merge in nougat-cts-release history after reset to nougat-cts-dev
diff --git a/luni/src/test/java/libcore/java/net/URLConnectionTest.java b/luni/src/test/java/libcore/java/net/URLConnectionTest.java
index 37fa771..fc5283b 100644
--- a/luni/src/test/java/libcore/java/net/URLConnectionTest.java
+++ b/luni/src/test/java/libcore/java/net/URLConnectionTest.java
@@ -150,7 +150,20 @@
// allow (but strip) trailing \n, \r and \r\n
// assertForbiddenRequestHeaderValue("\r");
// End of workaround
- assertForbiddenRequestHeaderValue("\t");
+
+ // '\t' in header values can either be (a) forbidden or (b) allowed.
+ // The original version of Android N (API 23) implemented behavior
+ // (a), but OEMs can backport a fix that changes the behavior to (b).
+ // Therefore, this test has been relaxed for Android N CTS to allow
+ // either behavior. It is planned that future versions of Android only
+ // allow behavior (b).
+ try {
+ // throws IAE in case (a), passes in case (b)
+ assertEquals("a valid\tvalue", setAndReturnRequestHeaderValue("a valid\tvalue"));
+ } catch (IllegalArgumentException tolerated) {
+ // verify case (a)
+ assertForbiddenRequestHeaderValue("\t");
+ }
assertForbiddenRequestHeaderValue("\u001f");
assertForbiddenRequestHeaderValue("\u007f");
diff --git a/luni/src/test/java/libcore/javax/crypto/CipherTest.java b/luni/src/test/java/libcore/javax/crypto/CipherTest.java
index 13e2b7c..4ce883b 100644
--- a/luni/src/test/java/libcore/javax/crypto/CipherTest.java
+++ b/luni/src/test/java/libcore/javax/crypto/CipherTest.java
@@ -2683,6 +2683,27 @@
/*
* Test vector generation:
+ * openssl rand -hex 16 | sed 's/\(..\)/(byte) 0x\1, /g'
+ */
+ private static final byte[] DES_112_KEY = new byte[] {
+ (byte) 0x6b, (byte) 0xb3, (byte) 0x85, (byte) 0x1c, (byte) 0x3d, (byte) 0x50,
+ (byte) 0xd4, (byte) 0x95, (byte) 0x39, (byte) 0x48, (byte) 0x77, (byte) 0x30,
+ (byte) 0x1a, (byte) 0xd7, (byte) 0x86, (byte) 0x57,
+ };
+
+ /*
+ * Test vector generation:
+ * openssl rand -hex 24 | sed 's/\(..\)/(byte) 0x\1, /g'
+ */
+ private static final byte[] DES_168_KEY = new byte[] {
+ (byte) 0xfe, (byte) 0xd4, (byte) 0xd7, (byte) 0xc9, (byte) 0x8a, (byte) 0x13,
+ (byte) 0x6a, (byte) 0xa8, (byte) 0x5a, (byte) 0xb8, (byte) 0x19, (byte) 0xb8,
+ (byte) 0xcf, (byte) 0x3c, (byte) 0x5f, (byte) 0xe0, (byte) 0xa2, (byte) 0xf7,
+ (byte) 0x7b, (byte) 0x65, (byte) 0x43, (byte) 0xc0, (byte) 0xc4, (byte) 0xe1,
+ };
+
+ /*
+ * Test vector generation:
* openssl rand -hex 16
* echo '3d4f8970b1f27537f40a39298a41555f' | sed 's/\(..\)/(byte) 0x\1, /g'
*/
@@ -2727,6 +2748,61 @@
};
/*
+ * Test vector generation:
+ * echo -n 'Testing rocks!' | recode ../x1 | sed 's/0x/(byte) 0x/g'
+ */
+ private static final byte[] DES_Plaintext1 = new byte[] {
+ (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x69, (byte) 0x6E,
+ (byte) 0x67, (byte) 0x20, (byte) 0x72, (byte) 0x6F, (byte) 0x63, (byte) 0x6B,
+ (byte) 0x73, (byte) 0x21
+ };
+
+ /*
+ * Test vector generation: take DES_Plaintext1 and PKCS #5 pad it manually (it's not hard).
