algorithm.equals("AES/CTS/NOPADDING") 916 || algorithm.equals("AES/ECB/NOPADDING") 917 || algorithm.equals("AES_128/CBC/NOPADDING") 918 || algorithm.equals("AES_128/ECB/NOPADDING") 919 || algorithm.equals("AES_256/CBC/NOPADDING") 920 || algorithm.equals("AES_256/ECB/NOPADDING")) { 921 return SIXTEEN_BYTE_BLOCK_PLAIN_TEXT; 922 } 923 if (algorithm.equals("DESEDE") 924 || algorithm.equals("DESEDE/CBC/NOPADDING") 925 || algorithm.equals("DESEDE/ECB/NOPADDING")) { 926 return EIGHT_BYTE_BLOCK_PLAIN_TEXT; 927 } 928 // BC strips the leading 0 for us even when NoPadding is specified 929 if (!provider.equals("BC") && algorithm.equals("RSA/ECB/NOPADDING")) { 930 return PKCS1_BLOCK_TYPE_00_PADDED_PLAIN_TEXT; 931 } 932 return ORIGINAL_PLAIN_TEXT; 933 } 934 getEncryptAlgorithmParameterSpec(String algorithm)935 private static AlgorithmParameterSpec getEncryptAlgorithmParameterSpec(String algorithm) { 936 if (isPBE(algorithm)) { 937 final byte[] salt = new byte[8]; 938 new SecureRandom().nextBytes(salt); 939 return new PBEParameterSpec(salt, 1024); 940 } 941 if (algorithm.equals("AES/GCM/NOPADDING") 942 || algorithm.equals("AES_128/GCM/NOPADDING") 943 || algorithm.equals("AES_256/GCM/NOPADDING")) { 944 final byte[] iv = new byte[12]; 945 new SecureRandom().nextBytes(iv); 946 return new GCMParameterSpec(GCM_TAG_SIZE_BITS, iv); 947 } 948 if (algorithm.equals("AES/GCM-SIV/NOPADDING") 949 || algorithm.equals("AES_128/GCM-SIV/NOPADDING") 950 || algorithm.equals("AES_256/GCM-SIV/NOPADDING")) { 951 final byte[] iv = new byte[12]; 952 new SecureRandom().nextBytes(iv); 953 return new GCMParameterSpec(GCM_SIV_TAG_SIZE_BITS, iv); 954 } 955 if (algorithm.equals("AES/CBC/NOPADDING") 956 || algorithm.equals("AES/CBC/PKCS5PADDING") 957 || algorithm.equals("AES/CBC/PKCS7PADDING") 958 || algorithm.equals("AES/CFB/NOPADDING") 959 || algorithm.equals("AES/CTR/NOPADDING") 960 || algorithm.equals("AES/CTS/NOPADDING") 961 || algorithm.equals("AES/OFB/NOPADDING") 962 || algorithm.equals("AES_128/CBC/NOPADDING") 963 || algorithm.equals("AES_128/CBC/PKCS5PADDING") 964 || algorithm.equals("AES_128/CBC/PKCS7PADDING") 965 || algorithm.equals("AES_256/CBC/NOPADDING") 966 || algorithm.equals("AES_256/CBC/PKCS5PADDING") 967 || algorithm.equals("AES_256/CBC/PKCS7PADDING")) { 968 final byte[] iv = new byte[16]; 969 new SecureRandom().nextBytes(iv); 970 return new IvParameterSpec(iv); 971 } 972 if (algorithm.equals("DESEDE/CBC/NOPADDING") 973 || algorithm.equals("DESEDE/CBC/PKCS5PADDING") 974 || algorithm.equals("DESEDE/CBC/PKCS7PADDING") 975 || algorithm.equals("DESEDE/CFB/NOPADDING") 976 || algorithm.equals("DESEDE/CTR/NOPADDING") 977 || algorithm.equals("DESEDE/CTS/NOPADDING") 978 || algorithm.equals("DESEDE/OFB/NOPADDING")) { 979 final byte[] iv = new byte[8]; 980 new SecureRandom().nextBytes(iv); 981 return new IvParameterSpec(iv); 982 } 983 if (algorithm.equals("CHACHA20") 984 || algorithm.equals("CHACHA20/POLY1305/NOPADDING")) { 985 final byte[] iv = new byte[12]; 986 new SecureRandom().nextBytes(iv); 987 return new IvParameterSpec(iv); 988 } 989 return null; 990 } 991 getDecryptAlgorithmParameterSpec(AlgorithmParameterSpec encryptSpec, Cipher encryptCipher)992 private static AlgorithmParameterSpec getDecryptAlgorithmParameterSpec(AlgorithmParameterSpec encryptSpec, 993 Cipher encryptCipher) { 994 String algorithm = encryptCipher.getAlgorithm().toUpperCase(Locale.US); 995 if (isPBE(algorithm)) { 996 return encryptSpec; 997 } 998 if (isOnlyWrappingAlgorithm(algorithm)) { 999 return null; 1000 } 1001 byte[] iv = encryptCipher.getIV(); 1002 if (iv != null) { 1003 if ("AES/GCM/NOPADDING".equals(algorithm) 1004 || "AES_128/GCM/NOPADDING".equals(algorithm) 1005 || "AES_256/GCM/NOPADDING".equals(algorithm)) { 1006 return new GCMParameterSpec(GCM_TAG_SIZE_BITS, iv); 1007 } 1008 if ("AES/GCM-SIV/NOPADDING".equals(algorithm) 1009 || "AES_128/GCM-SIV/NOPADDING".equals(algorithm) 1010 || "AES_256/GCM-SIV/NOPADDING".equals(algorithm)) { 1011 return new GCMParameterSpec(GCM_SIV_TAG_SIZE_BITS, iv); 1012 } 1013 return new IvParameterSpec(iv); 1014 } 1015 return null; 1016 } 1017 1018 /* 1019 * This must be below everything else to make sure the other static blocks 1020 * have run first. 1021 */ 1022 private static final boolean IS_UNLIMITED; 1023 static { 1024 boolean is_unlimited; 1025 if (StandardNames.IS_RI) { 1026 try { 1027 String algorithm = "PBEWITHMD5ANDTRIPLEDES"; 1028 Cipher.getInstance(algorithm).init(getEncryptMode(algorithm), getEncryptKey(algorithm)1029 getEncryptKey(algorithm), 1030 getEncryptAlgorithmParameterSpec(algorithm)); 1031 is_unlimited = true; 1032 } catch (Exception e) { 1033 is_unlimited = false; 1034 System.out.println("WARNING: Some tests disabled due to lack of " 1035 + "'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'"); 1036 } 1037 } else { 1038 is_unlimited = true; 1039 } 1040 IS_UNLIMITED = is_unlimited; 1041 } 1042 1043 @Test test_getInstance()1044 public void test_getInstance() throws Exception { 1045 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 1046 PrintStream out = new PrintStream(errBuffer); 1047 1048 Set<String> seenBaseCipherNames = new HashSet<String>(); 1049 Set<String> seenCiphersWithModeAndPadding = new HashSet<String>(); 1050 1051 Provider[] providers = Security.getProviders(); 1052 for (Provider provider : providers) { 1053 Set<Provider.Service> services = provider.getServices(); 1054 for (Provider.Service service : services) { 1055 String type = service.getType(); 1056 if (!type.equals("Cipher")) { 1057 continue; 1058 } 1059 1060 String algorithm = service.getAlgorithm().toUpperCase(Locale.US); 1061 1062 /* 1063 * Any specific modes and paddings aren't tested directly here, 1064 * but we need to make sure we see the bare algorithm from some 1065 * provider. We will test each mode specifically when we get the 1066 * base cipher. 1067 */ 1068 final int firstSlash = algorithm.indexOf('/'); 1069 if (firstSlash == -1) { 1070 seenBaseCipherNames.add(algorithm); 1071 } else { 1072 final int secondSlash = algorithm.indexOf('/', firstSlash + 1); 1073 if (secondSlash > 0) { 1074 // Only look for a base Cipher if there are two slashes, to avoid SunJCE 1075 // quirks like PBEWithHmacSHA512/224AndAES_128 1076 final String baseCipherName = algorithm.substring(0, firstSlash); 1077 if (!seenBaseCipherNames.contains(baseCipherName) 1078 && !(baseCipherName.equals("AES_128") 1079 || baseCipherName.equals("AES_192") 1080 || baseCipherName.equals("AES_256"))) { 1081 seenCiphersWithModeAndPadding.add(baseCipherName); 1082 } 1083 if (!Conscrypt.isConscrypt(provider)) { 1084 continue; 1085 } 1086 } 1087 } 1088 1089 if (provider.getName().equals("SunJCE")) { 1090 // The SunJCE provider acts in numerous idiosyncratic ways that don't 1091 // match any other provider. Examples include returning non-null IVs 1092 // when no IV was provided on init, NullPointerExceptions when null 1093 // SecureRandoms are supplied (but only to PBE ciphers), and not 1094 // supplying KeyGenerators for some algorithms. We aren't sufficiently 1095 // interested in verifying this provider's behavior to adapt the 1096 // tests and Oracle presumably tests them well anyway, so just skip 1097 // verifying them. 1098 continue; 1099 } 1100 1101 try { 1102 test_Cipher_Algorithm(provider, algorithm); 1103 } catch (Throwable e) { 1104 out.append("Error encountered checking " + algorithm 1105 + " with provider " + provider.getName() + "\n"); 1106 e.printStackTrace(out); 1107 } 1108 1109 Set<String> modes = StandardNames.getModesForCipher(algorithm); 1110 if (modes != null) { 1111 for (String mode : modes) { 1112 Set<String> paddings = StandardNames.getPaddingsForCipher(algorithm); 1113 if (paddings != null) { 1114 for (String padding : paddings) { 1115 final String algorithmName = algorithm + "/" + mode + "/" + padding; 1116 try { 1117 if (isSupported(algorithmName, provider.getName())) { 1118 test_Cipher_Algorithm(provider, algorithmName); 1119 } 1120 } catch (Throwable e) { 1121 out.append("Error encountered checking " + algorithmName 1122 + " with provider " + provider.getName() + "\n"); 1123 e.printStackTrace(out); 1124 } 1125 } 1126 } 1127 } 1128 } 1129 } 1130 } 1131 1132 seenCiphersWithModeAndPadding.removeAll(seenBaseCipherNames); 1133 assertEquals("Ciphers seen with mode and padding but not base cipher", 1134 Collections.EMPTY_SET, seenCiphersWithModeAndPadding); 1135 1136 out.flush(); 1137 if (errBuffer.size() > 0) { 1138 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 1139 } 1140 } 1141 test_Cipher_Algorithm(Provider provider, String algorithm)1142 private void test_Cipher_Algorithm(Provider provider, String algorithm) throws Exception { 1143 if (algorithm.equals("RSA") && provider.getName().equals("BC")) { 1144 // http://b/9097343 BC's Cipher.RSA defaults to NoPadding 1145 // which makes it fail the key wrapping test if the 1146 // generated AES key to wrap starts with a leading 1147 // zero. For the purposes of the test, use the same 1148 // default behavior as the RI. Real code really should 1149 // specify the exact mode and padding they need and not 1150 // rely on defaults. http://b/9097343 1151 algorithm = "RSA/ECB/PKCS1Padding"; 1152 } 1153 1154 // SunMSCAPI seems to have different opinion on what RSA should do compared to other 1155 // providers. As such it fails many tests, so we will skip it for now. 1156 if (algorithm.startsWith("RSA") && provider.getName().equals("SunMSCAPI")) { 1157 return; 1158 } 1159 1160 // Cipher.getInstance(String) 1161 Cipher c1 = Cipher.getInstance(algorithm); 1162 if (provider.equals(c1.getProvider())) { 1163 assertEquals(algorithm, c1.getAlgorithm()); 1164 test_Cipher(c1); 1165 } 1166 1167 // Cipher.getInstance(String, Provider) 1168 Cipher c2 = Cipher.getInstance(algorithm, provider); 1169 assertEquals(algorithm, c2.getAlgorithm()); 1170 assertEquals(provider, c2.getProvider()); 1171 test_Cipher(c2); 1172 1173 // Cipher.getInstance(String, String) 1174 Cipher c3 = Cipher.getInstance(algorithm, provider.getName()); 1175 assertEquals(algorithm, c3.getAlgorithm()); 1176 assertEquals(provider, c3.getProvider()); 1177 test_Cipher(c3); 1178 } 1179 test_Cipher(Cipher c)1180 private void test_Cipher(Cipher c) throws Exception { 1181 String algorithm = c.getAlgorithm().toUpperCase(Locale.US); 1182 String providerName = c.getProvider().getName(); 1183 if (!isSupported(algorithm, providerName)) { 1184 return; 1185 } 1186 String cipherID = algorithm + ":" + providerName; 1187 1188 try { 1189 c.getOutputSize(0); 1190 fail("getOutputSize() should throw if called before Cipher initialization"); 1191 } catch (IllegalStateException expected) { 1192 } 1193 1194 // TODO: test keys from different factories (e.g. OpenSSLRSAPrivateKey vs BCRSAPrivateKey) 1195 Key encryptKey = getEncryptKey(algorithm); 1196 1197 AlgorithmParameterSpec encryptSpec = getEncryptAlgorithmParameterSpec(algorithm); 1198 int encryptMode = getEncryptMode(algorithm); 1199 1200 // Bouncycastle doesn't return a default PBEParameterSpec 1201 if (isPBE(algorithm) && !"BC".equals(providerName)) { 1202 assertNotNull(cipherID + " getParameters()", c.getParameters()); 1203 assertNotNull(c.getParameters().getParameterSpec(PBEParameterSpec.class)); 1204 } else { 1205 assertNull(cipherID + " getParameters()", c.getParameters()); 1206 } 1207 try { 1208 assertNull(cipherID + " getIV()", c.getIV()); 1209 } catch (NullPointerException e) { 1210 // Bouncycastle apparently has a bug here with AESWRAP, et al. 1211 if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) { 1212 throw e; 1213 } 1214 } 1215 1216 test_Cipher_init_NullParameters(c, encryptMode, encryptKey); 1217 1218 c.init(encryptMode, encryptKey, encryptSpec); 1219 assertEquals(cipherID + " getBlockSize() encryptMode", 1220 getExpectedBlockSize(algorithm, encryptMode, providerName), c.getBlockSize()); 1221 assertTrue(cipherID + " getOutputSize(0) encryptMode", 1222 getExpectedOutputSize(algorithm, encryptMode, providerName) <= c.getOutputSize(0)); 1223 if ((algorithm.endsWith("/PKCS5PADDING") || algorithm.endsWith("/PKCS7PADDING")) 1224 && isStreamMode(algorithm)) { 1225 assertEquals(getExpectedOutputSize(algorithm, encryptMode, providerName), 1226 c.doFinal(new byte[1]).length); 1227 } 1228 1229 if (isPBE(algorithm)) { 1230 if (algorithm.endsWith("RC4")) { 1231 assertNull(cipherID + " getIV()", c.getIV()); 1232 } else { 1233 assertNotNull(cipherID + " getIV()", c.getIV()); 1234 } 1235 } else if (encryptSpec instanceof IvParameterSpec) { 1236 assertEquals(cipherID + " getIV()", 1237 Arrays.toString(((IvParameterSpec) encryptSpec).getIV()), 1238 Arrays.toString(c.getIV())); 1239 } else if (encryptSpec instanceof GCMParameterSpec) { 1240 assertNotNull(c.getIV()); 1241 assertEquals(cipherID + " getIV()", 1242 Arrays.toString(((GCMParameterSpec) encryptSpec).getIV()), 1243 Arrays.toString(c.getIV())); 1244 } else { 1245 try { 1246 assertNull(cipherID + " getIV()", c.getIV()); 1247 } catch (NullPointerException e) { 1248 // Bouncycastle apparently has a bug here with AESWRAP, et al. 1249 if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) { 1250 throw e; 1251 } 1252 } 1253 } 1254 1255 AlgorithmParameters encParams = c.getParameters(); 1256 assertCorrectAlgorithmParameters(providerName, cipherID, encryptSpec, encParams); 1257 1258 AlgorithmParameterSpec decryptSpec = getDecryptAlgorithmParameterSpec(encryptSpec, c); 1259 int decryptMode = getDecryptMode(algorithm); 1260 1261 Key decryptKey = getDecryptKey(algorithm); 1262 1263 test_Cipher_init_Decrypt_NullParameters(c, decryptMode, decryptKey, decryptSpec != null); 1264 1265 c.init(decryptMode, decryptKey, decryptSpec); 1266 assertEquals(cipherID + " getBlockSize() decryptMode", 1267 getExpectedBlockSize(algorithm, decryptMode, providerName), c.getBlockSize()); 1268 assertEquals(cipherID + " getOutputSize(0) decryptMode", 1269 getExpectedOutputSize(algorithm, decryptMode, providerName), c.getOutputSize(0)); 1270 1271 if (isPBE(algorithm)) { 1272 if (algorithm.endsWith("RC4")) { 1273 assertNull(cipherID + " getIV()", c.getIV()); 1274 } else { 1275 assertNotNull(cipherID + " getIV()", c.getIV()); 1276 } 1277 } else if (decryptSpec instanceof IvParameterSpec) { 1278 assertEquals(cipherID + " getIV()", 1279 Arrays.toString(((IvParameterSpec) decryptSpec).getIV()), 1280 Arrays.toString(c.getIV())); 1281 } else if (decryptSpec instanceof GCMParameterSpec) { 1282 assertNotNull(c.getIV()); 1283 assertEquals(cipherID + " getIV()", 1284 Arrays.toString(((GCMParameterSpec) decryptSpec).getIV()), 1285 Arrays.toString(c.getIV())); 1286 } else { 1287 try { 1288 assertNull(cipherID + " getIV()", c.getIV()); 1289 } catch (NullPointerException e) { 1290 // Bouncycastle apparently has a bug here with AESWRAP, et al. 1291 if (!("BC".equals(providerName) && isOnlyWrappingAlgorithm(algorithm))) { 1292 throw e; 1293 } 1294 } 1295 } 1296 1297 AlgorithmParameters decParams = c.getParameters(); 1298 assertCorrectAlgorithmParameters(providerName, cipherID, decryptSpec, decParams); 1299 1300 assertNull(cipherID, c.getExemptionMechanism()); 1301 1302 // Test wrapping a key. Every cipher should be able to wrap. Except those that can't. 1303 /* Bouncycastle is broken for wrapping because getIV() fails. */ 1304 if (isSupportedForWrapping(algorithm) && !providerName.equals("BC")) { 1305 // Generate a small SecretKey for AES. 1306 KeyGenerator kg = KeyGenerator.getInstance("AES"); 1307 kg.init(128); 1308 SecretKey sk = kg.generateKey(); 1309 1310 // Wrap it. Use a new encrypt spec so that AEAD algorithms that prohibit IV reuse 1311 // don't complain. 1312 encryptSpec = getEncryptAlgorithmParameterSpec(algorithm); 1313 c.init(Cipher.WRAP_MODE, encryptKey, encryptSpec); 1314 byte[] cipherText = c.wrap(sk); 1315 1316 // Unwrap it 1317 c.init(Cipher.UNWRAP_MODE, decryptKey, getDecryptAlgorithmParameterSpec(encryptSpec, c)); 1318 Key decryptedKey = c.unwrap(cipherText, sk.getAlgorithm(), Cipher.SECRET_KEY); 1319 1320 assertEquals(cipherID 1321 + " sk.getAlgorithm()=" + sk.getAlgorithm() 1322 + " decryptedKey.getAlgorithm()=" + decryptedKey.getAlgorithm() 1323 + " encryptKey.getEncoded()=" + Arrays.toString(sk.getEncoded()) 1324 + " decryptedKey.getEncoded()=" + Arrays.toString(decryptedKey.getEncoded()), 1325 sk, decryptedKey); 1326 } 1327 1328 if (!isOnlyWrappingAlgorithm(algorithm)) { 1329 // Use a new encrypt spec so that AEAD algorithms that prohibit IV reuse don't complain 1330 encryptSpec = getEncryptAlgorithmParameterSpec(algorithm); 1331 c.init(Cipher.ENCRYPT_MODE, encryptKey, encryptSpec); 1332 if (isAEAD(algorithm)) { 1333 c.updateAAD(new byte[24]); 1334 } 1335 byte[] cipherText = c.doFinal(getActualPlainText(algorithm)); 1336 if (!isRandomizedEncryption(algorithm) && !isAEAD(algorithm)) { 1337 byte[] cipherText2 = c.doFinal(getActualPlainText(algorithm)); 1338 assertEquals(cipherID, Arrays.toString(cipherText), Arrays.toString(cipherText2)); 1339 } 1340 decryptSpec = getDecryptAlgorithmParameterSpec(encryptSpec, c); 1341 c.init(Cipher.DECRYPT_MODE, decryptKey, decryptSpec); 1342 if (isAEAD(algorithm)) { 1343 c.updateAAD(new byte[24]); 1344 } 1345 byte[] decryptedPlainText = c.doFinal(cipherText); 1346 assertEquals(cipherID, 1347 Arrays.toString(getExpectedPlainText(algorithm, providerName)), 1348 Arrays.toString(decryptedPlainText)); 1349 if (isAEAD(algorithm)) { 1350 c.updateAAD(new byte[24]); 1351 } 1352 byte[] decryptedPlainText2 = c.doFinal(cipherText); 1353 assertEquals(cipherID, 1354 Arrays.toString(decryptedPlainText), 1355 Arrays.toString(decryptedPlainText2)); 1356 1357 // Use a new encrypt spec so that AEAD algorithms that prohibit IV reuse don't complain 1358 encryptSpec = getEncryptAlgorithmParameterSpec(algorithm); 1359 test_Cipher_ShortBufferException(c, algorithm, Cipher.ENCRYPT_MODE, encryptSpec, 1360 encryptKey, getActualPlainText(algorithm)); 1361 decryptSpec = getDecryptAlgorithmParameterSpec(encryptSpec, c); 1362 test_Cipher_ShortBufferException(c, algorithm, Cipher.DECRYPT_MODE, decryptSpec, 1363 decryptKey, cipherText); 1364 1365 test_Cipher_aborted_doFinal(c, algorithm, providerName, encryptKey, decryptKey); 1366 } 1367 } 1368 assertCorrectAlgorithmParameters(String providerName, String cipherID, final AlgorithmParameterSpec spec, AlgorithmParameters params)1369 private void assertCorrectAlgorithmParameters(String providerName, String cipherID, 1370 final AlgorithmParameterSpec spec, AlgorithmParameters params) 1371 throws InvalidParameterSpecException, Exception { 1372 if (spec == null) { 1373 return; 1374 } 1375 1376 // Bouncycastle has a bug where PBE algorithms sometimes return null parameters. 1377 if ("BC".equals(providerName) && isPBE(cipherID) && params == null) { 1378 return; 1379 } 1380 1381 assertNotNull(cipherID + " getParameters() should not be null", params); 1382 1383 if (spec instanceof GCMParameterSpec) { 1384 GCMParameterSpec gcmDecryptSpec = params.getParameterSpec(GCMParameterSpec.class); 1385 assertEquals(cipherID + " getIV()", Arrays.toString(((GCMParameterSpec) spec).getIV()), 1386 Arrays.toString(gcmDecryptSpec.getIV())); 1387 assertEquals(cipherID + " getTLen()", ((GCMParameterSpec) spec).getTLen(), 1388 gcmDecryptSpec.getTLen()); 1389 } else if (spec instanceof IvParameterSpec) { 1390 IvParameterSpec ivDecryptSpec = params.getParameterSpec(IvParameterSpec.class); 1391 assertEquals(cipherID + " getIV()", Arrays.toString(((IvParameterSpec) spec).getIV()), 1392 Arrays.toString(ivDecryptSpec.getIV())); 1393 } else if (spec instanceof PBEParameterSpec) { 1394 // Bouncycastle seems to be undecided about whether it returns this 1395 // or not 1396 if (!"BC".equals(providerName)) { 1397 assertNotNull(cipherID + " getParameters()", params); 1398 } 1399 } else if (spec instanceof OAEPParameterSpec) { 1400 assertOAEPParametersEqual((OAEPParameterSpec) spec, 1401 params.getParameterSpec(OAEPParameterSpec.class)); 1402 } else { 1403 fail("Unhandled algorithm specification class: " + spec.getClass().getName()); 1404 } 1405 } 1406 assertOAEPParametersEqual(OAEPParameterSpec expectedOaepSpec, OAEPParameterSpec actualOaepSpec)1407 private static void assertOAEPParametersEqual(OAEPParameterSpec expectedOaepSpec, 1408 OAEPParameterSpec actualOaepSpec) throws Exception { 1409 assertEquals(expectedOaepSpec.getDigestAlgorithm(), actualOaepSpec.getDigestAlgorithm()); 1410 1411 assertEquals(expectedOaepSpec.getMGFAlgorithm(), actualOaepSpec.getMGFAlgorithm()); 1412 if ("MGF1".equals(expectedOaepSpec.getMGFAlgorithm())) { 1413 MGF1ParameterSpec expectedMgf1Spec = (MGF1ParameterSpec) expectedOaepSpec 1414 .getMGFParameters(); 1415 MGF1ParameterSpec actualMgf1Spec = (MGF1ParameterSpec) actualOaepSpec 1416 .getMGFParameters(); 1417 assertEquals(expectedMgf1Spec.getDigestAlgorithm(), 1418 actualMgf1Spec.getDigestAlgorithm()); 1419 } else { 1420 fail("Unknown MGF algorithm: " + expectedOaepSpec.getMGFAlgorithm()); 1421 } 1422 1423 if (expectedOaepSpec.getPSource() instanceof PSource.PSpecified 1424 && actualOaepSpec.getPSource() instanceof PSource.PSpecified) { 1425 assertEquals( 1426 Arrays.toString( 1427 ((PSource.PSpecified) expectedOaepSpec.getPSource()).getValue()), 1428 Arrays.toString( 1429 ((PSource.PSpecified) actualOaepSpec.getPSource()).getValue())); 1430 } else { 1431 fail("Unknown PSource type"); 1432 } 1433 } 1434 1435 /** 1436 * Try various .init(...) calls with null parameters to make sure it is 1437 * handled. 1438 */ test_Cipher_init_NullParameters(Cipher c, int encryptMode, Key encryptKey)1439 private void test_Cipher_init_NullParameters(Cipher c, int encryptMode, Key encryptKey) 1440 throws Exception { 1441 try { 1442 c.init(encryptMode, encryptKey, (AlgorithmParameterSpec) null); 1443 } catch (InvalidAlgorithmParameterException e) { 1444 if (!isPBE(c.getAlgorithm())) { 1445 throw e; 1446 } 1447 } 1448 1449 try { 1450 c.init(encryptMode, encryptKey, (AlgorithmParameterSpec) null, (SecureRandom) null); 1451 } catch (InvalidAlgorithmParameterException e) { 1452 if (!isPBE(c.getAlgorithm())) { 1453 throw e; 1454 } 1455 } 1456 1457 try { 1458 c.init(encryptMode, encryptKey, (AlgorithmParameters) null); 1459 } catch (InvalidAlgorithmParameterException e) { 1460 if (!isPBE(c.getAlgorithm())) { 1461 throw e; 1462 } 1463 } 1464 1465 try { 1466 c.init(encryptMode, encryptKey, (AlgorithmParameters) null, (SecureRandom) null); 1467 } catch (InvalidAlgorithmParameterException e) { 1468 if (!isPBE(c.getAlgorithm())) { 1469 throw e; 1470 } 1471 } 1472 } 1473 test_Cipher_init_Decrypt_NullParameters(Cipher c, int decryptMode, Key encryptKey, boolean needsParameters)1474 private void test_Cipher_init_Decrypt_NullParameters(Cipher c, int decryptMode, Key encryptKey, 1475 boolean needsParameters) throws Exception { 1476 try { 1477 c.init(decryptMode, encryptKey, (AlgorithmParameterSpec) null); 1478 if (needsParameters) { 1479 fail("Should throw InvalidAlgorithmParameterException with null parameters"); 1480 } 1481 } catch (InvalidAlgorithmParameterException e) { 1482 if (!needsParameters) { 1483 throw e; 1484 } 1485 } 1486 1487 try { 1488 c.init(decryptMode, encryptKey, (AlgorithmParameterSpec) null, (SecureRandom) null); 1489 if (needsParameters) { 1490 fail("Should throw InvalidAlgorithmParameterException with null parameters"); 1491 } 1492 } catch (InvalidAlgorithmParameterException e) { 1493 if (!needsParameters) { 1494 throw e; 1495 } 1496 } 1497 1498 try { 1499 c.init(decryptMode, encryptKey, (AlgorithmParameters) null); 1500 if (needsParameters) { 1501 fail("Should throw InvalidAlgorithmParameterException with null parameters"); 1502 } 1503 } catch (InvalidAlgorithmParameterException e) { 1504 if (!needsParameters) { 1505 throw e; 1506 } 1507 } 1508 1509 try { 1510 c.init(decryptMode, encryptKey, (AlgorithmParameters) null, (SecureRandom) null); 1511 if (needsParameters) { 1512 fail("Should throw InvalidAlgorithmParameterException with null parameters"); 1513 } 1514 } catch (InvalidAlgorithmParameterException e) { 1515 if (!needsParameters) { 1516 throw e; 1517 } 1518 } 1519 } 1520 1521 // Checks that the Cipher throws ShortBufferException when given a too-short buffer test_Cipher_ShortBufferException(Cipher c, String algorithm, int encryptMode, AlgorithmParameterSpec spec, Key key, byte[] text)1522 private void test_Cipher_ShortBufferException(Cipher c, String algorithm, int encryptMode, 1523 AlgorithmParameterSpec spec, Key key, byte[] text) throws Exception { 1524 c.init(encryptMode, key, spec); 1525 if (isAEAD(algorithm)) { 1526 c.updateAAD(new byte[24]); 1527 } 1528 if (c.getOutputSize(text.length) > 0) { 1529 byte[] output; 1530 if (algorithm.startsWith("RSA/")) { 1531 // RSA encryption pads the input data to a full block before encrypting, 1532 // so unlike most algorithms, getOutputSize can't determine how much space 1533 // is necessary until the data is actually decrypted. 