diff options
| author | Yao Chen <yaochen@google.com> | 2019-04-26 10:30:11 -0700 |
|---|---|---|
| committer | Yao Chen <yaochen@google.com> | 2019-04-30 11:51:24 -0700 |
| commit | a51f3fa6fed47604361981bacf1f0b78fd75f645 (patch) | |
| tree | 621865e274f7ce95880effed3e57800c81626c13 | |
| parent | 4a4bc355e785852b776e873bf834be7b0cfc0000 (diff) | |
Remove encryption from incidentd
Test: build
Bug: 131371777
Change-Id: I412c73658025246004412f3bcdcf30f74d766326
| -rw-r--r-- | cmds/incidentd/Android.bp | 14 | ||||
| -rw-r--r-- | cmds/incidentd/src/Privacy.cpp | 6 | ||||
| -rw-r--r-- | cmds/incidentd/src/Privacy.h | 3 | ||||
| -rw-r--r-- | cmds/incidentd/src/PrivacyFilter.cpp | 86 | ||||
| -rw-r--r-- | cmds/incidentd/src/PrivacyFilter.h | 8 | ||||
| -rw-r--r-- | cmds/incidentd/src/Reporter.cpp | 3 | ||||
| -rw-r--r-- | cmds/incidentd/src/cipher/IncidentKeyStore.cpp | 87 | ||||
| -rw-r--r-- | cmds/incidentd/src/cipher/IncidentKeyStore.h | 53 | ||||
| -rw-r--r-- | cmds/incidentd/src/cipher/ProtoEncryption.cpp | 139 | ||||
| -rw-r--r-- | cmds/incidentd/src/cipher/ProtoEncryption.h | 80 | ||||
| -rw-r--r-- | cmds/incidentd/src/cipher/cipher_blocks.proto | 25 | ||||
| -rw-r--r-- | cmds/incidentd/tests/IncidentKeyStore_test.cpp | 66 | ||||
| -rw-r--r-- | cmds/incidentd/tests/ProtoEncryption_test.cpp | 85 | ||||
| -rw-r--r-- | libs/protoutil/src/ProtoFileReader.cpp | 2 |
14 files changed, 23 insertions, 634 deletions
diff --git a/cmds/incidentd/Android.bp b/cmds/incidentd/Android.bp index 534a38f14136..25e0328b4f38 100644 --- a/cmds/incidentd/Android.bp +++ b/cmds/incidentd/Android.bp @@ -60,12 +60,6 @@ cc_binary { "libservices", "libutils", "libprotobuf-cpp-lite", - "libcrypto", - "libkeystore_aidl", - "libkeystore_binder", - "libkeystore_parcelables", - "android.hardware.keymaster@4.0", - "libkeymaster4support", ], static_libs: [ @@ -119,8 +113,6 @@ cc_test { "src/incidentd_util.cpp", "src/proto_util.cpp", "src/report_directory.cpp", - "src/cipher/IncidentKeyStore.cpp", - "src/cipher/ProtoEncryption.cpp", "src/**/*.proto", ], @@ -142,12 +134,6 @@ cc_test { "libprotoutil", "libservices", "libutils", - "libcrypto", - "libkeystore_aidl", - "libkeystore_binder", - "libkeystore_parcelables", - "android.hardware.keymaster@4.0", - "libkeymaster4support", ], target: { diff --git a/cmds/incidentd/src/Privacy.cpp b/cmds/incidentd/src/Privacy.cpp index 0cc358fd2746..0a187e166135 100644 --- a/cmds/incidentd/src/Privacy.cpp +++ b/cmds/incidentd/src/Privacy.cpp @@ -28,8 +28,6 @@ namespace incidentd { using namespace android::os; using std::strstream; -static const bool kEncryptionEnabled = false; - uint64_t encode_field_id(const Privacy* p) { return (uint64_t)p->type << 32 | p->field_id; } string Privacy::toString() const { @@ -52,10 +50,6 @@ const Privacy* lookup(const Privacy* p, uint32_t fieldId) { return NULL; } -bool sectionEncryption(int section_id) { - return kEncryptionEnabled ? (section_id == 3025) /*restricted image section*/ : false; -} - static bool isAllowed(const uint8_t policy, const uint8_t check) { switch (check) { case PRIVACY_POLICY_LOCAL: diff --git a/cmds/incidentd/src/Privacy.h b/cmds/incidentd/src/Privacy.h index 9cde748bc44c..763edb03e485 100644 --- a/cmds/incidentd/src/Privacy.h +++ b/cmds/incidentd/src/Privacy.h @@ -90,9 +90,6 @@ private: uint8_t mPolicy; }; -// TODO: Add privacy flag in incident.proto and auto generate it inside Privacy. -bool sectionEncryption(int section_id); - /** * If a privacy policy is other