| 484509de8262bb0a56b303016e93f4be1cf0d795 |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add Cipher#init checks
Cipher should check that the chosen CipherSpi actually supports
initalization with the given parameters. If not, it should return the
first exception that it ran into so that the developer can have an idea
of why the initialization failed. This is most likely do to unsupported
key or algorithm parameters.
Collapse some functions into one so it's easier to keep track of the
exception that should be thrown should all else fail. Also since we try
to initialize during the CipherSpi selection, there is no need to
initialize the returned CipherSpi again.
Also remove an instanceof check to be in line with other implementations
that just throw a ClassCastException since we now will try other
providers before falling back to throwing the unchecked exception. This
might actually provide better debug messages for a developer working on
a CipherSpi provider.
(cherry picked from commit f591462f7901011b2bce61c3cbbdc54840e5b4bc)
Bug: 22573249
Change-Id: Ieec97a8f00e9c0c3889520a3ec9f8bc4e514b35a
|
| 45a9e938ee58e79b00ae37233678ef9ab54e0392 |
|
22-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add more Cipher tests
Any provider throwing an unchecked exception should not prevent the next
possibly working provider from having a chance.
(cherry picked from commit f7cae3971c030257c62ebc20e9e5dfd6d734b34c)
Bug: 22573249
Change-Id: If3f508ed3e87de58b39ab380fb298a92fb1b593b
|
| 5423595a40397888d426112b1c6fe7b4fcf24e7a |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add tests for init-time rejection
Cipher should try to to initialize the CipherSpi it selects before
returning it as a successful match. These tests ensure that it is
correct.
(cherry picked from commit 85d1800ec694bb4c2f629073d79520c4a7ad0cc8)
Bug: 22573249
Change-Id: I12ed5021cf85fccb5d04a0904a302f6cd3569c3d
|
| 30bc3f8566f9b089ce02a7a22b51991d896f5524 |
|
09-Jul-2015 |
Sergio Giro <sgiro@google.com> |
javax.crypto.Cipher: try less specific Cipher/Mode/Padding combinations before throwing InvalidKeyException
Also, return saved spi in getSpi instead of recomputing a new one
Bug: 22208820
(cherry picked from commit 8157603ccf1ff124c5bebc8755404a9a825f47d3)
Change-Id: I30a06ef7d9234769b5592a0c7d665c8afa2a8ff8
|
| 569564255fa8cb498be9fe07ea5da790b668b54b |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: add tests to check behaviour for padding and decrypt mode
Bug: 19186852
Change-Id: I8c51b309ca98030ab1eda5b2a0201a97a5758072
(cherry-pick from 9f7960cfda26dab222d522c28ca44902d996f3e4)
|
| 2ae508725e0b6c4dd4c23717bc1625bd745670b6 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: throw InvalidKeyException instead of ProviderException
In java.security javax.crypto and java.security classes with
late binding, when guessing the provider and none of the
available ones supports the specified key
Bug: 18987633
(cherry pick from e38b83dd96281d178b01476b67d354655bf2de62)
Change-Id: I5931046e9044984baf724157138bf3a7c7ef5e90
|
| 28ff51921fd3802ce4cdfbcff11ae27e88ade5df |
|
12-May-2015 |
Kenny Root <kroot@google.com> |
Add tests for AES/GCM/NOPADDING
(cherry picked from commit d5ed0e9c84915f2a93e25a4d152f837a661c4774)
Bug: 21085702
Change-Id: I1a88f6410bb61a885bbb447a6e7b86b011dc8625
|
| b76ea2456f3d7fd99fa3d42a3ef7e8b6f61f77c5 |
|
29-Apr-2015 |
Kenny Root <kroot@google.com> |
CipherTest: make multiple doFinal calls for RSA/ECB
The OpenSSLCipherRSA wasn't updating its buffer offset. The regular
test_getInstance loop tests this, but since RSA/ECB is 'special' we have
this extra test.
