| 612fe850c7bddf92fbb7869412774dd525ada8b9 |
|
19-Feb-2018 |
Adam Vartanian <flooey@google.com> |
Remove crypto tests that have been moved to Conscrypt.
The latest sync of Conscrypt includes external copies of many of the
crypto tests in libcore, so delete the copies of those tests in
libcore as they're now redundant. The test cases left in CipherTest
are only those that test the behavior of the library classes
themselves or the provider infrastructure in Android, rather than the
behavior of the security provider that provides the implementation.
Bug: 65476203
Test: cts -m CtsLibcoreTestCases
Change-Id: I0cfd83b3dabd536158bddd4e02a4cf709aa212ea
|
| 2aae1836b48cace41d55766a9966e94c44c3538f |
|
05-Feb-2018 |
Adam Vartanian <flooey@google.com> |
Clean up a couple test oddities.
Some internal changes exposed existing problems in our tests.
CipherTest's test_getInstance was needlessly case-sensitive.
Algorithm names are case insensitive, so normalize them before using
them in sets in the test.
KeyGeneratorTest and SecretKeyFactoryTest both had a problem where the
first test was a failing test, which meant that the provider
infrastructure cycled through all the available providers trying to
find one that wouldn't fail and then locked into the least-preferred
provider, so we were testing the wrong thing. Instead, lock in the
preferred provider (by calling getProvider()) before running any of
the tests, so we know we're testing the provider we intend to test.
Bug: 72860937
Test: cts -m CtsLibcoreTestCases
Change-Id: I98bcc5b34655eec9bdb4423c7739ba5ebd1d6f1d
|
| 9da28e1cd4cdce2e6ee2ece3b0fbd5f20e5e6eda |
|
03-Nov-2017 |
Adam Vartanian <flooey@google.com> |
Update tests for Conscrypt upstream merge.
For the most part, this is just adjusting tests to account for the fact
that "ChaCha20" now refers to the plain stream cipher instead of
ChaCha20+Poly1305.
Test: cts -m CtsLibcoreTestCases
Change-Id: I5976027811c58910952a186f3580a3f5e561407d
|
| 12442ce0398b6ca0917462d33709f15c68f7e095 |
|
16-Oct-2017 |
Adam Vartanian <flooey@google.com> |
Update tests for Conscrypt upstream merge.
Adds basic compliance tests for ChaCha20/Poly1305/NoPadding.
Adds test that AES/GCM/NoPadding can be initialized with GCM
AlgorithmParameters.
Adds reuse test for ChaCha20/Poly1305/NoPadding.
Updates StandardNames for new names.
Updates SSLSocketTest for changed Conscrypt implementation details.
Test: cts -m CtsLibcoreTestCases
Change-Id: I608e4bbcced678fdfac8b28d500f7fa8b4599319
|
| 491d88834d8af35b9701f92d972212d873dbb6a0 |
|
10-Oct-2017 |
Adam Vartanian <flooey@google.com> |
Deprecate BC implementations of duplicated algorithms
The first step in deprecating the BC implementations of algorithms that
are also provided by Conscrypt. This checks whether the app's target
API level is greater than a given threshold (currently O, but subject
to change later) and disallows access to those algorithms when true.
This limit only applies to requests from the system-created BC provider.
Apps can install their own provider, in which case they get the
implementations they requested.
This doesn't yet implement the deprecation for Cipher instances, since
the transformation scheme makes that more complicated.
The ultimate removal of these algorithms, once a sufficient deprecation
period has elapsed, is tracked in b/67761667.
Bug: 67626877
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Test: cts -m CtsLibcoreWycheproofConscryptTestCases
Change-Id: I48f07226e66873a65859121af32028c1547952ac
|
| f847cef7da2ab69e3564ed14634a6dd5c55fae9e |
|
22-Jun-2017 |
Adam Vartanian <flooey@google.com> |
Use decryption keys on decryption tests in CipherTest
Previously the test was using the encryption key for a decryption test,
which is just incorrect, and will fail when we start disallowing decryption
with public keys in RSA with OAEP.
Also factor the decryption key out into a variable to match how the
encryption key is handled.
Test: cts -m CtsLibcoreTestCases -t libcore.javax.crypto.CipherTest
Change-Id: I852ac1b45e8ed891ff35e81902cec6284c037e2e
|
| db1b29ca91ffbc0caef2c500a813e0d5602407f8 |
|
14-Feb-2017 |
Adam Vartanian <flooey@google.com> |
Small test improvements
Display the failing algorithm in testAES_keyConstrained.
Sort the set of Services when dumping them, so they're nicely organized
in the debug output.
Test: run cts -m CtsLibcoreTestCases -t libcore.java.security.ProviderTest
Test: run cts -m CtsLibcoreTestCases -t libcore.javax.crypto.CipherTest
Change-Id: I646947992bb22407ea5736fcfcbba4494d02422b
|
| b0df0026050040d958865fcbd4cfc7d3c0b5ae12 |
|
10-Feb-2017 |
Kenny Root <kroot@google.com> |
Update class reference in CipherTest TODO
This was pointing to an unused class in Bouncycastle. Update it to point
to the newer class for future fixers.
Test: mmma -j32 libcore
Change-Id: Ia519b1b2c0f113a0b3721df49bf4287e804c527a
|
| 385c0d328cd6925efd4d2c985f412166e78ced3c |
|
08-Feb-2017 |
Adam Vartanian <flooey@google.com> |
Conscrypt: Add key-constrained versions of AES algorithms.
Bug: 29631070
Test: run cts -m CtsLibcoreTestCases
Change-Id: I7174ec7f6c598d46dce1935385c723b96907d9d1
|
| 78db2321a32116ceccf679cc9075993a60901b6d |
|
17-Nov-2016 |
Kenny Root <kroot@google.com> |
CipherTest: assert getParameters output is correct
When RSA/ECB/OAEPPadding was added to Conscrypt, the engineGetParameters
method was not implemented. In order to avoid any regressions like this
in the future add logic to check that the AlgorithmParameters returned
are correct. Additionally make sure all the code paths that check this
are using the same method.
