612fe850c7bddf92fbb7869412774dd525ada8b9 |
|
19-Feb-2018 |
Adam Vartanian <flooey@google.com> |
Remove crypto tests that have been moved to Conscrypt. The latest sync of Conscrypt includes external copies of many of the crypto tests in libcore, so delete the copies of those tests in libcore as they're now redundant. The test cases left in CipherTest are only those that test the behavior of the library classes themselves or the provider infrastructure in Android, rather than the behavior of the security provider that provides the implementation. Bug: 65476203 Test: cts -m CtsLibcoreTestCases Change-Id: I0cfd83b3dabd536158bddd4e02a4cf709aa212ea
|
2aae1836b48cace41d55766a9966e94c44c3538f |
|
05-Feb-2018 |
Adam Vartanian <flooey@google.com> |
Clean up a couple test oddities. Some internal changes exposed existing problems in our tests. CipherTest's test_getInstance was needlessly case-sensitive. Algorithm names are case insensitive, so normalize them before using them in sets in the test. KeyGeneratorTest and SecretKeyFactoryTest both had a problem where the first test was a failing test, which meant that the provider infrastructure cycled through all the available providers trying to find one that wouldn't fail and then locked into the least-preferred provider, so we were testing the wrong thing. Instead, lock in the preferred provider (by calling getProvider()) before running any of the tests, so we know we're testing the provider we intend to test. Bug: 72860937 Test: cts -m CtsLibcoreTestCases Change-Id: I98bcc5b34655eec9bdb4423c7739ba5ebd1d6f1d
|
9da28e1cd4cdce2e6ee2ece3b0fbd5f20e5e6eda |
|
03-Nov-2017 |
Adam Vartanian <flooey@google.com> |
Update tests for Conscrypt upstream merge. For the most part, this is just adjusting tests to account for the fact that "ChaCha20" now refers to the plain stream cipher instead of ChaCha20+Poly1305. Test: cts -m CtsLibcoreTestCases Change-Id: I5976027811c58910952a186f3580a3f5e561407d
|
12442ce0398b6ca0917462d33709f15c68f7e095 |
|
16-Oct-2017 |
Adam Vartanian <flooey@google.com> |
Update tests for Conscrypt upstream merge. Adds basic compliance tests for ChaCha20/Poly1305/NoPadding. Adds test that AES/GCM/NoPadding can be initialized with GCM AlgorithmParameters. Adds reuse test for ChaCha20/Poly1305/NoPadding. Updates StandardNames for new names. Updates SSLSocketTest for changed Conscrypt implementation details. Test: cts -m CtsLibcoreTestCases Change-Id: I608e4bbcced678fdfac8b28d500f7fa8b4599319
|
491d88834d8af35b9701f92d972212d873dbb6a0 |
|
10-Oct-2017 |
Adam Vartanian <flooey@google.com> |
Deprecate BC implementations of duplicated algorithms The first step in deprecating the BC implementations of algorithms that are also provided by Conscrypt. This checks whether the app's target API level is greater than a given threshold (currently O, but subject to change later) and disallows access to those algorithms when true. This limit only applies to requests from the system-created BC provider. Apps can install their own provider, in which case they get the implementations they requested. This doesn't yet implement the deprecation for Cipher instances, since the transformation scheme makes that more complicated. The ultimate removal of these algorithms, once a sufficient deprecation period has elapsed, is tracked in b/67761667. Bug: 67626877 Test: cts -m CtsLibcoreTestCases Test: cts -m CtsLibcoreOkHttpTestCases Test: cts -m CtsLibcoreWycheproofBCTestCases Test: cts -m CtsLibcoreWycheproofConscryptTestCases Change-Id: I48f07226e66873a65859121af32028c1547952ac
|
f847cef7da2ab69e3564ed14634a6dd5c55fae9e |
|
22-Jun-2017 |
Adam Vartanian <flooey@google.com> |
Use decryption keys on decryption tests in CipherTest Previously the test was using the encryption key for a decryption test, which is just incorrect, and will fail when we start disallowing decryption with public keys in RSA with OAEP. Also factor the decryption key out into a variable to match how the encryption key is handled. Test: cts -m CtsLibcoreTestCases -t libcore.javax.crypto.CipherTest Change-Id: I852ac1b45e8ed891ff35e81902cec6284c037e2e
|
db1b29ca91ffbc0caef2c500a813e0d5602407f8 |
|
14-Feb-2017 |
Adam Vartanian <flooey@google.com> |
Small test improvements Display the failing algorithm in testAES_keyConstrained. Sort the set of Services when dumping them, so they're nicely organized in the debug output. Test: run cts -m CtsLibcoreTestCases -t libcore.java.security.ProviderTest Test: run cts -m CtsLibcoreTestCases -t libcore.javax.crypto.CipherTest Change-Id: I646947992bb22407ea5736fcfcbba4494d02422b
|
b0df0026050040d958865fcbd4cfc7d3c0b5ae12 |
|
10-Feb-2017 |
Kenny Root <kroot@google.com> |
Update class reference in CipherTest TODO This was pointing to an unused class in Bouncycastle. Update it to point to the newer class for future fixers. Test: mmma -j32 libcore Change-Id: Ia519b1b2c0f113a0b3721df49bf4287e804c527a
|
385c0d328cd6925efd4d2c985f412166e78ced3c |
|
08-Feb-2017 |
Adam Vartanian <flooey@google.com> |
Conscrypt: Add key-constrained versions of AES algorithms. Bug: 29631070 Test: run cts -m CtsLibcoreTestCases Change-Id: I7174ec7f6c598d46dce1935385c723b96907d9d1
|
78db2321a32116ceccf679cc9075993a60901b6d |
|
17-Nov-2016 |
Kenny Root <kroot@google.com> |
CipherTest: assert getParameters output is correct When RSA/ECB/OAEPPadding was added to Conscrypt, the engineGetParameters method was not implemented. In order to avoid any regressions like this in the future add logic to check that the AlgorithmParameters returned are correct. Additionally make sure all the code paths that check this are using the same method. Add logic to check that OAEPParameterSpec instances are equivalent and use that in this new test. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I3f5309f55f213c6b8ea551ac61d07893e0d0bfab
|
