From 869f007284570ab128056e37944789a0c7070e00 Mon Sep 17 00:00:00 2001 From: Jair Myree Date: Mon, 17 Jun 2024 17:21:44 -0700 Subject: [PATCH] Removal of azure-keyvault-cryptography (#40455) * Removal of azure-keyvault-cryptography * removing references to microsoft-azure-keyvault-cryptography * removing references to microsoft-azure-keyvault-cryptography * removing references to azure-keyvault-webkey * Revert "removing references to azure-keyvault-webkey" This reverts commit 3a27dc0a6f818a271395c12a9113af010bee3703. * removing references to azure-keyvault-cryptography * removing references to azure-keyvault-cryptography --- eng/spotbugs-aggregate-report/pom.xml | 5 - eng/versioning/version_data.txt | 1 - .../microsoft-azure-keyvault-complete/pom.xml | 5 - .../pom.xml | 110 ---- .../keyvault/cryptography/Algorithm.java | 35 - .../cryptography/AlgorithmResolver.java | 85 --- .../AsymmetricEncryptionAlgorithm.java | 77 --- .../AsymmetricSignatureAlgorithm.java | 12 - .../keyvault/cryptography/ByteExtensions.java | 112 ---- .../azure/keyvault/cryptography/EcKey.java | 400 ------------ .../cryptography/EncryptionAlgorithm.java | 20 - .../IAuthenticatedCryptoTransform.java | 9 - .../cryptography/ICryptoTransform.java | 29 - .../cryptography/ISignatureTransform.java | 13 - .../cryptography/KeyWrapAlgorithm.java | 149 ----- .../azure/keyvault/cryptography/RsaKey.java | 399 ------------ .../cryptography/SignatureAlgorithm.java | 12 - .../cryptography/SignatureEncoding.java | 274 -------- .../azure/keyvault/cryptography/Strings.java | 37 -- .../SymmetricEncryptionAlgorithm.java | 104 --- .../keyvault/cryptography/SymmetricKey.java | 387 ----------- .../cryptography/algorithms/Aes128Cbc.java | 14 - .../algorithms/Aes128CbcHmacSha256.java | 13 - .../cryptography/algorithms/Aes192Cbc.java | 14 - .../algorithms/Aes192CbcHmacSha384.java | 13 - .../cryptography/algorithms/Aes256Cbc.java | 14 - .../algorithms/Aes256CbcHmacSha512.java | 13 - .../cryptography/algorithms/AesCbc.java | 115 ---- .../algorithms/AesCbcHmacSha2.java | 276 -------- .../cryptography/algorithms/AesKw.java | 176 ----- .../cryptography/algorithms/AesKw128.java | 54 -- .../cryptography/algorithms/AesKw192.java | 54 -- .../cryptography/algorithms/AesKw256.java | 54 -- .../cryptography/algorithms/Ecdsa.java | 66 -- .../cryptography/algorithms/Es256.java | 18 - .../cryptography/algorithms/Es256k.java | 18 - .../cryptography/algorithms/Es384.java | 18 - .../cryptography/algorithms/Es512.java | 18 - .../cryptography/algorithms/Rs256.java | 90 --- .../cryptography/algorithms/Rsa15.java | 98 --- .../algorithms/RsaEncryption.java | 14 - .../cryptography/algorithms/RsaOaep.java | 100 --- .../cryptography/algorithms/RsaSignature.java | 218 ------- .../cryptography/algorithms/package-info.java | 7 - .../keyvault/cryptography/package-info.java | 8 - .../test/AesCbcBCProviderTest.java | 21 - .../test/AesCbcHmacShaBCProviderTest.java | 20 - .../cryptography/test/AesCbcHmacShaTest.java | 278 -------- .../cryptography/test/AesCbcTest.java | 233 ------- .../test/AesKwBCProviderTest.java | 34 - .../keyvault/cryptography/test/AesKwTest.java | 461 ------------- .../test/ECKeyBCProviderTest.java | 19 - .../keyvault/cryptography/test/ECKeyTest.java | 340 ---------- .../keyvault/cryptography/test/PemFile.java | 30 - .../test/RsaKeyBCProviderTest.java | 19 - .../cryptography/test/RsaKeyTest.java | 196 ------ .../test/SymmetricKeyBCProviderTest.java | 34 - .../cryptography/test/SymmetricKeyTest.java | 616 ------------------ .../src/test/resources/SECP256key.pem | 8 - .../src/test/resources/byte_array.bin | Bin 16 -> 0 bytes .../src/test/resources/p256key.pem | 8 - .../src/test/resources/p256keynew.pem | 5 - .../src/test/resources/p256keypubnew.pem | 4 - .../src/test/resources/p256sig.der | Bin 71 -> 0 bytes .../src/test/resources/p384keynew.pem | 6 - .../src/test/resources/p384keypubnew.pem | 5 - .../src/test/resources/p384sig.der | Bin 104 -> 0 bytes .../src/test/resources/p521keynew.pem | 8 - .../src/test/resources/p521keypubnew.pem | 6 - .../src/test/resources/p521sig.der | Bin 139 -> 0 bytes .../src/test/resources/secp256keynew.pem | 5 - .../src/test/resources/secp256keypubnew.pem | 4 - .../src/test/resources/secp256sig.der | Bin 70 -> 0 bytes .../pom.xml | 5 - .../microsoft-azure-keyvault-test/pom.xml | 6 - sdk/keyvault/microsoft-azure-keyvault/pom.xml | 6 - sdk/keyvault/pom.xml | 1 - 77 files changed, 6136 deletions(-) delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/pom.xml delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/Algorithm.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AlgorithmResolver.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AsymmetricEncryptionAlgorithm.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AsymmetricSignatureAlgorithm.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ByteExtensions.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EcKey.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EncryptionAlgorithm.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/IAuthenticatedCryptoTransform.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ICryptoTransform.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ISignatureTransform.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/KeyWrapAlgorithm.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/RsaKey.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SignatureAlgorithm.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SignatureEncoding.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/Strings.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SymmetricEncryptionAlgorithm.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SymmetricKey.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes128Cbc.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes128CbcHmacSha256.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes192Cbc.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes192CbcHmacSha384.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes256Cbc.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes256CbcHmacSha512.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesCbc.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesCbcHmacSha2.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw128.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw192.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw256.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Ecdsa.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256k.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es384.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es512.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Rs256.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Rsa15.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaEncryption.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaOaep.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaSignature.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/package-info.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/package-info.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcBCProviderTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcHmacShaBCProviderTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcHmacShaTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesKwBCProviderTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesKwTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/ECKeyBCProviderTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/ECKeyTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/PemFile.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/RsaKeyBCProviderTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/RsaKeyTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/SymmetricKeyBCProviderTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/SymmetricKeyTest.java delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/SECP256key.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/byte_array.bin delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256key.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256keynew.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256keypubnew.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256sig.der delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384keynew.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384keypubnew.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384sig.der delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p521keynew.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p521keypubnew.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p521sig.der delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256keynew.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256keypubnew.pem delete mode 100644 sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256sig.der diff --git a/eng/spotbugs-aggregate-report/pom.xml b/eng/spotbugs-aggregate-report/pom.xml index aacc92ca1220b..88215d26ef4d0 100644 --- a/eng/spotbugs-aggregate-report/pom.xml +++ b/eng/spotbugs-aggregate-report/pom.xml @@ -84,11 +84,6 @@ azure-keyvault 1.3.0-beta.1 - - com.microsoft.azure - azure-keyvault-cryptography - 1.3.0-beta.1 - com.microsoft.azure azure-keyvault-core diff --git a/eng/versioning/version_data.txt b/eng/versioning/version_data.txt index 5e7a70d4bb364..77e6c4f132c34 100644 --- a/eng/versioning/version_data.txt +++ b/eng/versioning/version_data.txt @@ -29,7 +29,6 @@ com.microsoft.azure:azure-eventhubs-extensions;3.3.2;3.4.0-beta.1 com.microsoft.azure:azure-keyvault;1.2.6;1.3.0-beta.1 com.microsoft.azure:azure-keyvault-complete;1.2.4;1.2.6 com.microsoft.azure:azure-keyvault-core;1.2.6;1.3.0-beta.1 -com.microsoft.azure:azure-keyvault-cryptography;1.2.6;1.3.0-beta.1 com.microsoft.azure:azure-keyvault-extensions;1.2.6;1.3.0-beta.1 com.microsoft.azure:azure-keyvault-test;1.2.3;1.2.6 com.microsoft.azure:azure-servicebus;3.6.7;3.7.0-beta.1 diff --git a/sdk/keyvault/microsoft-azure-keyvault-complete/pom.xml b/sdk/keyvault/microsoft-azure-keyvault-complete/pom.xml index fa8d1ee75dc73..789b6339e5082 100644 --- a/sdk/keyvault/microsoft-azure-keyvault-complete/pom.xml +++ b/sdk/keyvault/microsoft-azure-keyvault-complete/pom.xml @@ -59,11 +59,6 @@ the MIT License. See License.txt in the project root for license information. -- azure-keyvault-extensions 1.3.0-beta.1 - - com.microsoft.azure - azure-keyvault-cryptography - 1.3.0-beta.1 - diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/pom.xml b/sdk/keyvault/microsoft-azure-keyvault-cryptography/pom.xml deleted file mode 100644 index 4e94ed3d78efa..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/pom.xml +++ /dev/null @@ -1,110 +0,0 @@ - - - 4.0.0 - - - com.azure - azure-data-sdk-parent - 1.3.0 - ../../parents/azure-data-sdk-parent - - - com.microsoft.azure - azure-keyvault-cryptography - 1.3.0-beta.1 - jar - - Microsoft Azure SDK for Key Vault Cryptography - - This library has been replaced by new Azure SDKs, you can read about them at https://aka.ms/azsdkvalueprop. The latest libraries to interact with the Azure Key Vault service are: - (1) https://central.sonatype.com/artifact/com.azure/azure-security-keyvault-keys. - (2) https://central.sonatype.com/artifact/com.azure/azure-security-keyvault-secrets. - (3) https://central.sonatype.com/artifact/com.azure/azure-security-keyvault-certificates. - It is recommended that you move to the new package. - - https://github.com/Azure/azure-sdk-for-java - - - - azure-java-build-docs - ${site.url}/site/${project.artifactId} - - - - https://github.com/Azure/azure-sdk-for-java - - - UTF-8 - - - - - - - - - com.microsoft.azure - azure-keyvault-core - 1.3.0-beta.1 - - - - - com.fasterxml.jackson.core - jackson-databind - 2.13.5 - - - - - org.apache.commons - commons-lang3 - 3.12.0 - - - commons-codec - commons-codec - 1.15 - - - com.google.guava - guava - 33.1.0-jre - - - - - - junit - junit - 4.13.2 - test - - - org.bouncycastle - bcprov-jdk15to18 - 1.78.1 - test - - - - - - - org.apache.maven.plugins - maven-resources-plugin - 3.3.1 - - ${basedir}/target/test-classes - - - ${basedir}/src/test/resources - - - - - - - diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/Algorithm.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/Algorithm.java deleted file mode 100644 index 1a9ece446be35..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/Algorithm.java +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -/** - * Abstract base class for all Algorithm objects. - * - */ -public abstract class Algorithm { - - private final String name; - - /** - * Constructor. - * - * @param name The name of the algorithm. - */ - protected Algorithm(String name) { - if (Strings.isNullOrWhiteSpace(name)) { - throw new IllegalArgumentException("name"); - } - - this.name = name; - } - - /** - * Gets the name of the algorithm. - * - * @return The name of the algorithm. - */ - public String getName() { - return name; - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AlgorithmResolver.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AlgorithmResolver.java deleted file mode 100644 index 640ac8bfc5a56..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AlgorithmResolver.java +++ /dev/null @@ -1,85 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ConcurrentMap; - -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes128Cbc; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes128CbcHmacSha256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes192Cbc; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes192CbcHmacSha384; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes256Cbc; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes256CbcHmacSha512; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw128; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw192; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es256k; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es384; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es512; -import com.microsoft.azure.keyvault.cryptography.algorithms.Rs256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Rsa15; -import com.microsoft.azure.keyvault.cryptography.algorithms.RsaOaep; - -public class AlgorithmResolver { - - public static final AlgorithmResolver Default = new AlgorithmResolver(); - - static { - Default.put(Aes128CbcHmacSha256.ALGORITHM_NAME, new Aes128CbcHmacSha256()); - Default.put(Aes192CbcHmacSha384.ALGORITHM_NAME, new Aes192CbcHmacSha384()); - Default.put(Aes256CbcHmacSha512.ALGORITHM_NAME, new Aes256CbcHmacSha512()); - - Default.put(Aes128Cbc.ALGORITHM_NAME, new Aes128Cbc()); - Default.put(Aes192Cbc.ALGORITHM_NAME, new Aes192Cbc()); - Default.put(Aes256Cbc.ALGORITHM_NAME, new Aes256Cbc()); - - Default.put(AesKw128.ALGORITHM_NAME, new AesKw128()); - Default.put(AesKw192.ALGORITHM_NAME, new AesKw192()); - Default.put(AesKw256.ALGORITHM_NAME, new AesKw256()); - - Default.put(Rsa15.ALGORITHM_NAME, new Rsa15()); - Default.put(RsaOaep.ALGORITHM_NAME, new RsaOaep()); - - Default.put(Rs256.ALGORITHM_NAME, new Rs256()); - // Default.put(RsNull.ALGORITHM_NAME, new RsNull()); - - Default.put(Es256k.ALGORITHM_NAME, new Es256k()); - Default.put(Es256.ALGORITHM_NAME, new Es256()); - Default.put(Es384.ALGORITHM_NAME, new Es384()); - Default.put(Es512.ALGORITHM_NAME, new Es512()); - } - - private final ConcurrentMap algorithms = new ConcurrentHashMap(); - - /** - * Returns the implementation for an algorithm name. - * - * @param algorithmName The algorithm name. - * @return The implementation for the algorithm or null. - */ - public Algorithm get(String algorithmName) { - return algorithms.get(algorithmName); - } - - /** - * Add/Update a named algorithm implementation. - * - * @param algorithmName The algorithm name. - * @param provider The implementation of the algorithm. - */ - public void put(String algorithmName, Algorithm provider) { - algorithms.put(algorithmName, provider); - } - - /** - * Remove a named algorithm implementation. - * - * @param algorithmName The algorithm name - */ - public void remove(String algorithmName) { - algorithms.remove(algorithmName); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AsymmetricEncryptionAlgorithm.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AsymmetricEncryptionAlgorithm.java deleted file mode 100644 index 6982885e209ed..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AsymmetricEncryptionAlgorithm.java +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.security.InvalidKeyException; -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; - -import javax.crypto.NoSuchPaddingException; - -/** - * Abstract base class for all asymmetric encryption algorithms. - * - */ -public abstract class AsymmetricEncryptionAlgorithm extends EncryptionAlgorithm { - - /** - * Constructor. - * - * @param name The name of the algorithm. - */ - protected AsymmetricEncryptionAlgorithm(String name) { - super(name); - } - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for encryption that - * uses the specified {@link java.security.KeyPair} and the default {@link java.security.Provider} provider. - * - * @param keyPair The key pair to use. - * @return - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - */ - public abstract ICryptoTransform CreateEncryptor(KeyPair keyPair) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for encryption that - * uses the specified {@link java.security.KeyPair} and {@link java.security.Provider}. - * - * @param keyPair The key pair to use. - * @param provider The provider to use. - * @return - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - */ - public abstract ICryptoTransform CreateEncryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for decryption that - * uses the specified {@link java.security.KeyPair} and the default {@link java.security.Provider} provider. - * - * @param keyPair The key pair to use. - * @return - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - */ - public abstract ICryptoTransform CreateDecryptor(KeyPair keyPair) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for decryption that - * uses the specified {@link java.security.KeyPair} and {@link java.security.Provider}. - * - * @param keyPair The key pair to use. - * @param provider The provider to use. - * @return - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - */ - public abstract ICryptoTransform CreateDecryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException; -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AsymmetricSignatureAlgorithm.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AsymmetricSignatureAlgorithm.java deleted file mode 100644 index 643d3277f9a05..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/AsymmetricSignatureAlgorithm.java +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -public abstract class AsymmetricSignatureAlgorithm extends SignatureAlgorithm { - - protected AsymmetricSignatureAlgorithm(String name) { - super(name); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ByteExtensions.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ByteExtensions.java deleted file mode 100644 index 0c0403e8dff52..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ByteExtensions.java +++ /dev/null @@ -1,112 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.util.Arrays; - -public final class ByteExtensions { - - public static byte[] or(byte[] self, byte[] other) { - return or(self, other, 0); - } - - public static byte[] or(byte[] self, byte[] other, int offset) { - if (self == null) { - throw new IllegalArgumentException("self"); - } - - if (other == null) { - throw new IllegalArgumentException("other"); - } - - if (self.length > other.length - offset) { - throw new IllegalArgumentException("self and other lengths do not match"); - } - - byte[] result = new byte[self.length]; - - for (int i = 0; i < self.length; i++) { - result[i] = (byte) (self[i] | other[offset + i]); - } - - return result; - } - - public static byte[] xor(byte[] self, byte[] other) { - return xor(self, other, 0); - } - - static byte[] xor(byte[] self, byte[] other, int offset) { - if (self == null) { - throw new IllegalArgumentException("self"); - } - - if (other == null) { - throw new IllegalArgumentException("other"); - } - - if (self.length > other.length - offset) { - throw new IllegalArgumentException("self and other lengths do not match"); - } - - byte[] result = new byte[self.length]; - - for (int i = 0; i < self.length; i++) { - result[i] = (byte) (self[i] ^ other[offset + i]); - } - - return result; - } - - public static void zero(byte[] self) { - if (self != null) { - Arrays.fill(self, (byte) 0); - } - } - - /** - * Compares two byte arrays in constant time. - * - * @param self - * The first byte array to compare - * @param other - * The second byte array to compare - * @return - * True if the two byte arrays are equal. - */ - public static boolean sequenceEqualConstantTime(byte[] self, byte[] other) { - if (self == null) { - throw new IllegalArgumentException("self"); - } - - if (other == null) { - throw new IllegalArgumentException("other"); - } - - // Constant time comparison of two byte arrays - long difference = (self.length & 0xffffffffL) ^ (other.length & 0xffffffffL); - - for (int i = 0; i < self.length && i < other.length; i++) { - difference |= (self[i] ^ other[i]) & 0xffffffffL; - } - - return difference == 0; - } - - /** - * Creates a copy of the source array. - * @param source Array to make copy of - * @return A copy of the array, or null if source was null. - */ - public static byte[] clone(byte[] source) { - if (source == null) { - return null; - } - - byte[] copy = new byte[source.length]; - System.arraycopy(source, 0, copy, 0, source.length); - - return copy; - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EcKey.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EcKey.java deleted file mode 100644 index 07b6d662eca31..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EcKey.java +++ /dev/null @@ -1,400 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.Security; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.security.spec.EllipticCurve; -import java.security.spec.InvalidKeySpecException; -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.UUID; - -import org.apache.commons.lang3.tuple.Pair; -import org.apache.commons.lang3.tuple.Triple; - -import com.google.common.collect.ImmutableMap; -import com.google.common.util.concurrent.Futures; -import com.google.common.util.concurrent.ListenableFuture; -import com.microsoft.azure.keyvault.core.IKey; -import com.microsoft.azure.keyvault.cryptography.algorithms.Ecdsa; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es256k; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es384; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es512; -import com.microsoft.azure.keyvault.webkey.JsonWebKey; -import com.microsoft.azure.keyvault.webkey.JsonWebKeyCurveName; - - -public class EcKey implements IKey { - - public static final String P256 = "secp256r1"; - public static final String P384 = "secp384r1"; - public static final String P521 = "secp521r1"; - public static final String P256K = "secp256k1"; - public static final Map CURVE_TO_SIGNATURE = ImmutableMap.builder() - .put(JsonWebKeyCurveName.P_256, Es256.ALGORITHM_NAME) - .put(JsonWebKeyCurveName.P_384, Es384.ALGORITHM_NAME) - .put(JsonWebKeyCurveName.P_521, Es512.ALGORITHM_NAME) - .put(JsonWebKeyCurveName.P_256K, Es256k.ALGORITHM_NAME) - .build(); - public static final Map CURVE_TO_SPEC_NAME = ImmutableMap.builder() - .put(JsonWebKeyCurveName.P_256, P256) - .put(JsonWebKeyCurveName.P_384, P384) - .put(JsonWebKeyCurveName.P_521, P521) - .put(JsonWebKeyCurveName.P_256K, P256K) - .build(); - - - private final String kid; - private final KeyPair keyPair; - private final Provider provider; - private final JsonWebKeyCurveName curve; - - protected final String signatureAlgorithm; - protected String defaultEncryptionAlgorithm; - - public static JsonWebKeyCurveName getDefaultCurve() { - return JsonWebKeyCurveName.P_256; - } - - /** - * Constructor. - * - * Generates a new EcKey with a P_256 curve and a randomly generated kid. - * - * @throws NoSuchAlgorithmException - * @throws InvalidAlgorithmParameterException - */ - public EcKey() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - this(UUID.randomUUID().toString()); - } - - /** - * Constructor. - * - * Generates a new EcKey with a P_256 curve and the given kid. - * - * @param kid - * @throws NoSuchAlgorithmException - * @throws InvalidAlgorithmParameterException - */ - public EcKey(String kid) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - this(kid, getDefaultCurve(), Security.getProvider("SunEC")); - } - - /** - * Constructor. - * - * Generates a new EcKey with the given curve and kid. - * @param kid - * @param curve - * @throws NoSuchAlgorithmException - * @throws InvalidAlgorithmParameterException - */ - public EcKey(String kid, JsonWebKeyCurveName curve) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - this(kid, curve, Security.getProvider("SunEC")); - } - - /** - * Constructor. - * - * Generates a new EcKey with the given curve and kid. - * @param kid - * @param curve - * @param provider Java security provider - * @throws InvalidAlgorithmParameterException - * @throws NoSuchAlgorithmException - */ - public EcKey(String kid, JsonWebKeyCurveName curve, Provider provider) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException { - this.kid = kid; - this.provider = provider; - this.curve = curve; - - signatureAlgorithm = CURVE_TO_SIGNATURE.get(curve); - if (signatureAlgorithm == null) { - throw new NoSuchAlgorithmException("Curve not supported."); - } - - final KeyPairGenerator generator = KeyPairGenerator.getInstance("EC", provider); - ECGenParameterSpec gps = new ECGenParameterSpec(CURVE_TO_SPEC_NAME.get(curve)); - - generator.initialize(gps); - keyPair = generator.generateKeyPair(); - - } - - /** - * Constructor. - * - * Generates a new EcKey with the given keyPair. - * The keyPair must be an ECKey. - * @param kid - * @param keyPair - * @throws NoSuchAlgorithmException - * @throws InvalidAlgorithmParameterException - */ - public EcKey(String kid, KeyPair keyPair) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - this(kid, keyPair, Security.getProvider("SunEC")); - } - - /** - * Constructor. - * - * Generates a new EcKey with the given keyPair. - * The keyPair must be an ECKey. - * @param kid - * @param keyPair - * @param provider Java security provider - * @throws NoSuchAlgorithmException - * @throws InvalidAlgorithmParameterException - */ - public EcKey(String kid, KeyPair keyPair, Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException { - - if (Strings.isNullOrWhiteSpace(kid)) { - throw new IllegalArgumentException("Please provide a kid"); - } - - if (keyPair == null) { - throw new IllegalArgumentException("Please provide an ECKey"); - } - - if (keyPair.getPublic() == null || !