Add logic to check that OAEPParameterSpec instances are equivalent and
use that in this new test.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I3f5309f55f213c6b8ea551ac61d07893e0d0bfab
|
| ecb120c781a7a92bce67411ed3a4a7faff34d149 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
DO NOT MERGE Assert that DESede/CBC/PKCS5Padding Cipher works as expected
(cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402)
Bug: 31081987
Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
| efb5f5b2b9630c8441114d3a75600b7297669737 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
DO NOT MERGE Assert that DESede/CBC/PKCS5Padding Cipher works as expected
(cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402)
Bug: 31081987
Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
| 743c1704cf39d5ca9e69bfe4522e6afc10899750 |
|
07-Oct-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add tests for RSA OAEP with labels
The OAEP spec allows you to specify a label L for indicating what the
key should be used for, etc. This is represented here as a
PSource.PSpecified instance. Add a couple tests for these to make sure
they're functioning correctly.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I440c55cdbbe6c59b4a41d538cc4b81f186450917
|
| 9d662376ede4cbb5466c9b78158a0c7940e879b0 |
|
06-Oct-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add block and output size for OAEP
This asserts the block and output sizes for Cipher.RSA/ECB/OAEPPadding
and the specific message digest modes are correct.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I39c11f337bd4d618af9cc9f8d075990d68e50077
|
| 8fe7fe2365c2b3ea5f70d4073df0640f637569dc |
|
06-Oct-2016 |
Kenny Root <kroot@google.com> |
CipherTest: fix miswording and expectation of zero-length ops
After reviewing this it appears that the expectations of BC are correct
when trying to decrypt empty buffers with OAEP. This can't be correct,
so BC is not wrong here.
However, BC does have a bug when trying to decrypt a ciphertext that
decrypts to a zero-length plaintext buffer. Fix the wording of the
comment to make this clearer.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I4122e2a303e3b610c201e609790389fe62a0df28
|
| c676c82633a6cff70bfcf3c29635bcdf7e27333f |
|
26-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: templatize OAEP tests
OAEP tests can be specified by using "OAEPPadding" or
"OAEPWith{hash}and{mgf}Padding", so make a helper function that creates
test cases for both.
Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I80710d864fb60b02dcaf1c39dab493bcf2d7b7e4
|
| f989a50275a83ed85a49e19b962d08c34ae42fcc |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add RSA OAEP tests
This adds test vectors for various modes of RSA OAEP. They were all
generated with OpenSSL on the command line as noted in the comments
above each.
Bouncycastle has a bug where it can't decrypt an empty ciphertext in
OAEP mode, so note that in the tests.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: Ibda2d17cc8342008485422196bf0779a9d2469c0
|
| fda531dba8ccac56cacee057ea5d0ac9eff253b1 |
|
23-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: log more information on failure
If an assertion failed, we need to catch it with Throwable. Also change
one code path to make it go through the logging code so we can annotate
the failures with which CipherTestParams we were using when the failure
occured.
Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I9e66c490c0bbdeca1b64534b782b5303b465877c
|
| 183a56daa817978687ce0f7b4859dc1fe79a3668 |
|
23-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: test providers that don't use full transform name
Some providers such as Bouncycastle list their Cipher implementations
without mode or padding specified, so we should test those providers as
well.
Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I79c59db637d7b7bfae4b1c1cb78be72490384e1d
|
| 6a7463d8706a737dfbca1bbc2159dc6911a58785 |
|
19-Jul-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: in ASN1 encoding for GCM, no value for tag size means 12
Cherry picking to this branch because of b/31637724
(cherry picked from commit d3204de83ff89519bd2f7c5b3260e508936d58d2)
Bug: 26231099
Bug: 26234568
Bug: 29876633
Bug: 31637724
Change-Id: I7d194de82506cf3da4dbb0b2cc67b72f3623abe7
|
| 02fa18e3caefb812a3611bffbc32f8589c717d42 |
|
23-Sep-2016 |
Kenny Root <kroot@google.com> |
GCM ciphers should not allow key and nonce re-use
Re-using a key and IV combination with different data leaks the key in
GCM mode, so we should get IllegalStateException when trying to do this.
Change the tests to make sure we don't try to do this for GCM ciphers
and make sure that there is a test that makes sure this behavior is
enforced.
Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Bug: 30231101
Change-Id: I161665d5bded10092b6028d1cde5ad9c712b2cc0
|
| dfb337d6f7040e490763a30eba1d5b3b5bb71d2d |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: do not test known ciphertext for randomized algorithms
Randomized algorithms will by their nature output different outputs each
time the same message is encrypted. Do not test that the known answer is
reached for these algorithms. Later in the test that known ciphertext will be
decrypted to make sure the correct plaintext is produced as well as a
loop-back test with a newly created ciphertext.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I790e3f9822c12b7f2c6615f5dda503154cd870bd
|
| 6aaf31e80827682f3c5f2d38507dcc94cc39bf8d |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: specify AlgorithmParameterSpec instead of IV
Remove the knowledge of how to construct AlgorithmParameterSpec for each
algorithm type from the test and simply put it in the test parameters
instead.
This will allow us to test known answers from various more
AlgorithmParameterSpec types and RSA OAEP in the future.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I3ef08052b4b96ef3099309c76fdb3e7e1a977fea
|
| 24548c72e07a11d9fdd46e9ecf72535fa7819c71 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: key generation failure is AssertionError
We cannot continue the test without these keys being generated correctly
and upcoming tests will need them generated in the static blocks, so
change the getEncryptKey and getDecryptKey methods to throw
AssertionError on any exception during key generation.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I3568b44c011973efe76a2bf1ebba3d23c1f3745e
|
| babf8a9c7b07838bce7ae1d38dd5567aff454fff |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add new CipherTestParam ctor that takes both keys
This will allow us to use independent encrypt and decrypt keys later.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I8f6d80b787817f8e66b1e64d1f7ffad888ef0072
|
| 113ad9302321c1eb3dd98aad6745d5257d130db8 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: distinguish between encrypt and decrypt keys
Block ciphers typically have the same SecretKeySpec for both encryption
and decryption. However, in order to add tests of RSA encipherment there
must be a distinction between encryption and decryption keys. Add this
distinction in the tests but leave the existing CipherTestParam
construction the same for now.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: Ib18947420fe53aa61f80a05f81bb8ea9d6fa9ed1
|
| 9d64332210a6cfbac99850972ccd0650250d3dcc |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: factor out common log code
The test failure code was printing the same thing in several places, so
factor it out into its own method so it can be easily expanded later
when more debugging is needed.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: If389a06e22500c703a9ee7b7619da35a348f5732
|
| f867abec6a729cb2540ebd8797fa7822549fae04 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: Remove unused AES_MODES
This was added in 72e44404c32a98e7675a6e7cfbf856adb499a434 but never
used. Remove it since the various modes are tested by
testCipher_Success anyway.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: Idb4d492d7dda5bbd6edf6013d204420692ad97bd
|
| e62244cb4d9f5e729013897ed7b09e86aeea0481 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: remove unused pubKey variable
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: Ia479b71e00843d3734997a5998e073b7b0b112f1
|
| 935389a7c2c6da3280e71c20f11c5ebefed5f4d8 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: remove the now-unused keyAlgorithm field
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I763706be28ba1f74795e5568cbbece63f8f21e68
|
| e5d11d4cf1593e245b2ac8c5871d358118171b3b |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: use SecretKeySpec instead of byte[]
Use a SecretKeySpec to provide a bit more type safety in the tests. We
can use a Key instead of a byte[] now!
