Require explicitly supplied truncation length
Instead of providing default truncation lengths (based on RFC or otherwise), this change imposes a restriction that the truncation length must be supplied for all auth or aead algorithms. Bug: 77204048 Test: Updated tests, ran on walleye Merged-In: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97 Change-Id: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97 (cherry picked from commit bb7f2820f5bcccf8618078c2cbe4ea9836797e3b)
This commit is contained in:
Benedict Wong
@@ -22,8 +22,12 @@ import static org.junit.Assert.fail;
|
|||||||
import android.os.Parcel;
|
import android.os.Parcel;
|
||||||
import android.support.test.filters.SmallTest;
|
import android.support.test.filters.SmallTest;
|
||||||
import android.support.test.runner.AndroidJUnit4;
|
import android.support.test.runner.AndroidJUnit4;
|
||||||
|
|
||||||
|
import java.util.AbstractMap.SimpleEntry;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
import java.util.Map.Entry;
|
||||||
import java.util.Random;
|
import java.util.Random;
|
||||||
|
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.junit.runner.RunWith;
|
import org.junit.runner.RunWith;
|
||||||
|
|
||||||
@@ -40,19 +44,29 @@ public class IpSecAlgorithmTest {
|
|||||||
};
|
};
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDefaultTruncLen() throws Exception {
|
public void testNoTruncLen() throws Exception {
|
||||||
IpSecAlgorithm explicit =
|
Entry<String, Integer>[] authAndAeadList =
|
||||||
|
new Entry[] {
|
||||||
|
new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_MD5, 128),
|
||||||
|
new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA1, 160),
|
||||||
|
new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA256, 256),
|
||||||
|
new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA384, 384),
|
||||||
|
new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA512, 512),
|
||||||
|
new SimpleEntry<>(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, 224)
|
||||||
|
};
|
||||||
|
|
||||||
|
// Expect auth and aead algorithms to throw errors if trunclen is omitted.
|
||||||
|
for (Entry<String, Integer> algData : authAndAeadList) {
|
||||||
|
try {
|
||||||
new IpSecAlgorithm(
|
new IpSecAlgorithm(
|
||||||
IpSecAlgorithm.AUTH_HMAC_SHA256, Arrays.copyOf(KEY_MATERIAL, 256 / 8), 256);
|
algData.getKey(), Arrays.copyOf(KEY_MATERIAL, algData.getValue() / 8));
|
||||||
IpSecAlgorithm implicit =
|
fail("Expected exception on unprovided auth trunclen");
|
||||||
new IpSecAlgorithm(
|
} catch (IllegalArgumentException expected) {
|
||||||
IpSecAlgorithm.AUTH_HMAC_SHA256, Arrays.copyOf(KEY_MATERIAL, 256 / 8));
|
}
|
||||||
assertTrue(
|
}
|
||||||
"Default Truncation Length Incorrect, Explicit: "
|
|
||||||
+ explicit
|
// Ensure crypt works with no truncation length supplied.
|
||||||
+ "implicit: "
|
new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, Arrays.copyOf(KEY_MATERIAL, 256 / 8));
|
||||||
+ implicit,
|
|
||||||
IpSecAlgorithm.equals(explicit, implicit));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
@@ -62,7 +62,8 @@ public class IpSecConfigTest {
|
|||||||
c.setAuthentication(
|
c.setAuthentication(
|
||||||
new IpSecAlgorithm(
|
new IpSecAlgorithm(
|
||||||
IpSecAlgorithm.AUTH_HMAC_MD5,
|
IpSecAlgorithm.AUTH_HMAC_MD5,
|
||||||
new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0}));
|
new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0},
|
||||||
|
128));
|
||||||
c.setAuthenticatedEncryption(
|
c.setAuthenticatedEncryption(
|
||||||
new IpSecAlgorithm(
|
new IpSecAlgorithm(
|
||||||
IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
|
IpSecAlgorithm.AUTH_CRYPT_AES_GCM,
|
||||||
|
|||||||
Reference in New Issue
Block a user