| /* |
| * Copyright (C) 2010 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package libcore.javax.crypto; |
| |
| import junit.framework.TestCase; |
| |
| import java.io.ByteArrayInputStream; |
| import java.io.ByteArrayOutputStream; |
| import java.io.FilterInputStream; |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.lang.reflect.Method; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.Provider; |
| import java.security.Security; |
| import java.security.spec.AlgorithmParameterSpec; |
| import java.util.Arrays; |
| import javax.crypto.AEADBadTagException; |
| import javax.crypto.Cipher; |
| import javax.crypto.CipherInputStream; |
| import javax.crypto.KeyGenerator; |
| import javax.crypto.SecretKey; |
| import javax.crypto.ShortBufferException; |
| import javax.crypto.spec.GCMParameterSpec; |
| import javax.crypto.spec.IvParameterSpec; |
| import javax.crypto.spec.SecretKeySpec; |
| |
| import static org.mockito.Mockito.mock; |
| import static org.mockito.Mockito.times; |
| import static org.mockito.Mockito.verify; |
| |
| public final class CipherInputStreamTest extends TestCase { |
| |
| private final byte[] aesKeyBytes = { |
| (byte) 0x50, (byte) 0x98, (byte) 0xF2, (byte) 0xC3, (byte) 0x85, (byte) 0x23, |
| (byte) 0xA3, (byte) 0x33, (byte) 0x50, (byte) 0x98, (byte) 0xF2, (byte) 0xC3, |
| (byte) 0x85, (byte) 0x23, (byte) 0xA3, (byte) 0x33, |
| }; |
| |
| private final byte[] aesIvBytes = { |
| (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, |
| (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, |
| (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, |
| }; |
| |
| private final byte[] aesCipherText = { |
| (byte) 0x2F, (byte) 0x2C, (byte) 0x74, (byte) 0x31, (byte) 0xFF, (byte) 0xCC, |
| (byte) 0x28, (byte) 0x7D, (byte) 0x59, (byte) 0xBD, (byte) 0xE5, (byte) 0x0A, |
| (byte) 0x30, (byte) 0x7E, (byte) 0x6A, (byte) 0x4A |
| }; |
| |
| private final byte[] rc4CipherText = { |
| (byte) 0x88, (byte) 0x01, (byte) 0xE3, (byte) 0x52, (byte) 0x7B |
| }; |
| |
| private final String plainText = "abcde"; |
| private SecretKey key; |
| private SecretKey rc4Key; |
| private AlgorithmParameterSpec iv; |
| |
| @Override protected void setUp() throws Exception { |
| key = new SecretKeySpec(aesKeyBytes, "AES"); |
| rc4Key = new SecretKeySpec(aesKeyBytes, "RC4"); |
| iv = new IvParameterSpec(aesIvBytes); |
| } |
| |
| private static class MeasuringInputStream extends FilterInputStream { |
| private int totalRead; |
| |
| protected MeasuringInputStream(InputStream in) { |
| super(in); |
| } |
| |
| @Override |
| public int read() throws IOException { |
| int c = super.read(); |
| totalRead++; |
| return c; |
| } |
| |
| @Override |
| public int read(byte[] buffer, int byteOffset, int byteCount) throws IOException { |
| int numRead = super.read(buffer, byteOffset, byteCount); |
| if (numRead != -1) { |
| totalRead += numRead; |
| } |
| return numRead; |
| } |
| |
| public int getTotalRead() { |
| return totalRead; |
| } |
| } |
| |
| public void testAvailable() throws Exception { |
| Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
| cipher.init(Cipher.DECRYPT_MODE, key, iv); |
| MeasuringInputStream in = new MeasuringInputStream(new ByteArrayInputStream(aesCipherText)); |
| InputStream cin = new CipherInputStream(in, cipher); |
| assertTrue(cin.read() != -1); |
| assertEquals(aesCipherText.length, in.getTotalRead()); |
| } |
| |
| public void testDecrypt_NullInput_Discarded() throws Exception { |
| Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
| cipher.init(Cipher.DECRYPT_MODE, key, iv); |
| InputStream in = new CipherInputStream(new ByteArrayInputStream(aesCipherText), cipher); |
| int discard = 3; |
| while (discard != 0) { |
| discard -= in.read(null, 0, discard); |
| } |
| byte[] bytes = readAll(in); |
| assertEquals(Arrays.toString(plainText.substring(3).getBytes("UTF-8")), |
| Arrays.toString(bytes)); |
| } |
| |
| public void testEncrypt() throws Exception { |
| Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
| cipher.init(Cipher.ENCRYPT_MODE, key, iv); |
| InputStream in = new CipherInputStream( |
| new ByteArrayInputStream(plainText.getBytes("UTF-8")), cipher); |
| byte[] bytes = readAll(in); |
| assertEquals(Arrays.toString(aesCipherText), Arrays.toString(bytes)); |
| |
