Use String instead of byte[] to represent alias in KeyEntryRecoveryData. (07c76555) · Commits · e / os / android_frameworks_base

core/java/android/security/recoverablekeystore/KeyEntryRecoveryData.java

+16 −18

Original line number	Diff line number	Diff line
		@@ -22,7 +22,6 @@ import android.os.Parcelable;

		import com.android.internal.util.Preconditions;


		/**
		* Helper class with data necessary recover a single application key, given a recovery key.
		*
		@@ -37,26 +36,25 @@ import com.android.internal.util.Preconditions;
		* @hide
		*/
		public final class KeyEntryRecoveryData implements Parcelable {
		private final byte[] mAlias;
		private final String mAlias;
		// The only supported format is AES-256 symmetric key.
		private final byte[] mEncryptedKeyMaterial;

		public KeyEntryRecoveryData(@NonNull byte[] alias, @NonNull byte[] encryptedKeyMaterial) {
		public KeyEntryRecoveryData(@NonNull String alias, @NonNull byte[] encryptedKeyMaterial) {
		mAlias = Preconditions.checkNotNull(alias);
		mEncryptedKeyMaterial = Preconditions.checkNotNull(encryptedKeyMaterial);
		}

		/**
		* Application-specific alias of the key.
		*
		* @see java.security.KeyStore.aliases
		*/
		public @NonNull byte[] getAlias() {
		public @NonNull String getAlias() {
		return mAlias;
		}

		/**
		* Encrypted key material encrypted by recovery key.
		*/
		/** Encrypted key material encrypted by recovery key. */
		public @NonNull byte[] getEncryptedKeyMaterial() {
		return mEncryptedKeyMaterial;
		}
		@@ -74,12 +72,12 @@ public final class KeyEntryRecoveryData implements Parcelable {

		@Override
		public void writeToParcel(Parcel out, int flags) {
		out.writeByteArray(mAlias);
		out.writeString(mAlias);
		out.writeByteArray(mEncryptedKeyMaterial);
		}

		protected KeyEntryRecoveryData(Parcel in) {
		mAlias = in.createByteArray();
		mAlias = in.readString();
		mEncryptedKeyMaterial = in.createByteArray();
		}

services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -342,7 +342,7 @@ public class KeySyncTask implements Runnable {
		for (String alias : encryptedApplicationKeys.keySet()) {
		keyEntries.add(
		new KeyEntryRecoveryData(
		alias.getBytes(StandardCharsets.UTF_8),
		alias,
		encryptedApplicationKeys.get(alias)));
		}
		return keyEntries;

services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -466,7 +466,7 @@ public class RecoverableKeyStoreManager {
		@NonNull List<KeyEntryRecoveryData> applicationKeys) throws RemoteException {
		HashMap<String, byte[]> keyMaterialByAlias = new HashMap<>();
		for (KeyEntryRecoveryData applicationKey : applicationKeys) {
		String alias = new String(applicationKey.getAlias(), StandardCharsets.UTF_8);
		String alias = applicationKey.getAlias();
		byte[] encryptedKeyMaterial = applicationKey.getEncryptedKeyMaterial();

		try {

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -296,7 +296,7 @@ public class KeySyncTaskTest {
		List<KeyEntryRecoveryData> applicationKeys = recoveryData.getApplicationKeyBlobs();
		assertEquals(1, applicationKeys.size());
		KeyEntryRecoveryData keyData = applicationKeys.get(0);
		assertArrayEquals(TEST_APP_KEY_ALIAS.getBytes(StandardCharsets.UTF_8), keyData.getAlias());
		assertEquals(TEST_APP_KEY_ALIAS, keyData.getAlias());
		byte[] appKey = KeySyncUtils.decryptApplicationKey(
		recoveryKey, keyData.getEncryptedKeyMaterial());
		assertArrayEquals(applicationKey.getEncoded(), appKey);

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java

+3 −3

Original line number	Diff line number	Diff line
		@@ -306,7 +306,7 @@ public class RecoverableKeyStoreManagerTest {
		TEST_SESSION_ID,
		/recoveryKeyBlob=/ randomBytes(32),
		/applicationKeys=/ ImmutableList.of(
		new KeyEntryRecoveryData(getUtf8Bytes("alias"), randomBytes(32))
		new KeyEntryRecoveryData("alias", randomBytes(32))
		));
		fail("should have thrown");
		} catch (ServiceSpecificException e) {
		@@ -356,7 +356,7 @@ public class RecoverableKeyStoreManagerTest {
		byte[] encryptedClaimResponse = encryptClaimResponse(
		keyClaimant, TEST_SECRET, TEST_VAULT_PARAMS, recoveryKey);
		KeyEntryRecoveryData badApplicationKey = new KeyEntryRecoveryData(
		TEST_ALIAS.getBytes(StandardCharsets.UTF_8),
		TEST_ALIAS,
		randomBytes(32));

		try {
		@@ -389,7 +389,7 @@ public class RecoverableKeyStoreManagerTest {
		keyClaimant, TEST_SECRET, TEST_VAULT_PARAMS, recoveryKey);
		byte[] applicationKeyBytes = randomBytes(32);
		KeyEntryRecoveryData applicationKey = new KeyEntryRecoveryData(
		TEST_ALIAS.getBytes(StandardCharsets.UTF_8),
		TEST_ALIAS,
		encryptedApplicationKey(recoveryKey, applicationKeyBytes));

		Map<String, byte[]> recoveredKeys = mRecoverableKeyStoreManager.recoverKeys(