Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java

Issue 2802603002: getInstalledRelatedApps: Introduce random delay to stop timing attacks. (Closed)
Patch Set: Added tests for PackageHash and the delay in InstalledAppProviderImpl. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/public/android/java/src/org/chromium/content/browser/installedapp/PackageHash.java ('K') | « content/public/android/java/src/org/chromium/content/browser/installedapp/PackageHash.java ('k') | content/public/android/junit/src/org/chromium/content/browser/installedapp/PackageHashTest.java » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java
diff --git a/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java b/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java
index 5c8144731f550c113fe520536be26945265b5acb..3755ae284932a1f2a6e009b0e1213246b590c914 100644
--- a/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java
+++ b/content/public/android/junit/src/org/chromium/content/browser/installedapp/InstalledAppProviderTest.java
@@ -4,6 +4,7 @@
package org.chromium.content.browser.installedapp;
+import android.content.Context;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
@@ -63,7 +64,30 @@ public class InstalledAppProviderTest {
private FakePackageManager mPackageManager;
private FakeFrameUrlDelegate mFrameUrlDelegate;
- private InstalledAppProviderImpl mInstalledAppProvider;
+ private InstalledAppProviderTestImpl mInstalledAppProvider;
+
+ private static class InstalledAppProviderTestImpl extends InstalledAppProviderImpl {
+ private long mLastSleepMillis;
+ private int mLastSleepNanos;
+
+ public InstalledAppProviderTestImpl(FrameUrlDelegate frameUrlDelegate, Context context) {
+ super(frameUrlDelegate, context);
+ }
+
+ public long getLastSleepMillis() {
+ return mLastSleepMillis;
+ }
+
+ public int getLastSleepNanos() {
+ return mLastSleepNanos;
+ }
+
+ @Override
+ protected void sleep(long millis, int nanos) {
+ mLastSleepMillis = millis;
+ mLastSleepNanos = nanos;
+ }
+ }
/**
* FakePackageManager allows for the "installation" of Android package names and setting up
@@ -278,7 +302,7 @@ public class InstalledAppProviderTest {
RuntimeEnvironment.setRobolectricPackageManager(mPackageManager);
mFrameUrlDelegate = new FakeFrameUrlDelegate(URL_ON_ORIGIN);
mInstalledAppProvider =
- new InstalledAppProviderImpl(mFrameUrlDelegate, RuntimeEnvironment.application);
+ new InstalledAppProviderTestImpl(mFrameUrlDelegate, RuntimeEnvironment.application);
}
/**
@@ -789,4 +813,34 @@ public class InstalledAppProviderTest {
new RelatedApplication[] {manifestRelatedApps[1], manifestRelatedApps[3]};
verifyInstalledApps(manifestRelatedApps, expectedInstalledRelatedApps);
}
+
+ /**
+ * Tests the pseudo-random artificial delay to counter a timing attack.
+ */
+ @Test
+ @Feature({"InstalledApp"})
+ public void testArtificialDelay() {
+ PackageHash.setGlobalSaltForTesting("5797896c-e292-4d6f-b0a4-0aee1f89b9ed");
+ setAssetStatement(PACKAGE_NAME_1, NAMESPACE_WEB, RELATION_HANDLE_ALL_URLS, ORIGIN);
+
+ // Installed app.
+ RelatedApplication manifestRelatedApps[] = new RelatedApplication[] {
+ createRelatedApplication(PLATFORM_ANDROID, PACKAGE_NAME_1, null)};
+ RelatedApplication[] expectedInstalledRelatedApps = manifestRelatedApps;
+ verifyInstalledApps(manifestRelatedApps, expectedInstalledRelatedApps);
+ // This expectation is based on the salt + ':' + packageName, encoded in UTF-8, hashed
+ // with SHA-256, and looking at the low 13 bits of the first two bytes of the result.
+ Assert.assertEquals(3, mInstalledAppProvider.getLastSleepMillis());
+ Assert.assertEquals(542000, mInstalledAppProvider.getLastSleepNanos());
+
+ // Non-installed app.
+ manifestRelatedApps = new RelatedApplication[] {
+ createRelatedApplication(PLATFORM_ANDROID, PACKAGE_NAME_2, null)};
+ expectedInstalledRelatedApps = new RelatedApplication[] {};
+ verifyInstalledApps(manifestRelatedApps, expectedInstalledRelatedApps);
+ // This expectation is based on the salt + ':' + packageName, encoded in UTF-8, hashed
+ // with SHA-256, and looking at the low 13 bits of the first two bytes of the result.
+ Assert.assertEquals(5, mInstalledAppProvider.getLastSleepMillis());
+ Assert.assertEquals(882000, mInstalledAppProvider.getLastSleepNanos());
+ }
}
« content/public/android/java/src/org/chromium/content/browser/installedapp/PackageHash.java ('K') | « content/public/android/java/src/org/chromium/content/browser/installedapp/PackageHash.java ('k') | content/public/android/junit/src/org/chromium/content/browser/installedapp/PackageHashTest.java » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698