Class PKCS5PaddingCipherTest


  • public class PKCS5PaddingCipherTest
    extends java.lang.Object
    Tests the PKCS#5 unpadding performed on decryption.

    The unpadding was rewritten to validate every padding byte in constant time (no early return on the first mismatch) to mitigate padding-oracle attacks. The timing property itself cannot be asserted from a unit test, but these tests guard the functional correctness of that rewrite: valid padding must round-trip, and every form of invalid padding must be rejected with a BadPaddingException.

    PKCS#5 padding is exercised here through the PBEWithHmacSHA256AndAES_128 cipher, which internally uses AES in CBC mode with PKCS#5 padding. A fixed salt, IV and iteration count make every operation deterministic.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void testInvalidPaddingIsRejected()
      Every form of invalid PKCS#5 padding must be rejected with a BadPaddingException.
      void testRoundTripVariousLengths()
      Encrypting then decrypting must return the original plaintext for input lengths that span every padding value, including a length that is an exact multiple of the block size (which appends a full padding block).
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • PKCS5PaddingCipherTest

        public PKCS5PaddingCipherTest()
    • Method Detail

      • testRoundTripVariousLengths

        public void testRoundTripVariousLengths()
                                         throws java.lang.Exception
        Encrypting then decrypting must return the original plaintext for input lengths that span every padding value, including a length that is an exact multiple of the block size (which appends a full padding block).
        Throws:
        java.lang.Exception
      • testInvalidPaddingIsRejected

        public void testInvalidPaddingIsRejected()
                                          throws java.lang.Exception
        Every form of invalid PKCS#5 padding must be rejected with a BadPaddingException.

        Each malformed block is obtained by encrypting a single block-aligned plaintext (so PKCS#5 appends a separate padding block), then truncating that padding block off the ciphertext. Decrypting the remaining block returns the crafted plaintext unchanged (CBC decrypts the first block from the IV alone), so the unpadding step sees the deliberately invalid padding.

        Throws:
        java.lang.Exception