than the defined values, update it to a real one. */ diff --git a/cmds/incidentd/src/PrivacyFilter.cpp b/cmds/incidentd/src/PrivacyFilter.cpp index ca6fb3708ef1..d00ecdde5c63 100644 --- a/cmds/incidentd/src/PrivacyFilter.cpp +++ b/cmds/incidentd/src/PrivacyFilter.cpp @@ -16,20 +16,19 @@ #define DEBUG false #include "Log.h" +#include "incidentd_util.h" #include "PrivacyFilter.h" +#include "proto_util.h" #include "incidentd_util.h" #include "proto_util.h" #include "Section.h" #include <android-base/file.h> -#include <android/util/ProtoFileReader.h> #include <android/util/protobuf.h> +#include <android/util/ProtoFileReader.h> #include <log/log.h> -#include "cipher/IncidentKeyStore.h" -#include "cipher/ProtoEncryption.h" - namespace android { namespace os { namespace incidentd { @@ -146,8 +145,6 @@ public: */ status_t writeData(int fd); - sp<ProtoReader> getData() { return mData; } - private: /** * The global set of field --> required privacy level mapping. @@ -259,47 +256,8 @@ void PrivacyFilter::addFd(const sp<FilterFd>& output) { mOutputs.push_back(output); } -static void write_section_to_file(int sectionId, FieldStripper& fieldStripper, sp<FilterFd> output, - bool encryptIfNeeded) { - status_t err; - - if (sectionEncryption(sectionId) && encryptIfNeeded) { - ProtoEncryptor encryptor(fieldStripper.getData()); - size_t encryptedSize = encryptor.encrypt(); - - if (encryptedSize <= 0) { - output->onWriteError(BAD_VALUE); - return; - } - err = write_section_header(output->getFd(), sectionId, encryptedSize); - VLOG("Encrypted: write section header size %lu", (unsigned long)encryptedSize); - - encryptor.flush(output->getFd()); - - if (err != NO_ERROR) { - output->onWriteError(err); - return; - } - } else { - err = write_section_header(output->getFd(), sectionId, fieldStripper.dataSize()); - VLOG("No encryption: write section header size %lu", - (unsigned long)fieldStripper.dataSize()); - - if (err != NO_ERROR) { - output->onWriteError(err); - return; - } - - err = fieldStripper.writeData(output->getFd()); - if (err != NO_ERROR) { - output->onWriteError(err); - return; - } - } -} - -status_t PrivacyFilter::writeData(const FdBuffer& buffer, uint8_t bufferLevel, size_t* maxSize, - bool encryptIfNeeded) { +status_t PrivacyFilter::writeData(const FdBuffer& buffer, uint8_t bufferLevel, + size_t* maxSize) { status_t err; if (maxSize != NULL) { @@ -309,9 +267,9 @@ status_t PrivacyFilter::writeData(const FdBuffer& buffer, uint8_t bufferLevel, s // Order the writes by privacy filter, with increasing levels of filtration,k // so we can do the filter once, and then write many times. sort(mOutputs.begin(), mOutputs.end(), - [](const sp<FilterFd>& a, const sp<FilterFd>& b) -> bool { - return a->getPrivacyPolicy() < b->getPrivacyPolicy(); - }); + [](const sp<FilterFd>& a, const sp<FilterFd>& b) -> bool { + return a->getPrivacyPolicy() < b->getPrivacyPolicy(); + }); uint8_t privacyPolicy = PRIVACY_POLICY_LOCAL; // a.k.a. no filtering FieldStripper fieldStripper(mRestrictions, buffer.data()->read(), bufferLevel); @@ -330,7 +288,17 @@ status_t PrivacyFilter::writeData(const FdBuffer& buffer, uint8_t bufferLevel, s // Write the resultant buffer to the fd, along with the header. ssize_t dataSize = fieldStripper.dataSize(); if (dataSize > 0) { - write_section_to_file(mSectionId, fieldStripper, output, encryptIfNeeded); + err = write_section_header(output->getFd(), mSectionId, dataSize); + if (err != NO_ERROR) { + output->onWriteError(err); + continue; + } + + err = fieldStripper.writeData(output->getFd()); + if (err != NO_ERROR) { + output->onWriteError(err); + continue; + } } if (maxSize != NULL) { @@ -382,18 +350,8 @@ status_t filter_and_write_report(int to, int from, uint8_t bufferLevel, // Read this section from the reader into an FdBuffer size_t sectionSize = reader->readRawVarint(); - FdBuffer sectionData; - - // Write data to FdBuffer, if the section was encrypted, decrypt first. - if (sectionEncryption(fieldId)) { - VLOG("sectionSize %lu", (unsigned long)sectionSize); - ProtoDecryptor decryptor(reader, sectionSize); - err = decryptor.decryptAndFlush(§ionData); - } else { - err = sectionData.write(reader, sectionSize); - } - + err = sectionData.write(reader, sectionSize); if (err != NO_ERROR) { ALOGW("filter_and_write_report FdBuffer.write failed (this shouldn't happen): %s", strerror(-err)); @@ -401,8 +359,7 @@ status_t filter_and_write_report(int to, int from, uint8_t bufferLevel, } // Do the filter and write. - err = filter.writeData(sectionData, bufferLevel, nullptr, - false /* do not encrypt again*/); + err = filter.writeData(sectionData, bufferLevel, nullptr); if (err != NO_ERROR) { ALOGW("filter_and_write_report filter.writeData had an error: %s", strerror(-err)); return err; @@ -411,7 +368,6 @@ status_t filter_and_write_report(int to, int from, uint8_t bufferLevel, // We don't need this field. Incident does not have any direct children // other than sections. So just skip them. write_field_or_skip(NULL, reader, fieldTag, true); - VLOG("Skip this.... section %d", fieldId); } } diff --git a/cmds/incidentd/src/PrivacyFilter.h b/cmds/incidentd/src/PrivacyFilter.h index d426db966a9a..76b28498a0ac 100644 --- a/cmds/incidentd/src/PrivacyFilter.h +++ b/cmds/incidentd/src/PrivacyFilter.h @@ -82,14 +82,8 @@ public: * was written (i.e. after filtering). * * The buffer is assumed to have already been filtered to bufferLevel. - * - * This function can be called when persisting data to disk or when sending - * data to client. In the former case, we need to encrypt the data when that - * section requires encryption. In the latter case, we shouldn't send the - * unencrypted data to client. */ - status_t writeData(const FdBuffer& buffer, uint8_t bufferLevel, size_t* maxSize, - bool encryptIfNeeded); + status_t writeData(const FdBuffer& buffer, uint8_t bufferLevel, size_t* maxSize); private: int mSectionId; diff --git a/cmds/incidentd/src/Reporter.cpp b/cmds/incidentd/src/Reporter.cpp index dc4065bce39b..02b6bbe6c9b1 100644 --- a/cmds/incidentd/src/Reporter.cpp +++ b/cmds/incidentd/src/Reporter.cpp @@ -465,8 +465,7 @@ status_t ReportWriter::writeSection(const FdBuffer& buffer) { } }); - return filter.writeData(buffer, PRIVACY_POLICY_LOCAL, &mMaxSectionDataFilteredSize, - true /*encrypt if needed*/); + return filter.writeData(buffer, PRIVACY_POLICY_LOCAL, &mMaxSectionDataFilteredSize); } diff --git a/cmds/incidentd/src/cipher/IncidentKeyStore.cpp b/cmds/incidentd/src/cipher/IncidentKeyStore.cpp deleted file mode 100644 index ae0a92094d0b..000000000000 --- a/cmds/incidentd/src/cipher/IncidentKeyStore.cpp +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "Log.h" - -#include "IncidentKeyStore.h" - -#include <sys/stat.h> - -static constexpr size_t AES_KEY_BYTES = 32; -static constexpr size_t GCM_MAC_BYTES = 16; -constexpr char kKeyname[] = "IncidentKey"; - -namespace android { -namespace os { -namespace incidentd { - -using namespace keystore; -using