Ensure KeyBlob treats field lengths as unsigned shorts, modify tests accordingly

slyubomirsky · slyubomirsky · commit 79b9483d9139 · 2018-08-29T13:08:22.000-07:00
diff --git a/src/main/java/com/amazonaws/encryptionsdk/model/KeyBlob.java b/src/main/java/com/amazonaws/encryptionsdk/model/KeyBlob.java
@@ -20,6 +20,7 @@
 import com.amazonaws.encryptionsdk.EncryptedDataKey;
 import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
 import com.amazonaws.encryptionsdk.exception.ParseException;
+import com.amazonaws.encryptionsdk.internal.Constants;
 import com.amazonaws.encryptionsdk.internal.PrimitivesParser;
 
 /**
@@ -41,11 +42,11 @@
  * </ol>
  */
 public final class KeyBlob implements EncryptedDataKey {
-    private short keyProviderIdLen_ = -1;
+    private int keyProviderIdLen_ = -1;
     private byte[] keyProviderId_;
-    private short keyProviderInfoLen_ = -1;
+    private int keyProviderInfoLen_ = -1;
     private byte[] keyProviderInfo_;
-    private short encryptedKeyLen_ = -1;
+    private int encryptedKeyLen_ = -1;
     private byte[] encryptedKey_;
 
     private boolean isComplete_ = false;
@@ -78,34 +79,6 @@ public KeyBlob(final EncryptedDataKey edk) {
         setKeyProviderInfo(edk.getProviderInformation());
     }
 
-    /**
-     * Parses a field corresponding to the length of a byte array. It looks
-     * for two bytes representing a short primitive type in the provided bytes
-     * starting at the specified off.
-     *
-     * <p>
-     * If successful, it returns the length read. On failure, it throws a parse exception.
-     *
-     * @param b
-     *            the byte array to parse.
-     * @param off
-     *            the offset in the byte array to use when parsing.
-     * @param name
-     *             the name of the field being parsed.
-     * @return
-     *         the value parsed.
-     * @throws ParseException
-     *             if there are not sufficient bytes to parse the length
-     *             or the length is negative
-     */
-    private short parseFieldLength(final byte[] b, final int off, final String name) throws ParseException {
-        short len = PrimitivesParser.parseShort(b, off);
-        if (len < 0) {
-	    throw new ParseException("Parsed negative length for " + name);
-        }
-        return len;
-    }
-    
     /**
      * Parse the key provider identifier length in the provided bytes. It looks
      * for 2 bytes representing a short primitive type in the provided bytes
@@ -124,10 +97,10 @@ private short parseFieldLength(final byte[] b, final int off, final String name)
      *         primitive.
      * @throws ParseException
      *             if there are not sufficient bytes to parse the identifier
-     *             length or the length is negative.
+     *             length.
      */
     private int parseKeyProviderIdLen(final byte[] b, final int off) throws ParseException {
-        keyProviderIdLen_ = parseFieldLength(b, off, "key provider id");
+	keyProviderIdLen_ = PrimitivesParser.parseUnsignedShort(b, off);
         return Short.SIZE / Byte.SIZE;
     }
 
@@ -178,10 +151,10 @@ private int parseKeyProviderId(final byte[] b, final int off) throws ParseExcept
      *         primitive type.
      * @throws ParseException
      *             if there are not sufficient bytes to parse the provider info
-     *             length or the length is negative.
+     *             length.
      */
     private int parseKeyProviderInfoLen(final byte[] b, final int off) throws ParseException {
-        keyProviderInfoLen_ = parseFieldLength(b, off, "key provider info");
+        keyProviderInfoLen_ = PrimitivesParser.parseUnsignedShort(b, off);
         return Short.SIZE / Byte.SIZE;
     }
 
@@ -234,7 +207,7 @@ private int parseKeyProviderInfo(final byte[] b, final int off) throws ParseExce
      *             if there are not sufficient bytes to parse the key length.
      */
     private int parseKeyLen(final byte[] b, final int off) throws ParseException {
-        encryptedKeyLen_ = parseFieldLength(b, off, "key");
+        encryptedKeyLen_ = PrimitivesParser.parseUnsignedShort(b, off);
         return Short.SIZE / Byte.SIZE;
     }
 
