Adjust Android Keystore AES-GCM test to handle IVs from BC.
This adjusts Android Keystore AES-GCM test to handle the case where
AES/GCM/NoPadding Cipher implementation of the highest priority
provider can generate an IV which is not 12 bytes long. Android
Keystore AES/GCM/NoPadding Cipher implementation only supports 12-byte
IVs. Bouncy Castle's AES/GCM/NoPadding implementation generates
16-byte IVs.
Bug: 22573249
Change-Id: Ia34837162ef374f8ab8203a7c3d2e7bf274ab992
diff --git a/tests/tests/keystore/src/android/keystore/cts/CipherTest.java b/tests/tests/keystore/src/android/keystore/cts/CipherTest.java
index 0eb2544..e2c1d69 100644
--- a/tests/tests/keystore/src/android/keystore/cts/CipherTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/CipherTest.java
@@ -460,6 +460,17 @@
expectedPlaintext, modulusLengthBytes);
}
+ // TODO: Remove this workaround once Android Keystore AES-GCM supports IVs of
+ // sizes other than 12 bytes. For example, Bouncy Castle auto-generates 16-byte
+ // long IVs.
+ if ("AES/GCM/NoPadding".equalsIgnoreCase(algorithm)) {
+ byte[] iv = cipher.getIV();
+ if ((iv != null) && (iv.length != 12)) {
+ // Android Keystore AES-GCM only supports 12-byte long IVs.
+ continue;
+ }
+ }
+
// TODO: Remove this workaround for Bug 22319986 once the issue is fixed. The issue
// is that Conscrypt and Bouncy Castle's AES/GCM/NoPadding implementations return
// AlgorithmParameters of algorithm "AES" from which it's impossible to obtain a