| // Reading again shouldn't throw an exception. |
| assertEquals(-1, in.read()); |
| } |
| |
| public void testEncrypt_RC4() throws Exception { |
| Cipher cipher = Cipher.getInstance("RC4"); |
| cipher.init(Cipher.ENCRYPT_MODE, rc4Key); |
| InputStream in = new CipherInputStream( |
| new ByteArrayInputStream(plainText.getBytes("UTF-8")), cipher); |
| byte[] bytes = readAll(in); |
| assertEquals(Arrays.toString(rc4CipherText), Arrays.toString(bytes)); |
| |
| // Reading again shouldn't throw an exception. |
| assertEquals(-1, in.read()); |
| } |
| |
| public void testDecrypt() throws Exception { |
| Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
| cipher.init(Cipher.DECRYPT_MODE, key, iv); |
| InputStream in = new CipherInputStream(new ByteArrayInputStream(aesCipherText), cipher); |
| byte[] bytes = readAll(in); |
| assertEquals(Arrays.toString(plainText.getBytes("UTF-8")), Arrays.toString(bytes)); |
| } |
| |
| public void testDecrypt_RC4() throws Exception { |
| Cipher cipher = Cipher.getInstance("RC4"); |
| cipher.init(Cipher.DECRYPT_MODE, rc4Key); |
| InputStream in = new CipherInputStream(new ByteArrayInputStream(rc4CipherText), cipher); |
| byte[] bytes = readAll(in); |
| assertEquals(Arrays.toString(plainText.getBytes("UTF-8")), Arrays.toString(bytes)); |
| } |
| |
| public void testSkip() throws Exception { |
| Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
| cipher.init(Cipher.DECRYPT_MODE, key, iv); |
| InputStream in = new CipherInputStream(new ByteArrayInputStream(aesCipherText), cipher); |
| assertTrue(in.skip(5) >= 0); |
| } |
| |
| private byte[] readAll(InputStream in) throws IOException { |
| ByteArrayOutputStream out = new ByteArrayOutputStream(); |
| int count; |
| byte[] buffer = new byte[1024]; |
| while ((count = in.read(buffer)) != -1) { |
| out.write(buffer, 0, count); |
| } |
| return out.toByteArray(); |
| } |
| |
| public void testCipherInputStream_TruncatedInput_Failure() throws Exception { |
| Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
| cipher.init(Cipher.DECRYPT_MODE, key, iv); |
| InputStream is = new CipherInputStream(new ByteArrayInputStream(new byte[31]), cipher); |
| is.read(new byte[4]); |
| is.close(); |
| } |
| |
| public void testCipherInputStream_NullInputStream_Failure() throws Exception { |
| Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
| cipher.init(Cipher.DECRYPT_MODE, key, iv); |
| InputStream is = new CipherInputStream(null, cipher); |
| try { |
| is.read(); |
| fail("Expected NullPointerException"); |
| } catch (NullPointerException expected) { |
| } |
| |
| byte[] buffer = new byte[128]; |
| try { |
| is.read(buffer); |
| fail("Expected NullPointerException"); |
| } catch (NullPointerException expected) { |
| } |
| |
| try { |
| is.read(buffer, 0, buffer.length); |
| fail("Expected NullPointerException"); |
| } catch (NullPointerException expected) { |
| } |
| } |
| |
| public void testCloseTwice() throws Exception { |
| InputStream mockIs = mock(InputStream.class); |
| Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); |
| cipher.init(Cipher.DECRYPT_MODE, key, iv); |
| |
| CipherInputStream cis = new CipherInputStream(mockIs, cipher); |
| cis.close(); |
| cis.close(); |
| |
| verify(mockIs, times(1)).close(); |
| } |
| |
| /** |
| * CipherSpi that increments it's engineGetOutputSize output when |
| * engineUpdate is called. |
| */ |
| public static class CipherSpiWithGrowingOutputSize extends MockCipherSpi { |
| private int outputSizeDelta = 0; |
| |
| @Override |
| protected int engineGetOutputSize(int inputLen) { |
| return inputLen + outputSizeDelta; |
| } |
| |
| @Override |
| protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, |
| int outputOffset) throws ShortBufferException { |
| int expectedOutputSize = inputLen + outputSizeDelta++; |
| if ((output.length - outputOffset) < expectedOutputSize) { |
| throw new ShortBufferException(); |
| } |
| return expectedOutputSize; |
| } |
| |
| @Override |
| protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) { |
| int expectedOutputSize = inputLen + outputSizeDelta++; |
| return new byte[expectedOutputSize]; |
| } |
| |
| @Override |
| protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) { |
| return input; |
| } |
| } |
| |
| private static class MockProvider extends Provider { |