(keyPair.getPublic() instanceof ECPublicKey)) { - throw new IllegalArgumentException("The keyPair provided is not an ECKey"); - } - - this.kid = kid; - this.keyPair = keyPair; - this.provider = provider; - curve = getCurveFromKeyPair(keyPair); - signatureAlgorithm = CURVE_TO_SIGNATURE.get(curve); - if (signatureAlgorithm == null) { - throw new IllegalArgumentException("Curve not supported."); - } - } - - /** - * Converts JSON web key to EC key pair, does not include the private key. - * @param jwk - * @return EcKey - * @throws NoSuchAlgorithmException - * @throws InvalidAlgorithmParameterException - * @throws InvalidKeySpecException - * @throws NoSuchProviderException - */ - public static EcKey fromJsonWebKey(JsonWebKey jwk) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeySpecException, NoSuchProviderException { - return fromJsonWebKey(jwk, false, null); - } - - /** - * Converts JSON web key to EC key pair and include the private key if set to true. - * @param jwk - * @param includePrivateParameters true if the EC key pair should include the private key. False otherwise. - * @return EcKey - * @throws NoSuchAlgorithmException - * @throws InvalidAlgorithmParameterException - * @throws InvalidKeySpecException - * @throws NoSuchProviderException - */ - public static EcKey fromJsonWebKey(JsonWebKey jwk, boolean includePrivateParameters) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeySpecException, NoSuchProviderException { - return fromJsonWebKey(jwk, includePrivateParameters, null); - } - - /** - * Converts JSON web key to EC key pair and include the private key if set to true. - * @param jwk - * @param includePrivateParameters true if the EC key pair should include the private key. False otherwise. - * @param provider the Java Security Provider - * @return EcKey - */ - public static EcKey fromJsonWebKey(JsonWebKey jwk, boolean includePrivateParameters, Provider provider) { - try { - if (jwk.kid() != null) { - return new EcKey(jwk.kid(), jwk.toEC(includePrivateParameters, provider)); - } else { - throw new IllegalArgumentException("Json Web Key should have a kid"); - } - } catch (GeneralSecurityException e) { - throw new IllegalStateException(e); - } - } - - /** - * Converts EcKey to JSON web key. - * @return - */ - public JsonWebKey toJsonWebKey() { - return JsonWebKey.fromEC(keyPair, provider); - } - - // Matches the curve of the keyPair to supported curves. - private JsonWebKeyCurveName getCurveFromKeyPair(KeyPair keyPair) { - try { - ECPublicKey key = (ECPublicKey) keyPair.getPublic(); - ECParameterSpec spec = key.getParams(); - EllipticCurve crv = spec.getCurve(); - - List curveList = Arrays.asList(JsonWebKeyCurveName.P_256, JsonWebKeyCurveName.P_384, JsonWebKeyCurveName.P_521, JsonWebKeyCurveName.P_256K); - - for (JsonWebKeyCurveName curve : curveList) { - ECGenParameterSpec gps = new ECGenParameterSpec(CURVE_TO_SPEC_NAME.get(curve)); - KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", provider); - kpg.initialize(gps); - - // Generate dummy keypair to get parameter spec. - KeyPair apair = kpg.generateKeyPair(); - ECPublicKey apub = (ECPublicKey) apair.getPublic(); - ECParameterSpec aspec = apub.getParams(); - EllipticCurve acurve = aspec.getCurve(); - - //Matches the parameter spec - if (acurve.equals(crv)) { - return curve; - } - } - - //Did not find a supported curve. - throw new IllegalArgumentException("Curve not supported."); - } catch (GeneralSecurityException e) { - throw new IllegalStateException(e); - } - } - - /** - * @return curve of the key - */ - public JsonWebKeyCurveName getCurve() { - return curve; - } - - /** - * - * @return the underlying keyPair of the key - */ - public KeyPair getKeyPair() { - return keyPair; - } - - @Override - public void close() throws IOException { - // Intentionally empty - } - - @Override - public String getDefaultEncryptionAlgorithm() { - return null; - } - - @Override - public String getDefaultKeyWrapAlgorithm() { - return null; - } - - @Override - public String getDefaultSignatureAlgorithm() { - return signatureAlgorithm; - } - - @Override - public String getKid() { - return kid; - } - - @Override - public ListenableFuture decryptAsync(byte[] ciphertext, byte[] iv, byte[] authenticationData, - byte[] authenticationTag, String algorithm) throws NoSuchAlgorithmException { - throw new UnsupportedOperationException("Decrypt Async is not supported"); - } - - @Override - public ListenableFuture> encryptAsync(byte[] plaintext, byte[] iv, - byte[] authenticationData, String algorithm) throws NoSuchAlgorithmException { - throw new UnsupportedOperationException("Encrypt Async is not supported"); - } - - @Override - public ListenableFuture> wrapKeyAsync(byte[] key, String algorithm) - throws NoSuchAlgorithmException { - throw new UnsupportedOperationException("Wrap key is not supported"); - } - - @Override - public ListenableFuture unwrapKeyAsync(byte[] encryptedKey, String algorithm) - throws NoSuchAlgorithmException { - throw new UnsupportedOperationException("Unwrap key is not supported"); - } - - @Override - public ListenableFuture> signAsync(byte[] digest, String algorithm) throws NoSuchAlgorithmException { - - if (keyPair.getPrivate() == null) { - throw new UnsupportedOperationException("Sign is not supported without a private key."); - } - - if (digest == null) { - throw new IllegalArgumentException("Please provide a digest to sign."); - } - - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("Please provide a signature algorithm to use."); - } - - // Interpret the requested algorithm - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof AsymmetricSignatureAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - Ecdsa algo = (Ecdsa) baseAlgorithm; - ISignatureTransform signer = algo.createSignatureTransform(keyPair, provider); - - try { - return Futures.immediateFuture(Pair.of(signer.sign(digest), algorithm)); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - } - - @Override - public ListenableFuture verifyAsync(byte[] digest, byte[] signature, String algorithm) throws NoSuchAlgorithmException { - - if (digest == null) { - throw new IllegalArgumentException("Please provide a digest input."); - } - - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("Please provide an algorithm"); - } - - // Interpret the requested algorithm - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof AsymmetricSignatureAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - Ecdsa algo = (Ecdsa) baseAlgorithm; - - ISignatureTransform signer = algo.createSignatureTransform(keyPair, provider); - - try { - return Futures.immediateFuture(signer.verify(digest, signature)); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EncryptionAlgorithm.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EncryptionAlgorithm.java deleted file mode 100644 index 73e147b2df997..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/EncryptionAlgorithm.java +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -/** - * Abstract base class for all encryption algorithms. - * - */ -public abstract class EncryptionAlgorithm extends Algorithm { - - /** - * Constructor. - * @param name The name of the algorithm. - */ - protected EncryptionAlgorithm(String name) { - super(name); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/IAuthenticatedCryptoTransform.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/IAuthenticatedCryptoTransform.java deleted file mode 100644 index 5b7237c7b6fbd..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/IAuthenticatedCryptoTransform.java +++ /dev/null @@ -1,9 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -public interface IAuthenticatedCryptoTransform extends ICryptoTransform { - - byte[] getTag(); -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ICryptoTransform.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ICryptoTransform.java deleted file mode 100644 index 91fd0be5526c8..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ICryptoTransform.java +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; - -/** - * Defines the basic operations of cryptographic transformations. - * - */ -public interface ICryptoTransform { - - /** - * Transforms the specified region of the specified byte array as a single operation. - * - * @param input The byte array to be transformed - * @return The transformed result. - * @throws IllegalBlockSizeException - * @throws BadPaddingException - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - */ - byte[] doFinal(byte[] input) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException; -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ISignatureTransform.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ISignatureTransform.java deleted file mode 100644 index e2cabdd456337..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/ISignatureTransform.java +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.security.GeneralSecurityException; - -public interface ISignatureTransform { - - byte[] sign(final byte[] digest) throws GeneralSecurityException; - - boolean verify(final byte[] digest, final byte[] signature) throws GeneralSecurityException; -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/KeyWrapAlgorithm.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/KeyWrapAlgorithm.java deleted file mode 100644 index 2880ecfd3fc8a..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/KeyWrapAlgorithm.java +++ /dev/null @@ -1,149 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; - -import javax.crypto.NoSuchPaddingException; - -/** - * Abstract base class for all key wrap algorithms. - * - */ -public abstract class KeyWrapAlgorithm extends Algorithm { - - /** - * Constructor. - * - * @param name The name of the algorithm. - */ - protected KeyWrapAlgorithm(String name) { - super(name); - } - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for encryption. - * Uses the default AES-KW initialization vector. - * @param key - * The AES key material to be used. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidKeyException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateEncryptor(byte[] key) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for encryption that - * uses the specified provider for the Java Security API. Uses the default AES-KW initialization vector. - * - * @param key - * The AES key material to be used. - * @param provider - * The provider to use. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidKeyException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateEncryptor(byte[] key, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for encryption - * using the supplied initialization vector. - * @param key - * The AES key material to be used. - * @param iv - * The initialization vector to be used. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidKeyException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateEncryptor(byte[] key, byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for encryption - * using the supplied initialization vector and the specific provider for the Java Security API. - * @param key - * The AES key material to be used. - * @param iv - * The initialization vector to be used. - * @param provider - * The provider to use. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidKeyException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for decryption. - * Uses the default AES-KW initialization vector. - * @param key - * The AES key material to be used. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidKeyException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateDecryptor(byte[] key) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for decryption that - * uses the specified provider for the Java Security API. Uses the default AES-KW initialization vector. - * - * @param key - * The AES key material to be used. - * @param provider - * The provider to use. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidKeyException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateDecryptor(byte[] key, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for decryption - * using the supplied initialization vector. - * @param key - * The AES key material to be used. - * @param iv - * The initialization vector to be used. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidKeyException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateDecryptor(byte[] key, byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for decryption - * using the supplied initialization vector and the specific provider for the Java Security API. - * @param key - * The AES key material to be used. - * @param iv - * The initialization vector to be used. - * @param provider - * The provider to use. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidKeyException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException; -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/RsaKey.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/RsaKey.java deleted file mode 100644 index d8226d5024853..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/RsaKey.java +++ /dev/null @@ -1,399 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import java.security.interfaces.RSAPublicKey; -import java.util.UUID; - -import org.apache.commons.lang3.tuple.Pair; -import org.apache.commons.lang3.tuple.Triple; - -import com.google.common.util.concurrent.Futures; -import com.google.common.util.concurrent.ListenableFuture; -import com.microsoft.azure.keyvault.core.IKey; -import com.microsoft.azure.keyvault.cryptography.algorithms.Rs256; -import com.microsoft.azure.keyvault.cryptography.algorithms.RsaOaep; -import com.microsoft.azure.keyvault.webkey.JsonWebKey; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; - -public class RsaKey implements IKey { - - public static final int KeySize1024 = 1024; - public static final int KeySize2048 = 2048; - public static final int KeySize4096 = 4096; - - public static int getDefaultKeySize() { - return RsaKey.KeySize2048; - } - - private final String kid; - private final KeyPair keyPair; - private final Provider provider; - - /** - * Constructor. - * - * Generates a new RsaKey with a 2048 size keypair and a randomly generated kid. - * @throws NoSuchAlgorithmException - */ - public RsaKey() throws NoSuchAlgorithmException { - this(UUID.randomUUID().toString()); - } - - /** - * Constructor. - * - * Generates a new RsaKey with a 2048 size keypair and the kid given. - * @param kid - * @throws NoSuchAlgorithmException - */ - public RsaKey(String kid) throws NoSuchAlgorithmException { - this(kid, getDefaultKeySize()); - } - - /** - * Constructor. - * - * Generates a new RsaKey with size keySize and the kid given. - * @param kid - * @param keySize - * @throws NoSuchAlgorithmException - */ - public RsaKey(String kid, int keySize) throws NoSuchAlgorithmException { - this(kid, keySize, null); - } - - /** - * Constructor. - * - * Generates a new RsaKey with size keySize and the kid given. The given provider is used for algorithm implementation. - * @param kid - * @param keySize - * @param provider Java security provider. - * @throws NoSuchAlgorithmException - */ - public RsaKey(String kid, int keySize, Provider provider) throws NoSuchAlgorithmException { - - if (Strings.isNullOrWhiteSpace(kid)) { - throw new IllegalArgumentException("kid"); - } - - final KeyPairGenerator generator; - - generator = provider == null ? KeyPairGenerator.getInstance("RSA") : KeyPairGenerator.getInstance("RSA", provider); - - generator.initialize(keySize); - - this.kid = kid; - this.keyPair = generator.generateKeyPair(); - this.provider = provider; - } - - /** - * Constructor. - * - * Generates a new RsaKey with the given KeyPair. - * The keyPair must be an RSAKey. - * @param kid - * @param keyPair - */ - public RsaKey(String kid, KeyPair keyPair) { - this(kid, keyPair, null); - } - - /** - * Constructor. - * - * Generates a new RsaKey with given KeyPair. The given provider is used for algorithm implementation. - * The keyPair must be an RSAKey. - * @param kid - * @param keyPair - * @param provider Java security provider - */ - public RsaKey(String kid, KeyPair keyPair, Provider provider) { - - if (Strings.isNullOrWhiteSpace(kid)) { - throw new IllegalArgumentException("Please provide a kid"); - } - - if (keyPair == null) { - throw new IllegalArgumentException("Please provide a KeyPair"); - } - - if (keyPair.getPublic() == null || !(keyPair.getPublic() instanceof RSAPublicKey)) { - throw new IllegalArgumentException("The KeyPair is not an RsaKey"); - } - - this.kid = kid; - this.keyPair = keyPair; - this.provider = provider; - } - - /** - * Converts JSON web key to RsaKey. - * @param jwk - * @return RsaKey - */ - public static RsaKey fromJsonWebKey(JsonWebKey jwk) { - return fromJsonWebKey(jwk, false, null); - } - - /** - * Converts JSON web key to RsaKey and include the private key if set to true. - * @param jwk - * @param includePrivateParameters true if the RSA key pair should include the private key. False otherwise. - * @return RsaKey - */ - public static RsaKey fromJsonWebKey(JsonWebKey jwk, boolean includePrivateParameters) { - return fromJsonWebKey(jwk, includePrivateParameters, null); - } - - /** - * Converts JSON web key to RsaKey and include the private key if set to true. - * @param provider the Java security provider. - * @param includePrivateParameters true if the RSA key pair should include the private key. False otherwise. - * @return RsaKey - */ - public static RsaKey fromJsonWebKey(JsonWebKey jwk, boolean includePrivateParameters, Provider provider) { - if (jwk.kid() != null) { - return new RsaKey(jwk.kid(), jwk.toRSA(includePrivateParameters, provider)); - } else { - throw new IllegalArgumentException("Json Web Key must have a kid"); - } - } - - /** - * Converts RsaKey to JSON web key. - * @return - */ - public JsonWebKey toJsonWebKey() { - return JsonWebKey.fromRSA(keyPair); - } - - @Override - public String getDefaultEncryptionAlgorithm() { - return RsaOaep.ALGORITHM_NAME; - } - - @Override - public String getDefaultKeyWrapAlgorithm() { - return RsaOaep.ALGORITHM_NAME; - } - - @Override - public String getDefaultSignatureAlgorithm() { - return Rs256.ALGORITHM_NAME; - } - - @Override - public String getKid() { - return kid; - } - - public KeyPair getKeyPair() { - return keyPair; - } - - @Override - public ListenableFuture decryptAsync(final byte[] ciphertext, final byte[] iv, final byte[] authenticationData, final byte[] authenticationTag, final String algorithm) throws NoSuchAlgorithmException { - - if (ciphertext == null) { - throw new IllegalArgumentException("ciphertext"); - } - - // Interpret the requested algorithm - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("algorithm"); - } - - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - AsymmetricEncryptionAlgorithm algo = (AsymmetricEncryptionAlgorithm) baseAlgorithm; - - ICryptoTransform transform; - ListenableFuture result; - - try { - transform = algo.CreateDecryptor(keyPair, provider); - result = Futures.immediateFuture(transform.doFinal(ciphertext)); - } catch (Exception e) { - result = Futures.immediateFailedFuture(e); - } - - return result; - } - - @Override - public ListenableFuture> encryptAsync(final byte[] plaintext, final byte[] iv, final byte[] authenticationData, final String algorithm) throws NoSuchAlgorithmException { - - if (plaintext == null) { - throw new IllegalArgumentException("plaintext"); - } - - // Interpret the requested algorithm - String algorithmName = (Strings.isNullOrWhiteSpace(algorithm) ? getDefaultEncryptionAlgorithm() : algorithm); - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithmName); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) { - throw new NoSuchAlgorithmException(algorithmName); - } - - AsymmetricEncryptionAlgorithm algo = (AsymmetricEncryptionAlgorithm) baseAlgorithm; - - ICryptoTransform transform; - ListenableFuture> result; - - try { - transform = algo.CreateEncryptor(keyPair, provider); - result = Futures.immediateFuture(Triple.of(transform.doFinal(plaintext), (byte[]) null, algorithmName)); - } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException | BadPaddingException e) { - result = Futures.immediateFailedFuture(e); - } - - return result; - } - - @Override - public ListenableFuture> wrapKeyAsync(final byte[] key, final String algorithm) throws NoSuchAlgorithmException { - - if (key == null) { - throw new IllegalArgumentException("key"); - } - - // Interpret the requested algorithm - String algorithmName = (Strings.isNullOrWhiteSpace(algorithm) ? getDefaultKeyWrapAlgorithm() : algorithm); - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithmName); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) { - throw new NoSuchAlgorithmException(algorithmName); - } - - AsymmetricEncryptionAlgorithm algo = (AsymmetricEncryptionAlgorithm) baseAlgorithm; - - ICryptoTransform transform; - ListenableFuture> result; - - try { - transform = algo.CreateEncryptor(keyPair, provider); - result = Futures.immediateFuture(Pair.of(transform.doFinal(key), algorithmName)); - } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException | BadPaddingException e) { - result = Futures.immediateFailedFuture(e); - } - - return result; - } - - @Override - public ListenableFuture unwrapKeyAsync(final byte[] encryptedKey, final String algorithm) throws NoSuchAlgorithmException { - - if (encryptedKey == null) { - throw new IllegalArgumentException("encryptedKey "); - } - - // Interpret the requested algorithm - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("algorithm"); - } - - // Interpret the requested algorithm - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof AsymmetricEncryptionAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - AsymmetricEncryptionAlgorithm algo = (AsymmetricEncryptionAlgorithm) baseAlgorithm; - - ICryptoTransform transform; - ListenableFuture result; - - try { - transform = algo.CreateDecryptor(keyPair, provider); - result = Futures.immediateFuture(transform.doFinal(encryptedKey)); - } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException | BadPaddingException e) { - result = Futures.immediateFailedFuture(e); - } - - return result; - } - - @Override - public ListenableFuture> signAsync(final byte[] digest, final String algorithm) throws NoSuchAlgorithmException { - - if (digest == null) { - throw new IllegalArgumentException("encryptedKey "); - } - - // Interpret the requested algorithm - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("algorithm"); - } - - // Interpret the requested algorithm - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof AsymmetricSignatureAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - Rs256 algo = (Rs256) baseAlgorithm; - - ISignatureTransform signer = algo.createSignatureTransform(keyPair); - - try { - return Futures.immediateFuture(Pair.of(signer.sign(digest), Rs256.ALGORITHM_NAME)); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - } - - @Override - public ListenableFuture verifyAsync(final byte[] digest, final byte[] signature, final String algorithm) throws NoSuchAlgorithmException { - - if (digest == null) { - throw new IllegalArgumentException("encryptedKey "); - } - - // Interpret the requested algorithm - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("algorithm"); - } - - // Interpret the requested algorithm - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof AsymmetricSignatureAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - Rs256 algo = (Rs256) baseAlgorithm; - - ISignatureTransform signer = algo.createSignatureTransform(keyPair); - - try { - return Futures.immediateFuture(signer.verify(digest, signature)); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - } - - @Override - public void close() throws IOException { - // Intentionally empty - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SignatureAlgorithm.