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I1e806a47d2b65a90fa33b2b84aa61265c30e7507
|
| 9214be83307f2baeea28be8a94640c70a23a90ec |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: replace repeated key public construction
There already exists a method that would get the correct key, so just
call that instead of repeating the same lines over and over.
Many methods also labelled the PublicKey variable incorrectly so take
the opportunity to fix that as well.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I1908352f12d3f56a2ed02d6ddc0a13f526efb0d6
|
| dcdeeb996aa34f2c8d3a715e4ea7c75719b231e5 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: replace repeated key construction
There already exists a method that would get the correct key, so just
call that instead of repeating the same lines over and over.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I3a5f8fd1a6d051727d1b1794798c4e067b77ba75
|
| 59fdf81a1c024537b721a43dd1968b261b262f5c |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add missing RSA private key parameters
This key was partially present in the file, but apparently unused.
Convert the existing RSAPrivateKey construction to RSAPrivateCrtKey to
speed up the tests a bit.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I8e7b25a408399b2c99c4d70f57b039d1f274fc37
|
| 5a98502a319d44db70d744c7c38e10fb6dbca4aa |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: fix RSA encrypt and decrypt meaning
The getEncryptKey and getDecryptKey methods should be for returning
normal enciphering and deciphering keys respectively. RSA keys can be
used for two different purposes as outlined by PKCS 1 and are called
"block types."
The block type 1 is used for generating signatures. A signature is
created by preparing a block type 1 plaintext then using the PrivateKey
to "decrypt." Then later on anyone can verify the signature by using the
matching PublicKey to "encrypt" and get the PKCS 1 formatted plaintext
back.
The block type 2 is used for enciphering a message to a recipient. The
PublicKey is used to encrypt the message and later on only those
possessing the PrivateKey can decrypt and read the plaintext.
Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Change-Id: I8c3aabe96c45a738a7929e7424efbbad3f0047b2
|
| 27aea9ef640e15acfe8bf5e2517eb26e4967f4f0 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
Assert that DESede/CBC/PKCS5Padding Cipher works as expected
(cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402)
Bug: 31081987
Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
| 44042892447828cbb166029d95a70e07ee58f3c8 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
Assert that DESede/CBC/PKCS5Padding Cipher works as expected
(cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402)
Bug: 31081987
Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
| 03a4971151bd9ea084cf813e6f8498472569da2f |
|
19-Jul-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: in ASN1 encoding for GCM, no value for tag size means 12
(cherry picked from commit d3204de83ff89519bd2f7c5b3260e508936d58d2)
Bug: 26231099
Bug: 26234568
Bug: 29876633
Change-Id: I7d194de82506cf3da4dbb0b2cc67b72f3623abe7
|
| d4b7449574ca69c713a3f2230cb77c68ee642700 |
|
06-Sep-2016 |
Tobias Thierer <tobiast@google.com> |
Fix 58 libcore tests that caught "expected" Exceptions but didn't fail()
There were no changes to code under test.
4 tests were fixed to not tolerate an Exception:
- libcore.java.util.CollectionsTest#test_CheckedMap_computeIfAbsent
In the case where a Map key is present, computeIfAbsent() should
not invoke the Function, so there is no return value that could
be expected to undergo a type check. The test was changed to
verify that the Function is not invoked.
- libcore.java.util.concurrent.CopyOnWriteArrayListTest#test_sort and
libcore.java.util.concurrent.CopyOnWriteArrayListTest#test_subList_sort
were sorting an already-sorted non-null list that contains no null
values. That logic was redundant and wouldn't have thrown.
- org.apache.harmony.security.tests.java.security.KeyStoreSpiTest#test_engineEntryInstanceOf
(the KeyStoreSpi documentation does not mention whether NPE is thrown;
the implementation comes from upstream and does not throw it).
54 tests were fixed by adding the missing
fail();
No attempt was made to make this failure message specific to the
exception that was expected.
Tests that weren't changed:
- SSLEngineTest.test_wrap_ByteBuffer_ByteBuffer_04() requires
investigation to determine the correct resolution.
A comment was added to the test linking to the corresponding bug.
- ThreadTest#testParkUntilWithUnderflowValue() and
OldNodeChangeEventTest.waitForEvent() were not touched since
it was not clear whether that it was relevent to the test whether
or not the exception was thrown.