1534 output = new byte[1]; 1535 } else { 1536 // Other algorithms can much more easily forsee how much output data there 1537 // will be, so don't let them get away with being overly conservative. 1538 output = new byte[c.getOutputSize(text.length) - 1]; 1539 } 1540 try { 1541 c.doFinal(text, 0, text.length, output); 1542 fail("Short buffer should have thrown ShortBufferException"); 1543 } catch (ShortBufferException expected) { 1544 // Ignored 1545 } 1546 } 1547 } 1548 1549 // Checks that if the cipher operation is aborted by a ShortBufferException the output 1550 // is still correct. test_Cipher_aborted_doFinal(Cipher c, String algorithm, String provider, Key encryptKey, Key decryptKey)1551 private void test_Cipher_aborted_doFinal(Cipher c, String algorithm, String provider, 1552 Key encryptKey, Key decryptKey) throws Exception { 1553 byte[] text = getActualPlainText(algorithm); 1554 AlgorithmParameterSpec encryptSpec = getEncryptAlgorithmParameterSpec(algorithm); 1555 c.init(Cipher.ENCRYPT_MODE, encryptKey, encryptSpec); 1556 if (isAEAD(algorithm)) { 1557 c.updateAAD(new byte[24]); 1558 } 1559 try { 1560 c.doFinal(text, 0, text.length, new byte[0]); 1561 fail("Short buffer should have thrown ShortBufferException"); 1562 } catch (ShortBufferException expected) { 1563 // Ignored 1564 } 1565 byte[] cipherText = c.doFinal(text); 1566 c.init(Cipher.DECRYPT_MODE, decryptKey, getDecryptAlgorithmParameterSpec(encryptSpec, c)); 1567 if (isAEAD(algorithm)) { 1568 c.updateAAD(new byte[24]); 1569 } 1570 byte[] plainText = c.doFinal(cipherText); 1571 byte[] expectedPlainText = getExpectedPlainText(algorithm, provider); 1572 assertTrue("Expected " + Arrays.toString(expectedPlainText) 1573 + " but was " + Arrays.toString(plainText), 1574 Arrays.equals(expectedPlainText, plainText)); 1575 } 1576 1577 @Test testInputPKCS1Padding()1578 public void testInputPKCS1Padding() throws Exception { 1579 for (String provider : RSA_PROVIDERS) { 1580 testInputPKCS1Padding(provider); 1581 } 1582 } 1583 testInputPKCS1Padding(String provider)1584 private void testInputPKCS1Padding(String provider) throws Exception { 1585 // Type 1 is for signatures (PrivateKey to "encrypt") 1586 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT, getDecryptKey("RSA"), getEncryptKey("RSA")); 1587 try { 1588 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT, getDecryptKey("RSA"), getEncryptKey("RSA")); 1589 fail(); 1590 } catch (BadPaddingException expected) { 1591 } 1592 1593 // Type 2 is for enciphering (PublicKey to "encrypt") 1594 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_02_PADDED_PLAIN_TEXT, getEncryptKey("RSA"), getDecryptKey("RSA")); 1595 try { 1596 testInputPKCS1Padding(provider, PKCS1_BLOCK_TYPE_01_PADDED_PLAIN_TEXT, getEncryptKey("RSA"), getDecryptKey("RSA")); 1597 fail(); 1598 } catch (BadPaddingException expected) { 1599 } 1600 } 1601 testInputPKCS1Padding(String provider, byte[] prePaddedPlainText, Key encryptKey, Key decryptKey)1602 private void testInputPKCS1Padding(String provider, byte[] prePaddedPlainText, Key encryptKey, Key decryptKey) throws Exception { 1603 Cipher encryptCipher = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1604 encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey); 1605 byte[] cipherText = encryptCipher.doFinal(prePaddedPlainText); 1606 encryptCipher.update(prePaddedPlainText); 1607 encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey); 1608 byte[] cipherText2 = encryptCipher.doFinal(prePaddedPlainText); 1609 assertEquals(Arrays.toString(cipherText), 1610 Arrays.toString(cipherText2)); 1611 1612 Cipher decryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider); 1613 decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey); 1614 byte[] plainText = decryptCipher.doFinal(cipherText); 1615 assertEquals(Arrays.toString(ORIGINAL_PLAIN_TEXT), 1616 Arrays.toString(plainText)); 1617 decryptCipher.update(prePaddedPlainText); 1618 decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey); 1619 byte[] plainText2 = decryptCipher.doFinal(cipherText); 1620 assertEquals(Arrays.toString(plainText), 1621 Arrays.toString(plainText2)); 1622 } 1623 1624 @Test testOutputPKCS1Padding()1625 public void testOutputPKCS1Padding() throws Exception { 1626 for (String provider : RSA_PROVIDERS) { 1627 testOutputPKCS1Padding(provider); 1628 } 1629 } 1630 testOutputPKCS1Padding(String provider)1631 private void testOutputPKCS1Padding(String provider) throws Exception { 1632 // Type 1 is for signatures (PrivateKey to "encrypt") 1633 testOutputPKCS1Padding(provider, (byte) 1, getDecryptKey("RSA"), getEncryptKey("RSA")); 1634 // Type 2 is for enciphering (PublicKey to "encrypt") 1635 testOutputPKCS1Padding(provider, (byte) 2, getEncryptKey("RSA"), getDecryptKey("RSA")); 1636 } 1637 testOutputPKCS1Padding(String provider, byte expectedBlockType, Key encryptKey, Key decryptKey)1638 private void testOutputPKCS1Padding(String provider, byte expectedBlockType, Key encryptKey, Key decryptKey) throws Exception { 1639 Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider); 1640 encryptCipher.init(Cipher.ENCRYPT_MODE, encryptKey); 1641 byte[] cipherText = encryptCipher.doFinal(ORIGINAL_PLAIN_TEXT); 1642 Cipher decryptCipher = Cipher.getInstance("RSA/ECB/NoPadding", provider); 1643 decryptCipher.init(Cipher.DECRYPT_MODE, decryptKey); 1644 byte[] plainText = decryptCipher.doFinal(cipherText); 1645 assertPadding(provider, expectedBlockType, ORIGINAL_PLAIN_TEXT, plainText); 1646 } 1647 assertPadding(String provider, byte expectedBlockType, byte[] expectedData, byte[] actualDataWithPadding)1648 private void assertPadding(String provider, byte expectedBlockType, byte[] expectedData, byte[] actualDataWithPadding) { 1649 assertNotNull(provider, actualDataWithPadding); 1650 int expectedOutputSize = getExpectedOutputSize("RSA", Cipher.DECRYPT_MODE, provider); 1651 assertEquals(provider, expectedOutputSize, actualDataWithPadding.length); 1652 int expectedBlockTypeOffset; 1653 if (provider.equals("BC")) { 1654 // BC strips the leading 0 for us on decrypt even when NoPadding is specified... 1655 expectedBlockTypeOffset = 0; 1656 } else { 1657 expectedBlockTypeOffset = 1; 1658 assertEquals(provider, 0, actualDataWithPadding[0]); 1659 } 1660 byte actualBlockType = actualDataWithPadding[expectedBlockTypeOffset]; 1661 assertEquals(provider, expectedBlockType, actualBlockType); 1662 int actualDataOffset = actualDataWithPadding.length - expectedData.length; 1663 if (actualBlockType == 1) { 1664 int expectedDataOffset = expectedBlockTypeOffset + 1; 1665 for (int i = expectedDataOffset; i < actualDataOffset - 1; i++) { 1666 assertEquals(provider, (byte) 0xFF, actualDataWithPadding[i]); 1667 } 1668 } 1669 assertEquals(provider, 0x00, actualDataWithPadding[actualDataOffset-1]); 1670 byte[] actualData = new byte[expectedData.length]; 1671 System.arraycopy(actualDataWithPadding, actualDataOffset, actualData, 0, actualData.length); 1672 assertEquals(provider, Arrays.toString(expectedData), Arrays.toString(actualData)); 1673 } 1674 1675 @Test testCipherInitWithCertificate()1676 public void testCipherInitWithCertificate () throws Exception { 1677 // no key usage specified, everything is fine 1678 assertCipherInitWithKeyUsage(0, true, true, true, true); 1679 1680 // common case is that encrypt/wrap is prohibited when special usage is specified 1681 assertCipherInitWithKeyUsage(KeyUsage.digitalSignature, false, true, false, true); 1682 assertCipherInitWithKeyUsage(KeyUsage.nonRepudiation, false, true, false, true); 1683 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement, false, true, false, true); 1684 assertCipherInitWithKeyUsage(KeyUsage.keyCertSign, false, true, false, true); 1685 assertCipherInitWithKeyUsage(KeyUsage.cRLSign, false, true, false, true); 1686 1687 // Note they encipherOnly/decipherOnly don't have to do with 1688 // ENCRYPT_MODE or DECRYPT_MODE, but restrict usage relative 1689 // to keyAgreement. There is not a *_MODE option that 1690 // corresponds to this in Cipher, the RI does not enforce 1691 // anything in Cipher. 1692 // http://code.google.com/p/android/issues/detail?id=12955 1693 assertCipherInitWithKeyUsage(KeyUsage.encipherOnly, false, true, false, true); 1694 assertCipherInitWithKeyUsage(KeyUsage.decipherOnly, false, true, false, true); 1695 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement | KeyUsage.encipherOnly, 1696 false, true, false, true); 1697 assertCipherInitWithKeyUsage(KeyUsage.keyAgreement | KeyUsage.decipherOnly, 1698 false, true, false, true); 1699 1700 // except when wrapping a key is specifically allowed or 1701 assertCipherInitWithKeyUsage(KeyUsage.keyEncipherment, false, true, true, true); 1702 // except when wrapping data encryption is specifically allowed 1703 assertCipherInitWithKeyUsage(KeyUsage.dataEncipherment, true, true, false, true); 1704 } 1705 assertCipherInitWithKeyUsage(int keyUsage, boolean allowEncrypt, boolean allowDecrypt, boolean allowWrap, boolean allowUnwrap)1706 private void assertCipherInitWithKeyUsage (int keyUsage, 1707 boolean allowEncrypt, 1708 boolean allowDecrypt, 1709 boolean allowWrap, 1710 boolean allowUnwrap) throws Exception { 1711 Certificate certificate = certificateWithKeyUsage(keyUsage); 1712 assertCipherInitWithKeyUsage(certificate, allowEncrypt, Cipher.ENCRYPT_MODE); 1713 assertCipherInitWithKeyUsage(certificate, allowDecrypt, Cipher.DECRYPT_MODE); 1714 assertCipherInitWithKeyUsage(certificate, allowWrap, Cipher.WRAP_MODE); 1715 assertCipherInitWithKeyUsage(certificate, allowUnwrap, Cipher.UNWRAP_MODE); 1716 } 1717 assertCipherInitWithKeyUsage(Certificate certificate, boolean allowMode, int mode)1718 private void assertCipherInitWithKeyUsage(Certificate certificate, 1719 boolean allowMode, 1720 int mode) throws Exception { 1721 Cipher cipher = Cipher.getInstance("RSA"); 1722 if (allowMode) { 1723 cipher.init(mode, certificate); 1724 } else { 1725 try { 1726 cipher.init(mode, certificate); 1727 String modeString; 1728 switch (mode) { 1729 case Cipher.ENCRYPT_MODE: 1730 modeString = "ENCRYPT_MODE"; 1731 break; 1732 case Cipher.DECRYPT_MODE: 1733 modeString = "DECRYPT_MODE"; 1734 break; 1735 case Cipher.WRAP_MODE: 1736 modeString = "WRAP_MODE"; 1737 break; 1738 case Cipher.UNWRAP_MODE: 1739 modeString = "UNWRAP_MODE"; 1740 break; 1741 default: 1742 throw new AssertionError("Unknown Cipher.*_MODE " + mode); 1743 } 1744 fail("Should have had InvalidKeyException for " + modeString 1745 + " for " + certificate); 1746 } catch (InvalidKeyException expected) { 1747 } 1748 } 1749 } 1750 certificateWithKeyUsage(int keyUsage)1751 private Certificate certificateWithKeyUsage(int keyUsage) throws Exception { 1752 // note the rare usage of non-zero keyUsage 1753 return new TestKeyStore.Builder() 1754 .aliasPrefix("rsa-dsa-ec") 1755 .keyUsage(keyUsage) 1756 .build() 1757 .getPrivateKey("RSA", "RSA").getCertificate(); 1758 } 1759 1760 /* 1761 * Test vectors generated with this private key: 1762 * 1763 * -----BEGIN RSA PRIVATE KEY----- 1764 * MIIEpAIBAAKCAQEA4Ec+irjyKE/rnnQv+XSPoRjtmGM8kvUq63ouvg075gMpvnZq 1765 * 0Q62pRXQ0s/ZvqeTDwwwZTeJn3lYzT6FsB+IGFJNMSWEqUslHjYltUFB7b/uGYgI 1766 * 4buX/Hy0m56qr2jpyY19DtxTu8D6ADQ1bWMF+7zDxwAUBThqu8hzyw8+90JfPTPf 1767 * ezFa4DbSoLZq/UdQOxab8247UWJRW3Ff2oPeryxYrrmr+zCXw8yd2dvl7ylsF2E5 1768 * Ao6KZx5jBW1F9AGI0sQTNJCEXeUsJTTpxrJHjAe9rpKII7YtBmx3cPn2Pz26JH9T 1769 * CER0e+eqqF2FO4vSRKzsPePImrRkU6tNJMOsaQIDAQABAoIBADd4R3al8XaY9ayW 1770 * DfuDobZ1ZOZIvQWXz4q4CHGG8macJ6nsvdSA8Bl6gNBzCebGqW+SUzHlf4tKxvTU 1771 * XtpFojJpwJ/EKMB6Tm7fc4oV3sl/q9Lyu0ehTyDqcvz+TDbgGtp3vRN82NTaELsW 1772 * LpSkZilx8XX5hfoYjwVsuX7igW9Dq503R2Ekhs2owWGWwwgYqZXshdOEZ3kSZ7O/ 1773 * IfJzcQppJYYldoQcW2cSwS1L0govMpmtt8E12l6VFavadufK8qO+gFUdBzt4vxFi 1774 * xIrSt/R0OgI47k0lL31efmUzzK5kzLOTYAdaL9HgNOw65c6cQIzL8OJeQRQCFoez 1775 * 3UdUroECgYEA9UGIS8Nzeyki1BGe9F4t7izUy7dfRVBaFXqlAJ+Zxzot8HJKxGAk 1776 * MGMy6omBd2NFRl3G3x4KbxQK/ztzluaomUrF2qloc0cv43dJ0U6z4HXmKdvrNYMz 1777 * im82SdCiZUp6Qv2atr+krE1IHTkLsimwZL3DEcwb4bYxidp8QM3s8rECgYEA6hp0 1778 * LduIHO23KIyH442GjdekCdFaQ/RF1Td6C1cx3b/KLa8oqOE81cCvzsM0fXSjniNa 1779 * PNljPydN4rlPkt9DgzkR2enxz1jyfeLgj/RZZMcg0+whOdx8r8kSlTzeyy81Wi4s 1780 * NaUPrXVMs7IxZkJLo7bjESoriYw4xcFe2yOGkzkCgYBRgo8exv2ZYCmQG68dfjN7 1781 * pfCvJ+mE6tiVrOYr199O5FoiQInyzBUa880XP84EdLywTzhqLNzA4ANrokGfVFeS 1782 * YtRxAL6TGYSj76Bb7PFBV03AebOpXEqD5sQ/MhTW3zLVEt4ZgIXlMeYWuD/X3Z0f 1783 * TiYHwzM9B8VdEH0dOJNYcQKBgQDbT7UPUN6O21P/NMgJMYigUShn2izKBIl3WeWH 1784 * wkQBDa+GZNWegIPRbBZHiTAfZ6nweAYNg0oq29NnV1toqKhCwrAqibPzH8zsiiL+ 1785 * OVeVxcbHQitOXXSh6ajzDndZufwtY5wfFWc+hOk6XvFQb0MVODw41Fy9GxQEj0ch 1786 * 3IIyYQKBgQDYEUWTr0FfthLb8ZI3ENVNB0hiBadqO0MZSWjA3/HxHvD2GkozfV/T 1787 * dBu8lkDkR7i2tsR8OsEgQ1fTsMVbqShr2nP2KSlvX6kUbYl2NX08dR51FIaWpAt0 1788 * aFyCzjCQLWOdck/yTV4ulAfuNO3tLjtN9lqpvP623yjQe6aQPxZXaA== 1789 * -----END RSA PRIVATE KEY----- 1790 * 1791 */ 1792 1793 private static final BigInteger RSA_2048_modulus = new BigInteger(new byte[] { 1794 (byte) 0x00, (byte) 0xe0, (byte) 0x47, (byte) 0x3e, (byte) 0x8a, (byte) 0xb8, (byte) 0xf2, (byte) 0x28, 1795 (byte) 0x4f, (byte) 0xeb, (byte) 0x9e, (byte) 0x74, (byte) 0x2f, (byte) 0xf9, (byte) 0x74, (byte) 0x8f, 1796 (byte) 0xa1, (byte) 0x18, (byte) 0xed, (byte) 0x98, (byte) 0x63, (byte) 0x3c, (byte) 0x92, (byte) 0xf5, 1797 (byte) 0x2a, (byte) 0xeb, (byte) 0x7a, (byte) 0x2e, (byte) 0xbe, (byte) 0x0d, (byte) 0x3b, (byte) 0xe6, 1798 (byte) 0x03, (byte) 0x29, (byte) 0xbe, (byte) 0x76, (byte) 0x6a, (byte) 0xd1, (byte) 0x0e, (byte) 0xb6, 1799 (byte) 0xa5, (byte) 0x15, (byte) 0xd0, (byte) 0xd2, (byte) 0xcf, (byte) 0xd9, (byte) 0xbe, (byte) 0xa7, 1800 (byte) 0x93, (byte) 0x0f, (byte) 0x0c, (byte) 0x30, (byte) 0x65, (byte) 0x37, (byte) 0x89, (byte) 0x9f, 1801 (byte) 0x79, (byte) 0x58, (byte) 0xcd, (byte) 0x3e, (byte) 0x85, (byte) 0xb0, (byte) 0x1f, (byte) 0x88, 1802 (byte) 0x18, (byte) 0x52, (byte) 0x4d, (byte) 0x31, (byte) 0x25, (byte) 0x84, (byte) 0xa9, (byte) 0x4b, 1803 (byte) 0x25, (byte) 0x1e, (byte) 0x36, (byte) 0x25, (byte) 0xb5, (byte) 0x41, (byte) 0x41, (byte) 0xed, 1804 (byte) 0xbf, (byte) 0xee, (byte) 0x19, (byte) 0x88, (byte) 0x08, (byte) 0xe1, (byte) 0xbb, (byte) 0x97, 1805 (byte) 0xfc, (byte) 0x7c, (byte) 0xb4, (byte) 0x9b, (byte) 0x9e, (byte) 0xaa, (byte) 0xaf, (byte) 0x68, 1806 (byte) 0xe9, (byte) 0xc9, (byte) 0x8d, (byte) 0x7d, (byte) 0x0e, (byte) 0xdc, (byte) 0x53, (byte) 0xbb, 1807 (byte) 0xc0, (byte) 0xfa, (byte) 0x00, (byte) 0x34, (byte) 0x35, (byte) 0x6d, (byte) 0x63, (byte) 0x05, 1808 (byte) 0xfb, (byte) 0xbc, (byte) 0xc3, (byte) 0xc7, (byte) 0x00, (byte) 0x14, (byte) 0x05, (byte) 0x38, 1809 (byte) 0x6a, (byte) 0xbb, (byte) 0xc8, (byte) 0x73, (byte) 0xcb, (byte) 0x0f, (byte) 0x3e, (byte) 0xf7, 1810 (byte) 0x42, (byte) 0x5f, (byte) 0x3d, (byte) 0x33, (byte) 0xdf, (byte) 0x7b, (byte) 0x31, (byte) 0x5a, 1811 (byte) 0xe0, (byte) 0x36, (byte) 0xd2, (byte) 0xa0, (byte) 0xb6, (byte) 0x6a, (byte) 0xfd, (byte) 0x47, 1812 (byte) 0x50, (byte) 0x3b, (byte) 0x16, (byte) 0x9b, (byte) 0xf3, (byte) 0x6e, (byte) 0x3b, (byte) 0x51, 1813 (byte) 0x62, (byte) 0x51, (byte) 0x5b, (byte) 0x71, (byte) 0x5f, (byte) 0xda, (byte) 0x83, (byte) 0xde, 1814 (byte) 0xaf, (byte) 0x2c, (byte) 0x58, (byte) 0xae, (byte) 0xb9, (byte) 0xab, (byte) 0xfb, (byte) 0x30, 1815 (byte) 0x97, (byte) 0xc3, (byte) 0xcc, (byte) 0x9d, (byte) 0xd9, (byte) 0xdb, (byte) 0xe5, (byte) 0xef, 1816 (byte) 0x29, (byte) 0x6c, (byte) 0x17, (byte) 0x61, (byte) 0x39, (byte) 0x02, (byte) 0x8e, (byte) 0x8a, 1817 (byte) 0x67, (byte) 0x1e, (byte) 0x63, (byte) 0x05, (byte) 0x6d, (byte) 0x45, (byte) 0xf4, (byte) 0x01, 1818 (byte) 0x88, (byte) 0xd2, (byte) 0xc4, (byte) 0x13, (byte) 0x34, (byte) 0x90, (byte) 0x84, (byte) 0x5d, 1819 (byte) 0xe5, (byte) 0x2c, (byte) 0x25, (byte) 0x34, (byte) 0xe9, (byte) 0xc6, (byte) 0xb2, (byte) 0x47, 1820 (byte) 0x8c, (byte) 0x07, (byte) 0xbd, (byte) 0xae, (byte) 0x92, (byte) 0x88, (byte) 0x23, (byte) 0xb6, 1821 (byte) 0x2d, (byte) 0x06, (byte) 0x6c, (byte) 0x77, (byte) 0x70, (byte) 0xf9, (byte) 0xf6, (byte) 0x3f, 1822 (byte) 0x3d, (byte) 0xba, (byte) 0x24, (byte) 0x7f, (byte) 0x53, (byte) 0x08, (byte) 0x44, (byte) 0x74, 1823 (byte) 0x7b, (byte) 0xe7, (byte) 0xaa, (byte) 0xa8, (byte) 0x5d, (byte) 0x85, (byte) 0x3b, (byte) 0x8b, 1824 (byte) 0xd2, (byte) 0x44, (byte) 0xac, (byte) 0xec, (byte) 0x3d, (byte) 0xe3, (byte) 0xc8, (byte) 0x9a, 1825 (byte) 0xb4, (byte) 0x64, (byte) 0x53, (byte) 0xab, (byte) 0x4d, (byte) 0x24, (byte) 0xc3, (byte) 0xac, 1826 (byte) 0x69, 1827 }); 1828 1829 private static final BigInteger RSA_2048_privateExponent = new BigInteger(new byte[] { 1830 (byte) 0x37, (byte) 0x78, (byte) 0x47, (byte) 0x76, (byte) 0xa5, (byte) 0xf1, (byte) 0x76, (byte) 0x98, 1831 (byte) 0xf5, (byte) 0xac, (byte) 0x96, (byte) 0x0d, (byte) 0xfb, (byte) 0x83, (byte) 0xa1, (byte) 0xb6, 1832 (byte) 0x75, (byte) 0x64, (byte) 0xe6, (byte) 0x48, (byte) 0xbd, (byte) 0x05, (byte) 0x97, (byte) 0xcf, 1833 (byte) 0x8a, (byte) 0xb8, (byte) 0x08, (byte) 0x71, (byte) 0x86, (byte) 0xf2, (byte) 0x66, (byte) 0x9c, 1834 (byte) 0x27, (byte) 0xa9, (byte) 0xec, (byte) 0xbd, (byte) 0xd4, (byte) 0x80, (byte) 0xf0, (byte) 0x19, 1835 (byte) 0x7a, (byte) 0x80, (byte) 0xd0, (byte) 0x73, (byte) 0x09, (byte) 0xe6, (byte) 0xc6, (byte) 0xa9, 1836 (byte) 0x6f, (byte) 0x92, (byte) 0x53, (byte) 0x31, (byte) 0xe5, (byte) 0x7f, (byte) 0x8b, (byte) 0x4a, 1837 (byte) 0xc6, (byte) 0xf4, (byte) 0xd4, (byte) 0x5e, (byte) 0xda, (byte) 0x45, (byte) 0xa2, (byte) 0x32, 1838 (byte) 0x69, (byte) 0xc0, (byte) 0x9f, (byte) 0xc4, (byte) 0x28, (byte) 0xc0, (byte) 0x7a, (byte) 0x4e, 1839 (byte) 0x6e, (byte) 0xdf, (byte) 0x73, (byte) 0x8a, (byte) 0x15, (byte) 0xde, (byte) 0xc9, (byte) 0x7f, 1840 (byte) 0xab, (byte) 0xd2, (byte) 0xf2, (byte) 0xbb, (byte) 0x47, (byte) 0xa1, (byte) 0x4f, (byte) 0x20, 1841 (byte) 0xea, (byte) 0x72, (byte) 0xfc, (byte) 0xfe, (byte) 0x4c, (byte) 0x36, (byte) 0xe0, (byte) 0x1a, 1842 (byte) 0xda, (byte) 0x77, (byte) 0xbd, (byte) 0x13, (byte) 0x7c, (byte) 0xd8, (byte) 0xd4, (byte) 0xda, 1843 (byte) 0x10, (byte) 0xbb, (byte) 0x16, (byte) 0x2e, (byte) 0x94, (byte) 0xa4, (byte) 0x66, (byte) 0x29, 1844 (byte) 0x71, (byte) 0xf1, (byte) 0x75, (byte) 0xf9, (byte) 0x85, (byte) 0xfa, (byte) 0x18, (byte) 0x8f, 1845 (byte) 0x05, (byte) 0x6c, (byte) 0xb9, (byte) 0x7e, (byte) 0xe2, (byte) 0x81, (byte) 0x6f, (byte) 0x43, 1846 (byte) 0xab, (byte) 0x9d, (byte) 0x37, (byte) 0x47, (byte) 0x61, (byte) 0x24, (byte) 0x86, (byte) 0xcd, 1847 (byte) 0xa8, (byte) 0xc1, (byte) 0x61, (byte) 0x96, (byte) 0xc3, (byte) 0x08, (byte) 0x18, (byte) 0xa9, 1848 (byte) 0x95, (byte) 0xec, (byte) 0x85, (byte) 0xd3, (byte) 0x84, (byte) 0x67, (byte) 0x79, (byte) 0x12, 1849 (byte) 0x67, (byte) 0xb3, (byte) 0xbf, (byte) 0x21, (byte) 0xf2, (byte) 0x73, (byte) 0x71, (byte) 0x0a, 1850 (byte) 0x69, (byte) 0x25, (byte) 0x86, (byte) 0x25, (byte) 0x76, (byte) 0x84, (byte) 0x1c, (byte) 0x5b, 1851 (byte) 0x67, (byte) 0x12, (byte) 0xc1, (byte) 0x2d, (byte) 0x4b, (byte) 0xd2, (byte) 0x0a, (byte) 0x2f, 1852 (byte) 0x32, (byte) 0x99, (byte) 0xad, (byte) 0xb7, (byte) 0xc1, (byte) 0x35, (byte) 0xda, (byte) 0x5e, 1853 (byte) 0x95, (byte) 0x15, (byte) 0xab, (byte) 0xda, (byte) 0x76, (byte) 0xe7, (byte) 0xca, (byte) 0xf2, 1854 (byte) 0xa3, (byte) 0xbe, (byte) 0x80, (byte) 0x55, (byte) 0x1d, (byte) 0x07, (byte) 0x3b, (byte) 0x78, 1855 (byte) 0xbf, (byte) 0x11, (byte) 0x62, (byte) 0xc4, (byte) 0x8a, (byte) 0xd2, (byte) 0xb7, (byte) 0xf4, 1856 (byte) 0x74, (byte) 0x3a, (byte) 0x02, (byte) 0x38, (byte) 0xee, (byte) 0x4d, (byte) 0x25, (byte) 0x2f, 1857 (byte) 0x7d, (byte) 0x5e, (byte) 0x7e, (byte) 0x65, (byte) 0x33, (byte) 0xcc, (byte) 0xae, (byte) 0x64, 1858 (byte) 0xcc, (byte) 0xb3, (byte) 0x93, (byte) 0x60, (byte) 0x07, (byte) 0x5a, (byte) 0x2f, (byte) 0xd1, 1859 (byte) 0xe0, (byte) 0x34, (byte) 0xec, (byte) 0x3a, (byte) 0xe5, (byte) 0xce, (byte) 0x9c, (byte) 0x40, 1860 (byte) 0x8c, (byte) 0xcb, (byte) 0xf0, (byte) 0xe2, (byte) 0x5e, (byte) 0x41, (byte) 0x14, (byte) 0x02, 1861 (byte) 0x16, (byte) 0x87, (byte) 0xb3, (byte) 0xdd, (byte) 0x47, (byte) 0x54, (byte) 0xae, (byte) 0x81, 1862 }); 1863 1864 private static final BigInteger RSA_2048_publicExponent = new BigInteger(new byte[] { 1865 (byte) 0x01, (byte) 0x00, (byte) 0x01, 1866 }); 1867 1868 private static final BigInteger RSA_2048_primeP = new BigInteger(new byte[] { 1869 (byte) 0x00, (byte) 0xf5, (byte) 0x41, (byte) 0x88, (byte) 0x4b, (byte) 0xc3, (byte) 0x73, (byte) 0x7b, 1870 (byte) 0x29, (byte) 0x22, (byte) 0xd4, (byte) 0x11, (byte) 0x9e, (byte) 0xf4, (byte) 0x5e, (byte) 0x2d, 1871 (byte) 0xee, (byte) 0x2c, (byte) 0xd4, (byte) 0xcb, (byte) 0xb7, (byte) 0x5f, (byte) 0x45, (byte) 0x50, 1872 (byte) 0x5a, (byte) 0x15, (byte) 0x7a, (byte) 0xa5, (byte) 0x00, (byte) 0x9f, (byte) 0x99, (byte) 0xc7, 1873 (byte) 0x3a, (byte) 0x2d, (byte) 0xf0, (byte) 0x72, (byte) 0x4a, (byte) 0xc4, (byte) 0x60, (byte) 0x24, 1874 (byte) 0x30, (byte) 0x63, (byte) 0x32, (byte) 0xea, (byte) 0x89, (byte) 0x81, (byte) 0x77, (byte) 0x63, 1875 (byte) 0x45, (byte) 0x46, (byte) 0x5d, (byte) 0xc6, (byte) 0xdf, (byte) 0x1e, (byte) 0x0a, (byte) 0x6f, 1876 (byte) 0x14, (byte) 0x0a, (byte) 0xff, (byte) 0x3b, (byte) 0x73, (byte) 0x96, (byte) 0xe6, (byte) 0xa8, 1877 (byte) 0x99, (byte) 0x4a, (byte) 0xc5, (byte) 0xda, (byte) 0xa9, (byte) 0x68, (byte) 0x73, (byte) 0x47, 1878 (byte) 0x2f, (byte) 0xe3, (byte) 0x77, (byte) 0x49, (byte) 0xd1, (byte) 0x4e, (byte) 0xb3, (byte) 0xe0, 1879 (byte) 0x75, (byte) 0xe6, (byte) 0x29, (byte) 0xdb, (byte) 0xeb, (byte) 0x35, (byte) 0x83, (byte) 0x33, 1880 (byte) 0x8a, (byte) 0x6f, (byte) 0x36, (byte) 0x49, (byte) 0xd0, (byte) 0xa2, (byte) 0x65, (byte) 0x4a, 1881 (byte) 0x7a, (byte) 0x42, (byte) 0xfd, (byte) 0x9a, (byte) 0xb6, (byte) 0xbf, (byte) 0xa4, (byte) 0xac, 1882 (byte) 0x4d, (byte) 0x48, (byte) 0x1d, (byte) 0x39, (byte) 0x0b, (byte) 0xb2, (byte) 0x29, (byte) 0xb0, 1883 (byte) 0x64, (byte) 0xbd, (byte) 0xc3, (byte) 0x11, (byte) 0xcc, (byte) 0x1b, (byte) 0xe1, (byte) 0xb6, 1884 (byte) 0x31, (byte) 0x89, (byte) 0xda, (byte) 0x7c, (byte) 0x40, (byte) 0xcd, (byte) 0xec, (byte) 0xf2, 1885 (byte) 0xb1, 1886 }); 1887 1888 private static final BigInteger RSA_2048_primeQ = new BigInteger(new byte[] { 1889 (byte) 0x00, (byte) 0xea, (byte) 0x1a, (byte) 0x74, (byte) 0x2d, (byte) 0xdb, (byte) 0x88, (byte) 0x1c, 1890 (byte) 0xed, (byte) 0xb7, (byte) 0x28, (byte) 0x8c, (byte) 0x87, (byte) 0xe3, (byte) 0x8d, (byte) 0x86, 1891 (byte) 0x8d, (byte) 0xd7, (byte) 0xa4, (byte) 0x09, (byte) 0xd1, (byte) 0x5a, (byte) 0x43, (byte) 0xf4, 1892 (byte) 0x45, (byte) 0xd5, (byte) 0x37, (byte) 0x7a, (byte) 0x0b, (byte) 0x57, (byte) 0x31, (byte) 0xdd, 1893 (byte) 0xbf, (byte) 0xca, (byte) 0x2d, (byte) 0xaf, (byte) 0x28, (byte) 0xa8, (byte) 0xe1, (byte) 0x3c, 1894 (byte) 0xd5, (byte) 0xc0, (byte) 0xaf, (byte) 0xce, (byte) 0xc3, (byte) 0x34, (byte) 0x7d, (byte) 0x74, 1895 (byte) 0xa3, (byte) 0x9e, (byte) 0x23, (byte) 0x5a, (byte) 0x3c, (byte) 0xd9, (byte) 0x63, (byte) 0x3f, 1896 (byte) 0x27, (byte) 0x4d, (byte) 0xe2, (byte) 0xb9, (byte) 0x4f, (byte) 0x92, (byte) 