diff options
-rw-r--r-- | WORKSPACE | 5 | ||||
-rw-r--r-- | build_defs.bzl | 6 | ||||
-rw-r--r-- | java/com/google/security/wycheproof/testcases/DhiesTest.java | 22 | ||||
-rw-r--r-- | java/com/google/security/wycheproof/testcases/EciesTest.java | 25 |
4 files changed, 39 insertions, 19 deletions
@@ -49,6 +49,11 @@ maven_jar( ) maven_jar( + name = "bouncycastle_1_56", + artifact = "org.bouncycastle:bcprov-jdk15on:1.56", +) + +maven_jar( name = "spongycastle_core_1_50", artifact = "com.madgag.spongycastle:core:1.50.0.0", ) diff --git a/build_defs.bzl b/build_defs.bzl index 13aa82b..61858bd 100644 --- a/build_defs.bzl +++ b/build_defs.bzl @@ -1,10 +1,10 @@ -bouncycastle_versions = range(49, 56) +bouncycastle_versions = range(49, 57) # These targets run all tests. def bouncycastle_all_tests(srcs, deps, size, test_class): """BouncyCastle version-specific tests.""" - # Generates BouncyCastleAllTests_1_55, ..., BouncyCastleAllTests_1_49 + # Generates BouncyCastleAllTests_1_56, ..., BouncyCastleAllTests_1_49 for version in bouncycastle_versions: native.java_test( name = "BouncyCastleAllTests_1_%s" % version, @@ -31,7 +31,7 @@ def bouncycastle_all_tests(srcs, deps, size, test_class): def bouncycastle_tests(srcs, deps, size, test_class): """BouncyCastle version-specific tests.""" - # Generates BouncyCastleTest_1_55, ..., BouncyCastleTest_1_49 + # Generates BouncyCastleTest_1_56, ..., BouncyCastleTest_1_49 for version in bouncycastle_versions: native.java_test( name = "BouncyCastleTest_1_%s" % version, diff --git a/java/com/google/security/wycheproof/testcases/DhiesTest.java b/java/com/google/security/wycheproof/testcases/DhiesTest.java index ef27232..3e5bbe3 100644 --- a/java/com/google/security/wycheproof/testcases/DhiesTest.java +++ b/java/com/google/security/wycheproof/testcases/DhiesTest.java @@ -71,9 +71,9 @@ public class DhiesTest extends TestCase { } /** - * WARNING: This test uses weak crypto (i.e. DHIESWithAES). Checks that key agreement using DHIES - * works in the sense that it can decrypt what it encrypts. Unfortunately it seems that there is - * no secure mode using AES. + * WARNING: This test uses weak crypto (i.e. DHIESWithAES), if supported. Checks that key agreement + * using DHIES works in the sense that it can decrypt what it encrypts. Unfortunately it seems that + * there is no secure mode using AES. */ @SuppressWarnings("InsecureCryptoUsage") public void testDhiesBasic() throws Exception { @@ -84,7 +84,13 @@ public class DhiesTest extends TestCase { PrivateKey priv = keyPair.getPrivate(); PublicKey pub = keyPair.getPublic(); byte[] message = "Hello".getBytes("UTF-8"); - Cipher dhies = Cipher.getInstance("DHIESwithAES"); + Cipher dhies; + try { + dhies = Cipher.getInstance("DHIESwithAES"); + } catch (NoSuchAlgorithmException ex) { + // The algorithm isn't supported - even better! + return; + } dhies.init(Cipher.ENCRYPT_MODE, pub); byte[] ciphertext = dhies.doFinal(message); System.out.println("testDhiesBasic:" + TestUtil.bytesToHex(ciphertext)); @@ -106,7 +112,13 @@ public class DhiesTest extends TestCase { PrivateKey priv = keyPair.getPrivate(); PublicKey pub = keyPair.getPublic(); byte[] message = new byte[32]; - Cipher dhies = Cipher.getInstance("DHIESwithAES"); + Cipher dhies; + try { + dhies = Cipher.getInstance("DHIESwithAES"); + } catch (NoSuchAlgorithmException ex) { + // The algorithm isn't supported - even