ecb120c781a7a92bce67411ed3a4a7faff34d149 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
DO NOT MERGE Assert that DESede/CBC/PKCS5Padding Cipher works as expected (cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402) Bug: 31081987 Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
efb5f5b2b9630c8441114d3a75600b7297669737 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
DO NOT MERGE Assert that DESede/CBC/PKCS5Padding Cipher works as expected (cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402) Bug: 31081987 Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
743c1704cf39d5ca9e69bfe4522e6afc10899750 |
|
07-Oct-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add tests for RSA OAEP with labels The OAEP spec allows you to specify a label L for indicating what the key should be used for, etc. This is represented here as a PSource.PSpecified instance. Add a couple tests for these to make sure they're functioning correctly. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I440c55cdbbe6c59b4a41d538cc4b81f186450917
|
9d662376ede4cbb5466c9b78158a0c7940e879b0 |
|
06-Oct-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add block and output size for OAEP This asserts the block and output sizes for Cipher.RSA/ECB/OAEPPadding and the specific message digest modes are correct. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I39c11f337bd4d618af9cc9f8d075990d68e50077
|
8fe7fe2365c2b3ea5f70d4073df0640f637569dc |
|
06-Oct-2016 |
Kenny Root <kroot@google.com> |
CipherTest: fix miswording and expectation of zero-length ops After reviewing this it appears that the expectations of BC are correct when trying to decrypt empty buffers with OAEP. This can't be correct, so BC is not wrong here. However, BC does have a bug when trying to decrypt a ciphertext that decrypts to a zero-length plaintext buffer. Fix the wording of the comment to make this clearer. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I4122e2a303e3b610c201e609790389fe62a0df28
|
c676c82633a6cff70bfcf3c29635bcdf7e27333f |
|
26-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: templatize OAEP tests OAEP tests can be specified by using "OAEPPadding" or "OAEPWith{hash}and{mgf}Padding", so make a helper function that creates test cases for both. Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I80710d864fb60b02dcaf1c39dab493bcf2d7b7e4
|
f989a50275a83ed85a49e19b962d08c34ae42fcc |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add RSA OAEP tests This adds test vectors for various modes of RSA OAEP. They were all generated with OpenSSL on the command line as noted in the comments above each. Bouncycastle has a bug where it can't decrypt an empty ciphertext in OAEP mode, so note that in the tests. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: Ibda2d17cc8342008485422196bf0779a9d2469c0
|
fda531dba8ccac56cacee057ea5d0ac9eff253b1 |
|
23-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: log more information on failure If an assertion failed, we need to catch it with Throwable. Also change one code path to make it go through the logging code so we can annotate the failures with which CipherTestParams we were using when the failure occured. Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I9e66c490c0bbdeca1b64534b782b5303b465877c
|
183a56daa817978687ce0f7b4859dc1fe79a3668 |
|
23-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: test providers that don't use full transform name Some providers such as Bouncycastle list their Cipher implementations without mode or padding specified, so we should test those providers as well. Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I79c59db637d7b7bfae4b1c1cb78be72490384e1d
|
6a7463d8706a737dfbca1bbc2159dc6911a58785 |
|
19-Jul-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: in ASN1 encoding for GCM, no value for tag size means 12 Cherry picking to this branch because of b/31637724 (cherry picked from commit d3204de83ff89519bd2f7c5b3260e508936d58d2) Bug: 26231099 Bug: 26234568 Bug: 29876633 Bug: 31637724 Change-Id: I7d194de82506cf3da4dbb0b2cc67b72f3623abe7
|
02fa18e3caefb812a3611bffbc32f8589c717d42 |
|
23-Sep-2016 |
Kenny Root <kroot@google.com> |
GCM ciphers should not allow key and nonce re-use Re-using a key and IV combination with different data leaks the key in GCM mode, so we should get IllegalStateException when trying to do this. Change the tests to make sure we don't try to do this for GCM ciphers and make sure that there is a test that makes sure this behavior is enforced. Test: make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Bug: 30231101 Change-Id: I161665d5bded10092b6028d1cde5ad9c712b2cc0
|
dfb337d6f7040e490763a30eba1d5b3b5bb71d2d |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: do not test known ciphertext for randomized algorithms Randomized algorithms will by their nature output different outputs each time the same message is encrypted. Do not test that the known answer is reached for these algorithms. Later in the test that known ciphertext will be decrypted to make sure the correct plaintext is produced as well as a loop-back test with a newly created ciphertext. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I790e3f9822c12b7f2c6615f5dda503154cd870bd
|
6aaf31e80827682f3c5f2d38507dcc94cc39bf8d |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: specify AlgorithmParameterSpec instead of IV Remove the knowledge of how to construct AlgorithmParameterSpec for each algorithm type from the test and simply put it in the test parameters instead. This will allow us to test known answers from various more AlgorithmParameterSpec types and RSA OAEP in the future. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I3ef08052b4b96ef3099309c76fdb3e7e1a977fea
|