0xdf, (byte) 0x43, 1897 (byte) 0x83, (byte) 0x39, (byte) 0x11, (byte) 0xd9, (byte) 0xe9, (byte) 0xf1, (byte) 0xcf, (byte) 0x58, 1898 (byte) 0xf2, (byte) 0x7d, (byte) 0xe2, (byte) 0xe0, (byte) 0x8f, (byte) 0xf4, (byte) 0x59, (byte) 0x64, 1899 (byte) 0xc7, (byte) 0x20, (byte) 0xd3, (byte) 0xec, (byte) 0x21, (byte) 0x39, (byte) 0xdc, (byte) 0x7c, 1900 (byte) 0xaf, (byte) 0xc9, (byte) 0x12, (byte) 0x95, (byte) 0x3c, (byte) 0xde, (byte) 0xcb, (byte) 0x2f, 1901 (byte) 0x35, (byte) 0x5a, (byte) 0x2e, (byte) 0x2c, (byte) 0x35, (byte) 0xa5, (byte) 0x0f, (byte) 0xad, 1902 (byte) 0x75, (byte) 0x4c, (byte) 0xb3, (byte) 0xb2, (byte) 0x31, (byte) 0x66, (byte) 0x42, (byte) 0x4b, 1903 (byte) 0xa3, (byte) 0xb6, (byte) 0xe3, (byte) 0x11, (byte) 0x2a, (byte) 0x2b, (byte) 0x89, (byte) 0x8c, 1904 (byte) 0x38, (byte) 0xc5, (byte) 0xc1, (byte) 0x5e, (byte) 0xdb, (byte) 0x23, (byte) 0x86, (byte) 0x93, 1905 (byte) 0x39, 1906 }); 1907 1908 private static final BigInteger RSA_2048_primeExponentP = new BigInteger(1, new byte[] { 1909 (byte) 0x51, (byte) 0x82, (byte) 0x8F, (byte) 0x1E, (byte) 0xC6, (byte) 0xFD, (byte) 0x99, (byte) 0x60, 1910 (byte) 0x29, (byte) 0x90, (byte) 0x1B, (byte) 0xAF, (byte) 0x1D, (byte) 0x7E, (byte) 0x33, (byte) 0x7B, 1911 (byte) 0xA5, (byte) 0xF0, (byte) 0xAF, (byte) 0x27, (byte) 0xE9, (byte) 0x84, (byte) 0xEA, (byte) 0xD8, 1912 (byte) 0x95, (byte) 0xAC, (byte) 0xE6, (byte) 0x2B, (byte) 0xD7, (byte) 0xDF, (byte) 0x4E, (byte) 0xE4, 1913 (byte) 0x5A, (byte) 0x22, (byte) 0x40, (byte) 0x89, (byte) 0xF2, (byte) 0xCC, (byte) 0x15, (byte) 0x1A, 1914 (byte) 0xF3, (byte) 0xCD, (byte) 0x17, (byte) 0x3F, (byte) 0xCE, (byte) 0x04, (byte) 0x74, (byte) 0xBC, 1915 (byte) 0xB0, (byte) 0x4F, (byte) 0x38, (byte) 0x6A, (byte) 0x2C, (byte) 0xDC, (byte) 0xC0, (byte) 0xE0, 1916 (byte) 0x03, (byte) 0x6B, (byte) 0xA2, (byte) 0x41, (byte) 0x9F, (byte) 0x54, (byte) 0x57, (byte) 0x92, 1917 (byte) 0x62, (byte) 0xD4, (byte) 0x71, (byte) 0x00, (byte) 0xBE, (byte) 0x93, (byte) 0x19, (byte) 0x84, 1918 (byte) 0xA3, (byte) 0xEF, (byte) 0xA0, (byte) 0x5B, (byte) 0xEC, (byte) 0xF1, (byte) 0x41, (byte) 0x57, 1919 (byte) 0x4D, (byte) 0xC0, (byte) 0x79, (byte) 0xB3, (byte) 0xA9, (byte) 0x5C, (byte) 0x4A, (byte) 0x83, 1920 (byte) 0xE6, (byte) 0xC4, (byte) 0x3F, (byte) 0x32, (byte) 0x14, (byte) 0xD6, (byte) 0xDF, (byte) 0x32, 1921 (byte) 0xD5, (byte) 0x12, (byte) 0xDE, (byte) 0x19, (byte) 0x80, (byte) 0x85, (byte) 0xE5, (byte) 0x31, 1922 (byte) 0xE6, (byte) 0x16, (byte) 0xB8, (byte) 0x3F, (byte) 0xD7, (byte) 0xDD, (byte) 0x9D, (byte) 0x1F, 1923 (byte) 0x4E, (byte) 0x26, (byte) 0x07, (byte) 0xC3, (byte) 0x33, (byte) 0x3D, (byte) 0x07, (byte) 0xC5, 1924 (byte) 0x5D, (byte) 0x10, (byte) 0x7D, (byte) 0x1D, (byte) 0x38, (byte) 0x93, (byte) 0x58, (byte) 0x71, 1925 }); 1926 1927 private static final BigInteger RSA_2048_primeExponentQ = new BigInteger(1, new byte[] { 1928 (byte) 0xDB, (byte) 0x4F, (byte) 0xB5, (byte) 0x0F, (byte) 0x50, (byte) 0xDE, (byte) 0x8E, (byte) 0xDB, 1929 (byte) 0x53, (byte) 0xFF, (byte) 0x34, (byte) 0xC8, (byte) 0x09, (byte) 0x31, (byte) 0x88, (byte) 0xA0, 1930 (byte) 0x51, (byte) 0x28, (byte) 0x67, (byte) 0xDA, (byte) 0x2C, (byte) 0xCA, (byte) 0x04, (byte) 0x89, 1931 (byte) 0x77, (byte) 0x59, (byte) 0xE5, (byte) 0x87, (byte) 0xC2, (byte) 0x44, (byte) 0x01, (byte) 0x0D, 1932 (byte) 0xAF, (byte) 0x86, (byte) 0x64, (byte) 0xD5, (byte) 0x9E, (byte) 0x80, (byte) 0x83, (byte) 0xD1, 1933 (byte) 0x6C, (byte) 0x16, (byte) 0x47, (byte) 0x89, (byte) 0x30, (byte) 0x1F, (byte) 0x67, (byte) 0xA9, 1934 (byte) 0xF0, (byte) 0x78, (byte) 0x06, (byte) 0x0D, (byte) 0x83, (byte) 0x4A, (byte) 0x2A, (byte) 0xDB, 1935 (byte) 0xD3, (byte) 0x67, (byte) 0x57, (byte) 0x5B, (byte) 0x68, (byte) 0xA8, (byte) 0xA8, (byte) 0x42, 1936 (byte) 0xC2, (byte) 0xB0, (byte) 0x2A, (byte) 0x89, (byte) 0xB3, (byte) 0xF3, (byte) 0x1F, (byte) 0xCC, 1937 (byte) 0xEC, (byte) 0x8A, (byte) 0x22, (byte) 0xFE, (byte) 0x39, (byte) 0x57, (byte) 0x95, (byte) 0xC5, 1938 (byte) 0xC6, (byte) 0xC7, (byte) 0x42, (byte) 0x2B, (byte) 0x4E, (byte) 0x5D, (byte) 0x74, (byte) 0xA1, 1939 (byte) 0xE9, (byte) 0xA8, (byte) 0xF3, (byte) 0x0E, (byte) 0x77, (byte) 0x59, (byte) 0xB9, (byte) 0xFC, 1940 (byte) 0x2D, (byte) 0x63, (byte) 0x9C, (byte) 0x1F, (byte) 0x15, (byte) 0x67, (byte) 0x3E, (byte) 0x84, 1941 (byte) 0xE9, (byte) 0x3A, (byte) 0x5E, (byte) 0xF1, (byte) 0x50, (byte) 0x6F, (byte) 0x43, (byte) 0x15, 1942 (byte) 0x38, (byte) 0x3C, (byte) 0x38, (byte) 0xD4, (byte) 0x5C, (byte) 0xBD, (byte) 0x1B, (byte) 0x14, 1943 (byte) 0x04, (byte) 0x8F, (byte) 0x47, (byte) 0x21, (byte) 0xDC, (byte) 0x82, (byte) 0x32, (byte) 0x61, 1944 }); 1945 1946 private static final BigInteger RSA_2048_crtCoefficient = new BigInteger(1, new byte[] { 1947 (byte) 0xD8, (byte) 0x11, (byte) 0x45, (byte) 0x93, (byte) 0xAF, (byte) 0x41, (byte) 0x5F, (byte) 0xB6, 1948 (byte) 0x12, (byte) 0xDB, (byte) 0xF1, (byte) 0x92, (byte) 0x37, (byte) 0x10, (byte) 0xD5, (byte) 0x4D, 1949 (byte) 0x07, (byte) 0x48, (byte) 0x62, (byte) 0x05, (byte) 0xA7, (byte) 0x6A, (byte) 0x3B, (byte) 0x43, 1950 (byte) 0x19, (byte) 0x49, (byte) 0x68, (byte) 0xC0, (byte) 0xDF, (byte) 0xF1, (byte) 0xF1, (byte) 0x1E, 1951 (byte) 0xF0, (byte) 0xF6, (byte) 0x1A, (byte) 0x4A, (byte) 0x33, (byte) 0x7D, (byte) 0x5F, (byte) 0xD3, 1952 (byte) 0x74, (byte) 0x1B, (byte) 0xBC, (byte) 0x96, (byte) 0x40, (byte) 0xE4, (byte) 0x47, (byte) 0xB8, 1953 (byte) 0xB6, (byte) 0xB6, (byte) 0xC4, (byte) 0x7C, (byte) 0x3A, (byte) 0xC1, (byte) 0x20, (byte) 0x43, 1954 (byte) 0x57, (byte) 0xD3, (byte) 0xB0, (byte) 0xC5, (byte) 0x5B, (byte) 0xA9, (byte) 0x28, (byte) 0x6B, 1955 (byte) 0xDA, (byte) 0x73, (byte) 0xF6, (byte) 0x29, (byte) 0x29, (byte) 0x6F, (byte) 0x5F, (byte) 0xA9, 1956 (byte) 0x14, (byte) 0x6D, (byte) 0x89, (byte) 0x76, (byte) 0x35, (byte) 0x7D, (byte) 0x3C, (byte) 0x75, 1957 (byte) 0x1E, (byte) 0x75, (byte) 0x14, (byte) 0x86, (byte) 0x96, (byte) 0xA4, (byte) 0x0B, (byte) 0x74, 1958 (byte) 0x68, (byte) 0x5C, (byte) 0x82, (byte) 0xCE, (byte) 0x30, (byte) 0x90, (byte) 0x2D, (byte) 0x63, 1959 (byte) 0x9D, (byte) 0x72, (byte) 0x4F, (byte) 0xF2, (byte) 0x4D, (byte) 0x5E, (byte) 0x2E, (byte) 0x94, 1960 (byte) 0x07, (byte) 0xEE, (byte) 0x34, (byte) 0xED, (byte) 0xED, (byte) 0x2E, (byte) 0x3B, (byte) 0x4D, 1961 (byte) 0xF6, (byte) 0x5A, (byte) 0xA9, (byte) 0xBC, (byte) 0xFE, (byte) 0xB6, (byte) 0xDF, (byte) 0x28, 1962 (byte) 0xD0, (byte) 0x7B, (byte) 0xA6, (byte) 0x90, (byte) 0x3F, (byte) 0x16, (byte) 0x57, (byte) 0x68, 1963 }); 1964 1965 /** 1966 * Test data is PKCS#1 padded "Android.\n" which can be generated by: 1967 * echo "Android." | openssl rsautl -inkey rsa.key -sign | openssl rsautl -inkey rsa.key -raw -verify | recode ../x1 1968 */ 1969 private static final byte[] RSA_2048_Vector1 = new byte[] { 1970 (byte) 0x00, (byte) 0x01, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1971 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1972 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1973 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1974 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1975 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1976 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1977 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1978 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1979 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1980 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1981 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1982 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1983 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1984 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1985 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1986 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1987 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1988 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1989 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1990 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1991 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1992 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1993 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1994 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1995 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1996 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1997 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1998 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 1999 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2000 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2001 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2002 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2003 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2004 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2005 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2006 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2007 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2008 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2009 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2010 (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, 2011 (byte) 0x00, (byte) 0x41, (byte) 0x6E, (byte) 0x64, (byte) 0x72, (byte) 0x6F, 2012 (byte) 0x69, (byte) 0x64, (byte) 0x2E, (byte) 0x0A, 2013 }; 2014 2015 /** 2016 * This vector is simply "Android.\n" which is too short. 2017 */ 2018 private static final byte[] TooShort_Vector = new byte[] { 2019 (byte) 0x41, (byte) 0x6E, (byte) 0x64, (byte) 0x72, (byte) 0x6F, (byte) 0x69, 2020 (byte) 0x64, (byte) 0x2E, (byte) 0x0A, 2021 }; 2022 2023 /** 2024 * This vector is simply "Android.\n" padded with zeros. 2025 */ 2026 private static final byte[] TooShort_Vector_Zero_Padded = new byte[] { 2027 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2028 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2029 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2030 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2031 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2032 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2033 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2034 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2035 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2036 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2037 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2038 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2039 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2040 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2041 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2042 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2043 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2044 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2045 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2046 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2047 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2048 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2049 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2050 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2051 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2052 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2053 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2054 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2055 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2056 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2057 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2058 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2059 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2060 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2061 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2062 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2063 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2064 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2065 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2066 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2067 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 2068 (byte) 0x00, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, 2069 (byte) 0x69, (byte) 0x64, (byte) 0x2e, (byte) 0x0a, 2070 }; 2071 2072 /** 2073 * openssl rsautl -raw -sign -inkey rsa.key | recode ../x1 | sed 's/0x/(byte) 0x/g' 2074 */ 2075 private static final byte[] RSA_Vector1_Encrypt_Private = new byte[] { 2076 (byte) 0x35, (byte) 0x43, (byte) 0x38, (byte) 0x44, (byte) 0xAD, (byte) 0x3F, 2077 (byte) 0x97, (byte) 0x02, (byte) 0xFB, (byte) 0x59, (byte) 0x1F, (byte) 0x4A, 2078 (byte) 0x2B, (byte) 0xB9, (byte) 0x06, (byte) 0xEC, (byte) 0x66, (byte) 0xE6, 2079 (byte) 0xD2, (byte) 0xC5, (byte) 0x8B, (byte) 0x7B, (byte) 0xE3, (byte) 0x18, 2080 (byte) 0xBF, (byte) 0x07, (byte) 0xD6, (byte) 0x01, (byte) 0xF9, (byte) 0xD9, 2081 (byte) 0x89, (byte) 0xC4, (byte) 0xDB, (byte) 0x00, (byte) 0x68, (byte) 0xFF, 2082 (byte) 0x9B, (byte) 0x43, (byte) 0x90, (byte) 0xF2, (byte) 0xDB, (byte) 0x83, 2083 (byte) 0xF4, (byte) 0x7E, (byte) 0xC6, (byte) 0x81, (byte) 0x01, (byte) 0x3A, 2084 (byte) 0x0B, (byte) 0xE5, (byte) 0xED, (byte) 0x08, (byte) 0x73, (byte) 0x3E, 2085 (byte) 0xE1, (byte) 0x3F, (byte) 0xDF, (byte) 0x1F, (byte) 0x07, (byte) 0x6D, 2086 (byte) 0x22, (byte) 0x8D, (byte) 0xCC, (byte) 0x4E, (byte) 0xE3, (byte) 0x9A, 2087 (byte) 0xBC, (byte) 0xCC, (byte) 0x8F, (byte) 0x9E, (byte) 0x9B, (byte) 0x02, 2088 (byte) 0x48, (byte) 0x00, (byte) 0xAC, (byte) 0x9F, (byte) 0xA4, (byte) 0x8F, 2089 (byte) 0x87, (byte) 0xA1, (byte) 0xA8, (byte) 0xE6, (byte) 0x9D, (byte) 0xCD, 2090 (byte) 0x8B, (byte) 0x05, (byte) 0xE9, (byte) 0xD2, (byte) 0x05, (byte) 0x8D, 2091 (byte) 0xC9, (byte) 0x95, (byte) 0x16, (byte) 0xD0, (byte) 0xCD, (byte) 0x43, 2092 (byte) 0x25, (byte) 0x8A, (byte) 0x11, (byte) 0x46, (byte) 0xD7, (byte) 0x74, 2093 (byte) 0x4C, (byte) 0xCF, (byte) 0x58, (byte) 0xF9, (byte) 0xA1, (byte) 0x30, 2094 (byte) 0x84, (byte) 0x52, (byte) 0xC9, (byte) 0x01, (byte) 0x5F, (byte) 0x24, 2095 (byte) 0x4C, (byte) 0xB1, (byte) 0x9F, (byte) 0x7D, (byte) 0x12, (byte) 0x38, 2096 (byte) 0x27, (byte) 0x0F, (byte) 0x5E, (byte) 0xFF, (byte) 0xE0, (byte) 0x55, 2097 (byte) 0x8B, (byte) 0xA3, (byte) 0xAD, (byte) 0x60, (byte) 0x35, (byte) 0x83, 2098 (byte) 0x58, (byte) 0xAF, (byte) 0x99, (byte) 0xDE, (byte) 0x3F, (byte) 0x5D, 2099 (byte) 0x80, (byte) 0x80, (byte) 0xFF, (byte) 0x9B, (byte) 0xDE, (byte) 0x5C, 2100 (byte) 0xAB, (byte) 0x97, (byte) 0x43, (byte) 0x64, (byte) 0xD9, (byte) 0x9F, 2101 (byte) 0xFB, (byte) 0x67, (byte) 0x65, (byte) 0xA5, (byte) 0x99, (byte) 0xE7, 2102 (byte) 0xE6, (byte) 0xEB, (byte) 0x05, (byte) 0x95, (byte) 0xFC, (byte) 0x46, 2103 (byte) 0x28, (byte) 0x4B, (byte) 0xD8, (byte) 0x8C, (byte) 0xF5, (byte) 0x0A, 2104 (byte) 0xEB, (byte) 0x1F, (byte) 0x30, (byte) 0xEA, (byte) 0xE7, (byte) 0x67, 2105 (byte) 0x11, (byte) 0x25, (byte) 0xF0, (byte) 0x44, (byte) 0x75, (byte) 0x74, 2106 (byte) 0x94, (byte) 0x06, (byte) 0x78, (byte) 0xD0, (byte) 0x21, (byte) 0xF4, 2107 (byte) 0x3F, (byte) 0xC8, (byte) 0xC4, (byte) 0x4A, (byte) 0x57, (byte) 0xBE, 2108 (byte) 0x02, (byte) 0x3C, (byte) 0x93, (byte) 0xF6, (byte) 0x95, (byte) 0xFB, 2109 (byte) 0xD1, (byte) 0x77, (byte) 0x8B, (byte) 0x43, (byte) 0xF0, (byte) 0xB9, 2110 (byte) 0x7D, (byte) 0xE0, (byte) 0x32, (byte) 0xE1, (byte) 0x72, (byte) 0xB5, 2111 (byte) 0x62, (byte) 0x3F, (byte) 0x86, (byte) 0xC3, (byte) 0xD4, (byte) 0x5F, 2112 (byte) 0x5E, (byte) 0x54, (byte) 0x1B, (byte) 0x5B, (byte) 0xE6, (byte) 0x74, 2113 (byte) 0xA1, (byte) 0x0B, (byte) 0xE5, (byte) 0x18, (byte) 0xD2, (byte) 0x4F, 2114 (byte) 0x93, (byte) 0xF3, (byte) 0x09, (byte) 0x58, (byte) 0xCE, (byte) 0xF0, 2115 (byte) 0xA3, (byte) 0x61, (byte) 0xE4, (byte) 0x6E, (byte) 0x46, (byte) 0x45, 2116 (byte) 0x89, (byte) 0x50, (byte) 0xBD, (byte) 0x03, (byte) 0x3F, (byte) 0x38, 2117 (byte) 0xDA, (byte) 0x5D, (byte) 0xD0, (byte) 0x1B, (byte) 0x1F, (byte) 0xB1, 2118 (byte) 0xEE, (byte) 0x89, (byte) 0x59, (byte) 0xC5, 2119 }; 2120 2121 private static final byte[] RSA_Vector1_ZeroPadded_Encrypted = new byte[] { 2122 (byte) 0x60, (byte) 0x4a, (byte) 0x12, (byte) 0xa3, (byte) 0xa7, (byte) 0x4a, 2123 (byte) 0xa4, (byte) 0xbf, (byte) 0x6c, (byte) 0x36, (byte) 0xad, (byte) 0x66, 2124 (byte) 0xdf, (byte) 0xce, (byte) 0xf1, (byte) 0xe4, (byte) 0x0f, (byte) 0xd4, 2125 (byte) 0x54, (byte) 0x5f, (byte) 0x03, (byte) 0x15, (byte) 0x4b, (byte) 0x9e, 2126 (byte) 0xeb, (byte) 0xfe, (byte) 0x9e, (byte) 0x24, (byte) 0xce, (byte) 0x8e, 2127 (byte) 0xc3, (byte) 0x36, (byte) 0xa5, (byte) 0x76, (byte) 0xf6, (byte) 0x54, 2128 (byte) 0xb7, (byte) 0x84, (byte) 0x48, (byte) 0x2f, (byte) 0xd4, (byte) 0x45, 2129 (byte) 0x74, (byte) 0x48, (byte) 0x5f, (byte) 0x08, (byte) 0x4e, (byte) 0x9c, 2130 (byte) 0x89, (byte) 0xcc, (byte) 0x34, (byte) 0x40, (byte) 0xb1, (byte) 0x5f, 2131 (byte) 0xa7, (byte) 0x0e, (byte) 0x11, (byte) 0x4b, (byte) 0xb5, (byte) 0x94, 2132 (byte) 0xbe, (byte) 0x14, (byte) 0xaa, (byte) 0xaa, (byte) 0xe0, (byte) 0x38, 2133 (byte) 0x1c, (byte) 0xce, (byte) 0x40, (byte) 0x61, (byte) 0xfc, (byte) 0x08, 2134 (byte) 0xcb, (byte) 0x14, (byte) 0x2b, (byte) 0xa6, (byte) 0x54, (byte) 0xdf, 2135 (byte) 0x05, (byte) 0x5c, (byte) 0x9b, (byte) 0x4f, (byte) 0x14, (byte) 0x93, 2136 (byte) 0xb0, (byte) 0x70, (byte) 0xd9, (byte) 0x32, (byte) 0xdc, (byte) 0x24, 2137 (byte) 0xe0, (byte) 0xae, (byte) 0x48, (byte) 0xfc, (byte) 0x53, (byte) 0xee, 2138 (byte) 0x7c, (byte) 0x9f, (byte) 0x69, (byte) 0x34, (byte) 0xf4, (byte) 0x76, 2139 (byte) 0xee, (byte) 0x67, (byte) 0xb2, (byte) 0xa7, (byte) 0x33, (byte) 0x1c, 2140 (byte) 0x47, (byte) 0xff, (byte) 0x5c, (byte) 0xf0, (byte) 0xb8, (byte) 0x04, 2141 (byte) 0x2c, (byte) 0xfd, (byte) 0xe2, (byte) 0xb1, (byte) 0x4a, (byte) 0x0a, 2142 (byte) 0x69, (byte) 0x1c, (byte) 0x80, (byte) 0x2b, (byte) 0xb4, (byte) 0x50, 2143 (byte) 0x65, (byte) 0x5c, (byte) 0x76, (byte) 0x78, (byte) 0x9a, (byte) 0x0c, 2144 (byte) 0x05, (byte) 0x62, (byte) 0xf0, (byte) 0xc4, (byte) 0x1c, (byte) 0x38, 2145 (byte) 0x15, (byte) 0xd0, (byte) 0xe2, (byte) 0x5a, (byte) 0x3d, (byte) 0xb6, 2146 (byte) 0xe0, (byte) 0x88, (byte) 0x85, (byte) 0xd1, (byte) 0x4f, (byte) 0x7e, 2147 (byte) 0xfc, (byte) 0x77, (byte) 0x0d, (byte) 0x2a, (byte) 0x45, (byte) 0xd5, 2148 (byte) 0xf8, (byte) 0x3c, (byte) 0x7b, (byte) 0x2d, (byte) 0x1b, (byte) 0x82, 2149 (byte) 0xfe, (byte) 0x58, (byte) 0x22, (byte) 0x47, (byte) 0x06, (byte) 0x58, 2150 (byte) 0x8b, (byte) 0x4f, (byte) 0xfb, (byte) 0x9b, (byte) 0x1c, (byte) 0x70, 2151 (byte) 0x36, (byte) 0x12, (byte) 0x04, (byte) 0x17, (byte) 0x47, (byte) 0x8a, 2152 (byte) 0x0a, (byte) 0xec, (byte) 0x12, (byte) 0x3b, (byte) 0xf8, (byte) 0xd2, 2153 (byte) 0xdc, (byte) 0x3c, (byte) 0xc8, (byte) 0x46, (byte) 0xc6, (byte) 0x51, 2154 (byte) 0x06, (byte) 0x06, (byte) 0xcb, (byte) 0x84, (byte) 0x67, (byte) 0xb5, 2155 (byte) 0x68, (byte) 0xd9, (byte) 0x9c, (byte) 0xd4, (byte) 0x16, (byte) 0x5c, 2156 (byte) 0xb4, (byte) 0xe2, (byte) 0x55, (byte) 0xe6, (byte) 0x3a, (byte) 0x73, 2157 (byte) 0x01, (byte) 0x1d, (byte) 0x6f, (byte) 0x30, (byte) 0x31, (byte) 0x59, 2158 (byte) 0x8b, (byte) 0x2f, (byte) 0x4c, (byte) 0xe7, (byte) 0x86, (byte) 0x4c, 2159 (byte) 0x39, (byte) 0x4e, (byte) 0x67, (byte) 0x3b, (byte) 0x22, (byte) 0x9b, 2160 (byte) 0x85, (byte) 0x5a, (byte) 0xc3, (byte) 0x29, (byte) 0xaf, (byte) 0x8c, 2161 (byte) 0x7c, (byte) 0x59, (byte) 0x4a, (byte) 0x24, (byte) 0xfa, (byte) 0xba, 2162 (byte) 0x55, (byte) 0x40, (byte) 0x13, (byte) 0x64, (byte) 0xd8, (byte) 0xcb, 2163 (byte) 0x4b, (byte) 0x98, (byte) 0x3f, (byte) 0xae, (byte) 0x20, (byte) 0xfd, 2164 (byte) 0x8a, (byte) 0x50, (byte) 0x73, (byte) 0xe4, 2165 }; 2166 /* 2167 * echo -n 'This is a test of OAEP' | xxd -p -i | sed 's/0x/(byte) 0x/g' 2168 */ 2169 private static final byte[] RSA_Vector2_Plaintext = 2170 new byte[] {(byte) 0x54, (byte) 0x68, (byte) 0x69, (byte) 0x73, (byte) 0x20, 2171 (byte) 0x69, (byte) 0x73, (byte) 0x20, (byte) 0x61, (byte) 0x20, (byte) 0x74, 2172 (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x6f, (byte) 0x66, 2173 (byte) 0x20, (byte) 0x4f, (byte) 0x41, (byte) 0x45, (byte) 0x50}; 2174 2175 /* 2176 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey rsakey.pem \ 2177 * -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha1 -pkeyopt rsa_mgf1_md:sha1 \ 2178 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2179 */ 2180 private static final byte[] RSA_Vector2_OAEP_SHA1_MGF1_SHA1 = 2181 new byte[] {(byte) 0x53, (byte) 0x71, (byte) 0x84, (byte) 0x2e, (byte) 0x01, 2182 (byte) 0x74, (byte) 0x82, (byte) 0xb3, (byte) 0x01, (byte) 0xac, (byte) 0x2b, 2183 (byte) 0xbd, (byte) 0x40, (byte) 0xa7, (byte) 0x5b, (byte) 0x60, (byte) 0xf1, 2184 (byte) 0xde, (byte) 0x54, (byte) 0x1d, (byte) 0x94, (byte) 0xc1, (byte) 0x10, 2185 (byte) 0x31, (byte) 0x6f, (byte) 0xa3, (byte) 0xd8, (byte) 0x41, (byte) 0x2e, 2186 (byte) 0x82, (byte) 0xad, (byte) 0x07, (byte) 0x6f, (byte) 0x25, (byte) 0x6c, 2187 (byte) 0xb5, (byte) 0xef, (byte) 0xc6, (byte) 0xa6, (byte) 0xfb, (byte) 0xb1, 2188 (byte) 0x9d, (byte) 0x75, (byte) 0x67, (byte) 0xb0, (byte) 0x97, (byte) 0x21, 2189 (byte) 0x3c, (byte) 0x17, (byte) 0x04, (byte) 0xdc, (byte) 0x4e, (byte) 0x7e, 2190 (byte) 0x3f, (byte) 0x5c, (byte) 0x13, (byte) 0x5e, (byte) 0x15, (byte) 0x0f, 2191 (byte) 0xe2, (byte) 0xa7, (byte) 0x62, (byte) 0x6a, (byte) 0x08, (byte) 0xb1, 2192 (byte) 0xbc, (byte) 0x2f, (byte) 0xcb, (byte) 0xb5, (byte) 0x96, (byte) 0x2d, 2193 (byte) 0xec, (byte) 0x71, (byte) 0x4d, (byte) 0x59, (byte) 0x6e, (byte) 0x27, 2194 (byte) 0x85, (byte) 0x87, (byte) 0x9b, (byte) 0xcc, (byte) 0x40, (byte) 0x32, 2195 (byte) 0x09, (byte) 0x06, (byte) 0xe6, (byte) 0x7d, (byte) 0xdf, (byte) 0xeb, 2196 (byte) 0x2f, (byte) 0xa8, (byte) 0x1c, (byte) 0x53, (byte) 0xdb, (byte) 0xa7, 2197 (byte) 0x48, (byte) 0xf5, (byte) 0xbf, (byte) 0x2f, (byte) 0xbb, (byte) 0xee, 2198 (byte) 0xc7, (byte) 0x55, (byte) 0x5e, (byte) 0xc4, (byte) 0x1c, (byte) 0x84, 2199 (byte) 0xed, (byte) 0x97, (byte) 0x7e, (byte) 0xce, (byte) 0xa5, (byte) 0x69, 2200 (byte) 0x73, (byte) 0xb3, (byte) 0xe0, (byte) 0x8c, (byte) 0x2a, (byte) 0xf2, 2201 (byte) 0xc7, (byte) 0x65, (byte) 0xff, (byte) 0x10, (byte) 0xed, (byte) 0x25, 2202 (byte) 0xf0, (byte) 0xf8, (byte) 0xda, (byte) 0x2f, (byte) 0x7f, (byte) 0xe0, 2203 (byte) 0x69, (byte) 0xed, (byte) 0xb1, (byte) 0x0e, (byte) 0xcb, (byte) 0x43, 2204 (byte) 0xe4, (byte) 0x31, (byte) 0xe6, (byte) 0x52, (byte) 0xfd, (byte) 0xa7, 2205 (byte) 0xe5, (byte) 0x21, (byte) 0xd0, (byte) 0x67, (byte) 0x0a, (byte) 0xc1, 2206 (byte) 0xa1, (byte) 0xb9, (byte) 0x04, (byte) 0xdb, (byte) 0x98, (byte) 0x4f, 2207 (byte) 0xf9, (byte) 0x5c, (byte) 0x60, (byte) 0x4d, (byte) 0xac, (byte) 0x7a, 2208 (byte) 0x69, (byte) 0xbd, (byte) 0x63, (byte) 0x0d, (byte) 0xb2, (byte) 0x01, 2209 (byte) 0x83, (byte) 0xd7, (byte) 0x22, (byte) 0x5d, (byte) 0xed, (byte) 0xbd, 2210 (byte) 0x32, (byte) 0x98, (byte) 0xd1, (byte) 0x4a, (byte) 0x2e, (byte) 0xb7, 2211 (byte) 0xb1, (byte) 0x6d, (byte) 0x8a, (byte) 0x8f, (byte) 0xef, (byte) 0xc3, 2212 (byte) 0x89, (byte) 0xdf, (byte) 0xa5, (byte) 0xac, (byte) 0xfb, (byte) 0x38, 2213 (byte) 0x61, (byte) 0x32, (byte) 0xc5, (byte) 0x19, (byte) 0x83, (byte) 0x1f, 2214 (byte) 0x9c, (byte) 0x45, (byte) 0x58, (byte) 0xdd, (byte) 0xa3, (byte) 0x57, 2215 (byte) 0xe4, (byte) 0x91, (byte) 0xd2, (byte) 0x11, (byte) 0xf8, (byte) 0x96, 2216 (byte) 0x36, (byte) 0x67, (byte) 0x99, (byte) 0x2b, (byte) 0x62, (byte) 0x21, 2217 (byte) 0xe3, (byte) 0xa8, (byte) 0x5e, (byte) 0xa4, (byte) 0x2e, (byte) 0x0c, 2218 (byte) 0x29, (byte) 0xf9, (byte) 0xcd, (byte) 0xfa, (byte) 0xbe, (byte) 0x3f, 2219 (byte) 0xd8, (byte) 0xec, (byte) 0x6b, (byte) 0x32, (byte) 0xb3, (byte) 0x40, 2220 (byte) 0x4f, (byte) 0x48, (byte) 0xe3, (byte) 0x14, (byte) 0x87, (byte) 0xa7, 2221 (byte) 0x5c, (byte) 0xba, (byte) 0xdf, (byte) 0x0e, (byte) 0x64, (byte) 0xdc, 2222 (byte) 0xe2, (byte) 0x51, (byte) 0xf4, (byte) 0x41, (byte) 0x25, (byte) 0x23, 2223 (byte) 0xc8, (byte) 0x50, (byte) 0x1e, (byte) 0x9e, (byte) 0xb0}; 2224 2225 /* 2226 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey rsakey.