@@ -331,13 +304,13 @@ public byte[] toByteArray() {
         final int outLen = 3 * (Short.SIZE / Byte.SIZE) + keyProviderIdLen_ + keyProviderInfoLen_ + encryptedKeyLen_;
         final ByteBuffer out = ByteBuffer.allocate(outLen);
 
-        out.putShort(keyProviderIdLen_);
+        out.putShort((short) keyProviderIdLen_);
         out.put(keyProviderId_, 0, keyProviderIdLen_);
 
-        out.putShort(keyProviderInfoLen_);
+        out.putShort((short) keyProviderInfoLen_);
         out.put(keyProviderInfo_, 0, keyProviderInfoLen_);
 
-        out.putShort(encryptedKeyLen_);
+        out.putShort((short) encryptedKeyLen_);
         out.put(encryptedKey_, 0, encryptedKeyLen_);
 
         return out.array();
@@ -361,7 +334,7 @@ public boolean isComplete() {
      * @return
      *         the length of the key provider identifier.
      */
-    public short getKeyProviderIdLen() {
+    public int getKeyProviderIdLen() {
         return keyProviderIdLen_;
     }
 
@@ -382,7 +355,7 @@ public String getProviderId() {
      * @return
      *         the length of the key provider info.
      */
-    public short getKeyProviderInfoLen() {
+    public int getKeyProviderInfoLen() {
         return keyProviderInfoLen_;
     }
 
@@ -403,7 +376,7 @@ public byte[] getProviderInformation() {
      * @return
      *         the length of the encrypted data key.
      */
-    public short getEncryptedDataKeyLen() {
+    public int getEncryptedDataKeyLen() {
         return encryptedKeyLen_;
     }
 
@@ -426,12 +399,12 @@ public byte[] getEncryptedDataKey() {
      */
     public void setKeyProviderId(final String keyProviderId) {
         final byte[] keyProviderIdBytes = keyProviderId.getBytes(StandardCharsets.UTF_8);
-        if (keyProviderIdBytes.length > Short.MAX_VALUE) {
+        if (keyProviderIdBytes.length > Constants.UNSIGNED_SHORT_MAX_VAL) {
             throw new AwsCryptoException(
-                    "Key provider identifier length exceeds the max value of a short primitive.");
+                    "Key provider identifier length exceeds the max value of an unsigned short primitive.");
         }
         keyProviderId_ = keyProviderIdBytes;
-        keyProviderIdLen_ = (short) keyProviderId_.length;
+        keyProviderIdLen_ = keyProviderId_.length;
     }
 
     /**
@@ -442,12 +415,12 @@ public void setKeyProviderId(final String keyProviderId) {
      *            identifier.
      */
     public void setKeyProviderInfo(final byte[] keyProviderInfo) {
-        if (keyProviderInfo.length > Short.MAX_VALUE) {
+        if (keyProviderInfo.length > Constants.UNSIGNED_SHORT_MAX_VAL) {
             throw new AwsCryptoException(
-                    "Key provider identifier information length exceeds the max value of a short primitive.");
+                    "Key provider identifier information length exceeds the max value of an unsigned short primitive.");
         }
         keyProviderInfo_ = keyProviderInfo.clone();
-        keyProviderInfoLen_ = (short) keyProviderInfo.length;
+        keyProviderInfoLen_ = keyProviderInfo.length;
     }
 
     /**
@@ -457,10 +430,10 @@ public void setKeyProviderInfo(final byte[] keyProviderInfo) {
      *            the bytes containing the encrypted data key.
      */
     public void setEncryptedDataKey(final byte[] encryptedDataKey) {
-        if (encryptedDataKey.length > Short.MAX_VALUE) {
-            throw new AwsCryptoException("Key length exceeds the max value of a short primitive.");
+        if (encryptedDataKey.length > Constants.UNSIGNED_SHORT_MAX_VAL) {
+            throw new AwsCryptoException("Key length exceeds the max value of an unsigned short primitive.");
         }
         encryptedKey_ = encryptedDataKey.clone();
-        encryptedKeyLen_ = (short) encryptedKey_.length;
+        encryptedKeyLen_ = encryptedKey_.length;
     }
 }
diff --git a/src/test/java/com/amazonaws/encryptionsdk/model/KeyBlobTest.java b/src/test/java/com/amazonaws/encryptionsdk/model/KeyBlobTest.java
@@ -15,10 +15,9 @@
 
