/luni/src/test/java/libcore/javax/crypto/SecretKeyFactoryTest.java
Java | 170 lines | 114 code | 17 blank | 39 comment | 0 complexity | 3dc3bce378348644bf1b44fd3ac5bc51 MD5 | raw file
- /*
- * Copyright (C) 2010 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- package libcore.javax.crypto;
- import java.security.spec.InvalidKeySpecException;
- import java.security.spec.KeySpec;
- import java.util.Arrays;
- import javax.crypto.SecretKey;
- import javax.crypto.SecretKeyFactory;
- import javax.crypto.spec.PBEKeySpec;
- import junit.framework.TestCase;
- public class SecretKeyFactoryTest extends TestCase {
- private static final char[] PASSWORD = "google".toCharArray();
- /**
- * Salts should be random to reduce effectiveness of dictionary
- * attacks, but need not be kept secret from attackers. For more
- * information, see http://en.wikipedia.org/wiki/Salt_(cryptography)
- */
- private static final byte[] SALT = {0, 1, 2, 3, 4, 5, 6, 7};
- /**
- * The number of iterations should be higher for production
- * strength protection. The tolerable value may vary from device
- * to device, but 8192 should be acceptable for PBKDF2 on a Nexus One.
- */
- private static final int ITERATIONS = 1024;
- private static final int KEY_LENGTH = 128;
- public void test_PBKDF2_required_parameters() throws Exception {
- SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
- // PBEKeySpec validates arguments most to be non-null, non-empty, postive, etc.
- // Focus on insufficient PBEKeySpecs
- // PBEKeySpecs password only constructor
- try {
- KeySpec ks = new PBEKeySpec(null);
- factory.generateSecret(ks);
- fail();
- } catch (InvalidKeySpecException expected) {
- }
- try {
- KeySpec ks = new PBEKeySpec(new char[0]);
- factory.generateSecret(ks);
- fail();
- } catch (InvalidKeySpecException expected) {
- }
- try {
- KeySpec ks = new PBEKeySpec(PASSWORD);
- factory.generateSecret(ks);
- fail();
- } catch (InvalidKeySpecException expected) {
- }
- // PBEKeySpecs constructor without key length
- try {
- KeySpec ks = new PBEKeySpec(null, SALT, ITERATIONS);
- factory.generateSecret(ks);
- fail();
- } catch (InvalidKeySpecException expected) {
- }
- try {
- KeySpec ks = new PBEKeySpec(new char[0], SALT, ITERATIONS);
- factory.generateSecret(ks);
- fail();
- } catch (InvalidKeySpecException expected) {
- }
- try {
- KeySpec ks = new PBEKeySpec(PASSWORD, SALT, ITERATIONS);
- factory.generateSecret(ks);
- fail();
- } catch (InvalidKeySpecException expected) {
- }
- try {
- KeySpec ks = new PBEKeySpec(null, SALT, ITERATIONS, KEY_LENGTH);
- factory.generateSecret(ks);
- fail();
- } catch (IllegalArgumentException expected) {
- }
- try {
- KeySpec ks = new PBEKeySpec(new char[0], SALT, ITERATIONS, KEY_LENGTH);
- factory.generateSecret(ks);
- fail();
- } catch (IllegalArgumentException expected) {
- }
- KeySpec ks = new PBEKeySpec(PASSWORD, SALT, ITERATIONS, KEY_LENGTH);
- factory.generateSecret(ks);
- }
- public void test_PBKDF2_b3059950() throws Exception {
- test_PBKDF2(PASSWORD, SALT, ITERATIONS, KEY_LENGTH,
- new byte[] {
- (byte)0x70, (byte)0x74, (byte)0xdb, (byte)0x72,
- (byte)0x35, (byte)0xd4, (byte)0x11, (byte)0x68,
- (byte)0x83, (byte)0x7c, (byte)0x14, (byte)0x1f,
- (byte)0xf6, (byte)0x4a, (byte)0xb0, (byte)0x54
- });
- }
- /**
- * 64-bit Test vector from RFC 3211
- *
- * See also org.bouncycastle.crypto.test.PKCS5Test
- */
- public void test_PBKDF2_rfc3211_64() throws Exception {
- char[] password = "password".toCharArray();
- byte[] salt = new byte[] {
- (byte)0x12, (byte)0x34, (byte)0x56, (byte)0x78,
- (byte)0x78, (byte)0x56, (byte)0x34, (byte)0x12
- };
- int iterations = 5;
- int keyLength = 64;
- byte[] expected = new byte[] {
- (byte)0xD1, (byte)0xDA, (byte)0xA7, (byte)0x86,
- (byte)0x15, (byte)0xF2, (byte)0x87, (byte)0xE6
- };
- test_PBKDF2(password, salt, iterations, keyLength, expected);
- }
- /**
- * 192-bit Test vector from RFC 3211
- *
- * See also org.bouncycastle.crypto.test.PKCS5Test
- */
- public void test_PBKDF2_rfc3211_192() throws Exception {
- char[] password = ("All n-entities must communicate with other "
- + "n-entities via n-1 entiteeheehees").toCharArray();
- byte[] salt = new byte[] {
- (byte)0x12, (byte)0x34, (byte)0x56, (byte)0x78,
- (byte)0x78, (byte)0x56, (byte)0x34, (byte)0x12
- };
- int iterations = 500;
- int keyLength = 192;
- byte[] expected = new byte[] {
- (byte)0x6a, (byte)0x89, (byte)0x70, (byte)0xbf, (byte)0x68, (byte)0xc9,
- (byte)0x2c, (byte)0xae, (byte)0xa8, (byte)0x4a, (byte)0x8d, (byte)0xf2,
- (byte)0x85, (byte)0x10, (byte)0x85, (byte)0x86, (byte)0x07, (byte)0x12,
- (byte)0x63, (byte)0x80, (byte)0xcc, (byte)0x47, (byte)0xab, (byte)0x2d
- };
- test_PBKDF2(password, salt, iterations, keyLength, expected);
- }
- private void test_PBKDF2(char[] password, byte[] salt, int iterations, int keyLength,
- byte[] expected) throws Exception {
- SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
- KeySpec ks = new PBEKeySpec(password, salt, iterations, keyLength);
- SecretKey key = factory.generateSecret(ks);
- assertTrue(Arrays.equals(expected, key.getEncoded()));
- }
- }