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1 | xxd -p -i | sed 's/0x/(byte) 0x/g' 2227 */ 2228 private static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA1 = 2229 new byte[] {(byte) 0x25, (byte) 0x9f, (byte) 0xc3, (byte) 0x69, (byte) 0xbc, 2230 (byte) 0x3f, (byte) 0xe7, (byte) 0x9e, (byte) 0x76, (byte) 0xef, (byte) 0x6c, 2231 (byte) 0xd2, (byte) 0x2b, (byte) 0x7b, (byte) 0xf0, (byte) 0xeb, (byte) 0xc2, 2232 (byte) 0x28, (byte) 0x40, (byte) 0x4e, (byte) 0x9b, (byte) 0x2a, (byte) 0x4e, 2233 (byte) 0xa4, (byte) 0x79, (byte) 0x66, (byte) 0xf1, (byte) 0x10, (byte) 0x96, 2234 (byte) 0x8c, (byte) 0x58, (byte) 0x92, (byte) 0xb7, (byte) 0x70, (byte) 0xed, 2235 (byte) 0x3a, (byte) 0xe0, (byte) 0x99, (byte) 0xd1, (byte) 0x80, (byte) 0x4b, 2236 (byte) 0x53, (byte) 0x70, (byte) 0x9b, (byte) 0x51, (byte) 0xbf, (byte) 0xc1, 2237 (byte) 0x3a, (byte) 0x70, (byte) 0xc5, (byte) 0x79, (byte) 0x21, (byte) 0x6e, 2238 (byte) 0xb3, (byte) 0xf7, (byte) 0xa9, (byte) 0xe6, (byte) 0xcb, (byte) 0x70, 2239 (byte) 0xe4, (byte) 0xf3, (byte) 0x4f, (byte) 0x45, (byte) 0xcf, (byte) 0xb7, 2240 (byte) 0x2b, (byte) 0x38, (byte) 0xfd, (byte) 0x5d, (byte) 0x9a, (byte) 0x53, 2241 (byte) 0xc5, (byte) 0x05, (byte) 0x74, (byte) 0x8d, (byte) 0x1d, (byte) 0x6e, 2242 (byte) 0x83, (byte) 0xaa, (byte) 0x71, (byte) 0xc5, (byte) 0xe1, (byte) 0xa1, 2243 (byte) 0xa6, (byte) 0xf3, (byte) 0xee, (byte) 0x5f, (byte) 0x9e, (byte) 0x4f, 2244 (byte) 0xe8, (byte) 0x15, (byte) 0xd5, (byte) 0xa9, (byte) 0x1b, (byte) 0xa6, 2245 (byte) 0x41, (byte) 0x2b, (byte) 0x18, (byte) 0x13, (byte) 0x20, (byte) 0x9f, 2246 (byte) 0x6b, (byte) 0xf1, (byte) 0xd8, (byte) 0xf4, (byte) 0x87, (byte) 0xfa, 2247 (byte) 0x80, (byte) 0xec, (byte) 0x0e, (byte) 0xa4, (byte) 0x4b, (byte) 0x24, 2248 (byte) 0x03, (byte) 0x14, (byte) 0x25, (byte) 0xf2, (byte) 0x20, (byte) 0xfc, 2249 (byte) 0x52, (byte) 0xf9, (byte) 0xd6, (byte) 0x7a, (byte) 0x4a, (byte) 0x45, 2250 (byte) 0x33, (byte) 0xec, (byte) 0xde, (byte) 0x3c, (byte) 0x5b, (byte) 0xf2, 2251 (byte) 0xdc, (byte) 0x8e, (byte) 0xc6, (byte) 0xb3, (byte) 0x26, (byte) 0xd3, 2252 (byte) 0x68, (byte) 0xa7, (byte) 0xd8, (byte) 0x3a, (byte) 0xde, (byte) 0xa9, 2253 (byte) 0x25, (byte) 0x1d, (byte) 0x42, (byte) 0x75, (byte) 0x66, (byte) 0x16, 2254 (byte) 0x29, (byte) 0xad, (byte) 0x09, (byte) 0x74, (byte) 0x41, (byte) 0xbb, 2255 (byte) 0x45, (byte) 0x39, (byte) 0x04, (byte) 0x7a, (byte) 0x93, (byte) 0xad, 2256 (byte) 0x1c, (byte) 0xa6, (byte) 0x38, (byte) 0xf4, (byte) 0xac, (byte) 0xca, 2257 (byte) 0x5a, (byte) 0xab, (byte) 0x92, (byte) 0x76, (byte) 0x26, (byte) 0x3c, 2258 (byte) 0xeb, (byte) 0xda, (byte) 0xfc, (byte) 0x25, (byte) 0x93, (byte) 0x23, 2259 (byte) 0x01, (byte) 0xe2, (byte) 0xac, (byte) 0x5e, (byte) 0x4c, (byte) 0xb7, 2260 (byte) 0xbc, (byte) 0x5b, (byte) 0xaa, (byte) 0x14, (byte) 0xe9, (byte) 0xbf, 2261 (byte) 0x2d, (byte) 0x3a, (byte) 0xdc, (byte) 0x2f, (byte) 0x6b, (byte) 0x4d, 2262 (byte) 0x0e, (byte) 0x0a, (byte) 0x82, (byte) 0x3c, (byte) 0xd9, (byte) 0x32, 2263 (byte) 0xc1, (byte) 0xc4, (byte) 0xa2, (byte) 0x46, (byte) 0x71, (byte) 0x10, 2264 (byte) 0x54, (byte) 0x1a, (byte) 0xa6, (byte) 0xaa, (byte) 0x64, (byte) 0xe7, 2265 (byte) 0xc2, (byte) 0xae, (byte) 0xbc, (byte) 0x3d, (byte) 0xa4, (byte) 0xa8, 2266 (byte) 0xd1, (byte) 0xb7, (byte) 0x27, (byte) 0xef, (byte) 0x5f, (byte) 0xe7, 2267 (byte) 0xa7, (byte) 0x5d, (byte) 0xa0, (byte) 0xcd, (byte) 0x57, (byte) 0xf1, 2268 (byte) 0xe0, (byte) 0xd8, (byte) 0x42, (byte) 0x10, (byte) 0x77, (byte) 0xc3, 2269 (byte) 0xa7, (byte) 0x1e, (byte) 0x0c, (byte) 0x37, (byte) 0x16, (byte) 0x11, 2270 (byte) 0x94, (byte) 0x21, (byte) 0xf2, (byte) 0xca, (byte) 0x60, (byte) 0xce, 2271 (byte) 0xca, (byte) 0x59, (byte) 0xf9, (byte) 0xe5, (byte) 0xe4}; 2272 2273 /* 2274 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1 -pkeyopt rsa_oaep_label:010203FFA00A | xxd -p -i | sed 's/0x/(byte) 0x/g' 2275 */ 2276 private static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA1_LABEL = 2277 new byte[] {(byte) 0x80, (byte) 0xb1, (byte) 0xf2, (byte) 0xc2, (byte) 0x03, 2278 (byte) 0xc5, (byte) 0xdf, (byte) 0xbd, (byte) 0xed, (byte) 0xfe, (byte) 0xe6, 2279 (byte) 0xff, (byte) 0xd3, (byte) 0x38, (byte) 0x1e, (byte) 0x6d, (byte) 0xae, 2280 (byte) 0x47, (byte) 0xfe, (byte) 0x19, (byte) 0xf9, (byte) 0x8c, (byte) 0xf1, 2281 (byte) 0x4d, (byte) 0x18, (byte) 0x2b, (byte) 0x7e, (byte) 0x8e, (byte) 0x47, 2282 (byte) 0x39, (byte) 0xa8, (byte) 0x04, (byte) 0xc4, (byte) 0x7d, (byte) 0x56, 2283 (byte) 0x03, (byte) 0x15, (byte) 0x92, (byte) 0x18, (byte) 0xde, (byte) 0x56, 2284 (byte) 0xb3, (byte) 0x01, (byte) 0x93, (byte) 0x16, (byte) 0xe3, (byte) 0xfa, 2285 (byte) 0xaa, (byte) 0xf3, (byte) 0x73, (byte) 0x39, (byte) 0x26, (byte) 0xfb, 2286 (byte) 0xb0, (byte) 0x18, (byte) 0x20, (byte) 0xdb, (byte) 0xa1, (byte) 0xbf, 2287 (byte) 0x31, (byte) 0x22, (byte) 0xc8, (byte) 0x1d, (byte) 0xdb, (byte) 0xa0, 2288 (byte) 0x5a, (byte) 0x22, (byte) 0xcd, (byte) 0x09, (byte) 0xb3, (byte) 0xcb, 2289 (byte) 0xa2, (byte) 0x46, (byte) 0x14, (byte) 0x35, (byte) 0x66, (byte) 0xe8, 2290 (byte) 0xb8, (byte) 0x07, (byte) 0x23, (byte) 0xc5, (byte) 0xae, (byte) 0xe6, 2291 (byte) 0xf1, (byte) 0x7a, (byte) 0x8f, (byte) 0x5c, (byte) 0x44, (byte) 0x34, 2292 (byte) 0xbf, (byte) 0xd6, (byte) 0xf8, (byte) 0x0c, (byte) 0xc7, (byte) 0x8d, 2293 (byte) 0xcd, (byte) 0x23, (byte) 0x84, (byte) 0xbe, (byte) 0x9b, (byte) 0xbf, 2294 (byte) 0x9a, (byte) 0x70, (byte) 0x0f, (byte) 0x18, (byte) 0xc0, (byte) 0x6f, 2295 (byte) 0x23, (byte) 0x67, (byte) 0xf8, (byte) 0xbb, (byte) 0xce, (byte) 0xc2, 2296 (byte) 0x47, (byte) 0x82, (byte) 0xa0, (byte) 0xa5, (byte) 0x60, (byte) 0xcd, 2297 (byte) 0x25, (byte) 0xa5, (byte) 0x4b, (byte) 0xe4, (byte) 0x06, (byte) 0x7f, 2298 (byte) 0x46, (byte) 0x62, (byte) 0x86, (byte) 0x94, (byte) 0xbc, (byte) 0x7f, 2299 (byte) 0xb0, (byte) 0x2e, (byte) 0xc1, (byte) 0x8c, (byte) 0x6c, (byte) 0x58, 2300 (byte) 0x05, (byte) 0x6f, (byte) 0x35, (byte) 0x76, (byte) 0xd3, (byte) 0xdf, 2301 (byte) 0xc0, (byte) 0xdd, (byte) 0x66, (byte) 0xbe, (byte) 0xa1, (byte) 0x7e, 2302 (byte) 0x52, (byte) 0xed, (byte) 0x81, (byte) 0x0e, (byte) 0x2d, (byte) 0x5b, 2303 (byte) 0x2b, (byte) 0xe3, (byte) 0x52, (byte) 0x0e, (byte) 0x56, (byte) 0x9b, 2304 (byte) 0x05, (byte) 0x72, (byte) 0xa8, (byte) 0xc8, (byte) 0x57, (byte) 0x22, 2305 (byte) 0x67, (byte) 0x0e, (byte) 0x5f, (byte) 0x01, (byte) 0xf2, (byte) 0x69, 2306 (byte) 0x66, (byte) 0x6a, (byte) 0x47, (byte) 0x4f, (byte) 0x78, (byte) 0xb3, 2307 (byte) 0x1e, (byte) 0x7d, (byte) 0xce, (byte) 0xb3, (byte) 0x35, (byte) 0xdf, 2308 (byte) 0x23, (byte) 0xac, (byte) 0xf8, (byte) 0x88, (byte) 0xa1, (byte) 0xde, 2309 (byte) 0x38, (byte) 0x96, (byte) 0xfd, (byte) 0xa2, (byte) 0x5d, (byte) 0x09, 2310 (byte) 0x52, (byte) 0x11, (byte) 0x2b, (byte) 0x21, (byte) 0xf0, (byte) 0x0d, 2311 (byte) 0x4c, (byte) 0x15, (byte) 0xc3, (byte) 0x88, (byte) 0x2b, (byte) 0xf6, 2312 (byte) 0x2b, (byte) 0xe3, (byte) 0xfd, (byte) 0x52, (byte) 0xf0, (byte) 0x09, 2313 (byte) 0x5c, (byte) 0x4f, (byte) 0x5b, (byte) 0x8b, (byte) 0x84, (byte) 0x71, 2314 (byte) 0x72, (byte) 0x8d, (byte) 0xaa, (byte) 0x6c, (byte) 0x55, (byte) 0xba, 2315 (byte) 0xe7, (byte) 0x9c, (byte) 0xba, (byte) 0xbf, (byte) 0xf4, (byte) 0x09, 2316 (byte) 0x0a, (byte) 0x60, (byte) 0xec, (byte) 0x53, (byte) 0xa4, (byte) 0x01, 2317 (byte) 0xa5, (byte) 0xf2, (byte) 0x58, (byte) 0xab, (byte) 0x95, (byte) 0x68, 2318 (byte) 0x79, (byte) 0x0b, (byte) 0xc3, (byte) 0xc4, (byte) 0x00, (byte) 0x68, 2319 (byte) 0x19, (byte) 0xca, (byte) 0x07, (byte) 0x0d, (byte) 0x32}; 2320 2321 /* 2322 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey rsakey.pem \ 2323 * -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha224 -pkeyopt rsa_mgf1_md:sha224 \ 2324 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2325 */ 2326 private static final byte[] RSA_Vector2_OAEP_SHA224_MGF1_SHA224 = 2327 new byte[] {(byte) 0xae, (byte) 0xdd, (byte) 0xe6, (byte) 0xab, (byte) 0x00, 2328 (byte) 0xd6, (byte) 0x1e, (byte) 0x7e, (byte) 0x85, (byte) 0x63, (byte) 0xab, 2329 (byte) 0x51, (byte) 0x79, (byte) 0x92, (byte) 0xf1, (byte) 0xb9, (byte) 0x4f, 2330 (byte) 0x23, (byte) 0xae, (byte) 0xf7, (byte) 0x1b, (byte) 0x5f, (byte) 0x10, 2331 (byte) 0x5b, (byte) 0xa5, (byte) 0x15, (byte) 0x87, (byte) 0xa3, (byte) 0xbb, 2332 (byte) 0x26, (byte) 0xfe, (byte) 0x7f, (byte) 0xc0, (byte) 0xa3, (byte) 0x67, 2333 (byte) 0x95, (byte) 0xda, (byte) 0xc4, (byte) 0x6f, (byte) 0x6e, (byte) 0x08, 2334 (byte) 0x23, (byte) 0x28, (byte) 0x0b, (byte) 0xdd, (byte) 0x29, (byte) 0x29, 2335 (byte) 0xdc, (byte) 0xb0, (byte) 0x35, (byte) 0x16, (byte) 0x2e, (byte) 0x0f, 2336 (byte) 0xb9, (byte) 0x1d, (byte) 0x90, (byte) 0x27, (byte) 0x68, (byte) 0xc7, 2337 (byte) 0x92, (byte) 0x52, (byte) 0x8a, (byte) 0x1d, (byte) 0x48, (byte) 0x6a, 2338 (byte) 0x7d, (byte) 0x0b, (byte) 0xf6, (byte) 0x35, (byte) 0xca, (byte) 0xe1, 2339 (byte) 0x57, (byte) 0xdd, (byte) 0x36, (byte) 0x3b, (byte) 0x51, (byte) 0x45, 2340 (byte) 0x77, (byte) 0x28, (byte) 0x4f, (byte) 0x98, (byte) 0xc0, (byte) 0xe0, 2341 (byte) 0xa7, (byte) 0x51, (byte) 0x98, (byte) 0x84, (byte) 0x7a, (byte) 0x29, 2342 (byte) 0x05, (byte) 0x9f, (byte) 0x60, (byte) 0x66, (byte) 0xf6, (byte) 0x83, 2343 (byte) 0xcd, (byte) 0x03, (byte) 0x3e, (byte) 0x82, (byte) 0x0f, (byte) 0x57, 2344 (byte) 0x4b, (byte) 0x27, (byte) 0x14, (byte) 0xf6, (byte) 0xc8, (byte) 0x5b, 2345 (byte) 0xed, (byte) 0xc3, (byte) 0x77, (byte) 0x6f, (byte) 0xec, (byte) 0x0e, 2346 (byte) 0xae, (byte) 0x59, (byte) 0xbe, (byte) 0x68, (byte) 0x76, (byte) 0x16, 2347 (byte) 0x17, (byte) 0x77, (byte) 0xe2, (byte) 0xbd, (byte) 0xe0, (byte) 0x5a, 2348 (byte) 0x14, (byte) 0xd9, (byte) 0xf4, (byte) 0x3f, (byte) 0x50, (byte) 0x31, 2349 (byte) 0xf0, (byte) 0x0c, (byte) 0x82, (byte) 0x6c, (byte) 0xcc, (byte) 0x81, 2350 (byte) 0x84, (byte) 0x3e, (byte) 0x63, (byte) 0x93, (byte) 0xe7, (byte) 0x12, 2351 (byte) 0x2d, (byte) 0xc9, (byte) 0xa3, (byte) 0xe3, (byte) 0xce, (byte) 0xfd, 2352 (byte) 0xc7, (byte) 0xe1, (byte) 0xef, (byte) 0xa4, (byte) 0x16, (byte) 0x5c, 2353 (byte) 0x60, (byte) 0xb1, (byte) 0x80, (byte) 0x31, (byte) 0x15, (byte) 0x5c, 2354 (byte) 0x35, (byte) 0x25, (byte) 0x0b, (byte) 0x89, (byte) 0xe4, (byte) 0x56, 2355 (byte) 0x74, (byte) 0x8b, (byte) 0xaf, (byte) 0x8e, (byte) 0xe9, (byte) 0xe2, 2356 (byte) 0x37, (byte) 0x17, (byte) 0xe6, (byte) 0x7b, (byte) 0x78, (byte) 0xd8, 2357 (byte) 0x2c, (byte) 0x27, (byte) 0x52, (byte) 0x21, (byte) 0x96, (byte) 0xa0, 2358 (byte) 0x92, (byte) 0x95, (byte) 0x64, (byte) 0xc3, (byte) 0x7f, (byte) 0x45, 2359 (byte) 0xfc, (byte) 0x3d, (byte) 0x48, (byte) 0x4a, (byte) 0xd5, (byte) 0xa4, 2360 (byte) 0x0a, (byte) 0x57, (byte) 0x07, (byte) 0x57, (byte) 0x95, (byte) 0x9f, 2361 (byte) 0x2f, (byte) 0x75, (byte) 0x32, (byte) 0x2a, (byte) 0x4d, (byte) 0x64, 2362 (byte) 0xbd, (byte) 0xb1, (byte) 0xe0, (byte) 0x46, (byte) 0x4f, (byte) 0xe8, 2363 (byte) 0x6c, (byte) 0x4b, (byte) 0x77, (byte) 0xcc, (byte) 0x36, (byte) 0x87, 2364 (byte) 0x05, (byte) 0x56, (byte) 0x9a, (byte) 0xe4, (byte) 0x2c, (byte) 0x43, 2365 (byte) 0xfd, (byte) 0x34, (byte) 0x97, (byte) 0xf8, (byte) 0xd7, (byte) 0x91, 2366 (byte) 0xff, (byte) 0x56, (byte) 0x86, (byte) 0x17, (byte) 0x49, (byte) 0x0a, 2367 (byte) 0x52, (byte) 0xfb, (byte) 0xe5, (byte) 0x49, (byte) 0xdf, (byte) 0xc1, 2368 (byte) 0x28, (byte) 0x9d, (byte) 0x85, (byte) 0x66, (byte) 0x9d, (byte) 0x1d, 2369 (byte) 0xa4, (byte) 0x7e, (byte) 0x9a, (byte) 0x5b, (byte) 0x30}; 2370 2371 /* 2372 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt \ 2373 * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 \ 2374 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2375 */ 2376 private static final byte[] RSA_Vector2_OAEP_SHA256_MGF1_SHA256 = 2377 new byte[] {(byte) 0x6a, (byte) 0x2b, (byte) 0xb2, (byte) 0xa3, (byte) 0x26, 2378 (byte) 0xa6, (byte) 0x7a, (byte) 0x4a, (byte) 0x1f, (byte) 0xe5, (byte) 0xc8, 2379 (byte) 0x94, (byte) 0x11, (byte) 0x1a, (byte) 0x92, (byte) 0x07, (byte) 0x0a, 2380 (byte) 0xf4, (byte) 0x07, (byte) 0x0b, (byte) 0xd6, (byte) 0x37, (byte) 0xa5, 2381 (byte) 0x5d, (byte) 0x16, (byte) 0x0a, (byte) 0x7d, (byte) 0x13, (byte) 0x27, 2382 (byte) 0x32, (byte) 0x5a, (byte) 0xc3, (byte) 0x0d, (byte) 0x7a, (byte) 0x54, 2383 (byte) 0xfe, (byte) 0x02, (byte) 0x28, (byte) 0xc6, (byte) 0x8e, (byte) 0x32, 2384 (byte) 0x7b, (byte) 0x0a, (byte) 0x52, (byte) 0xf8, (byte) 0xe6, (byte) 0xab, 2385 (byte) 0x16, (byte) 0x77, (byte) 0x7c, (byte) 0x53, (byte) 0xcd, (byte) 0xb0, 2386 (byte) 0xb6, (byte) 0x90, (byte) 0xce, (byte) 0x7b, (byte) 0xa5, (byte) 0xdb, 2387 (byte) 0xab, (byte) 0xfd, (byte) 0xf5, (byte) 0xbb, (byte) 0x49, (byte) 0x63, 2388 (byte) 0xb7, (byte) 0xa8, (byte) 0x3e, (byte) 0x53, (byte) 0xf1, (byte) 0x00, 2389 (byte) 0x4d, (byte) 0x72, (byte) 0x15, (byte) 0x34, (byte) 0xa8, (byte) 0x5b, 2390 (byte) 0x00, (byte) 0x01, (byte) 0x75, (byte) 0xdc, (byte) 0xb6, (byte) 0xd1, 2391 (byte) 0xdf, (byte) 0xcb, (byte) 0x93, (byte) 0xf3, (byte) 0x31, (byte) 0x04, 2392 (byte) 0x7e, (byte) 0x48, (byte) 0x3e, (byte) 0xc9, (byte) 0xaf, (byte) 0xd7, 2393 (byte) 0xbd, (byte) 0x9e, (byte) 0x73, (byte) 0x01, (byte) 0x79, (byte) 0xf8, 2394 (byte) 0xdc, (byte) 0x46, (byte) 0x31, (byte) 0x55, (byte) 0x83, (byte) 0x21, 2395 (byte) 0xd1, (byte) 0x19, (byte) 0x0b, (byte) 0x57, (byte) 0xf1, (byte) 0x06, 2396 (byte) 0xb9, (byte) 0x32, (byte) 0x0e, (byte) 0x9d, (byte) 0x38, (byte) 0x53, 2397 (byte) 0x94, (byte) 0x96, (byte) 0xd4, (byte) 0x6d, (byte) 0x18, (byte) 0xe2, 2398 (byte) 0xe3, (byte) 0xcd, (byte) 0xfa, (byte) 0xfe, (byte) 0xb3, (byte) 0xe3, 2399 (byte) 0x27, (byte) 0xd7, (byte) 0x45, (byte) 0xe8, (byte) 0x46, (byte) 0x6b, 2400 (byte) 0x06, (byte) 0x0f, (byte) 0x5e, (byte) 0x24, (byte) 0x02, (byte) 0xef, 2401 (byte) 0xa2, (byte) 0x69, (byte) 0xe6, (byte) 0x15, (byte) 0xb3, (byte) 0x8f, 2402 (byte) 0x71, (byte) 0x97, (byte) 0x39, (byte) 0xfb, (byte) 0x32, (byte) 0xe0, 2403 (byte) 0xe5, (byte) 0xac, (byte) 0x46, (byte) 0xb4, (byte) 0xe7, (byte) 0x3d, 2404 (byte) 0x89, (byte) 0xba, (byte) 0xd9, (byte) 0x4c, (byte) 0x25, (byte) 0x97, 2405 (byte) 0xef, (byte) 0xe6, (byte) 0x17, (byte) 0x23, (byte) 0x4e, (byte) 0xc8, 2406 (byte) 0xdb, (byte) 0x18, (byte) 0x9b, (byte) 0xba, (byte) 0xb5, (byte) 0x7e, 2407 (byte) 0x19, (byte) 0x4d, (byte) 0x95, (byte) 0x7d, (byte) 0x60, (byte) 0x1b, 2408 (byte) 0xa7, (byte) 0x06, (byte) 0x1e, (byte) 0x99, (byte) 0x4a, (byte) 0xf2, 2409 (byte) 0x82, (byte) 0x71, (byte) 0x62, (byte) 0x41, (byte) 0xa4, (byte) 0xa7, 2410 (byte) 0xdb, (byte) 0x88, (byte) 0xb0, (byte) 0x4a, (byte) 0xc7, (byte) 0x3b, 2411 (byte) 0xce, (byte) 0x91, (byte) 0x4f, (byte) 0xc7, (byte) 0xca, (byte) 0x6f, 2412 (byte) 0x89, (byte) 0xac, (byte) 0x1a, (byte) 0x36, (byte) 0x84, (byte) 0x0c, 2413 (byte) 0x97, (byte) 0xa0, (byte) 0x1a, (byte) 0x08, (byte) 0x6f, (byte) 0x70, 2414 (byte) 0xf3, (byte) 0x94, (byte) 0xa0, (byte) 0x0f, (byte) 0x44, (byte) 0xdd, 2415 (byte) 0x86, (byte) 0x9d, (byte) 0x2c, (byte) 0xac, (byte) 0x43, (byte) 0xed, 2416 (byte) 0xb8, (byte) 0xa1, (byte) 0x66, (byte) 0xf3, (byte) 0xd3, (byte) 0x5c, 2417 (byte) 0xe5, (byte) 0xe2, (byte) 0x4c, (byte) 0x7e, (byte) 0xda, (byte) 0x20, 2418 (byte) 0xbd, (byte) 0x5a, (byte) 0x75, (byte) 0x12, (byte) 0x31, (byte) 0x23, 2419 (byte) 0x02, (byte) 0xb5, (byte) 0x1f, (byte) 0x38, (byte) 0x98}; 2420 2421 /* 2422 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt \ 2423 * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha384 -pkeyopt rsa_mgf1_md:sha384 \ 2424 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2425 */ 2426 private static final byte[] RSA_Vector2_OAEP_SHA384_MGF1_SHA384 = 2427 new byte[] {(byte) 0xa1, (byte) 0xb3, (byte) 0x3b, (byte) 0x34, (byte) 0x69, 2428 (byte) 0x9e, (byte) 0xd8, (byte) 0xa0, (byte) 0x37, (byte) 0x2c, (byte) 0xeb, 2429 (byte) 0xef, (byte) 0xf2, (byte) 0xaf, (byte) 0xfa, (byte) 0x63, (byte) 0x5d, 2430 (byte) 0x88, (byte) 0xac, (byte) 0x51, (byte) 0xd4, (byte) 0x7f, (byte) 0x85, 2431 (byte) 0xf0, (byte) 0x5e, (byte) 0xb4, (byte) 0x81, (byte) 0x7c, (byte) 0x82, 2432 (byte) 0x4f, (byte) 0x92, (byte) 0xf7, (byte) 0x77, (byte) 0x48, (byte) 0x4c, 2433 (byte) 0xb1, (byte) 0x42, (byte) 0xb3, (byte) 0x0e, (byte) 0x94, (byte) 0xc8, 2434 (byte) 0x5a, (byte) 0xae, (byte) 0xed, (byte) 0x8d, (byte) 0x51, (byte) 0x72, 2435 (byte) 0x6b, (byte) 0xa9, (byte) 0xd4, (byte) 0x1e, (byte) 0xbe, (byte) 0x38, 2436 (byte) 0x2c, (byte) 0xd0, (byte) 0x43, (byte) 0xae, (byte) 0xb4, (byte) 0x30, 2437 (byte) 0xa9, (byte) 0x93, (byte) 0x47, (byte) 0xb5, (byte) 0x9d, (byte) 0x03, 2438 (byte) 0x92, (byte) 0x25, (byte) 0x74, (byte) 0xed, (byte) 0xfa, (byte) 0xfe, 2439 (byte) 0xf1, (byte) 0xba, (byte) 0x04, (byte) 0x3a, (byte) 0x4d, (byte) 0x6d, 2440 (byte) 0x9a, (byte) 0x0d, (byte) 0x95, (byte) 0x02, (byte) 0xb0, (byte) 0xac, 2441 (byte) 0x77, (byte) 0x11, (byte) 0x44, (byte) 0xeb, (byte) 0xd2, (byte) 0x02, 2442 (byte) 0x90, (byte) 0xea, (byte) 0x2f, (byte) 0x68, (byte) 0x2a, (byte) 0x69, 2443 (byte) 0xcf, (byte) 0x45, (byte) 0x34, (byte) 0xff, (byte) 0x00, (byte) 0xc6, 2444 (byte) 0x3c, (byte) 0x0b, (byte) 0x2c, (byte) 0x5f, (byte) 0x8c, (byte) 0x2c, 2445 (byte) 0xbf, (byte) 0xc2, (byte) 0x4b, (byte) 0x16, (byte) 0x07, (byte) 0x84, 2446 (byte) 0x74, (byte) 0xf0, (byte) 0x7a, (byte) 0x01, (byte) 0x7e, (byte) 0x74, 2447 (byte) 0x01, (byte) 0x88, (byte) 0xce, (byte) 0xda, (byte) 0xe4, (byte) 0x21, 2448 (byte) 0x89, (byte) 0xfc, (byte) 0xac, (byte) 0x68, (byte) 0xdb, (byte) 0xfc, 2449 (byte) 0x5f, (byte) 0x3f, (byte) 0x00, (byte) 0xd9, (byte) 0x32, (byte) 0x1d, 2450 (byte) 0xa5, (byte) 0xec, (byte) 0x72, (byte) 0x46, (byte) 0x23, (byte) 0xe5, 2451 (byte) 0x7f, (byte) 0x49, (byte) 0x0e, (byte) 0x3e, (byte) 0xf2, (byte) 0x2b, 2452 (byte) 0x16, (byte) 0x52, (byte) 0x9f, (byte) 0x9d, (byte) 0x0c, (byte) 0xfe, 2453 (byte) 0xab, (byte) 0xdd, (byte) 0x77, (byte) 0x77, (byte) 0x94, (byte) 0xa4, 2454 (byte) 0x92, (byte) 0xa2, (byte) 0x41, (byte) 0x0d, (byte) 0x4b, (byte) 0x57, 2455 (byte) 0x80, (byte) 0xd6, (byte) 0x74, (byte) 0x63, (byte) 0xd5, (byte) 0xbf, 2456 (byte) 0x5c, (byte) 0xa0, (byte) 0xda, (byte) 0x3c, (byte) 0xe6, (byte) 0xbf, 2457 (byte) 0xa4, (byte) 0xc3, (byte) 0xfb, (byte) 0x46, (byte) 0x3b, (byte) 0x73, 2458 (byte) 0x30, (byte) 0x4b, (byte) 0x57, (byte) 0x27, (byte) 0x0c, (byte) 0x81, 2459 (byte) 0xde, (byte) 0x8a, (byte) 0x01, (byte) 0xe5, (byte) 0x7e, (byte) 0xe0, 2460 (byte) 0x16, (byte) 0x11, (byte) 0x24, (byte) 0x34, (byte) 0x22, (byte) 0x01, 2461 (byte) 0x9f, (byte) 0xe6, (byte) 0xa9, (byte) 0xfb, (byte) 0xad, (byte) 0x55, 2462 (byte) 0x17, (byte) 0x2a, (byte) 0x92, (byte) 0x87, (byte) 0xf3, (byte) 0x72, 2463 (byte) 0xc9, (byte) 0x3d, (byte) 0xc9, (byte) 0x2e, (byte) 0x32, (byte) 0x8e, 2464 (byte) 0xbb, (byte) 0xdc, (byte) 0x1b, (byte) 0xa7, (byte) 0x7b, (byte) 0x73, 2465 (byte) 0xd7, (byte) 0xf4, (byte) 0xad, (byte) 0xa9, (byte) 0x3a, (byte) 0xf7, 2466 (byte) 0xa8, (byte) 0x82, (byte) 0x92, (byte) 0x40, (byte) 0xd4, (byte) 0x51, 2467 (byte) 0x87, (byte) 0xe1, (byte) 0xb7, (byte) 0x4f, (byte) 0x91, (byte) 0x75, 2468 (byte) 0x5b, (byte) 0x03, (byte) 0x9d, (byte) 0xa1, (byte) 0xd4, (byte) 0x00, 2469 (byte) 0x05, (byte) 0x79, (byte) 0x42, (byte) 0x93, (byte) 0x76}; 2470 2471 /* 2472 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt \ 2473 * -pkeyopt rsa_padding_mode:oaep -pkey rsa_oaep_md:sha512 -pkeyopt rsa_mgf1_md:sha512 \ 2474 * | xxd -p -i | sed 's/0x/(byte) 0x/g' 2475 */ 2476 private static final byte[] RSA_Vector2_OAEP_SHA512_MGF1_SHA512 = 2477 new byte[] {(byte) 0x75, (byte) 0x0f, (byte) 0xf9, (byte) 0x21, (byte) 0xca, 2478 (byte) 0xcc, (byte) 0x0e, (byte) 0x13, (byte) 0x9e, (byte) 0x38, (byte) 0xa4, 2479 (byte) 0xa7, (byte) 0xee, (byte) 0x61, (byte) 0x6d, (byte) 0x56, (byte) 0xea, 2480 (byte) 0x36, (byte) 0xeb, (byte) 0xec, (byte) 0xfa, (byte) 0x1a, (byte) 0xeb, 2481 (byte) 0x0c, (byte) 0xb2, (byte) 0x58, (byte) 0x9d, (byte) 0xde, (byte) 0x47, 2482 (byte) 0x27, (byte) 0x2d, (byte) 0xbd, (byte) 0x8b, (byte) 0xa7, (byte) 0xf1, 2483 (byte) 0x8b, (byte) 0xba, (byte) 0x4c, (byte) 0xab, (byte) 0x39, (byte) 0x6a, 2484 (byte) 0x82, (byte) 0x0d, (byte) 0xaf, (byte) 0x4c, (byte) 0xde, (byte) 0xdb, 2485 (byte) 0x5e, (byte) 0xdb, (byte) 0x08, (byte) 0x98, (byte) 0x06, (byte) 0xc5, 2486 (byte) 0x99, (byte) 0xb6, (byte) 0x6d, (byte) 0xbc, (byte) 0x5b, (byte) 0xf9, 2487 (byte) 0xe4, (byte) 0x97, (byte) 0x0b, (byte) 0xba, (byte) 0xe3, (byte) 0x17, 2488 (byte) 0xa9, (byte) 0x3c, (byte) 0x4b, (byte) 0x21, (byte) 0xd8, (byte) 0x29, 2489 (byte) 0xf8, (byte) 0xa7, (byte) 0x1c, (byte) 0x15, (byte) 0xd7, (byte) 0xf6, 2490 (byte) 0xfc, (byte) 0x53, (byte) 0x64, (byte) 0x97, (byte) 0x9e, (byte) 0x22, 2491 (byte) 0xb1, (byte) 0x93, (byte) 0x26, (byte) 0x80, (byte) 0xdc, (byte) 0xaa, 2492 (byte) 0x1b, (byte) 0xae, (byte) 0x69, (byte) 0x0f, (byte) 0x74, (byte) 0x3d, 2493 (byte) 0x61, (byte) 0x80, (byte) 0x68, (byte) 0xb8, (byte) 0xaf, (byte) 0x63, 2494 (byte) 0x72, (byte) 0x37, (byte) 0x4f, (byte) 0xf3, (byte) 0x29, (byte) 0x4a, 2495 (byte) 0x75, (byte) 0x4f, (byte) 0x29, (byte) 0x40, (byte) 0x01, (byte) 0xd3, 2496 (byte) 0xc6, (byte) 0x56, (byte) 0x1a, (byte) 0xaf, (byte) 0xc3, (byte) 0xb3, 2497 (byte) 0xd2, (byte) 0xb9, (byte) 0x91, (byte) 0x35, (byte) 0x1b, (byte) 0x89, 2498 (byte) 0x4c, (byte) 0x61, (byte) 0xa2, (byte) 0x8e, (byte) 0x6f, (byte) 0x12, 2499 (byte) 0x4a, (byte) 0x10, (byte) 0xc2, (byte) 0xcc, (byte) 0xab, (byte) 0x51, 2500 (byte) 0xec, (byte) 0x1b, (byte) 0xb5, (byte) 0xfe, (byte) 0x20, (byte) 0x16, 2501 (byte) 0xb2, (byte) 0xc5, (byte) 0x0f, (byte) 0xe1, (byte) 0x6a, (byte) 0xb4, 2502 (byte) 0x6c, (byte) 0x27, (byte) 0xd9, (byte) 0x42, (byte) 0xb9, (byte) 0xb6, 2503 (byte) 0x55, (byte) 0xa8, (byte) 0xbc, (byte) 0x1c, (byte) 0x32, (byte) 0x54, 2504 (byte) 0x84, (byte) 0xec, (byte) 0x1e, (byte) 0x95, (byte) 0xd8, (byte) 0xae, 2505 (byte) 0xca, (byte) 0xc1, (byte) 0xad, (byte) 0x4c, (byte) 0x65, (byte) 0xd6, 2506 (byte) 0xc2, (byte) 0x19, (byte) 0x66, (byte) 0xad, (byte) 0x9f, (byte) 0x55, 2507 (byte) 0x15, (byte) 0xe1, (byte) 0x5d, (byte) 0x8f, (byte) 0xab, (byte) 0x18, 2508 (byte) 0x68, (byte) 0x42, (byte) 0x7c, (byte) 0x48, (byte) 0xb7, (byte) 0x2c, 2509 (byte) 0xfd, (byte) 0x1a, (byte) 0x07, (byte) 0xa1, (byte) 0x6a, (byte) 0xfb, 2510 (byte) 0x81, (byte) 0xc6, (byte) 0x93, (byte) 0xbf, (byte) 0xa3, (byte) 0x5d, 2511 (byte) 0xfd, (byte) 0xce, (byte) 0xf3, (byte) 0x17, (byte) 0x26, (byte) 0xf0, 2512 (byte) 0xda, (byte) 0x0e, (byte) 0xd1, (byte) 0x86, (byte) 0x9d, (byte) 0x61, 2513 (byte) 0xd1, (byte) 0x8a, (byte) 0xdb, (byte) 0x36, (byte) 0x39, (byte) 0x1c, 2514 (byte) 0xd4, (byte) 0x99, (byte) 0x53, (byte) 0x30, (byte) 0x5a, (byte) 0x01, 2515 (byte) 0xf4, (byte) 0xa0, (byte) 0xca, (byte) 0x94, (byte) 0x72, (byte) 0x3d, 2516 (byte) 0xe3, (byte) 0x50, (byte) 0x95, (byte) 0xcb, (byte) 0xa9, (byte) 0x37, 2517 (byte) 0xeb, (byte) 0x66, (byte) 0x21, (byte) 0x20, (byte) 0x2e, (byte) 0xf2, 2518 (byte) 0xfd, (byte) 0xfa, (byte) 0x54, (byte) 0xbf, (byte) 0x17, (byte) 0x23, 2519 (byte) 0xbb, (byte) 0x9e, (byte) 0x77, (byte) 0xe0, (byte) 0xaa}; 2520 2521 /* 2522 * echo -n 'This is a test of OAEP' | openssl pkeyutl -encrypt -inkey /tmp/rsakey.txt -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha512 -pkeyopt rsa_mgf1_md:sha512 -pkeyopt rsa_oaep_label:010203FFA00A | xxd -p -i | sed 's/0x/(byte) 0x/g' 2523 */ 2524 private static final byte[] RSA_Vector2_OAEP_SHA512_MGF1_SHA512_LABEL = 2525 new byte[] {(byte) 0x31, (byte) 0x3b, (byte) 0x23, (byte) 0xcf, (byte) 0x40, 2526 (byte) 0xfe, (byte) 0x15, (byte) 0x94, (byte) 0xd6, (byte) 0x81, (byte) 0x21, 2527 (byte) 0x69, (byte) 0x8e, (byte) 0x58, (byte) 0xd5, (byte) 0x0f, (byte) 0xa8, 2528 (byte) 0x72, (byte) 0x94, (byte) 0x13, (byte) 0xfe, (byte) 0xf9, (byte) 0xa1, 2529 (byte) 0x47, (byte) 0x49, (byte) 0x91, (byte) 0xcb, (byte) 0x66, (byte) 0xe6, 2530 (byte) 0x5d, (byte) 0x02, (byte) 