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
 
-import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -28,6 +27,7 @@
 import com.amazonaws.encryptionsdk.CryptoAlgorithm;
 import com.amazonaws.encryptionsdk.DataKey;
 import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
+import com.amazonaws.encryptionsdk.internal.Constants;
 import com.amazonaws.encryptionsdk.internal.RandomBytesGenerator;
 import com.amazonaws.encryptionsdk.internal.StaticMasterKey;
 
@@ -78,7 +78,7 @@ public void overlyLargeKeyProviderIdLen() {
 
         final DataKey<StaticMasterKey> mockDataKey = masterKeyProvider_.generateDataKey(ALGORITHM, encryptionContext);
 
-        final int providerId_Len = Short.MAX_VALUE + 1;
+        final int providerId_Len = Constants.UNSIGNED_SHORT_MAX_VAL + 1;
         final byte[] providerId_Bytes = RandomBytesGenerator.generate(providerId_Len);
         final String providerId_ = new String(providerId_Bytes, StandardCharsets.UTF_8);
 
@@ -95,15 +95,15 @@ public void overlyLargeKeyProviderInfoLen() {
 
         final DataKey<StaticMasterKey> mockDataKey = masterKeyProvider_.generateDataKey(ALGORITHM, encryptionContext);
 
-        final int providerInfo_Len = Short.MAX_VALUE + 1;
+        final int providerInfo_Len = Constants.UNSIGNED_SHORT_MAX_VAL + 1;
         final byte[] providerInfo_ = RandomBytesGenerator.generate(providerInfo_Len);
 
         new KeyBlob(providerId_, providerInfo_, mockDataKey.getEncryptedDataKey());
     }
 
     @Test(expected = AwsCryptoException.class)
     public void overlyLargeKey() {
-        final int keyLen = Short.MAX_VALUE + 1;
+        final int keyLen = Constants.UNSIGNED_SHORT_MAX_VAL + 1;
         final byte[] encryptedKeyBytes = RandomBytesGenerator.generate(keyLen);
 
         new KeyBlob(providerId_, providerInfo_.getBytes(StandardCharsets.UTF_8), encryptedKeyBytes);
@@ -173,75 +173,51 @@ public void checkKeyLen() {
         assertEquals(mockDataKey_.getEncryptedDataKey().length, reconstructedKeyBlob.getEncryptedDataKeyLen());
     }
 
-    private byte[] negativeKeyProviderIdLenTestVector() {
-	// key provider id len of -1, key provider info len of 2, and key len of 3
-        return new byte[]{
-            (byte)0xff, (byte)0xff, (byte)0x01, (byte)0x00, (byte)0x02, (byte)0x02, (byte)0x03,
-	    (byte)0x00, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06
-        };
-    }
-
-    private byte[] negativeKeyProviderInfoLenTestVector() {
-	// key provider id len of 1, key provider info len of -2, key len of 3
-        return new byte[] {
-            (byte)0x00, (byte)0x01, (byte)0x01, (byte)0xff, (byte)0xfe, (byte)0x02, (byte)0x03,
-            (byte)0x00, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06
-        };
-    }
+    private KeyBlob generateRandomKeyBlob(int idLen, int infoLen, int keyLen) {
+        final byte[] idBytes = RandomBytesGenerator.generate(idLen);
+        // negative bytes translate into U+FFFD, so no thanks
+        for (int i = 0; i < idBytes.length; i++) {
+            if (idBytes[i] < 0) {
+                idBytes[i] = (byte) (idBytes[i] - Byte.MIN_VALUE);
+            }
+        }
+        final byte[] infoBytes = RandomBytesGenerator.generate(infoLen);
+        final byte[] keyBytes = RandomBytesGenerator.generate(keyLen);
 