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SignatureAlgorithm.java deleted file mode 100644 index 10b1329fb3b2a..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SignatureAlgorithm.java +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -public abstract class SignatureAlgorithm extends Algorithm { - - protected SignatureAlgorithm(String name) { - super(name); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SignatureEncoding.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SignatureEncoding.java deleted file mode 100644 index 5912e38411d61..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SignatureEncoding.java +++ /dev/null @@ -1,274 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.util.Arrays; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.math.BigInteger; -import java.security.NoSuchAlgorithmException; - -import com.microsoft.azure.keyvault.cryptography.algorithms.Ecdsa; -import org.apache.commons.codec.binary.Hex; - -public final class SignatureEncoding { - // SignatureEncoding is intended to be a static class - private SignatureEncoding() { } - - /** - * Converts an ASN.1 DER encoded ECDSA signature to a raw signature in the form R|S - * @param asn1DerSignature An ASN.1 DER encoded signature - * @param algorithm The algorithm used to produce the given ASN.1 DER encoded signature - * @return The raw format of the given ASN.1 DER encoded signature in the form R|S - */ - public static byte[] fromAsn1Der(byte[] asn1DerSignature, String algorithm) throws NoSuchAlgorithmException { - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - // verify the given algoritm could be resolved - if (baseAlgorithm == null) { - throw new NoSuchAlgorithmException(algorithm); - } - - // verify the given algoritm is an Ecdsa signature algorithm - if (!(baseAlgorithm instanceof Ecdsa)) { - throw new IllegalArgumentException("Invalid algorithm; must be an instance of ECDSA."); - } - - return SignatureEncoding.fromAsn1Der(asn1DerSignature, (Ecdsa) baseAlgorithm); - } - - /** - * Converts an ASN.1 DER encoded ECDSA signature to a raw signature in the form R|S - * @param asn1DerSignature An ASN.1 DER encoded signature - * @param algorithm The algorithm used to produce the given ASN.1 DER encoded signature - * @return The raw format of the given ASN.1 DER encoded signature in the form R|S - */ - public static byte[] fromAsn1Der(byte[] asn1DerSignature, Ecdsa algorithm) { - - try { - return Asn1DerSignatureEncoding.decode(asn1DerSignature, algorithm); - } catch (IllegalArgumentException ex) { - throw (IllegalArgumentException) new IllegalArgumentException( - ex.getMessage() + " " + Hex.encodeHexString(asn1DerSignature)).initCause(ex); - } - } - - /** - * Converts a raw ECDSA signature in the form R|S to an ASN.1 DER encoded signature. - * @param signature A raw ECDSA signature in the form R|S. - * @param algorithm The algorithm used to produce the given signature. - * @return The ASN.1 DER encoded signature of the given signature. - */ - public static byte[] toAsn1Der(byte[] signature, String algorithm) throws NoSuchAlgorithmException { - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - // verify the given algoritm could be resolved - if (baseAlgorithm == null) { - throw new NoSuchAlgorithmException(algorithm); - } - - // verify the given algoritm is an Ecdsa signature algorithm - if (!(baseAlgorithm instanceof Ecdsa)) { - throw new IllegalArgumentException("Invalid algorithm; must be an instance of ECDSA."); - } - - return SignatureEncoding.toAsn1Der(signature, (Ecdsa) baseAlgorithm); - } - - /** - * Converts a raw ECDSA signature in the form R|S to an ASN.1 DER encoded signature. - * @param signature A raw ECDSA signature in the form R|S. - * @param algorithm The algorithm used to produce the given signature. - * @return The ASN.1 DER encoded signature of the given signature. - */ - public static byte[] toAsn1Der(byte[] signature, Ecdsa algorithm) { - try { - return Asn1DerSignatureEncoding.encode(signature, algorithm); - } catch (IllegalArgumentException ex) { - throw (IllegalArgumentException) new IllegalArgumentException( - ex.getMessage() + " " + Hex.encodeHexString(signature)).initCause(ex); - } - } -} - - -final class Asn1DerSignatureEncoding { - // the EDCSA ASN.1 DER signature is in the format: - // 0x30 b1 0x02 b2 (vr) 0x02 b3 (vs) - // where: - // * b1 one or more bytes equal to the length, in bytes, of the remaining list of bytes (from the first 0x02 to the end of the encoding) - // * b2 one or more bytes equal to the length, in bytes, of (vr) - // * b3 one or more bytes equal to the length, in bytes, of (vs) - // (vr) is the signed big-endian encoding of the value "r", of minimal length - // (vs) is the signed big-endian encoding of the value "s", of minimal length - // - // * lengths which are less than 0x80 can be expressed in one byte. For lengths greater then 0x80 the first byte denotes the - // length in bytes of the length with the most significant bit masked off, i.e. 0x81 denotes the length is one byte long. - - private Asn1DerSignatureEncoding() { - - } - - public static byte[] encode(byte[] signature, Ecdsa algorithm) { - int coordLength = algorithm.getCoordLength(); - - // verify that the signature is the correct length for the given algorithm - if (signature.length != (coordLength * 2)) { - throw new IllegalArgumentException("Invalid signature."); - } - - // r is the first half of the signature - BigInteger r = new BigInteger(1, Arrays.copyOfRange(signature, 0, signature.length / 2)); - - // s is the second half of the signature - BigInteger s = new BigInteger(1, Arrays.copyOfRange(signature, signature.length / 2, signature.length)); - - // vr and vs are the compacted ASN.1 integer encoding, same as BigInteger encoding - byte[] rfield = encodeIntField(r); - - byte[] sfield = encodeIntField(s); - - ByteArrayOutputStream asn1DerSignature = new ByteArrayOutputStream(); - - asn1DerSignature.write(0x30); - - // add the length of the fields - writeFieldLength(asn1DerSignature, rfield.length + sfield.length); - - // write the fields - asn1DerSignature.write(rfield, 0, rfield.length); - - asn1DerSignature.write(sfield, 0, sfield.length); - - return asn1DerSignature.toByteArray(); - } - - public static byte[] decode(byte[] bytes, Ecdsa algorithm) { - int coordLength = algorithm.getCoordLength(); - - ByteArrayInputStream asn1DerSignature = new ByteArrayInputStream(bytes); - - // verify byte 0 is 0x30 - if (asn1DerSignature.read() != 0x30) { - throw new IllegalArgumentException("Invalid signature."); - } - - int objLen = readFieldLength(asn1DerSignature); - - // verify the object lenth is equal to the remaining length of the - // _asn1DerSignature - if (objLen != asn1DerSignature.available()) { - throw new IllegalArgumentException(String.format("Invalid signature; invalid field len %d", objLen)); - } - - byte[] rawSignature = new byte[coordLength * 2]; - - // decode the r feild to the first half of _rawSignature - decodeIntField(asn1DerSignature, rawSignature, 0, coordLength); - - // decode the s feild to the second half of _rawSignature - decodeIntField(asn1DerSignature, rawSignature, rawSignature.length / 2, coordLength); - - return rawSignature; - } - - private static byte[] encodeIntField(BigInteger i) { - ByteArrayOutputStream field = new ByteArrayOutputStream(); - - field.write(0x02); - - // get this byte array for the asn1 encoded integer - byte[] vi = i.toByteArray(); - - // write the length of the field - writeFieldLength(field, vi.length); - - // write the field value - field.write(vi, 0, vi.length); - - return field.toByteArray(); - } - - private static void writeFieldLength(ByteArrayOutputStream field, int len) { - // if the length of vi is less then 0x80 we can fit the length in one byte - if (len < 0x80) { - field.write(len); - } else { - // get the len as a byte array - byte[] blen = BigInteger.valueOf(len).toByteArray(); - - int lenlen = blen.length; - - // the byte array might have a leading zero byte if so we need to discard this - if (blen[0] == 0) { - lenlen--; - } - - // write the continuation byte containing the length length in bytes - field.write(0x80 | lenlen); - - // write the field lenth bytes - field.write(blen, blen.length - lenlen, lenlen); - } - } - - private static void decodeIntField(ByteArrayInputStream bytes, byte[] dest, int index, int intlen) { - // verify the first byte of field is 0x02 - if (bytes.read() != 0x02) { - throw new IllegalArgumentException("Invalid signature."); - } - - //get the length of the field - int len = readFieldLength(bytes); - - // if the most significant bit of the raw int was set an extra zero byte will be prepended to - // the asn1der encoded value so len can have a max value of intlen + 1 - - // validate that that len is within the max range and doesn't run past the end of bytes - if (len > intlen + 1 || len > bytes.available()) { - throw new IllegalArgumentException("Invalid signature."); - } - - // if len is greater than intlen increment _bytesRead and decrement len - if (len > intlen) { - bytes.skip(1); - len--; - } - - bytes.read(dest, index + (intlen - len), len); - } - - private static int readFieldLength(ByteArrayInputStream bytes) { - int firstLenByte = bytes.read(); - - // if the high order bit of len is not set it is a single byte length so return - if ((firstLenByte & 0x80) == 0x00) { - return firstLenByte; - } - - // otherwise mask off the high order bit to get the number of bytes to read - int numLenBytes = firstLenByte ^ 0x80; - - // if the number of len bytes is greater than the remaining signature the signature is invalid - if (numLenBytes > bytes.available()) { - throw new IllegalArgumentException("Invalid signature."); - } - - byte[] lenBytes = new byte[numLenBytes]; - - bytes.read(lenBytes, 0, numLenBytes); - - BigInteger bigLen = new BigInteger(1, lenBytes); - - // for DSA signatures no feilds should be longer than can be expressed in an integer - // this means that the bitLength must be 31 or less to account for the leading zero of - // a positive integer - if (bigLen.bitLength() >= 31) { - throw new IllegalArgumentException("Invalid signature."); - } - - return bigLen.intValue(); - } -} - diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/Strings.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/Strings.java deleted file mode 100644 index 43b0677290369..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/Strings.java +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -public final class Strings { - - /** - * Determines whether the parameter string is either null or empty. - * - * @param arg The string to be checked. - * @return true if the string is null or empty. - */ - public static boolean isNullOrEmpty(String arg) { - - if (arg == null || arg.length() == 0) { - return true; - } - - return false; - } - - /** - * Determines whether the parameter string is null, empty or whitespace. - * - * @param arg The string to be checked. - * @return true if the string is null, empty or whitespace. - */ - public static boolean isNullOrWhiteSpace(String arg) { - - if (Strings.isNullOrEmpty(arg) || arg.trim().isEmpty()) { - return true; - } - - return false; - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SymmetricEncryptionAlgorithm.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SymmetricEncryptionAlgorithm.java deleted file mode 100644 index 0e2df0e647654..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SymmetricEncryptionAlgorithm.java +++ /dev/null @@ -1,104 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; - -import javax.crypto.NoSuchPaddingException; - -/** - * Abstract base class for all symmetric encryption algorithms. - * - */ -public abstract class SymmetricEncryptionAlgorithm extends EncryptionAlgorithm { - - /** - * Constructor. - * - * @param name The name of the algorithm. - */ - protected SymmetricEncryptionAlgorithm(String name) { - super(name); - } - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for encryption - * using the supplied initialization vector and the specific provider for the Java Security API. - * @param key - * The key material to be used. - * @param iv - * The initialization vector to be used. - * @param authenticationData - * The authentication data to be used with authenticating encryption algorithms (ignored for non-authenticating algorithms) - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, byte[] authenticationData) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for encryption - * using the supplied initialization vector and the specific provider for the Java Security API. - * @param key - * The key material to be used. - * @param iv - * The initialization vector to be used. - * @param authenticationData - * The authentication data to be used with authenticating encryption algorithms (ignored for non-authenticating algorithms) - * @param provider - * The provider to use. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for decryption - * using the supplied initialization vector and the specific provider for the Java Security API. - * @param key - * The key material to be used. - * @param iv - * The initialization vector to be used. - * @param authenticationData - * The authentication data to be used with authenticating encryption algorithms (ignored for non-authenticating algorithms) - * @param authenticationTag - * The authentication tag to verify when using authenticating encryption algorithms (ignored for non-authenticating algorithms) - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException; - - /** - * Creates a {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation for decryption - * using the supplied initialization vector and the specific provider for the Java Security API. - * @param key - * The key material to be used. - * @param iv - * The initialization vector to be used. - * @param authenticationData - * The authentication data to be used with authenticating encryption algorithms (ignored for non-authenticating algorithms) - * @param authenticationTag - * The authentication tag to verify when using authenticating encryption algorithms (ignored for non-authenticating algorithms) - * @param provider - * The provider to use. - * @return A {@link com.microsoft.azure.keyvault.cryptography.ICryptoTransform} implementation - * @throws InvalidKeyException - * @throws NoSuchAlgorithmException - * @throws NoSuchPaddingException - * @throws InvalidAlgorithmParameterException - */ - public abstract ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException; - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SymmetricKey.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SymmetricKey.java deleted file mode 100644 index 85b67c1dae17d..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/SymmetricKey.java +++ /dev/null @@ -1,387 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography; - -import java.io.IOException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import java.security.SecureRandom; -import java.util.UUID; - -import org.apache.commons.lang3.NotImplementedException; -import org.apache.commons.lang3.tuple.Pair; -import org.apache.commons.lang3.tuple.Triple; - -import com.google.common.util.concurrent.Futures; -import com.google.common.util.concurrent.ListenableFuture; -import com.microsoft.azure.keyvault.core.IKey; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes128Cbc; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes128CbcHmacSha256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes192Cbc; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes192CbcHmacSha384; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes256CbcHmacSha512; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw128; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw192; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw256; - -/** - * A simple symmetric key implementation - * - */ -public class SymmetricKey implements IKey { - - private static final SecureRandom Rng = new SecureRandom(); - - public static final int KeySize128 = 128 >> 3; - public static final int KeySize192 = 192 >> 3; - public static final int KeySize256 = 256 >> 3; - public static final int KeySize384 = 384 >> 3; - public static final int KeySize512 = 512 >> 3; - - public static final int DefaultKeySize = KeySize256; - - private final String kid; - private final byte[] key; - private final Provider provider; - - /** - * Creates a SymmetricKey with a random key identifier and - * a random key with DefaultKeySize bits. - */ - public SymmetricKey() { - this(UUID.randomUUID().toString()); - } - - /** - * Creates a SymmetricKey with the specified key identifier and - * a random key with DefaultKeySize bits. - * @param kid - * The key identifier to use. - */ - public SymmetricKey(String kid) { - this(kid, DefaultKeySize); - } - - /** - * Creates a SymmetricKey with the specified key identifier and - * a random key with the specified size. - * @param kid - * The key identifier to use. - * @param keySizeInBytes - * The key size to use in bytes. - */ - public SymmetricKey(String kid, int keySizeInBytes) { - this(kid, keySizeInBytes, null); - } - - /** - * Creates a SymmetricKey with the specified key identifier and - * a random key with the specified size that uses the specified provider. - * @param kid - * The key identifier to use. - * @param keySizeInBytes - * The key size to use in bytes. - * @param provider - * The provider to use (optional, null for default) - */ - public SymmetricKey(String kid, int keySizeInBytes, Provider provider) { - - if (Strings.isNullOrWhiteSpace(kid)) { - throw new IllegalArgumentException("kid"); - } - - if (keySizeInBytes != KeySize128 && keySizeInBytes != KeySize192 && keySizeInBytes != KeySize256 && keySizeInBytes != KeySize384 && keySizeInBytes != KeySize512) { - throw new IllegalArgumentException("The key material must be 128, 192, 256, 384 or 512 bits of data"); - } - - this.kid = kid; - this.key = new byte[keySizeInBytes]; - this.provider = provider; - - // Generate a random key - Rng.nextBytes(key); - } - - /** - * Creates a SymmetricKey with the specified key identifier and key material. - * @param kid - * The key identifier to use. - * @param keyBytes - * The key material to use. - */ - public SymmetricKey(String kid, byte[] keyBytes) { - this(kid, keyBytes, null); - } - - /** - * Creates a SymmetricKey with the specified key identifier and key material - * that uses the specified Provider. - * @param kid - * The key identifier to use. - * @param keyBytes - * The key material to use. - * @param provider - * The Provider to use (optional, null for default) - */ - public SymmetricKey(String kid, byte[] keyBytes, Provider provider) { - - if (Strings.isNullOrWhiteSpace(kid)) { - throw new IllegalArgumentException("kid"); - } - - if (keyBytes == null) { - throw new IllegalArgumentException("keyBytes"); - } - - if (keyBytes.length != KeySize128 && keyBytes.length != KeySize192 && keyBytes.length != KeySize256 && keyBytes.length != KeySize384 && keyBytes.length != KeySize512) { - throw new IllegalArgumentException("The key material must be 128, 192, 256, 384 or 512 bits of data"); - } - - this.kid = kid; - this.key = ByteExtensions.clone(keyBytes); - this.provider = provider; - } - - @Override - public String getDefaultEncryptionAlgorithm() { - - switch (key.length) { - case KeySize128: - return Aes128Cbc.ALGORITHM_NAME; - - case KeySize192: - return Aes192Cbc.ALGORITHM_NAME; - - case KeySize256: - return Aes128CbcHmacSha256.ALGORITHM_NAME; - - case KeySize384: - return Aes192CbcHmacSha384.ALGORITHM_NAME; - - case KeySize512: - return Aes256CbcHmacSha512.ALGORITHM_NAME; - - default: - return null; - } - } - - @Override - public String getDefaultKeyWrapAlgorithm() { - - switch (key.length) { - case KeySize128: - return AesKw128.ALGORITHM_NAME; - - case KeySize192: - return AesKw192.ALGORITHM_NAME; - - case KeySize256: - return AesKw256.ALGORITHM_NAME; - - case KeySize384: - // Default to longest allowed key length for wrap - return AesKw256.ALGORITHM_NAME; - - case KeySize512: - // Default to longest allowed key length for wrap - return AesKw256.ALGORITHM_NAME; - - default: - return null; - } - } - - @Override - public String getDefaultSignatureAlgorithm() { - - return null; - } - - @Override - public String getKid() { - - return kid; - } - - @Override - public ListenableFuture decryptAsync(final byte[] ciphertext, final byte[] iv, final byte[] authenticationData, final byte[] authenticationTag, final String algorithm) throws NoSuchAlgorithmException { - - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("algorithm"); - } - - if (ciphertext == null) { - throw new IllegalArgumentException("ciphertext"); - } - - if (iv == null) { - throw new IllegalArgumentException("iv"); - } - - // Interpret the algorithm - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof SymmetricEncryptionAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - SymmetricEncryptionAlgorithm algo = (SymmetricEncryptionAlgorithm) baseAlgorithm; - - ICryptoTransform transform = null; - - try { - transform = algo.CreateDecryptor(key, iv, authenticationData, authenticationTag, provider); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - - byte[] result = null; - - try { - result = transform.doFinal(ciphertext); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - - return Futures.immediateFuture(result); - } - - @Override - public ListenableFuture> encryptAsync(final byte[] plaintext, final byte[] iv, final byte[] authenticationData, final String algorithm) throws NoSuchAlgorithmException { - - if (plaintext == null) { - throw new IllegalArgumentException("plaintext"); - } - - if (iv == null) { - throw new IllegalArgumentException("iv"); - } - - // Interpret the algorithm - String algorithmName = (Strings.isNullOrWhiteSpace(algorithm)) ? getDefaultEncryptionAlgorithm() : algorithm; - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithmName); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof SymmetricEncryptionAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - SymmetricEncryptionAlgorithm algo = (SymmetricEncryptionAlgorithm) baseAlgorithm; - - ICryptoTransform transform = null; - - try { - transform = algo.CreateEncryptor(key, iv, authenticationData, provider); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - - byte[] cipherText = null; - - try { - cipherText = transform.doFinal(plaintext); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - - byte[] authenticationTag = null; - - if (transform instanceof IAuthenticatedCryptoTransform) { - - IAuthenticatedCryptoTransform authenticatedTransform = (IAuthenticatedCryptoTransform) transform; - - authenticationTag = authenticatedTransform.getTag().clone(); - } - - return Futures.immediateFuture(Triple.of(cipherText, authenticationTag, algorithm)); - } - - @Override - public ListenableFuture> wrapKeyAsync(final byte[] key, final String algorithm) throws NoSuchAlgorithmException { - - if (key == null || key.length == 0) { - throw new IllegalArgumentException("key"); - } - - // Interpret the algorithm - String algorithmName = (Strings.isNullOrWhiteSpace(algorithm)) ? getDefaultKeyWrapAlgorithm() : algorithm; - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithmName); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof KeyWrapAlgorithm)) { - throw new NoSuchAlgorithmException(algorithmName); - } - - KeyWrapAlgorithm algo = (KeyWrapAlgorithm) baseAlgorithm; - - ICryptoTransform transform = null; - - try { - transform = algo.CreateEncryptor(this.key, null, provider); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - - byte[] encrypted = null; - - try { - encrypted = transform.doFinal(key); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - - return Futures.immediateFuture(Pair.of(encrypted, algorithmName)); - } - - @Override - public ListenableFuture unwrapKeyAsync(final byte[] encryptedKey, final String algorithm) throws NoSuchAlgorithmException { - - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("algorithm"); - } - - if (encryptedKey == null || encryptedKey.length == 0) { - throw new IllegalArgumentException("wrappedKey"); - } - - Algorithm baseAlgorithm = AlgorithmResolver.Default.get(algorithm); - - if (baseAlgorithm == null || !