MacTest.java revision 2216155c3066236eb450f307983019f69a10303d
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17package libcore.javax.crypto; 18 19import static java.nio.charset.StandardCharsets.UTF_8; 20 21import java.security.InvalidKeyException; 22import java.security.Provider; 23import java.security.Security; 24import java.util.Arrays; 25import javax.crypto.Mac; 26import javax.crypto.SecretKey; 27import javax.crypto.SecretKeyFactory; 28import javax.crypto.spec.PBEKeySpec; 29import junit.framework.TestCase; 30 31public class MacTest extends TestCase { 32 private static abstract class MockProvider extends Provider { 33 public MockProvider(String name) { 34 super(name, 1.0, "Mock provider used for testing"); 35 setup(); 36 } 37 38 public abstract void setup(); 39 } 40 41 /** 42 * Several exceptions can be thrown by init. Check that in this case we throw the right one, 43 * as the error could fall under the umbrella of other exceptions. 44 * http://b/18987633 45 */ 46 public void testMac_init_DoesNotSupportKeyClass_throwsInvalidKeyException() 47 throws Exception { 48 Provider mockProvider = new MockProvider("MockProvider") { 49 @Override 50 public void setup() { 51 put("Mac.FOO", MockMacSpi.AllKeyTypes.class.getName()); 52 put("Mac.FOO SupportedKeyClasses", "none"); 53 54 } 55 }; 56 57 Security.addProvider(mockProvider); 58 try { 59 Mac c = Mac.getInstance("FOO"); 60 c.init(new MockKey()); 61 fail("Expected InvalidKeyException"); 62 } catch (InvalidKeyException expected) { 63 } finally { 64 Security.removeProvider(mockProvider.getName()); 65 } 66 } 67 68 /** 69 * Aliases used to be wrong due to a typo. 70 * http://b/31114355 71 */ 72 public void testMac_correctAlias() throws Exception { 73 Provider androidOpenSSLProvider = Security.getProvider("AndroidOpenSSL"); 74 assertEquals("HmacSHA224", androidOpenSSLProvider.get("Alg.Alias.Mac.1.2.840.113549.2.8")); 75 assertEquals("HmacSHA256", androidOpenSSLProvider.get("Alg.Alias.Mac.1.2.840.113549.2.9")); 76 } 77 78 // Known answers from the SunJCE provider using the code below. Run with 79 // vogar --classpath sunjce_provider.jar 80 // 81 // secretKeyFactory = SecretKeyFactory.getInstance("PBEWithHmacSHA" + shaVariant + "AndAES_128", 82 // new com.sun.crypto.provider.SunJCE()); 83 // pbeKeySpec = new PBEKeySpec(password); 84 // 85 // secretKey = secretKeyFactory.generateSecret(pbeKeySpec); 86 // mac = Mac.getInstance("PBEWITHHMACSHA" + shaVariant, new com.sun.crypto.provider.SunJCE()); 87 // mac.init(secretKey, new PBEParameterSpec(salt, iterationCount)); 88 // byte[] sunResult = mac.doFinal(plaintext); 89 private final byte[][] SUN_JCA_KNOWN_ANSWERS_FOR_SHA_VARIANTS = { 90 { 44, -78, -97, -109, -125, 49, 68, 58, -9, -99, -27, -122, 58, 27, 7, 45, 87, -92, 91 -74, 64 }, 92 { 59, -13, 28, 53, 79, -79, -127, 117, 3, -23, -75, -127, -44, -47, -43, 28, 76, -114, 93 -110, 26, 59, 70, -91, 19, -52, 36, -64, -54 }, 94 { 88, 54, -105, -122, 14, 73, -40, -43, 52, -21, -33, -103, 32, 81, 115, 53, 111, 78, 95 32, -108, 71, -74, -84, 125, 80, 13, -35, -36, 27, 56, 32, 104 }, 96 { -83, 60, -92, 44, -58, 86, -121, 104, 114, -67, 14, 80, 84, -48, -14, 38, 14, -62, 97 -96, 118, 53, -59, -33, -90, 85, -110, 105, -119, -81, 57, 43, -66, 99, 106, 35, 98 -16, -115, 29, -56, -52, -39, 102, -1, -90, 110, -52, 48, -32}, 99 { -22, -69, -77, 11, -14, -128, -121, 5, 48, 18, 107, -22, 64, -45, 18, 60, 24, -42, 100 -67, 111, 110, -99, -19, 14, -21, -43, 26, 68, -40, 82, 123, 39, 115, 34, 6, 101 -67, 27, -73, -63, -56, -39, 65, -75, -14, -5, -94, -8, 126, -44, -97, 95, 31, 102 61, 123, -17, 14, 117, 71, -45, 53, -76, -91, 91, -121} 103 }; 104 105 /** 106 * Test that BC has the same results as the SunJCA provider for 107 */ 108 public void test_PBEWITHHMACSHA_Variants() throws Exception { 109 byte[] plaintext = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 110 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34 }; 111 byte[] salt = "saltsalt".getBytes(UTF_8); 112 char[] password = "password".toCharArray(); 113 int iterationCount = 100; 114 int[] shaVariants = { 1, 224, 256, 384, 512 }; 115 116 for (int shaVariantIndex = 0; shaVariantIndex < shaVariants.length; shaVariantIndex++) { 117 int shaVariant = shaVariants[shaVariantIndex]; 118 SecretKeyFactory secretKeyFactory = 119 SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA" + shaVariant, "BC"); 120 PBEKeySpec pbeKeySpec = new PBEKeySpec(password, 121 salt, 122 iterationCount, 123 // Key depending on block size! 124 (shaVariant < 384) ? 64 : 128); 125 SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec); 126 Mac mac = Mac.getInstance("PBEWITHHMACSHA" + shaVariant, "BC"); 127 mac.init(secretKey); 128 byte[] bcResult = mac.doFinal(plaintext); 129 assertEquals( 130 Arrays.toString(SUN_JCA_KNOWN_ANSWERS_FOR_SHA_VARIANTS[shaVariantIndex]), 131 Arrays.toString(bcResult)); 132 } 133 } 134} 135