0xad, (byte) 0xd4, (byte) 0x2f, (byte) 0x4f, 2531 (byte) 0xab, (byte) 0xb7, (byte) 0x9e, (byte) 0xc0, (byte) 0xf0, (byte) 0x3d, 2532 (byte) 0x66, (byte) 0x0e, (byte) 0x20, (byte) 0x82, (byte) 0x7f, (byte) 0x22, 2533 (byte) 0x8f, (byte) 0x81, (byte) 0xba, (byte) 0x47, (byte) 0xc7, (byte) 0xaf, 2534 (byte) 0xb6, (byte) 0x0e, (byte) 0x78, (byte) 0xe3, (byte) 0x30, (byte) 0xd7, 2535 (byte) 0x6c, (byte) 0x81, (byte) 0xc2, (byte) 0x05, (byte) 0x7e, (byte) 0xe9, 2536 (byte) 0xac, (byte) 0x8d, (byte) 0x45, (byte) 0x25, (byte) 0xe8, (byte) 0x26, 2537 (byte) 0x39, (byte) 0x88, (byte) 0x64, (byte) 0x2e, (byte) 0xc6, (byte) 0xed, 2538 (byte) 0xd4, (byte) 0xad, (byte) 0x94, (byte) 0xc8, (byte) 0x4e, (byte) 0x4a, 2539 (byte) 0x71, (byte) 0x1e, (byte) 0x11, (byte) 0x14, (byte) 0x03, (byte) 0x56, 2540 (byte) 0x02, (byte) 0x28, (byte) 0x32, (byte) 0x8f, (byte) 0xe2, (byte) 0x16, 2541 (byte) 0x4a, (byte) 0x62, (byte) 0xa6, (byte) 0x9a, (byte) 0x8d, (byte) 0xf8, 2542 (byte) 0x33, (byte) 0x35, (byte) 0xa2, (byte) 0xc7, (byte) 0x70, (byte) 0xcc, 2543 (byte) 0x26, (byte) 0x1e, (byte) 0x4d, (byte) 0x9c, (byte) 0x4e, (byte) 0x2b, 2544 (byte) 0xe8, (byte) 0xfd, (byte) 0x07, (byte) 0x33, (byte) 0x15, (byte) 0x53, 2545 (byte) 0x11, (byte) 0x5c, (byte) 0x6f, (byte) 0x5d, (byte) 0x23, (byte) 0x7b, 2546 (byte) 0x3f, (byte) 0x73, (byte) 0xff, (byte) 0xf4, (byte) 0xbe, (byte) 0x1f, 2547 (byte) 0xe6, (byte) 0x5a, (byte) 0xb8, (byte) 0x2b, (byte) 0xd2, (byte) 0xbe, 2548 (byte) 0xa0, (byte) 0x91, (byte) 0x5d, (byte) 0xca, (byte) 0x89, (byte) 0xb3, 2549 (byte) 0xce, (byte) 0x0a, (byte) 0x2b, (byte) 0xce, (byte) 0xb9, (byte) 0xbe, 2550 (byte) 0x5d, (byte) 0xb2, (byte) 0xc2, (byte) 0xd6, (byte) 0xa9, (byte) 0xbc, 2551 (byte) 0x37, (byte) 0xed, (byte) 0x9a, (byte) 0xba, (byte) 0x35, (byte) 0xf8, 2552 (byte) 0x6e, (byte) 0x63, (byte) 0x76, (byte) 0xd1, (byte) 0x12, (byte) 0xf5, 2553 (byte) 0x89, (byte) 0xf0, (byte) 0x13, (byte) 0x86, (byte) 0xe7, (byte) 0x1b, 2554 (byte) 0x94, (byte) 0xcb, (byte) 0xc8, (byte) 0x5c, (byte) 0x4c, (byte) 0x1b, 2555 (byte) 0x8a, (byte) 0x2d, (byte) 0x6b, (byte) 0x24, (byte) 0x1a, (byte) 0x38, 2556 (byte) 0x14, (byte) 0x77, (byte) 0x49, (byte) 0xe5, (byte) 0x08, (byte) 0x25, 2557 (byte) 0xe4, (byte) 0xa6, (byte) 0xcf, (byte) 0x62, (byte) 0xfd, (byte) 0x66, 2558 (byte) 0x28, (byte) 0xf0, (byte) 0x3a, (byte) 0x9c, (byte) 0x31, (byte) 0xef, 2559 (byte) 0x48, (byte) 0x2a, (byte) 0xd3, (byte) 0x3e, (byte) 0x29, (byte) 0xfa, 2560 (byte) 0x18, (byte) 0x8f, (byte) 0xd6, (byte) 0xaa, (byte) 0x1d, (byte) 0x10, 2561 (byte) 0xcd, (byte) 0x35, (byte) 0x25, (byte) 0x92, (byte) 0x48, (byte) 0xa0, 2562 (byte) 0x2c, (byte) 0xc1, (byte) 0x31, (byte) 0xeb, (byte) 0x47, (byte) 0x5b, 2563 (byte) 0x22, (byte) 0x52, (byte) 0x7c, (byte) 0xf5, (byte) 0xec, (byte) 0x76, 2564 (byte) 0x90, (byte) 0x94, (byte) 0x58, (byte) 0xd9, (byte) 0xd6, (byte) 0xe0, 2565 (byte) 0x0a, (byte) 0x3f, (byte) 0x09, (byte) 0x98, (byte) 0x03, (byte) 0xc5, 2566 (byte) 0x07, (byte) 0x8f, (byte) 0x89, (byte) 0x1e, (byte) 0x62, (byte) 0x2c, 2567 (byte) 0xea, (byte) 0x17, (byte) 0x0a, (byte) 0x2e, (byte) 0x68}; 2568 2569 @Test testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success()2570 public void testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success() throws Exception { 2571 for (String provider : RSA_PROVIDERS) { 2572 testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success(provider); 2573 } 2574 } 2575 testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success(String provider)2576 private void testRSA_ECB_NoPadding_Private_OnlyDoFinal_Success(String provider) throws Exception { 2577 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2578 2579 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2580 2581 /* 2582 * You're actually decrypting with private keys, but there is no 2583 * distinction made here. It's all keyed off of what kind of key you're 2584 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2585 */ 2586 c.init(Cipher.ENCRYPT_MODE, privKey); 2587 byte[] encrypted = c.doFinal(RSA_2048_Vector1); 2588 assertTrue("Encrypted should match expected", 2589 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2590 2591 c.init(Cipher.DECRYPT_MODE, privKey); 2592 encrypted = c.doFinal(RSA_2048_Vector1); 2593 assertTrue("Encrypted should match expected", 2594 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2595 } 2596 2597 @Test testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success()2598 public void testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success() throws Exception { 2599 for (String provider : RSA_PROVIDERS) { 2600 testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success(provider); 2601 } 2602 } 2603 testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success(String provider)2604 private void testRSA_ECB_NoPadding_Private_UpdateThenEmptyDoFinal_Success(String provider) throws Exception { 2605 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2606 2607 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2608 2609 /* 2610 * You're actually decrypting with private keys, but there is no 2611 * distinction made here. It's all keyed off of what kind of key you're 2612 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2613 */ 2614 c.init(Cipher.ENCRYPT_MODE, privKey); 2615 c.update(RSA_2048_Vector1); 2616 byte[] encrypted = c.doFinal(); 2617 assertTrue("Encrypted should match expected", 2618 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2619 2620 c.init(Cipher.DECRYPT_MODE, privKey); 2621 c.update(RSA_2048_Vector1); 2622 encrypted = c.doFinal(); 2623 assertTrue("Encrypted should match expected", 2624 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2625 } 2626 2627 @Test testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success()2628 public void testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success() 2629 throws Exception { 2630 for (String provider : RSA_PROVIDERS) { 2631 testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success(provider); 2632 } 2633 } 2634 testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success(String provider)2635 private void testRSA_ECB_NoPadding_Private_SingleByteUpdateThenEmptyDoFinal_Success(String provider) 2636 throws Exception { 2637 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2638 2639 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2640 2641 /* 2642 * You're actually decrypting with private keys, but there is no 2643 * distinction made here. It's all keyed off of what kind of key you're 2644 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2645 */ 2646 c.init(Cipher.ENCRYPT_MODE, privKey); 2647 int i; 2648 for (i = 0; i < RSA_2048_Vector1.length / 2; i++) { 2649 c.update(RSA_2048_Vector1, i, 1); 2650 } 2651 byte[] encrypted = c.doFinal(RSA_2048_Vector1, i, RSA_2048_Vector1.length - i); 2652 assertTrue("Encrypted should match expected", 2653 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2654 2655 c.init(Cipher.DECRYPT_MODE, privKey); 2656 for (i = 0; i < RSA_2048_Vector1.length / 2; i++) { 2657 c.update(RSA_2048_Vector1, i, 1); 2658 } 2659 encrypted = c.doFinal(RSA_2048_Vector1, i, RSA_2048_Vector1.length - i); 2660 assertTrue("Encrypted should match expected", 2661 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2662 } 2663 2664 @Test testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success()2665 public void testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success() throws Exception { 2666 for (String provider : RSA_PROVIDERS) { 2667 testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success(provider); 2668 } 2669 } 2670 testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success(String provider)2671 private void testRSA_ECB_NoPadding_Private_OnlyDoFinalWithOffset_Success(String provider) throws Exception { 2672 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2673 2674 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2675 2676 /* 2677 * You're actually decrypting with private keys, but there is no 2678 * distinction made here. It's all keyed off of what kind of key you're 2679 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2680 */ 2681 c.init(Cipher.ENCRYPT_MODE, privKey); 2682 byte[] encrypted = new byte[RSA_Vector1_Encrypt_Private.length]; 2683 final int encryptLen = c 2684 .doFinal(RSA_2048_Vector1, 0, RSA_2048_Vector1.length, encrypted, 0); 2685 assertEquals("Encrypted size should match expected", RSA_Vector1_Encrypt_Private.length, 2686 encryptLen); 2687 assertTrue("Encrypted should match expected", 2688 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2689 2690 c.init(Cipher.DECRYPT_MODE, privKey); 2691 final int decryptLen = c 2692 .doFinal(RSA_2048_Vector1, 0, RSA_2048_Vector1.length, encrypted, 0); 2693 assertEquals("Encrypted size should match expected", RSA_Vector1_Encrypt_Private.length, 2694 decryptLen); 2695 assertTrue("Encrypted should match expected", 2696 Arrays.equals(RSA_Vector1_Encrypt_Private, encrypted)); 2697 } 2698 2699 @Test testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success()2700 public void testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success() throws Exception { 2701 for (String provider : RSA_PROVIDERS) { 2702 testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success(provider); 2703 } 2704 } 2705 testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success(String provider)2706 private void testRSA_ECB_NoPadding_Public_OnlyDoFinal_Success(String provider) throws Exception { 2707 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2708 2709 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2710 2711 /* 2712 * You're actually encrypting with public keys, but there is no 2713 * distinction made here. It's all keyed off of what kind of key you're 2714 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2715 */ 2716 c.init(Cipher.ENCRYPT_MODE, pubKey); 2717 byte[] encrypted = c.doFinal(RSA_Vector1_Encrypt_Private); 2718 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 2719 2720 c.init(Cipher.DECRYPT_MODE, pubKey); 2721 encrypted = c.doFinal(RSA_Vector1_Encrypt_Private); 2722 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 2723 } 2724 2725 @Test testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success()2726 public void testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success() throws Exception { 2727 for (String provider : RSA_PROVIDERS) { 2728 testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success(provider); 2729 } 2730 } 2731 testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success(String provider)2732 private void testRSA_ECB_NoPadding_Public_OnlyDoFinalWithOffset_Success(String provider) throws Exception { 2733 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2734 2735 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2736 2737 /* 2738 * You're actually encrypting with public keys, but there is no 2739 * distinction made here. It's all keyed off of what kind of key you're 2740 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2741 */ 2742 c.init(Cipher.ENCRYPT_MODE, pubKey); 2743 byte[] encrypted = new byte[RSA_2048_Vector1.length]; 2744 final int encryptLen = c.doFinal(RSA_Vector1_Encrypt_Private, 0, 2745 RSA_Vector1_Encrypt_Private.length, encrypted, 0); 2746 assertEquals("Encrypted size should match expected", RSA_2048_Vector1.length, encryptLen); 2747 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 2748 2749 c.init(Cipher.DECRYPT_MODE, pubKey); 2750 int decryptLen = c.doFinal(RSA_Vector1_Encrypt_Private, 0, 2751 RSA_Vector1_Encrypt_Private.length, encrypted, 0); 2752 if (provider.equals("BC")) { 2753 // BC strips the leading 0 for us on decrypt even when NoPadding is specified... 2754 decryptLen++; 2755 encrypted = Arrays.copyOf(encrypted, encrypted.length - 1); 2756 } 2757 assertEquals("Encrypted size should match expected", RSA_2048_Vector1.length, decryptLen); 2758 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 2759 } 2760 2761 @Test testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success()2762 public void testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success() throws Exception { 2763 for (String provider : RSA_PROVIDERS) { 2764 testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success(provider); 2765 } 2766 } 2767 testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success(String provider)2768 private void testRSA_ECB_NoPadding_Public_UpdateThenEmptyDoFinal_Success(String provider) throws Exception { 2769 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2770 2771 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2772 2773 /* 2774 * You're actually encrypting with public keys, but there is no 2775 * distinction made here. It's all keyed off of what kind of key you're 2776 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2777 */ 2778 c.init(Cipher.ENCRYPT_MODE, pubKey); 2779 c.update(RSA_Vector1_Encrypt_Private); 2780 byte[] encrypted = c.doFinal(); 2781 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 2782 2783 c.init(Cipher.DECRYPT_MODE, pubKey); 2784 c.update(RSA_Vector1_Encrypt_Private); 2785 encrypted = c.doFinal(); 2786 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 2787 } 2788 2789 @Test testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success()2790 public void testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success() 2791 throws Exception { 2792 for (String provider : RSA_PROVIDERS) { 2793 testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success(provider); 2794 } 2795 } 2796 testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success(String provider)2797 private void testRSA_ECB_NoPadding_Public_SingleByteUpdateThenEmptyDoFinal_Success(String provider) 2798 throws Exception { 2799 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2800 2801 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2802 2803 /* 2804 * You're actually encrypting with public keys, but there is no 2805 * distinction made here. It's all keyed off of what kind of key you're 2806 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2807 */ 2808 c.init(Cipher.ENCRYPT_MODE, pubKey); 2809 int i; 2810 for (i = 0; i < RSA_Vector1_Encrypt_Private.length / 2; i++) { 2811 c.update(RSA_Vector1_Encrypt_Private, i, 1); 2812 } 2813 byte[] encrypted = c.doFinal(RSA_Vector1_Encrypt_Private, i, RSA_2048_Vector1.length - i); 2814 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, RSA_2048_Vector1, encrypted); 2815 2816 c.init(Cipher.DECRYPT_MODE, pubKey); 2817 for (i = 0; i < RSA_Vector1_Encrypt_Private.length / 2; i++) { 2818 c.update(RSA_Vector1_Encrypt_Private, i, 1); 2819 } 2820 encrypted = c.doFinal(RSA_Vector1_Encrypt_Private, i, RSA_2048_Vector1.length - i); 2821 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, RSA_2048_Vector1, encrypted); 2822 } 2823 2824 @Test testRSA_ECB_NoPadding_Public_TooSmall_Success()2825 public void testRSA_ECB_NoPadding_Public_TooSmall_Success() throws Exception { 2826 for (String provider : RSA_PROVIDERS) { 2827 testRSA_ECB_NoPadding_Public_TooSmall_Success(provider); 2828 } 2829 } 2830 testRSA_ECB_NoPadding_Public_TooSmall_Success(String provider)2831 private void testRSA_ECB_NoPadding_Public_TooSmall_Success(String provider) throws Exception { 2832 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 2833 2834 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2835 2836 /* 2837 * You're actually encrypting with public keys, but there is no 2838 * distinction made here. It's all keyed off of what kind of key you're 2839 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2840 */ 2841 c.init(Cipher.ENCRYPT_MODE, pubKey); 2842 byte[] encrypted = c.doFinal(TooShort_Vector); 2843 assertTrue("Encrypted should match expected", 2844 Arrays.equals(RSA_Vector1_ZeroPadded_Encrypted, encrypted)); 2845 2846 c.init(Cipher.DECRYPT_MODE, pubKey); 2847 encrypted = c.doFinal(TooShort_Vector); 2848 assertTrue("Encrypted should match expected", 2849 Arrays.equals(RSA_Vector1_ZeroPadded_Encrypted, encrypted)); 2850 } 2851 2852 @Test testRSA_ECB_NoPadding_Private_TooSmall_Success()2853 public void testRSA_ECB_NoPadding_Private_TooSmall_Success() throws Exception { 2854 for (String provider : RSA_PROVIDERS) { 2855 testRSA_ECB_NoPadding_Private_TooSmall_Success(provider); 2856 } 2857 } 2858 testRSA_ECB_NoPadding_Private_TooSmall_Success(String provider)2859 private void testRSA_ECB_NoPadding_Private_TooSmall_Success(String provider) throws Exception { 2860 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2861 2862 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2863 2864 /* 2865 * You're actually encrypting with public keys, but there is no 2866 * distinction made here. It's all keyed off of what kind of key you're 2867 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2868 */ 2869 c.init(Cipher.ENCRYPT_MODE, privKey); 2870 byte[] encrypted = c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 2871 assertEncryptedEqualsNoPadding(provider, Cipher.ENCRYPT_MODE, 2872 TooShort_Vector_Zero_Padded, encrypted); 2873 2874 c.init(Cipher.DECRYPT_MODE, privKey); 2875 encrypted = c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 2876 assertEncryptedEqualsNoPadding(provider, Cipher.DECRYPT_MODE, 2877 TooShort_Vector_Zero_Padded, encrypted); 2878 } 2879 assertEncryptedEqualsNoPadding(String provider, int mode, byte[] expected, byte[] actual)2880 private static void assertEncryptedEqualsNoPadding(String provider, int mode, 2881 byte[] expected, byte[] actual) { 2882 if (provider.equals("BC") && mode == Cipher.DECRYPT_MODE) { 2883 // BouncyCastle does us the favor of stripping leading zeroes in DECRYPT_MODE 2884 int nonZeroOffset = 0; 2885 for (byte b : expected) { 2886 if (b != 0) { 2887 break; 2888 } 2889 nonZeroOffset++; 2890 } 2891 expected = Arrays.copyOfRange(expected, nonZeroOffset, expected.length); 2892 } 2893 assertEquals("Encrypted should match expected", 2894 Arrays.toString(expected), Arrays.toString(actual)); 2895 } 2896 2897 @Test testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure()2898 public void testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure() 2899 throws Exception { 2900 for (String provider : RSA_PROVIDERS) { 2901 testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure(provider); 2902 } 2903 } 2904 testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure(String provider)2905 private void testRSA_ECB_NoPadding_Private_CombinedUpdateAndDoFinal_TooBig_Failure(String provider) 2906 throws Exception { 2907 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2908 2909 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2910 2911 /* 2912 * You're actually encrypting with public keys, but there is no 2913 * distinction made here. It's all keyed off of what kind of key you're 2914 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2915 */ 2916 c.init(Cipher.ENCRYPT_MODE, privKey); 2917 c.update(RSA_Vector1_ZeroPadded_Encrypted); 2918 2919 try { 2920 c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 2921 fail("Should have error when block size is too big."); 2922 } catch (IllegalBlockSizeException success) { 2923 assertFalse(provider, "BC".equals(provider)); 2924 } catch (ArrayIndexOutOfBoundsException success) { 2925 assertEquals("BC", provider); 2926 } 2927 } 2928 2929 @Test testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure()2930 public void testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure() 2931 throws Exception { 2932 for (String provider : RSA_PROVIDERS) { 2933 testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure(provider); 2934 } 2935 } 2936 testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure(String provider)2937 private void testRSA_ECB_NoPadding_Private_UpdateInAndOutPlusDoFinal_TooBig_Failure(String provider) 2938 throws Exception { 2939 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2940 2941 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2942 2943 /* 2944 * You're actually encrypting with public keys, but there is no 2945 * distinction made here. It's all keyed off of what kind of key you're 2946 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2947 */ 2948 c.init(Cipher.ENCRYPT_MODE, privKey); 2949 2950 byte[] output = new byte[RSA_2048_Vector1.length]; 2951 c.update(RSA_Vector1_ZeroPadded_Encrypted, 0, RSA_Vector1_ZeroPadded_Encrypted.length, 2952 output); 2953 2954 try { 2955 c.doFinal(RSA_Vector1_ZeroPadded_Encrypted); 2956 fail("Should have error when block size is too big."); 2957 } catch (IllegalBlockSizeException success) { 2958 assertFalse(provider, "BC".equals(provider)); 2959 } catch (ArrayIndexOutOfBoundsException success) { 2960 assertEquals("BC", provider); 2961 } 2962 } 2963 2964 @Test testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure()2965 public void testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure() throws Exception { 2966 for (String provider : RSA_PROVIDERS) { 2967 testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure(provider); 2968 } 2969 } 2970 testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure(String provider)2971 private void testRSA_ECB_NoPadding_Private_OnlyDoFinal_TooBig_Failure(String provider) throws Exception { 2972 final PrivateKey privKey = (PrivateKey) getDecryptKey("RSA"); 2973 2974 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 2975 2976 /* 2977 * You're actually encrypting with public keys, but there is no 2978 * distinction made here. It's all keyed off of what kind of key you're 2979 * using. ENCRYPT_MODE and DECRYPT_MODE are the same. 2980 */ 2981 c.init(Cipher.ENCRYPT_MODE, privKey); 2982 2983 byte[] tooBig_Vector = new byte[RSA_Vector1_ZeroPadded_Encrypted.length * 2]; 2984 System.arraycopy(RSA_Vector1_ZeroPadded_Encrypted, 0, tooBig_Vector, 0, 2985 RSA_Vector1_ZeroPadded_Encrypted.length); 2986 System.arraycopy(RSA_Vector1_ZeroPadded_Encrypted, 0, tooBig_Vector, 2987 RSA_Vector1_ZeroPadded_Encrypted.length, RSA_Vector1_ZeroPadded_Encrypted.length); 2988 2989 try { 2990 c.doFinal(tooBig_Vector); 2991 fail("Should have error when block size is too big."); 2992 } catch (IllegalBlockSizeException success) { 2993 assertFalse(provider, "BC".equals(provider)); 2994 } catch (ArrayIndexOutOfBoundsException success) { 2995 assertEquals("BC", provider); 2996 } 2997 } 2998 2999 @Test testRSA_ECB_NoPadding_GetBlockSize_Success()3000 public void testRSA_ECB_NoPadding_GetBlockSize_Success() throws Exception { 3001 for (String provider : RSA_PROVIDERS) { 3002 testRSA_ECB_NoPadding_GetBlockSize_Success(provider); 3003 } 3004 } 3005 testRSA_ECB_NoPadding_GetBlockSize_Success(String provider)3006 private void testRSA_ECB_NoPadding_GetBlockSize_Success(String provider) throws Exception { 3007 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3008 if (provider.equals("SunJCE")) { 3009 assertEquals(0, c.getBlockSize()); 3010 } else { 3011 try { 3012 c.getBlockSize(); 3013 fail(); 3014 } catch (IllegalStateException expected) { 3015 } 3016 } 3017 3018 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 3019 c.init(Cipher.ENCRYPT_MODE, pubKey); 3020 assertEquals(getExpectedBlockSize("RSA", Cipher.ENCRYPT_MODE, provider), c.getBlockSize()); 3021 } 3022 3023 @Test testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure()3024 public void testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure() throws Exception { 3025 for (String provider : RSA_PROVIDERS) { 3026 testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure(provider); 3027 } 3028 } 3029 testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure(String provider)3030 private void testRSA_ECB_NoPadding_GetOutputSize_NoInit_Failure(String provider) throws Exception { 3031 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3032 try { 3033 c.getOutputSize(RSA_2048_Vector1.length); 3034 fail("Should throw IllegalStateException if getOutputSize is called before init"); 3035 } catch (IllegalStateException success) { 3036 } 3037 } 3038 3039 @Test testRSA_ECB_NoPadding_GetOutputSize_Success()3040 public void testRSA_ECB_NoPadding_GetOutputSize_Success() throws Exception { 3041 for (String provider : RSA_PROVIDERS) { 3042 testRSA_ECB_NoPadding_GetOutputSize_Success(provider); 3043 } 3044 } 3045 testRSA_ECB_NoPadding_GetOutputSize_Success(String provider)3046 private void testRSA_ECB_NoPadding_GetOutputSize_Success(String provider) throws Exception { 3047 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 3048 3049 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3050 c.init(Cipher.ENCRYPT_MODE, pubKey); 3051 3052 final int modulusInBytes = RSA_2048_modulus.bitLength() / 8; 3053 assertEquals(modulusInBytes, c.getOutputSize(RSA_2048_Vector1.length)); 3054 assertEquals(modulusInBytes, c.getOutputSize(RSA_2048_Vector1.length * 2)); 3055 assertEquals(modulusInBytes, c.getOutputSize(0)); 3056 } 3057 3058 @Test testRSA_ECB_NoPadding_GetIV_Success()3059 public void testRSA_ECB_NoPadding_GetIV_Success() throws Exception { 3060 for (String provider : RSA_PROVIDERS) { 3061 testRSA_ECB_NoPadding_GetIV_Success(provider); 3062 } 3063 } 3064 testRSA_ECB_NoPadding_GetIV_Success(String provider)3065 private void testRSA_ECB_NoPadding_GetIV_Success(String provider) throws Exception { 3066 final PublicKey pubKey = (PublicKey) getEncryptKey("RSA"); 3067 3068 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3069 assertNull("ECB mode has no IV and should be null", c.getIV()); 3070 3071 c.init(Cipher.ENCRYPT_MODE, pubKey); 3072 3073 assertNull("ECB mode has no IV and should be null", c.getIV()); 3074 } 3075 3076 @Test testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success()3077 public void testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success() throws Exception { 3078 for (String provider : RSA_PROVIDERS) { 3079 testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success(provider); 3080 } 3081 } 3082 testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success(String provider)3083 private void testRSA_ECB_NoPadding_GetParameters_NoneProvided_Success(String provider) throws Exception { 3084 Cipher c = Cipher.getInstance("RSA/ECB/NoPadding", provider); 3085 assertNull("Parameters should be null", c.getParameters()); 3086 } 3087 3088 /* 3089 * Test vector generation: 3090 * openssl rand -hex 16 | sed 's/\(..