/** * Creates a derived key from the given {@link SecretKey} an input salt and wraps the key in * a {@link SecretKeySpec} using the given {@link CipherSpec}. * * <p>This method simply uses the {@link #createDerivedKey(byte[], byte[], String, int) createDerivedKey()} * method using the encoded input key and the algorithm and key size given by the cipher spec. * * @param inputKey The source key to derive the new key from * @param inputSalt Input salt used to generate the new key (a non-secret random value!) * @param outputCipherSpec Defines the algorithm and key size of the new output key * @return Returns a derived key (including the given input salt) */ public static SaltedSecretKey createDerivedKey(SecretKey inputKey, byte[] inputSalt, CipherSpec outputCipherSpec) throws InvalidKeySpecException, NoSuchAlgorithmException, NoSuchProviderException { return createDerivedKey(inputKey.getEncoded(), inputSalt, outputCipherSpec.getAlgorithm(), outputCipherSpec.getKeySize()); }
@Test public void testCipherSessionReadKeyCacheSizeOfThree() throws Exception { SaltedSecretKey masterKey = createDummyMasterKey(); CipherSession cipherSession = new CipherSession(masterKey, 2, 999); CipherSpec cipherSpecAes128 = CipherSpecs.getCipherSpec(CipherSpecs.AES_128_GCM); byte[] readKeySalt1 = CipherUtil.createRandomArray(cipherSpecAes128.getKeySize()); byte[] readKeySalt2 = CipherUtil.createRandomArray(cipherSpecAes128.getKeySize()); byte[] readKeySalt3 = CipherUtil.createRandomArray(cipherSpecAes128.getKeySize()); SaltedSecretKey readSecretKey1Aes128 = cipherSession.getReadSecretKey(cipherSpecAes128, readKeySalt1); SaltedSecretKey readSecretKey2Aes128 = cipherSession.getReadSecretKey(cipherSpecAes128, readKeySalt2); SaltedSecretKey readSecretKey3Aes128 = cipherSession.getReadSecretKey(cipherSpecAes128, readKeySalt3); assertNotSame(readSecretKey1Aes128, readSecretKey2Aes128); assertNotSame(readSecretKey1Aes128, readSecretKey3Aes128); assertNotSame(readSecretKey2Aes128, readSecretKey3Aes128); // TODO [medium] This does NOT TEST the actual read cache. How to test this. The cache is completely hidden/private?! }
@Test public void testCipherSpec2() { CipherSpec twofish128CipherSpec = CipherSpecs.getCipherSpec(CipherSpecs.TWOFISH_128_GCM); assertEquals(twofish128CipherSpec.getId(), 2); assertEquals(twofish128CipherSpec.getAlgorithm(), "Twofish/GCM/NoPadding"); assertEquals(twofish128CipherSpec.getKeySize(), 128); assertEquals(twofish128CipherSpec.getIvSize(), 128); assertEquals(twofish128CipherSpec.needsUnlimitedStrength(), false); assertNotNull(twofish128CipherSpec.toString()); }