Snap for 10769037 from 85705d4ecdd899b1980f72b3009474d43f9eef65 to android12L-tests-release

Change-Id: I25e8f35efc06a9fd6bb0cd1813db29ebccac2a22

2 files changed, 34 insertions, 17 deletions

diff --git a/common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java b/common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java
index 2d13abdf..439b554d 100644
--- a/common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java
+++ b/common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java
@@ -20,7 +20,6 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -4640,7 +4639,11 @@ public final class CipherTest {
      * http://b/27994930
      * Check that a PBKDF2WITHHMACSHA1 secret key factory works well with a
      * PBEWITHSHAAND128BITAES-CBC-BC cipher. The former is PKCS5 and the latter is PKCS12, and so
-     * mixing them is not recommended.
+     * mixing them is not recommended. However, until 1.52 BouncyCastle was accepting this mixture,
+     * assuming the IV was a 0 vector. Some apps still use this functionality. This
+     * compatibility is likely to be removed in later versions of Android.
+     * TODO(27995180): consider whether we keep this compatibility. Consider whether we only allow
+     * if an IV is passed in the parameters.
      */
     @Test
     public void test_PBKDF2WITHHMACSHA1_SKFactory_and_PBEAESCBC_Cipher_noIV() throws Exception {
@@ -4660,8 +4663,12 @@ public final class CipherTest {
         Cipher cipher =
                 Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC");
         PBEParameterSpec paramSpec = new PBEParameterSpec("salt".getBytes(TestUtils.UTF_8), 100);
-        assertThrows(InvalidAlgorithmParameterException.class,
-                () -> cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec));
+        cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
+        assertEquals(Arrays.toString(ciphertext), Arrays.toString(cipher.doFinal(plaintext)));
+
+        secretKey = skf.generateSecret(pbeks);
+        cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec);
+        assertEquals(Arrays.toString(plaintext), Arrays.toString(cipher.doFinal(ciphertext)));
     }
 
     /**
diff --git a/repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java b/repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java
index 2b612369..a418d672 100644
--- a/repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java
+++ b/repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java
@@ -21,7 +21,6 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
@@ -4636,25 +4635,36 @@ public final class CipherTest {
      * http://b/27994930
      * Check that a PBKDF2WITHHMACSHA1 secret key factory works well with a
      * PBEWITHSHAAND128BITAES-CBC-BC cipher. The former is PKCS5 and the latter is PKCS12, and so
-     * mixing them is not recommended.
+     * mixing them is not recommended. However, until 1.52 BouncyCastle was accepting this mixture,
+     * assuming the IV was a 0 vector. Some apps still use this functionality. This
+     * compatibility is likely to be removed in later versions of Android.
+     * TODO(27995180): consider whether we keep this compatibility. Consider whether we only allow
+     * if an IV is passed in the parameters.
      */
     @Test
     public void test_PBKDF2WITHHMACSHA1_SKFactory_and_PBEAESCBC_Cipher_noIV() throws Exception {
         Assume.assumeNotNull(Security.getProvider("BC"));
-        byte[] plaintext =
-                new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19};
-        byte[] ciphertext = new byte[] {92, -65, -128, 16, -102, -115, -44, 52, 16, 124, -34, -45,
-                58, -70, -17, 127, 119, -67, 87, 91, 63, -13, -40, 9, 97, -17, -71, 97, 10, -61,
-                -19, -73};
-        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA1");
-        PBEKeySpec pbeks = new PBEKeySpec(
-                "password".toCharArray(), "salt".getBytes(TestUtils.UTF_8), 100, 128);
+        byte[] plaintext = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
+                17, 18, 19 };
+        byte[] ciphertext = new byte[] {  92, -65, -128, 16, -102, -115, -44, 52, 16, 124, -34,
+                -45, 58, -70, -17, 127, 119, -67, 87, 91, 63, -13, -40, 9, 97, -17, -71, 97, 10,
+                -61, -19, -73 };
+        SecretKeyFactory skf =
+                SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA1");
+        PBEKeySpec pbeks = new PBEKeySpec("password".toCharArray(),
+                "salt".getBytes(TestUtils.UTF_8),
+                100, 128);
         SecretKey secretKey = skf.generateSecret(pbeks);
 
-        Cipher cipher = Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC");
+        Cipher cipher =
+                Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC");
         PBEParameterSpec paramSpec = new PBEParameterSpec("salt".getBytes(TestUtils.UTF_8), 100);
-        assertThrows(InvalidAlgorithmParameterException.class,
-                () -> cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec));
+        cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
+        assertEquals(Arrays.toString(ciphertext), Arrays.toString(cipher.doFinal(plaintext)));
+
+        secretKey = skf.generateSecret(pbeks);
+        cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec);
+        assertEquals(Arrays.toString(plaintext), Arrays.toString(cipher.doFinal(ciphertext)));
     }
 
     /**