- two cases in Files2Test#test_setPosixFilePermissions_NPE() are
left to a future CL
Test:
(croot; make vogar core-tests) \
&& git diff aosp/master --name-only | xargs vogar `cparg core-tests`
Change-Id: I1cd3220a06e331ff049b146b393f78879f07211a
|
| f1d1149c79d01585a5241a814b72cdcdf179ba66 |
|
26-Aug-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: add known answer tests for ARC4
Test: vogar CipherTest
Change-Id: Ie347062367870daf59bb40e1a57c7bb1856b2e63
|
| d26b520451b3b2a1032128f5ff2491891b6e855b |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
Assert that DESede/CBC/PKCS5Padding Cipher works as expected
Bug: 31081987
(cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402)
Change-Id: I77e01eb28d0504f85432fdeefb25abd6732c997f
|
| c3f66fe5fd385ec922f13e96977bd5348fcf2402 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
Assert that DESede/CBC/PKCS5Padding Cipher works as expected
Bug: 31081987
Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
| d3204de83ff89519bd2f7c5b3260e508936d58d2 |
|
19-Jul-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: in ASN1 encoding for GCM, no value for tag size means 12
Bug: 26231099
Bug: 26234568
Bug: 29876633
Change-Id: I44c0c68f1e92caf6547c9e3b494ec5b82b8cff5f
|
| dbb107c98fde3cf45740a6aa240c7ab3ee391dd9 |
|
06-Jun-2016 |
Sergio Giro <sgiro@google.com> |
Cipher: always select a SPI in init according to the parameters
Behaviour before this CL was to avoid selecting a SPI if there
was a previously selected one. That is an incompatibility wrt M.
This CL makes Cipher compatible with the M behaviour
(cherry picked from commit 264d21f1e86e7ec7976fc5346c21a8e17d8635b1)
Bug: 29038928
Change-Id: Iad68ec2c1eca99c4e98f5179429498cff9b42c36
|
| 264d21f1e86e7ec7976fc5346c21a8e17d8635b1 |
|
06-Jun-2016 |
Sergio Giro <sgiro@google.com> |
Cipher: always select a SPI in init according to the parameters
Behaviour before this CL was to avoid selecting a SPI if there
was a previously selected one. That is an incompatibility wrt M.
This CL makes Cipher compatible with the M behaviour
Bug: 29038928
Change-Id: Ie5ddf17e25344d41dc45f0c6df6effbca7dc7021
|
| f8a8250a9c3bdd0a81b7d5cc40190bb3758be2b5 |
|
11-May-2016 |
Tobias Thierer <tobiast@google.com> |
CipherTest: cover additional cases that should throw IllegalStateException.
The new logic tests that the following Cipher methods throws
IllegalStateException when the Cipher instance has been
initialized to any mode other than the following:
- update(), final(): only ENCRYPT_MODE or DECRYPT_MODE allowed
- wrap(): only WRAP allowed
- unwrap: only UNWRAP allowed
Tested:
- tested that each one of the new test methods failed after I
I deliberated broke the Cipher implementation to not throw in
these cases. (No other tests broke, i.e. this behavior was
previously not tested by this Test class nor any of the other
two CipherTest.java that I ran).
- tested that the test passes after I reverted my breaking
changes to Cipher.java
Command used to test:
vogar --classpath \
out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes.jack \
--classpath \
./out/target/common/obj/APPS/CtsKeystoreTestCases_intermediates/classes.jack \
--classpath \
./out/target/common/obj/JAVA_LIBRARIES/android.test.runner_intermediates/classes.jack \
libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
Bug: 21696383
Change-Id: I4c8fed3cc436d1dfbfd56495bc9232cbb6156dd7
|
| d7d813b3816520b1cf55fc5cfca680fa66c727a1 |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
DO NOT MERGE
CipherTest: add test for multiple updateAAD calls
Make sure that multiple updateAAD calls are equivalent to other calls to
updateAAD with the same data.
(cherry picked from commit 67ee3c5c2dad218e497035de5100e9036d140fdd)
Bug: 27371173
Change-Id: Ie69df0906438ad26c566daed3f55b07ba60fe468
|
| ee76ab4a1cc0853f499105f216b31fb43214f467 |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
DO NOT MERGE
CipherTest: test instance reuse with updateAAD
AAD was not being reset on each Cipher init or doFinal call, so add
regression tests to make sure that is now the case.
(cherry picked from commit d90a44bf4956d335e2a876015cf258dc46e226ea)
Bug: 27324690
Change-Id: I5f7606efb6dfcd412166eed2bd5f417097a97f1f
|
| bf6ca8645a96a4203ac6c1c0ec097cc42e6745ef |
|
04-Apr-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: add tests checking the behaviour of BCPBE keys without IV and PKCS12
(cherry picked from commit 30382b914b7971c345f6d8695ce0f050aaffc391)
Bug: 27224566
Bug: 27994930
Bug: 27995180
Change-Id: I57f0bdfc2b354a748dc6f78aaf01ed557732644d
|
| 30382b914b7971c345f6d8695ce0f050aaffc391 |
|
04-Apr-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: add tests checking the behaviour of BCPBE keys without IV and PKCS12
Bug: 27224566
Bug: 27994930
Bug: 27995180
Change-Id: I4d8dd44e7390199fc60797f9bd2c56174d8dfcba
|
| 7400234a36de7a95dbdb409de53bb867a70cf6ea |
|
17-Mar-2016 |
Kenny Root <kroot@google.com> |
Test more updateAAD variations
Test splitting updateAAD across multiple invocations.
Bug: 27696681
Bug: 27324690
Change-Id: I9a73dbd1343080bb03e3913c7a2827b83dcfc986
|
| 3af0f3482f512eda3613aa2a759a8491a4fe0539 |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add test for multiple updateAAD calls
Make sure that multiple updateAAD calls are equivalent to other calls to
updateAAD with the same data.
(cherry picked from commit 67ee3c5c2dad218e497035de5100e9036d140fdd)
Bug: 27371173
Change-Id: Ie69df0906438ad26c566daed3f55b07ba60fe468
|
| bbf5070f97962bd95c7cb081fae996d200032522 |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
CipherTest: test instance reuse with updateAAD
AAD was not being reset on each Cipher init or doFinal call, so add
regression tests to make sure that is now the case.
(cherry picked from commit d90a44bf4956d335e2a876015cf258dc46e226ea)
Bug: 27324690
Change-Id: I5f7606efb6dfcd412166eed2bd5f417097a97f1f
|
| 67ee3c5c2dad218e497035de5100e9036d140fdd |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add test for multiple updateAAD calls
Make sure that multiple updateAAD calls are equivalent to other calls to
updateAAD with the same data.
Bug: 27371173
Change-Id: Ie69df0906438ad26c566daed3f55b07ba60fe468
|
| d90a44bf4956d335e2a876015cf258dc46e226ea |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
CipherTest: test instance reuse with updateAAD
AAD was not being reset on each Cipher init or doFinal call, so add
regression tests to make sure that is now the case.