-    private byte[] negativeKeyLenTestVector() {
-	// key provider id len of 1, key provider info len of 2, key len of -3
-        return new byte[] {
-            (byte)0x00, (byte)0x01, (byte)0x01, (byte)0x00, (byte)0x00, (byte)0x02, (byte)0x03,
-            (byte)0xff, (byte)0xfd, (byte)0x04, (byte)0x05, (byte)0x06
-        };
+        return new KeyBlob(new String(idBytes, StandardCharsets.UTF_8), infoBytes, keyBytes);
     }
 
-    private void assertIncomplete(final byte[] vector) {
-	assertFalse(deserialize(vector).isComplete());
+    private void assertKeyBlobsEqual(KeyBlob b1, KeyBlob b2) {
+	assertArrayEquals(b1.getProviderId().getBytes(StandardCharsets.UTF_8),
+			  b2.getProviderId().getBytes(StandardCharsets.UTF_8));
+	assertArrayEquals(b1.getProviderInformation(), b2.getProviderInformation());
+	assertArrayEquals(b1.getEncryptedDataKey(), b2.getEncryptedDataKey());
     }
     
     @Test
-    public void checkNegativeKeyProviderIdLen() {
-        final byte[] keyBlobBytes = createKeyBlobBytes();
-
-        // manually set the keyProviderIdLen to negative
-        final byte[] negativeKeyProviderIdLen = ByteBuffer.allocate(Short.BYTES)
-	    .putShort((short) -1).array();
-        System.arraycopy(negativeKeyProviderIdLen, 0, keyBlobBytes, 0, Short.BYTES);
+    public void checkKeyProviderIdLenUnsigned() {
+	// provider id length is too large for a signed short but fits in unsigned
+	final KeyBlob blob = generateRandomKeyBlob(Short.MAX_VALUE + 1, Short.MAX_VALUE, Short.MAX_VALUE);
+	final byte[] arr = blob.toByteArray();
 
-	// a negative field length throws a parse exception, so deserialization is incomplete
-	assertIncomplete(keyBlobBytes);
-	assertIncomplete(negativeKeyProviderIdLenTestVector());
+	assertKeyBlobsEqual(deserialize(arr), blob);
     }
 
     @Test
-    public void checkNegativeKeyProviderInfoLen() {
-        final byte[] keyBlobBytes = createKeyBlobBytes();
-
-        // manually set the keyProviderInfoLen to negative
-        final byte[] negativeKeyProviderInfoLen = ByteBuffer.allocate(Short.BYTES)
-	    .putShort((short) -1).array();
-	int offset = Short.BYTES + providerId_.length();
-        System.arraycopy(negativeKeyProviderInfoLen, 0, keyBlobBytes, offset, Short.BYTES);
+    public void checkKeyProviderInfoLenUnsigned() {
+	// provider info length is too large for a signed short but fits in unsigned
+	final KeyBlob blob = generateRandomKeyBlob(Short.MAX_VALUE, Short.MAX_VALUE + 2, Short.MAX_VALUE);
+	final byte[] arr = blob.toByteArray();
 
-       	// a negative field length throws a parse exception, so deserialization is incomplete
-	assertIncomplete(keyBlobBytes);
-	assertIncomplete(negativeKeyProviderInfoLenTestVector());
+	assertKeyBlobsEqual(deserialize(arr), blob);
     }
 
     @Test
     public void checkNegativeKeyLen() {
-        final byte[] keyBlobBytes = createKeyBlobBytes();
-
-        // we will manually set the keyLen to negative
-        final byte[] negativeKeyLen = ByteBuffer.allocate(Short.BYTES)
-	    .putShort((short) -1).array();
-        int offset = Short.BYTES + providerId_.length() + Short.BYTES + providerInfo_.length();
-        System.arraycopy(negativeKeyLen, 0, keyBlobBytes, offset, Short.BYTES);
+	// key length is too large for a signed short but fits in unsigned
+	final KeyBlob blob = generateRandomKeyBlob(Short.MAX_VALUE, Short.MAX_VALUE, Short.MAX_VALUE + 3);
+	final byte[] arr = blob.toByteArray();
 
-        // negative key len throws parse exception so deserialization is incomplete
-	assertIncomplete(keyBlobBytes);
-	assertIncomplete(negativeKeyLenTestVector());
+	assertKeyBlobsEqual(deserialize(arr), blob);
     }
 }
