Remove the hard-coded counterId in VaultParams (f23c203e) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java

+0 −3

Original line number	Diff line number	Diff line
		@@ -255,9 +255,6 @@ public class KeySyncTask implements Runnable {
		}
		}

		// TODO: make sure the same counter id is used during recovery and remove temporary fix.
		counterId = 1L;

		byte[] vaultParams = KeySyncUtils.packVaultParams(
		publicKey,
		counterId,

+3 −2

Original line number	Diff line number	Diff line
		@@ -416,8 +416,8 @@ public class RecoverableKeyStoreManager {
		* @param vaultChallenge Challenge issued by vault service.
		* @param secrets Lock-screen hashes. For now only a single secret is supported.
		* @return Encrypted bytes of recovery claim. This can then be issued to the vault service.
		* @deprecated Use {@link #startRecoverySessionWithCertPath(String, RecoveryCertPath, byte[],
		* byte[], List)} instead.
		* @deprecated Use {@link #startRecoverySessionWithCertPath(String, String, RecoveryCertPath,
		* byte[], byte[], List)} instead.
		*
		* @hide
		*/
		@@ -457,6 +457,7 @@ public class RecoverableKeyStoreManager {
		uid,
		new RecoverySessionStorage.Entry(sessionId, kfHash, keyClaimant, vaultParams));

		Log.i(TAG, "Received VaultParams for recovery: " + HexDump.toHexString(vaultParams));
		try {
		byte[] thmKfHash = KeySyncUtils.calculateThmKfHash(kfHash);
		return KeySyncUtils.encryptRecoveryClaim(

+0 −1

Original line number	Diff line number	Diff line
		@@ -296,7 +296,6 @@ public class KeySyncTaskTest {
		keyDerivationParams.getSalt(),
		TEST_CREDENTIAL);
		Long counterId = mRecoverableKeyStoreDb.getCounterId(TEST_USER_ID, TEST_RECOVERY_AGENT_UID);
		counterId = 1L; // TODO: use value from the database.
		assertThat(counterId).isNotNull();
		byte[] recoveryKey = decryptThmEncryptedKey(
		lockScreenHash,