Bug: 27324690
Change-Id: I5f7606efb6dfcd412166eed2bd5f417097a97f1f
|
| 025a53602e555b0fda6fcc3060613e4c94217034 |
|
23-Feb-2016 |
Sergio Giro <sgiro@google.com> |
GCMParameters: check that the default tag size is secure (16 bits)
Note: port of cr/110497945
Bug: 26231099
Bug: 26234568
Change-Id: I3eef233b15ded9553c3cdfd1c51ffef306276f7d
|
| 691e5c91e4204cc82753d5ecb775ffca75f8a50f |
|
24-Aug-2015 |
Kenny Root <kroot@google.com> |
Cipher: iterate through services first
We were iterating through different ways to express the same Cipher
transform first and then checking each Cipher. Invert the loops so we
check each Service in priority order for the different ways to express
the same transform.
Bug: 23447815
Bug: https://code.google.com/p/android-developer-preview/issues/detail?id=3025
Change-Id: Iee3d5123ce13fa1209c17ff67d4b904ced82a049
|
| 55d681439fb1b3c6ed41ceb1aa9505b718d8b0ff |
|
01-Aug-2015 |
Kenny Root <kroot@google.com> |
CipherTest: add assertions about GCM parameters
Before we were not enforcing that the parameters returned were
GCMParameterSpec or not. This adds a check to make sure that GCM
implementations are doing the right thing.
Bug: 22319986
Change-Id: If5eb1f9624a286b8feb0c303643aca9caac0d807
|
| 484509de8262bb0a56b303016e93f4be1cf0d795 |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add Cipher#init checks
Cipher should check that the chosen CipherSpi actually supports
initalization with the given parameters. If not, it should return the
first exception that it ran into so that the developer can have an idea
of why the initialization failed. This is most likely do to unsupported
key or algorithm parameters.
Collapse some functions into one so it's easier to keep track of the
exception that should be thrown should all else fail. Also since we try
to initialize during the CipherSpi selection, there is no need to
initialize the returned CipherSpi again.
Also remove an instanceof check to be in line with other implementations
that just throw a ClassCastException since we now will try other
providers before falling back to throwing the unchecked exception. This
might actually provide better debug messages for a developer working on
a CipherSpi provider.
(cherry picked from commit f591462f7901011b2bce61c3cbbdc54840e5b4bc)
Bug: 22573249
Change-Id: Ieec97a8f00e9c0c3889520a3ec9f8bc4e514b35a
|
| 45a9e938ee58e79b00ae37233678ef9ab54e0392 |
|
22-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add more Cipher tests
Any provider throwing an unchecked exception should not prevent the next
possibly working provider from having a chance.
(cherry picked from commit f7cae3971c030257c62ebc20e9e5dfd6d734b34c)
Bug: 22573249
Change-Id: If3f508ed3e87de58b39ab380fb298a92fb1b593b
|
| 5423595a40397888d426112b1c6fe7b4fcf24e7a |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add tests for init-time rejection
Cipher should try to to initialize the CipherSpi it selects before
returning it as a successful match. These tests ensure that it is
correct.
(cherry picked from commit 85d1800ec694bb4c2f629073d79520c4a7ad0cc8)
Bug: 22573249
Change-Id: I12ed5021cf85fccb5d04a0904a302f6cd3569c3d
|
| f591462f7901011b2bce61c3cbbdc54840e5b4bc |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add Cipher#init checks
Cipher should check that the chosen CipherSpi actually supports
initalization with the given parameters. If not, it should return the
first exception that it ran into so that the developer can have an idea
of why the initialization failed. This is most likely do to unsupported
key or algorithm parameters.
Collapse some functions into one so it's easier to keep track of the
exception that should be thrown should all else fail. Also since we try
to initialize during the CipherSpi selection, there is no need to
initialize the returned CipherSpi again.
Also remove an instanceof check to be in line with other implementations
that just throw a ClassCastException since we now will try other
providers before falling back to throwing the unchecked exception. This
might actually provide better debug messages for a developer working on
a CipherSpi provider.
Bug: 22573249
Change-Id: Ieec97a8f00e9c0c3889520a3ec9f8bc4e514b35a
|
| f7cae3971c030257c62ebc20e9e5dfd6d734b34c |
|
22-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add more Cipher tests
Any provider throwing an unchecked exception should not prevent the next
possibly working provider from having a chance.
Bug: 22573249
Change-Id: If3f508ed3e87de58b39ab380fb298a92fb1b593b
|
| 85d1800ec694bb4c2f629073d79520c4a7ad0cc8 |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add tests for init-time rejection
Cipher should try to to initialize the CipherSpi it selects before
returning it as a successful match. These tests ensure that it is
correct.
Bug: 22573249
Change-Id: I12ed5021cf85fccb5d04a0904a302f6cd3569c3d
|
| 30bc3f8566f9b089ce02a7a22b51991d896f5524 |
|
09-Jul-2015 |
Sergio Giro <sgiro@google.com> |
javax.crypto.Cipher: try less specific Cipher/Mode/Padding combinations before throwing InvalidKeyException
Also, return saved spi in getSpi instead of recomputing a new one
Bug: 22208820
(cherry picked from commit 8157603ccf1ff124c5bebc8755404a9a825f47d3)
Change-Id: I30a06ef7d9234769b5592a0c7d665c8afa2a8ff8
|
| 8157603ccf1ff124c5bebc8755404a9a825f47d3 |
|
09-Jul-2015 |
Sergio Giro <sgiro@google.com> |
javax.crypto.Cipher: try less specific Cipher/Mode/Padding combinations before throwing InvalidKeyException
Also, return saved spi in getSpi instead of recomputing a new one
Bug: 22208820
Change-Id: Ib52cb6eb104500f73711c15eddfc319cf47dd996
|
| 569564255fa8cb498be9fe07ea5da790b668b54b |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: add tests to check behaviour for padding and decrypt mode
Bug: 19186852
Change-Id: I8c51b309ca98030ab1eda5b2a0201a97a5758072
(cherry-pick from 9f7960cfda26dab222d522c28ca44902d996f3e4)
|
| 642c718a3f3a38f99c41c888c3f4be7a4a75001d |
|
15-May-2015 |
Kenny Root <kroot@google.com> |
Add AES 192 test
Explicitly test AES with 192-bit keys just to be sure there are no
regressions.