24548c72e07a11d9fdd46e9ecf72535fa7819c71 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: key generation failure is AssertionError We cannot continue the test without these keys being generated correctly and upcoming tests will need them generated in the static blocks, so change the getEncryptKey and getDecryptKey methods to throw AssertionError on any exception during key generation. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I3568b44c011973efe76a2bf1ebba3d23c1f3745e
|
babf8a9c7b07838bce7ae1d38dd5567aff454fff |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add new CipherTestParam ctor that takes both keys This will allow us to use independent encrypt and decrypt keys later. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I8f6d80b787817f8e66b1e64d1f7ffad888ef0072
|
113ad9302321c1eb3dd98aad6745d5257d130db8 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: distinguish between encrypt and decrypt keys Block ciphers typically have the same SecretKeySpec for both encryption and decryption. However, in order to add tests of RSA encipherment there must be a distinction between encryption and decryption keys. Add this distinction in the tests but leave the existing CipherTestParam construction the same for now. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: Ib18947420fe53aa61f80a05f81bb8ea9d6fa9ed1
|
9d64332210a6cfbac99850972ccd0650250d3dcc |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: factor out common log code The test failure code was printing the same thing in several places, so factor it out into its own method so it can be easily expanded later when more debugging is needed. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: If389a06e22500c703a9ee7b7619da35a348f5732
|
f867abec6a729cb2540ebd8797fa7822549fae04 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: Remove unused AES_MODES This was added in 72e44404c32a98e7675a6e7cfbf856adb499a434 but never used. Remove it since the various modes are tested by testCipher_Success anyway. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: Idb4d492d7dda5bbd6edf6013d204420692ad97bd
|
e62244cb4d9f5e729013897ed7b09e86aeea0481 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: remove unused pubKey variable Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: Ia479b71e00843d3734997a5998e073b7b0b112f1
|
935389a7c2c6da3280e71c20f11c5ebefed5f4d8 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: remove the now-unused keyAlgorithm field Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I763706be28ba1f74795e5568cbbece63f8f21e68
|
e5d11d4cf1593e245b2ac8c5871d358118171b3b |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: use SecretKeySpec instead of byte[] Use a SecretKeySpec to provide a bit more type safety in the tests. We can use a Key instead of a byte[] now! Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I1e806a47d2b65a90fa33b2b84aa61265c30e7507
|
9214be83307f2baeea28be8a94640c70a23a90ec |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: replace repeated key public construction There already exists a method that would get the correct key, so just call that instead of repeating the same lines over and over. Many methods also labelled the PublicKey variable incorrectly so take the opportunity to fix that as well. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I1908352f12d3f56a2ed02d6ddc0a13f526efb0d6
|
dcdeeb996aa34f2c8d3a715e4ea7c75719b231e5 |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: replace repeated key construction There already exists a method that would get the correct key, so just call that instead of repeating the same lines over and over. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I3a5f8fd1a6d051727d1b1794798c4e067b77ba75
|
59fdf81a1c024537b721a43dd1968b261b262f5c |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add missing RSA private key parameters This key was partially present in the file, but apparently unused. Convert the existing RSAPrivateKey construction to RSAPrivateCrtKey to speed up the tests a bit. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I8e7b25a408399b2c99c4d70f57b039d1f274fc37
|
5a98502a319d44db70d744c7c38e10fb6dbca4aa |
|
19-Sep-2016 |
Kenny Root <kroot@google.com> |
CipherTest: fix RSA encrypt and decrypt meaning The getEncryptKey and getDecryptKey methods should be for returning normal enciphering and deciphering keys respectively. RSA keys can be used for two different purposes as outlined by PKCS 1 and are called "block types." The block type 1 is used for generating signatures. A signature is created by preparing a block type 1 plaintext then using the PrivateKey to "decrypt." Then later on anyone can verify the signature by using the matching PublicKey to "encrypt" and get the PKCS 1 formatted plaintext back. The block type 2 is used for enciphering a message to a recipient. The PublicKey is used to encrypt the message and later on only those possessing the PrivateKey can decrypt and read the plaintext. Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Change-Id: I8c3aabe96c45a738a7929e7424efbbad3f0047b2
|
27aea9ef640e15acfe8bf5e2517eb26e4967f4f0 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
Assert that DESede/CBC/PKCS5Padding Cipher works as expected (cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402) Bug: 31081987 Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
44042892447828cbb166029d95a70e07ee58f3c8 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
Assert that DESede/CBC/PKCS5Padding Cipher works as expected (cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402) Bug: 31081987 Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
03a4971151bd9ea084cf813e6f8498472569da2f |
|
19-Jul-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: in ASN1 encoding for GCM, no value for tag size means 12 (cherry picked from commit d3204de83ff89519bd2f7c5b3260e508936d58d2) Bug: 26231099 Bug: 26234568 Bug: 29876633 Change-Id: I7d194de82506cf3da4dbb0b2cc67b72f3623abe7
