diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-09-06 20:17:27 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-09-06 20:17:27 +0000 |
commit | 8ee8acebcc27bdc5e2013894d8c0d14ee2818ece (patch) | |
tree | e5b424606a19ea69e664068082af4a39b120ad7c | |
parent | 426f6412380865f9a39ca41f46fbdffc8b3e599a (diff) | |
parent | 85705d4ecdd899b1980f72b3009474d43f9eef65 (diff) | |
download | conscrypt-8ee8acebcc27bdc5e2013894d8c0d14ee2818ece.tar.gz |
Snap for 10769037 from 85705d4ecdd899b1980f72b3009474d43f9eef65 to android12L-tests-release
Change-Id: I25e8f35efc06a9fd6bb0cd1813db29ebccac2a22
-rw-r--r-- | common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java | 15 | ||||
-rw-r--r-- | repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java | 36 |
2 files changed, 34 insertions, 17 deletions
diff --git a/common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java b/common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java index 2d13abdf..439b554d 100644 --- a/common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java +++ b/common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java @@ -20,7 +20,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -4640,7 +4639,11 @@ public final class CipherTest { * http://b/27994930 * Check that a PBKDF2WITHHMACSHA1 secret key factory works well with a * PBEWITHSHAAND128BITAES-CBC-BC cipher. The former is PKCS5 and the latter is PKCS12, and so - * mixing them is not recommended. + * mixing them is not recommended. However, until 1.52 BouncyCastle was accepting this mixture, + * assuming the IV was a 0 vector. Some apps still use this functionality. This + * compatibility is likely to be removed in later versions of Android. + * TODO(27995180): consider whether we keep this compatibility. Consider whether we only allow + * if an IV is passed in the parameters. */ @Test public void test_PBKDF2WITHHMACSHA1_SKFactory_and_PBEAESCBC_Cipher_noIV() throws Exception { @@ -4660,8 +4663,12 @@ public final class CipherTest { Cipher cipher = Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC"); PBEParameterSpec paramSpec = new PBEParameterSpec("salt".getBytes(TestUtils.UTF_8), 100); - assertThrows(InvalidAlgorithmParameterException.class, - () -> cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec)); + cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec); + assertEquals(Arrays.toString(ciphertext), Arrays.toString(cipher.doFinal(plaintext))); + + secretKey = skf.generateSecret(pbeks); + cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec); + assertEquals(Arrays.toString(plaintext), Arrays.toString(cipher.doFinal(ciphertext))); } /** diff --git a/repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java b/repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java index 2b612369..a418d672 100644 --- a/repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java +++ b/repackaged/common/src/test/java/com/android/org/conscrypt/javax/crypto/CipherTest.java @@ -21,7 +21,6 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -4636,25 +4635,36 @@ public final class CipherTest { * http://b/27994930 * Check that a PBKDF2WITHHMACSHA1 secret key factory works well with a * PBEWITHSHAAND128BITAES-CBC-BC cipher. The former is PKCS5 and the latter is PKCS12, and so - * mixing them is not recommended. + * mixing them is not recommended. However, until 1.52 BouncyCastle was accepting this mixture, + * assuming the IV was a 0 vector. Some apps still use this functionality. This + * compatibility is likely to be removed in later versions of Android. + * TODO(27995180): consider whether we keep this compatibility. Consider whether we only allow + * if an IV is passed in the parameters. */ @Test public void test_PBKDF2WITHHMACSHA1_SKFactory_and_PBEAESCBC_Cipher_noIV() throws Exception { Assume.assumeNotNull(Security.getProvider("BC")); - byte[] plaintext = - new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}; - byte[] ciphertext = new byte[] {92, -65, -128, 16, -102, -115, -44, 52, 16, 124, -34, -45, - 58, -70, -17, 127, 119, -67, 87, 91, 63, -13, -40, 9, 97, -17, -71, 97, 10, -61, - -19, -73}; - SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA1"); - PBEKeySpec pbeks = new PBEKeySpec( - "password".toCharArray(), "salt".getBytes(TestUtils.UTF_8), 100, 128); + byte[] plaintext = new byte[] { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, + 17, 18, 19 }; + byte[] ciphertext = new byte[] { 92, -65, -128, 16, -102, -115, -44, 52, 16, 124, -34, + -45, 58, -70, -17, 127, 119, -67, 87, 91, 63, -13, -40, 9, 97, -17, -71, 97, 10, + -61, -19, -73 }; + SecretKeyFactory skf = + SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA1"); + PBEKeySpec pbeks = new PBEKeySpec("password".toCharArray(), + "salt".getBytes(TestUtils.UTF_8), + 100, 128); SecretKey secretKey = skf.generateSecret(pbeks); - Cipher cipher = Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC"); + Cipher cipher = + Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC"); PBEParameterSpec paramSpec = new PBEParameterSpec("salt".getBytes(TestUtils.UTF_8), 100); - assertThrows(InvalidAlgorithmParameterException.class, - () -> cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec)); + cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec); + assertEquals(Arrays.toString(ciphertext), Arrays.toString(cipher.doFinal(plaintext))); + + secretKey = skf.generateSecret(pbeks); + cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec); + assertEquals(Arrays.toString(plaintext), Arrays.toString(cipher.doFinal(ciphertext))); } /** |