std::string; - -IncidentKeyStore& IncidentKeyStore::getInstance() { - static IncidentKeyStore sInstance(new keystore::KeystoreClientImpl); - return sInstance; -} - -bool IncidentKeyStore::encrypt(const string& data, int32_t flags, string* output) { - std::lock_guard<std::mutex> lock(mMutex); - if (data.empty()) { - ALOGW("IncidentKeyStore: Encrypt empty data?!"); - return false; - } - if (!mClient->doesKeyExist(kKeyname)) { - auto gen_result = generateKeyLocked(kKeyname, 0); - if (!gen_result.isOk()) { - ALOGE("IncidentKeyStore: Key generate failed."); - return false; - } - } - if (!mClient->encryptWithAuthentication(kKeyname, data, flags, output)) { - ALOGE("IncidentKeyStore: Encryption failed."); - return false; - } - return true; -} - -bool IncidentKeyStore::decrypt(const std::string& input, string* output) { - std::lock_guard<std::mutex> lock(mMutex); - if (input.empty()) { - ALOGE("IncidentKeyStore: Decrypt empty input?"); - return false; - } - if (!mClient->decryptWithAuthentication(kKeyname, input, output)) { - ALOGE("IncidentKeyStore: Decryption failed."); - return false; - } - return true; -} - -KeyStoreNativeReturnCode IncidentKeyStore::generateKeyLocked(const std::string& name, - int32_t flags) { - auto paramBuilder = AuthorizationSetBuilder() - .AesEncryptionKey(AES_KEY_BYTES * 8) - .GcmModeMinMacLen(GCM_MAC_BYTES * 8) - .Authorization(TAG_NO_AUTH_REQUIRED); - - AuthorizationSet hardware_enforced_characteristics; - AuthorizationSet software_enforced_characteristics; - return mClient->generateKey(name, paramBuilder, flags, &hardware_enforced_characteristics, - &software_enforced_characteristics); -} - -} // namespace incidentd -} // namespace os -} // namespace android diff --git a/cmds/incidentd/src/cipher/IncidentKeyStore.h b/cmds/incidentd/src/cipher/IncidentKeyStore.h deleted file mode 100644 index 27611cd7faad..000000000000 --- a/cmds/incidentd/src/cipher/IncidentKeyStore.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#pragma once - -#include <keystore/keystore_client_impl.h> - -namespace android { -namespace os { -namespace incidentd { - -class IncidentKeyStore { -public: - static IncidentKeyStore& getInstance(); - - IncidentKeyStore(keystore::KeystoreClient* client) : mClient(client) {} - - /** - * Encrypt the plainText and output the encrypted message. - * - * Returns true on success and false otherwise. - * If the key has not been created yet, it will generate the key in KeyMaster. - */ - bool encrypt(const std::string& plainText, int32_t flags, std::string* output); - - /** - * Decrypt and output the decrypted message. - * - * Returns true on success and false otherwise. - */ - bool decrypt(const std::string& encryptedData, std::string* output); - -private: - std::unique_ptr<keystore::KeystoreClient> mClient; - std::mutex mMutex; - keystore::KeyStoreNativeReturnCode generateKeyLocked(const std::string& name, int32_t flags); -}; - -} // namespace incidentd -} // namespace os -} // namespace android diff --git a/cmds/incidentd/src/cipher/ProtoEncryption.cpp b/cmds/incidentd/src/cipher/ProtoEncryption.cpp deleted file mode 100644 index 493796d2af4d..000000000000 --- a/cmds/incidentd/src/cipher/ProtoEncryption.cpp +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define DEBUG true // STOPSHIP if true -#include "Log.h" - -#include "ProtoEncryption.h" - -#include <android/util/protobuf.h> - -#include "IncidentKeyStore.h" - -namespace android { -namespace os { -namespace incidentd { - -using android::util::FIELD_COUNT_REPEATED; -using