|
d4b7449574ca69c713a3f2230cb77c68ee642700 |
|
06-Sep-2016 |
Tobias Thierer <tobiast@google.com> |
Fix 58 libcore tests that caught "expected" Exceptions but didn't fail() There were no changes to code under test. 4 tests were fixed to not tolerate an Exception: - libcore.java.util.CollectionsTest#test_CheckedMap_computeIfAbsent In the case where a Map key is present, computeIfAbsent() should not invoke the Function, so there is no return value that could be expected to undergo a type check. The test was changed to verify that the Function is not invoked. - libcore.java.util.concurrent.CopyOnWriteArrayListTest#test_sort and libcore.java.util.concurrent.CopyOnWriteArrayListTest#test_subList_sort were sorting an already-sorted non-null list that contains no null values. That logic was redundant and wouldn't have thrown. - org.apache.harmony.security.tests.java.security.KeyStoreSpiTest#test_engineEntryInstanceOf (the KeyStoreSpi documentation does not mention whether NPE is thrown; the implementation comes from upstream and does not throw it). 54 tests were fixed by adding the missing fail(); No attempt was made to make this failure message specific to the exception that was expected. Tests that weren't changed: - SSLEngineTest.test_wrap_ByteBuffer_ByteBuffer_04() requires investigation to determine the correct resolution. A comment was added to the test linking to the corresponding bug. - ThreadTest#testParkUntilWithUnderflowValue() and OldNodeChangeEventTest.waitForEvent() were not touched since it was not clear whether that it was relevent to the test whether or not the exception was thrown. - two cases in Files2Test#test_setPosixFilePermissions_NPE() are left to a future CL Test: (croot; make vogar core-tests) \ && git diff aosp/master --name-only | xargs vogar `cparg core-tests` Change-Id: I1cd3220a06e331ff049b146b393f78879f07211a
|
f1d1149c79d01585a5241a814b72cdcdf179ba66 |
|
26-Aug-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: add known answer tests for ARC4 Test: vogar CipherTest Change-Id: Ie347062367870daf59bb40e1a57c7bb1856b2e63
|
d26b520451b3b2a1032128f5ff2491891b6e855b |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
Assert that DESede/CBC/PKCS5Padding Cipher works as expected Bug: 31081987 (cherry picked from commit c3f66fe5fd385ec922f13e96977bd5348fcf2402) Change-Id: I77e01eb28d0504f85432fdeefb25abd6732c997f
|
c3f66fe5fd385ec922f13e96977bd5348fcf2402 |
|
25-Aug-2016 |
Alex Klyubin <klyubin@google.com> |
Assert that DESede/CBC/PKCS5Padding Cipher works as expected Bug: 31081987 Change-Id: I1a31903e884835b86fccbecfcbd33af683312d0d
|
d3204de83ff89519bd2f7c5b3260e508936d58d2 |
|
19-Jul-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: in ASN1 encoding for GCM, no value for tag size means 12 Bug: 26231099 Bug: 26234568 Bug: 29876633 Change-Id: I44c0c68f1e92caf6547c9e3b494ec5b82b8cff5f
|
dbb107c98fde3cf45740a6aa240c7ab3ee391dd9 |
|
06-Jun-2016 |
Sergio Giro <sgiro@google.com> |
Cipher: always select a SPI in init according to the parameters Behaviour before this CL was to avoid selecting a SPI if there was a previously selected one. That is an incompatibility wrt M. This CL makes Cipher compatible with the M behaviour (cherry picked from commit 264d21f1e86e7ec7976fc5346c21a8e17d8635b1) Bug: 29038928 Change-Id: Iad68ec2c1eca99c4e98f5179429498cff9b42c36
|
264d21f1e86e7ec7976fc5346c21a8e17d8635b1 |
|
06-Jun-2016 |
Sergio Giro <sgiro@google.com> |
Cipher: always select a SPI in init according to the parameters Behaviour before this CL was to avoid selecting a SPI if there was a previously selected one. That is an incompatibility wrt M. This CL makes Cipher compatible with the M behaviour Bug: 29038928 Change-Id: Ie5ddf17e25344d41dc45f0c6df6effbca7dc7021
|
f8a8250a9c3bdd0a81b7d5cc40190bb3758be2b5 |
|
11-May-2016 |
Tobias Thierer <tobiast@google.com> |
CipherTest: cover additional cases that should throw IllegalStateException. The new logic tests that the following Cipher methods throws IllegalStateException when the Cipher instance has been initialized to any mode other than the following: - update(), final(): only ENCRYPT_MODE or DECRYPT_MODE allowed - wrap(): only WRAP allowed - unwrap: only UNWRAP allowed Tested: - tested that each one of the new test methods failed after I I deliberated broke the Cipher implementation to not throw in these cases. (No other tests broke, i.e. this behavior was previously not tested by this Test class nor any of the other two CipherTest.java that I ran). - tested that the test passes after I reverted my breaking changes to Cipher.java Command used to test: vogar --classpath \ out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes.jack \ --classpath \ ./out/target/common/obj/APPS/CtsKeystoreTestCases_intermediates/classes.jack \ --classpath \ ./out/target/common/obj/JAVA_LIBRARIES/android.test.runner_intermediates/classes.jack \ libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java Bug: 21696383 Change-Id: I4c8fed3cc436d1dfbfd56495bc9232cbb6156dd7
|
d7d813b3816520b1cf55fc5cfca680fa66c727a1 |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
DO NOT MERGE CipherTest: add test for multiple updateAAD calls Make sure that multiple updateAAD calls are equivalent to other calls to updateAAD with the same data. (cherry picked from commit 67ee3c5c2dad218e497035de5100e9036d140fdd) Bug: 27371173 Change-Id: Ie69df0906438ad26c566daed3f55b07ba60fe468
|
ee76ab4a1cc0853f499105f216b31fb43214f467 |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
DO NOT MERGE CipherTest: test instance reuse with updateAAD AAD was not being reset on each Cipher init or doFinal call, so add regression tests to make sure that is now the case. (cherry picked from commit d90a44bf4956d335e2a876015cf258dc46e226ea) Bug: 27324690 Change-Id: I5f7606efb6dfcd412166eed2bd5f417097a97f1f
|