(baseAlgorithm instanceof KeyWrapAlgorithm)) { - throw new NoSuchAlgorithmException(algorithm); - } - - KeyWrapAlgorithm algo = (KeyWrapAlgorithm) baseAlgorithm; - - ICryptoTransform transform = null; - - try { - transform = algo.CreateDecryptor(key, null, provider); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - - byte[] decrypted = null; - - try { - decrypted = transform.doFinal(encryptedKey); - } catch (Exception e) { - return Futures.immediateFailedFuture(e); - } - - return Futures.immediateFuture(decrypted); - } - - @Override - public ListenableFuture> signAsync(final byte[] digest, final String algorithm) { - return Futures.immediateFailedFuture(new NotImplementedException("signAsync is not currently supported")); - } - - @Override - public ListenableFuture verifyAsync(final byte[] digest, final byte[] signature, final String algorithm) { - return Futures.immediateFailedFuture(new NotImplementedException("verifyAsync is not currently supported")); - } - - @Override - public void close() throws IOException { - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes128Cbc.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes128Cbc.java deleted file mode 100644 index b553e30cc55c7..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes128Cbc.java +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Aes128Cbc extends AesCbc { - - private static final int KEY_SIZE = 128; - public static final String ALGORITHM_NAME = "A128CBC"; - - public Aes128Cbc() { - super(ALGORITHM_NAME, KEY_SIZE); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes128CbcHmacSha256.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes128CbcHmacSha256.java deleted file mode 100644 index 0fa19b0fd02b7..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes128CbcHmacSha256.java +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Aes128CbcHmacSha256 extends AesCbcHmacSha2 { - - public static final String ALGORITHM_NAME = "A128CBC-HS256"; - - public Aes128CbcHmacSha256() { - super(ALGORITHM_NAME); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes192Cbc.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes192Cbc.java deleted file mode 100644 index 95348c2413b48..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes192Cbc.java +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Aes192Cbc extends AesCbc { - - private static final int KEY_SIZE = 192; - public static final String ALGORITHM_NAME = "A192CBC"; - - public Aes192Cbc() { - super(ALGORITHM_NAME, KEY_SIZE); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes192CbcHmacSha384.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes192CbcHmacSha384.java deleted file mode 100644 index 2e179684a478f..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes192CbcHmacSha384.java +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Aes192CbcHmacSha384 extends AesCbcHmacSha2 { - - public static final String ALGORITHM_NAME = "A192CBC-HS384"; - - public Aes192CbcHmacSha384() { - super(ALGORITHM_NAME); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes256Cbc.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes256Cbc.java deleted file mode 100644 index 09cf33bc17878..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes256Cbc.java +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Aes256Cbc extends AesCbc { - - private static final int KEY_SIZE = 256; - public static final String ALGORITHM_NAME = "A256CBC"; - - public Aes256Cbc() { - super(ALGORITHM_NAME, KEY_SIZE); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes256CbcHmacSha512.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes256CbcHmacSha512.java deleted file mode 100644 index 2c2ae7740c87b..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Aes256CbcHmacSha512.java +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Aes256CbcHmacSha512 extends AesCbcHmacSha2 { - - public static final String ALGORITHM_NAME = "A256CBC-HS512"; - - public Aes256CbcHmacSha512() { - super(ALGORITHM_NAME); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesCbc.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesCbc.java deleted file mode 100644 index 3b2d31ef7c5b4..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesCbc.java +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import java.util.Arrays; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; -import com.microsoft.azure.keyvault.cryptography.SymmetricEncryptionAlgorithm; - -public abstract class AesCbc extends SymmetricEncryptionAlgorithm { - - final int keySizeInBytes; - final int keySize; - static class AesCbcDecryptor implements ICryptoTransform { - - private final Cipher cipher; - - AesCbcDecryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - // Create the cipher using the Provider if specified - if (provider == null) { - cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); - } else { - cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", provider); - } - - cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv)); - } - - @Override - public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException { - return cipher.doFinal(plaintext); - } - } - - static class AesCbcEncryptor implements ICryptoTransform { - - private final Cipher cipher; - - AesCbcEncryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - // Create the cipher using the Provider if specified - if (provider == null) { - cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); - } else { - cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", provider); - } - - cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv)); - } - - @Override - public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException { - return cipher.doFinal(plaintext); - } - } - - protected AesCbc(String name, int size) { - super(name); - keySize = size; - keySizeInBytes = size >> 3; - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, byte[] authenticationData) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null || key.length < keySizeInBytes) { - throw new InvalidKeyException("key must be at least " + keySize + " bits in length"); - } - - return new AesCbcEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, null); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null || key.length < keySizeInBytes) { - throw new InvalidKeyException("key must be at least " + keySize + " bits in length"); - } - - return new AesCbcEncryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null || key.length < keySizeInBytes) { - throw new InvalidKeyException("key must be at least " + keySize + " bits in length"); - } - - return new AesCbcDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, null); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null || key.length < keySizeInBytes) { - throw new InvalidKeyException("key must be at least " + keySize + " bits in length"); - } - - return new AesCbcDecryptor(Arrays.copyOfRange(key, 0, keySizeInBytes), iv, provider); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesCbcHmacSha2.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesCbcHmacSha2.java deleted file mode 100644 index 5ca466fb5aa9b..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesCbcHmacSha2.java +++ /dev/null @@ -1,276 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.SecretKeySpec; - -import org.apache.commons.lang3.tuple.Triple; - -import com.microsoft.azure.keyvault.cryptography.ByteExtensions; -import com.microsoft.azure.keyvault.cryptography.IAuthenticatedCryptoTransform; -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; -import com.microsoft.azure.keyvault.cryptography.SymmetricEncryptionAlgorithm; - -public abstract class AesCbcHmacSha2 extends SymmetricEncryptionAlgorithm { - - static class AesCbcHmacSha2Decryptor implements IAuthenticatedCryptoTransform { - - final byte[] aadLength; - final Mac hmac; - final byte[] hmacKey; - final ICryptoTransform inner; - - byte[] tag; - - AesCbcHmacSha2Decryptor(String name, byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - // Split the key to get the AES key, the HMAC key and the HMAC - // object - Triple parameters = getAlgorithmParameters(name, key); - - // Save the MAC provider and key - hmac = parameters.getRight(); - hmacKey = parameters.getMiddle(); - - // Create the AES provider - inner = new AesCbc.AesCbcDecryptor(parameters.getLeft(), iv, provider); - - aadLength = toBigEndian(authenticationData.length * 8L); - - // Save the tag - tag = authenticationTag; - - // Prime the hash. - hmac.update(authenticationData); - hmac.update(iv); - } - - @Override - public byte[] getTag() { - return tag; - } - - @Override - public byte[] doFinal(byte[] input) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException { - - // Add the cipher text to the running hash - hmac.update(input); - - // Add the associated_data_length bytes to the hash - byte[] hash = hmac.doFinal(aadLength); - - // Compute the new tag - byte[] tag = new byte[hmacKey.length]; - System.arraycopy(hash, 0, tag, 0, hmacKey.length); - - // Check the tag before performing the final decrypt - if (!ByteExtensions.sequenceEqualConstantTime(tag, tag)) { - throw new IllegalArgumentException("Data is not authentic"); - } - - return inner.doFinal(input); - } - } - - static class AesCbcHmacSha2Encryptor implements IAuthenticatedCryptoTransform { - - final byte[] aadLength; - final Mac hmac; - final byte[] hmacKey; - final ICryptoTransform inner; - - byte[] tag; - - AesCbcHmacSha2Encryptor(String name, byte[] key, byte[] iv, byte[] authenticationData, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - // Split the key to get the AES key, the HMAC key and the HMAC - // object - Triple parameters = getAlgorithmParameters(name, key); - - // Save the MAC provider and key - this.hmac = parameters.getRight(); - this.hmacKey = parameters.getMiddle(); - - // Create the AES encryptor - this.inner = new AesCbc.AesCbcEncryptor(parameters.getLeft(), iv, provider); - - this.aadLength = toBigEndian(authenticationData.length * 8L); - - // Prime the hash. - hmac.update(authenticationData); - hmac.update(iv); - } - - @Override - public byte[] getTag() { - return tag; - } - - // public int TransformBlock(byte[] inputBuffer, int inputOffset, int - // inputCount, byte[] outputBuffer, int outputOffset) - // { - // // Encrypt the block - // var result = _inner.TransformBlock(inputBuffer, inputOffset, - // inputCount, outputBuffer, outputOffset); - // - // // Add it to the running hash - // _hmac.TransformBlock(outputBuffer, outputOffset, result, - // outputBuffer, outputOffset); - // - // return result; - // } - - @Override - public byte[] doFinal(byte[] input) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException { - - // Encrypt the block - byte[] output = inner.doFinal(input); - - // Add the cipher text to the running hash - hmac.update(output); - - // Add the associated_data_length bytes to the hash - byte[] hash = hmac.doFinal(aadLength); - - // Compute the tag - tag = new byte[hmacKey.length]; - System.arraycopy(hash, 0, tag, 0, tag.length); - - return output; - } - } - - protected AesCbcHmacSha2(String name) { - super(name); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - return CreateDecryptor(key, iv, authenticationData, authenticationTag, null); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, byte[] authenticationData, byte[] authenticationTag, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - if (key == null) { - throw new IllegalArgumentException("No key material"); - } - - if (iv == null) { - throw new IllegalArgumentException("No initialization vector"); - } - - if (authenticationData == null) { - throw new IllegalArgumentException("No authentication data"); - } - - if (authenticationTag == null) { - throw new IllegalArgumentException("No authentication tag"); - } - - // Create the Decryptor - return new AesCbcHmacSha2Decryptor(getName(), key, iv, authenticationData, authenticationTag, provider); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, byte[] authenticationData) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - return CreateEncryptor(key, iv, authenticationData, null); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, byte[] authenticationData, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("No key material"); - } - - if (iv == null) { - throw new IllegalArgumentException("No initialization vector"); - } - - if (authenticationData == null) { - throw new IllegalArgumentException("No authentication data"); - } - - // Create the Encryptor - return new AesCbcHmacSha2Encryptor(getName(), key, iv, authenticationData, provider); - } - - private static Triple getAlgorithmParameters(String algorithm, byte[] key) throws InvalidKeyException, NoSuchAlgorithmException { - - byte[] aesKey; - byte[] hmacKey; - Mac hmac; - - if (algorithm.equalsIgnoreCase(Aes128CbcHmacSha256.ALGORITHM_NAME)) { - if ((key.length << 3) < 256) { - throw new IllegalArgumentException(String.format("%s key length in bits %d < 256", algorithm, key.length << 3)); - } - - hmacKey = new byte[128 >> 3]; - aesKey = new byte[128 >> 3]; - - // The HMAC key precedes the AES key - System.arraycopy(key, 0, hmacKey, 0, 128 >> 3); - System.arraycopy(key, 128 >> 3, aesKey, 0, 128 >> 3); - - hmac = Mac.getInstance("HmacSHA256"); - hmac.init(new SecretKeySpec(hmacKey, "HmacSHA256")); - - } else if (algorithm.equalsIgnoreCase(Aes192CbcHmacSha384.ALGORITHM_NAME)) { - - if ((key.length << 3) < 384) { - throw new IllegalArgumentException(String.format("%s key length in bits %d < 384", algorithm, key.length << 3)); - } - - hmacKey = new byte[192 >> 3]; - aesKey = new byte[192 >> 3]; - - // The HMAC key precedes the AES key - System.arraycopy(key, 0, hmacKey, 0, 192 >> 3); - System.arraycopy(key, 192 >> 3, aesKey, 0, 192 >> 3); - - hmac = Mac.getInstance("HmacSHA384"); - hmac.init(new SecretKeySpec(hmacKey, "HmacSHA384")); - } else if (algorithm.equalsIgnoreCase(Aes256CbcHmacSha512.ALGORITHM_NAME)) { - - if ((key.length << 3) < 512) { - throw new IllegalArgumentException(String.format("%s key length in bits %d < 512", algorithm, key.length << 3)); - } - - hmacKey = new byte[256 >> 3]; - aesKey = new byte[256 >> 3]; - - // The HMAC key precedes the AES key - System.arraycopy(key, 0, hmacKey, 0, 256 >> 3); - System.arraycopy(key, 256 >> 3, aesKey, 0, 256 >> 3); - - hmac = Mac.getInstance("HmacSHA512"); - hmac.init(new SecretKeySpec(hmacKey, "HmacSHA512")); - } else { - throw new IllegalArgumentException(String.format("Unsupported algorithm: %s", algorithm)); - } - - return Triple.of(aesKey, hmacKey, hmac); - } - - private static byte[] toBigEndian(long i) { - - byte[] shortRepresentation = BigInteger.valueOf(i).toByteArray(); - byte[] longRepresentation = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0 }; - - System.arraycopy(shortRepresentation, 0, longRepresentation, longRepresentation.length - shortRepresentation.length, shortRepresentation.length); - - return longRepresentation; - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw.java deleted file mode 100644 index 5186af6aa2714..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw.java +++ /dev/null @@ -1,176 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; -import com.microsoft.azure.keyvault.cryptography.KeyWrapAlgorithm; - -public abstract class AesKw extends KeyWrapAlgorithm { - - static final byte[] DEFAULT_IV = new byte[] { (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6, (byte) 0xA6 }; - static final String CIPHER_NAME = "AESWrap"; - - static class AesKwDecryptor implements ICryptoTransform { - - final Cipher cipher; - - AesKwDecryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - if (provider == null) { - cipher = Cipher.getInstance(CIPHER_NAME); - } else { - cipher = Cipher.getInstance(CIPHER_NAME, provider); - } - - // The default provider does not support the specification of IV. This - // is guarded by the CreateEncrypter wrapper method and the iv parameter - // can be ignored when using the default provider - if (provider == null) { - cipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(key, "AES")); - } else { - cipher.init(Cipher.UNWRAP_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv)); - } - } - - @Override - public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException { - - return cipher.unwrap(plaintext, "AESWrap", Cipher.SECRET_KEY).getEncoded(); - } - - } - - static class AesKwEncryptor implements ICryptoTransform { - - final Cipher cipher; - - AesKwEncryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - if (provider == null) { - cipher = Cipher.getInstance(CIPHER_NAME); - } else { - cipher = Cipher.getInstance(CIPHER_NAME, provider); - } - - // The default provider does not support the specification of IV. This - // is guarded by the CreateEncrypter wrapper method and the iv parameter - // can be ignored when using the default provider - if (provider == null) { - cipher.init(Cipher.WRAP_MODE, new SecretKeySpec(key, "AES")); - } else { - cipher.init(Cipher.WRAP_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv)); - } - } - - @Override - public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException { - - return cipher.wrap(new SecretKeySpec(plaintext, "AES")); - } - - } - - protected AesKw(String name) { - super(name); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - return CreateEncryptor(key, null, null); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - return CreateEncryptor(key, null, provider); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - return CreateEncryptor(key, iv, null); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("key"); - } - - if (key.length != 128 >> 3 && key.length != 192 >> 3 && key.length != 256 >> 3) { - throw new IllegalArgumentException("key length must be 128, 192 or 256 bits"); - } - - if (iv != null) { - // iv length must be 64 bits - if (iv.length != 8) { - throw new IllegalArgumentException("iv length must be 64 bits"); - } - // iv cannot be specified with the default provider - if (provider == null) { - throw new IllegalArgumentException("user specified iv is not supported with the default provider"); - } - } - - return new AesKwEncryptor(key, iv == null ? DEFAULT_IV : iv, provider); - - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - return CreateDecryptor(key, null, null); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - return CreateDecryptor(key, null, provider); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - return CreateDecryptor(key, iv, null); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, Provider provider) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("key"); - } - - if (key.length != 128 >> 3 && key.length != 192 >> 3 && key.length != 256 >> 3) { - throw new IllegalArgumentException("key length must be 128, 192 or 256 bits"); - } - - - if (iv != null) { - // iv length must be 64 bits - if (iv.length != 8) { - throw new IllegalArgumentException("iv length must be 64 bits"); - } - // iv cannot be specified with the default provider - if (provider == null) { - throw new IllegalArgumentException("user specified iv is not supported with the default provider"); - } - } - - return new AesKwDecryptor(key, iv == null ? DEFAULT_IV : iv, provider); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw128.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw128.java deleted file mode 100644 index c66188e2c76e9..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw128.java +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import java.util.Arrays; - -import javax.crypto.NoSuchPaddingException; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; - -public final class AesKw128 extends AesKw { - - public static final String ALGORITHM_NAME = "A128KW"; - - static final int KEY_SIZE_IN_BYTES = 128 >> 3; - - public AesKw128() { - super(ALGORITHM_NAME); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("key must not be null"); - } - - if (key.length < KEY_SIZE_IN_BYTES) { - throw new IllegalArgumentException("key must be at least 128 bits long"); - } - - return super.CreateEncryptor(Arrays.copyOfRange(key, 0, KEY_SIZE_IN_BYTES), iv, provider); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("key must not be null"); - } - - if (key.length < KEY_SIZE_IN_BYTES) { - throw new IllegalArgumentException("key must be at least 128 bits long"); - } - - return super.CreateDecryptor(Arrays.copyOfRange(key, 0, KEY_SIZE_IN_BYTES), iv, provider); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw192.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw192.java deleted file mode 100644 index ae700d2db491c..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw192.java +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import java.util.Arrays; - -import javax.crypto.NoSuchPaddingException; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; - -public final class AesKw192 extends AesKw { - - public static final String ALGORITHM_NAME = "A192KW"; - - static final int KEY_SIZE_IN_BYTES = 192 >> 3; - - public AesKw192() { - super(ALGORITHM_NAME); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("key must not be null"); - } - - if (key.length < KEY_SIZE_IN_BYTES) { - throw new IllegalArgumentException("key must be at least 192 bits long"); - } - - return super.CreateEncryptor(Arrays.copyOfRange(key, 0, KEY_SIZE_IN_BYTES), iv, provider); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("key must not be null"); - } - - if (key.length < KEY_SIZE_IN_BYTES) { - throw new IllegalArgumentException("key must be at least 192 bits long"); - } - - return super.CreateDecryptor(Arrays.copyOfRange(key, 0, KEY_SIZE_IN_BYTES), iv, provider); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw256.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw256.java deleted file mode 100644 index 7b717e83fd9c8..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/AesKw256.java +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import java.util.Arrays; - -import javax.crypto.NoSuchPaddingException; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; - -public final class AesKw256 extends AesKw { - - public static final String ALGORITHM_NAME = "A256KW"; - - static final int KEY_SIZE_IN_BYTES = 256 >> 3; - - public AesKw256() { - super(ALGORITHM_NAME); - } - - @Override - public ICryptoTransform CreateEncryptor(byte[] key, byte[] iv, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("key must not be null"); - } - - if (key.length < KEY_SIZE_IN_BYTES) { - throw new IllegalArgumentException("key must be at least 256 bits long"); - } - - return super.CreateEncryptor(Arrays.copyOfRange(key, 0, KEY_SIZE_IN_BYTES), iv, provider); - } - - @Override - public ICryptoTransform CreateDecryptor(byte[] key, byte[] iv, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException { - - if (key == null) { - throw new IllegalArgumentException("key must not be null"); - } - - if (key.length < KEY_SIZE_IN_BYTES) { - throw new IllegalArgumentException("key must be at least 256 bits long"); - } - - return super.CreateDecryptor(Arrays.copyOfRange(key, 0, KEY_SIZE_IN_BYTES), iv, provider); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Ecdsa.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Ecdsa.java deleted file mode 100644 index eec729a18a1b8..