Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(251)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java

Issue 2802603002: getInstalledRelatedApps: Introduce random delay to stop timing attacks. (Closed)
Patch Set: Use system random source, and HMAC, instead of UUID and concatenation. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/public/android/java/src/org/chromium/content/browser/installedapp/PackageHash.java ('K') | « content/public/android/java/src/org/chromium/content/browser/installedapp/PackageHash.java ('k') | content/public/android/junit/src/org/chromium/content/browser/installedapp/PackageHashTest.java » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java
diff --git a/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java b/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java
index 5c8144731f550c113fe520536be26945265b5acb..4dc795e4d4d5e811a098b5fdbdd2f61a3c0a073b 100644
--- a/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java
+++ b/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java
@@ -4,6 +4,7 @@
package org.chromium.content.browser.installedapp;
+import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
@@ -63,7 +64,30 @@ public class InstalledAppProviderTest {
private FakePackageManager mPackageManager;
private FakeFrameUrlDelegate mFrameUrlDelegate;
- private InstalledAppProviderImpl mInstalledAppProvider;
+ private InstalledAppProviderTestImpl mInstalledAppProvider;
+
+ private static class InstalledAppProviderTestImpl extends InstalledAppProviderImpl {
+ private long mLastSleepMillis;
+ private int mLastSleepNanos;
+
+ public InstalledAppProviderTestImpl(FrameUrlDelegate frameUrlDelegate, Context context) {
+ super(frameUrlDelegate, context);
+ }
+
+ public long getLastSleepMillis() {
+ return mLastSleepMillis;
+ }
+
+ public int getLastSleepNanos() {
+ return mLastSleepNanos;
+ }
+
+ @Override
+ protected void sleep(long millis, int nanos) {
+ mLastSleepMillis = millis;
+ mLastSleepNanos = nanos;
+ }
+ }
/**
* FakePackageManager allows for the "installation" of Android package names and setting up
@@ -278,7 +302,7 @@ public class InstalledAppProviderTest {
RuntimeEnvironment.setRobolectricPackageManager(mPackageManager);
mFrameUrlDelegate = new FakeFrameUrlDelegate(URL_ON_ORIGIN);
mInstalledAppProvider =
- new InstalledAppProviderImpl(mFrameUrlDelegate, RuntimeEnvironment.application);
+ new InstalledAppProviderTestImpl(mFrameUrlDelegate, RuntimeEnvironment.application);
}
/**
@@ -789,4 +813,36 @@ public class InstalledAppProviderTest {
new RelatedApplication[] {manifestRelatedApps[1], manifestRelatedApps[3]};
verifyInstalledApps(manifestRelatedApps, expectedInstalledRelatedApps);
}
+
+ /**
+ * Tests the pseudo-random artificial delay to counter a timing attack.
+ */
+ @Test
+ @Feature({"InstalledApp"})
+ public void testArtificialDelay() {
+ byte[] salt = {0x64, 0x09, -0x68, -0x25, 0x70, 0x11, 0x25, 0x24, 0x68, -0x1a, 0x08, 0x79,
+ -0x12, -0x50, 0x3b, -0x57, -0x17, -0x4d, 0x46, 0x02};
+ PackageHash.setGlobalSaltForTesting(salt);
+ setAssetStatement(PACKAGE_NAME_1, NAMESPACE_WEB, RELATION_HANDLE_ALL_URLS, ORIGIN);
+
+ // Installed app.
+ RelatedApplication manifestRelatedApps[] = new RelatedApplication[] {
+ createRelatedApplication(PLATFORM_ANDROID, PACKAGE_NAME_1, null)};
+ RelatedApplication[] expectedInstalledRelatedApps = manifestRelatedApps;
+ verifyInstalledApps(manifestRelatedApps, expectedInstalledRelatedApps);
+ // This expectation is based on the salt + ':' + packageName, encoded in UTF-8, hashed
+ // with SHA-256, and looking at the low 13 bits of the first two bytes of the result.
+ Assert.assertEquals(2, mInstalledAppProvider.getLastSleepMillis());
+ Assert.assertEquals(273000, mInstalledAppProvider.getLastSleepNanos());
+
+ // Non-installed app.
+ manifestRelatedApps = new RelatedApplication[] {
+ createRelatedApplication(PLATFORM_ANDROID, PACKAGE_NAME_2, null)};
+ expectedInstalledRelatedApps = new RelatedApplication[] {};
+ verifyInstalledApps(manifestRelatedApps, expectedInstalledRelatedApps);
+ // This expectation is based on the salt + ':' + packageName, encoded in UTF-8, hashed
+ // with SHA-256, and looking at the low 13 bits of the first two bytes of the result.
+ Assert.assertEquals(5, mInstalledAppProvider.getLastSleepMillis());
+ Assert.assertEquals(655000, mInstalledAppProvider.getLastSleepNanos());
+ }
}
« content/public/android/java/src/org/chromium/content/browser/installedapp/PackageHash.java ('K') | « content/public/android/java/src/org/chromium/content/browser/installedapp/PackageHash.java ('k') | content/public/android/junit/src/org/chromium/content/browser/installedapp/PackageHashTest.java » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698