Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cf326f18 authored by Rubin Xu's avatar Rubin Xu
Browse files

Let keyguard UI procced as soon as user password is validated 

Notify the callback as soon as first stage password verification passes,
leaving the decryption of synthetic password in the background. This should
reduce the perceived latency of device unlock UI wise.

Bug: 68380673
Test: Measured time manually, unlock on marlin now takes 70ms, and taimen
      takes 90ms.

Change-Id: Ibb787251f8fea776c6745d45ee2d8ab60515a5f4
parent 5f52b4df

services/core/java/com/android/server/locksettings/LockSettingsService.java

+3 −6
Original line number Diff line number Diff line
@@ -2099,7 +2099,7 @@ public class LockSettingsService extends ILockSettings.Stub { 


            long handle = getSyntheticPasswordHandleLocked(userId);

            authResult = mSpManager.unwrapPasswordBasedSyntheticPassword(

                    getGateKeeperService(), handle, userCredential, userId);

                    getGateKeeperService(), handle, userCredential, userId, progressCallback);



            if (authResult.credentialType != credentialType) {

                Slog.e(TAG, "Credential type mismatch.");
@@ -2122,9 +2122,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }



        if (response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) {

            if (progressCallback != null) {

                progressCallback.onCredentialVerified();

            }

            notifyActivePasswordMetricsAvailable(userCredential, userId);

            unlockKeystore(authResult.authToken.deriveKeyStorePassword(), userId);
@@ -2223,7 +2220,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }

        long handle = getSyntheticPasswordHandleLocked(userId);

        AuthenticationResult authResult = mSpManager.unwrapPasswordBasedSyntheticPassword(

                getGateKeeperService(), handle, savedCredential, userId);

                getGateKeeperService(), handle, savedCredential, userId, null);

        VerifyCredentialResponse response = authResult.gkResponse;

        AuthenticationToken auth = authResult.authToken;
@@ -2277,7 +2274,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
                } else /* isSyntheticPasswordBasedCredentialLocked(userId) */ {

                    long pwdHandle = getSyntheticPasswordHandleLocked(userId);

                    auth = mSpManager.unwrapPasswordBasedSyntheticPassword(getGateKeeperService(),

                            pwdHandle, null, userId).authToken;

                            pwdHandle, null, userId, null).authToken;

                }

            }

            if (isSyntheticPasswordBasedCredentialLocked(userId)) {

services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java

+7 −2
Original line number Diff line number Diff line
@@ -781,7 +781,8 @@ public class SyntheticPasswordManager { 
     * unknown. Caller might choose to validate it by examining AuthenticationResult.credentialType

     */

    public AuthenticationResult unwrapPasswordBasedSyntheticPassword(IGateKeeperService gatekeeper,

            long handle, String credential, int userId) throws RemoteException {

            long handle, String credential, int userId,

            ICheckCredentialProgressCallback progressCallback) throws RemoteException {

        if (credential == null) {

            credential = DEFAULT_PASSWORD;

        }
@@ -841,7 +842,11 @@ public class SyntheticPasswordManager { 
            applicationId = transformUnderSecdiscardable(pwdToken,

                    loadSecdiscardable(handle, userId));

        }



        // Supplied credential passes first stage weaver/gatekeeper check so it should be correct.

        // Notify the callback so the keyguard UI can proceed immediately.

        if (progressCallback != null) {

            progressCallback.onCredentialVerified();

        }

        result.authToken = unwrapSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_PASSWORD_BASED,

                applicationId, sid, userId);

services/tests/servicestests/src/com/android/server/locksettings/SyntheticPasswordTests.java

+4 −2
Original line number Diff line number Diff line
@@ -66,10 +66,12 @@ public class SyntheticPasswordTests extends BaseLockSettingsServiceTests { 
                LockPatternUtils.CREDENTIAL_TYPE_PASSWORD, authToken, PASSWORD_QUALITY_ALPHABETIC,

                USER_ID);



        AuthenticationResult result = manager.unwrapPasswordBasedSyntheticPassword(mGateKeeperService, handle, PASSWORD, USER_ID);

        AuthenticationResult result = manager.unwrapPasswordBasedSyntheticPassword(

                mGateKeeperService, handle, PASSWORD, USER_ID, null);

        assertEquals(result.authToken.deriveKeyStorePassword(), authToken.deriveKeyStorePassword());



        result = manager.unwrapPasswordBasedSyntheticPassword(mGateKeeperService, handle, BADPASSWORD, USER_ID);

        result = manager.unwrapPasswordBasedSyntheticPassword(mGateKeeperService, handle,

                BADPASSWORD, USER_ID, null);

        assertNull(result.authToken);

    }