bf6ca8645a96a4203ac6c1c0ec097cc42e6745ef |
|
04-Apr-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: add tests checking the behaviour of BCPBE keys without IV and PKCS12 (cherry picked from commit 30382b914b7971c345f6d8695ce0f050aaffc391) Bug: 27224566 Bug: 27994930 Bug: 27995180 Change-Id: I57f0bdfc2b354a748dc6f78aaf01ed557732644d
|
30382b914b7971c345f6d8695ce0f050aaffc391 |
|
04-Apr-2016 |
Sergio Giro <sgiro@google.com> |
CipherTest: add tests checking the behaviour of BCPBE keys without IV and PKCS12 Bug: 27224566 Bug: 27994930 Bug: 27995180 Change-Id: I4d8dd44e7390199fc60797f9bd2c56174d8dfcba
|
7400234a36de7a95dbdb409de53bb867a70cf6ea |
|
17-Mar-2016 |
Kenny Root <kroot@google.com> |
Test more updateAAD variations Test splitting updateAAD across multiple invocations. Bug: 27696681 Bug: 27324690 Change-Id: I9a73dbd1343080bb03e3913c7a2827b83dcfc986
|
3af0f3482f512eda3613aa2a759a8491a4fe0539 |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add test for multiple updateAAD calls Make sure that multiple updateAAD calls are equivalent to other calls to updateAAD with the same data. (cherry picked from commit 67ee3c5c2dad218e497035de5100e9036d140fdd) Bug: 27371173 Change-Id: Ie69df0906438ad26c566daed3f55b07ba60fe468
|
bbf5070f97962bd95c7cb081fae996d200032522 |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
CipherTest: test instance reuse with updateAAD AAD was not being reset on each Cipher init or doFinal call, so add regression tests to make sure that is now the case. (cherry picked from commit d90a44bf4956d335e2a876015cf258dc46e226ea) Bug: 27324690 Change-Id: I5f7606efb6dfcd412166eed2bd5f417097a97f1f
|
67ee3c5c2dad218e497035de5100e9036d140fdd |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
CipherTest: add test for multiple updateAAD calls Make sure that multiple updateAAD calls are equivalent to other calls to updateAAD with the same data. Bug: 27371173 Change-Id: Ie69df0906438ad26c566daed3f55b07ba60fe468
|
d90a44bf4956d335e2a876015cf258dc46e226ea |
|
26-Feb-2016 |
Kenny Root <kroot@google.com> |
CipherTest: test instance reuse with updateAAD AAD was not being reset on each Cipher init or doFinal call, so add regression tests to make sure that is now the case. Bug: 27324690 Change-Id: I5f7606efb6dfcd412166eed2bd5f417097a97f1f
|
025a53602e555b0fda6fcc3060613e4c94217034 |
|
23-Feb-2016 |
Sergio Giro <sgiro@google.com> |
GCMParameters: check that the default tag size is secure (16 bits) Note: port of cr/110497945 Bug: 26231099 Bug: 26234568 Change-Id: I3eef233b15ded9553c3cdfd1c51ffef306276f7d
|
691e5c91e4204cc82753d5ecb775ffca75f8a50f |
|
24-Aug-2015 |
Kenny Root <kroot@google.com> |
Cipher: iterate through services first We were iterating through different ways to express the same Cipher transform first and then checking each Cipher. Invert the loops so we check each Service in priority order for the different ways to express the same transform. Bug: 23447815 Bug: https://code.google.com/p/android-developer-preview/issues/detail?id=3025 Change-Id: Iee3d5123ce13fa1209c17ff67d4b904ced82a049
|
55d681439fb1b3c6ed41ceb1aa9505b718d8b0ff |
|
01-Aug-2015 |
Kenny Root <kroot@google.com> |
CipherTest: add assertions about GCM parameters Before we were not enforcing that the parameters returned were GCMParameterSpec or not. This adds a check to make sure that GCM implementations are doing the right thing. Bug: 22319986 Change-Id: If5eb1f9624a286b8feb0c303643aca9caac0d807
|
484509de8262bb0a56b303016e93f4be1cf0d795 |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add Cipher#init checks Cipher should check that the chosen CipherSpi actually supports initalization with the given parameters. If not, it should return the first exception that it ran into so that the developer can have an idea of why the initialization failed. This is most likely do to unsupported key or algorithm parameters. Collapse some functions into one so it's easier to keep track of the exception that should be thrown should all else fail. Also since we try to initialize during the CipherSpi selection, there is no need to initialize the returned CipherSpi again. Also remove an instanceof check to be in line with other implementations that just throw a ClassCastException since we now will try other providers before falling back to throwing the unchecked exception. This might actually provide better debug messages for a developer working on a CipherSpi provider. (cherry picked from commit f591462f7901011b2bce61c3cbbdc54840e5b4bc) Bug: 22573249 Change-Id: Ieec97a8f00e9c0c3889520a3ec9f8bc4e514b35a
|
45a9e938ee58e79b00ae37233678ef9ab54e0392 |
|
22-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add more Cipher tests Any provider throwing an unchecked exception should not prevent the next possibly working provider from having a chance. (cherry picked from commit f7cae3971c030257c62ebc20e9e5dfd6d734b34c) Bug: 22573249 Change-Id: If3f508ed3e87de58b39ab380fb298a92fb1b593b
|
5423595a40397888d426112b1c6fe7b4fcf24e7a |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add tests for init-time rejection Cipher should try to to initialize the CipherSpi it selects before returning it as a successful match. These tests ensure that it is correct. (cherry picked from commit 85d1800ec694bb4c2f629073d79520c4a7ad0cc8) Bug: 22573249 Change-Id: I12ed5021cf85fccb5d04a0904a302f6cd3569c3d
|
