From 5f38c02385a9360b53c48ceca0f1864fa7fefef5 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Wed, 28 Mar 2018 13:10:40 -0700 Subject: [PATCH] Require explicitly supplied truncation length Instead of providing default truncation lengths (based on RFC or otherwise), this change imposes a restriction that the truncation length must be supplied for all auth or aead algorithms. Bug: 77204048 Test: Updated tests, ran on walleye Change-Id: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97 --- .../java/android/net/IpSecAlgorithmTest.java | 38 +++++++++++++------ .../net/java/android/net/IpSecConfigTest.java | 3 +- 2 files changed, 28 insertions(+), 13 deletions(-) diff --git a/tests/net/java/android/net/IpSecAlgorithmTest.java b/tests/net/java/android/net/IpSecAlgorithmTest.java index 6bdfdc6db2..85e836179b 100644 --- a/tests/net/java/android/net/IpSecAlgorithmTest.java +++ b/tests/net/java/android/net/IpSecAlgorithmTest.java @@ -22,8 +22,12 @@ import static org.junit.Assert.fail; import android.os.Parcel; import android.support.test.filters.SmallTest; import android.support.test.runner.AndroidJUnit4; + +import java.util.AbstractMap.SimpleEntry; import java.util.Arrays; +import java.util.Map.Entry; import java.util.Random; + import org.junit.Test; import org.junit.runner.RunWith; @@ -40,19 +44,29 @@ public class IpSecAlgorithmTest { }; @Test - public void testDefaultTruncLen() throws Exception { - IpSecAlgorithm explicit = + public void testNoTruncLen() throws Exception { + Entry[] authAndAeadList = + new Entry[] { + new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_MD5, 128), + new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA1, 160), + new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA256, 256), + new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA384, 384), + new SimpleEntry<>(IpSecAlgorithm.AUTH_HMAC_SHA512, 512), + new SimpleEntry<>(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, 224) + }; + + // Expect auth and aead algorithms to throw errors if trunclen is omitted. + for (Entry algData : authAndAeadList) { + try { new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA256, Arrays.copyOf(KEY_MATERIAL, 256 / 8), 256); - IpSecAlgorithm implicit = - new IpSecAlgorithm( - IpSecAlgorithm.AUTH_HMAC_SHA256, Arrays.copyOf(KEY_MATERIAL, 256 / 8)); - assertTrue( - "Default Truncation Length Incorrect, Explicit: " - + explicit - + "implicit: " - + implicit, - IpSecAlgorithm.equals(explicit, implicit)); + algData.getKey(), Arrays.copyOf(KEY_MATERIAL, algData.getValue() / 8)); + fail("Expected exception on unprovided auth trunclen"); + } catch (IllegalArgumentException expected) { + } + } + + // Ensure crypt works with no truncation length supplied. + new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, Arrays.copyOf(KEY_MATERIAL, 256 / 8)); } @Test diff --git a/tests/net/java/android/net/IpSecConfigTest.java b/tests/net/java/android/net/IpSecConfigTest.java index f186ee55d2..771faaf495 100644 --- a/tests/net/java/android/net/IpSecConfigTest.java +++ b/tests/net/java/android/net/IpSecConfigTest.java @@ -62,7 +62,8 @@ public class IpSecConfigTest { c.setAuthentication( new IpSecAlgorithm( IpSecAlgorithm.AUTH_HMAC_MD5, - new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0})); + new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0}, + 128)); c.setAuthenticatedEncryption( new IpSecAlgorithm( IpSecAlgorithm.AUTH_CRYPT_AES_GCM,