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Ecdsa.java +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.security.GeneralSecurityException; -import java.security.KeyPair; -import java.security.Provider; -import java.security.Signature; - -import com.microsoft.azure.keyvault.cryptography.AsymmetricSignatureAlgorithm; -import com.microsoft.azure.keyvault.cryptography.ISignatureTransform; -import com.microsoft.azure.keyvault.cryptography.SignatureEncoding; - -public abstract class Ecdsa extends AsymmetricSignatureAlgorithm { - - protected Ecdsa() { - super("NONEwithEDCSA"); - } - - public ISignatureTransform createSignatureTransform(KeyPair key, Provider provider) { - return new EcdsaSignatureTransform(key, provider, this); - } - - public abstract int getDigestLength(); - public abstract int getCoordLength(); - - private void checkDigestLength(byte[] digest) { - if (digest.length != this.getDigestLength()) { - throw new IllegalArgumentException("Invalid digest length."); - } - } - - - class EcdsaSignatureTransform implements ISignatureTransform { - private static final String ALGORITHM = "NONEwithECDSA"; - private final KeyPair keyPair; - private final Provider provider; - private final Ecdsa algorithm; - - EcdsaSignatureTransform(KeyPair keyPair, Provider provider, Ecdsa algorithm) { - this.keyPair = keyPair; - this.provider = provider; - this.algorithm = algorithm; - } - - @Override - public byte[] sign(byte[] digest) throws GeneralSecurityException { - checkDigestLength(digest); - Signature signature = Signature.getInstance(ALGORITHM, provider); - signature.initSign(keyPair.getPrivate()); - signature.update(digest); - return SignatureEncoding.fromAsn1Der(signature.sign(), algorithm); - } - - @Override - public boolean verify(byte[] digest, byte[] signature) throws GeneralSecurityException { - Signature verify = Signature.getInstance(ALGORITHM, provider); - checkDigestLength(digest); - signature = SignatureEncoding.toAsn1Der(signature, algorithm); - verify.initVerify(keyPair.getPublic()); - verify.update(digest); - return verify.verify(signature); - } - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256.java deleted file mode 100644 index 488c09f566e1f..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256.java +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Es256 extends Ecdsa { - public static final String ALGORITHM_NAME = "ES256"; - - @Override - public int getDigestLength() { - return 32; - } - - @Override - public int getCoordLength() { - return 32; - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256k.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256k.java deleted file mode 100644 index 6fcbcd17ccc8e..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es256k.java +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Es256k extends Ecdsa { - public static final String ALGORITHM_NAME = "ES256K"; - - @Override - public int getDigestLength() { - return 32; - } - - @Override - public int getCoordLength() { - return 32; - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es384.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es384.java deleted file mode 100644 index eba2b5878ed3d..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es384.java +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Es384 extends Ecdsa { - public static final String ALGORITHM_NAME = "ES384"; - - @Override - public int getDigestLength() { - return 48; - } - - @Override - public int getCoordLength() { - return 48; - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es512.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es512.java deleted file mode 100644 index 26657b9ad4107..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Es512.java +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -public class Es512 extends Ecdsa { - public static final String ALGORITHM_NAME = "ES512"; - - @Override - public int getDigestLength() { - return 64; - } - - @Override - public int getCoordLength() { - return 66; - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Rs256.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Rs256.java deleted file mode 100644 index 03063b2bdf28b..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Rs256.java +++ /dev/null @@ -1,90 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; - -import com.microsoft.azure.keyvault.cryptography.ByteExtensions; -import com.microsoft.azure.keyvault.cryptography.ISignatureTransform; - -/** - * - */ -public class Rs256 extends RsaSignature { - - static final String RSA_NONE = "RSA/ECB/PKCS1Padding"; - - class Rs256SignatureTransform implements ISignatureTransform { - - private final KeyPair keyPair; - private final int emLen; - - Rs256SignatureTransform(KeyPair keyPair) { - this.keyPair = keyPair; - - BigInteger modulus = ((RSAPublicKey) keyPair.getPublic()).getModulus(); - - this.emLen = getOctetLength(modulus.bitLength()); - } - - @Override - public byte[] sign(byte[] digest) throws NoSuchAlgorithmException { - // Signing isn't just a case of encrypting the digest, there is much more to do. - // For details of the algorithm, see https://tools.ietf.org/html/rfc3447#section-8.2 - - // TODO - // if (keyPair.getPrivate() == null) { - // } - - // Construct the encoded message - byte[] em = EMSA_PKCS1_V1_5_ENCODE_HASH(digest, emLen, "SHA-256"); - - // Convert to integer message - BigInteger s = OS2IP(em); - - // RSASP1(s) - s = RSASP1((RSAPrivateKey) keyPair.getPrivate(), s); - - // Convert to octet sequence - return I2OSP(s, emLen); - } - - @Override - public boolean verify(byte[] digest, byte[] signature) throws NoSuchAlgorithmException { - - if (signature.length != emLen) { - throw new IllegalArgumentException("invalid signature length"); - } - - // Convert to integer signature - BigInteger s = OS2IP(signature); - - // Convert integer message - BigInteger m = RSAVP1((RSAPublicKey) keyPair.getPublic(), s); - - byte[] em = I2OSP(m, emLen); - byte[] em2 = EMSA_PKCS1_V1_5_ENCODE_HASH(digest, emLen, "SHA-256"); - - // Use constant time compare - return ByteExtensions.sequenceEqualConstantTime(em, em2); - } - - } - - public static final String ALGORITHM_NAME = "RS256"; - - public Rs256() { - super(ALGORITHM_NAME); - } - - @Override - public ISignatureTransform createSignatureTransform(KeyPair keyPair) { - - return new Rs256SignatureTransform(keyPair); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Rsa15.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Rsa15.java deleted file mode 100644 index c81f7d5fd2b72..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/Rsa15.java +++ /dev/null @@ -1,98 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.security.InvalidKeyException; -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; - -public final class Rsa15 extends RsaEncryption { - - static class Rsa15Decryptor implements ICryptoTransform { - - private final Cipher cipher; - - Rsa15Decryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - - // Create a cipher object using the provider, if specified - if (provider == null) { - cipher = Cipher.getInstance(RSA15); - } else { - cipher = Cipher.getInstance(RSA15, provider); - } - - // encrypt the plain text using the public key - cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate()); - } - - @Override - public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException { - - return cipher.doFinal(plaintext); - } - - } - - static class Rsa15Encryptor implements ICryptoTransform { - - private final Cipher cipher; - - Rsa15Encryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - - // Create a cipher object using the provider, if specified - if (provider == null) { - cipher = Cipher.getInstance(RSA15); - } else { - cipher = Cipher.getInstance(RSA15, provider); - } - - // encrypt the plain text using the public key - cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic()); - } - - @Override - public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException { - - return cipher.doFinal(plaintext); - } - - } - - static final String RSA15 = "RSA/ECB/PKCS1Padding"; - - public static final String ALGORITHM_NAME = "RSA1_5"; - - public Rsa15() { - super(ALGORITHM_NAME); - } - - @Override - public ICryptoTransform CreateEncryptor(KeyPair keyPair) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - return CreateEncryptor(keyPair, null); - } - - @Override - public ICryptoTransform CreateEncryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - return new Rsa15Encryptor(keyPair, provider); - } - - @Override - public ICryptoTransform CreateDecryptor(KeyPair keyPair) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - return CreateDecryptor(keyPair, null); - } - - @Override - public ICryptoTransform CreateDecryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - return new Rsa15Decryptor(keyPair, provider); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaEncryption.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaEncryption.java deleted file mode 100644 index 0e9b3b2f39f3f..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaEncryption.java +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import com.microsoft.azure.keyvault.cryptography.AsymmetricEncryptionAlgorithm; - -public abstract class RsaEncryption extends AsymmetricEncryptionAlgorithm { - - protected RsaEncryption(String name) { - super(name); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaOaep.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaOaep.java deleted file mode 100644 index c15a395a1b531..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaOaep.java +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.security.InvalidKeyException; -import java.security.KeyPair; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; - -public final class RsaOaep extends RsaEncryption { - - static class RsaOaepDecryptor implements ICryptoTransform { - - private final Cipher cipher; - - RsaOaepDecryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - - // Create a cipher object using the provider, if specified - if (provider == null) { - cipher = Cipher.getInstance(RSAOAEP); - } else { - cipher = Cipher.getInstance(RSAOAEP, provider); - } - - // encrypt the plain text using the public key - cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate()); - } - - @Override - public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException { - - return cipher.doFinal(plaintext); - } - - } - - static class RsaOaepEncryptor implements ICryptoTransform { - - private final Cipher cipher; - - RsaOaepEncryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - - // Create a cipher object using the provider, if specified - if (provider == null) { - cipher = Cipher.getInstance(RSAOAEP); - } else { - cipher = Cipher.getInstance(RSAOAEP, provider); - } - - // encrypt the plain text using the public key - cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic()); - } - - @Override - public byte[] doFinal(byte[] plaintext) throws IllegalBlockSizeException, BadPaddingException { - - return cipher.doFinal(plaintext); - } - - } - - static final String RSAOAEP = "RSA/ECB/OAEPWithSHA1AndMGF1Padding"; - - public static final String ALGORITHM_NAME = "RSA-OAEP"; - - public RsaOaep() { - super(ALGORITHM_NAME); - } - - @Override - public ICryptoTransform CreateEncryptor(KeyPair keyPair) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - return CreateEncryptor(keyPair, null); - } - - @Override - public ICryptoTransform CreateEncryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - - return new RsaOaepEncryptor(keyPair, provider); - } - - @Override - public ICryptoTransform CreateDecryptor(KeyPair keyPair) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - return CreateDecryptor(keyPair, null); - } - - @Override - public ICryptoTransform CreateDecryptor(KeyPair keyPair, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException { - - return new RsaOaepDecryptor(keyPair, provider); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaSignature.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaSignature.java deleted file mode 100644 index dfca99132efce..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/RsaSignature.java +++ /dev/null @@ -1,218 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.algorithms; - -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.util.Arrays; - -import com.microsoft.azure.keyvault.cryptography.AsymmetricSignatureAlgorithm; -import com.microsoft.azure.keyvault.cryptography.ISignatureTransform; -import com.microsoft.azure.keyvault.cryptography.Strings; - -public abstract class RsaSignature extends AsymmetricSignatureAlgorithm { - - private static final BigInteger TWO_FIVE_SIX = new BigInteger("256"); - private static final byte[] SHA_256_PREFIX = new byte[] { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, (byte) 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; - - protected RsaSignature(String name) { - super(name); - } - - protected int getOctetLength(int bits) { - return (bits % 8 > 0) ? bits >> 3 + 1 : bits >> 3; - } - - /* - * See https://tools.ietf.org/html/rfc3447#section-4.2 - */ - protected BigInteger OS2IP(byte[] x) { - - if (x == null || x.length == 0) { - throw new IllegalArgumentException("x"); - } - - return new BigInteger(1, x); - } - - /* - * See https://tools.ietf.org/html/rfc3447#section-4.1 - */ - protected byte[] I2OSP(BigInteger x, int xLen) { - - if (x == null) { - throw new IllegalArgumentException("x"); - } - - if (xLen <= 0) { - throw new IllegalArgumentException("xLen"); - } - - if (x.compareTo(TWO_FIVE_SIX.pow(xLen)) == 1) { - throw new IllegalArgumentException("integer too large"); - } - - // Even if x is less than 256^xLen, sometiems x.toByteArray() returns 257 bytes with leading zero - byte[] bigEndianBytes = x.toByteArray(); - byte[] bytes; - if (bigEndianBytes.length == 257 && bigEndianBytes[0] == 0) { - bytes = Arrays.copyOfRange(bigEndianBytes, 1, 257); - } else { - bytes = bigEndianBytes; - } - - if (bytes.length > xLen) { - throw new IllegalArgumentException("integer too large"); - } - - byte[] result = new byte[xLen]; - - System.arraycopy(bytes, 0, result, xLen - bytes.length, bytes.length); - - return result; - } - - /* - * See https://tools.ietf.org/html/rfc3447#section-5.2.1 - */ - protected BigInteger RSASP1(RSAPrivateKey key, BigInteger m) { - - if (key == null) { - throw new IllegalArgumentException("key"); - } - - if (m == null) { - throw new IllegalArgumentException("m"); - } - - BigInteger n = key.getModulus(); - BigInteger d = key.getPrivateExponent(); - - if (m.compareTo(BigInteger.ONE) == -1 || m.compareTo(n) != -1) { - throw new IllegalArgumentException("message representative out of range"); - } - - return m.modPow(d, n); - } - - /* - * See https://tools.ietf.org/html/rfc3447#section-5.2.2 - */ - protected BigInteger RSAVP1(RSAPublicKey key, BigInteger s) { - - if (key == null) { - throw new IllegalArgumentException("key"); - } - - if (s == null) { - throw new IllegalArgumentException("s"); - } - BigInteger n = key.getModulus(); - BigInteger e = key.getPublicExponent(); - - if (s.compareTo(BigInteger.ONE) == -1 || s.compareTo(n) != -1) { - throw new IllegalArgumentException("message representative out of range"); - } - - return s.modPow(e, n); - } - - /* - * See https://tools.ietf.org/html/rfc3447#section-9.2 - */ - protected byte[] EMSA_PKCS1_V1_5_ENCODE(byte[] m, int emLen, String algorithm) throws NoSuchAlgorithmException { - - // Check m - if (m == null || m.length == 0) { - throw new IllegalArgumentException("m"); - } - - MessageDigest messageDigest = null; - - // Check algorithm - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("algorithm"); - } - - // Only supported algorithms - if (algorithm.equals("SHA-256")) { - - // Initialize digest - messageDigest = MessageDigest.getInstance("SHA-256"); - } else { - throw new IllegalArgumentException("algorithm"); - } - - // Hash the message - byte[] digest = messageDigest.digest(m); - - // Construct T, the DER encoded DigestInfo structure - return EMSA_PKCS1_V1_5_ENCODE_HASH(digest, emLen, algorithm); - } - - /* - * See https://tools.ietf.org/html/rfc3447#section-9.2 - */ - protected byte[] EMSA_PKCS1_V1_5_ENCODE_HASH(byte[] h, int emLen, String algorithm) throws NoSuchAlgorithmException { - - // Check m - if (h == null || h.length == 0) { - throw new IllegalArgumentException("m"); - } - - byte[] algorithmPrefix = null; - - // Check algorithm - if (Strings.isNullOrWhiteSpace(algorithm)) { - throw new IllegalArgumentException("algorithm"); - } - - // Only supported algorithms - if (algorithm.equals("SHA-256")) { - - // Initialize prefix and digest - algorithmPrefix = SHA_256_PREFIX; - - if (h.length != 32) { - throw new IllegalArgumentException("h is incorrect length for SHA-256"); - } - } else { - throw new IllegalArgumentException("algorithm"); - } - - - // Construct t, the DER encoded DigestInfo structure - byte[] t = new byte[algorithmPrefix.length + h.length]; - - System.arraycopy(algorithmPrefix, 0, t, 0, algorithmPrefix.length); - System.arraycopy(h, 0, t, algorithmPrefix.length, h.length); - - if (emLen < t.length + 11) { - throw new IllegalArgumentException("intended encoded message length too short"); - } - - // Construct ps - byte[] ps = new byte[emLen - t.length - 3]; - - for (int i = 0; i < ps.length; i++) { - ps[i] = (byte) 0xff; - } - - // Construct em - byte[] em = new byte[ps.length + t.length + 3]; - - em[0] = 0x00; em[1] = 0x01; em[ps.length + 2] = 0x00; - - System.arraycopy(ps, 0, em, 2, ps.length); - System.arraycopy(t, 0, em, ps.length + 3, t.length); - - return em; - } - - public abstract ISignatureTransform createSignatureTransform(KeyPair keyPair); -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/package-info.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/package-info.java deleted file mode 100644 index b63ee69cc2da3..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/algorithms/package-info.java +++ /dev/null @@ -1,7 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -/** - * This package contains cryptographic functions and implementations. - */ -package com.microsoft.azure.keyvault.cryptography.algorithms; diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/package-info.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/package-info.java deleted file mode 100644 index 5e7ed7bb507a3..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/main/java/com/microsoft/azure/keyvault/cryptography/package-info.java +++ /dev/null @@ -1,8 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -/** - * This package contains cryptographic functions and implementations - * of RSA and symmetric keys that conform with the IKey interface. - */ -package com.microsoft.azure.keyvault.cryptography; diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcBCProviderTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcBCProviderTest.java deleted file mode 100644 index 86236194e435b..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcBCProviderTest.java +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import java.security.Provider; - -import org.junit.Before; - -public class AesCbcBCProviderTest extends AesCbcTest { - - @Before - public void setUp() throws Exception { - try { - super.setProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance()); - } catch (Exception ex) { - throw new RuntimeException(ex.getMessage()); - } - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcHmacShaBCProviderTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcHmacShaBCProviderTest.java deleted file mode 100644 index 2810c200db0e0..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcHmacShaBCProviderTest.java +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import java.security.Provider; - -import org.junit.Before; - -public class AesCbcHmacShaBCProviderTest extends AesCbcHmacShaTest { - - @Before - public void setUp() throws Exception { - try { - super.setProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance()); - } catch (Exception ex) { - throw new RuntimeException(ex.getMessage()); - } - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcHmacShaTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcHmacShaTest.java deleted file mode 100644 index 12d28545aad60..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcHmacShaTest.java +++ /dev/null @@ -1,278 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.fail; - -import java.security.Provider; - -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.microsoft.azure.keyvault.cryptography.IAuthenticatedCryptoTransform; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes128CbcHmacSha256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes192CbcHmacSha384; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes256CbcHmacSha512; - -public class AesCbcHmacShaTest { - - private Provider provider = null; - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } - - @Before - public void setUp() throws Exception { - setProvider(null); - } - - @After - public void tearDown() throws Exception { - } - - protected void setProvider(Provider provider) { - this.provider = null; - } - - @Test - public void testAes128CbcHmacSha256() { - // Arrange: These values are taken from Appendix B of the JWE specification at - // https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40#appendix-B - byte[] key = { - (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e, (byte) 0x0f, - (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13, (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17, (byte) 0x18, (byte) 0x19, (byte) 0x1a, (byte) 0x1b, (byte) 0x1c, (byte) 0x1d, (byte) 0x1e, (byte) 0x1f - }; - byte[] plaintext = {(byte) 0x41, (byte) 0x20, (byte) 0x63, (byte) 0x69, (byte) 0x70, (byte) 0x68, (byte) 0x65, (byte) 0x72, (byte) 0x20, (byte) 0x73, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x6d, (byte) 0x20, - (byte) 0x6d, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x6e, (byte) 0x6f, (byte) 0x74, (byte) 0x20, (byte) 0x62, (byte) 0x65, (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x71, (byte) 0x75, - (byte) 0x69, (byte) 0x72, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x62, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x72, (byte) 0x65, - (byte) 0x74, (byte) 0x2c, (byte) 0x20, (byte) 0x61, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x69, (byte) 0x74, (byte) 0x20, (byte) 0x6d, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x62, - (byte) 0x65, (byte) 0x20, (byte) 0x61, (byte) 0x62, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x66, (byte) 0x61, (byte) 0x6c, (byte) 0x6c, (byte) 0x20, (byte) 0x69, - (byte) 0x6e, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x6e, (byte) 0x64, (byte) 0x73, (byte) 0x20, (byte) 0x6f, (byte) 0x66, - (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x6d, (byte) 0x79, (byte) 0x20, (byte) 0x77, (byte) 0x69, (byte) 0x74, (byte) 0x68, (byte) 0x6f, - (byte) 0x75, (byte) 0x74, (byte) 0x20, (byte) 0x69, (byte) 0x6e, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x76, (byte) 0x65, (byte) 0x6e, (byte) 0x69, (byte) 0x65, (byte) 0x6e, (byte) 0x63, (byte) 0x65 - }; - byte[] iv = {(byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04}; - byte[] authData = { - (byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63, - (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20, (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20, - (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66, (byte) 0x66, (byte) 0x73 - }; - byte[] expected = { - (byte) 0xc8, (byte) 0x0e, (byte) 0xdf, (byte) 0xa3, (byte) 0x2d, (byte) 0xdf, (byte) 0x39, (byte) 0xd5, (byte) 0xef, (byte) 0x00, (byte) 0xc0, (byte) 0xb4, (byte) 0x68, (byte) 0x83, (byte) 0x42, (byte) 0x79, - (byte) 0xa2, (byte) 0xe4, (byte) 0x6a, (byte) 0x1b, (byte) 0x80, (byte) 0x49, (byte) 0xf7, (byte) 0x92, (byte) 0xf7, (byte) 0x6b, (byte) 0xfe, (byte) 0x54, (byte) 0xb9, (byte) 0x03, (byte) 0xa9, (byte) 0xc9, - (byte) 0xa9, (byte) 0x4a, (byte) 0xc9, (byte) 0xb4, (byte) 0x7a, (byte) 0xd2, (byte) 0x65, (byte) 0x5c, (byte) 0x5f, (byte) 0x10, (byte) 0xf9, (byte) 0xae, (byte) 0xf7, (byte) 0x14, (byte) 0x27, (byte) 0xe2, - (byte) 0xfc, (byte) 0x6f, (byte) 0x9b, (byte) 0x3f, (byte) 0x39, (byte) 0x9a, (byte) 0x22, (byte) 0x14, (byte) 0x89, (byte) 0xf1, (byte) 0x63, (byte) 0x62, (byte) 0xc7, (byte) 0x03, (byte) 0x23, (byte) 0x36, - (byte) 0x09, (byte) 0xd4, (byte) 0x5a, (byte) 0xc6, (byte) 0x98, (byte) 0x64, (byte) 0xe3, (byte) 0x32, (byte) 0x1c, (byte) 0xf8, (byte) 0x29, (byte) 0x35, (byte) 0xac, (byte) 0x40, (byte) 0x96, (byte) 0xc8, - (byte) 0x6e, (byte) 0x13, (byte) 0x33, (byte) 0x14, (byte) 0xc5, (byte) 