Skip to content

ParsedCiphertext throws an error if it is not complete #119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 24 commits into from
Oct 8, 2019
Merged

ParsedCiphertext throws an error if it is not complete #119

merged 24 commits into from
Oct 8, 2019

Conversation

shayvana
Copy link
Contributor

#114

Added a check as well as a test to make sure isComplete_ is true before returning from the ParsedCiphertext constructor.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@shayvana
Copy link
Contributor Author

@lavaleri @josecorella

@lizroth lizroth requested a review from lavaleri July 30, 2019 20:33
lavaleri
lavaleri reviewed Aug 6, 2019
View reviewed changes
src/test/java/com/amazonaws/encryptionsdk/ParsedCiphertextTest.java Outdated
import static org.mockito.Mockito.spy;

public class ParsedCiphertextTest extends CiphertextHeaders {
final byte[] ciphertext_ = {0};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is "ciphertext" that we expect to fail being parsed, so let's move this into the incompleteCiphertext test.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Also, please improve the name of this variable and ensure that you handle incomplete ciphertexts which are longer than a single zero byte (such as only a single byte short).

@lavaleri lavaleri requested a review from seebees August 6, 2019 18:36
SalusaSecondus
SalusaSecondus suggested changes Aug 6, 2019
View reviewed changes
src/main/java/com/amazonaws/encryptionsdk/ParsedCiphertext.java Outdated
@@ -1,11 +1,11 @@
/*
* Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update copyright.

src/test/java/com/amazonaws/encryptionsdk/ParsedCiphertextTest.java Outdated
import static org.mockito.Mockito.spy;

public class ParsedCiphertextTest extends CiphertextHeaders {
final byte[] ciphertext_ = {0};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. Also, please improve the name of this variable and ensure that you handle incomplete ciphertexts which are longer than a single zero byte (such as only a single byte short).

@lavaleri lavaleri removed the request for review from seebees August 6, 2019 18:52
lavaleri
lavaleri suggested changes Aug 15, 2019
View reviewed changes
Copy link
Contributor

@lavaleri lavaleri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here are the test cases which I think are important for the ParsedCiphertextTest file:

  1. Test that you can construct a good ParsedCiphertext, and assert the following:
  • assertNotNull on the ciphertext field
  • assertNotNull on the offset
  1. Test that after construction of a good ParsedCiphertext, the offset is a value that makes sense
  • assertEquals that the offset of the ParsedCiphertext is equal to the length of the ciphertext inputted on construction
  1. Assert that constructing a ParsedCiphertext throws if you give it a single byte
  2. Assert that constructing a ParsedCIphertext throws if you give it an almost valid ciphertext

Note that earlier I suggested adding a test to check that serialization/deserialization of the ParsedCiphertext works, but looking at this file again this isn't a useful test because we haven't changed behavior on deserialize or toArrayBytes.

@SalusaSecondus I've been off the Java train for awhile, am I missing any important test case here, or misrepresenting any Java testing conventions?

@lavaleri
Copy link
Contributor

Amendment to the above comment. For test (1) assert > 0 on the offset, not assertNotNull. For test (2) I was incorrect in thinking that the offset is the length of the ciphertext. It is the length of the ciphertext headers of the ciphertext you pass in. You do not need to include (2) in your next PR. For test (3), since again it is only parsing the headers of the ciphertext, you want to try to pass to it a ciphertext that almost has correct headers.

lavaleri
lavaleri suggested changes Aug 16, 2019
View reviewed changes
src/test/java/com/amazonaws/encryptionsdk/ParsedCiphertextTest.java Outdated
final ParsedCiphertext pCt = new ParsedCiphertext(cipherText);

assertNotNull(pCt.getCiphertext());
assert pCt.getOffset() > 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I wasn't clear here, we still want to use junit. This should be assertTrue(pCT.getOffset()>0)

SalusaSecondus
SalusaSecondus suggested changes Aug 16, 2019
View reviewed changes
src/test/java/com/amazonaws/encryptionsdk/ParsedCiphertextTest.java Outdated
masterKeyProvider,
plaintextBytes,
encryptionContext).getResult();
byte[] incompleteCipherText = Arrays.copyOfRange(cipherText, 1, cipherText.length);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't testing what you think because it is dropping the first byte of the header while maintaining the result of the ciphertext. This will result in a complete but invalid) header. That isn't what you are trying to test.

Try this:

ParsedCiphertext parsed = new ParsedCiphertext(cipherText);
byte[] incompleteCiphertext = Arrays.copyOf(parsed.getCiphertext(), parsed.getOffset() - 1);

lavaleri
lavaleri reviewed Aug 16, 2019
View reviewed changes
src/test/java/com/amazonaws/encryptionsdk/ParsedCiphertextTest.java Outdated

@Test(expected = BadCiphertextException.class)
public void incompleteSingleByteCiphertext() {
final byte[] cipherText = {0};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With the fix we made to checking the version, we need to make sure this is a valid version (i.e. VersionInfo.CURRENT_CIPHERTEXT_VERSION).

SalusaSecondus
SalusaSecondus approved these changes Aug 16, 2019
View reviewed changes
Copy link
Contributor

@SalusaSecondus SalusaSecondus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@SalusaSecondus SalusaSecondus merged commit f2daec3 into aws:master Oct 8, 2019
@SalusaSecondus SalusaSecondus mentioned this pull request Oct 21, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SalusaSecondus SalusaSecondus SalusaSecondus approved these changes

@lavaleri lavaleri lavaleri approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shayvana @lavaleri @SalusaSecondus