\)/(byte) 0x\1, /g' 3091 */ 3092 private static final SecretKeySpec DES_112_KEY = new SecretKeySpec(new byte[] { 3093 (byte) 0x6b, (byte) 0xb3, (byte) 0x85, (byte) 0x1c, (byte) 0x3d, (byte) 0x50, 3094 (byte) 0xd4, (byte) 0x95, (byte) 0x39, (byte) 0x48, (byte) 0x77, (byte) 0x30, 3095 (byte) 0x1a, (byte) 0xd7, (byte) 0x86, (byte) 0x57, 3096 }, "DESede"); 3097 3098 /* 3099 * Test vector generation: 3100 * openssl rand -hex 24 | sed 's/\(..\)/(byte) 0x\1, /g' 3101 */ 3102 private static final SecretKeySpec DES_168_KEY = new SecretKeySpec(new byte[] { 3103 (byte) 0xfe, (byte) 0xd4, (byte) 0xd7, (byte) 0xc9, (byte) 0x8a, (byte) 0x13, 3104 (byte) 0x6a, (byte) 0xa8, (byte) 0x5a, (byte) 0xb8, (byte) 0x19, (byte) 0xb8, 3105 (byte) 0xcf, (byte) 0x3c, (byte) 0x5f, (byte) 0xe0, (byte) 0xa2, (byte) 0xf7, 3106 (byte) 0x7b, (byte) 0x65, (byte) 0x43, (byte) 0xc0, (byte) 0xc4, (byte) 0xe1, 3107 }, "DESede"); 3108 3109 /* 3110 * Test vector generation: 3111 * openssl rand -hex 5 | sed 's/\(..\)/(byte) 0x\1, /g' 3112 */ 3113 private static final SecretKeySpec ARC4_40BIT_KEY = new SecretKeySpec(new byte[] { 3114 (byte) 0x9c, (byte) 0xc8, (byte) 0xb9, (byte) 0x94, (byte) 0x98, 3115 }, "ARC4"); 3116 3117 /* 3118 * Test vector generation: 3119 * openssl rand -hex 24 | sed 's/\(..\)/(byte) 0x\1, /g' 3120 */ 3121 private static final SecretKeySpec ARC4_128BIT_KEY = new SecretKeySpec(new byte[] { 3122 (byte) 0xbc, (byte) 0x0a, (byte) 0x3c, (byte) 0xca, (byte) 0xb5, (byte) 0x42, 3123 (byte) 0xfa, (byte) 0x5d, (byte) 0x86, (byte) 0x5b, (byte) 0x44, (byte) 0x87, 3124 (byte) 0x83, (byte) 0xd8, (byte) 0xcb, (byte) 0xd4, 3125 }, "ARC4"); 3126 3127 /* 3128 * Test vector generation: 3129 * openssl rand -hex 16 3130 * echo '3d4f8970b1f27537f40a39298a41555f' | sed 's/\(..\)/(byte) 0x\1, /g' 3131 */ 3132 private static final SecretKeySpec AES_128_KEY = new SecretKeySpec(new byte[] { 3133 (byte) 0x3d, (byte) 0x4f, (byte) 0x89, (byte) 0x70, (byte) 0xb1, (byte) 0xf2, 3134 (byte) 0x75, (byte) 0x37, (byte) 0xf4, (byte) 0x0a, (byte) 0x39, (byte) 0x29, 3135 (byte) 0x8a, (byte) 0x41, (byte) 0x55, (byte) 0x5f, 3136 }, "AES"); 3137 3138 /* 3139 * Test key generation: 3140 * openssl rand -hex 24 3141 * echo '5a7a3d7e40b64ed996f7afa15f97fd595e27db6af428e342' | sed 's/\(..\)/(byte) 0x\1, /g' 3142 */ 3143 private static final SecretKeySpec AES_192_KEY = new SecretKeySpec(new byte[] { 3144 (byte) 0x5a, (byte) 0x7a, (byte) 0x3d, (byte) 0x7e, (byte) 0x40, (byte) 0xb6, 3145 (byte) 0x4e, (byte) 0xd9, (byte) 0x96, (byte) 0xf7, (byte) 0xaf, (byte) 0xa1, 3146 (byte) 0x5f, (byte) 0x97, (byte) 0xfd, (byte) 0x59, (byte) 0x5e, (byte) 0x27, 3147 (byte) 0xdb, (byte) 0x6a, (byte) 0xf4, (byte) 0x28, (byte) 0xe3, (byte) 0x42, 3148 }, "AES"); 3149 3150 /* 3151 * Test key generation: 3152 * openssl rand -hex 32 3153 * echo 'ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935' | sed 's/\(..\)/(byte) 0x\1, /g' 3154 */ 3155 private static final SecretKeySpec AES_256_KEY = new SecretKeySpec(new byte[] { 3156 (byte) 0xec, (byte) 0x53, (byte) 0xc6, (byte) 0xd5, (byte) 0x1d, (byte) 0x2c, 3157 (byte) 0x49, (byte) 0x73, (byte) 0x58, (byte) 0x5f, (byte) 0xb0, (byte) 0xb8, 3158 (byte) 0xe5, (byte) 0x1c, (byte) 0xd2, (byte) 0xe3, (byte) 0x99, (byte) 0x15, 3159 (byte) 0xff, (byte) 0x07, (byte) 0xa1, (byte) 0x83, (byte) 0x78, (byte) 0x72, 3160 (byte) 0x71, (byte) 0x5d, (byte) 0x61, (byte) 0x21, (byte) 0xbf, (byte) 0x86, 3161 (byte) 0x19, (byte) 0x35, 3162 }, "AES"); 3163 3164 /* 3165 * Test vector generation: 3166 * echo -n 'Testing rocks!' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3167 */ 3168 private static final byte[] DES_Plaintext1 = new byte[] { 3169 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x69, (byte) 0x6E, 3170 (byte) 0x67, (byte) 0x20, (byte) 0x72, (byte) 0x6F, (byte) 0x63, (byte) 0x6B, 3171 (byte) 0x73, (byte) 0x21 3172 }; 3173 3174 3175 /* 3176 * Test vector generation: take DES_Plaintext1 and PKCS #5 pad it manually (it's not hard). 3177 */ 3178 private static final byte[] DES_Plaintext1_PKCS5_Padded = new byte[] { 3179 (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x69, (byte) 0x6E, 3180 (byte) 0x67, (byte) 0x20, (byte) 0x72, (byte) 0x6F, (byte) 0x63, (byte) 0x6B, 3181 (byte) 0x73, (byte) 0x21, (byte) 0x02, (byte) 0x02, 3182 }; 3183 3184 /* 3185 * Test vector generation: 3186 * openssl rand -hex 8 | sed 's/\(..\)/(byte) 0x\1, /g' 3187 */ 3188 private static final byte[] DES_IV1 = new byte[] { 3189 (byte) 0x5c, (byte) 0x47, (byte) 0x5e, (byte) 0x57, (byte) 0x0c, (byte) 0x46, 3190 (byte) 0xcb, (byte) 0x47, 3191 }; 3192 3193 /* 3194 * Test vector generation: 3195 * openssl enc -des-ede-cbc -K 6bb3851c3d50d495394877301ad78657 -iv 5c475e570c46cb47 -in blah 3196 * | recode ../x1 | sed 's/0x/(byte) 0x/g' 3197 */ 3198 private static final byte[] 3199 DES_Plaintext1_Encrypted_With_DES_112_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 = 3200 new byte[] { 3201 (byte) 0x09, (byte) 0xA5, (byte) 0x5D, (byte) 0x94, (byte) 0x94, (byte) 0xAA, 3202 (byte) 0x3F, (byte) 0xC8, (byte) 0xB7, (byte) 0x73, (byte) 0x94, (byte) 0x0E, 3203 (byte) 0xFC, (byte) 0xF4, (byte) 0xA5, (byte) 0x28, 3204 }; 3205 3206 3207 /* 3208 * Test vector generation: 3209 * openssl enc -des-ede3-cbc -K fed4d7c98a136aa85ab819b8cf3c5fe0a2f77b6543c0c4e1 3210 * -iv 5c475e570c46cb47 -in blah | recode ../x1 | sed 's/0x/(byte) 0x/g' 3211 */ 3212 private static final byte[] 3213 DES_Plaintext1_Encrypted_With_DES_168_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 = 3214 new byte[] { 3215 (byte) 0xC9, (byte) 0xF1, (byte) 0x83, (byte) 0x1F, (byte) 0x24, (byte) 0x83, 3216 (byte) 0x2C, (byte) 0x7B, (byte) 0x66, (byte) 0x66, (byte) 0x99, (byte) 0x98, 3217 (byte) 0x27, (byte) 0xB0, (byte) 0xED, (byte) 0x47 3218 }; 3219 3220 3221 /* 3222 * Test vector generation: 3223 * echo -n 'Plaintext for arc4' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3224 */ 3225 private static final byte[] ARC4_Plaintext1 = new byte[] { 3226 (byte) 0x50, (byte) 0x6C, (byte) 0x61, (byte) 0x69, (byte) 0x6E, (byte) 0x74, 3227 (byte) 0x65, (byte) 0x78, (byte) 0x74, (byte) 0x20, (byte) 0x66, (byte) 0x6F, 3228 (byte) 0x72, (byte) 0x20, (byte) 0x61, (byte) 0x72, (byte) 0x63, (byte) 0x34 3229 }; 3230 3231 /* 3232 * Test vector generation: 3233 * echo -n 'Plaintext for arc4' | openssl enc -rc4-40 -K 9cc8b99498 | recode ../x1 \ 3234 * | sed 's/0x/(byte) 0x/g' 3235 */ 3236 private static final byte[] ARC4_Plaintext1_Encrypted_With_ARC4_40Bit_Key = new byte[] { 3237 (byte) 0x63, (byte) 0xF7, (byte) 0x11, (byte) 0x90, (byte) 0x63, (byte) 0xEF, 3238 (byte) 0x5E, (byte) 0xB3, (byte) 0x93, (byte) 0xB3, (byte) 0x46, (byte) 0x3F, 3239 (byte) 0x1B, (byte) 0x02, (byte) 0x53, (byte) 0x9B, (byte) 0xD9, (byte) 0xE0 3240 }; 3241 3242 /* 3243 * Test vector generation: 3244 * echo -n 'Plaintext for arc4' | openssl enc -rc4 -K bc0a3ccab542fa5d865b448783d8cbd4 \ 3245 * | recode ../x1 | sed 's/0x/(byte) 0x/g' 3246 */ 3247 private static final byte[] ARC4_Plaintext1_Encrypted_With_ARC4_128Bit_Key = new byte[] { 3248 (byte) 0x25, (byte) 0x14, (byte) 0xA9, (byte) 0x72, (byte) 0x4D, (byte) 0xA9, 3249 (byte) 0xF6, (byte) 0xA7, (byte) 0x2F, (byte) 0xB7, (byte) 0x0D, (byte) 0x60, 3250 (byte) 0x09, (byte) 0xBE, (byte) 0x41, (byte) 0x9B, (byte) 0x32, (byte) 0x2B 3251 }; 3252 3253 /* 3254 * Test vector creation: 3255 * echo -n 'Hello, world!' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3256 */ 3257 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext = new byte[] { 3258 (byte) 0x48, (byte) 0x65, (byte) 0x6C, (byte) 0x6C, (byte) 0x6F, (byte) 0x2C, 3259 (byte) 0x20, (byte) 0x77, (byte) 0x6F, (byte) 0x72, (byte) 0x6C, (byte) 0x64, 3260 (byte) 0x21, 3261 }; 3262 3263 /* 3264 * Test vector creation: 3265 * openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -in blah|openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -nopad -d|recode ../x1 | sed 's/0x/(byte) 0x/g' 3266 */ 3267 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded = new byte[] { 3268 (byte) 0x48, (byte) 0x65, (byte) 0x6C, (byte) 0x6C, (byte) 0x6F, (byte) 0x2C, 3269 (byte) 0x20, (byte) 0x77, (byte) 0x6F, (byte) 0x72, (byte) 0x6C, (byte) 0x64, 3270 (byte) 0x21, (byte) 0x03, (byte) 0x03, (byte) 0x03 3271 }; 3272 3273 /* 3274 * Test vector generation: 3275 * openssl enc -aes-128-ecb -K 3d4f8970b1f27537f40a39298a41555f -in blah|recode ../x1 | sed 's/0x/(byte) 0x/g' 3276 */ 3277 private static final byte[] AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted = new byte[] { 3278 (byte) 0x65, (byte) 0x3E, (byte) 0x86, (byte) 0xFB, (byte) 0x05, (byte) 0x5A, 3279 (byte) 0x52, (byte) 0xEA, (byte) 0xDD, (byte) 0x08, (byte) 0xE7, (byte) 0x48, 3280 (byte) 0x33, (byte) 0x01, (byte) 0xFC, (byte) 0x5A, 3281 }; 3282 3283 /* 3284 * Taken from BoringSSL test vectors. 3285 */ 3286 private static final SecretKeySpec AES_128_GCM_TestVector_1_Key = new SecretKeySpec(new byte[] { 3287 (byte) 0xca, (byte) 0xbd, (byte) 0xcf, (byte) 0x54, (byte) 0x1a, (byte) 0xeb, 3288 (byte) 0xf9, (byte) 0x17, (byte) 0xba, (byte) 0xc0, (byte) 0x19, (byte) 0xf1, 3289 (byte) 0x39, (byte) 0x25, (byte) 0xd2, (byte) 0x67, 3290 }, "AES"); 3291 3292 /* 3293 * Taken from BoringSSL test vectors. 3294 */ 3295 private static final byte[] AES_128_GCM_TestVector_1_IV = new byte[] { 3296 (byte) 0x2c, (byte) 0x34, (byte) 0xc0, (byte) 0x0c, (byte) 0x42, (byte) 0xda, 3297 (byte) 0xe3, (byte) 0x82, (byte) 0x27, (byte) 0x9d, (byte) 0x79, (byte) 0x74, 3298 }; 3299 3300 /* 3301 * Taken from BoringSSL test vectors. 3302 */ 3303 private static final byte[] AES_128_GCM_TestVector_1_AAD = new byte[] { 3304 (byte) 0xdd, (byte) 0x10, (byte) 0xe3, (byte) 0x71, (byte) 0xb2, (byte) 0x2e, 3305 (byte) 0x15, (byte) 0x67, (byte) 0x1c, (byte) 0x31, (byte) 0xaf, (byte) 0xee, 3306 (byte) 0x55, (byte) 0x2b, (byte) 0xf1, (byte) 0xde, (byte) 0xa0, (byte) 0x7c, 3307 (byte) 0xbb, (byte) 0xf6, (byte) 0x85, (byte) 0xe2, (byte) 0xca, (byte) 0xa0, 3308 (byte) 0xe0, (byte) 0x36, (byte) 0x37, (byte) 0x16, (byte) 0xa2, (byte) 0x76, 3309 (byte) 0xe1, (byte) 0x20, (byte) 0xc6, (byte) 0xc0, (byte) 0xeb, (byte) 0x4a, 3310 (byte) 0xcb, (byte) 0x1a, (byte) 0x4d, (byte) 0x1b, (byte) 0xa7, (byte) 0x3f, 3311 (byte) 0xde, (byte) 0x66, (byte) 0x15, (byte) 0xf7, (byte) 0x08, (byte) 0xaa, 3312 (byte) 0xa4, (byte) 0x6b, (byte) 0xc7, (byte) 0x6c, (byte) 0x7f, (byte) 0xf3, 3313 (byte) 0x45, (byte) 0xa4, (byte) 0xf7, (byte) 0x6b, (byte) 0xda, (byte) 0x11, 3314 (byte) 0x7f, (byte) 0xe5, (byte) 0x6f, (byte) 0x0d, (byte) 0xc9, (byte) 0xb9, 3315 (byte) 0x39, (byte) 0x04, (byte) 0x0d, (byte) 0xdd, 3316 }; 3317 3318 /* 3319 * Taken from BoringSSL test vectors. 3320 */ 3321 private static final byte[] AES_128_GCM_TestVector_1_Plaintext = new byte[] { 3322 (byte) 0x88, (byte) 0xcc, (byte) 0x1e, (byte) 0x07, (byte) 0xdf, (byte) 0xde, 3323 (byte) 0x8e, (byte) 0x08, (byte) 0x08, (byte) 0x2e, (byte) 0x67, (byte) 0x66, 3324 (byte) 0xe0, (byte) 0xa8, (byte) 0x81, (byte) 0x03, (byte) 0x38, (byte) 0x47, 3325 (byte) 0x42, (byte) 0xaf, (byte) 0x37, (byte) 0x8d, (byte) 0x7b, (byte) 0x6b, 3326 (byte) 0x8a, (byte) 0x87, (byte) 0xfc, (byte) 0xe0, (byte) 0x36, (byte) 0xaf, 3327 (byte) 0x74, (byte) 0x41, (byte) 0xc1, (byte) 0x39, (byte) 0x61, (byte) 0xc2, 3328 (byte) 0x5a, (byte) 0xfe, (byte) 0xa7, (byte) 0xf6, (byte) 0xe5, (byte) 0x61, 3329 (byte) 0x93, (byte) 0xf5, (byte) 0x4b, (byte) 0xee, (byte) 0x00, (byte) 0x11, 3330 (byte) 0xcb, (byte) 0x78, (byte) 0x64, (byte) 0x2c, (byte) 0x3a, (byte) 0xb9, 3331 (byte) 0xe6, (byte) 0xd5, (byte) 0xb2, (byte) 0xe3, (byte) 0x58, (byte) 0x33, 3332 (byte) 0xec, (byte) 0x16, (byte) 0xcd, (byte) 0x35, (byte) 0x55, (byte) 0x15, 3333 (byte) 0xaf, (byte) 0x1a, (byte) 0x19, (byte) 0x0f, 3334 }; 3335 3336 /* 3337 * Taken from BoringSSL test vectors. 3338 */ 3339 private static final byte[] AES_128_GCM_TestVector_1_Encrypted = new byte[] { 3340 (byte) 0x04, (byte) 0x94, (byte) 0x53, (byte) 0xba, (byte) 0xf1, (byte) 0x57, 3341 (byte) 0x87, (byte) 0x87, (byte) 0xd6, (byte) 0x8e, (byte) 0xd5, (byte) 0x47, 3342 (byte) 0x87, (byte) 0x26, (byte) 0xc0, (byte) 0xb8, (byte) 0xa6, (byte) 0x36, 3343 (byte) 0x33, (byte) 0x7a, (byte) 0x0b, (byte) 0x8a, (byte) 0x82, (byte) 0xb8, 3344 (byte) 0x68, (byte) 0x36, (byte) 0xf9, (byte) 0x1c, (byte) 0xde, (byte) 0x25, 3345 (byte) 0xe6, (byte) 0xe4, (byte) 0x4c, (byte) 0x34, (byte) 0x59, (byte) 0x40, 3346 (byte) 0xe8, (byte) 0x19, (byte) 0xa0, (byte) 0xc5, (byte) 0x05, (byte) 0x75, 3347 (byte) 0x1e, (byte) 0x60, (byte) 0x3c, (byte) 0xb8, (byte) 0xf8, (byte) 0xc4, 3348 (byte) 0xfe, (byte) 0x98, (byte) 0x71, (byte) 0x91, (byte) 0x85, (byte) 0x56, 3349 (byte) 0x27, (byte) 0x94, (byte) 0xa1, (byte) 0x85, (byte) 0xe5, (byte) 0xde, 3350 (byte) 0xc4, (byte) 0x15, (byte) 0xc8, (byte) 0x1f, (byte) 0x2f, (byte) 0x16, 3351 (byte) 0x2c, (byte) 0xdc, (byte) 0xd6, (byte) 0x50, (byte) 0xdc, (byte) 0xe7, 3352 (byte) 0x19, (byte) 0x87, (byte) 0x28, (byte) 0xbf, (byte) 0xc1, (byte) 0xb5, 3353 (byte) 0xf9, (byte) 0x49, (byte) 0xb9, (byte) 0xb5, (byte) 0x37, (byte) 0x41, 3354 (byte) 0x99, (byte) 0xc6, 3355 }; 3356 3357 /* 3358 * Test key generation: 3359 * openssl rand -hex 16 3360 * echo '787bdeecf05556eac5d3d865e435f6d9' | sed 's/\(..\)/(byte) 0x\1, /g' 3361 */ 3362 private static final byte[] AES_192_CTR_NoPadding_TestVector_1_IV = new byte[] { 3363 (byte) 0x78, (byte) 0x7b, (byte) 0xde, (byte) 0xec, (byte) 0xf0, (byte) 0x55, 3364 (byte) 0x56, (byte) 0xea, (byte) 0xc5, (byte) 0xd3, (byte) 0xd8, (byte) 0x65, 3365 (byte) 0xe4, (byte) 0x35, (byte) 0xf6, (byte) 0xd9, 3366 3367 }; 3368 3369 /* 3370 * Test vector generation: 3371 * echo -n 'AES-192 is a silly option' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3372 */ 3373 private static final byte[] AES_192_CTR_NoPadding_TestVector_1_Plaintext = new byte[] { 3374 (byte) 0x41, (byte) 0x45, (byte) 0x53, (byte) 0x2D, (byte) 0x31, (byte) 0x39, 3375 (byte) 0x32, (byte) 0x20, (byte) 0x69, (byte) 0x73, (byte) 0x20, (byte) 0x61, 3376 (byte) 0x20, (byte) 0x73, (byte) 0x69, (byte) 0x6C, (byte) 0x6C, (byte) 0x79, 3377 (byte) 0x20, (byte) 0x6F, (byte) 0x70, (byte) 0x74, (byte) 0x69, (byte) 0x6F, 3378 (byte) 0x6E 3379 }; 3380 3381 /* 3382 * Test vector generation: 3383 * echo -n 'AES-192 is a silly option' | openssl enc -aes-192-ctr -K 5a7a3d7e40b64ed996f7afa15f97fd595e27db6af428e342 -iv 787bdeecf05556eac5d3d865e435f6d9 | recode ../x1 | sed 's/0x/(byte) 0x/g' 3384 */ 3385 private static final byte[] AES_192_CTR_NoPadding_TestVector_1_Ciphertext = new byte[] { 3386 (byte) 0xE9, (byte) 0xC6, (byte) 0xA0, (byte) 0x40, (byte) 0xC2, (byte) 0x6A, 3387 (byte) 0xB5, (byte) 0x20, (byte) 0xFE, (byte) 0x9E, (byte) 0x65, (byte) 0xB7, 3388 (byte) 0x7C, (byte) 0x5E, (byte) 0xFE, (byte) 0x1F, (byte) 0xF1, (byte) 0x6F, 3389 (byte) 0x20, (byte) 0xAC, (byte) 0x37, (byte) 0xE9, (byte) 0x75, (byte) 0xE3, 3390 (byte) 0x52 3391 }; 3392 3393 /* 3394 * Test key generation: openssl rand -hex 16 echo 3395 * 'ceaa31952dfd3d0f5af4b2042ba06094' | sed 's/\(..\)/(byte) 0x\1, /g' 3396 */ 3397 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_IV = new byte[] { 3398 (byte) 0xce, (byte) 0xaa, (byte) 0x31, (byte) 0x95, (byte) 0x2d, (byte) 0xfd, 3399 (byte) 0x3d, (byte) 0x0f, (byte) 0x5a, (byte) 0xf4, (byte) 0xb2, (byte) 0x04, 3400 (byte) 0x2b, (byte) 0xa0, (byte) 0x60, (byte) 0x94, 3401 }; 3402 3403 /* 3404 * Test vector generation: 3405 * echo -n 'I only regret that I have but one test to write.' | recode ../x1 | sed 's/0x/(byte) 0x/g' 3406 */ 3407 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext = new byte[] { 3408 (byte) 0x49, (byte) 0x20, (byte) 0x6F, (byte) 0x6E, (byte) 0x6C, (byte) 0x79, 3409 (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x67, (byte) 0x72, (byte) 0x65, 3410 (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x61, (byte) 0x74, 3411 (byte) 0x20, (byte) 0x49, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x76, 3412 (byte) 0x65, (byte) 0x20, (byte) 0x62, (byte) 0x75, (byte) 0x74, (byte) 0x20, 3413 (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x65, 3414 (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x6F, (byte) 0x20, 3415 (byte) 0x77, (byte) 0x72, (byte) 0x69, (byte) 0x74, (byte) 0x65, (byte) 0x2E 3416 }; 3417 3418 /* 3419 * Test vector generation: 3420 * echo -n 'I only regret that I have but one test to write.' | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 -d -nopad | recode ../x1 | sed 's/0x/(byte) 0x/g' 3421 */ 3422 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded = new byte[] { 3423 (byte) 0x49, (byte) 0x20, (byte) 0x6F, (byte) 0x6E, (byte) 0x6C, (byte) 0x79, 3424 (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x67, (byte) 0x72, (byte) 0x65, 3425 (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x61, (byte) 0x74, 3426 (byte) 0x20, (byte) 0x49, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x76, 3427 (byte) 0x65, (byte) 0x20, (byte) 0x62, (byte) 0x75, (byte) 0x74, (byte) 0x20, 3428 (byte) 0x6F, (byte) 0x6E, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x65, 3429 (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x74, (byte) 0x6F, (byte) 0x20, 3430 (byte) 0x77, (byte) 0x72, (byte) 0x69, (byte) 0x74, (byte) 0x65, (byte) 0x2E, 3431 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, 3432 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10, 3433 (byte) 0x10, (byte) 0x10, (byte) 0x10, (byte) 0x10 3434 }; 3435 3436 /* 3437 * Test vector generation: 3438 * echo -n 'I only regret that I have but one test to write.' | openssl enc -aes-256-cbc -K ec53c6d51d2c4973585fb0b8e51cd2e39915ff07a1837872715d6121bf861935 -iv ceaa31952dfd3d0f5af4b2042ba06094 | recode ../x1 | sed 's/0x/(byte) 0x/g' 3439 */ 3440 private static final byte[] AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext = new byte[] { 3441 (byte) 0x90, (byte) 0x65, (byte) 0xDD, (byte) 0xAF, (byte) 0x7A, (byte) 0xCE, 3442 (byte) 0xAE, (byte) 0xBF, (byte) 0xE8, (byte) 0xF6, (byte) 0x9E, (byte) 0xDB, 3443 (byte) 0xEA, (byte) 0x65, (byte) 0x28, (byte) 0xC4, (byte) 0x9A, (byte) 0x28, 3444 (byte) 0xEA, (byte) 0xA3, (byte) 0x95, (byte) 0x2E, (byte) 0xFF, (byte) 0xF1, 3445 (byte) 0xA0, (byte) 0xCA, (byte) 0xC2, (byte) 0xA4, (byte) 0x65, (byte) 0xCD, 3446 (byte) 0xBF, (byte) 0xCE, (byte) 0x9E, (byte) 0xF1, (byte) 0x57, (byte) 0xF6, 3447 (byte) 0x32, (byte) 0x2E, (byte) 0x8F, (byte) 0x93, (byte) 0x2E, (byte) 0xAE, 3448 (byte) 0x41, (byte) 0x33, (byte) 0x54, (byte) 0xD0, (byte) 0xEF, (byte) 0x8C, 3449 (byte) 0x52, (byte) 0x14, (byte) 0xAC, (byte) 0x2D, (byte) 0xD5, (byte) 0xA4, 3450 (byte) 0xF9, (byte) 0x20, (byte) 0x77, (byte) 0x25, (byte) 0x91, (byte) 0x3F, 3451 (byte) 0xD1, (byte) 0xB9, (byte) 0x00, (byte) 0x3E 3452 }; 3453 3454 private static class CipherTestParam { 3455 public final String transformation; 3456 3457 public final AlgorithmParameterSpec spec; 3458 3459 public final Key encryptKey; 3460 3461 public final Key decryptKey; 3462 3463 public final byte[] aad; 3464 3465 public final byte[] plaintext; 3466 3467 public final byte[] ciphertext; 3468 3469 public final byte[] plaintextPadded; 3470 3471 public final boolean isStreamCipher; 3472 CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key encryptKey, Key decryptKey, byte[] aad, byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext, boolean isStreamCipher)3473 public CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key encryptKey, 3474 Key decryptKey, byte[] aad, byte[] plaintext, byte[] plaintextPadded, 3475 byte[] ciphertext, boolean isStreamCipher) { 3476 this.transformation = transformation.toUpperCase(Locale.ROOT); 3477 this.spec = spec; 3478 this.encryptKey = encryptKey; 3479 this.decryptKey = decryptKey; 3480 this.aad = aad; 3481 this.plaintext = plaintext; 3482 this.plaintextPadded = plaintextPadded; 3483 this.ciphertext = ciphertext; 3484 this.isStreamCipher = isStreamCipher; 3485 } 3486 CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key key, byte[] aad, byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext, boolean isStreamCipher)3487 public CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key key, 3488 byte[] aad, byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext, 3489 boolean isStreamCipher) { 3490 this(transformation, spec, key, key, aad, plaintext, plaintextPadded, ciphertext, 3491 isStreamCipher); 3492 } 3493 CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key key, byte[] aad, byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext)3494 public CipherTestParam(String transformation, AlgorithmParameterSpec spec, Key key, 3495 byte[] aad, byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext) { 3496 this(transformation, spec, key, aad, plaintext, plaintextPadded, ciphertext, 3497 false /* isStreamCipher */); 3498 } 3499 compatibleWith(String provider)3500 public boolean compatibleWith(String provider) { 3501 // SunJCE doesn't support PKCS7Padding 3502 if (provider.equals("SunJCE") && transformation.endsWith("/PKCS7PADDING")) { 3503 return false; 3504 } 3505 if (provider.equals("BC")) { 3506 return isSupportedByBC(transformation); 3507 } 3508 return true; 3509 } 3510 } 3511 3512 private static class OAEPCipherTestParam extends CipherTestParam { OAEPCipherTestParam(String transformation, OAEPParameterSpec spec, PublicKey encryptKey, PrivateKey decryptKey, byte[] plaintext, byte[] ciphertext)3513 public OAEPCipherTestParam(String transformation, OAEPParameterSpec spec, 3514 PublicKey encryptKey, PrivateKey decryptKey, byte[] plaintext, byte[] ciphertext) { 3515 super(transformation, spec, encryptKey, decryptKey, null, plaintext, plaintext, ciphertext, 3516 false); 3517 } 3518 3519 @Override compatibleWith(String provider)3520 public boolean compatibleWith(String provider) { 3521 // OAEP transformations have two digests, the "main" digest and the MGF-1 digest. 