Change-Id: I2cc9b36983f9f24c743bcb918a72d704b6949a55
|
| 9f7960cfda26dab222d522c28ca44902d996f3e4 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: add tests to check behaviour for padding and decrypt mode
Bug: 19186852
Change-Id: I206442d45c4cf68363201738ba9d0b035f19c436
|
| 2ae508725e0b6c4dd4c23717bc1625bd745670b6 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: throw InvalidKeyException instead of ProviderException
In java.security javax.crypto and java.security classes with
late binding, when guessing the provider and none of the
available ones supports the specified key
Bug: 18987633
(cherry pick from e38b83dd96281d178b01476b67d354655bf2de62)
Change-Id: I5931046e9044984baf724157138bf3a7c7ef5e90
|
| 304bb76a3e2fbd9990327e5de30da4bb38e57c6e |
|
05-Jun-2015 |
Sergio Giro <sgiro@google.com> |
Revert "libcore: add tests to check behaviour for padding and decrypt mode"
This reverts commit f4b4fffe89c72dd803fa33ac7ae4e5becfff6bc7.
Change-Id: Ie98dd2f73cd948d4289c8485030c4e31e6cf5df9
|
| f4b4fffe89c72dd803fa33ac7ae4e5becfff6bc7 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: add tests to check behaviour for padding and decrypt mode
Bug: 19186852
Change-Id: Ife346931e4ba2c8e3a99e066caee91267b1d138f
|
| e38b83dd96281d178b01476b67d354655bf2de62 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: throw InvalidKeyException instead of ProviderException
In java.security javax.crypto and java.security classes with
late binding, when guessing the provider and none of the
available ones supports the specified key
Bug: 18987633
Change-Id: I2a4d258c8f628e2c40f4cbb060cb8825097bd22a
|
| 28ff51921fd3802ce4cdfbcff11ae27e88ade5df |
|
12-May-2015 |
Kenny Root <kroot@google.com> |
Add tests for AES/GCM/NOPADDING
(cherry picked from commit d5ed0e9c84915f2a93e25a4d152f837a661c4774)
Bug: 21085702
Change-Id: I1a88f6410bb61a885bbb447a6e7b86b011dc8625
|
| 10661d57e20e3074fe526573c39beb3f4e39c2bb |
|
12-May-2015 |
Kenny Root <kroot@google.com> |
Late binding: track differences in RI behavior
Change-Id: If647dcafd656775b7a290c7cc58969e0cb3786ee
|
| d5ed0e9c84915f2a93e25a4d152f837a661c4774 |
|
12-May-2015 |
Kenny Root <kroot@google.com> |
Add tests for AES/GCM/NOPADDING
Change-Id: I1a88f6410bb61a885bbb447a6e7b86b011dc8625
|
| b76ea2456f3d7fd99fa3d42a3ef7e8b6f61f77c5 |
|
29-Apr-2015 |
Kenny Root <kroot@google.com> |
CipherTest: make multiple doFinal calls for RSA/ECB
The OpenSSLCipherRSA wasn't updating its buffer offset. The regular
test_getInstance loop tests this, but since RSA/ECB is 'special' we have
this extra test.
Change-Id: I27819dad1b0bf59ddd1782b722757fe7526db2df
|
| 096551ee9144aeff6449e9cf181e82246df1dd7c |
|
03-Apr-2015 |
Kenny Root <kroot@google.com> |
Update Cipher tests
InvalidAlgorithmParameterException should be thrown when Ciphers are
initialized with null parameters during decrypt or unwrap mode if the
Cipher expects it.
Bug: 19201819
Change-Id: Id2ce1c3c7929769808fcc9a4048a28ec150e3672
|
| 20e310656f03cd83355eae5cd25237f71b80341a |
|
13-Mar-2015 |
Kenny Root <kroot@google.com> |
Late binding: specified Provider forces its use
If a Provider is specified in a call to Signature#getInstance,
Cipher#getInstance, KeyAgreement#getInstance, or Mac#getInstance,
it should return that provider no matter if the properties on that
provider say it should support it.
Bug: 19730263
Change-Id: I56045e4cb470a0e1aa0e108a443e04043467c475
|
| b8211a7b902b559da234264f5fa1fcf09677f54b |
|
22-Jan-2015 |
Alex Klyubin <klyubin@google.com> |
Make Cipher.update return null for empty input.
Cipher.update(byte[], int, int inputLen) is supposed to return null
when inputLen is zero. This CL makes it so. Prior to this CL, this
method returned an empty byte array.
Bug: 19100173
Change-Id: I5698f11f76a17dd8fc2509be5d8ec9369a888eaf
|
| 9694c034814cf19484eeba703cec650227cba0ec |
|
15-Jul-2014 |
Kenny Root <kroot@google.com> |
CipherTest: check multiple calls to doFinal work
In existing implementations of JSSE Cipher providers, calling "doFinal"
resets the cipher to the state it was at when "init" was called. Note
that this is dangerous to do, but it appears some people do it.
(cherry picked from commit 5eea67dda648cec5ce6239ae64659d8cff0a15c0)
Bug: 16298401
Bug: http://code.google.com/p/android/issues/detail?id=73339
Change-Id: I32e26fde660dc7c50fdac0d74d5d97801f1da9f9
|
| 5eea67dda648cec5ce6239ae64659d8cff0a15c0 |
|
15-Jul-2014 |
Kenny Root <kroot@google.com> |
CipherTest: check multiple calls to doFinal work
In existing implementations of JSSE Cipher providers, calling "doFinal"
resets the cipher to the state it was at when "init" was called. Note
that this is dangerous to do, but it appears some people do it.
Bug: 16298401
Bug: http://code.google.com/p/android/issues/detail?id=73339
Change-Id: I32e26fde660dc7c50fdac0d74d5d97801f1da9f9
|
| beff0f1375b635c692d48190aa69a06986b5111f |
|
06-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: reinitializing causes selection
The Sun PKCS#11 document says that calling initialization with different
keys causes a new provider and service will be chosen. Currently the RI
fails these tests, but it seems like the correct thing to do.
