Merge pull request #2555 from wmathurin/dev

wmathurin · web-flow · commit d129f2bb4028 · 2024-04-25T14:31:26.000-07:00
Using default cipher instantiation (the one with SHA-256 MGF fails on Android 26-33)
diff --git a/libs/SalesforceAnalytics/src/com/salesforce/androidsdk/analytics/security/Encryptor.java b/libs/SalesforceAnalytics/src/com/salesforce/androidsdk/analytics/security/Encryptor.java
@@ -587,16 +587,7 @@ private static byte[] decryptWithPrivateKey(PrivateKey privateKey, String data,
 
 
     private static void initRSACipher(Cipher cipherInstance, int opmode, Key key, CipherMode cipherMode) throws InvalidKeyException, InvalidAlgorithmParameterException {
-        if (cipherMode == CipherMode.RSA_OAEP_SHA256) {
-            // OAEP uses a separate hash invocation for MGF (mask generation function) and for the hashing of the label.
-            // Most libraries use the same hash algorithm for MGF and the hashing of the label.
-            // But Java uses a different hash algorithm: it defaults to SHA-1 when using the cipher RSA/ECB/OAEPWithSHA-256AndMGF1Padding.
-            OAEPParameterSpec paramSpec = new OAEPParameterSpec("SHA-256", "MGF1",
-                    new MGF1ParameterSpec("SHA-256"), PSource.PSpecified.DEFAULT);
-            cipherInstance.init(opmode, key, paramSpec);
-        } else {
-            cipherInstance.init(opmode, key);
-        }
+        cipherInstance.init(opmode, key);
     }
 
     private static byte[] generateInitVector() {
diff --git a/libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/security/KeyStoreWrapperTest.java b/libs/test/SalesforceSDKTest/src/com/salesforce/androidsdk/security/KeyStoreWrapperTest.java
@@ -224,6 +224,7 @@ private void tryNewOrUpgradedClientAgainstNewOrOldServer(boolean newClient, bool
                         ? Encryptor.CipherMode.RSA_OAEP_SHA256 // new server / cipher mode
                         : Encryptor.CipherMode.RSA_PKCS1       // old server / cipher mode
         );
+        
         final String encryptedData = Base64.encodeToString(encryptedBytes, Base64.NO_WRAP | Base64.NO_PADDING);
         Assert.assertNotSame("Encrypted data should not match original data", data, encryptedData);
         final String decryptedData = new String(Encryptor.decryptWithRSAMultiCipherNodes(privateKey, encryptedData), StandardCharsets.UTF_8);