Change-Id: I27819dad1b0bf59ddd1782b722757fe7526db2df
|
| 096551ee9144aeff6449e9cf181e82246df1dd7c |
|
03-Apr-2015 |
Kenny Root <kroot@google.com> |
Update Cipher tests
InvalidAlgorithmParameterException should be thrown when Ciphers are
initialized with null parameters during decrypt or unwrap mode if the
Cipher expects it.
Bug: 19201819
Change-Id: Id2ce1c3c7929769808fcc9a4048a28ec150e3672
|
| 20e310656f03cd83355eae5cd25237f71b80341a |
|
13-Mar-2015 |
Kenny Root <kroot@google.com> |
Late binding: specified Provider forces its use
If a Provider is specified in a call to Signature#getInstance,
Cipher#getInstance, KeyAgreement#getInstance, or Mac#getInstance,
it should return that provider no matter if the properties on that
provider say it should support it.
Bug: 19730263
Change-Id: I56045e4cb470a0e1aa0e108a443e04043467c475
|
| b8211a7b902b559da234264f5fa1fcf09677f54b |
|
22-Jan-2015 |
Alex Klyubin <klyubin@google.com> |
Make Cipher.update return null for empty input.
Cipher.update(byte[], int, int inputLen) is supposed to return null
when inputLen is zero. This CL makes it so. Prior to this CL, this
method returned an empty byte array.
Bug: 19100173
Change-Id: I5698f11f76a17dd8fc2509be5d8ec9369a888eaf
|
| 9694c034814cf19484eeba703cec650227cba0ec |
|
15-Jul-2014 |
Kenny Root <kroot@google.com> |
CipherTest: check multiple calls to doFinal work
In existing implementations of JSSE Cipher providers, calling "doFinal"
resets the cipher to the state it was at when "init" was called. Note
that this is dangerous to do, but it appears some people do it.
(cherry picked from commit 5eea67dda648cec5ce6239ae64659d8cff0a15c0)
Bug: 16298401
Bug: http://code.google.com/p/android/issues/detail?id=73339
Change-Id: I32e26fde660dc7c50fdac0d74d5d97801f1da9f9
|
| 5eea67dda648cec5ce6239ae64659d8cff0a15c0 |
|
15-Jul-2014 |
Kenny Root <kroot@google.com> |
CipherTest: check multiple calls to doFinal work
In existing implementations of JSSE Cipher providers, calling "doFinal"
resets the cipher to the state it was at when "init" was called. Note
that this is dangerous to do, but it appears some people do it.
Bug: 16298401
Bug: http://code.google.com/p/android/issues/detail?id=73339
Change-Id: I32e26fde660dc7c50fdac0d74d5d97801f1da9f9
|
| beff0f1375b635c692d48190aa69a06986b5111f |
|
06-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: reinitializing causes selection
The Sun PKCS#11 document says that calling initialization with different
keys causes a new provider and service will be chosen. Currently the RI
fails these tests, but it seems like the correct thing to do.
Change-Id: Ie40d8ef5f0996477e157ffbc0d9f145448df3df1
|
| 07c8c69f59b60684fe07b003b3462e8d9687f422 |
|
06-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: fix refactor mistake in Cipher
Refactoring led to the tool changing "continue;" into "return sap;"
which will give you an invalid configuration.
Change-Id: I4b1a3b3fc9ffdf489739b4a1ef65276ca021f1f6
|
| 3ed78a8925825daccdba23fda1f69cbb3aa77a24 |
|
05-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: supplied Provider should be used
If a program supplies a Provider object, it should be used instead of
looking at the registered providers.
Bug: 12890254
Change-Id: Ia4d1ac88a1ed20ab6ad6a11d2d5f53ee51310544
|
| 9f48b7f4185c06c3f4a1f95bda68a9cbe59b2c61 |
|
01-Feb-2014 |
Alex Klyubin <klyubin@google.com> |
Assert PKCS#7 padding supported for AES and 3DES.