+ */
+ private static final byte[] DES_Plaintext1_PKCS5_Padded = new byte[] {
+ (byte) 0x54, (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x69, (byte) 0x6E,
+ (byte) 0x67, (byte) 0x20, (byte) 0x72, (byte) 0x6F, (byte) 0x63, (byte) 0x6B,
+ (byte) 0x73, (byte) 0x21, (byte) 0x02, (byte) 0x02,
+ };
+
+ /*
+ * Test vector generation:
+ * openssl rand -hex 8 | sed 's/\(..\)/(byte) 0x\1, /g'
+ */
+ private static final byte[] DES_IV1 = new byte[] {
+ (byte) 0x5c, (byte) 0x47, (byte) 0x5e, (byte) 0x57, (byte) 0x0c, (byte) 0x46,
+ (byte) 0xcb, (byte) 0x47,
+ };
+
+ /*
+ * Test vector generation:
+ * openssl enc -des-ede-cbc -K 6bb3851c3d50d495394877301ad78657 -iv 5c475e570c46cb47 -in blah
+ * | recode ../x1 | sed 's/0x/(byte) 0x/g'
+ */
+ private static final byte[]
+ DES_Plaintext1_Encrypted_With_DES_112_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 =
+ new byte[] {
+ (byte) 0x09, (byte) 0xA5, (byte) 0x5D, (byte) 0x94, (byte) 0x94, (byte) 0xAA,
+ (byte) 0x3F, (byte) 0xC8, (byte) 0xB7, (byte) 0x73, (byte) 0x94, (byte) 0x0E,
+ (byte) 0xFC, (byte) 0xF4, (byte) 0xA5, (byte) 0x28,
+ };
+
+
+ /*
+ * Test vector generation:
+ * openssl enc -des-ede3-cbc -K fed4d7c98a136aa85ab819b8cf3c5fe0a2f77b6543c0c4e1
+ * -iv 5c475e570c46cb47 -in blah | recode ../x1 | sed 's/0x/(byte) 0x/g'
+ */
+ private static final byte[]
+ DES_Plaintext1_Encrypted_With_DES_168_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1 =
+ new byte[] {
+ (byte) 0xC9, (byte) 0xF1, (byte) 0x83, (byte) 0x1F, (byte) 0x24, (byte) 0x83,
+ (byte) 0x2C, (byte) 0x7B, (byte) 0x66, (byte) 0x66, (byte) 0x99, (byte) 0x98,
+ (byte) 0x27, (byte) 0xB0, (byte) 0xED, (byte) 0x47
+ };
+
+ /*
* Test vector creation:
* echo -n 'Hello, world!' | recode ../x1 | sed 's/0x/(byte) 0x/g'
*/
@@ -2932,6 +3008,8 @@
public final byte[] key;
+ public final String keyAlgorithm;
+
public final byte[] iv;
public final byte[] aad;
@@ -2942,9 +3020,10 @@
public final byte[] plaintextPadded;
- public CipherTestParam(String transformation, byte[] key, byte[] iv, byte[] aad,
- byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext) {
+ public CipherTestParam(String transformation, String keyAlgorithm, byte[] key, byte[] iv,
+ byte[] aad, byte[] plaintext, byte[] plaintextPadded, byte[] ciphertext) {
this.transformation = transformation.toUpperCase(Locale.ROOT);
+ this.keyAlgorithm = keyAlgorithm;
this.key = key;
this.iv = iv;
this.aad = aad;
@@ -2954,22 +3033,47 @@
}
}
+ private static List<CipherTestParam> DES_CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>();
+ static {
+ DES_CIPHER_TEST_PARAMS.add(new CipherTestParam(
+ "DESede/CBC/PKCS5Padding",
+ "DESede",
+ DES_112_KEY,
+ DES_IV1,
+ null,
+ DES_Plaintext1,
+ DES_Plaintext1_PKCS5_Padded,
+ DES_Plaintext1_Encrypted_With_DES_112_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1
+ ));
+ DES_CIPHER_TEST_PARAMS.add(new CipherTestParam(
+ "DESede/CBC/PKCS5Padding",
+ "DESede",
+ DES_168_KEY,
+ DES_IV1,
+ null,
+ DES_Plaintext1,
+ DES_Plaintext1_PKCS5_Padded,
+ DES_Plaintext1_Encrypted_With_DES_168_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1
+ ));
+ }
+
private static List<CipherTestParam> CIPHER_TEST_PARAMS = new ArrayList<CipherTestParam>();
static {
- CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/ECB/PKCS5Padding", AES_128_KEY,
+ CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/ECB/PKCS5Padding", "AES", AES_128_KEY,
null,
null,
AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext,
AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded,
AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted));
// PKCS#5 is assumed to be equivalent to PKCS#7 -- same test vectors are thus used for both.
- CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/ECB/PKCS7Padding", AES_128_KEY,
+ CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/ECB/PKCS7Padding", "AES", AES_128_KEY,
null,
null,
AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext,
AES_128_ECB_PKCS5Padding_TestVector_1_Plaintext_Padded,
AES_128_ECB_PKCS5Padding_TestVector_1_Encrypted));
CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/GCM/NOPADDING",
+ "AES",
AES_128_GCM_TestVector_1_Key,
AES_128_GCM_TestVector_1_IV,
AES_128_GCM_TestVector_1_AAD,
@@ -2977,19 +3081,19 @@
AES_128_GCM_TestVector_1_Plaintext,
AES_128_GCM_TestVector_1_Encrypted));
if (IS_UNLIMITED) {
- CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/CTR/NoPadding", AES_192_KEY,
+ CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/CTR/NoPadding", "AES", AES_192_KEY,
AES_192_CTR_NoPadding_TestVector_1_IV,
null,
AES_192_CTR_NoPadding_TestVector_1_Plaintext,
AES_192_CTR_NoPadding_TestVector_1_Plaintext,
AES_192_CTR_NoPadding_TestVector_1_Ciphertext));
- CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/CBC/PKCS5Padding", AES_256_KEY,
+ CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/CBC/PKCS5Padding", "AES", AES_256_KEY,
AES_256_CBC_PKCS5Padding_TestVector_1_IV,
null,
AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext,
AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext_Padded,
AES_256_CBC_PKCS5Padding_TestVector_1_Ciphertext));
- CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/CBC/PKCS7Padding", AES_256_KEY,
+ CIPHER_TEST_PARAMS.add(new CipherTestParam("AES/CBC/PKCS7Padding", "AES", AES_256_KEY,
AES_256_CBC_PKCS5Padding_TestVector_1_IV,
null,
AES_256_CBC_PKCS5Padding_TestVector_1_Plaintext,
@@ -3002,6 +3106,41 @@
for (String provider : AES_PROVIDERS) {
testCipher_Success(provider);
}
+
+ testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired(
+ DES_CIPHER_TEST_PARAMS);
+ }
+
+ /**
+ * For each test vector in the list, tests that the transformation is supported by at least one
+ * provider and that all implementations of the transformation pass the Known Answer Test (KAT)
+ * as well as other functional tests.
+ */
+ private void testCipher_Success_ForAllSupportingProviders_AtLeastOneProviderRequired(
+ List<CipherTestParam> testVectors) throws Exception {
+ ByteArrayOutputStream errBuffer = new ByteArrayOutputStream();
+ PrintStream out = new PrintStream(errBuffer);
+ for (CipherTestParam testVector : testVectors) {
+ Provider[] providers = Security.getProviders("Cipher." + testVector.transformation);
+ if ((providers == null) || (providers.length == 0)) {
+ out.append("No providers offer " + testVector.transformation + "\n");
+ continue;
+ }
+ for (Provider provider : providers) {
+ try {
+ checkCipher(testVector, provider.getName());
+ } catch (Throwable e) {
+ out.append("Error encountered checking " + testVector.transformation
+ + ", keySize=" + (testVector.key.length * 8) + " with provider "
+ + provider.getName() + "\n");
+ e.printStackTrace(out);
+ }
+ }
+ }
+ out.flush();
+ if (errBuffer.size() > 0) {
+ throw new Exception("Errors encountered:\n\n" + errBuffer.toString() + "\n\n");
+ }
}
private void testCipher_Success(String provider) throws Exception {
@@ -3025,7 +3164,7 @@
}
private void checkCipher(CipherTestParam p, String provider) throws Exception {
- SecretKey key = new SecretKeySpec(p.key, "AES");
+ SecretKey key = new SecretKeySpec(p.key, p.keyAlgorithm);
Cipher c = Cipher.getInstance(p.transformation, provider);
AlgorithmParameterSpec spec = null;
@@ -3374,6 +3513,9 @@
}
}
+ // Test that when reading GCM parameters encoded using ASN1, a value for the tag size
+ // not present indicates a value of 12.
+ // https://b/29876633
public void test_DefaultGCMTagSizeAlgorithmParameterSpec() throws Exception {
final String AES = "AES";
final String AES_GCM = "AES/GCM/NoPadding";
@@ -3386,14 +3528,12 @@
(byte) 14, // DER encoding : total length
(byte) 4, // DER encoding : tag_OctetString
(byte) 12, // DER encoding : counter length
- // Note that IV's size 12 bytes is recommended, but authentication tag size should be 16
- // bytes.
(byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0,
(byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0 });
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, AES), param);
byte[] ciphertext = cipher.update(input);
byte[] tag = cipher.doFinal();
- assertEquals(16, tag.length);
+ assertEquals(12, tag.length);
}
public void testAES_ECB_PKCS5Padding_ShortBuffer_Failure() throws Exception {
diff --git a/luni/src/test/java/tests/targets/security/cert/CertificateTest.java b/luni/src/test/java/tests/targets/security/cert/CertificateTest.java
index 8044f4f..adfe275 100644
--- a/luni/src/test/java/tests/targets/security/cert/CertificateTest.java
+++ b/luni/src/test/java/tests/targets/security/cert/CertificateTest.java
@@ -30,6 +30,7 @@
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Calendar;
import java.util.List;
import junit.framework.TestCase;
import libcore.java.security.StandardNames;
@@ -737,6 +738,15 @@
PKIXParameters params;
params = new PKIXParameters(keyStore);
params.setRevocationEnabled(false);
+
+ // All the tests are using pre-generated certificates with set expirations.
+ // In order to avoid the test failing when the certificates expire,
+ // explicitly set the time to check their validity against.
+ Calendar calendar = Calendar.getInstance();
+ calendar.clear();
+ calendar.set(2016, Calendar.JANUARY, 1);
+ params.setDate(calendar.getTime());
+
return params;
}
}