diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-05-12 18:46:34 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-05-12 18:46:34 +0000 |
commit | e734ffdca880518bd54d9e4fcb99e8e43ef0eb68 (patch) | |
tree | 11405b03d4824928814f69b1a5c6b9ae35e34a02 /keystore-cts/java/com/google/security/wycheproof/testcases/CipherInputStreamTest.java | |
parent | f1ee9b3f13c695714b9e7f9a502d56c031b5a8aa (diff) | |
parent | 31cc0fa7a53b932d3481560a3692cbc24cf8824a (diff) | |
download | wycheproof-e734ffdca880518bd54d9e4fcb99e8e43ef0eb68.tar.gz |
Snap for 8580505 from 31cc0fa7a53b932d3481560a3692cbc24cf8824a to main-cg-testing-releasemain-cg-testing-release
Change-Id: Ibb15f645e8e487d4f3b71e7e398f94d595965d7b
Diffstat (limited to 'keystore-cts/java/com/google/security/wycheproof/testcases/CipherInputStreamTest.java')
-rw-r--r-- | keystore-cts/java/com/google/security/wycheproof/testcases/CipherInputStreamTest.java | 56 |
1 files changed, 36 insertions, 20 deletions
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/CipherInputStreamTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/CipherInputStreamTest.java index 3698e4e..d0f85d4 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/CipherInputStreamTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/CipherInputStreamTest.java @@ -25,12 +25,17 @@ import java.security.spec.AlgorithmParameterSpec; import java.util.ArrayList; import java.util.Arrays; import javax.crypto.Cipher; +import javax.crypto.SecretKey; import javax.crypto.CipherInputStream; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; +import org.junit.After; import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.JUnit4; +import org.junit.Ignore; +import android.security.keystore.KeyProtection; +import android.security.keystore.KeyProperties; +import java.security.KeyStore; +import android.keystore.cts.util.KeyStoreUtil; /** * CipherInputStream tests @@ -51,18 +56,31 @@ import org.junit.runners.JUnit4; * All other tests run under the assumption that returning an empty plaintext is acceptable * behaviour, so that the tests are able to catch additional problems. */ -@RunWith(JUnit4.class) public class CipherInputStreamTest { + private static final String EXPECTED_PROVIDER_NAME = TestUtil.EXPECTED_CRYPTO_OP_PROVIDER_NAME; static final SecureRandom rand = new SecureRandom(); + @After + public void tearDown() throws Exception { + KeyStoreUtil.cleanUpKeyStore(); + } + static byte[] randomBytes(int size) { byte[] bytes = new byte[size]; rand.nextBytes(bytes); return bytes; } - static SecretKeySpec randomKey(String algorithm, int keySizeInBytes) { - return new SecretKeySpec(randomBytes(keySizeInBytes), "AES"); + static SecretKey randomKey(String algorithm, String alias, int keySizeInBytes) throws Exception { + SecretKeySpec keySpec = new SecretKeySpec(randomBytes(keySizeInBytes), "AES"); + KeyStore keyStore = KeyStoreUtil.saveSecretKeyToKeystore(alias, keySpec, + new KeyProtection.Builder(KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) + .setBlockModes(KeyProperties.BLOCK_MODE_GCM) + .setRandomizedEncryptionRequired(false) + .