HADOOP-11358. Tests for encryption/decryption with IV calculation overflow. (yliu)

hadoop-common-project/hadoop-common/CHANGES.txt

@@ -605,6 +605,9 @@ Release 2.7.0 - UNRELEASED
     NativeAzureFileSystem#NativeAzureFsInputStream#close().
     (Chen He via cnauroth)
 
+    HADOOP-11358. Tests for encryption/decryption with IV calculation
+    overflow. (yliu)
+
 Release 2.6.0 - 2014-11-18
 
   INCOMPATIBLE CHANGES

hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/crypto/TestCryptoCodec.java

@@ -41,16 +41,15 @@ import org.apache.hadoop.util.NativeCodeLoader;
 import org.apache.hadoop.util.ReflectionUtils;
 import org.junit.Assert;
 import org.junit.Assume;
+import org.junit.Before;
 import org.junit.Test;
 
 import com.google.common.primitives.Longs;
 
 public class TestCryptoCodec {
   private static final Log LOG= LogFactory.getLog(TestCryptoCodec.class);
-  private static final byte[] key = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
-    0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
-  private static final byte[] iv = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
-    0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08};
+  private static byte[] key = new byte[16];
+  private static byte[] iv = new byte[16];
   private static final int bufferSize = 4096;
   
   private Configuration conf = new Configuration();
@@ -61,6 +60,13 @@ public class TestCryptoCodec {
   private final String opensslCodecClass = 
       "org.apache.hadoop.crypto.OpensslAesCtrCryptoCodec";
   
+  @Before
+  public void setUp() throws IOException {
+    Random random = new SecureRandom();
+    random.nextBytes(key);
+    random.nextBytes(iv);
+  }
+
   @Test(timeout=120000)
   public void testJceAesCtrCryptoCodec() throws Exception {
     if (!"true".equalsIgnoreCase(System.getProperty("runningWithNative"))) {
@@ -72,9 +78,15 @@ public class TestCryptoCodec {
       Assume.assumeTrue(false);
     }
     Assert.assertEquals(null, OpensslCipher.getLoadingFailureReason());
-    cryptoCodecTest(conf, seed, 0, jceCodecClass, jceCodecClass);
-    cryptoCodecTest(conf, seed, count, jceCodecClass, jceCodecClass);
-    cryptoCodecTest(conf, seed, count, jceCodecClass, opensslCodecClass);
+    cryptoCodecTest(conf, seed, 0, jceCodecClass, jceCodecClass, iv);
+    cryptoCodecTest(conf, seed, count, jceCodecClass, jceCodecClass, iv);
+    cryptoCodecTest(conf, seed, count, jceCodecClass, opensslCodecClass, iv);
+    // Overflow test, IV: xx xx xx xx xx xx xx xx ff ff ff ff ff ff ff ff 
+    for(int i = 0; i < 8; i++) {
+      iv[8 + i] = (byte) 0xff;
+    }
+    cryptoCodecTest(conf, seed, count, jceCodecClass, jceCodecClass, iv);
+    cryptoCodecTest(conf, seed, count, jceCodecClass, opensslCodecClass, iv);
   }
   
   @Test(timeout=120000)
@@ -88,13 +100,19 @@ public class TestCryptoCodec {
       Assume.assumeTrue(false);
     }
     Assert.assertEquals(null, OpensslCipher.getLoadingFailureReason());
-    cryptoCodecTest(conf, seed, 0, opensslCodecClass, opensslCodecClass);
-    cryptoCodecTest(conf, seed, count, opensslCodecClass, opensslCodecClass);
-    cryptoCodecTest(conf, seed, count, opensslCodecClass, jceCodecClass);
+    cryptoCodecTest(conf, seed, 0, opensslCodecClass, opensslCodecClass, iv);
+    cryptoCodecTest(conf, seed, count, opensslCodecClass, opensslCodecClass, iv);
+    cryptoCodecTest(conf, seed, count, opensslCodecClass, jceCodecClass, iv);
+    // Overflow test, IV: xx xx xx xx xx xx xx xx ff ff ff ff ff ff ff ff 
+    for(int i = 0; i < 8; i++) {
+      iv[8 + i] = (byte) 0xff;
+    }
+    cryptoCodecTest(conf, seed, count, opensslCodecClass, opensslCodecClass, iv);
+    cryptoCodecTest(conf, seed, count, opensslCodecClass, jceCodecClass, iv);
   }
   
   private void cryptoCodecTest(Configuration conf, int seed, int count, 
-      String encCodecClass, String decCodecClass) throws IOException, 
+      String encCodecClass, String decCodecClass, byte[] iv) throws IOException, 
       GeneralSecurityException {
     CryptoCodec encCodec = null;
     try {