Class PKCS5PaddingCipherTest
- java.lang.Object
-
- com.microej.crypto.test.PKCS5PaddingCipherTest
-
public class PKCS5PaddingCipherTest extends java.lang.ObjectTests the PKCS#5 unpadding performed on decryption.The unpadding was rewritten to validate every padding byte in constant time (no early return on the first mismatch) to mitigate padding-oracle attacks. The timing property itself cannot be asserted from a unit test, but these tests guard the functional correctness of that rewrite: valid padding must round-trip, and every form of invalid padding must be rejected with a
BadPaddingException.PKCS#5 padding is exercised here through the
PBEWithHmacSHA256AndAES_128cipher, which internally uses AES in CBC mode with PKCS#5 padding. A fixed salt, IV and iteration count make every operation deterministic.
-
-
Constructor Summary
Constructors Constructor Description PKCS5PaddingCipherTest()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidtestInvalidPaddingIsRejected()Every form of invalid PKCS#5 padding must be rejected with aBadPaddingException.voidtestRoundTripVariousLengths()Encrypting then decrypting must return the original plaintext for input lengths that span every padding value, including a length that is an exact multiple of the block size (which appends a full padding block).
-
-
-
Method Detail
-
testRoundTripVariousLengths
public void testRoundTripVariousLengths() throws java.lang.ExceptionEncrypting then decrypting must return the original plaintext for input lengths that span every padding value, including a length that is an exact multiple of the block size (which appends a full padding block).- Throws:
java.lang.Exception
-
testInvalidPaddingIsRejected
public void testInvalidPaddingIsRejected() throws java.lang.ExceptionEvery form of invalid PKCS#5 padding must be rejected with aBadPaddingException.Each malformed block is obtained by encrypting a single block-aligned plaintext (so PKCS#5 appends a separate padding block), then truncating that padding block off the ciphertext. Decrypting the remaining block returns the crafted plaintext unchanged (CBC decrypts the first block from the IV alone), so the unpadding step sees the deliberately invalid padding.
- Throws:
java.lang.Exception
-
-