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) + .build()); + // Key imported, obtain a reference to it. + return (SecretKey) keyStore.getKey(alias, null); } static AlgorithmParameterSpec randomParameters( @@ -76,7 +94,7 @@ public class CipherInputStreamTest { /** Test vectors */ public static class TestVector { public String algorithm; - public SecretKeySpec key; + public SecretKey key; public AlgorithmParameterSpec params; public byte[] pt; public byte[] aad; @@ -84,14 +102,14 @@ public class CipherInputStreamTest { @SuppressWarnings("InsecureCryptoUsage") public TestVector( - String algorithm, int keySize, int ivSize, int tagSize, int ptSize, int aadSize) - throws Exception { + String algorithm, String alias, int keySize, + int ivSize, int tagSize, int ptSize, int aadSize) throws Exception { this.algorithm = algorithm; - this.key = randomKey(algorithm, keySize); + this.key = randomKey(algorithm, alias, keySize); this.params = randomParameters(algorithm, ivSize, tagSize); this.pt = randomBytes(ptSize); this.aad = randomBytes(aadSize); - Cipher cipher = Cipher.getInstance(algorithm); + Cipher cipher = Cipher.getInstance(algorithm, EXPECTED_PROVIDER_NAME); cipher.init(Cipher.ENCRYPT_MODE, this.key, this.params); cipher.updateAAD(aad); this.ct = cipher.doFinal(pt); @@ -112,7 +130,10 @@ public class CipherInputStreamTest { for (int tagSize : tagSizes) { for (int ptSize : ptSizes) { for (int aadSize : aadSizes) { - result.add(new TestVector(algorithm, keySize, ivSize, tagSize, ptSize, aadSize)); + String keyAlias = "Key-" + keySize + "-" + ivSize + "-" + tagSize + + "-" + ptSize + "-" + aadSize; + result.add(new TestVector(algorithm, keyAlias, keySize, + ivSize, tagSize, ptSize, aadSize)); } } } @@ -124,7 +145,7 @@ public class CipherInputStreamTest { @SuppressWarnings("InsecureCryptoUsage") public void testEncrypt(Iterable<TestVector> tests) throws Exception { for (TestVector t : tests) { - Cipher cipher = Cipher.getInstance(t.algorithm); + Cipher cipher = Cipher.getInstance(t.algorithm, EXPECTED_PROVIDER_NAME); cipher.init(Cipher.ENCRYPT_MODE, t.key, t.params); cipher.updateAAD(t.aad); InputStream is = new ByteArrayInputStream(t.pt); @@ -148,7 +169,7 @@ public class CipherInputStreamTest { @SuppressWarnings("InsecureCryptoUsage") public void testDecrypt(Iterable<TestVector> tests) throws Exception { for (TestVector t : tests) { - Cipher cipher = Cipher.getInstance(t.algorithm); + Cipher cipher = Cipher.getInstance(t.algorithm, EXPECTED_PROVIDER_NAME); cipher.init(Cipher.DECRYPT_MODE, t.key, t.params); cipher.updateAAD(t.aad); InputStream is = new ByteArrayInputStream(t.ct); @@ -184,7 +205,7 @@ public class CipherInputStreamTest { public void testCorruptDecrypt(Iterable<TestVector> tests, boolean acceptEmptyPlaintext) throws Exception { for (TestVector t : tests) { - Cipher cipher = Cipher.getInstance(t.algorithm); + Cipher cipher = Cipher.getInstance(t.algorithm, EXPECTED_PROVIDER_NAME); cipher.init(Cipher.DECRYPT_MODE, t.key, t.params); cipher.updateAAD(t.aad); byte[] ct = Arrays.copyOf(t.ct, t.ct.length); @@ -263,6 +284,7 @@ public class CipherInputStreamTest { /** Tests CipherOutputStream with AES-EAX if this algorithm is supported by the provider. */ @Test + @Ignore // Ignored due to AES/EAX algorithm is not supported in AndroidKeyStore public void testAesEax() throws Exception { final String algorithm = "AES/EAX/NoPadding"; final int[] keySizes = {16, 32}; @@ -270,12 +292,6 @@ public class CipherInputStreamTest { final int[] tagSizes = {12, 16}; final int[] ptSizes = {0, 8, 16, 65, 8100}; final int[] aadSizes = {0, 8, 24}; - try { - Cipher.getInstance(algorithm); - } catch (NoSuchAlgorithmException ex) { - System.out.println("Skipping testAesEax"); - return; - } Iterable<TestVector> v = getTestVectors(algorithm, keySizes, ivSizes, tagSizes, ptSizes, aadSizes); testEncrypt(v); |