3522 // BC and Conscrypt set the MGF-1 digest to the same as the main digest when it's 3523 // not specified, whereas Sun's provider sets it to SHA-1. Thus, the results from 3524 // the different providers won't match when there isn't an explicit MGF-1 digest set 3525 // and the main digest isn't SHA-1. See b/22405492. 3526 if (provider.equals("SunJCE") 3527 && (spec == null) 3528 && !transformation.toUpperCase(Locale.US).equals("RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING")) { 3529 return false; 3530 } 3531 return true; 3532 } 3533 } 3534 3535 private static List<CipherTestParam> DES_CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 3536 static { DES_CIPHER_TEST_PARAMS.add(new CipherTestParam( "DESede/CBC/PKCS5Padding", new IvParameterSpec(DES_IV1), DES_112_KEY, null, DES_Plaintext1, DES_Plaintext1_PKCS5_Padded, DES_Plaintext1_Encrypted_With_DES_112_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 ) { @Override public boolean compatibleWith(String provider) { return !provider.equals("SunJCE"); } })3537 DES_CIPHER_TEST_PARAMS.add(new CipherTestParam( 3538 "DESede/CBC/PKCS5Padding", 3539 new IvParameterSpec(DES_IV1), 3540 DES_112_KEY, 3541 null, 3542 DES_Plaintext1, 3543 DES_Plaintext1_PKCS5_Padded, 3544 DES_Plaintext1_Encrypted_With_DES_112_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 3545 ) { 3546 @Override 3547 public boolean compatibleWith(String provider) { 3548 // SunJCE doesn't support extending 112-bit keys to 168-bit keys 3549 return !provider.equals("SunJCE"); 3550 } 3551 }); DES_CIPHER_TEST_PARAMS.add(new CipherTestParam( "DESede/CBC/PKCS5Padding", new IvParameterSpec(DES_IV1), DES_168_KEY, null, DES_Plaintext1, DES_Plaintext1_PKCS5_Padded, DES_Plaintext1_Encrypted_With_DES_168_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 ))3552 DES_CIPHER_TEST_PARAMS.add(new CipherTestParam( 3553 "DESede/CBC/PKCS5Padding", 3554 new IvParameterSpec(DES_IV1), 3555 DES_168_KEY, 3556 null, 3557 DES_Plaintext1, 3558 DES_Plaintext1_PKCS5_Padded, 3559 DES_Plaintext1_Encrypted_With_DES_168_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 3560 )); 3561 } 3562 3563 private static List<CipherTestParam> ARC4_CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 3564 static { ARC4_CIPHER_TEST_PARAMS.add(new CipherTestParam( "ARC4", null, ARC4_40BIT_KEY, null, ARC4_Plaintext1, null, ARC4_Plaintext1_Encrypted_With_ARC4_40Bit_Key, true ))3565 ARC4_CIPHER_TEST_PARAMS.add(new CipherTestParam( 3566 "ARC4", 3567 null, 3568 ARC4_40BIT_KEY, 3569 null, // aad 3570 ARC4_Plaintext1, 3571 null, // padded 3572 ARC4_Plaintext1_Encrypted_With_ARC4_40Bit_Key, 3573 true /*isStreamCipher */ 3574 )); ARC4_CIPHER_TEST_PARAMS.add(new CipherTestParam( "ARC4", null, ARC4_128BIT_KEY, null, ARC4_Plaintext1, null, ARC4_Plaintext1_Encrypted_With_ARC4_128Bit_Key, true ))3575 ARC4_CIPHER_TEST_PARAMS.add(new CipherTestParam( 3576 "ARC4", 3577 null, 3578 ARC4_128BIT_KEY, 3579 null, // aad 3580 ARC4_Plaintext1, 3581 null, // padded 3582 ARC4_Plaintext1_Encrypted_With_ARC4_128Bit_Key, 3583 true /*isStreamCipher */ 3584 )); 3585 } 3586 3587 private static List<CipherTestParam> CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 3588 static { CIPHER_TEST_PARAMS.add(new CipherTestParam( "AES/ECB/PKCS5Padding", null, AES_128_KEY, null, AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext, AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted))3589 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3590 "AES/ECB/PKCS5Padding", 3591 null, 3592 AES_128_KEY, 3593 null, 3594 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext, 3595 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, 3596 AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted)); 3597 // PKCS#5 is assumed to be equivalent to PKCS#7 -- same test vectors are thus used for both. CIPHER_TEST_PARAMS.add(new CipherTestParam( "AES/ECB/PKCS7Padding", null, AES_128_KEY, null, AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext, AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted))3598 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3599 "AES/ECB/PKCS7Padding", 3600 null, 3601 AES_128_KEY, 3602 null, 3603 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext, 3604 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, 3605 AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted)); CIPHER_TEST_PARAMS.add(new CipherTestParam( "AES/GCM/NOPADDING", new GCMParameterSpec( (AES_128_GCM_TestVector_1_Encrypted.length - AES_128_GCM_TestVector_1_Plaintext.length) * 8, AES_128_GCM_TestVector_1_IV), AES_128_GCM_TestVector_1_Key, AES_128_GCM_TestVector_1_AAD, AES_128_GCM_TestVector_1_Plaintext, AES_128_GCM_TestVector_1_Plaintext, AES_128_GCM_TestVector_1_Encrypted))3606 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3607 "AES/GCM/NOPADDING", 3608 new GCMParameterSpec( 3609 (AES_128_GCM_TestVector_1_Encrypted.length - 3610 AES_128_GCM_TestVector_1_Plaintext.length) * 8, 3611 AES_128_GCM_TestVector_1_IV), 3612 AES_128_GCM_TestVector_1_Key, 3613 AES_128_GCM_TestVector_1_AAD, 3614 AES_128_GCM_TestVector_1_Plaintext, 3615 AES_128_GCM_TestVector_1_Plaintext, 3616 AES_128_GCM_TestVector_1_Encrypted)); 3617 if (IS_UNLIMITED) { CIPHER_TEST_PARAMS.add(new CipherTestParam( "AES/CTR/NoPadding", new IvParameterSpec(AES_192_CTR_NoPadding_TestVector_1_IV), AES_192_KEY, null, AES_192_CTR_NoPadding_TestVector_1_Plaintext, AES_192_CTR_NoPadding_TestVector_1_Plaintext, AES_192_CTR_NoPadding_TestVector_1_Ciphertext))3618 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3619 "AES/CTR/NoPadding", 3620 new IvParameterSpec(AES_192_CTR_NoPadding_TestVector_1_IV), 3621 AES_192_KEY, 3622 null, 3623 AES_192_CTR_NoPadding_TestVector_1_Plaintext, 3624 AES_192_CTR_NoPadding_TestVector_1_Plaintext, 3625 AES_192_CTR_NoPadding_TestVector_1_Ciphertext)); CIPHER_TEST_PARAMS.add(new CipherTestParam( "AES/CBC/PKCS5Padding", new IvParameterSpec(AES_256_CBC_PKCS5Padding_TestVector_1_IV), AES_256_KEY, null, AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext, AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded, AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext))3626 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3627 "AES/CBC/PKCS5Padding", 3628 new IvParameterSpec(AES_256_CBC_PKCS5Padding_TestVector_1_IV), 3629 AES_256_KEY, 3630 null, 3631 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext, 3632 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded, 3633 AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext)); CIPHER_TEST_PARAMS.add(new CipherTestParam( "AES/CBC/PKCS7Padding", new IvParameterSpec(AES_256_CBC_PKCS5Padding_TestVector_1_IV), AES_256_KEY, null, AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext, AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded, AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext))3634 CIPHER_TEST_PARAMS.add(new CipherTestParam( 3635 "AES/CBC/PKCS7Padding", 3636 new IvParameterSpec(AES_256_CBC_PKCS5Padding_TestVector_1_IV), 3637 AES_256_KEY, 3638 null, 3639 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext, 3640 AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded, 3641 AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext)); 3642 } 3643 } 3644 3645 private static final List<CipherTestParam> RSA_OAEP_CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>(); 3646 static { 3647 addRsaOaepTest("SHA-1", MGF1ParameterSpec.SHA1, RSA_Vector2_OAEP_SHA1_MGF1_SHA1); 3648 addRsaOaepTest("SHA-256", MGF1ParameterSpec.SHA1, RSA_Vector2_OAEP_SHA256_MGF1_SHA1); 3649 addRsaOaepTest("SHA-224", MGF1ParameterSpec.SHA224, RSA_Vector2_OAEP_SHA224_MGF1_SHA224); 3650 addRsaOaepTest("SHA-256", MGF1ParameterSpec.SHA256, RSA_Vector2_OAEP_SHA256_MGF1_SHA256); 3651 addRsaOaepTest("SHA-384", MGF1ParameterSpec.SHA384, RSA_Vector2_OAEP_SHA384_MGF1_SHA384); 3652 addRsaOaepTest("SHA-512", MGF1ParameterSpec.SHA512, RSA_Vector2_OAEP_SHA512_MGF1_SHA512); 3653 addRsaOaepTest("SHA-256", MGF1ParameterSpec.SHA1, RSA_Vector2_OAEP_SHA256_MGF1_SHA1_LABEL, 3654 new byte[] { 0x01, 0x02, 0x03, (byte) 0xFF, (byte) 0xA0, 0x0A }); 3655 addRsaOaepTest("SHA-512", MGF1ParameterSpec.SHA512, RSA_Vector2_OAEP_SHA512_MGF1_SHA512_LABEL, 3656 new byte[] { 0x01, 0x02, 0x03, (byte) 0xFF, (byte) 0xA0, 0x0A }); 3657 } 3658 addRsaOaepTest(String digest, MGF1ParameterSpec mgf1Spec, byte[] vector)3659 private static void addRsaOaepTest(String digest, MGF1ParameterSpec mgf1Spec, byte[] vector) { 3660 addRsaOaepTest(digest, mgf1Spec, vector, null); 3661 } 3662 addRsaOaepTest(String digest, MGF1ParameterSpec mgf1Spec, byte[] vector, byte[] label)3663 private static void addRsaOaepTest(String digest, MGF1ParameterSpec mgf1Spec, byte[] vector, byte[] label) { 3664 final PSource pSource; 3665 if (label == null) { 3666 pSource = PSource.PSpecified.DEFAULT; 3667 } else { 3668 pSource = new PSource.PSpecified(label); 3669 } 3670 3671 if (mgf1Spec.getDigestAlgorithm().equals(digest) && label == null) { 3672 RSA_OAEP_CIPHER_TEST_PARAMS.add(new OAEPCipherTestParam( 3673 "RSA/ECB/OAEPWith" + digest + "AndMGF1Padding", 3674 null, 3675 (PublicKey) getEncryptKey("RSA"), 3676 (PrivateKey) getDecryptKey("RSA"), 3677 RSA_Vector2_Plaintext, 3678 vector)); 3679 } 3680 3681 RSA_OAEP_CIPHER_TEST_PARAMS.add(new OAEPCipherTestParam( 3682 "RSA/ECB/OAEPWith" + digest + "AndMGF1Padding", 3683 new OAEPParameterSpec(digest, "MGF1", mgf1Spec, pSource), 3684 (PublicKey) getEncryptKey("RSA"), 3685 (PrivateKey) getDecryptKey("RSA"), 3686 RSA_Vector2_Plaintext, 3687 vector)); 3688 3689 RSA_OAEP_CIPHER_TEST_PARAMS.add(new OAEPCipherTestParam( 3690 "RSA/ECB/OAEPPadding", 3691 new OAEPParameterSpec(digest, "MGF1", mgf1Spec, pSource), 3692 (PublicKey) getEncryptKey("RSA"), 3693 (PrivateKey) getDecryptKey("RSA"), 3694 RSA_Vector2_Plaintext, 3695 vector)); 3696 } 3697 3698 @Test testCipher_Success()3699 public void testCipher_Success() throws Exception { 3700 for (String provider : AES_PROVIDERS) { 3701 testCipher_Success(provider); 3702 } 3703 3704 testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( 3705 DES_CIPHER_TEST_PARAMS); 3706 testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( 3707 ARC4_CIPHER_TEST_PARAMS); 3708 testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( 3709 RSA_OAEP_CIPHER_TEST_PARAMS); 3710 } 3711 3712 /** 3713 * For each test vector in the list, tests that the transformation is supported by at least one 3714 * provider and that all implementations of the transformation pass the Known Answer Test (KAT) 3715 * as well as other functional tests. 3716 */ testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( List<CipherTestParam> testVectors)3717 private void testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired( 3718 List<CipherTestParam> testVectors) throws Exception { 3719 ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 3720 PrintStream out = new PrintStream(errBuffer); 3721 for (CipherTestParam testVector : testVectors) { 3722 ArrayList<Provider> providers = new ArrayList<Provider>(); 3723 3724 Provider[] providerArray = Security.getProviders("Cipher." + testVector.transformation); 3725 if (providerArray != null) { 3726 Collections.addAll(providers, providerArray); 3727 } 3728 3729 if (testVector.transformation.indexOf('/') > 0) { 3730 Provider[] baseTransformProviderArray = Security.getProviders("Cipher." 3731 + testVector.transformation.substring( 3732 0, testVector.transformation.indexOf('/'))); 3733 if (baseTransformProviderArray != null) { 3734 Collections.addAll(providers, baseTransformProviderArray); 3735 } 3736 } 3737 3738 if (providers.isEmpty()) { 3739 out.append("No providers offer " + testVector.transformation + "\n"); 3740 continue; 3741 } 3742 3743 for (Provider provider : providers) { 3744 // Do not test AndroidKeyStore's Signature. It needs an AndroidKeyStore-specific key. 3745 // It's OKish not to test AndroidKeyStore's Signature here because it's tested 3746 // by cts/tests/test/keystore. 3747 if (provider.getName().startsWith("AndroidKeyStore")) { 3748 continue; 3749 } 3750 3751 // SunMSCAPI seems to have different opinion on what RSA should do compared to other 3752 // providers. As such it fails many tests, so we will skip it for now. 3753 if (provider.getName().equals("SunMSCAPI") 3754 && testVector.transformation.startsWith("RSA")) { 3755 continue; 3756 } 3757 3758 try { 3759 checkCipher(testVector, provider.getName()); 3760 } catch (Throwable e) { 3761 logTestFailure(out, provider.getName(), testVector, e); 3762 } 3763 } 3764 } 3765 out.flush(); 3766 if (errBuffer.size() > 0) { 3767 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 3768 } 3769 } 3770 testCipher_Success(String provider)3771 private void testCipher_Success(String provider) throws Exception { 3772 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 3773 PrintStream out = new PrintStream(errBuffer); 3774 for (CipherTestParam p : CIPHER_TEST_PARAMS) { 3775 try { 3776 checkCipher(p, provider); 3777 } catch (Throwable e) { 3778 logTestFailure(out, provider, p, e); 3779 } 3780 } 3781 out.flush(); 3782 if (errBuffer.size() > 0) { 3783 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 3784 } 3785 } 3786 logTestFailure(PrintStream logStream, String provider, CipherTestParam params, Throwable e)3787 private void logTestFailure(PrintStream logStream, String provider, CipherTestParam params, 3788 Throwable e) { 3789 logStream.append("Error encountered checking " + params.transformation); 3790 3791 if (params.encryptKey instanceof SecretKey) { 3792 logStream.append(", keySize=" + (params.encryptKey.getEncoded().length * 8)); 3793 } 3794 3795 if (params.spec instanceof OAEPParameterSpec) { 3796 OAEPParameterSpec oaepSpec = (OAEPParameterSpec) params.spec; 3797 logStream.append(", OAEPSpec{digest=" + oaepSpec.getDigestAlgorithm() + ", mgfAlg=" 3798 + oaepSpec.getMGFAlgorithm()); 3799 if (oaepSpec.getMGFParameters() instanceof MGF1ParameterSpec) { 3800 MGF1ParameterSpec mgf1Spec = (MGF1ParameterSpec) oaepSpec.getMGFParameters(); 3801 logStream.append(", mgf1Hash=" + mgf1Spec.getDigestAlgorithm()); 3802 } 3803 logStream.append(", pSource="); 3804 PSource pSource = oaepSpec.getPSource(); 3805 logStream.append(pSource.getAlgorithm()); 3806 if (pSource.getAlgorithm().equals("PSpecified")) { 3807 logStream.append(":{"); 3808 logStream.append(Arrays.toString(((PSource.PSpecified) pSource).getValue())); 3809 logStream.append('}'); 3810 } 3811 logStream.append('}'); 3812 } 3813 3814 logStream.append(" with provider " + provider + "\n"); 3815 e.printStackTrace(logStream); 3816 } 3817 checkCipher(CipherTestParam p, String provider)3818 private void checkCipher(CipherTestParam p, String provider) throws Exception { 3819 if (!p.compatibleWith(provider)) { 3820 return; 3821 } 3822 Cipher c = Cipher.getInstance(p.transformation, provider); 3823 3824 c.init(Cipher.ENCRYPT_MODE, p.encryptKey, p.spec); 3825 3826 // This doesn't quite work on OAEPPadding unless it's the default case, 3827 // because its size depends on the message digest algorithms used. 3828 if (!p.transformation.endsWith("OAEPPADDING")) { 3829 assertEquals(p.transformation + " getBlockSize() ENCRYPT_MODE", 3830 getExpectedBlockSize(p.transformation, Cipher.ENCRYPT_MODE, provider), 3831 c.getBlockSize()); 3832 } 3833 assertTrue(p.transformation + " getOutputSize(0) ENCRYPT_MODE", 3834 getExpectedOutputSize(p.transformation, Cipher.ENCRYPT_MODE, provider) <= c 3835 .getOutputSize(0)); 3836 3837 if (p.aad != null) { 3838 c.updateAAD(p.aad); 3839 } 3840 final byte[] actualCiphertext = c.doFinal(p.plaintext); 3841 if (!isRandomizedEncryption(p.transformation)) { 3842 assertEquals(p.transformation + " " + provider, Arrays.toString(p.ciphertext), 3843 Arrays.toString(actualCiphertext)); 3844 } 3845 3846 c = Cipher.getInstance(p.transformation, provider); 3847 c.init(Cipher.ENCRYPT_MODE, p.encryptKey, p.spec); 3848 if (!(p instanceof OAEPCipherTestParam) || p.spec != null) { 3849 assertCorrectAlgorithmParameters(provider, p.transformation, p.spec, c.getParameters()); 3850 } 3851 3852 byte[] emptyCipherText = c.doFinal(); 3853 assertNotNull(emptyCipherText); 3854 3855 c.init(Cipher.DECRYPT_MODE, p.decryptKey, p.spec); 3856 3857 assertEquals(p.transformation + " getBlockSize() DECRYPT_MODE", 3858 getExpectedBlockSize(p.transformation, Cipher.DECRYPT_MODE, provider), 3859 c.getBlockSize()); 3860 3861 // This doesn't quite work on OAEPPadding unless it's the default case, 3862 // because its size depends on the message digest algorithms used. 3863 if (!p.transformation.endsWith("OAEPPADDING")) { 3864 assertTrue(p.transformation + " getOutputSize(0) DECRYPT_MODE", 3865 getExpectedOutputSize(p.transformation, Cipher.DECRYPT_MODE, provider) <= c 3866 .getOutputSize(0)); 3867 } 3868 3869 if (!isAEAD(p.transformation)) { 3870 try { 3871 c.updateAAD(new byte[8]); 3872 fail("Cipher should not support AAD"); 3873 } catch (UnsupportedOperationException expected) { 3874 } catch (IllegalStateException expected) { 3875 } 3876 } 3877 3878 try { 3879 byte[] emptyPlainText = c.doFinal(emptyCipherText); 3880 assertEquals(Arrays.toString(new byte[0]), Arrays.toString(emptyPlainText)); 3881 } catch (AEADBadTagException maybe) { 3882 if (!"AndroidOpenSSL".equals(provider) || !isAEAD(p.transformation)) { 3883 throw maybe; 3884 } 3885 } catch (BadPaddingException maybe) { 3886 // BC's OAEP has a bug where it doesn't support decrypt of a zero-length plaintext 3887 if (!("BC".equals(provider) && p.transformation.contains("OAEP"))) { 3888 throw maybe; 3889 } 3890 } 3891 3892 // decrypt an empty ciphertext; not valid for RSA 3893 if (!p.transformation.contains("OAEP")) { 3894 if ((!isAEAD(p.transformation) 3895 && (StandardNames.IS_RI || provider.equals("AndroidOpenSSL") || 3896 (provider.equals("BC") && p.transformation.contains("/CTR/")))) 3897 || p.transformation.equals("ARC4")) { 3898 assertEquals(Arrays.toString(new byte[0]), 3899 Arrays.toString(c.doFinal())); 3900 3901 c.update(new byte[0]); 3902 assertEquals(Arrays.toString(new byte[0]), 3903 Arrays.toString(c.doFinal())); 3904 } else if (provider.equals("BC") || isAEAD(p.transformation)) { 3905 try { 3906 c.doFinal(); 3907 fail(p.transformation + " " + provider); 3908 } catch (IllegalBlockSizeException maybe) { 3909 if (isAEAD(p.transformation)) { 3910 throw maybe; 3911 } 3912 } catch (AEADBadTagException maybe) { 3913 if (!isAEAD(p.transformation)) { 3914 throw maybe; 3915 } 3916 } 3917 try { 3918 c.update(new byte[0]); 3919 c.doFinal(); 3920 fail(p.transformation + " " + provider); 3921 } catch (IllegalBlockSizeException maybe) { 3922 if (isAEAD(p.transformation)) { 3923 throw maybe; 3924 } 3925 } catch (AEADBadTagException maybe) { 3926 if (!isAEAD(p.transformation)) { 3927 throw maybe; 3928 } 3929 } 3930 } else { 3931 throw new AssertionError("Define your behavior here for " + provider); 3932 } 3933 } 3934 3935 // Cipher might be in unspecified state from failures above. 3936 c.init(Cipher.DECRYPT_MODE, p.decryptKey, p.spec); 3937 3938 // .doFinal(input) 3939 { 3940 if (p.aad != null) { 3941 c.updateAAD(p.aad); 3942 } 3943 final byte[] actualPlaintext = c.doFinal(p.ciphertext); 3944 assertEquals(Arrays.toString(p.plaintext), Arrays.toString(actualPlaintext)); 3945 } 3946 3947 // .doFinal(input, offset, len, output) 3948 { 3949 final byte[] largerThanCiphertext = new byte[p.ciphertext.length + 5]; 3950 System.arraycopy(p.ciphertext, 0, largerThanCiphertext, 5, p.ciphertext.length); 3951 3952 if (p.aad != null) { 3953 final byte[] largerThanAad = new byte[p.aad.length + 100]; 3954 System.arraycopy(p.aad, 0, largerThanAad, 50, p.aad.length); 3955 assertTrue(p.aad.length > 1); 3956 c.updateAAD(largerThanAad, 50, 1); 3957 c.updateAAD(largerThanAad, 51, p.aad.length - 1); 3958 } 3959 3960 final byte[] actualPlaintext = new byte[c.getOutputSize(p.ciphertext.length)]; 3961 assertEquals(p.plaintext.length, 3962 c.doFinal(largerThanCiphertext, 5, p.ciphertext.length, actualPlaintext)); 3963 assertEquals(Arrays.toString(p.plaintext), 3964 Arrays.toString(Arrays.copyOfRange(actualPlaintext, 0, p.plaintext.length))); 3965 } 3966 3967 // .doFinal(input, offset, len, output, offset) 3968 { 3969 final byte[] largerThanCiphertext = new byte[p.ciphertext.length + 10]; 3970 System.arraycopy(p.ciphertext, 0, largerThanCiphertext, 5, p.ciphertext.length); 3971 3972 if (p.aad != null) { 3973 final byte[] largerThanAad = new byte[p.aad.length + 2]; 3974 System.arraycopy(p.aad, 0, largerThanAad, 2, p.aad.length); 3975 c.updateAAD(largerThanAad, 2, p.aad.length); 3976 } 3977 3978 final byte[] actualPlaintext = new byte[c.getOutputSize(p.ciphertext.length) + 2]; 3979 assertEquals(p.plaintext.length, 3980 c.doFinal(largerThanCiphertext, 5, p.ciphertext.length, actualPlaintext, 1)); 3981 assertEquals(Arrays.toString(p.plaintext), 3982 Arrays.toString(Arrays.copyOfRange(actualPlaintext, 1, p.plaintext.length + 1))); 3983 } 3984 3985 if (!p.isStreamCipher && !p.transformation.endsWith("NOPADDING") 3986 && !isRandomizedEncryption(p.transformation)) { 3987 Cipher cNoPad = Cipher.getInstance( 3988 getCipherTransformationWithNoPadding(p.transformation), provider); 3989 cNoPad.init(Cipher.DECRYPT_MODE, p.decryptKey, p.spec); 3990 3991 if (p.aad != null) { 3992 c.updateAAD(p.aad); 3993 } 3994 final byte[] actualPlaintextPadded = cNoPad.doFinal(p.ciphertext); 3995 assertEquals(provider + ":" + cNoPad.getAlgorithm(), 3996 Arrays.toString(p.plaintextPadded), Arrays.toString(actualPlaintextPadded)); 3997 } 3998 3999 // Test wrapping a key. Every cipher should be able to wrap. 4000 { 4001 // Generate a small SecretKey for AES. 4002 KeyGenerator kg = KeyGenerator.getInstance("AES"); 4003 kg.init(128); 4004 SecretKey sk = kg.generateKey(); 4005 4006 // Wrap it 4007 c = Cipher.getInstance(p.transformation, provider); 4008 c.init(Cipher.WRAP_MODE, p.encryptKey, p.spec); 4009 byte[] cipherText = c.wrap(sk); 4010 4011 // Unwrap it 4012 c.init(Cipher.UNWRAP_MODE, p.decryptKey, p.spec); 4013 Key decryptedKey = c.unwrap(cipherText, sk.getAlgorithm(), Cipher.SECRET_KEY); 4014 4015 assertEquals( 4016 "sk.getAlgorithm()=" + sk.getAlgorithm() + " decryptedKey.getAlgorithm()=" 4017 + decryptedKey.getAlgorithm() + " encryptKey.getEncoded()=" 4018 + Arrays.toString(sk.getEncoded()) + " decryptedKey.getEncoded()=" 4019 + Arrays.toString(decryptedKey.getEncoded()), sk, decryptedKey); 4020 } 4021 } 4022 4023 /** 4024 * Gets the Cipher transformation with the same algorithm and mode as the provided one but 4025 * which uses no padding. 4026 */ getCipherTransformationWithNoPadding(String transformation)4027 private static String getCipherTransformationWithNoPadding(String transformation) { 4028 // The transformation is assumed to be in the Algorithm/Mode/Padding format. 4029 int paddingModeDelimiterIndex = transformation.lastIndexOf('/'); 4030 if (paddingModeDelimiterIndex == -1) { 4031 fail("No padding mode delimiter: " + transformation); 4032 } 4033 String paddingMode = transformation.substring(paddingModeDelimiterIndex + 1); 4034 if (!paddingMode.toLowerCase().endsWith("padding")) { 4035 fail("No padding mode specified:" + transformation); 4036 } 4037 return transformation.substring(0, paddingModeDelimiterIndex) + "/NoPadding"; 4038 } 4039 4040 @Test testCipher_updateAAD_BeforeInit_Failure()4041 public void testCipher_updateAAD_BeforeInit_Failure() throws Exception { 4042 Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 4043 4044 try { 4045 c.updateAAD((byte[]) null); 4046 fail("should not be able to call updateAAD before Cipher is initialized"); 4047 } catch (IllegalArgumentException expected) { 4048 } 4049 4050 try { 4051 c.updateAAD((ByteBuffer) null); 4052 fail("should not be able to call updateAAD before Cipher is initialized"); 4053 } catch (IllegalStateException expected) { 4054 } 4055 4056 try { 4057 c.updateAAD(new byte[8]); 4058 fail("should not be able to call updateAAD before Cipher is initialized"); 4059 } catch (IllegalStateException expected) { 4060 } 4061 4062 try { 4063 c.updateAAD(null, 0, 8); 4064 fail("should not be able to call updateAAD before Cipher is initialized"); 4065 } catch (IllegalStateException expected) { 4066 } 4067 4068 ByteBuffer bb = ByteBuffer.allocate(8); 4069 try { 4070 c.updateAAD(bb); 4071 fail("should not be able to call updateAAD before Cipher is initialized"); 4072 } catch (IllegalStateException expected) { 4073 } 4074 } 4075 4076 @Test testCipher_updateAAD_AfterInit_Failure()4077 public void testCipher_updateAAD_AfterInit_Failure() throws Exception { 4078 Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 4079 c.