Change-Id: Ie40d8ef5f0996477e157ffbc0d9f145448df3df1
|
| 07c8c69f59b60684fe07b003b3462e8d9687f422 |
|
06-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: fix refactor mistake in Cipher
Refactoring led to the tool changing "continue;" into "return sap;"
which will give you an invalid configuration.
Change-Id: I4b1a3b3fc9ffdf489739b4a1ef65276ca021f1f6
|
| 3ed78a8925825daccdba23fda1f69cbb3aa77a24 |
|
05-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: supplied Provider should be used
If a program supplies a Provider object, it should be used instead of
looking at the registered providers.
Bug: 12890254
Change-Id: Ia4d1ac88a1ed20ab6ad6a11d2d5f53ee51310544
|
| 9f48b7f4185c06c3f4a1f95bda68a9cbe59b2c61 |
|
01-Feb-2014 |
Alex Klyubin <klyubin@google.com> |
Assert PKCS#7 padding supported for AES and 3DES.
This tests that PKCS#7 padding for all Cipher transformations which
currently support PKCS#5 padding.
PKCS#5 padding is a special case of PKCS#7 padding. PKCS#5 padding
is defined specifically for 64 bit long blocks. However, lots of code
assumes that PKCS#5 for other block sizes works exactly like PKCS#7,
and thus uses PKCS#5 padding where PKCS#7 should actually be used
(e.g., with AES). Thus, we assert the assumption that PKCS#7 padding
works exactly like PKCS#5 padding.
Change-Id: I0ca8a952c67bc7aff172e22bd730378d41438067
|
| 85dab151e734557d356fb45c45cf7d4548dd6fdc |
|
30-Sep-2013 |
Kenny Root <kroot@google.com> |
Late binding: add support to Cipher
This enables late binding support for Cipher algorithms. It will now pay
attention to SupportedKeyClasses and SupportedKeyFormats after the
Cipher#init(...) is called on the instance instead of selecting the
provider when Cipher#getInstance(...) creates the instance.
Change-Id: I27802f1f8b96d81dd2a269741d080dbe68232c9f
|
| 0e5952d5638069e38218abf9136de8c4d3b60d95 |
|
13-Dec-2013 |
Kenny Root <kroot@google.com> |
CipherTest: add support for GCM cipher
Change-Id: I4b5a5123977a1df152f097e2c7ed86cf7dbcfe9e
|
| 8f6f41324523bd8a1d2d687cd70c023753aae024 |
|
10-Dec-2013 |
Kenny Root <kroot@google.com> |
CipherTest: Move jurisdiction check lower
The jurisdiction policy check was being run too early and it was failing
with a NullPointerException because the static field it was reading
hadn't been initialized yet.
Change-Id: I92d1e010052df03ef1c38996ae74080d5607e681
|
| dbeeeb9fa5a9bb81134803d202cce5e7c66559af |
|
22-Nov-2013 |
Kenny Root <kroot@google.com> |
CipherTest: add tests for null parameters in init
Bug: https://code.google.com/p/android/issues/detail?id=62640
Change-Id: I86ae6603a6492e8f66c1ce5782c1d0483e4a491b
|
| 96b54bb1fad5cf63473f99a4155ce888f4f85d7e |
|
30-Sep-2013 |
Kenny Root <kroot@google.com> |
Remove unsupported Cipher modes
OpenSSL silently ignores the padding modes when specified for stream
ciphers, but apparently Java does not.
Change-Id: Icd92122d63b3b8e99d704e8193414dda5057146d
|
| e884f65168ea49f85d15a4d7d810904a33a1a22e |
|
10-Sep-2013 |
Kenny Root <kroot@google.com> |
Return IvParameters in OpenSSLCipher#getParameters
The getParameters() call was unimplemented in the OpenSSLCipher as an
oversight. Add it so code relying on it will continue to work.
Additionally add tests for getIV() and getParameters() to make sure they
work correctly.
(cherry picked from commit 8d59a14a150738b8b3a2a8c31d1a48b8ae0a3d0c)
Bug: 10423926
Change-Id: I6bc7fc540509242dff9e5411f66f82be54691cb4
|
| 8d59a14a150738b8b3a2a8c31d1a48b8ae0a3d0c |
|
10-Sep-2013 |
Kenny Root <kroot@google.com> |
Return IvParameters in OpenSSLCipher#getParameters
The getParameters() call was unimplemented in the OpenSSLCipher as an
oversight. Add it so code relying on it will continue to work.
Additionally add tests for getIV() and getParameters() to make sure they
work correctly.
Bug: 10423926
Change-Id: Ie42007b15c080aab4040375f2d9c40b9d82c4f0c
|
| df622e97f428295cbb19c8bd04433d8febb6d8b3 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes
Bug: 9095447
Change-Id: Ieba76865c4da4260949391389611dfd09bc5e326
|
| bb04d369aed3de1a93907b8fab6f3a9837135257 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
Flip sense of negative isUnsupported* methods
Change-Id: I024a72ec535978dc3a009d6433f6a65133feb3b8
|
| e9e7f036545d04e441e2aa8bcae4ba1024c86e97 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes
Bug: 9095447
(cherry picked from commit 1eba66d802f4edfaa3ca599f196e282bc110eff9)
Change-Id: I6709eebcbede0ba617462bf49dd858f98246555f
|
| 1eba66d802f4edfaa3ca599f196e282bc110eff9 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes
Bug: 9095447
Change-Id: Ieba76865c4da4260949391389611dfd09bc5e326
|
| d416195acbc08f2b3bdd5d5532d40438465d99e9 |
|
13-May-2013 |
Kenny Root <kroot@google.com> |
Add classes for AEAD encryption
New classes in Java 7 for Authenicated Encryption with Additional Data
(AEAD). This allows the use of encryption modes such as Galois/Counter
Mode with performs the equivalent of MAC and encryption simultaneously
and consequently makes encryption safer to use for implementors.