This tests that PKCS#7 padding for all Cipher transformations which
currently support PKCS#5 padding.
PKCS#5 padding is a special case of PKCS#7 padding. PKCS#5 padding
is defined specifically for 64 bit long blocks. However, lots of code
assumes that PKCS#5 for other block sizes works exactly like PKCS#7,
and thus uses PKCS#5 padding where PKCS#7 should actually be used
(e.g., with AES). Thus, we assert the assumption that PKCS#7 padding
works exactly like PKCS#5 padding.
Change-Id: I0ca8a952c67bc7aff172e22bd730378d41438067
|
| 85dab151e734557d356fb45c45cf7d4548dd6fdc |
|
30-Sep-2013 |
Kenny Root <kroot@google.com> |
Late binding: add support to Cipher
This enables late binding support for Cipher algorithms. It will now pay
attention to SupportedKeyClasses and SupportedKeyFormats after the
Cipher#init(...) is called on the instance instead of selecting the
provider when Cipher#getInstance(...) creates the instance.
Change-Id: I27802f1f8b96d81dd2a269741d080dbe68232c9f
|
| 0e5952d5638069e38218abf9136de8c4d3b60d95 |
|
13-Dec-2013 |
Kenny Root <kroot@google.com> |
CipherTest: add support for GCM cipher
Change-Id: I4b5a5123977a1df152f097e2c7ed86cf7dbcfe9e
|
| 8f6f41324523bd8a1d2d687cd70c023753aae024 |
|
10-Dec-2013 |
Kenny Root <kroot@google.com> |
CipherTest: Move jurisdiction check lower
The jurisdiction policy check was being run too early and it was failing
with a NullPointerException because the static field it was reading
hadn't been initialized yet.
Change-Id: I92d1e010052df03ef1c38996ae74080d5607e681
|
| dbeeeb9fa5a9bb81134803d202cce5e7c66559af |
|
22-Nov-2013 |
Kenny Root <kroot@google.com> |
CipherTest: add tests for null parameters in init
Bug: https://code.google.com/p/android/issues/detail?id=62640
Change-Id: I86ae6603a6492e8f66c1ce5782c1d0483e4a491b
|
| 96b54bb1fad5cf63473f99a4155ce888f4f85d7e |
|
30-Sep-2013 |
Kenny Root <kroot@google.com> |
Remove unsupported Cipher modes
OpenSSL silently ignores the padding modes when specified for stream
ciphers, but apparently Java does not.
Change-Id: Icd92122d63b3b8e99d704e8193414dda5057146d
|
| e884f65168ea49f85d15a4d7d810904a33a1a22e |
|
10-Sep-2013 |
Kenny Root <kroot@google.com> |
Return IvParameters in OpenSSLCipher#getParameters
The getParameters() call was unimplemented in the OpenSSLCipher as an
oversight. Add it so code relying on it will continue to work.
Additionally add tests for getIV() and getParameters() to make sure they
work correctly.
(cherry picked from commit 8d59a14a150738b8b3a2a8c31d1a48b8ae0a3d0c)
Bug: 10423926
Change-Id: I6bc7fc540509242dff9e5411f66f82be54691cb4
|
| 8d59a14a150738b8b3a2a8c31d1a48b8ae0a3d0c |
|
10-Sep-2013 |
Kenny Root <kroot@google.com> |
Return IvParameters in OpenSSLCipher#getParameters
The getParameters() call was unimplemented in the OpenSSLCipher as an
oversight. Add it so code relying on it will continue to work.
Additionally add tests for getIV() and getParameters() to make sure they
work correctly.
