Make sure that all test cases in testAeadEncryption are run. (#1282)

Some tests are now not run, because they use the same IV as the previous test case. And that results in an InvalidAlgorithmParameterException that gets ignored. To not re-use IVs twice, we now run init with a different IV first. And we don't ignore InvalidAlgorithmParameterException caused by IV reuse.
google · Dec 19, 2024 · a1e04b4 · a1e04b4
1 parent 77c9752
commit a1e04b4
Showing 1 changed file with 39 additions and 3 deletions.
diff --git a/common/src/test/java/org/conscrypt/javax/crypto/CipherBasicsTest.java b/common/src/test/java/org/conscrypt/javax/crypto/CipherBasicsTest.java
@@ -150,17 +150,19 @@ private byte[] callCipher(
             }
             case UPDATE_DO_FINAL_WITH_OUTPUT_ARRAY: {
                 byte[] output1 = cipher.update(input);
-                byte[] output2 = new byte[expectedOutputLength - output1.length];
+                int output1Length = (output1 == null) ? 0 : output1.length;
+                byte[] output2 = new byte[expectedOutputLength - output1Length];
                 int written = cipher.doFinal(output2, /*outputOffset= */ 0);
-                assertEquals(expectedOutputLength - output1.length, written);
+                assertEquals(expectedOutputLength - output1Length, written);
                 return concatArrays(output1, output2);
             }
             case UPDATE_DO_FINAL_WITH_OUTPUT_ARRAY_AND_OFFSET: {
                 byte[] output1 = cipher.update(input);
+                int output1Length = (output1 == null) ? 0 : output1.length;
                 byte[] output2WithOffset = new byte[expectedOutputLength + 100];
                 int outputOffset = 42;
                 int written = cipher.doFinal(output2WithOffset, outputOffset);
-                assertEquals(expectedOutputLength - output1.length, written);
+                assertEquals(expectedOutputLength - output1Length, written);
                 byte[] output2 = Arrays.copyOfRange(output2WithOffset, outputOffset, outputOffset + written);
                 return concatArrays(output1, output2);
             }
@@ -281,6 +283,22 @@ public void testBasicEncryption() throws Exception {
         }
     }
 
+    private static AlgorithmParameterSpec modifiedParams(AlgorithmParameterSpec params) {
+        if (params instanceof IvParameterSpec) {
+            IvParameterSpec ivSpec = (IvParameterSpec) params;
+            byte[] iv = ivSpec.getIV();
+            iv[0] = (byte) (iv[0] ^ 1);
+            return new IvParameterSpec(iv);
+        } else if (params instanceof GCMParameterSpec) {
+            GCMParameterSpec gcmSpec = (GCMParameterSpec) params;
+            byte[] iv = gcmSpec.getIV();
+            iv[0] = (byte) (iv[0] ^ 1);
+            return new GCMParameterSpec(gcmSpec.getTLen(), iv);
+        } else {
+            throw new IllegalArgumentException("Unsupported AlgorithmParameterSpec: " + params);
+        }
+    }
+
     static final byte[] EMPTY_AAD = new byte[0];
 
     public void arrayBasedAssessment(Cipher cipher, byte[] aad, byte[] tag, byte[] plaintext,
@@ -291,6 +309,10 @@ public void arrayBasedAssessment(Cipher cipher, byte[] aad, byte[] tag, byte[] p
         System.arraycopy(tag, 0, combinedCiphertext, ciphertext.length, tag.length);
 
         for (CallPattern callPattern: CallPattern.values()) {
+            // We first initialize the cipher with a modified IV to make sure that we don't trigger
+            // an IV reuse check.
+            cipher.init(Cipher.ENCRYPT_MODE, key, modifiedParams(params));
+
             cipher.init(Cipher.ENCRYPT_MODE, key, params);
             if (aad.length > 0) {
                 cipher.updateAAD(aad);
@@ -393,6 +415,12 @@ public void testAeadEncryption() throws Exception {
                     } catch (InvalidAlgorithmParameterException e) {
                         // Some providers may not support all tag lengths or nonce lengths,
                         // that's allowed
+                        if (e.getMessage().contains("IV must not be re-used")) {
+                            throw new AssertionError(
+                                "The same IV was used twice and therefore some tests did not run." +
+                                "Provider = " + p.getName() + ", algorithm = " + transformation,
+                                e);
+                        }
                     }
                 }
             }
@@ -402,6 +430,10 @@ public void testAeadEncryption() throws Exception {
     public void sharedBufferBasedAssessment(Cipher cipher, byte[] aad, byte[] tag, byte[] _plaintext,
                                       byte[] _ciphertext, Key key, AlgorithmParameterSpec params,
                                       String transformation, Provider p) throws Exception {
+        // We first initialize the cipher with a modified IV to make sure that we don't trigger
+        // an IV reuse check.
+        cipher.init(Cipher.ENCRYPT_MODE, key, modifiedParams(params));
+
         cipher.init(Cipher.ENCRYPT_MODE, key, params);
         if (aad.length > 0) {
             cipher.updateAAD(aad);
@@ -452,6 +484,10 @@ public void sharedBufferBasedAssessment(Cipher cipher, byte[] aad, byte[] tag, b
     public void bufferBasedAssessment(Cipher cipher, byte[] aad, byte[] tag, byte[] _plaintext,
                                            byte[] _ciphertext, Key key, AlgorithmParameterSpec params,
                                            String transformation, Provider p, boolean inBoolDirect, boolean outBoolDirect) throws Exception {
+        // We first initialize the cipher with a modified IV to make sure that we don't trigger
+        // an IV reuse check.
+        cipher.init(Cipher.ENCRYPT_MODE, key, modifiedParams(params));
+
         cipher.init(Cipher.ENCRYPT_MODE, key, params);
         if (aad.length > 0) {
             cipher.updateAAD(aad);