| public MockProvider() { |
| super("MockProvider", 1.0, "Mock provider used for testing"); |
| put("Cipher.GrowingOutputSize", |
| CipherSpiWithGrowingOutputSize.class.getName()); |
| } |
| } |
| |
| // http://b/32643789, check that CipherSpi.engineGetOutputSize is called and applied |
| // to output buffer size before calling CipherSpi.egineUpdate(byte[],int,int,byte[],int). |
| public void testCipherOutputSizeChange() throws Exception { |
| Provider mockProvider = new MockProvider(); |
| |
| Cipher cipher = Cipher.getInstance("GrowingOutputSize", mockProvider); |
| |
| cipher.init(Cipher.DECRYPT_MODE, key, iv); |
| InputStream mockEncryptedInputStream = new ByteArrayInputStream(new byte[1024]); |
| try (InputStream is = new CipherInputStream(mockEncryptedInputStream, cipher)) { |
| byte[] buffer = new byte[1024]; |
| // engineGetOutputSize returns 512+0, engineUpdate expects buf >= 512 |
| assertEquals(512, is.read(buffer)); |
| // engineGetOutputSize returns 512+1, engineUpdate expects buf >= 513 |
| // and will throw ShortBufferException buffer is smaller. |
| assertEquals(513, is.read(buffer)); |
| } |
| } |
| |
| // From b/31590622. CipherInputStream had a bug where it would ignore exceptions |
| // thrown during close(), because it was expecting exceptions to be thrown by read(). |
| public void testDecryptCorruptGCM() throws Exception { |
| for (Provider provider : Security.getProviders()) { |
| Cipher cipher; |
| try { |
| cipher = Cipher.getInstance("AES/GCM/NoPadding", provider); |
| } catch (NoSuchAlgorithmException e) { |
| continue; |
| } |
| SecretKey key; |
| if (provider.getName().equals("AndroidKeyStoreBCWorkaround")) { |
| key = getAndroidKeyStoreSecretKey(); |
| } else { |
| KeyGenerator keygen = KeyGenerator.getInstance("AES"); |
| keygen.init(256); |
| key = keygen.generateKey(); |
| } |
| GCMParameterSpec params = new GCMParameterSpec(128, new byte[12]); |
| byte[] unencrypted = new byte[200]; |
| |
| // Normal providers require specifying the IV, but KeyStore prohibits it, so |
| // we have to special-case it |
| if (provider.getName().equals("AndroidKeyStoreBCWorkaround")) { |
| cipher.init(Cipher.ENCRYPT_MODE, key); |
| } else { |
| cipher.init(Cipher.ENCRYPT_MODE, key, params); |
| } |
| byte[] encrypted = cipher.doFinal(unencrypted); |
| |
| // Corrupt the final byte, which will corrupt the authentication tag |
| encrypted[encrypted.length - 1] ^= 1; |
| |
| cipher.init(Cipher.DECRYPT_MODE, key, params); |
| CipherInputStream cis = new CipherInputStream( |
| new ByteArrayInputStream(encrypted), cipher); |
| try { |
| cis.read(unencrypted); |
| cis.close(); |
| fail("Reading a corrupted stream should throw an exception." |
| + " Provider: " + provider); |
| } catch (IOException expected) { |
| assertTrue(expected.getCause() instanceof AEADBadTagException); |
| } |
| } |
| |
| } |
| |
| // The AndroidKeyStoreBCWorkaround provider can't use keys created by anything |
| // but Android KeyStore, which requires using its own parameters class to create |
| // keys. Since we're in javax, we can't link against the frameworks classes, so |
| // we have to use reflection to make a suitable key. This will always be safe |
| // because if we're making a key for AndroidKeyStoreBCWorkaround, the KeyStore |
| // classes must be present. |
| private static SecretKey getAndroidKeyStoreSecretKey() throws Exception { |
| KeyGenerator keygen = KeyGenerator.getInstance("AES", "AndroidKeyStore"); |
| Class<?> keyParamsBuilderClass = keygen.getClass().getClassLoader().loadClass( |
| "android.security.keystore.KeyGenParameterSpec$Builder"); |
| Object keyParamsBuilder = keyParamsBuilderClass.getConstructor(String.class, Integer.TYPE) |
| // 3 is PURPOSE_ENCRYPT | PURPOSE_DECRYPT |
| .newInstance("testDecryptCorruptGCM", 3); |
| keyParamsBuilderClass.getMethod("setBlockModes", new Class[]{String[].class}) |
| .invoke(keyParamsBuilder, new Object[]{new String[]{"GCM"}}); |
| keyParamsBuilderClass.getMethod("setEncryptionPaddings", new Class[]{String[].class}) |
| .invoke(keyParamsBuilder, new Object[]{new String[]{"NoPadding"}}); |
| AlgorithmParameterSpec spec = (AlgorithmParameterSpec) |
| keyParamsBuilderClass.getMethod("build", new Class[]{}).invoke(keyParamsBuilder); |
| keygen.init(spec); |
| return keygen.generateKey(); |
| } |
| } |