Bug: 10423926
Change-Id: Ie42007b15c080aab4040375f2d9c40b9d82c4f0c
|
| df622e97f428295cbb19c8bd04433d8febb6d8b3 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes
Bug: 9095447
Change-Id: Ieba76865c4da4260949391389611dfd09bc5e326
|
| bb04d369aed3de1a93907b8fab6f3a9837135257 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
Flip sense of negative isUnsupported* methods
Change-Id: I024a72ec535978dc3a009d6433f6a65133feb3b8
|
| e9e7f036545d04e441e2aa8bcae4ba1024c86e97 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes
Bug: 9095447
(cherry picked from commit 1eba66d802f4edfaa3ca599f196e282bc110eff9)
Change-Id: I6709eebcbede0ba617462bf49dd858f98246555f
|
| 1eba66d802f4edfaa3ca599f196e282bc110eff9 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes
Bug: 9095447
Change-Id: Ieba76865c4da4260949391389611dfd09bc5e326
|
| d416195acbc08f2b3bdd5d5532d40438465d99e9 |
|
13-May-2013 |
Kenny Root <kroot@google.com> |
Add classes for AEAD encryption
New classes in Java 7 for Authenicated Encryption with Additional Data
(AEAD). This allows the use of encryption modes such as Galois/Counter
Mode with performs the equivalent of MAC and encryption simultaneously
and consequently makes encryption safer to use for implementors.
Change-Id: I6302826b096044ade5f62a667dc240e3ab07b351
|
| 4f63b6d2b5c082f88ef731186902c0229dda474f |
|
29-Jan-2013 |
Brian Carlstrom <bdc@google.com> |
Remove BouncyCastle exclusion of PBE ciphers from wrapping tests
Bug: https://code.google.com/p/android/issues/detail?id=41405
Change-Id: Ie5942f4ef1d872a75d89c58ea0fd85f69c63d0cf
|
| edefa57a822c27f3e9def050fd50e375c5908551 |
|
02-Oct-2012 |
Kenny Root <kroot@google.com> |
OpenSSLCipher: add ARC4 support
Change-Id: Iccdd76260af1afab0855816b3ccdd34fbc52295b
|
| 46d6243e9e39a2b68b985bfd534cc891e52df274 |
|
09-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Change OpenSSLCipherRSA.{engineGetBlockSize,engineGetOutputSize} to return result based on key size
Includes cherry-pick of 847f22adbd0e829b84491d7202dcbed5bf67a98c
Bug: 7192453
Change-Id: Ib5fa1e313d942d2c1034e8e7831af285ad24d71d
|
| 72e44404c32a98e7675a6e7cfbf856adb499a434 |
|
09-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Change OpenSSLCipherRSA.{engineGetBlockSize,engineGetOutputSize} to return result based on key size
Includes cherry-pick of 847f22adbd0e829b84491d7202dcbed5bf67a98c
Bug: 7192453
Change-Id: Ib5fa1e313d942d2c1034e8e7831af285ad24d71d
|
| fac659c013ec9c2783f60afce39e83eb107f117d |
|
04-Oct-2012 |
Kenny Root <kroot@google.com> |
OpenSSLCipher: don't explode during null decrypt
Other Cipher implementations return "null" when calling "doFinal()"
during decrypt mode without having ever called .update(...)
Change OpenSSLCipher to do the same.