0x40, (byte) 0x19, (byte) 0xe8, (byte) 0xca, (byte) 0x79, (byte) 0x80, (byte) 0xdf, (byte) 0xa4, (byte) 0xb9, (byte) 0xcf, (byte) 0x1b, - (byte) 0x38, (byte) 0x4c, (byte) 0x48, (byte) 0x6f, (byte) 0x3a, (byte) 0x54, (byte) 0xc5, (byte) 0x10, (byte) 0x78, (byte) 0x15, (byte) 0x8e, (byte) 0xe5, (byte) 0xd7, (byte) 0x9d, (byte) 0xe5, (byte) 0x9f, - (byte) 0xbd, (byte) 0x34, (byte) 0xd8, (byte) 0x48, (byte) 0xb3, (byte) 0xd6, (byte) 0x95, (byte) 0x50, (byte) 0xa6, (byte) 0x76, (byte) 0x46, (byte) 0x34, (byte) 0x44, (byte) 0x27, (byte) 0xad, (byte) 0xe5, - (byte) 0x4b, (byte) 0x88, (byte) 0x51, (byte) 0xff, (byte) 0xb5, (byte) 0x98, (byte) 0xf7, (byte) 0xf8, (byte) 0x00, (byte) 0x74, (byte) 0xb9, (byte) 0x47, (byte) 0x3c, (byte) 0x82, (byte) 0xe2, (byte) 0xdb - }; - byte[] authTag = {(byte) 0x65, (byte) 0x2c, (byte) 0x3f, (byte) 0xa3, (byte) 0x6b, (byte) 0x0a, (byte) 0x7c, (byte) 0x5b, (byte) 0x32, (byte) 0x19, (byte) 0xfa, (byte) 0xb3, (byte) 0xa3, (byte) 0x0b, (byte) 0xc1, (byte) 0xc4}; - - Aes128CbcHmacSha256 algo = new Aes128CbcHmacSha256(); - - IAuthenticatedCryptoTransform transform = null; - - byte[] encrypted = null; - byte[] tag = null; - - try { - transform = (IAuthenticatedCryptoTransform) algo.CreateEncryptor(key, iv, authData, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - encrypted = transform.doFinal(plaintext); - tag = transform.getTag(); - - assertArrayEquals(expected, encrypted); - assertArrayEquals(authTag, tag); - - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - transform = (IAuthenticatedCryptoTransform) algo.CreateDecryptor(key, iv, authData, authTag, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = transform.doFinal(encrypted); - tag = transform.getTag(); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(plaintext, decrypted); - assertArrayEquals(authTag, tag); - } - - - @Test - public void testAes192CbcHmacSha384() { - // Arrange: These values are taken from Appendix B of the JWE specification at - // https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40#appendix-B - byte[] key = {(byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e, (byte) 0x0f, - (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13, (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17, (byte) 0x18, (byte) 0x19, (byte) 0x1a, (byte) 0x1b, (byte) 0x1c, (byte) 0x1d, (byte) 0x1e, (byte) 0x1f, - (byte) 0x20, (byte) 0x21, (byte) 0x22, (byte) 0x23, (byte) 0x24, (byte) 0x25, (byte) 0x26, (byte) 0x27, (byte) 0x28, (byte) 0x29, (byte) 0x2a, (byte) 0x2b, (byte) 0x2c, (byte) 0x2d, (byte) 0x2e, (byte) 0x2f}; - byte[] plaintext = {(byte) 0x41, (byte) 0x20, (byte) 0x63, (byte) 0x69, (byte) 0x70, (byte) 0x68, (byte) 0x65, (byte) 0x72, (byte) 0x20, (byte) 0x73, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x6d, (byte) 0x20, - (byte) 0x6d, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x6e, (byte) 0x6f, (byte) 0x74, (byte) 0x20, (byte) 0x62, (byte) 0x65, (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x71, (byte) 0x75, - (byte) 0x69, (byte) 0x72, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x62, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x72, (byte) 0x65, - (byte) 0x74, (byte) 0x2c, (byte) 0x20, (byte) 0x61, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x69, (byte) 0x74, (byte) 0x20, (byte) 0x6d, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x62, - (byte) 0x65, (byte) 0x20, (byte) 0x61, (byte) 0x62, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x66, (byte) 0x61, (byte) 0x6c, (byte) 0x6c, (byte) 0x20, (byte) 0x69, - (byte) 0x6e, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x6e, (byte) 0x64, (byte) 0x73, (byte) 0x20, (byte) 0x6f, (byte) 0x66, - (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x6d, (byte) 0x79, (byte) 0x20, (byte) 0x77, (byte) 0x69, (byte) 0x74, (byte) 0x68, (byte) 0x6f, - (byte) 0x75, (byte) 0x74, (byte) 0x20, (byte) 0x69, (byte) 0x6e, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x76, (byte) 0x65, (byte) 0x6e, (byte) 0x69, (byte) 0x65, (byte) 0x6e, (byte) 0x63, (byte) 0x65}; - byte[] iv = {(byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04}; - byte[] authData = {(byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63, - (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20, (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20, - (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66, (byte) 0x66, (byte) 0x73}; - byte[] expected = {(byte) 0xea, (byte) 0x65, (byte) 0xda, (byte) 0x6b, (byte) 0x59, (byte) 0xe6, (byte) 0x1e, (byte) 0xdb, (byte) 0x41, (byte) 0x9b, (byte) 0xe6, (byte) 0x2d, (byte) 0x19, (byte) 0x71, (byte) 0x2a, (byte) 0xe5, - (byte) 0xd3, (byte) 0x03, (byte) 0xee, (byte) 0xb5, (byte) 0x00, (byte) 0x52, (byte) 0xd0, (byte) 0xdf, (byte) 0xd6, (byte) 0x69, (byte) 0x7f, (byte) 0x77, (byte) 0x22, (byte) 0x4c, (byte) 0x8e, (byte) 0xdb, - (byte) 0x00, (byte) 0x0d, (byte) 0x27, (byte) 0x9b, (byte) 0xdc, (byte) 0x14, (byte) 0xc1, (byte) 0x07, (byte) 0x26, (byte) 0x54, (byte) 0xbd, (byte) 0x30, (byte) 0x94, (byte) 0x42, (byte) 0x30, (byte) 0xc6, - (byte) 0x57, (byte) 0xbe, (byte) 0xd4, (byte) 0xca, (byte) 0x0c, (byte) 0x9f, (byte) 0x4a, (byte) 0x84, (byte) 0x66, (byte) 0xf2, (byte) 0x2b, (byte) 0x22, (byte) 0x6d, (byte) 0x17, (byte) 0x46, (byte) 0x21, - (byte) 0x4b, (byte) 0xf8, (byte) 0xcf, (byte) 0xc2, (byte) 0x40, (byte) 0x0a, (byte) 0xdd, (byte) 0x9f, (byte) 0x51, (byte) 0x26, (byte) 0xe4, (byte) 0x79, (byte) 0x66, (byte) 0x3f, (byte) 0xc9, (byte) 0x0b, - (byte) 0x3b, (byte) 0xed, (byte) 0x78, (byte) 0x7a, (byte) 0x2f, (byte) 0x0f, (byte) 0xfc, (byte) 0xbf, (byte) 0x39, (byte) 0x04, (byte) 0xbe, (byte) 0x2a, (byte) 0x64, (byte) 0x1d, (byte) 0x5c, (byte) 0x21, - (byte) 0x05, (byte) 0xbf, (byte) 0xe5, (byte) 0x91, (byte) 0xba, (byte) 0xe2, (byte) 0x3b, (byte) 0x1d, (byte) 0x74, (byte) 0x49, (byte) 0xe5, (byte) 0x32, (byte) 0xee, (byte) 0xf6, (byte) 0x0a, (byte) 0x9a, - (byte) 0xc8, (byte) 0xbb, (byte) 0x6c, (byte) 0x6b, (byte) 0x01, (byte) 0xd3, (byte) 0x5d, (byte) 0x49, (byte) 0x78, (byte) 0x7b, (byte) 0xcd, (byte) 0x57, (byte) 0xef, (byte) 0x48, (byte) 0x49, (byte) 0x27, - (byte) 0xf2, (byte) 0x80, (byte) 0xad, (byte) 0xc9, (byte) 0x1a, (byte) 0xc0, (byte) 0xc4, (byte) 0xe7, (byte) 0x9c, (byte) 0x7b, (byte) 0x11, (byte) 0xef, (byte) 0xc6, (byte) 0x00, (byte) 0x54, (byte) 0xe3}; - byte[] authTags = {(byte) 0x84, (byte) 0x90, (byte) 0xac, (byte) 0x0e, (byte) 0x58, (byte) 0x94, (byte) 0x9b, (byte) 0xfe, (byte) 0x51, (byte) 0x87, (byte) 0x5d, (byte) 0x73, (byte) 0x3f, (byte) 0x93, (byte) 0xac, (byte) 0x20, - (byte) 0x75, (byte) 0x16, (byte) 0x80, (byte) 0x39, (byte) 0xcc, (byte) 0xc7, (byte) 0x33, (byte) 0xd7}; - - Aes192CbcHmacSha384 algo = new Aes192CbcHmacSha384(); - - IAuthenticatedCryptoTransform transform = null; - - byte[] encrypted = null; - byte[] tag = null; - - try { - transform = (IAuthenticatedCryptoTransform) algo.CreateEncryptor(key, iv, authData, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - encrypted = transform.doFinal(plaintext); - tag = transform.getTag(); - - assertArrayEquals(expected, encrypted); - assertArrayEquals(authTags, tag); - - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - transform = (IAuthenticatedCryptoTransform) algo.CreateDecryptor(key, iv, authData, authTags, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = transform.doFinal(encrypted); - tag = transform.getTag(); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(plaintext, decrypted); - assertArrayEquals(authTags, tag); - } - - @Test - public void testAes256CbcHmacSha512() { - // Arrange: These values are taken from Appendix B of the JWE specification at - // https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-40#appendix-B - byte[] key = {(byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x03, (byte) 0x04, (byte) 0x05, (byte) 0x06, (byte) 0x07, (byte) 0x08, (byte) 0x09, (byte) 0x0a, (byte) 0x0b, (byte) 0x0c, (byte) 0x0d, (byte) 0x0e, (byte) 0x0f, - (byte) 0x10, (byte) 0x11, (byte) 0x12, (byte) 0x13, (byte) 0x14, (byte) 0x15, (byte) 0x16, (byte) 0x17, (byte) 0x18, (byte) 0x19, (byte) 0x1a, (byte) 0x1b, (byte) 0x1c, (byte) 0x1d, (byte) 0x1e, (byte) 0x1f, - (byte) 0x20, (byte) 0x21, (byte) 0x22, (byte) 0x23, (byte) 0x24, (byte) 0x25, (byte) 0x26, (byte) 0x27, (byte) 0x28, (byte) 0x29, (byte) 0x2a, (byte) 0x2b, (byte) 0x2c, (byte) 0x2d, (byte) 0x2e, (byte) 0x2f, - (byte) 0x30, (byte) 0x31, (byte) 0x32, (byte) 0x33, (byte) 0x34, (byte) 0x35, (byte) 0x36, (byte) 0x37, (byte) 0x38, (byte) 0x39, (byte) 0x3a, (byte) 0x3b, (byte) 0x3c, (byte) 0x3d, (byte) 0x3e, (byte) 0x3f}; - byte[] plaintext = {(byte) 0x41, (byte) 0x20, (byte) 0x63, (byte) 0x69, (byte) 0x70, (byte) 0x68, (byte) 0x65, (byte) 0x72, (byte) 0x20, (byte) 0x73, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x6d, (byte) 0x20, - (byte) 0x6d, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x6e, (byte) 0x6f, (byte) 0x74, (byte) 0x20, (byte) 0x62, (byte) 0x65, (byte) 0x20, (byte) 0x72, (byte) 0x65, (byte) 0x71, (byte) 0x75, - (byte) 0x69, (byte) 0x72, (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x62, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x72, (byte) 0x65, - (byte) 0x74, (byte) 0x2c, (byte) 0x20, (byte) 0x61, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x69, (byte) 0x74, (byte) 0x20, (byte) 0x6d, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x20, (byte) 0x62, - (byte) 0x65, (byte) 0x20, (byte) 0x61, (byte) 0x62, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x66, (byte) 0x61, (byte) 0x6c, (byte) 0x6c, (byte) 0x20, (byte) 0x69, - (byte) 0x6e, (byte) 0x74, (byte) 0x6f, (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x68, (byte) 0x61, (byte) 0x6e, (byte) 0x64, (byte) 0x73, (byte) 0x20, (byte) 0x6f, (byte) 0x66, - (byte) 0x20, (byte) 0x74, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x6d, (byte) 0x79, (byte) 0x20, (byte) 0x77, (byte) 0x69, (byte) 0x74, (byte) 0x68, (byte) 0x6f, - (byte) 0x75, (byte) 0x74, (byte) 0x20, (byte) 0x69, (byte) 0x6e, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x76, (byte) 0x65, (byte) 0x6e, (byte) 0x69, (byte) 0x65, (byte) 0x6e, (byte) 0x63, (byte) 0x65}; - byte[] iv = {(byte) 0x1a, (byte) 0xf3, (byte) 0x8c, (byte) 0x2d, (byte) 0xc2, (byte) 0xb9, (byte) 0x6f, (byte) 0xfd, (byte) 0xd8, (byte) 0x66, (byte) 0x94, (byte) 0x09, (byte) 0x23, (byte) 0x41, (byte) 0xbc, (byte) 0x04}; - byte[] authData = {(byte) 0x54, (byte) 0x68, (byte) 0x65, (byte) 0x20, (byte) 0x73, (byte) 0x65, (byte) 0x63, (byte) 0x6f, (byte) 0x6e, (byte) 0x64, (byte) 0x20, (byte) 0x70, (byte) 0x72, (byte) 0x69, (byte) 0x6e, (byte) 0x63, - (byte) 0x69, (byte) 0x70, (byte) 0x6c, (byte) 0x65, (byte) 0x20, (byte) 0x6f, (byte) 0x66, (byte) 0x20, (byte) 0x41, (byte) 0x75, (byte) 0x67, (byte) 0x75, (byte) 0x73, (byte) 0x74, (byte) 0x65, (byte) 0x20, - (byte) 0x4b, (byte) 0x65, (byte) 0x72, (byte) 0x63, (byte) 0x6b, (byte) 0x68, (byte) 0x6f, (byte) 0x66, (byte) 0x66, (byte) 0x73}; - byte[] expected = {(byte) 0x4a, (byte) 0xff, (byte) 0xaa, (byte) 0xad, (byte) 0xb7, (byte) 0x8c, (byte) 0x31, (byte) 0xc5, (byte) 0xda, (byte) 0x4b, (byte) 0x1b, (byte) 0x59, (byte) 0x0d, (byte) 0x10, (byte) 0xff, (byte) 0xbd, - (byte) 0x3d, (byte) 0xd8, (byte) 0xd5, (byte) 0xd3, (byte) 0x02, (byte) 0x42, (byte) 0x35, (byte) 0x26, (byte) 0x91, (byte) 0x2d, (byte) 0xa0, (byte) 0x37, (byte) 0xec, (byte) 0xbc, (byte) 0xc7, (byte) 0xbd, - (byte) 0x82, (byte) 0x2c, (byte) 0x30, (byte) 0x1d, (byte) 0xd6, (byte) 0x7c, (byte) 0x37, (byte) 0x3b, (byte) 0xcc, (byte) 0xb5, (byte) 0x84, (byte) 0xad, (byte) 0x3e, (byte) 0x92, (byte) 0x79, (byte) 0xc2, - (byte) 0xe6, (byte) 0xd1, (byte) 0x2a, (byte) 0x13, (byte) 0x74, (byte) 0xb7, (byte) 0x7f, (byte) 0x07, (byte) 0x75, (byte) 0x53, (byte) 0xdf, (byte) 0x82, (byte) 0x94, (byte) 0x10, (byte) 0x44, (byte) 0x6b, - (byte) 0x36, (byte) 0xeb, (byte) 0xd9, (byte) 0x70, (byte) 0x66, (byte) 0x29, (byte) 0x6a, (byte) 0xe6, (byte) 0x42, (byte) 0x7e, (byte) 0xa7, (byte) 0x5c, (byte) 0x2e, (byte) 0x08, (byte) 0x46, (byte) 0xa1, - (byte) 0x1a, (byte) 0x09, (byte) 0xcc, (byte) 0xf5, (byte) 0x37, (byte) 0x0d, (byte) 0xc8, (byte) 0x0b, (byte) 0xfe, (byte) 0xcb, (byte) 0xad, (byte) 0x28, (byte) 0xc7, (byte) 0x3f, (byte) 0x09, (byte) 0xb3, - (byte) 0xa3, (byte) 0xb7, (byte) 0x5e, (byte) 0x66, (byte) 0x2a, (byte) 0x25, (byte) 0x94, (byte) 0x41, (byte) 0x0a, (byte) 0xe4, (byte) 0x96, (byte) 0xb2, (byte) 0xe2, (byte) 0xe6, (byte) 0x60, (byte) 0x9e, - (byte) 0x31, (byte) 0xe6, (byte) 0xe0, (byte) 0x2c, (byte) 0xc8, (byte) 0x37, (byte) 0xf0, (byte) 0x53, (byte) 0xd2, (byte) 0x1f, (byte) 0x37, (byte) 0xff, (byte) 0x4f, (byte) 0x51, (byte) 0x95, (byte) 0x0b, - (byte) 0xbe, (byte) 0x26, (byte) 0x38, (byte) 0xd0, (byte) 0x9d, (byte) 0xd7, (byte) 0xa4, (byte) 0x93, (byte) 0x09, (byte) 0x30, (byte) 0x80, (byte) 0x6d, (byte) 0x07, (byte) 0x03, (byte) 0xb1, (byte) 0xf6}; - byte[] authTags = {(byte) 0x4d, (byte) 0xd3, (byte) 0xb4, (byte) 0xc0, (byte) 0x88, (byte) 0xa7, (byte) 0xf4, (byte) 0x5c, (byte) 0x21, (byte) 0x68, (byte) 0x39, (byte) 0x64, (byte) 0x5b, (byte) 0x20, (byte) 0x12, (byte) 0xbf, - (byte) 0x2e, (byte) 0x62, (byte) 0x69, (byte) 0xa8, (byte) 0xc5, (byte) 0x6a, (byte) 0x81, (byte) 0x6d, (byte) 0xbc, (byte) 0x1b, (byte) 0x26, (byte) 0x77, (byte) 0x61, (byte) 0x95, (byte) 0x5b, (byte) 0xc5}; - - Aes256CbcHmacSha512 algo = new Aes256CbcHmacSha512(); - - IAuthenticatedCryptoTransform transform = null; - - byte[] encrypted = null; - byte[] tag = null; - - try { - transform = (IAuthenticatedCryptoTransform) algo.CreateEncryptor(key, iv, authData, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - encrypted = transform.doFinal(plaintext); - tag = transform.getTag(); - - assertArrayEquals(expected, encrypted); - assertArrayEquals(authTags, tag); - - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - transform = (IAuthenticatedCryptoTransform) algo.CreateDecryptor(key, iv, authData, authTags, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = transform.doFinal(encrypted); - tag = transform.getTag(); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(plaintext, decrypted); - assertArrayEquals(authTags, tag); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcTest.java deleted file mode 100644 index 54025d1149dc1..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesCbcTest.java +++ /dev/null @@ -1,233 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.fail; - -import java.security.Provider; -import java.util.Arrays; - -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; -import com.microsoft.azure.keyvault.cryptography.algorithms.Aes128Cbc; - -public class AesCbcTest { - - private Provider provider = null; - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } - - @Before - public void setUp() throws Exception { - setProvider(null); - } - - @After - public void tearDown() throws Exception { - } - - protected void setProvider(Provider provider) { - this.provider = provider; - } - - @Test - public void testAes128CbcOneBlock() { - // Note that AES128CBC as implemented in this library uses PKCS7 padding mode where the test - // vectors from RFC3602 do not use padding. - byte[] cek = { 0x06, (byte) 0xa9, 0x21, 0x40, 0x36, (byte) 0xb8, (byte) 0xa1, 0x5b, 0x51, 0x2e, 0x03, (byte) 0xd5, 0x34, 0x12, 0x00, 0x06 }; - byte[] plaintext = "Single block msg".getBytes(); - byte[] initializationVector = { 0x3d, (byte) 0xaf, (byte) 0xba, 0x42, (byte) 0x9d, (byte) 0x9e, (byte) 0xb4, 0x30, (byte) 0xb4, 0x22, (byte) 0xda, (byte) 0x80, 0x2c, (byte) 0x9f, (byte) 0xac, 0x41 }; - byte[] expected = { (byte) 0xe3, 0x53, 0x77, (byte) 0x9c, 0x10, 0x79, (byte) 0xae, (byte) 0xb8, 0x27, 0x08, (byte) 0x94, 0x2d, (byte) 0xbe, 0x77, 0x18, 0x1a }; - - Aes128Cbc algo = new Aes128Cbc(); - byte[] encrypted = null; - - ICryptoTransform encryptor = null; - try { - encryptor = algo.CreateEncryptor(cek, initializationVector, null, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - encrypted = encryptor.doFinal(plaintext); - - // Assert: we only compare the first 16 bytes as this library uses PKCS7 padding - assertArrayEquals(Arrays.copyOfRange(encrypted, 0, 16), expected); - } catch (Exception e) { - fail(e.getMessage()); - } - - ICryptoTransform decryptor = null; - try { - decryptor = algo.CreateDecryptor(cek, initializationVector, null, null, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(encrypted); - - // Assert: we only compare the first 16 bytes as this library uses PKCS7 padding - assertArrayEquals(Arrays.copyOfRange(decrypted, 0, 16), plaintext); - } catch (Exception e) { - fail(e.getMessage()); - } - } - - @Test - public void testAes128CbcTwoBlock() { - // Note that AES128CBC as implemented in this library uses PKCS7 padding mode where the test - // vectors do not use padding. - byte[] cek = { (byte) 0xc2, (byte) 0x86, 0x69, 0x6d, (byte) 0x88, 0x7c, (byte) 0x9a, (byte) 0xa0, 0x61, 0x1b, (byte) 0xbb, 0x3e, 0x20, 0x25, (byte) 0xa4, 0x5a }; - byte[] plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }; - byte[] initializationVector = { 0x56, 0x2e, 0x17, (byte) 0x99, 0x6d, 0x09, 0x3d, 0x28, (byte) 0xdd, (byte) 0xb3, (byte) 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }; - byte[] expected = { (byte) 0xd2, (byte) 0x96, (byte) 0xcd, (byte) 0x94, (byte) 0xc2, (byte) 0xcc, (byte) 0xcf, (byte) 0x8a, 0x3a, (byte) 0x86, 0x30, 0x28, (byte) 0xb5, (byte) 0xe1, (byte) 0xdc, 0x0a, 0x75, (byte) 0x86, 0x60, 0x2d, 0x25, 0x3c, (byte) 0xff, (byte) 0xf9, 0x1b, (byte) 0x82, 0x66, (byte) 0xbe, (byte) 0xa6, (byte) 0xd6, 0x1a, (byte) 0xb1 }; - - Aes128Cbc algo = new Aes128Cbc(); - byte[] encrypted = null; - - ICryptoTransform encryptor = null; - try { - encryptor = algo.CreateEncryptor(cek, initializationVector, null, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - encrypted = encryptor.doFinal(plaintext); - - // Assert: we only compare the first 32 bytes as this library uses PKCS7 padding - assertArrayEquals(Arrays.copyOfRange(encrypted, 0, 32), expected); - } catch (Exception e) { - fail(e.getMessage()); - } - - ICryptoTransform decryptor = null; - try { - decryptor = algo.CreateDecryptor(cek, initializationVector, null, null, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(encrypted); - - // Assert: we only compare the first 32 bytes as this library uses PKCS7 padding - assertArrayEquals(Arrays.copyOfRange(decrypted, 0, 32), plaintext); - } catch (Exception e) { - fail(e.getMessage()); - } - } - - @Test - public void testAes128CbcOneBlockExcessKeyMaterial() { - // Note that AES128CBC as implemented in this library uses PKCS7 padding mode where the test - // vectors from RFC3602 do not use padding. - byte[] cek = { 0x06, (byte) 0xa9, 0x21, 0x40, 0x36, (byte) 0xb8, (byte) 0xa1, 0x5b, 0x51, 0x2e, 0x03, (byte) 0xd5, 0x34, 0x12, 0x00, 0x06, (byte) 0xc2, (byte) 0x86, 0x69, 0x6d, (byte) 0x88, 0x7c, (byte) 0x9a, (byte) 0xa0, 0x61, 0x1b, (byte) 0xbb, 0x3e, 0x20, 0x25, (byte) 0xa4, 0x5a }; - byte[] plaintext = "Single block msg".getBytes(); - byte[] initializationVector = { 0x3d, (byte) 0xaf, (byte) 0xba, 0x42, (byte) 0x9d, (byte) 0x9e, (byte) 0xb4, 0x30, (byte) 0xb4, 0x22, (byte) 0xda, (byte) 0x80, 0x2c, (byte) 0x9f, (byte) 0xac, 0x41 }; - byte[] expected = { (byte) 0xe3, 0x53, 0x77, (byte) 0x9c, 0x10, 0x79, (byte) 0xae, (byte) 0xb8, 0x27, 0x08, (byte) 0x94, 0x2d, (byte) 0xbe, 0x77, 0x18, 0x1a }; - - Aes128Cbc algo = new Aes128Cbc(); - byte[] encrypted = null; - - ICryptoTransform encryptor = null; - try { - encryptor = algo.CreateEncryptor(cek, initializationVector, null, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - encrypted = encryptor.doFinal(plaintext); - - // Assert: we only compare the first 16 bytes as this library uses PKCS7 padding - assertArrayEquals(Arrays.copyOfRange(encrypted, 0, 16), expected); - } catch (Exception e) { - fail(e.getMessage()); - } - - ICryptoTransform decryptor = null; - try { - decryptor = algo.CreateDecryptor(cek, initializationVector, null, null, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(encrypted); - - // Assert: we only compare the first 16 bytes as this library uses PKCS7 padding - assertArrayEquals(Arrays.copyOfRange(decrypted, 0, 16), plaintext); - } catch (Exception e) { - fail(e.getMessage()); - } - } - - @Test - public void testAes128CbcTwoBlockExcessKeyMaterial() { - // Note that AES128CBC as implemented in this library uses PKCS7 padding mode where the test - // vectors do not use padding. - byte[] cek = { (byte) 0xc2, (byte) 0x86, 0x69, 0x6d, (byte) 0x88, 0x7c, (byte) 0x9a, (byte) 0xa0, 0x61, 0x1b, (byte) 0xbb, 0x3e, 0x20, 0x25, (byte) 0xa4, 0x5a, (byte) 0xc2, (byte) 0x86, 0x69, 0x6d, (byte) 0x88, 0x7c, (byte) 0x9a, (byte) 0xa0, 0x61, 0x1b, (byte) 0xbb, 0x3e, 0x20, 0x25, (byte) 0xa4, 0x5a }; - byte[] plaintext = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }; - byte[] iv = { 0x56, 0x2e, 0x17, (byte) 0x99, 0x6d, 0x09, 0x3d, 0x28, (byte) 0xdd, (byte) 0xb3, (byte) 0xba, 0x69, 0x5a, 0x2e, 0x6f, 0x58 }; - byte[] expected = { (byte) 0xd2, (byte) 0x96, (byte) 0xcd, (byte) 0x94, (byte) 0xc2, (byte) 0xcc, (byte) 0xcf, (byte) 0x8a, 0x3a, (byte) 0x86, 0x30, 0x28, (byte) 0xb5, (byte) 0xe1, (byte) 0xdc, 0x0a, 0x75, (byte) 0x86, 0x60, 0x2d, 0x25, 0x3c, (byte) 0xff, (byte) 0xf9, 0x1b, (byte) 0x82, 0x66, (byte) 0xbe, (byte) 0xa6, (byte) 0xd6, 0x1a, (byte) 0xb1 }; - - Aes128Cbc algo = new Aes128Cbc(); - byte[] encrypted = null; - - ICryptoTransform encryptor = null; - try { - encryptor = algo.CreateEncryptor(cek, iv, null, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - try { - encrypted = encryptor.doFinal(plaintext); - - // Assert: we only compare the first 32 bytes as this library uses PKCS7 padding - assertArrayEquals(Arrays.copyOfRange(encrypted, 0, 32), expected); - } catch (Exception e) { - fail(e.getMessage()); - } - - ICryptoTransform decryptor = null; - try { - decryptor = algo.CreateDecryptor(cek, iv, null, null, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(encrypted); - - // Assert: we only compare the first 32 bytes as this library uses PKCS7 padding - assertArrayEquals(Arrays.copyOfRange(decrypted, 0, 32), plaintext); - } catch (Exception e) { - fail(e.getMessage()); - } - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesKwBCProviderTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesKwBCProviderTest.java deleted file mode 100644 index 480db6f2e8966..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesKwBCProviderTest.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - * - * Copyright (c) Microsoft and contributors. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package com.microsoft.azure.keyvault.cryptography.test; - -import java.security.Provider; -import org.junit.Before; - -public class AesKwBCProviderTest extends AesKwTest { - - @Before - public void setUp() throws Exception { - try { - super.setProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance()); - } catch (Exception ex) { - throw new RuntimeException(ex.getMessage()); - } - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesKwTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesKwTest.java deleted file mode 100644 index d713777bad305..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/AesKwTest.java +++ /dev/null @@ -1,461 +0,0 @@ -/** - * - * Copyright (c) Microsoft and contributors. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package com.microsoft.azure.keyvault.cryptography.test; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.fail; - -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import javax.crypto.Cipher; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.microsoft.azure.keyvault.cryptography.ICryptoTransform; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw128; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw192; -import com.microsoft.azure.keyvault.cryptography.algorithms.AesKw256; - -public class AesKwTest { - - // Always null for the default provider - private Provider provider = null; - - private static boolean hasUnlimitedCrypto() { - try { - return Cipher.getMaxAllowedKeyLength("RC5") >= 256; - } catch (NoSuchAlgorithmException e) { - return false; - } - } - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } - - @Before - public void setUp() throws Exception { - } - - @After - public void tearDown() throws Exception { - } - - protected void setProvider(Provider provider) { - this.provider = provider; - } - - @Test - public void aesKw128() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x1F, (byte) 0xA6, (byte) 0x8B, 0x0A, (byte) 0x81, 0x12, (byte) 0xB4, 0x47, (byte) 0xAE, (byte) 0xF3, 0x4B, (byte) 0xD8, (byte) 0xFB, 0x5A, 0x7B, (byte) 0x82, (byte) 0x9D, 0x3E, (byte) 0x86, 0x23, 0x71, (byte) 0xD2, (byte) 0xCF, (byte) 0xE5 }; - - AesKw kw = new AesKw128(); - - ICryptoTransform encryptor = null; - - try { - encryptor = kw.CreateEncryptor(kek, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] encrypted = null; - - try { - encrypted = encryptor.doFinal(cek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(ek, encrypted); - - ICryptoTransform decryptor = null; - - try { - decryptor = kw.CreateDecryptor(kek, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(ek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - - @Test - public void aesKw192() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { (byte) 0x96, 0x77, (byte) 0x8B, 0x25, (byte) 0xAE, 0x6C, (byte) 0xA4, 0x35, (byte) 0xF9, 0x2B, 0x5B, (byte) 0x97, (byte) 0xC0, 0x50, (byte) 0xAE, (byte) 0xD2, 0x46, (byte) 0x8A, (byte) 0xB8, (byte) 0xA1, 0x7A, (byte) 0xD8, 0x4E, 0x5D }; - - /* - * This test using the default JCE provider depends on whether unlimited security - * is installed or not. In the unlimited case, the full test should pass but in - * the limited case, it should fail with InvalidKeyException. - */ - boolean unlimited = hasUnlimitedCrypto(); - AesKw kw = new AesKw192(); - - ICryptoTransform encryptor = null; - - try { - encryptor = kw.CreateEncryptor(kek, provider); - - if (!unlimited) { - fail("Expected InvalidKeyException"); - } - } catch (InvalidKeyException e) { - if (unlimited) { - fail("InvalidKeyException"); - } - } catch (Exception e) { - fail(e.getMessage()); - } - - if (unlimited) { - byte[] encrypted = null; - - try { - encrypted = encryptor.doFinal(cek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(ek, encrypted); - } - - ICryptoTransform decryptor = null; - - try { - decryptor = kw.CreateDecryptor(kek, provider); - if (!unlimited) { - fail("Expected InvalidKeyException"); - } - } catch (InvalidKeyException e) { - if (unlimited) { - fail("InvalidKeyException"); - } - } catch (Exception e) { - fail(e.getMessage()); - } - - if (unlimited) { - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(ek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - } - - @Test - public void aesKw256() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x64, (byte) 0xE8, (byte) 0xC3, (byte) 0xF9, (byte) 0xCE, 0x0F, 0x5B, (byte) 0xA2, 0x63, (byte) 0xE9, 0x77, 0x79, 0x05, (byte) 0x81, (byte) 0x8A, 0x2A, (byte) 0x93, (byte) 0xC8, 0x19, 0x1E, 0x7D, 0x6E, (byte) 0x8A, (byte) 0xE7 }; - - /* - * This test using the default JCE provider depends on whether unlimited security - * is installed or not. In the unlimited case, the full test should pass but in - * the limited case, it should fail with InvalidKeyException. - */ - boolean unlimited = hasUnlimitedCrypto(); - AesKw kw = new AesKw256(); - - ICryptoTransform encryptor = null; - - try { - encryptor = kw.CreateEncryptor(kek, provider); - if (!unlimited) { - fail("Expected InvalidKeyException"); - } - } catch (InvalidKeyException e) { - if (unlimited) { - fail("InvalidKeyException"); - } - } catch (Exception e) { - fail(e.getMessage()); - } - - if (unlimited) { - byte[] encrypted = null; - - try { - encrypted = encryptor.doFinal(cek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(ek, encrypted); - } - - ICryptoTransform decryptor = null; - - try { - decryptor = kw.CreateDecryptor(kek, provider); - - if (!unlimited) { - fail("Expected InvalidKeyException"); - } - } catch (InvalidKeyException e) { - if (unlimited) { - fail("InvalidKeyException"); - } - } catch (Exception e) { - fail(e.getMessage()); - } - - if (unlimited) { - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(ek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - } - - @Test - public void aesKw128ExcessKeyMaterial() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x1F, (byte) 0xA6, (byte) 0x8B, 0x0A, (byte) 0x81, 0x12, (byte) 0xB4, 0x47, (byte) 0xAE, (byte) 0xF3, 0x4B, (byte) 0xD8, (byte) 0xFB, 0x5A, 0x7B, (byte) 0x82, (byte) 0x9D, 0x3E, (byte) 0x86, 0x23, 0x71, (byte) 0xD2, (byte) 0xCF, (byte) 0xE5 }; - - AesKw kw = new AesKw128(); - - ICryptoTransform encryptor = null; - - try { - encryptor = kw.CreateEncryptor(kek, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] encrypted = null; - - try { - encrypted = encryptor.doFinal(cek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(ek, encrypted); - - ICryptoTransform decryptor = null; - - try { - decryptor = kw.CreateDecryptor(kek, provider); - } catch (Exception e) { - fail(e.getMessage()); - } - - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(ek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - - @Test - public void aesKw192ExcessKeyMaterial() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { (byte) 0x96, 0x77, (byte) 0x8B, 0x25, (byte) 0xAE, 0x6C, (byte) 0xA4, 0x35, (byte) 0xF9, 0x2B, 0x5B, (byte) 0x97, (byte) 0xC0, 0x50, (byte) 0xAE, (byte) 0xD2, 0x46, (byte) 0x8A, (byte) 0xB8, (byte) 0xA1, 0x7A, (byte) 0xD8, 0x4E, 0x5D }; - - /* - * This test using the default JCE provider depends on whether unlimited security - * is installed or not. In the unlimited case, the full test should pass but in - * the limited case, it should fail with InvalidKeyException. - */ - boolean unlimited = hasUnlimitedCrypto(); - AesKw kw = new AesKw192(); - - ICryptoTransform encryptor = null; - - try { - encryptor = kw.CreateEncryptor(kek, provider); - - if (!unlimited) { - fail("Expected InvalidKeyException"); - } - } catch (InvalidKeyException e) { - if (unlimited) { - fail("InvalidKeyException"); - } - } catch (Exception e) { - fail(e.getMessage()); - } - - if (unlimited) { - byte[] encrypted = null; - - try { - encrypted = encryptor.doFinal(cek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(ek, encrypted); - } - - ICryptoTransform decryptor = null; - - try { - decryptor = kw.CreateDecryptor(kek, provider); - if (!unlimited) { - fail("Expected InvalidKeyException"); - } - } catch (InvalidKeyException e) { - if (unlimited) { - fail("InvalidKeyException"); - } - } catch (Exception e) { - fail(e.getMessage()); - } - - if (unlimited) { - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(ek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - } - - @Test - public void aesKw256ExcessKeyMaterial() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x64, (byte) 0xE8, (byte) 0xC3, (byte) 0xF9, (byte) 0xCE, 0x0F, 0x5B, (byte) 0xA2, 0x63, (byte) 0xE9, 0x77, 0x79, 0x05, (byte) 0x81, (byte) 0x8A, 0x2A, (byte) 0x93, (byte) 0xC8, 0x19, 0x1E, 0x7D, 0x6E, (byte) 0x8A, (byte) 0xE7 }; - - /* - * This test using the default JCE provider depends on whether unlimited security - * is installed or not. In the unlimited case, the full test should pass but in - * the limited case, it should fail with InvalidKeyException. - */ - boolean unlimited = hasUnlimitedCrypto(); - AesKw kw = new AesKw256(); - - ICryptoTransform encryptor = null; - - try { - encryptor = kw.CreateEncryptor(kek, provider); - if (!unlimited) { - fail("Expected InvalidKeyException"); - } - } catch (InvalidKeyException e) { - if (unlimited) { - fail("InvalidKeyException"); - } - } catch (Exception e) { - fail(e.getMessage()); - } - - if (unlimited) { - byte[] encrypted = null; - - try { - encrypted = encryptor.doFinal(cek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(ek, encrypted); - } - - ICryptoTransform decryptor = null; - - try { - decryptor = kw.CreateDecryptor(kek, provider); - - if (!unlimited) { - fail("Expected InvalidKeyException"); - } - } catch (InvalidKeyException e) { - if (unlimited) { - fail("InvalidKeyException"); - } - } catch (Exception e) { - fail(e.getMessage()); - } - - if (unlimited) { - byte[] decrypted = null; - - try { - decrypted = decryptor.doFinal(ek); - } catch (Exception e) { - fail(e.getMessage()); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/ECKeyBCProviderTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/ECKeyBCProviderTest.java deleted file mode 100644 index 08fbbda74718f..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/ECKeyBCProviderTest.java +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import java.security.Provider; -import org.junit.Before; - -public class ECKeyBCProviderTest extends ECKeyTest { - - @Before - public void setUp() throws Exception { - try { - super.setProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance()); - } catch (Exception ex) { - throw new RuntimeException(ex.getMessage()); - } - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/ECKeyTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/ECKeyTest.java deleted file mode 100644 index 8a5ec3a05ce7b..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/ECKeyTest.java +++ /dev/null @@ -1,340 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -import java.io.FileNotFoundException; -import java.io.IOException; -import java.math.BigInteger; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.PublicKey; -import java.security.Security; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.PKCS8EncodedKeySpec; -import java.security.spec.X509EncodedKeySpec; -import java.util.Arrays; -import java.util.List; -import java.util.Map; -import java.util.concurrent.ExecutionException; - -import org.apache.commons.lang3.tuple.Pair; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.google.common.collect.ImmutableMap; -import com.microsoft.azure.keyvault.cryptography.EcKey; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es256k; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es384; -import com.microsoft.azure.keyvault.cryptography.algorithms.Es512; -import com.microsoft.azure.keyvault.cryptography.SignatureEncoding; -import com.microsoft.azure.keyvault.webkey.JsonWebKey; -import com.microsoft.azure.keyvault.webkey.JsonWebKeyCurveName; -import com.microsoft.azure.keyvault.webkey.JsonWebKeyType; - -public class ECKeyTest { - - private static Provider provider = null; - - static byte[] cek; - static KeyFactory factory; - static MessageDigest digest256; - static MessageDigest digest384; - static MessageDigest digest512; - static KeyPairGenerator ecKeyGenerator; - static Map curveToDigest; - static List curveList; - -// To create keys and signatures used in this class with openssl: -// -// Create key -// openssl ecparam -name {curve_name} -genkey > {key_name}.pem -// openssl pkcs8 -topk8 -nocrypt -in {key_name}.pem -out {key_name}pkcs8.pem -// openssl ec -in {key_name}pkcs8.pem -pubout -out {key_name}pkcs8pub.pem -// -// Sign key -// openssl dgst -{sha_digest} -sign {key_name}pkcs8.pem -out {signature} -// -// Verify key -// openssl dgst -{sha_digest} -verify {key_name}pkcs8pub.pem -signature {signature} - - - protected static void setProvider(Provider provider) { - ECKeyTest.provider = provider; - } - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - setProvider(Security.getProvider("SunEC")); - ecKeyGenerator = KeyPairGenerator.getInstance("EC", provider); - - Path byteLocation = Paths.get(getPath("byte_array.bin")); - cek = Files.readAllBytes(byteLocation); - - factory = KeyFactory.getInstance("EC", provider); - - digest256 = MessageDigest.getInstance("SHA-256"); - digest384 = MessageDigest.getInstance("SHA-384"); - digest512 = MessageDigest.getInstance("SHA-512"); - - curveToDigest = ImmutableMap.builder() - .put(JsonWebKeyCurveName.P_256, digest256) - .put(JsonWebKeyCurveName.P_384, digest384) - .put(JsonWebKeyCurveName.P_521, digest512) - .put(JsonWebKeyCurveName.P_256K, digest256) - .build(); - //JsonWebKeyCurveName.SECP256K1) - curveList = Arrays.asList(JsonWebKeyCurveName.P_256, JsonWebKeyCurveName.P_384, JsonWebKeyCurveName.P_521, JsonWebKeyCurveName.P_256K); - } - - @Test - public void testCurves() throws Exception { - for (JsonWebKeyCurveName crv : curveList) { - EcKey key = new EcKey("keyId", crv); - doSignVerify(key, curveToDigest.get(crv)); - } - } - - @Test(expected = NoSuchAlgorithmException.class) - public void testUnsupportedCurve() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InstantiationException, IllegalAccessException, ClassNotFoundException { - EcKey key = new EcKey("keyId", new JsonWebKeyCurveName("not an algo")); - } - - @Test - public void testDefaultKey() throws Exception { - EcKey key = new EcKey("keyId"); - doSignVerify(key, digest256); - } - - @Test - public void testWithKeyPair() throws Exception { - for (JsonWebKeyCurveName crv : curveList) { - ECGenParameterSpec gps = new ECGenParameterSpec(EcKey.CURVE_TO_SPEC_NAME.get(crv)); - ecKeyGenerator.initialize(gps); - KeyPair keyPair = ecKeyGenerator.generateKeyPair(); - - final String name = "keyid"; - EcKey key = new EcKey(name, keyPair); - assertEquals(name, key.getKid()); - assertEquals(crv, key.getCurve()); - doSignVerify(key, curveToDigest.get(crv)); - } - } - - @Test(expected = IllegalArgumentException.class) - public void testWithNotCurveKeyPair() throws Exception { - ECGenParameterSpec gps = new ECGenParameterSpec("secp192k1"); - ecKeyGenerator.initialize(gps); - KeyPair keyPair = ecKeyGenerator.generateKeyPair(); - - final String name = "keyid"; - EcKey key = new EcKey(name, keyPair); - } - - @Test(expected = UnsupportedOperationException.class) - public void testFromJsonWebKeyPublicOnly() throws Exception { - ECGenParameterSpec gps = new ECGenParameterSpec(EcKey.P256); - ecKeyGenerator.initialize(gps); - KeyPair keyPair = ecKeyGenerator.generateKeyPair(); - - ECPublicKey apub = (ECPublicKey) keyPair.getPublic(); - ECPoint point = apub.getW(); - - JsonWebKey jwk = new JsonWebKey() - .withKid("kid") - .withCrv(JsonWebKeyCurveName.P_256) - .withX(point.getAffineX().toByteArray()) - .withY(point.getAffineY().toByteArray()) - .withKty(JsonWebKeyType.EC); - - assertFalse(jwk.hasPrivateKey()); - - EcKey newKey = EcKey.fromJsonWebKey(jwk, false); - assertEquals("kid", newKey.getKid()); - doSignVerify(newKey, digest256); - } - - @Test - public void testFromJsonWebKey() throws Exception { - ECGenParameterSpec gps = new ECGenParameterSpec(EcKey.P384); - ecKeyGenerator.initialize(gps); - KeyPair keyPair = ecKeyGenerator.generateKeyPair(); - - ECPublicKey apub = (ECPublicKey) keyPair.getPublic(); - ECPoint point = apub.getW(); - ECPrivateKey apriv = (ECPrivateKey) keyPair.getPrivate(); - - JsonWebKey jwk = new JsonWebKey() - .withKid("kid") - .withCrv(JsonWebKeyCurveName.P_384) - .withX(point.getAffineX().toByteArray()) - .withY(point.getAffineY().toByteArray()) - .withD(apriv.getS().toByteArray()) - .withKty(JsonWebKeyType.EC); - - assertTrue(jwk.hasPrivateKey()); - - EcKey newKey = EcKey.fromJsonWebKey(jwk, true); - assertEquals("kid", newKey.getKid()); - doSignVerify(newKey, digest384); - } - - private static PrivateKey generatePrivateKey(KeyFactory factory, String filename) throws InvalidKeySpecException, FileNotFoundException, IOException { - PemFile pemFile = new PemFile(filename); - byte[] content = pemFile.getPemObject().getContent(); - PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content); - return factory.generatePrivate(privKeySpec); - } - - private static PublicKey generatePublicKey(KeyFactory factory, String filename) throws InvalidKeySpecException, FileNotFoundException, IOException { - PemFile pemFile = new PemFile(filename); - byte[] content = pemFile.getPemObject().getContent(); - X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(content); - return factory.generatePublic(pubKeySpec); - } - - private KeyPair getKeyFromFile(String privateKeyPath, String publicKeyPath) throws InvalidKeySpecException, FileNotFoundException, IOException { - PrivateKey priv = generatePrivateKey(factory, privateKeyPath); - PublicKey pub = generatePublicKey(factory, publicKeyPath); - ECPublicKey apub = (ECPublicKey) pub; - ECPrivateKey apriv = (ECPrivateKey) priv; - - KeyPair keyPair = new KeyPair(apub, apriv); - return keyPair; - } - - private void testFromFile(String keyType, MessageDigest digest, String algorithm) throws Exception { - String privateKeyPath = getPath(keyType + "keynew.pem"); - String publicKeyPath = getPath(keyType + "keypubnew.pem"); - - EcKey newKey = new EcKey("akey", getKeyFromFile(privateKeyPath, publicKeyPath)); - - Path signatureLocation = Paths.get(getPath(keyType + "sig.der")); - byte[] signature = SignatureEncoding.fromAsn1Der(Files.readAllBytes(signatureLocation), algorithm); - - doVerify(newKey, digest, signature); - } - - private static String getPath(String filename) { - - String path = ECKeyTest.class.getClassLoader().getResource(filename).getPath(); - if (path.contains(":")) { - path = path.substring(1); - } - return path; - } - - @Test - public void testCreateSECP256K1Key() throws Exception { - ECGenParameterSpec gps = new ECGenParameterSpec("secp256k1"); - Provider myprov = Security.getProvider("BC"); - final KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); - - generator.initialize(gps); - EcKey key = new EcKey("akey", JsonWebKeyCurveName.P_256K); - } - - @Test - public void testFromP384File() throws Exception { - testFromFile("p384", digest384, Es384.ALGORITHM_NAME); - } - - @Test - public void testFromP521File() throws Exception { - testFromFile("p521", digest512, Es512.ALGORITHM_NAME); - } - - @Test - public void testFromP256File() throws Exception { - testFromFile("p256", digest256, Es256.ALGORITHM_NAME); - } - - @Test - public void testFromSEC256File() throws Exception { - testFromFile("secp256", digest256, Es256k.ALGORITHM_NAME); - } - - @Test - public void testToJsonWebKey() throws Exception { - ECGenParameterSpec gps = new ECGenParameterSpec(EcKey.P521); - ecKeyGenerator.initialize(gps); - KeyPair keyPair = ecKeyGenerator.generateKeyPair(); - - ECPublicKey apub = (ECPublicKey) keyPair.getPublic(); - ECPoint point = apub.getW(); - ECPrivateKey apriv = (ECPrivateKey) keyPair.getPrivate(); - - JsonWebKey jwk = new JsonWebKey() - .withKid("kid") - .withCrv(JsonWebKeyCurveName.P_521) - .withX(point.getAffineX().toByteArray()) - .withY(point.getAffineY().toByteArray()) - .withD(apriv.getS().toByteArray()) - .withKty(JsonWebKeyType.EC); - - EcKey newKey = new EcKey("kid", keyPair); - - JsonWebKey newJwk = newKey.toJsonWebKey(); - //set missing parameters - newJwk.withKid("kid"); - - assertEquals(jwk, newJwk); - } - - //Checks validity of verify by - //Externally signing a byte_array with openssl - //Verifying with SDK - private void doVerify(EcKey key, MessageDigest digest, byte[] preGenSignature) throws IOException, NoSuchAlgorithmException, InterruptedException, ExecutionException { - byte[] hash = digest.digest(cek); - - //Use sign and verify to test each other. - boolean result = key.verifyAsync(hash, preGenSignature, key.getDefaultSignatureAlgorithm()).get(); - assertTrue(result); - - //Check that key denies invalid digest. - BigInteger bigInt = new BigInteger(hash); - BigInteger shiftInt = bigInt.shiftRight(4); - byte[] shifted = shiftInt.toByteArray(); - boolean incorrectResult = key.verifyAsync(shifted, preGenSignature, key.getDefaultSignatureAlgorithm()).get(); - assertFalse(incorrectResult); - - key.close(); - } - - private void doSignVerify(EcKey key, MessageDigest digest) throws IOException, NoSuchAlgorithmException, InterruptedException, ExecutionException { - - byte[] hash = digest.digest(cek); - - //Use sign and verify to test each other. - Pair signature = key.signAsync(hash, key.getDefaultSignatureAlgorithm()).get(); - boolean result = key.verifyAsync(hash, signature.getLeft(), key.getDefaultSignatureAlgorithm()).get(); - assertTrue(result); - - //Check that key denies invalid digest. - BigInteger bigInt = new BigInteger(hash); - BigInteger shiftInt = bigInt.shiftRight(4); - byte[] shifted = shiftInt.toByteArray(); - boolean incorrectResult = key.verifyAsync(shifted, signature.getLeft(), key.getDefaultSignatureAlgorithm()).get(); - assertFalse(incorrectResult); - - key.close(); - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/PemFile.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/PemFile.java deleted file mode 100644 index 7c13bc0554a79..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/PemFile.java +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStreamReader; - -import org.bouncycastle.util.io.pem.PemObject; -import org.bouncycastle.util.io.pem.PemReader; - -public class PemFile { - - private PemObject pemObject; - - public PemFile(String filename) throws FileNotFoundException, IOException { - PemReader pemReader = new PemReader(new InputStreamReader(new FileInputStream(filename))); - try { - this.pemObject = pemReader.readPemObject(); - } finally { - pemReader.close(); - } - } - - public PemObject getPemObject() { - return pemObject; - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/RsaKeyBCProviderTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/RsaKeyBCProviderTest.java deleted file mode 100644 index d470aa65e2302..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/RsaKeyBCProviderTest.java +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import java.security.Provider; -import org.junit.Before; - -public class RsaKeyBCProviderTest extends RsaKeyTest { - - @Before - public void setUp() throws Exception { - try { - super.setProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance()); - } catch (Exception ex) { - throw new RuntimeException(ex.getMessage()); - } - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/RsaKeyTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/RsaKeyTest.java deleted file mode 100644 index 5c46bf9c3a64f..