f591462f7901011b2bce61c3cbbdc54840e5b4bc |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add Cipher#init checks Cipher should check that the chosen CipherSpi actually supports initalization with the given parameters. If not, it should return the first exception that it ran into so that the developer can have an idea of why the initialization failed. This is most likely do to unsupported key or algorithm parameters. Collapse some functions into one so it's easier to keep track of the exception that should be thrown should all else fail. Also since we try to initialize during the CipherSpi selection, there is no need to initialize the returned CipherSpi again. Also remove an instanceof check to be in line with other implementations that just throw a ClassCastException since we now will try other providers before falling back to throwing the unchecked exception. This might actually provide better debug messages for a developer working on a CipherSpi provider. Bug: 22573249 Change-Id: Ieec97a8f00e9c0c3889520a3ec9f8bc4e514b35a
|
f7cae3971c030257c62ebc20e9e5dfd6d734b34c |
|
22-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add more Cipher tests Any provider throwing an unchecked exception should not prevent the next possibly working provider from having a chance. Bug: 22573249 Change-Id: If3f508ed3e87de58b39ab380fb298a92fb1b593b
|
85d1800ec694bb4c2f629073d79520c4a7ad0cc8 |
|
21-Jul-2015 |
Kenny Root <kroot@google.com> |
Late binding: add tests for init-time rejection Cipher should try to to initialize the CipherSpi it selects before returning it as a successful match. These tests ensure that it is correct. Bug: 22573249 Change-Id: I12ed5021cf85fccb5d04a0904a302f6cd3569c3d
|
30bc3f8566f9b089ce02a7a22b51991d896f5524 |
|
09-Jul-2015 |
Sergio Giro <sgiro@google.com> |
javax.crypto.Cipher: try less specific Cipher/Mode/Padding combinations before throwing InvalidKeyException Also, return saved spi in getSpi instead of recomputing a new one Bug: 22208820 (cherry picked from commit 8157603ccf1ff124c5bebc8755404a9a825f47d3) Change-Id: I30a06ef7d9234769b5592a0c7d665c8afa2a8ff8
|
8157603ccf1ff124c5bebc8755404a9a825f47d3 |
|
09-Jul-2015 |
Sergio Giro <sgiro@google.com> |
javax.crypto.Cipher: try less specific Cipher/Mode/Padding combinations before throwing InvalidKeyException Also, return saved spi in getSpi instead of recomputing a new one Bug: 22208820 Change-Id: Ib52cb6eb104500f73711c15eddfc319cf47dd996
|
569564255fa8cb498be9fe07ea5da790b668b54b |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: add tests to check behaviour for padding and decrypt mode Bug: 19186852 Change-Id: I8c51b309ca98030ab1eda5b2a0201a97a5758072 (cherry-pick from 9f7960cfda26dab222d522c28ca44902d996f3e4)
|
642c718a3f3a38f99c41c888c3f4be7a4a75001d |
|
15-May-2015 |
Kenny Root <kroot@google.com> |
Add AES 192 test Explicitly test AES with 192-bit keys just to be sure there are no regressions. Change-Id: I2cc9b36983f9f24c743bcb918a72d704b6949a55
|
9f7960cfda26dab222d522c28ca44902d996f3e4 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: add tests to check behaviour for padding and decrypt mode Bug: 19186852 Change-Id: I206442d45c4cf68363201738ba9d0b035f19c436
|
2ae508725e0b6c4dd4c23717bc1625bd745670b6 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: throw InvalidKeyException instead of ProviderException In java.security javax.crypto and java.security classes with late binding, when guessing the provider and none of the available ones supports the specified key Bug: 18987633 (cherry pick from e38b83dd96281d178b01476b67d354655bf2de62) Change-Id: I5931046e9044984baf724157138bf3a7c7ef5e90
|
304bb76a3e2fbd9990327e5de30da4bb38e57c6e |
|
05-Jun-2015 |
Sergio Giro <sgiro@google.com> |
Revert "libcore: add tests to check behaviour for padding and decrypt mode" This reverts commit f4b4fffe89c72dd803fa33ac7ae4e5becfff6bc7. Change-Id: Ie98dd2f73cd948d4289c8485030c4e31e6cf5df9
|
f4b4fffe89c72dd803fa33ac7ae4e5becfff6bc7 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: add tests to check behaviour for padding and decrypt mode Bug: 19186852 Change-Id: Ife346931e4ba2c8e3a99e066caee91267b1d138f
|
e38b83dd96281d178b01476b67d354655bf2de62 |
|
02-Jun-2015 |
Sergio Giro <sgiro@google.com> |
libcore: throw InvalidKeyException instead of ProviderException In java.security javax.crypto and java.security classes with late binding, when guessing the provider and none of the available ones supports the specified key Bug: 18987633 Change-Id: I2a4d258c8f628e2c40f4cbb060cb8825097bd22a
|
28ff51921fd3802ce4cdfbcff11ae27e88ade5df |
|
12-May-2015 |
Kenny Root <kroot@google.com> |
Add tests for AES/GCM/NOPADDING (cherry picked from commit d5ed0e9c84915f2a93e25a4d152f837a661c4774) Bug: 21085702 Change-Id: I1a88f6410bb61a885bbb447a6e7b86b011dc8625
|
10661d57e20e3074fe526573c39beb3f4e39c2bb |
|
12-May-2015 |
Kenny Root <kroot@google.com> |
Late binding: track differences in RI behavior Change-Id: If647dcafd656775b7a290c7cc58969e0cb3786ee
|
d5ed0e9c84915f2a93e25a4d152f837a661c4774 |
|
12-May-2015 |
Kenny Root <kroot@google.com> |
Add tests for AES/GCM/NOPADDING Change-Id: I1a88f6410bb61a885bbb447a6e7b86b011dc8625
|
b76ea2456f3d7fd99fa3d42a3ef7e8b6f61f77c5 |
|
29-Apr-2015 |
Kenny Root <kroot@google.com> |
CipherTest: make multiple doFinal calls for RSA/ECB The OpenSSLCipherRSA wasn't updating its buffer offset. The regular test_getInstance loop tests this, but since RSA/ECB is 'special' we have this extra test. Change-Id: I27819dad1b0bf59ddd1782b722757fe7526db2df
|
096551ee9144aeff6449e9cf181e82246df1dd7c |
|
03-Apr-2015 |
Kenny Root <kroot@google.com> |
Update Cipher tests InvalidAlgorithmParameterException should be thrown when Ciphers are initialized with null parameters during decrypt or unwrap mode if the Cipher expects it. Bug: 19201819 Change-Id: Id2ce1c3c7929769808fcc9a4048a28ec150e3672
|
20e310656f03cd83355eae5cd25237f71b80341a |
|
13-Mar-2015 |
Kenny Root <kroot@google.com> |
Late binding: specified Provider forces its use If a Provider is specified in a call to Signature#getInstance, Cipher#getInstance, KeyAgreement#getInstance, or Mac#getInstance, it should return that provider no matter if the properties on that provider say it should support it. Bug: 19730263 Change-Id: I56045e4cb470a0e1aa0e108a443e04043467c475
|
b8211a7b902b559da234264f5fa1fcf09677f54b |