android::util::FIELD_TYPE_STRING; -using android::util::ProtoOutputStream; -using android::util::ProtoReader; -using std::string; - -static const int FIELD_ID_BLOCK = 1; - -size_t ProtoEncryptor::encrypt() { - string block; - int i = 0; - // Read at most sBlockSize at a time and encrypt. - while (mReader->readBuffer() != NULL) { - size_t readBytes = - mReader->currentToRead() > sBlockSize ? sBlockSize : mReader->currentToRead(); - block.resize(readBytes); - std::memcpy(block.data(), mReader->readBuffer(), readBytes); - - string encrypted; - if (IncidentKeyStore::getInstance().encrypt(block, 0, &encrypted)) { - mOutputStream.write(FIELD_TYPE_STRING | FIELD_ID_BLOCK | FIELD_COUNT_REPEATED, - encrypted); - VLOG("Block %d Encryption: original %lld now %lld", i++, (long long)readBytes, - (long long)encrypted.length()); - mReader->move(readBytes); - } else { - return 0; - } - } - return mOutputStream.size(); -} - -status_t ProtoEncryptor::flush(int fd) { - if (!mOutputStream.flush(fd)) { - return BAD_VALUE; - } - return NO_ERROR; -} - -status_t ProtoDecryptor::readOneBlock(string* output) { - if (!mReader->hasNext()) { - return NO_ERROR; - } - uint64_t fieldTag = mReader->readRawVarint(); - uint32_t fieldId = read_field_id(fieldTag); - uint8_t wireType = read_wire_type(fieldTag); - if (wireType == WIRE_TYPE_LENGTH_DELIMITED) { - // Read this section from the reader into an FdBuffer - size_t sectionSize = mReader->readRawVarint(); - output->resize(sectionSize); - size_t pos = 0; - while (pos < sectionSize && mReader->readBuffer() != NULL) { - size_t toRead = (sectionSize - pos) > mReader->currentToRead() - ? mReader->currentToRead() - : (sectionSize - pos); - std::memcpy(&((output->data())[pos]), mReader->readBuffer(), toRead); - pos += toRead; - mReader->move(toRead); - } - if (pos != sectionSize) { - return BAD_VALUE; - ALOGE("Failed to read one block"); - } - } else { - return BAD_VALUE; - } - return NO_ERROR; -} - -status_t ProtoDecryptor::decryptAndFlush(FdBuffer* out) { - size_t mStartBytes = mReader->bytesRead(); - size_t bytesRead = 0; - int i = 0; - status_t err = NO_ERROR; - // Let's read until we read mTotalSize. If any error occurs before that, make sure to move the - // read pointer so the caller can continue to read the following sections. - while (bytesRead < mTotalSize) { - string block; - err = readOneBlock(&block); - bytesRead = mReader->bytesRead() - mStartBytes; - - if (err != NO_ERROR) { - break; - } - - if (block.length() == 0) { - VLOG("Done reading all blocks"); - break; - } - - string decryptedBlock; - if ((IncidentKeyStore::getInstance()).decrypt(block, &decryptedBlock)) { - VLOG("Block %d Original Size %lu Decrypted size %lu", i++, - (unsigned long)block.length(), (unsigned long)decryptedBlock.length()); - out->write(reinterpret_cast<uint8_t*>(decryptedBlock.data()), decryptedBlock.length()); - } else { - err = BAD_VALUE; - break; - } - } - - if (bytesRead < mTotalSize) { - mReader->move(mTotalSize - bytesRead); - } - return err; -} - -} // namespace incidentd -} // namespace os -} // namespace android diff --git a/cmds/incidentd/src/cipher/ProtoEncryption.h b/cmds/incidentd/src/cipher/ProtoEncryption.h deleted file mode 100644 index 5b72ca88ec64..000000000000 --- a/cmds/incidentd/src/cipher/ProtoEncryption.h +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#pragma once - -#include <android/util/ProtoOutputStream.h> -#include <android/util/ProtoReader.h> -#include <frameworks/base/cmds/incidentd/src/cipher/cipher_blocks.pb.h> - -#include "FdBuffer.h" - -namespace android { -namespace os { -namespace incidentd { - -// PlainText IncidentReport format -// [section1_header(id, size, type)][section1_data] ... - -// Let's say section1 needs encryption -// After encryption, it becomes -// [section1_header(id, encrypted_size, type)][[cipher_block][cipher_block][cipher_block]..] - -// When clients read the report, it's decrypted, and written in its original format - -/** - * Takes a ProtoReader, encrypts its whole content -- which is one section, and flush to - * a file descriptor. - * The underlying encryption is done using Keystore binder APIs. We encrypt the data - * in blocks, and write to the file in android.os.incidentd.CipherBlocks format. - */ -class ProtoEncryptor { -public: - ProtoEncryptor(const sp<android::util::ProtoReader>& reader) : mReader(reader){}; - - // Encrypt the data from ProtoReader, and store in CipherBlocks format. - // return the size of CipherBlocks. - size_t encrypt(); - - status_t flush(int fd); - -private: - static const size_t sBlockSize = 8 * 1024; - const sp<android::util::ProtoReader> mReader; - android::util::ProtoOutputStream mOutputStream; -}; - -// Read data from ProtoReader, which is in CipherBlocks proto format. Parse and decrypt -// block by block. -class ProtoDecryptor { -public: - ProtoDecryptor(const sp<android::util::ProtoReader>& reader, size_t size) - : mReader(reader), mTotalSize(size){}; - status_t decryptAndFlush(FdBuffer* out); - -private: - const sp<android::util::ProtoReader> mReader; - - // Total size in bytes we should read from ProtoReader. - const size_t mTotalSize; - - // Read one cipher block from ProtoReader, instead of reading the whole content - // and parse to CipherBlocks which could be huge. - status_t readOneBlock(std::string* output); -}; - -} // namespace incidentd -} // namespace os -} // namespace android diff --git a/cmds/incidentd/src/cipher/cipher_blocks.proto b/cmds/incidentd/src/cipher/cipher_blocks.proto deleted file mode 100644 index 5c7ed242c7a5..000000000000 --- a/cmds/incidentd/src/cipher/cipher_blocks.proto +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -syntax = "proto2"; - -package android.os.incidentd; - -// This proto is never instantiated anywhere. It only exists to keep a record of the format of the -// encrypted data on disk. -message CipherBlocks { - repeated string blocks = 1; -} diff --git a/cmds/incidentd/tests/IncidentKeyStore_test.cpp b/cmds/incidentd/tests/IncidentKeyStore_test.cpp deleted file mode 100644 index 2250fda90e01..000000000000 --- a/cmds/incidentd/tests/IncidentKeyStore_test.cpp +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "cipher/IncidentKeyStore.h" - -#include <binder/ProcessState.h> -#include <gtest/gtest.h> - -#include <fstream> - -using namespace android::os::incidentd; - -class IncidentKeyStoreTest : public ::testing::Test { -protected: - std::unique_ptr<IncidentKeyStore> incidentKeyStore; - void SetUp() override { - android::ProcessState::self()->startThreadPool(); - incidentKeyStore = std::make_unique<IncidentKeyStore>( - static_cast<keystore::KeystoreClient*>(new keystore::KeystoreClientImpl)); - }; - void TearDown() override { incidentKeyStore = nullptr; }; -}; - -TEST_F(IncidentKeyStoreTest, test_encrypt_decrypt) { - std::string plaintext; - plaintext.resize(4 * 1024, 'a'); - - std::string encrypted; - EXPECT_TRUE(incidentKeyStore->encrypt(plaintext, 0, &encrypted)); - std::string