Change-Id: I6302826b096044ade5f62a667dc240e3ab07b351
|
| 4f63b6d2b5c082f88ef731186902c0229dda474f |
|
29-Jan-2013 |
Brian Carlstrom <bdc@google.com> |
Remove BouncyCastle exclusion of PBE ciphers from wrapping tests
Bug: https://code.google.com/p/android/issues/detail?id=41405
Change-Id: Ie5942f4ef1d872a75d89c58ea0fd85f69c63d0cf
|
| edefa57a822c27f3e9def050fd50e375c5908551 |
|
02-Oct-2012 |
Kenny Root <kroot@google.com> |
OpenSSLCipher: add ARC4 support
Change-Id: Iccdd76260af1afab0855816b3ccdd34fbc52295b
|
| 46d6243e9e39a2b68b985bfd534cc891e52df274 |
|
09-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Change OpenSSLCipherRSA.{engineGetBlockSize,engineGetOutputSize} to return result based on key size
Includes cherry-pick of 847f22adbd0e829b84491d7202dcbed5bf67a98c
Bug: 7192453
Change-Id: Ib5fa1e313d942d2c1034e8e7831af285ad24d71d
|
| 72e44404c32a98e7675a6e7cfbf856adb499a434 |
|
09-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Change OpenSSLCipherRSA.{engineGetBlockSize,engineGetOutputSize} to return result based on key size
Includes cherry-pick of 847f22adbd0e829b84491d7202dcbed5bf67a98c
Bug: 7192453
Change-Id: Ib5fa1e313d942d2c1034e8e7831af285ad24d71d
|
| fac659c013ec9c2783f60afce39e83eb107f117d |
|
04-Oct-2012 |
Kenny Root <kroot@google.com> |
OpenSSLCipher: don't explode during null decrypt
Other Cipher implementations return "null" when calling "doFinal()"
during decrypt mode without having ever called .update(...)
Change OpenSSLCipher to do the same.
Change-Id: I76e22702a446912df125af0ff518fb123d62f5a3
|
| 13cf08b2f06e1f5f0278c449072898f5e147db49 |
|
24-Sep-2012 |
Kenny Root <kroot@google.com> |
Add Cipher support for AES through OpenSSL
Timings using encrypt with 256-bit key in CTR mode and PKCS5Padding:
implementation inputSize us linear runtime
OpenSSL 16 11.4 =
OpenSSL 32 12.1 =
OpenSSL 64 13.2 =
OpenSSL 128 15.1 =
OpenSSL 1024 44.0 =
OpenSSL 8192 275.0 ===
BouncyCastle 16 11.5 =
BouncyCastle 32 15.9 =
BouncyCastle 64 24.6 =
BouncyCastle 128 41.5 =
BouncyCastle 1024 277.2 ===
BouncyCastle 8192 2196.9 ==============================
Change-Id: I4aa6e3a2ca2b368fab2c602733b4f97e740d04fd
|
| 2f3704e69938b1cecbd6bc97f1247ec5f3ad03d2 |
|
02-Oct-2012 |
Kenny Root <kroot@google.com> |
Test key wrapping for all Ciphers
Change-Id: I1320f30602e17b730feae5676e34b1550f8eb8b8
|
| 6c9924b028850b824e6742bb72ed5406242fdeb4 |
|
01-Oct-2012 |
Kenny Root <kroot@google.com> |
More testing of Cipher .doFinal variants
Change-Id: I5f94eac56da177de5d395277f246263af32c67c3
|
| 847f22adbd0e829b84491d7202dcbed5bf67a98c |
|
28-Sep-2012 |
Kenny Root <kroot@google.com> |
Add more CipherTest tests
Change-Id: I29f55e41335021945029e410d4e51e2c8f564285
|
| 0a156e0126e8015f2791e9a7dd48bbdaeae0c335 |
|
12-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding
Summary:
- Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding
Added NativeCrypto.RSA_private_decrypt and NativeCrypto.RSA_public_encrypt
- Changed OpenSSLSignatureRawRSA to use new Cipher.RSA/None/PKCS1Padding
Removed now obsoleted NativeCrypto APIs for
RSA_padding_add_PKCS1_type_1 and RSA_padding_check_PKCS1_type_1
- added wrap/unwrap support OpenSSLCipherRSA
Needed for SSLEngine (and fallback SSLSocket implementation)
which are now picking up the new Cipher.RSA/None/PKCS1Padding
- expanded CipherTest to sanity test all algorithms and PKCS1 padding
Change-Id: I03566cc86ffce07d44d5e0094fa82c9c24587c26
|
| d762af619aa85042c08553425a4ca4ef7900d45a |
|
10-Aug-2012 |
Kenny Root <kroot@google.com> |
Fix OpenSSLCipherRawRSA doFinal array copy
System.arraycopy was pointing the wrong way making calls to doFinal()
with offset markers get zeroed output instead of the actual output.
Also fix tests that checked RSA cipher behavior to match RI.
Bug: 6951038
Change-Id: Ife84c177a2c06a2c27b98df9960cbd3c4b62d984
|
| c5ddc93173f32383ab456c0a24739e7cb2d19c42 |
|
02-Aug-2012 |
Kenny Root <kroot@google.com> |
Add raw RSA Cipher to OpenSSLProvider
Recent changes in the way that Android Keystore (accessed via KeyChain)
necessitate all key operations be done with a provider that understands
the new OpenSSLKey object.
This adds Cipher support for the RSA algorithm in "RSA/ECB/NoPadding"
and "RSA/None/NoPadding" modes.
Change-Id: I98a8eaf3514763a863b2751bba999fbd48609c96
|
| 101547d4a82ba21031dc7cb62018720dbd493758 |
|
01-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Refactoring to add a builder for TestKeyStore.
Change-Id: I346aea42a27042512f4ed97690f1e0ca1755257c
|
| 0ac85ead96f1ba7d35f3acadd154de4ef0a8fd87 |
|
25-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Tracking jarjar of org.bouncycastle to com.android.org.bouncycastle
Bug: 3086427
Change-Id: I026f80bfa5e963a8e988ecd6f91c9732a4afc70c
|
| 0d5c7588179fb373da70ce04362be5ce74a98eb4 |
|
24-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Cipher.init incorrectly implements RFC 3280 key usage validation
Issue: http://code.google.com/p/android/issues/detail?id=12955
Bug: 3381582
Change-Id: Ida63c1356634c8e287ce5b0234418a656dffedf0
|