Change-Id: I76e22702a446912df125af0ff518fb123d62f5a3
|
| 13cf08b2f06e1f5f0278c449072898f5e147db49 |
|
24-Sep-2012 |
Kenny Root <kroot@google.com> |
Add Cipher support for AES through OpenSSL
Timings using encrypt with 256-bit key in CTR mode and PKCS5Padding:
implementation inputSize us linear runtime
OpenSSL 16 11.4 =
OpenSSL 32 12.1 =
OpenSSL 64 13.2 =
OpenSSL 128 15.1 =
OpenSSL 1024 44.0 =
OpenSSL 8192 275.0 ===
BouncyCastle 16 11.5 =
BouncyCastle 32 15.9 =
BouncyCastle 64 24.6 =
BouncyCastle 128 41.5 =
BouncyCastle 1024 277.2 ===
BouncyCastle 8192 2196.9 ==============================
Change-Id: I4aa6e3a2ca2b368fab2c602733b4f97e740d04fd
|
| 2f3704e69938b1cecbd6bc97f1247ec5f3ad03d2 |
|
02-Oct-2012 |
Kenny Root <kroot@google.com> |
Test key wrapping for all Ciphers
Change-Id: I1320f30602e17b730feae5676e34b1550f8eb8b8
|
| 6c9924b028850b824e6742bb72ed5406242fdeb4 |
|
01-Oct-2012 |
Kenny Root <kroot@google.com> |
More testing of Cipher .doFinal variants
Change-Id: I5f94eac56da177de5d395277f246263af32c67c3
|
| 847f22adbd0e829b84491d7202dcbed5bf67a98c |
|
28-Sep-2012 |
Kenny Root <kroot@google.com> |
Add more CipherTest tests
Change-Id: I29f55e41335021945029e410d4e51e2c8f564285
|
| 0a156e0126e8015f2791e9a7dd48bbdaeae0c335 |
|
12-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding
Summary:
- Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding
Added NativeCrypto.RSA_private_decrypt and NativeCrypto.RSA_public_encrypt
- Changed OpenSSLSignatureRawRSA to use new Cipher.RSA/None/PKCS1Padding
Removed now obsoleted NativeCrypto APIs for
RSA_padding_add_PKCS1_type_1 and RSA_padding_check_PKCS1_type_1
- added wrap/unwrap support OpenSSLCipherRSA
Needed for SSLEngine (and fallback SSLSocket implementation)
which are now picking up the new Cipher.RSA/None/PKCS1Padding
- expanded CipherTest to sanity test all algorithms and PKCS1 padding
Change-Id: I03566cc86ffce07d44d5e0094fa82c9c24587c26
|
| d762af619aa85042c08553425a4ca4ef7900d45a |
|
10-Aug-2012 |
Kenny Root <kroot@google.com> |
Fix OpenSSLCipherRawRSA doFinal array copy
System.arraycopy was pointing the wrong way making calls to doFinal()
with offset markers get zeroed output instead of the actual output.
Also fix tests that checked RSA cipher behavior to match RI.
Bug: 6951038
Change-Id: Ife84c177a2c06a2c27b98df9960cbd3c4b62d984
|
| c5ddc93173f32383ab456c0a24739e7cb2d19c42 |
|
02-Aug-2012 |
Kenny Root <kroot@google.com> |
Add raw RSA Cipher to OpenSSLProvider
Recent changes in the way that Android Keystore (accessed via KeyChain)
necessitate all key operations be done with a provider that understands
the new OpenSSLKey object.
This adds Cipher support for the RSA algorithm in "RSA/ECB/NoPadding"
and "RSA/None/NoPadding" modes.
Change-Id: I98a8eaf3514763a863b2751bba999fbd48609c96
|
| 101547d4a82ba21031dc7cb62018720dbd493758 |
|
01-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Refactoring to add a builder for TestKeyStore.
Change-Id: I346aea42a27042512f4ed97690f1e0ca1755257c
|
| 0ac85ead96f1ba7d35f3acadd154de4ef0a8fd87 |
|
25-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Tracking jarjar of org.bouncycastle to com.android.org.bouncycastle
Bug: 3086427
Change-Id: I026f80bfa5e963a8e988ecd6f91c9732a4afc70c
|
| 0d5c7588179fb373da70ce04362be5ce74a98eb4 |
|
24-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Cipher.init incorrectly implements RFC 3280 key usage validation
Issue: http://code.google.com/p/android/issues/detail?id=12955
Bug: 3381582
Change-Id: Ida63c1356634c8e287ce5b0234418a656dffedf0
|