|
22-Jan-2015 |
Alex Klyubin <klyubin@google.com> |
Make Cipher.update return null for empty input. Cipher.update(byte[], int, int inputLen) is supposed to return null when inputLen is zero. This CL makes it so. Prior to this CL, this method returned an empty byte array. Bug: 19100173 Change-Id: I5698f11f76a17dd8fc2509be5d8ec9369a888eaf
|
9694c034814cf19484eeba703cec650227cba0ec |
|
15-Jul-2014 |
Kenny Root <kroot@google.com> |
CipherTest: check multiple calls to doFinal work In existing implementations of JSSE Cipher providers, calling "doFinal" resets the cipher to the state it was at when "init" was called. Note that this is dangerous to do, but it appears some people do it. (cherry picked from commit 5eea67dda648cec5ce6239ae64659d8cff0a15c0) Bug: 16298401 Bug: http://code.google.com/p/android/issues/detail?id=73339 Change-Id: I32e26fde660dc7c50fdac0d74d5d97801f1da9f9
|
5eea67dda648cec5ce6239ae64659d8cff0a15c0 |
|
15-Jul-2014 |
Kenny Root <kroot@google.com> |
CipherTest: check multiple calls to doFinal work In existing implementations of JSSE Cipher providers, calling "doFinal" resets the cipher to the state it was at when "init" was called. Note that this is dangerous to do, but it appears some people do it. Bug: 16298401 Bug: http://code.google.com/p/android/issues/detail?id=73339 Change-Id: I32e26fde660dc7c50fdac0d74d5d97801f1da9f9
|
beff0f1375b635c692d48190aa69a06986b5111f |
|
06-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: reinitializing causes selection The Sun PKCS#11 document says that calling initialization with different keys causes a new provider and service will be chosen. Currently the RI fails these tests, but it seems like the correct thing to do. Change-Id: Ie40d8ef5f0996477e157ffbc0d9f145448df3df1
|
07c8c69f59b60684fe07b003b3462e8d9687f422 |
|
06-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: fix refactor mistake in Cipher Refactoring led to the tool changing "continue;" into "return sap;" which will give you an invalid configuration. Change-Id: I4b1a3b3fc9ffdf489739b4a1ef65276ca021f1f6
|
3ed78a8925825daccdba23fda1f69cbb3aa77a24 |
|
05-Feb-2014 |
Kenny Root <kroot@google.com> |
Late binding: supplied Provider should be used If a program supplies a Provider object, it should be used instead of looking at the registered providers. Bug: 12890254 Change-Id: Ia4d1ac88a1ed20ab6ad6a11d2d5f53ee51310544
|
9f48b7f4185c06c3f4a1f95bda68a9cbe59b2c61 |
|
01-Feb-2014 |
Alex Klyubin <klyubin@google.com> |
Assert PKCS#7 padding supported for AES and 3DES. This tests that PKCS#7 padding for all Cipher transformations which currently support PKCS#5 padding. PKCS#5 padding is a special case of PKCS#7 padding. PKCS#5 padding is defined specifically for 64 bit long blocks. However, lots of code assumes that PKCS#5 for other block sizes works exactly like PKCS#7, and thus uses PKCS#5 padding where PKCS#7 should actually be used (e.g., with AES). Thus, we assert the assumption that PKCS#7 padding works exactly like PKCS#5 padding. Change-Id: I0ca8a952c67bc7aff172e22bd730378d41438067
|
85dab151e734557d356fb45c45cf7d4548dd6fdc |
|
30-Sep-2013 |
Kenny Root <kroot@google.com> |
Late binding: add support to Cipher This enables late binding support for Cipher algorithms. It will now pay attention to SupportedKeyClasses and SupportedKeyFormats after the Cipher#init(...) is called on the instance instead of selecting the provider when Cipher#getInstance(...) creates the instance. Change-Id: I27802f1f8b96d81dd2a269741d080dbe68232c9f
|
0e5952d5638069e38218abf9136de8c4d3b60d95 |
|
13-Dec-2013 |
Kenny Root <kroot@google.com> |
CipherTest: add support for GCM cipher Change-Id: I4b5a5123977a1df152f097e2c7ed86cf7dbcfe9e
|
8f6f41324523bd8a1d2d687cd70c023753aae024 |
|
10-Dec-2013 |
Kenny Root <kroot@google.com> |
CipherTest: Move jurisdiction check lower The jurisdiction policy check was being run too early and it was failing with a NullPointerException because the static field it was reading hadn't been initialized yet. Change-Id: I92d1e010052df03ef1c38996ae74080d5607e681
|
dbeeeb9fa5a9bb81134803d202cce5e7c66559af |
|
22-Nov-2013 |
Kenny Root <kroot@google.com> |
CipherTest: add tests for null parameters in init Bug: https://code.google.com/p/android/issues/detail?id=62640 Change-Id: I86ae6603a6492e8f66c1ce5782c1d0483e4a491b
|
96b54bb1fad5cf63473f99a4155ce888f4f85d7e |
|
30-Sep-2013 |
Kenny Root <kroot@google.com> |
Remove unsupported Cipher modes OpenSSL silently ignores the padding modes when specified for stream ciphers, but apparently Java does not. Change-Id: Icd92122d63b3b8e99d704e8193414dda5057146d
|
e884f65168ea49f85d15a4d7d810904a33a1a22e |
|
10-Sep-2013 |
Kenny Root <kroot@google.com> |
Return IvParameters in OpenSSLCipher#getParameters The getParameters() call was unimplemented in the OpenSSLCipher as an oversight. Add it so code relying on it will continue to work. Additionally add tests for getIV() and getParameters() to make sure they work correctly. (cherry picked from commit 8d59a14a150738b8b3a2a8c31d1a48b8ae0a3d0c) Bug: 10423926 Change-Id: I6bc7fc540509242dff9e5411f66f82be54691cb4
|
8d59a14a150738b8b3a2a8c31d1a48b8ae0a3d0c |
|
10-Sep-2013 |
Kenny Root <kroot@google.com> |
Return IvParameters in OpenSSLCipher#getParameters The getParameters() call was unimplemented in the OpenSSLCipher as an oversight. Add it so code relying on it will continue to work. Additionally add tests for getIV() and getParameters() to make sure they work correctly. Bug: 10423926 Change-Id: Ie42007b15c080aab4040375f2d9c40b9d82c4f0c
|
df622e97f428295cbb19c8bd04433d8febb6d8b3 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes Bug: 9095447 Change-Id: Ieba76865c4da4260949391389611dfd09bc5e326
|
bb04d369aed3de1a93907b8fab6f3a9837135257 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
Flip sense of negative isUnsupported* methods Change-Id: I024a72ec535978dc3a009d6433f6a65133feb3b8
