3 files changed, 109 insertions, 2 deletions

diff --git a/luni/src/test/java/libcore/javax/crypto/CipherTest.java b/luni/src/test/java/libcore/javax/crypto/CipherTest.java
index dd7d6e7..398c688 100644
--- a/luni/src/test/java/libcore/javax/crypto/CipherTest.java
+++ b/luni/src/test/java/libcore/javax/crypto/CipherTest.java
@@ -3203,6 +3203,29 @@ public final class CipherTest extends TestCase {
         }
     }
 
+    // Test that when reading GCM parameters encoded using ASN1, a value for the tag size
+    // not present indicates a value of 12.
+    // https://b/29876633
+    public void test_DefaultGCMTagSizeAlgorithmParameterSpec() throws Exception {
+        final String AES = "AES";
+        final String AES_GCM = "AES/GCM/NoPadding";
+        byte[] input = new byte[16];
+        byte[] key = new byte[16];
+        Cipher cipher = Cipher.getInstance(AES_GCM, "BC");
+        AlgorithmParameters param = AlgorithmParameters.getInstance("GCM");
+        param.init(new byte[] {
+            (byte) 48,    // DER encoding : tag_Sequence
+            (byte) 14,    // DER encoding : total length
+            (byte) 4,     // DER encoding : tag_OctetString
+            (byte) 12,    // DER encoding : counter length
+            (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0,
+            (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0, (byte) 0 });
+        cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, AES), param);
+        byte[] ciphertext = cipher.update(input);
+        byte[] tag = cipher.doFinal();
+        assertEquals(12, tag.length);
+    }
+
     public void testAES_ECB_PKCS5Padding_ShortBuffer_Failure() throws Exception {
         for (String provider : AES_PROVIDERS) {
             testAES_ECB_PKCS5Padding_ShortBuffer_Failure(provider);
@@ -3515,4 +3538,72 @@ public final class CipherTest extends TestCase {
         cipher.init(Cipher.ENCRYPT_MODE, keyGen.generateKeyPair().getPublic());
         cipher.doFinal(new byte[] {1,2,3,4});
     }
+
+    /*
+     * Check that two AAD updates are equivalent to one.
+     * http://b/27371173
+     */
+    public void test_AESGCMNoPadding_UpdateAADTwice_Success() throws Exception {
+        SecretKeySpec key = new SecretKeySpec(new byte[16], "AES");
+        GCMParameterSpec spec = new GCMParameterSpec(128, new byte[12]);
+        Cipher c1 = Cipher.getInstance("AES/GCM/NoPadding");
+        Cipher c2 = Cipher.getInstance("AES/GCM/NoPadding");
+
+        c1.init(Cipher.ENCRYPT_MODE, key, spec);
+        c1.updateAAD(new byte[] {
+                0x01, 0x02, 0x03, 0x04, 0x05,
+        });
+        c1.updateAAD(new byte[] {
+                0x06, 0x07, 0x08, 0x09, 0x10,
+        });
+
+        c2.init(Cipher.ENCRYPT_MODE, key, spec);
+        c2.updateAAD(new byte[] {
+                0x01, 0x02, 0x03, 0x04, 0x05,
+                0x06, 0x07, 0x08, 0x09, 0x10,
+        });
+
+        assertEquals(Arrays.toString(c1.doFinal()), Arrays.toString(c2.doFinal()));
+    }
+
+    /*
+     * Check that GCM encryption with old and new instances update correctly.
+     * http://b/26694388
+     */
+    public void test_AESGCMNoPadding_Reuse_Success() throws Exception {
+        SecretKeySpec key = new SecretKeySpec(new byte[16], "AES");
+        GCMParameterSpec spec = new GCMParameterSpec(128, new byte[12]);
+        Cipher c1 = Cipher.getInstance("AES/GCM/NoPadding");
+        Cipher c2 = Cipher.getInstance("AES/GCM/NoPadding");
+
+        // Pollute the c1 cipher with AAD
+        c1.init(Cipher.ENCRYPT_MODE, key, spec);
+        c1.updateAAD(new byte[] {
+                0x01, 0x02, 0x03, 0x04, 0x05,
+        });
+
+        // Now init each again and make sure the outputs are the same
+        c1.init(Cipher.ENCRYPT_MODE, key, spec);
+        c2.init(Cipher.ENCRYPT_MODE, key, spec);
+
+        byte[] aad = new byte[] {
+                0x10, 0x20, 0x30, 0x40, 0x50, 0x60,
+        };
+        c1.updateAAD(aad);
+        c2.updateAAD(aad);
+
+        assertEquals(Arrays.toString(c1.doFinal()), Arrays.toString(c2.doFinal()));
+
+        // .doFinal should also reset the state, so check that as well.
+        byte[] aad2 = new byte[] {
+                0x77, 0x66, 0x55, 0x44, 0x33, 0x22, 0x11,
+        };
+
+        Cipher c3 = Cipher.getInstance("AES/GCM/NoPadding");
+        c3.init(Cipher.ENCRYPT_MODE, key, spec);
+
+        c1.updateAAD(aad2);
+        c3.updateAAD(aad2);
+        assertEquals(Arrays.toString(c1.doFinal()), Arrays.toString(c3.doFinal()));
+    }
 }
diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSessionTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSessionTest.java
index a434d94..bc2b626 100644
--- a/luni/src/test/java/libcore/javax/net/ssl/SSLSessionTest.java
+++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSessionTest.java
@@ -99,7 +99,7 @@ public class SSLSessionTest extends TestCase {
         assertTrue("s.server.getLastAccessedTime()=" + s.server.getLastAccessedTime() + " " +
                    "s.client.getLastAccessedTime()=" + s.client.getLastAccessedTime(),
                    Math.abs(s.server.getLastAccessedTime()
-                            - s.client.getLastAccessedTime()) < 1 * 1000);
+                            - s.client.getLastAccessedTime()) <= 1 * 1000);
         assertTrue(s.server.getLastAccessedTime() >=
                    s.server.getCreationTime());
         assertTrue(s.client.getLastAccessedTime() >=
diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
index bf2d0f8..11dfb3d 100644
--- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
+++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
@@ -1559,7 +1559,23 @@ public class SSLSocketTest extends TestCase {
             @Override
             public void run(SSLSocketFactory sslSocketFactory) throws Exception {
                 ClientHello clientHello = captureTlsHandshakeClientHello(sslSocketFactory);
-                String[] cipherSuites = new String[clientHello.cipherSuites.size()];
+                final String[] cipherSuites;
+
+                // RFC 5746 allows you to send an empty "renegotiation_info" extension *or*
+                // a special signaling cipher suite. The TLS API has no way to check or
+                // indicate that a certain TLS extension should be used.
+                HelloExtension renegotiationInfoExtension = clientHello.findExtensionByType(
+                        HelloExtension.TYPE_RENEGOTIATION_INFO);
+                if (renegotiationInfoExtension != null &&
+                        renegotiationInfoExtension.data.length == 1 &&
+                        renegotiationInfoExtension.data[0] == 0) {
+                    cipherSuites = new String[clientHello.cipherSuites.size() + 1];
+                    cipherSuites[clientHello.cipherSuites.size()] =
+                            StandardNames.CIPHER_SUITE_SECURE_RENEGOTIATION;
+                } else {
+                    cipherSuites = new String[clientHello.cipherSuites.size()];
+                }
+
                 for (int i = 0; i < clientHello.cipherSuites.size(); i++) {
                     CipherSuite cipherSuite = clientHello.cipherSuites.get(i);
                     cipherSuites[i] = cipherSuite.getAndroidName();