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(new byte[128 / 8], "AES")); 4080 4081 try { 4082 c.updateAAD((byte[]) null); 4083 fail("should not be able to call updateAAD with null input"); 4084 } catch (IllegalArgumentException expected) { 4085 } 4086 4087 try { 4088 c.updateAAD((ByteBuffer) null); 4089 fail("should not be able to call updateAAD with null input"); 4090 } catch (IllegalArgumentException expected) { 4091 } 4092 4093 try { 4094 c.updateAAD(null, 0, 8); 4095 fail("should not be able to call updateAAD with null input"); 4096 } catch (IllegalArgumentException expected) { 4097 } 4098 4099 try { 4100 c.updateAAD(new byte[8], -1, 7); 4101 fail("should not be able to call updateAAD with invalid offset"); 4102 } catch (IllegalArgumentException expected) { 4103 } 4104 4105 try { 4106 c.updateAAD(new byte[8], 0, -1); 4107 fail("should not be able to call updateAAD with negative length"); 4108 } catch (IllegalArgumentException expected) { 4109 } 4110 4111 try { 4112 c.updateAAD(new byte[8], 0, 8 + 1); 4113 fail("should not be able to call updateAAD with too large length"); 4114 } catch (IllegalArgumentException expected) { 4115 } 4116 4117 try { 4118 c.updateAAD(new byte[8]); 4119 fail("should not be able to call updateAAD on non-AEAD cipher"); 4120 } catch (UnsupportedOperationException expected) { 4121 } catch (IllegalStateException expected) { 4122 } 4123 } 4124 4125 @Test testCipher_ShortBlock_Failure()4126 public void testCipher_ShortBlock_Failure() throws Exception { 4127 for (String provider : AES_PROVIDERS) { 4128 testCipher_ShortBlock_Failure(provider); 4129 } 4130 } 4131 testCipher_ShortBlock_Failure(String provider)4132 private void testCipher_ShortBlock_Failure(String provider) throws Exception { 4133 final ByteArrayOutputStream errBuffer = new ByteArrayOutputStream(); 4134 PrintStream out = new PrintStream(errBuffer); 4135 for (CipherTestParam p : CIPHER_TEST_PARAMS) { 4136 if (!p.compatibleWith(provider)) { 4137 continue; 4138 } 4139 try { 4140 checkCipher_ShortBlock_Failure(p, provider); 4141 } catch (Exception e) { 4142 logTestFailure(out, provider, p, e); 4143 } 4144 } 4145 out.flush(); 4146 if (errBuffer.size() > 0) { 4147 throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n"); 4148 } 4149 } 4150 4151 @Test testCipher_DoFinal_wrapMode_Failure()4152 public void testCipher_DoFinal_wrapMode_Failure() throws Exception { 4153 checkCipher_DoFinal_invalidMode_Failure(Cipher.WRAP_MODE); 4154 } 4155 4156 @Test testCipher_DoFinal_unwrapMode_Failure()4157 public void testCipher_DoFinal_unwrapMode_Failure() throws Exception { 4158 checkCipher_DoFinal_invalidMode_Failure(Cipher.UNWRAP_MODE); 4159 } 4160 4161 /** 4162 * Helper for testing that Cipher.doFinal() throws IllegalStateException when 4163 * initialized in modes other than DECRYPT or ENCRYPT. 4164 */ checkCipher_DoFinal_invalidMode_Failure(int opmode)4165 private static void checkCipher_DoFinal_invalidMode_Failure(int opmode) throws Exception { 4166 String msg = String.format(Locale.US, 4167 "doFinal() should throw IllegalStateException [mode=%d]", opmode); 4168 int bs = createAesCipher(opmode).getBlockSize(); 4169 assertEquals(16, bs); // check test is set up correctly 4170 try { 4171 createAesCipher(opmode).doFinal(); 4172 fail(msg); 4173 } catch (IllegalStateException expected) { 4174 } 4175 4176 try { 4177 createAesCipher(opmode).doFinal(new byte[0]); 4178 fail(msg); 4179 } catch (IllegalStateException expected) { 4180 } 4181 4182 try { 4183 createAesCipher(opmode).doFinal(new byte[2 * bs], 0, bs); 4184 fail(msg); 4185 } catch (IllegalStateException expected) { 4186 } 4187 4188 try { 4189 createAesCipher(opmode).doFinal(new byte[2 * bs], 0, bs, new byte[2 * bs], 0); 4190 fail(msg); 4191 } catch (IllegalStateException expected) { 4192 } 4193 } 4194 4195 @Test testCipher_Update_wrapMode_Failure()4196 public void testCipher_Update_wrapMode_Failure() throws Exception { 4197 checkCipher_Update_invalidMode_Failure(Cipher.WRAP_MODE); 4198 } 4199 4200 @Test testCipher_Update_unwrapMode_Failure()4201 public void testCipher_Update_unwrapMode_Failure() throws Exception { 4202 checkCipher_Update_invalidMode_Failure(Cipher.UNWRAP_MODE); 4203 } 4204 4205 /** 4206 * Helper for testing that Cipher.update() throws IllegalStateException when 4207 * initialized in modes other than DECRYPT or ENCRYPT. 4208 */ checkCipher_Update_invalidMode_Failure(final int opmode)4209 private static void checkCipher_Update_invalidMode_Failure(final int opmode) throws Exception { 4210 String msg = "update() should throw IllegalStateException [mode=" + opmode + "]"; 4211 final int bs = createAesCipher(opmode).getBlockSize(); 4212 assertEquals(16, bs); // check test is set up correctly 4213 assertIllegalStateException(msg, new Runnable() { 4214 @Override 4215 public void run() { 4216 createAesCipher(opmode).update(new byte[0]); 4217 } 4218 }); 4219 assertIllegalStateException(msg, new Runnable() { 4220 @Override 4221 public void run() { 4222 createAesCipher(opmode).update(new byte[2 * bs]); 4223 } 4224 }); 4225 assertIllegalStateException(msg, new Runnable() { 4226 @Override 4227 public void run() { 4228 createAesCipher(opmode).update( 4229 new byte[2 * bs] /* input */, bs /* inputOffset */, 0 /* inputLen */); 4230 } 4231 }); 4232 try { 4233 createAesCipher(opmode).update(new byte[2*bs] /* input */, 0 /* inputOffset */, 4234 2 * bs /* inputLen */, new byte[2 * bs] /* output */, 0 /* outputOffset */); 4235 fail(msg); 4236 } catch (IllegalStateException expected) { 4237 } 4238 } 4239 4240 @Test testCipher_Update_WithZeroLengthInput_ReturnsNull()4241 public void testCipher_Update_WithZeroLengthInput_ReturnsNull() throws Exception { 4242 Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 4243 c.init(Cipher.ENCRYPT_MODE, AES_128_KEY); 4244 assertNull(c.update(new byte[0])); 4245 assertNull(c.update(new byte[c.getBlockSize() * 2], 0, 0)); 4246 4247 // Try with non-zero offset just in case the implementation mixes up offset and inputLen 4248 assertNull(c.update(new byte[c.getBlockSize() * 2], 16, 0)); 4249 } 4250 4251 @Test testCipher_Wrap_decryptMode_Failure()4252 public void testCipher_Wrap_decryptMode_Failure() throws Exception { 4253 checkCipher_Wrap_invalidMode_Failure(Cipher.DECRYPT_MODE); 4254 } 4255 4256 @Test testCipher_Wrap_encryptMode_Failure()4257 public void testCipher_Wrap_encryptMode_Failure() throws Exception { 4258 checkCipher_Wrap_invalidMode_Failure(Cipher.ENCRYPT_MODE); 4259 } 4260 4261 @Test testCipher_Wrap_unwrapMode_Failure()4262 public void testCipher_Wrap_unwrapMode_Failure() throws Exception { 4263 checkCipher_Wrap_invalidMode_Failure(Cipher.UNWRAP_MODE); 4264 } 4265 4266 /** 4267 * Helper for testing that Cipher.wrap() throws IllegalStateException when 4268 * initialized in modes other than WRAP. 4269 */ checkCipher_Wrap_invalidMode_Failure(int opmode)4270 private static void checkCipher_Wrap_invalidMode_Failure(int opmode) throws Exception { 4271 KeyGenerator kg = KeyGenerator.getInstance("AES"); 4272 kg.init(128); 4273 SecretKey key = kg.generateKey(); 4274 Cipher cipher = createAesCipher(opmode); 4275 try { 4276 cipher.wrap(key); 4277 fail("wrap() should throw IllegalStateException [mode=" + opmode + "]"); 4278 } catch (IllegalStateException expected) { 4279 } 4280 } 4281 4282 @Test testCipher_Unwrap_decryptMode_Failure()4283 public void testCipher_Unwrap_decryptMode_Failure() throws Exception { 4284 checkCipher_Unwrap_invalidMode_Failure(Cipher.DECRYPT_MODE); 4285 } 4286 4287 @Test testCipher_Unwrap_encryptMode_Failure()4288 public void testCipher_Unwrap_encryptMode_Failure() throws Exception { 4289 checkCipher_Unwrap_invalidMode_Failure(Cipher.ENCRYPT_MODE); 4290 } 4291 4292 @Test testCipher_Unwrap_wrapMode_Failure()4293 public void testCipher_Unwrap_wrapMode_Failure() throws Exception { 4294 checkCipher_Unwrap_invalidMode_Failure(Cipher.WRAP_MODE); 4295 } 4296 4297 /** 4298 * Helper for testing that Cipher.unwrap() throws IllegalStateException when 4299 * initialized in modes other than UNWRAP. 4300 */ checkCipher_Unwrap_invalidMode_Failure(int opmode)4301 private static void checkCipher_Unwrap_invalidMode_Failure(int opmode) throws Exception { 4302 KeyGenerator kg = KeyGenerator.getInstance("AES"); 4303 kg.init(128); 4304 SecretKey key = kg.generateKey(); 4305 Cipher cipher = createAesCipher(opmode); 4306 byte[] wrappedKey = createAesCipher(Cipher.WRAP_MODE).wrap(key); 4307 try { 4308 cipher.unwrap(wrappedKey, key.getAlgorithm(), Cipher.PRIVATE_KEY); 4309 fail("unwrap() should throw IllegalStateException [mode=" + opmode + "]"); 4310 } catch (IllegalStateException expected) { 4311 } 4312 } 4313 checkCipher_ShortBlock_Failure(CipherTestParam p, String provider)4314 private void checkCipher_ShortBlock_Failure(CipherTestParam p, String provider) throws Exception { 4315 // Do not try to test ciphers with no padding already. 4316 String noPaddingTransform = getCipherTransformationWithNoPadding(p.transformation); 4317 if (p.transformation.equals(noPaddingTransform)) { 4318 return; 4319 } 4320 4321 Cipher c = Cipher.getInstance( 4322 getCipherTransformationWithNoPadding(p.transformation), provider); 4323 if (c.getBlockSize() == 0) { 4324 return; 4325 } 4326 4327 if (!p.transformation.endsWith("NOPADDING")) { 4328 c.init(Cipher.ENCRYPT_MODE, p.encryptKey); 4329 try { 4330 c.doFinal(new byte[] { 0x01, 0x02, 0x03 }); 4331 fail("Should throw IllegalBlockSizeException on wrong-sized block; transform=" 4332 + p.transformation + " provider=" + provider); 4333 } catch (IllegalBlockSizeException expected) { 4334 } 4335 } 4336 } 4337 4338 @Test testAES_ECB_PKCS5Padding_ShortBuffer_Failure()4339 public void testAES_ECB_PKCS5Padding_ShortBuffer_Failure() throws Exception { 4340 for (String provider : AES_PROVIDERS) { 4341 testAES_ECB_PKCS5Padding_ShortBuffer_Failure(provider); 4342 } 4343 } 4344 testAES_ECB_PKCS5Padding_ShortBuffer_Failure(String provider)4345 private void testAES_ECB_PKCS5Padding_ShortBuffer_Failure(String provider) throws Exception { 4346 Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding", provider); 4347 c.init(Cipher.ENCRYPT_MODE, AES_128_KEY); 4348 4349 final byte[] fragmentOutput = c.update(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext); 4350 if (fragmentOutput != null) { 4351 assertEquals(0, fragmentOutput.length); 4352 } 4353 4354 // Provide null buffer. 4355 { 4356 try { 4357 c.doFinal(null, 0); 4358 fail("Should throw NullPointerException on null output buffer"); 4359 } catch (NullPointerException expected) { 4360 } catch (IllegalArgumentException expected) { 4361 } 4362 } 4363 4364 // Provide short buffer. 4365 { 4366 final byte[] output = new byte[c.getBlockSize() - 1]; 4367 try { 4368 c.doFinal(output, 0); 4369 fail("Should throw ShortBufferException on short output buffer"); 4370 } catch (ShortBufferException expected) { 4371 } 4372 } 4373 4374 // Start 1 byte into output buffer. 4375 { 4376 final byte[] output = new byte[c.getBlockSize()]; 4377 try { 4378 c.doFinal(output, 1); 4379 fail("Should throw ShortBufferException on short output buffer"); 4380 } catch (ShortBufferException expected) { 4381 } 4382 } 4383 4384 // Should keep data for real output buffer 4385 { 4386 final byte[] output = new byte[c.getBlockSize()]; 4387 assertEquals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted.length, c.doFinal(output, 0)); 4388 assertTrue(Arrays.equals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted, output)); 4389 } 4390 } 4391 4392 @Test testAES_ECB_NoPadding_IncrementalUpdate_Success()4393 public void testAES_ECB_NoPadding_IncrementalUpdate_Success() throws Exception { 4394 for (String provider : AES_PROVIDERS) { 4395 testAES_ECB_NoPadding_IncrementalUpdate_Success(provider); 4396 } 4397 } 4398 testAES_ECB_NoPadding_IncrementalUpdate_Success(String provider)4399 private void testAES_ECB_NoPadding_IncrementalUpdate_Success(String provider) throws Exception { 4400 String algorithm = "AES/ECB/NoPadding"; 4401 if (!isSupported(algorithm, provider)) { 4402 return; 4403 } 4404 Cipher c = Cipher.getInstance(algorithm, provider); 4405 assertEquals(provider, c.getProvider().getName()); 4406 c.init(Cipher.ENCRYPT_MODE, AES_128_KEY); 4407 4408 for (int i = 0; i < AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length - 1; i++) { 4409 final byte[] outputFragment = c.update(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, i, 1); 4410 if (outputFragment != null) { 4411 assertEquals(0, outputFragment.length); 4412 } 4413 } 4414 4415 final byte[] output = c.doFinal(AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded, 4416 AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length - 1, 1); 4417 assertNotNull(provider, output); 4418 assertEquals(provider, AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded.length, 4419 output.length); 4420 4421 assertTrue(provider, Arrays.equals(AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted, output)); 4422 } 4423 4424 private static final byte[] AES_IV_ZEROES = new byte[] { 4425 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 4426 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 4427 (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, 4428 }; 4429 4430 @Test testAES_ECB_NoPadding_IvParameters_Failure()4431 public void testAES_ECB_NoPadding_IvParameters_Failure() throws Exception { 4432 for (String provider : AES_PROVIDERS) { 4433 testAES_ECB_NoPadding_IvParameters_Failure(provider); 4434 } 4435 } 4436 testAES_ECB_NoPadding_IvParameters_Failure(String provider)4437 private void testAES_ECB_NoPadding_IvParameters_Failure(String provider) throws Exception { 4438 String algorithm = "AES/ECB/NoPadding"; 4439 if (!isSupported(algorithm, provider)) { 4440 return; 4441 } 4442 Cipher c = Cipher.getInstance(algorithm, provider); 4443 4444 AlgorithmParameterSpec spec = new IvParameterSpec(AES_IV_ZEROES); 4445 try { 4446 c.init(Cipher.ENCRYPT_MODE, AES_128_KEY, spec); 4447 fail("Should not accept an IV in ECB mode; provider=" + provider); 4448 } catch (InvalidAlgorithmParameterException expected) { 4449 } 4450 } 4451 4452 @Test testRC4_MultipleKeySizes()4453 public void testRC4_MultipleKeySizes() throws Exception { 4454 final int SMALLEST_KEY_SIZE = 40; 4455 final int LARGEST_KEY_SIZE = 1024; 4456 4457 /* Make an array of keys for our tests */ 4458 SecretKey[] keys = new SecretKey[LARGEST_KEY_SIZE - SMALLEST_KEY_SIZE]; 4459 { 4460 KeyGenerator kg = KeyGenerator.getInstance("ARC4"); 4461 for (int keysize = SMALLEST_KEY_SIZE; keysize < LARGEST_KEY_SIZE; keysize++) { 4462 final int index = keysize - SMALLEST_KEY_SIZE; 4463 kg.init(keysize); 4464 keys[index] = kg.generateKey(); 4465 } 4466 } 4467 4468 /* 4469 * Use this to compare the output of the first provider against 4470 * subsequent providers. 4471 */ 4472 String[] expected = new String[LARGEST_KEY_SIZE - SMALLEST_KEY_SIZE]; 4473 4474 /* Find all providers that provide ARC4. We must have at least one! */ 4475 Map<String, String> filter = new HashMap<String, String>(); 4476 filter.put("Cipher.ARC4", ""); 4477 Provider[] providers = Security.getProviders(filter); 4478 assertTrue("There must be security providers of Cipher.ARC4", providers.length > 0); 4479 4480 /* Keep track of this for later error messages */ 4481 String firstProvider = providers[0].getName(); 4482 4483 for (Provider p : providers) { 4484 Cipher c = Cipher.getInstance("ARC4", p); 4485 4486 for (int keysize = SMALLEST_KEY_SIZE; keysize < LARGEST_KEY_SIZE; keysize++) { 4487 final int index = keysize - SMALLEST_KEY_SIZE; 4488 final SecretKey sk = keys[index]; 4489 4490 /* 4491 * Test that encryption works. Donig this in a loop also has the 4492 * benefit of testing that re-initialization works for this 4493 * cipher. 4494 */ 4495 c.init(Cipher.ENCRYPT_MODE, sk); 4496 byte[] cipherText = c.doFinal(ORIGINAL_PLAIN_TEXT); 4497 assertNotNull(cipherText); 4498 4499 /* 4500 * Compare providers against eachother to make sure they're all 4501 * in agreement. This helps when you add a brand new provider. 4502 */ 4503 if (expected[index] == null) { 4504 expected[index] = Arrays.toString(cipherText); 4505 } else { 4506 assertEquals(firstProvider + " should output the same as " + p.getName() 4507 + " for key size " + keysize, expected[index], 4508 Arrays.toString(cipherText)); 4509 } 4510 4511 c.init(Cipher.DECRYPT_MODE, sk); 4512 byte[] actualPlaintext = c.doFinal(cipherText); 4513 assertEquals("Key size: " + keysize, Arrays.toString(ORIGINAL_PLAIN_TEXT), 4514 Arrays.toString(actualPlaintext)); 4515 } 4516 } 4517 } 4518 4519 @Test testAES_keyConstrained()4520 public void testAES_keyConstrained() throws Exception { 4521 Provider[] providers = Security.getProviders(); 4522 for (Provider p : providers) { 4523 for (Provider.Service s : p.getServices()) { 4524 if (s.getType().equals("Cipher")) { 4525 if (s.getAlgorithm().startsWith("AES_128/")) { 4526 Cipher c = Cipher.getInstance(s.getAlgorithm(), p); 4527 assertTrue(s.getAlgorithm(), checkAES_keyConstraint(c, 128)); 4528 assertFalse(s.getAlgorithm(), checkAES_keyConstraint(c, 192)); 4529 assertFalse(s.getAlgorithm(), checkAES_keyConstraint(c, 256)); 4530 } else if (s.getAlgorithm().startsWith("AES_256/")) { 4531 Cipher c = Cipher.getInstance(s.getAlgorithm(), p); 4532 assertFalse(s.getAlgorithm(), checkAES_keyConstraint(c, 128)); 4533 assertFalse(s.getAlgorithm(), checkAES_keyConstraint(c, 192)); 4534 assertTrue(s.getAlgorithm(), checkAES_keyConstraint(c, 256)); 4535 } 4536 } 4537 } 4538 } 4539 } 4540 checkAES_keyConstraint(Cipher c, int keySize)4541 private boolean checkAES_keyConstraint(Cipher c, int keySize) throws Exception { 4542 KeyGenerator kg = KeyGenerator.getInstance(getBaseAlgorithm(c.getAlgorithm())); 4543 kg.init(keySize); 4544 SecretKey key = kg.generateKey(); 4545 try { 4546 c.init(Cipher.ENCRYPT_MODE, key); 4547 return true; 4548 } catch (InvalidKeyException e) { 4549 return false; 4550 } 4551 } 4552 4553 /* 4554 * When in decrypt mode and using padding, the buffer shouldn't necessarily have room for an 4555 * extra block when using padding. 4556 * http://b/19186852 4557 */ 4558 @Test testDecryptBufferMultipleBlockSize_mustNotThrowException()4559 public void testDecryptBufferMultipleBlockSize_mustNotThrowException() throws Exception { 4560 String testString = "Hello, World!"; 4561 byte[] testKey = "0123456789012345".getBytes(StandardCharsets.US_ASCII); 4562 String testedCipher = "AES/ECB/PKCS7Padding"; 4563 4564 Cipher encCipher = Cipher.getInstance(testedCipher); 4565 encCipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(testKey, "AES")); 4566 byte[] plainBuffer = testString.getBytes(StandardCharsets.US_ASCII); 4567 byte[] encryptedBuffer = new byte[16]; 4568 int encryptedLength = encCipher.doFinal( 4569 plainBuffer, 0, plainBuffer.length, encryptedBuffer); 4570 assertEquals(16, encryptedLength); 4571 4572 Cipher cipher = Cipher.getInstance(testedCipher); 4573 cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(testKey, "AES")); 4574 // Must not throw exception. 4575 int unencryptedBytes = cipher.doFinal( 4576 encryptedBuffer, 0, encryptedBuffer.length, encryptedBuffer); 4577 assertEquals(testString, 4578 new String(encryptedBuffer, 0, unencryptedBytes, StandardCharsets.US_ASCII)); 4579 } 4580 4581 /** 4582 * When using padding in decrypt mode, ensure that empty buffers decode to empty strings 4583 * (no padding needed for the empty buffer). 4584 * http://b/19186852 4585 */ 4586 @Test testDecryptBufferZeroSize_mustDecodeToEmptyString()4587 public void testDecryptBufferZeroSize_mustDecodeToEmptyString() throws Exception { 4588 String[] androidOpenSSLCiphers = { "AES/CBC/PKCS5PADDING", "AES/CBC/PKCS7PADDING", 4589 "AES/ECB/PKCS5PADDING", "AES/ECB/PKCS7PADDING", "DESEDE/CBC/PKCS5PADDING", 4590 "DESEDE/CBC/PKCS7PADDING" }; 4591 for (String c : androidOpenSSLCiphers) { 4592 Cipher cipher = Cipher.getInstance(c); 4593 assertTrue(Conscrypt.isConscrypt(cipher.getProvider())); 4594 if (c.contains("/CBC/")) { 4595 cipher.init(Cipher.DECRYPT_MODE, 4596 new SecretKeySpec("0123456789012345".getBytes(StandardCharsets.US_ASCII), 4597 c.startsWith("AES/") ? "AES" : "DESEDE"), 4598 new IvParameterSpec( 4599 ("01234567" + (c.startsWith("AES/") ? "89012345" : "")) 4600 .getBytes(StandardCharsets.US_ASCII))); 4601 } else { 4602 cipher.init(Cipher.DECRYPT_MODE, 4603 new SecretKeySpec("0123456789012345".getBytes(StandardCharsets.US_ASCII), 4604 c.startsWith("AES/") ? "AES" : "DESEDE")); 4605 } 4606 4607 byte[] buffer = new byte[0]; 4608 int bytesProduced = cipher.doFinal(buffer, 0, buffer.length, buffer); 4609 assertEquals("", new String(buffer, 0, bytesProduced, StandardCharsets.US_ASCII)); 4610 } 4611 } 4612 4613 /** 4614 * Check that RSA with OAEPPadding is supported. 4615 * http://b/22208820 4616 */ 4617 @Test test_RSA_OAEPPadding()4618 public void test_RSA_OAEPPadding() throws Exception { 4619 KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); 4620 keyGen.initialize(1024, SecureRandom.getInstance("SHA1PRNG")); 4621 Cipher cipher = Cipher.getInstance("RSA/NONE/OAEPPadding"); 4622 cipher.init(Cipher.ENCRYPT_MODE, keyGen.generateKeyPair().getPublic()); 4623 cipher.doFinal(new byte[] {1,2,3,4}); 4624 } 4625 4626 /** 4627 * Check that initializing with a GCM AlgorithmParameters produces the same result 4628 * as initializing with a GCMParameterSpec. 4629 */ 4630 @Test test_AESGCMNoPadding_init_algParams()4631 public void test_AESGCMNoPadding_init_algParams() throws Exception { 4632 SecretKeySpec key = new SecretKeySpec(new byte[16], "AES"); 4633 GCMParameterSpec spec = new GCMParameterSpec(96, new byte[12]); 4634 AlgorithmParameters params = AlgorithmParameters.getInstance("GCM"); 4635 params.init(spec); 4636 Cipher c1 = Cipher.getInstance("AES/GCM/NoPadding"); 4637 Cipher c2 = Cipher.getInstance("AES/GCM/NoPadding"); 4638 4639 c1.init(Cipher.ENCRYPT_MODE, key, spec); 4640 c2.init(Cipher.ENCRYPT_MODE, key, params); 4641 // Cipher can adjust the provider based on the reponses to the init call, make sure 4642 // we got the same provider for both 4643 assertEquals(c1.getProvider(), c2.getProvider()); 4644 c1.updateAAD(new byte[] { 4645 0x01, 0x02, 0x03, 0x04, 0x05, 4646 }); 4647 c2.updateAAD(new byte[] { 4648 0x01, 0x02, 0x03, 0x04, 0x05, 4649 }); 4650 4651 assertEquals(Arrays.toString(c1.doFinal()), Arrays.toString(c2.doFinal())); 4652 } 4653 createAesCipher(int opmode)4654 private static Cipher createAesCipher(int opmode) { 4655 try { 4656 final Cipher c = Cipher.getInstance("AES/ECB/NoPadding"); 4657 c.init(opmode, AES_128_KEY); 4658 return c; 4659 } catch (Exception e) { 4660 fail("Unexpected Exception: " + e.getMessage()); 4661 return null; // unreachable 4662 } 4663 } 4664 4665 /** 4666 * Asserts that running the given runnable results in an IllegalStateException 4667 */ assertIllegalStateException(String failureMessage, Runnable runnable)4668 private static void assertIllegalStateException(String failureMessage, Runnable runnable) { 4669 try { 4670 runnable.run(); 4671 fail(failureMessage); 4672 } catch (IllegalStateException expected) { 4673 // expected 4674 } 4675 } 4676 } 4677