|
e9e7f036545d04e441e2aa8bcae4ba1024c86e97 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes Bug: 9095447 (cherry picked from commit 1eba66d802f4edfaa3ca599f196e282bc110eff9) Change-Id: I6709eebcbede0ba617462bf49dd858f98246555f
|
1eba66d802f4edfaa3ca599f196e282bc110eff9 |
|
24-May-2013 |
Brian Carlstrom <bdc@google.com> |
CipherTest fixes Bug: 9095447 Change-Id: Ieba76865c4da4260949391389611dfd09bc5e326
|
d416195acbc08f2b3bdd5d5532d40438465d99e9 |
|
13-May-2013 |
Kenny Root <kroot@google.com> |
Add classes for AEAD encryption New classes in Java 7 for Authenicated Encryption with Additional Data (AEAD). This allows the use of encryption modes such as Galois/Counter Mode with performs the equivalent of MAC and encryption simultaneously and consequently makes encryption safer to use for implementors. Change-Id: I6302826b096044ade5f62a667dc240e3ab07b351
|
4f63b6d2b5c082f88ef731186902c0229dda474f |
|
29-Jan-2013 |
Brian Carlstrom <bdc@google.com> |
Remove BouncyCastle exclusion of PBE ciphers from wrapping tests Bug: https://code.google.com/p/android/issues/detail?id=41405 Change-Id: Ie5942f4ef1d872a75d89c58ea0fd85f69c63d0cf
|
edefa57a822c27f3e9def050fd50e375c5908551 |
|
02-Oct-2012 |
Kenny Root <kroot@google.com> |
OpenSSLCipher: add ARC4 support Change-Id: Iccdd76260af1afab0855816b3ccdd34fbc52295b
|
46d6243e9e39a2b68b985bfd534cc891e52df274 |
|
09-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Change OpenSSLCipherRSA.{engineGetBlockSize,engineGetOutputSize} to return result based on key size Includes cherry-pick of 847f22adbd0e829b84491d7202dcbed5bf67a98c Bug: 7192453 Change-Id: Ib5fa1e313d942d2c1034e8e7831af285ad24d71d
|
72e44404c32a98e7675a6e7cfbf856adb499a434 |
|
09-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Change OpenSSLCipherRSA.{engineGetBlockSize,engineGetOutputSize} to return result based on key size Includes cherry-pick of 847f22adbd0e829b84491d7202dcbed5bf67a98c Bug: 7192453 Change-Id: Ib5fa1e313d942d2c1034e8e7831af285ad24d71d
|
fac659c013ec9c2783f60afce39e83eb107f117d |
|
04-Oct-2012 |
Kenny Root <kroot@google.com> |
OpenSSLCipher: don't explode during null decrypt Other Cipher implementations return "null" when calling "doFinal()" during decrypt mode without having ever called .update(...) Change OpenSSLCipher to do the same. Change-Id: I76e22702a446912df125af0ff518fb123d62f5a3
|
13cf08b2f06e1f5f0278c449072898f5e147db49 |
|
24-Sep-2012 |
Kenny Root <kroot@google.com> |
Add Cipher support for AES through OpenSSL Timings using encrypt with 256-bit key in CTR mode and PKCS5Padding: implementation inputSize us linear runtime OpenSSL 16 11.4 = OpenSSL 32 12.1 = OpenSSL 64 13.2 = OpenSSL 128 15.1 = OpenSSL 1024 44.0 = OpenSSL 8192 275.0 === BouncyCastle 16 11.5 = BouncyCastle 32 15.9 = BouncyCastle 64 24.6 = BouncyCastle 128 41.5 = BouncyCastle 1024 277.2 === BouncyCastle 8192 2196.9 ============================== Change-Id: I4aa6e3a2ca2b368fab2c602733b4f97e740d04fd
|
2f3704e69938b1cecbd6bc97f1247ec5f3ad03d2 |
|
02-Oct-2012 |
Kenny Root <kroot@google.com> |
Test key wrapping for all Ciphers Change-Id: I1320f30602e17b730feae5676e34b1550f8eb8b8
|
6c9924b028850b824e6742bb72ed5406242fdeb4 |
|
01-Oct-2012 |
Kenny Root <kroot@google.com> |
More testing of Cipher .doFinal variants Change-Id: I5f94eac56da177de5d395277f246263af32c67c3
|
847f22adbd0e829b84491d7202dcbed5bf67a98c |
|
28-Sep-2012 |
Kenny Root <kroot@google.com> |
Add more CipherTest tests Change-Id: I29f55e41335021945029e410d4e51e2c8f564285
|
0a156e0126e8015f2791e9a7dd48bbdaeae0c335 |
|
12-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding Summary: - Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding Added NativeCrypto.RSA_private_decrypt and NativeCrypto.RSA_public_encrypt - Changed OpenSSLSignatureRawRSA to use new Cipher.RSA/None/PKCS1Padding Removed now obsoleted NativeCrypto APIs for RSA_padding_add_PKCS1_type_1 and RSA_padding_check_PKCS1_type_1 - added wrap/unwrap support OpenSSLCipherRSA Needed for SSLEngine (and fallback SSLSocket implementation) which are now picking up the new Cipher.RSA/None/PKCS1Padding - expanded CipherTest to sanity test all algorithms and PKCS1 padding Change-Id: I03566cc86ffce07d44d5e0094fa82c9c24587c26
|
d762af619aa85042c08553425a4ca4ef7900d45a |
|
10-Aug-2012 |
Kenny Root <kroot@google.com> |
Fix OpenSSLCipherRawRSA doFinal array copy System.arraycopy was pointing the wrong way making calls to doFinal() with offset markers get zeroed output instead of the actual output. Also fix tests that checked RSA cipher behavior to match RI. Bug: 6951038 Change-Id: Ife84c177a2c06a2c27b98df9960cbd3c4b62d984
|
c5ddc93173f32383ab456c0a24739e7cb2d19c42 |
|
02-Aug-2012 |
Kenny Root <kroot@google.com> |
Add raw RSA Cipher to OpenSSLProvider Recent changes in the way that Android Keystore (accessed via KeyChain) necessitate all key operations be done with a provider that understands the new OpenSSLKey object. This adds Cipher support for the RSA algorithm in "RSA/ECB/NoPadding" and "RSA/None/NoPadding" modes. Change-Id: I98a8eaf3514763a863b2751bba999fbd48609c96
|
101547d4a82ba21031dc7cb62018720dbd493758 |
|
01-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Refactoring to add a builder for TestKeyStore. Change-Id: I346aea42a27042512f4ed97690f1e0ca1755257c
|
0ac85ead96f1ba7d35f3acadd154de4ef0a8fd87 |
|
25-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Tracking jarjar of org.bouncycastle to com.android.org.bouncycastle Bug: 3086427 Change-Id: I026f80bfa5e963a8e988ecd6f91c9732a4afc70c
|
0d5c7588179fb373da70ce04362be5ce74a98eb4 |
|
24-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Cipher.init incorrectly implements RFC 3280 key usage validation Issue: http://code.google.com/p/android/issues/detail?id=12955 Bug: 3381582 Change-Id: Ida63c1356634c8e287ce5b0234418a656dffedf0
|