Merge "Remove 17 bytes length restriction for vaultHandler." into pi-dev (d9e1a8fd) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncUtils.java

+6 −4

Original line number	Diff line number	Diff line
		@@ -61,8 +61,6 @@ public class KeySyncUtils {
		private static final byte[] THM_KF_HASH_PREFIX = "THM_KF_hash".getBytes(StandardCharsets.UTF_8);

		private static final int KEY_CLAIMANT_LENGTH_BYTES = 16;
		private static final int VAULT_PARAMS_LENGTH_BYTES = 94;
		private static final int VAULT_HANDLE_LENGTH_BYTES = 17;

		/**
		* Encrypts the recovery key using both the lock screen hash and the remote storage's public
		@@ -298,8 +296,12 @@ public class KeySyncUtils {
		*/
		public static byte[] packVaultParams(
		PublicKey thmPublicKey, long counterId, int maxAttempts, byte[] vaultHandle) {
		// TODO: Check if vaultHandle has exactly the length of VAULT_HANDLE_LENGTH_BYTES somewhere
		return ByteBuffer.allocate(VAULT_PARAMS_LENGTH_BYTES)
		int vaultParamsLength
		= 65 // public key
		+ 8 // counterId
		+ 4 // maxAttempts
		+ vaultHandle.length;
		return ByteBuffer.allocate(vaultParamsLength)
		.order(ByteOrder.LITTLE_ENDIAN)
		.put(SecureBox.encodePublicKey(thmPublicKey))
		.putLong(counterId)

services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncUtilsTest.java

+22 −3

Original line number	Diff line number	Diff line
		@@ -52,6 +52,8 @@ public class KeySyncUtilsTest {
		private static final int KEY_CLAIMANT_LENGTH_BYTES = 16;
		private static final byte[] TEST_VAULT_HANDLE =
		new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17};
		private static final int VAULT_PARAMS_LENGTH_BYTES = 94;
		private static final int VAULT_HANDLE_LENGTH_BYTES = 17;
		private static final String SHA_256_ALGORITHM = "SHA-256";
		private static final String APPLICATION_KEY_ALGORITHM = "AES";
		private static final byte[] LOCK_SCREEN_HASH_1 =
		@@ -63,8 +65,7 @@ public class KeySyncUtilsTest {
		private static final byte[] RECOVERY_RESPONSE_HEADER =
		"V1 reencrypted_recovery_key".getBytes(StandardCharsets.UTF_8);
		private static final int PUBLIC_KEY_LENGTH_BYTES = 65;
		private static final int VAULT_PARAMS_LENGTH_BYTES = 94;
		private static final int VAULT_HANDLE_LENGTH_BYTES = 17;


		@Test
		public void calculateThmKfHash_isShaOfLockScreenHashWithPrefix() throws Exception {
		@@ -345,7 +346,7 @@ public class KeySyncUtilsTest {
		}

		@Test
		public void packVaultParams_returns94Bytes() throws Exception {
		public void packVaultParams_returnsCorrectSize() throws Exception {
		PublicKey thmPublicKey = SecureBox.genKeyPair().getPublic();

		byte[] packedForm = KeySyncUtils.packVaultParams(
		@@ -420,6 +421,24 @@ public class KeySyncUtilsTest {
		assertArrayEquals(TEST_VAULT_HANDLE, vaultHandle);
		}

		@Test
		public void packVaultParams_encodesVaultHandleWithLength8AsLastParam() throws Exception {
		byte[] vaultHandleWithLenght8 = new byte[] {1, 2, 3, 4, 1, 2, 3, 4};
		byte[] packedForm = KeySyncUtils.packVaultParams(
		SecureBox.genKeyPair().getPublic(),
		/counterId=/ 10021L,
		/maxAttempts=/ 10,
		vaultHandleWithLenght8);

		ByteBuffer byteBuffer = ByteBuffer.wrap(packedForm)
		.order(ByteOrder.LITTLE_ENDIAN);
		assertEquals(PUBLIC_KEY_LENGTH_BYTES + Long.BYTES + Integer.BYTES + 8, packedForm.length);
		byteBuffer.position(PUBLIC_KEY_LENGTH_BYTES + Long.BYTES + Integer.BYTES);
		byte[] vaultHandle = new byte[8];
		byteBuffer.get(vaultHandle);
		assertArrayEquals(vaultHandleWithLenght8, vaultHandle);
		}

		private static byte[] randomBytes(int n) {
		byte[] bytes = new byte[n];
		new Random().nextBytes(bytes);