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/RsaKeyTest.java +++ /dev/null @@ -1,196 +0,0 @@ -// Copyright (c) Microsoft Corporation. All rights reserved. -// Licensed under the MIT License. - -package com.microsoft.azure.keyvault.cryptography.test; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.microsoft.azure.keyvault.cryptography.RsaKey; -import com.microsoft.azure.keyvault.cryptography.algorithms.Rs256; -import com.microsoft.azure.keyvault.cryptography.algorithms.Rsa15; -import com.microsoft.azure.keyvault.cryptography.algorithms.RsaOaep; -import com.microsoft.azure.keyvault.webkey.JsonWebKey; -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang3.tuple.Pair; -import org.apache.commons.lang3.tuple.Triple; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - -public class RsaKeyTest { - - // A Content Encryption Key, or Message. This value is kept consistent with the .NET - // unit test cases to enable cross platform testing. - static final byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - static final String CROSS_PLATFORM_HASH = "qPrtarvzXBKksm5A9v6xnXNtkARcg7n5ox9jjTI+aBE="; - static final String CROSS_PLATFORM_SIGNATURE = "RaNc+8WcWxplS8I7ynJLSoLJKz+dgBvrZhIGH3VFlTTyzu7b9d+lpaV9IKhzCNBsgSysKhgL7EZwVCOTBZ4m6xvKSXqVFXYaBPyBTD7VoKPMYMW6ai5x6xV5XAMaZPfMkff3Deg/RXcc8xQ28FhYuUa8yly01GySY4Hk55anEvb2wBxSy1UGun/0LE1lYH3C3XEgSry4cEkJHDJl1hp+wB4J/noXOqn5ECGU+/4ehBJOyW1gtUH0/gRe8yXnDH0AXepHRyH8iBHLWlKX1r+1/OrMulqOoi82RZzJlTyEz9X+bsQhllqGF6n3hdLS6toH9o7wUtwYNqSx82JuQT6iMg=="; - - private Provider provider = null; - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } - - @Before - public void setUp() throws Exception { - } - - @After - public void tearDown() throws Exception { - } - - protected void setProvider(Provider provider) { - this.provider = provider; - } - - @Test - public void testRsaKeyEmptyConstructor() throws NoSuchAlgorithmException { - RsaKey key = new RsaKey(); - - assertNotNull(key); - } - - @Test - public void testRsa15() throws Exception { - - RsaKey key = getTestRsaKey(); - - // Wrap and Unwrap - Pair wrapped = key.wrapKeyAsync(CEK, Rsa15.ALGORITHM_NAME).get(); - byte[] unwrapped = key.unwrapKeyAsync(wrapped.getLeft(), wrapped.getRight()).get(); - - // Assert - assertEquals(Rsa15.ALGORITHM_NAME, wrapped.getRight()); - assertArrayEquals(CEK, unwrapped); - - // Encrypt and Decrypt - Triple encrypted = key.encryptAsync(CEK, null, null, Rsa15.ALGORITHM_NAME).get(); - byte[] decrypted = key.decryptAsync(encrypted.getLeft(), null, null, null, encrypted.getRight()).get(); - - // Assert - assertEquals(Rsa15.ALGORITHM_NAME, encrypted.getRight()); - assertArrayEquals(CEK, decrypted); - - key.close(); - } - - @Test - public void testRsaOaep() throws Exception { - - RsaKey key = getTestRsaKey(); - - // Wrap and Unwrap - Pair wrapped = key.wrapKeyAsync(CEK, RsaOaep.ALGORITHM_NAME).get(); - byte[] unwrapped = key.unwrapKeyAsync(wrapped.getLeft(), wrapped.getRight()).get(); - - // Assert - assertEquals(RsaOaep.ALGORITHM_NAME, wrapped.getRight()); - assertArrayEquals(CEK, unwrapped); - - // Encrypt and Decrypt - Triple encrypted = key.encryptAsync(CEK, null, null, RsaOaep.ALGORITHM_NAME).get(); - byte[] decrypted = key.decryptAsync(encrypted.getLeft(), null, null, null, encrypted.getRight()).get(); - - // Assert - assertEquals(RsaOaep.ALGORITHM_NAME, encrypted.getRight()); - assertArrayEquals(CEK, decrypted); - - key.close(); - } - - @Test - public void testDefaultAlgorithm() throws Exception { - - RsaKey key = getTestRsaKey(); - - assertEquals(RsaOaep.ALGORITHM_NAME, key.getDefaultEncryptionAlgorithm()); - assertEquals(RsaOaep.ALGORITHM_NAME, key.getDefaultKeyWrapAlgorithm()); - assertEquals(Rs256.ALGORITHM_NAME, key.getDefaultSignatureAlgorithm()); - - // Wrap and Unwrap - Pair wrapped = key.wrapKeyAsync(CEK, key.getDefaultKeyWrapAlgorithm()).get(); - byte[] unwrapped = key.unwrapKeyAsync(wrapped.getLeft(), wrapped.getRight()).get(); - - // Assert - assertEquals(RsaOaep.ALGORITHM_NAME, wrapped.getRight()); - assertArrayEquals(CEK, unwrapped); - - // Encrypt and Decrypt - Triple encrypted = key.encryptAsync(CEK, null, null, key.getDefaultEncryptionAlgorithm()).get(); - byte[] decrypted = key.decryptAsync(encrypted.getLeft(), null, null, null, encrypted.getRight()).get(); - - // Assert - assertEquals(RsaOaep.ALGORITHM_NAME, encrypted.getRight()); - assertArrayEquals(CEK, decrypted); - - key.close(); - } - - @Test - public void testSignVerify() throws Exception { - - RsaKey key = getTestRsaKey(); - - MessageDigest digest = MessageDigest.getInstance("SHA-256"); - byte[] hash = digest.digest(CEK); - - byte[] crossPlatformHash = Base64.decodeBase64(CROSS_PLATFORM_HASH); - byte[] crossPlatformSignature = Base64.decodeBase64(CROSS_PLATFORM_SIGNATURE); - - // Check the hash - assertNotNull(hash); - assertEquals(32, hash.length); - assertArrayEquals(hash, crossPlatformHash); - - Pair signature = key.signAsync(hash, "RS256").get(); - boolean result = key.verifyAsync(hash, signature.getLeft(), "RS256").get(); - - // Check the signature - assertTrue(result); - assertArrayEquals(crossPlatformSignature, signature.getLeft()); - - // Now prove we can verify the cross platform signature - result = key.verifyAsync(hash, Base64.decodeBase64(CROSS_PLATFORM_SIGNATURE), "RS256").get(); - - assertTrue(result); - - key.close(); - } - - @Test - public void testToFromJsonWebKey() throws Exception { - RsaKey key = getTestRsaKey(); - JsonWebKey jwk = key.toJsonWebKey(); - jwk.withKid("new kid"); - //setting kid - RsaKey sameKey = RsaKey.fromJsonWebKey(jwk, true, provider); - JsonWebKey jwkSame = sameKey.toJsonWebKey(); - jwkSame.withKid("new kid"); - assertEquals(jwk, jwkSame); - } - - private RsaKey getTestRsaKey() throws Exception { - String jwkString = "{\"kty\":\"RSA\",\"n\":\"rZ8pnmXkhfmmgNWVVdtNcYy2q0OAcCGIpeFzsN9URqJsiBEiWQfxlUxFTbM4kVWPqjauKt6byvApBGEeMA7Qs8kxwRVP-BD4orXRe9VPgliM92rH0UxQWHmCHUe7G7uUAFPwbiDVhWuFzELxNa6Kljg6Z9DuUKoddmQvlYWj8uSunofCtDi_zzlZKGYTOYJma5IYScHNww1yjLp8-b-Be2UdHbrPkCv6Nuwi6MVIKjPpEeRQgfefRmxDBJQKY3OfydMXZmEwukYXVkUcdIP8XwG2OxnfdRK0oAo0NDebNNVuT89k_3AyZLTr1KbDmx1nnjwa8uB8k-uLtcOC9igbTw\",\"e\":\"AQAB\",\"d\":\"H-z7hy_vVJ9yeZBMtIvt8qpQUK_J51STPwV085otcgud72tPKJXoW2658664ASl9kGwbnLBwb2G3-SEunuGqiNS_PGUB3niob6sFSUMRKsPDsB9HfPoOcCZvwZiWFGRqs6C7vlR1TuJVqRjKJ_ffbf4K51oo6FZPspx7j4AShLAwLUSQ60Ld5QPuxYMYZIMpdVbMVIVHJ26pR4Y18e_0GYmEGnbF5N0HkwqQmfmTiIK5aoGnD3GGgqHeHmWBwh6_WAq90ITLcX_zBeqQUgBSj-Z5v61SroO9Eang36T9mMoYrcPpYwemtAOb4HhQYDj8dCCfbeOcVmvZ9UJKWCX2oQ\",\"dp\":\"HW87UpwPoj3lPI9B9K1hJFeuGgarpakvtHuk1HpZ5hXWFGAJiXoWRV-jvYyjoM2k7RpSxPyuuFFmYHcIxiGFp2ES4HnP0BIhKVa2DyugUxIEcMK53C43Ub4mboJPZTSC3sapKgAmA2ue624sapWmshTPpx9qnUP2Oj3cSMkgMGE\",\"dq\":\"RhwEwb5FYio0GS2tmul8FAYsNH7JDehwI1yUApnTiakhSenFetml4PYyVkKR4csgLZEi3RY6J3R8Tg-36zrZuF7hxhVJn80L5_KETSpfEI3jcrXMVg4SRaMsWLY9Ahxflt2FJgUnHOmWRLmP6_hmaTcxxSACjbyUd_HhwNavD5E\",\"qi\":\"wYPZ4lKIslA1w3FaAzQifnNLABYXXUZ_KAA3a8T8fuxkdE4OP3xIFX7WHhnmBd6uOFiEcGoeq2jNQqDg91rV5661-5muQKcvp4uUsNId5rQw9EZw-kdDcwMtVFTEBfvVuyp83X974xYAHn1Jd8wWohSwrpi1QuH5cQMR5Fm6I1A\",\"p\":\"74Ot7MgxRu4euB31UWnGtrqYPjJmvbjYESS43jfDfo-s62ggV5a39P_YPg6oosgtGHNw0QDxunUOXNu9iriaYPf_imptRk69bKN8Nrl727Y-AaBYdLf1UZuwz8X07FqHAH5ghYpk79djld8QvkUUJLpx6rzcW8BJLTOi46DtzZE\",\"q\":\"uZJu-qenARIt28oj_Jlsk-p_KLnqdczczZfbRDd7XNp6csGLa8R0EyYqUB4xLWELQZsX4tAu9SaAO62tuuEy5wbOAmOVrq2ntoia1mGQSJdoeVq6OqtN300xVnaBc3us0rm8C6-824fEQ1PWXoulXLKcSqBhFT-hQahsYi-kat8\"}"; - ObjectMapper mapper = new ObjectMapper(); - JsonWebKey jwk = null; - - jwk = mapper.readValue(jwkString, JsonWebKey.class); - - return new RsaKey("foo", jwk.toRSA(true, provider)); - } - -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/SymmetricKeyBCProviderTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/SymmetricKeyBCProviderTest.java deleted file mode 100644 index 2954df416105f..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/SymmetricKeyBCProviderTest.java +++ /dev/null @@ -1,34 +0,0 @@ -/** - * - * Copyright (c) Microsoft and contributors. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package com.microsoft.azure.keyvault.cryptography.test; - -import java.security.Provider; -import org.junit.Before; - -public class SymmetricKeyBCProviderTest extends SymmetricKeyTest { - - @Before - public void setUp() throws Exception { - try { - super.setProvider((Provider) Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider").newInstance()); - } catch (Exception ex) { - throw new RuntimeException(ex.getMessage()); - } - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/SymmetricKeyTest.java b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/SymmetricKeyTest.java deleted file mode 100644 index 83aad291b83cc..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/java/com/microsoft/azure/keyvault/cryptography/test/SymmetricKeyTest.java +++ /dev/null @@ -1,616 +0,0 @@ -/** - * - * Copyright (c) Microsoft and contributors. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package com.microsoft.azure.keyvault.cryptography.test; - -import com.microsoft.azure.keyvault.cryptography.SymmetricKey; -import org.apache.commons.lang3.tuple.Pair; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; - -import javax.crypto.Cipher; -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.Provider; -import java.util.concurrent.ExecutionException; - -import static org.junit.Assert.assertArrayEquals; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.fail; - -public class SymmetricKeyTest { - - private Provider provider = null; - - private static boolean hasUnlimitedCrypto() { - try { - return Cipher.getMaxAllowedKeyLength("RC5") >= 256; - } catch (NoSuchAlgorithmException e) { - return false; - } - } - - @BeforeClass - public static void setUpBeforeClass() throws Exception { - } - - @AfterClass - public static void tearDownAfterClass() throws Exception { - } - - @Before - public void setUp() throws Exception { - setProvider(null); - } - - @After - public void tearDown() throws Exception { - } - - protected void setProvider(Provider provider) { - this.provider = provider; - } - - @Test - public void testSymmetricKeyAesKw128() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x1F, (byte) 0xA6, (byte) 0x8B, 0x0A, (byte) 0x81, 0x12, (byte) 0xB4, 0x47, (byte) 0xAE, (byte) 0xF3, 0x4B, (byte) 0xD8, (byte) 0xFB, 0x5A, 0x7B, (byte) 0x82, (byte) 0x9D, 0x3E, (byte) 0x86, 0x23, 0x71, (byte) 0xD2, (byte) 0xCF, (byte) 0xE5 }; - - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - - try { - encrypted = key.wrapKeyAsync(cek, "A128KW").get().getLeft(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, "A128KW").get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } - - @Test - public void testSymmetricKeyAesKw192() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { (byte) 0x96, 0x77, (byte) 0x8B, 0x25, (byte) 0xAE, 0x6C, (byte) 0xA4, 0x35, (byte) 0xF9, 0x2B, 0x5B, (byte) 0x97, (byte) 0xC0, 0x50, (byte) 0xAE, (byte) 0xD2, 0x46, (byte) 0x8A, (byte) 0xB8, (byte) 0xA1, 0x7A, (byte) 0xD8, 0x4E, 0x5D }; - - boolean unlimited = hasUnlimitedCrypto(); - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - - try { - encrypted = key.wrapKeyAsync(cek, "A192KW").get().getLeft(); - - if (!unlimited) { - fail("Expected ExecutionException"); - } - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - - // In the limited case, the failure should be InvalidKeyException - // In the unlimited case, this should not fail - if (!unlimited) { - Throwable cause = e.getCause(); - if (!(cause instanceof InvalidKeyException)) { - fail("ExecutionException"); - } - } else { - fail("ExecutionException"); - } - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - if (unlimited) { - // Assert - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, "A192KW").get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } - - @Test - public void testSymmetricKeyAesKw256() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x64, (byte) 0xE8, (byte) 0xC3, (byte) 0xF9, (byte) 0xCE, 0x0F, 0x5B, (byte) 0xA2, 0x63, (byte) 0xE9, 0x77, 0x79, 0x05, (byte) 0x81, (byte) 0x8A, 0x2A, (byte) 0x93, (byte) 0xC8, 0x19, 0x1E, 0x7D, 0x6E, (byte) 0x8A, (byte) 0xE7 }; - - /* - * This test using the default JCE provider depends on whether unlimited security - * is installed or not. In the unlimited case, the full test should pass but in - * the limited case, it should fail with InvalidKeyException. - */ - boolean unlimited = hasUnlimitedCrypto(); - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - - try { - encrypted = key.wrapKeyAsync(cek, "A256KW").get().getLeft(); - - if (!unlimited) { - fail("Expected ExecutionException"); - } - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - // In the limited case, the failure should be InvalidKeyException - // In the unlimited case, this should not fail - if (!unlimited) { - Throwable cause = e.getCause(); - if (!(cause instanceof InvalidKeyException)) { - fail("ExecutionException"); - } - } else { - fail("ExecutionException"); - } - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - if (unlimited) { - // Assert - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, "A256KW").get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } - - @Test - public void testSymmetricKeyDefaultAlgorithmAesKw128() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x1F, (byte) 0xA6, (byte) 0x8B, 0x0A, (byte) 0x81, 0x12, (byte) 0xB4, 0x47, (byte) 0xAE, (byte) 0xF3, 0x4B, (byte) 0xD8, (byte) 0xFB, 0x5A, 0x7B, (byte) 0x82, (byte) 0x9D, 0x3E, (byte) 0x86, 0x23, 0x71, (byte) 0xD2, (byte) 0xCF, (byte) 0xE5 }; - - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - String algorithm = null; - - try { - Pair result = key.wrapKeyAsync(cek, null).get(); - encrypted = result.getLeft(); - algorithm = result.getRight(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertEquals("A128KW", algorithm); - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, algorithm).get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } - - @Test - public void testSymmetricKeyDefaultAlgorithmAesKw192() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { (byte) 0x96, 0x77, (byte) 0x8B, 0x25, (byte) 0xAE, 0x6C, (byte) 0xA4, 0x35, (byte) 0xF9, 0x2B, 0x5B, (byte) 0x97, (byte) 0xC0, 0x50, (byte) 0xAE, (byte) 0xD2, 0x46, (byte) 0x8A, (byte) 0xB8, (byte) 0xA1, 0x7A, (byte) 0xD8, 0x4E, 0x5D }; - - /* - * This test using the default JCE provider depends on whether unlimited security - * is installed or not. In the unlimited case, the full test should pass but in - * the limited case, it should fail with InvalidKeyException. - */ - boolean unlimited = hasUnlimitedCrypto(); - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - String algorithm = null; - - try { - Pair result = key.wrapKeyAsync(cek, null).get(); - - encrypted = result.getLeft(); - algorithm = result.getRight(); - - if (!unlimited) { - fail("Expected ExecutionException"); - } - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - // In the limited case, the failure should be InvalidKeyException - // In the unlimited case, this should not fail - if (!unlimited) { - Throwable cause = e.getCause(); - if (!(cause instanceof InvalidKeyException)) { - fail("ExecutionException"); - } - } else { - fail("ExecutionException"); - } - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - if (unlimited) { - // Assert - assertEquals("A192KW", algorithm); - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, algorithm).get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } - - @Test - public void testSymmetricKeyDefaultAlgorithmAesKw256() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x64, (byte) 0xE8, (byte) 0xC3, (byte) 0xF9, (byte) 0xCE, 0x0F, 0x5B, (byte) 0xA2, 0x63, (byte) 0xE9, 0x77, 0x79, 0x05, (byte) 0x81, (byte) 0x8A, 0x2A, (byte) 0x93, (byte) 0xC8, 0x19, 0x1E, 0x7D, 0x6E, (byte) 0x8A, (byte) 0xE7 }; - /* - * This test using the default JCE provider depends on whether unlimited security - * is installed or not. In the unlimited case, the full test should pass but in - * the limited case, it should fail with InvalidKeyException. - */ - boolean unlimited = hasUnlimitedCrypto(); - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - String algorithm = null; - - try { - Pair result = key.wrapKeyAsync(cek, null).get(); - encrypted = result.getLeft(); - algorithm = result.getRight(); - - if (!unlimited) { - fail("Expected ExecutionException"); - } - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - // In the limited case, the failure should be InvalidKeyException - // In the unlimited case, this should not fail - if (!unlimited) { - Throwable cause = e.getCause(); - if (!(cause instanceof InvalidKeyException)) { - fail("ExecutionException"); - } - } else { - fail("ExecutionException"); - } - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - if (unlimited) { - // Assert - assertEquals("A256KW", algorithm); - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, algorithm).get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } - - @Test - public void testSymmetricKeyAesKw128ExcessKeyMaterial() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x1F, (byte) 0xA6, (byte) 0x8B, 0x0A, (byte) 0x81, 0x12, (byte) 0xB4, 0x47, (byte) 0xAE, (byte) 0xF3, 0x4B, (byte) 0xD8, (byte) 0xFB, 0x5A, 0x7B, (byte) 0x82, (byte) 0x9D, 0x3E, (byte) 0x86, 0x23, 0x71, (byte) 0xD2, (byte) 0xCF, (byte) 0xE5 }; - - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - - try { - encrypted = key.wrapKeyAsync(cek, "A128KW").get().getLeft(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, "A128KW").get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } - - @Test - public void testSymmetricKeyAesKw192ExcessKeyMaterial() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { (byte) 0x96, 0x77, (byte) 0x8B, 0x25, (byte) 0xAE, 0x6C, (byte) 0xA4, 0x35, (byte) 0xF9, 0x2B, 0x5B, (byte) 0x97, (byte) 0xC0, 0x50, (byte) 0xAE, (byte) 0xD2, 0x46, (byte) 0x8A, (byte) 0xB8, (byte) 0xA1, 0x7A, (byte) 0xD8, 0x4E, 0x5D }; - - boolean unlimited = hasUnlimitedCrypto(); - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - - try { - encrypted = key.wrapKeyAsync(cek, "A192KW").get().getLeft(); - - if (!unlimited) { - fail("Expected ExecutionException"); - } - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - - // In the limited case, the failure should be InvalidKeyException - // In the unlimited case, this should not fail - if (!unlimited) { - Throwable cause = e.getCause(); - if (!(cause instanceof InvalidKeyException)) { - fail("ExecutionException"); - } - } else { - fail("ExecutionException"); - } - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - if (unlimited) { - // Assert - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, "A192KW").get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } - - @Test - public void testSymmetricKeyAesKw256ExcessKeyMaterial() { - // Arrange - byte[] kek = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; - byte[] cek = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, (byte) 0x88, (byte) 0x99, (byte) 0xAA, (byte) 0xBB, (byte) 0xCC, (byte) 0xDD, (byte) 0xEE, (byte) 0xFF }; - byte[] ek = { 0x64, (byte) 0xE8, (byte) 0xC3, (byte) 0xF9, (byte) 0xCE, 0x0F, 0x5B, (byte) 0xA2, 0x63, (byte) 0xE9, 0x77, 0x79, 0x05, (byte) 0x81, (byte) 0x8A, 0x2A, (byte) 0x93, (byte) 0xC8, 0x19, 0x1E, 0x7D, 0x6E, (byte) 0x8A, (byte) 0xE7 }; - - /* - * This test using the default JCE provider depends on whether unlimited security - * is installed or not. In the unlimited case, the full test should pass but in - * the limited case, it should fail with InvalidKeyException. - */ - boolean unlimited = hasUnlimitedCrypto(); - SymmetricKey key = new SymmetricKey("kek", kek, provider); - - byte[] encrypted = null; - - try { - encrypted = key.wrapKeyAsync(cek, "A256KW").get().getLeft(); - - if (!unlimited) { - fail("Expected ExecutionException"); - } - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - // In the limited case, the failure should be InvalidKeyException - // In the unlimited case, this should not fail - if (!unlimited) { - Throwable cause = e.getCause(); - if (!(cause instanceof InvalidKeyException)) { - fail("ExecutionException"); - } - } else { - fail("ExecutionException"); - } - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - if (unlimited) { - // Assert - assertArrayEquals(ek, encrypted); - - byte[] decrypted = null; - - try { - decrypted = key.unwrapKeyAsync(ek, "A256KW").get(); - } catch (InterruptedException e) { - fail("InterrupedException"); - } catch (ExecutionException e) { - fail("ExecutionException"); - } catch (NoSuchAlgorithmException e) { - fail("NoSuchAlgorithmException"); - } - - // Assert - assertArrayEquals(cek, decrypted); - } - - try { - key.close(); - } catch (IOException e) { - fail("Key could not be closed"); - } - } -} diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/SECP256key.pem b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/SECP256key.pem deleted file mode 100644 index 9422787ad2e2f..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/SECP256key.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN EC PARAMETERS----- -BgUrgQQACg== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MHQCAQEEIIbmPOGbSMPdQoRmd5CTnkMl5EtyAYG9YF0/cC9/QiOsoAcGBSuBBAAK -oUQDQgAEcgWYGgCEzF7O2klfOCQJSrIjKZd1InDMUVwbykw5gvbCaL8m2/hSY13o -X7A1b4PbLn6zK7TAFRqBipA8w2sQ6g== ------END EC PRIVATE KEY----- diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/byte_array.bin b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/byte_array.bin deleted file mode 100644 index 2fdaa8e3b66f3dbbca0fb410057bff611d3935de..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 16 YcmZP&R5Er6O)Kx1xoY>ByYK!304+EN`2YX_ diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256key.pem b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256key.pem deleted file mode 100644 index 0dc7ae15b09c1..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256key.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN EC PARAMETERS----- -BgUrgQQACg== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MHQCAQEEICuTXZmGPyKlnpX/NZjNsfRF3V6np91hIN6JGuq3+ml4oAcGBSuBBAAK -oUQDQgAEB4kcrPPdAiPb0RNPgqik6RbzD4CluCZB/FcqgS8tBOJ3mSjnCNUzlAng -QQWZu0YZzq2n4QZwa9E1FZc5hBH7nA== ------END EC PRIVATE KEY----- diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256keynew.pem b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256keynew.pem deleted file mode 100644 index fc9d36273a6e9..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256keynew.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgmDtpx1m8G4Wmwo5+ -CuQx27iupfo5nf4CqsfWmMYxFEehRANCAARIcREG1iUacEdriN3Zim6er9nbgSil -YSYN9tX1+HhLlPr1MXL7nERsSlVSlTptbC+SxGL+2cBcI4dgM7/XPe9Z ------END PRIVATE KEY----- diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256keypubnew.pem b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256keypubnew.pem deleted file mode 100644 index 7e245ae14711b..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256keypubnew.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESHERBtYlGnBHa4jd2Ypunq/Z24Eo -pWEmDfbV9fh4S5T69TFy+5xEbEpVUpU6bWwvksRi/tnAXCOHYDO/1z3vWQ== ------END PUBLIC KEY----- diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256sig.der b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p256sig.der deleted file mode 100644 index 23f41f2ee364b5aeadeb8ca2953f6d9360e42ddd..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 71 zcmV-N0J#4!MFJpHjxxT^fS3`X-0jY^itDxF9X^F*O0iZTndVDu%T`$eApo#d$Q%)C dG$1j#t79e7_??y?q}`7J`!AQOce?TOw6CF%BF6v# diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384keynew.pem b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384keynew.pem deleted file mode 100644 index 9ec79bdab30ed..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384keynew.pem +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC0ooKHLcKqHpTI1Cz2 -AjkFh/DXxz9VaHW6tdRYow3eHRpPyjWzdpK9ThCc2vsVvnqhZANiAATy14M2foWP -Tbql4vwUhL1JEh0Oy629FNaggH6oGCNNPdtVOWJfRcPvFWdYIcfOotVGHLIl8WLJ -HnuDUMUbxCJFoWboyPIBzufbiPEvZaAjWjT509d971YJANAwVcYmR4Y= ------END PRIVATE KEY----- diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384keypubnew.pem b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384keypubnew.pem deleted file mode 100644 index 44de436df9154..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384keypubnew.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8teDNn6Fj026peL8FIS9SRIdDsutvRTW -oIB+qBgjTT3bVTliX0XD7xVnWCHHzqLVRhyyJfFiyR57g1DFG8QiRaFm6MjyAc7n -24jxL2WgI1o0+dPXfe9WCQDQMFXGJkeG ------END PUBLIC KEY----- diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384sig.der b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/p384sig.der deleted file mode 100644 index 44e3fc6b3007725cd36189116d3bdea2311f0d47..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 104 zcmV-u0GIzTW&$w)fnl+-fP^}6d0ZD+|7f2UWAFdaHV+dF?5D_E%6t;hfyC;oJ^S;t zhvqe~)w^TN0xOXQ<$z$c70Mxb-6{e?0j9PO6-$P6!OM$Rvr_`!+ttlk*;WQv tL;;pEzmOUl9&X+K+of2REH=aiLXsb{vGd;xAv3Z6Z;&jEIj3L4p7P diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256keynew.pem b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256keynew.pem deleted file mode 100644 index 3f68ccd6e32c9..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256keynew.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQghuY84ZtIw91ChGZ3kJOe -QyXkS3IBgb1gXT9wL39CI6yhRANCAARyBZgaAITMXs7aSV84JAlKsiMpl3UicMxR -XBvKTDmC9sJovybb+FJjXehfsDVvg9sufrMrtMAVGoGKkDzDaxDq ------END PRIVATE KEY----- diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256keypubnew.pem b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256keypubnew.pem deleted file mode 100644 index 4e7cddb688629..0000000000000 --- a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256keypubnew.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEcgWYGgCEzF7O2klfOCQJSrIjKZd1InDM -UVwbykw5gvbCaL8m2/hSY13oX7A1b4PbLn6zK7TAFRqBipA8w2sQ6g== ------END PUBLIC KEY----- diff --git a/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256sig.der b/sdk/keyvault/microsoft-azure-keyvault-cryptography/src/test/resources/secp256sig.der deleted file mode 100644 index 2dc90f98c7cfcbb2eb3953126b888a9418784558..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 70 zcmV-M0J;A#L;@gXYJ-lT?5^!&heOlXgkGEByGbYz0BPw&f1kS9W;K2SAa_?vOFEjG cctV<)56R?fY;v-S6LW|A2_Q0m|FX?ne|qL1$^ZZW diff --git a/sdk/keyvault/microsoft-azure-keyvault-extensions/pom.xml b/sdk/keyvault/microsoft-azure-keyvault-extensions/pom.xml index ace927e8e4689..1458df62c6d44 100644 --- a/sdk/keyvault/microsoft-azure-keyvault-extensions/pom.xml +++ b/sdk/keyvault/microsoft-azure-keyvault-extensions/pom.xml @@ -49,11 +49,6 @@ azure-keyvault-core 1.3.0-beta.1 - - com.microsoft.azure - azure-keyvault-cryptography - 1.3.0-beta.1 - com.microsoft.azure azure-keyvault diff --git a/sdk/keyvault/microsoft-azure-keyvault-test/pom.xml b/sdk/keyvault/microsoft-azure-keyvault-test/pom.xml index 582e551819ebe..7ab7010e7269c 100644 --- a/sdk/keyvault/microsoft-azure-keyvault-test/pom.xml +++ b/sdk/keyvault/microsoft-azure-keyvault-test/pom.xml @@ -50,12 +50,6 @@ 1.3.0-beta.1 test - - com.microsoft.azure - azure-keyvault-cryptography - 1.3.0-beta.1 - test - com.microsoft.azure azure-mgmt-storage diff --git a/sdk/keyvault/microsoft-azure-keyvault/pom.xml b/sdk/keyvault/microsoft-azure-keyvault/pom.xml index 238b914eea26a..b0f83d7b542e0 100644 --- a/sdk/keyvault/microsoft-azure-keyvault/pom.xml +++ b/sdk/keyvault/microsoft-azure-keyvault/pom.xml @@ -46,12 +46,6 @@ the MIT License. See License.txt in the project root for license information. -- - - com.microsoft.azure - azure-keyvault-cryptography - 1.3.0-beta.1 - - com.microsoft.azure diff --git a/sdk/keyvault/pom.xml b/sdk/keyvault/pom.xml index b133d02c1d193..d60351855d2da 100644 --- a/sdk/keyvault/pom.xml +++ b/sdk/keyvault/pom.xml @@ -12,7 +12,6 @@ microsoft-azure-keyvault microsoft-azure-keyvault-complete microsoft-azure-keyvault-core - microsoft-azure-keyvault-cryptography microsoft-azure-keyvault-extensions microsoft-azure-keyvault-test azure-security-test-keyvault-jca