decrypted; - EXPECT_TRUE(incidentKeyStore->decrypt(encrypted, &decrypted)); - - EXPECT_FALSE(encrypted.empty()); - EXPECT_EQ(plaintext, decrypted); -} - -TEST_F(IncidentKeyStoreTest, test_encrypt_empty_hash) { - std::string hash = ""; - - std::string encrypted; - EXPECT_FALSE(incidentKeyStore->encrypt(hash, 0, &encrypted)); - - EXPECT_TRUE(encrypted.empty()); -} - -TEST_F(IncidentKeyStoreTest, test_decrypt_empty_hash) { - std::string hash = ""; - - std::string decrypted; - EXPECT_FALSE(incidentKeyStore->decrypt(hash, &decrypted)); - - EXPECT_TRUE(decrypted.empty()); -}
\ No newline at end of file diff --git a/cmds/incidentd/tests/ProtoEncryption_test.cpp b/cmds/incidentd/tests/ProtoEncryption_test.cpp deleted file mode 100644 index 6742e034d70d..000000000000 --- a/cmds/incidentd/tests/ProtoEncryption_test.cpp +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (C) 2019 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "Log.h" - -#include "cipher/ProtoEncryption.h" - -#include <android-base/file.h> -#include <gtest/gtest.h> - -#include "FdBuffer.h" -#include "android/util/ProtoFileReader.h" - -using namespace android::os::incidentd; -using android::sp; -using std::string; -using ::testing::Test; - -const std::string kTestPath = GetExecutableDirectory(); -const std::string kTestDataPath = kTestPath + "/testdata/"; - -TEST(ProtoEncryptionTest, test_encrypt_decrypt) { - const std::string plaintextFile = kTestDataPath + "plaintext.txt"; - const std::string encryptedFile = kTestDataPath + "encrypted.txt"; - size_t msg1Size = 20 * 1024; - - // Create a file with plain text. - { - unique_fd fd( - open(plaintextFile.c_str(), O_WRONLY | O_CREAT | O_CLOEXEC, S_IRUSR | S_IWUSR)); - ASSERT_NE(fd.get(), -1); - string content; - content.resize(msg1Size, 'a'); - WriteFully(fd, content.data(), msg1Size); - } - - // Read the plain text and encrypted - { - unique_fd readFd(open(plaintextFile.c_str(), O_RDONLY | O_CLOEXEC)); - unique_fd encryptedFd( - open(encryptedFile.c_str(), O_WRONLY | O_CREAT | O_CLOEXEC, S_IRUSR | S_IWUSR)); - - ASSERT_NE(readFd.get(), -1); - ASSERT_NE(encryptedFd.get(), -1); - - sp<ProtoFileReader> reader = new ProtoFileReader(readFd.get()); - ProtoEncryptor encryptor(reader); - EXPECT_TRUE(encryptor.encrypt() > msg1Size); - - encryptor.flush(encryptedFd.get()); - } - - // Read the encrypted file, and decrypt - unique_fd encryptedFd(open(encryptedFile.c_str(), O_RDONLY | O_CLOEXEC)); - ASSERT_NE(encryptedFd.get(), -1); - FdBuffer output; - sp<ProtoFileReader> reader2 = new ProtoFileReader(encryptedFd.get()); - ProtoDecryptor decryptor(reader2, reader2->size()); - decryptor.decryptAndFlush(&output); - - auto decryptedReader = output.data()->read(); - - // Check the content. - int count = 0; - while (decryptedReader->hasNext()) { - if (decryptedReader->next() == 'a') { - count++; - } - } - - EXPECT_EQ(msg1Size, count); -}
\ No newline at end of file diff --git a/libs/protoutil/src/ProtoFileReader.cpp b/libs/protoutil/src/ProtoFileReader.cpp index c7f1129fbbaa..bbb1fe374f0e 100644 --- a/libs/protoutil/src/ProtoFileReader.cpp +++ b/libs/protoutil/src/ProtoFileReader.cpp @@ -99,7 +99,6 @@ ProtoFileReader::next() // Shouldn't get to here. Always call hasNext() before calling next(). return 0; } - mPos++; return mBuffer[mOffset++]; } @@ -131,7 +130,6 @@ ProtoFileReader::move(size_t amt) const size_t chunk = mMaxOffset - mOffset > amt ? amt : mMaxOffset - mOffset; mOffset += chunk; - mPos += chunk; amt -= chunk; } } |