better! + return; + } dhies.init(Cipher.ENCRYPT_MODE, pub); byte[] ciphertext = dhies.doFinal(message); for (int i = 0; i < ciphertext.length; i++) { diff --git a/java/com/google/security/wycheproof/testcases/EciesTest.java b/java/com/google/security/wycheproof/testcases/EciesTest.java index 3846e19..e8b1fe1 100644 --- a/java/com/google/security/wycheproof/testcases/EciesTest.java +++ b/java/com/google/security/wycheproof/testcases/EciesTest.java @@ -17,6 +17,7 @@ package com.google.security.wycheproof; import java.nio.ByteBuffer; +import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; @@ -81,7 +82,7 @@ public class EciesTest extends TestCase { ecies.init(Cipher.ENCRYPT_MODE, pub); byte[] ciphertext = ecies.doFinal(message); System.out.println("testEciesBasic:" + TestUtil.bytesToHex(ciphertext)); - ecies.init(Cipher.DECRYPT_MODE, priv); + ecies.init(Cipher.DECRYPT_MODE, priv, ecies.getParameters()); byte[] decrypted = ecies.doFinal(ciphertext); assertEquals(TestUtil.bytesToHex(message), TestUtil.bytesToHex(decrypted)); } @@ -98,6 +99,8 @@ public class EciesTest extends TestCase { new String[] { "ECIESWITHAES/CBC/PKCS5PADDING", "ECIESWITHAES/CBC/PKCS7PADDING", + "ECIESWITHAES/DHAES/NOPADDING", + "ECIESWITHDESEDE/DHAES/NOPADDING", "ECIESWITHAES/ECB/NOPADDING", "ECIESWITHAES/CTR/NOPADDING", }; @@ -116,14 +119,12 @@ public class EciesTest extends TestCase { // expect. @SuppressWarnings("InsecureCryptoUsage") public void testValidNames() throws Exception { - String[] invalidNames = + String[] validNames = new String[] { - "ECIESWITHAES/DHAES/NOPADDING", "ECIES/DHAES/PKCS7PADDING", - "ECIESWITHDESEDE/DHAES/NOPADDING", "ECIESWITHAES-CBC/NONE/NOPADDING", }; - for (String algorithm : invalidNames) { + for (String algorithm : validNames) { Cipher.getInstance(algorithm); } } @@ -172,7 +173,7 @@ public class EciesTest extends TestCase { ecies.init(Cipher.ENCRYPT_MODE, pub); byte[] ciphertext = ecies.doFinal(message); System.out.println(TestUtil.bytesToHex(ciphertext)); - ecies.init(Cipher.DECRYPT_MODE, priv); + ecies.init(Cipher.DECRYPT_MODE, priv, ecies.getParameters()); HashSet<String> exceptions = new HashSet<String>(); for (int byteNr = kemSize; byteNr < ciphertext.length; byteNr++) { for (int bit = 0; bit < 8; bit++) { @@ -210,13 +211,15 @@ public class EciesTest extends TestCase { ecies.init(Cipher.ENCRYPT_MODE, pub); byte[] ciphertext = ecies.doFinal(message); ciphertext[2] ^= (byte) 1; - ecies.init(Cipher.DECRYPT_MODE, priv); + ecies.init(Cipher.DECRYPT_MODE, priv, ecies.getParameters()); try { ecies.doFinal(ciphertext); fail("This should not work"); - } catch (java.lang.IllegalArgumentException ex) { - // This is what BouncyCastle throws when the points are not on the curve. - // Maybe GeneralSecurityException would be better. + } catch (GeneralSecurityException ex) { + // This is as expected + } catch (Exception ex) { + fail("Expected subclass of java.security.GeneralSecurityException, but got: " + + ex.getClass().getName()); } } @@ -281,7 +284,7 @@ public class EciesTest extends TestCase { byte[] message = "Hello".getBytes("UTF-8"); eciesA.init(Cipher.ENCRYPT_MODE, keyPair.getPublic()); byte[] ciphertext = eciesA.doFinal(message); - eciesB.init(Cipher.DECRYPT_MODE, keyPair.getPrivate()); + eciesB.init(Cipher.DECRYPT_MODE, keyPair.getPrivate(), eciesA.getParameters()); byte[] decrypted = eciesB.doFinal(ciphertext); assertEquals(TestUtil.bytesToHex(message), TestUtil.bytesToHex(decrypted)); } |