1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package com.android.server.locksettings; 17 18import android.content.Context; 19import android.hardware.weaver.V1_0.IWeaver; 20import android.os.RemoteException; 21import android.os.UserManager; 22import android.util.ArrayMap; 23 24import junit.framework.AssertionFailedError; 25 26import java.nio.ByteBuffer; 27import java.security.NoSuchAlgorithmException; 28import java.security.spec.InvalidKeySpecException; 29import java.util.Arrays; 30 31import javax.crypto.SecretKeyFactory; 32import javax.crypto.spec.PBEKeySpec; 33 34public class MockSyntheticPasswordManager extends SyntheticPasswordManager { 35 36 private FakeGateKeeperService mGateKeeper; 37 private IWeaver mWeaverService; 38 39 public MockSyntheticPasswordManager(Context context, LockSettingsStorage storage, 40 FakeGateKeeperService gatekeeper, UserManager userManager) { 41 super(context, storage, userManager); 42 mGateKeeper = gatekeeper; 43 } 44 45 private ArrayMap<String, byte[]> mBlobs = new ArrayMap<>(); 46 47 @Override 48 protected byte[] decryptSPBlob(String blobKeyName, byte[] blob, byte[] applicationId) { 49 if (mBlobs.containsKey(blobKeyName) && !Arrays.equals(mBlobs.get(blobKeyName), blob)) { 50 throw new AssertionFailedError("blobKeyName content is overwritten: " + blobKeyName); 51 } 52 ByteBuffer buffer = ByteBuffer.allocate(blob.length); 53 buffer.put(blob, 0, blob.length); 54 buffer.flip(); 55 int len; 56 len = buffer.getInt(); 57 byte[] data = new byte[len]; 58 buffer.get(data); 59 len = buffer.getInt(); 60 byte[] appId = new byte[len]; 61 buffer.get(appId); 62 long sid = buffer.getLong(); 63 if (!Arrays.equals(appId, applicationId)) { 64 throw new AssertionFailedError("Invalid application id"); 65 } 66 if (sid != 0 && mGateKeeper.getAuthTokenForSid(sid) == null) { 67 throw new AssertionFailedError("No valid auth token"); 68 } 69 return data; 70 } 71 72 @Override 73 protected byte[] createSPBlob(String blobKeyName, byte[] data, byte[] applicationId, long sid) { 74 ByteBuffer buffer = ByteBuffer.allocate(Integer.BYTES + data.length + Integer.BYTES 75 + applicationId.length + Long.BYTES); 76 buffer.putInt(data.length); 77 buffer.put(data); 78 buffer.putInt(applicationId.length); 79 buffer.put(applicationId); 80 buffer.putLong(sid); 81 byte[] result = buffer.array(); 82 mBlobs.put(blobKeyName, result); 83 return result; 84 } 85 86 @Override 87 protected void destroySPBlobKey(String keyAlias) { 88 } 89 90 @Override 91 protected long sidFromPasswordHandle(byte[] handle) { 92 return new FakeGateKeeperService.VerifyHandle(handle).sid; 93 } 94 95 @Override 96 protected byte[] scrypt(String password, byte[] salt, int N, int r, int p, int outLen) { 97 try { 98 PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10, outLen * 8); 99 SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); 100 return f.generateSecret(spec).getEncoded(); 101 } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { 102 e.printStackTrace(); 103 return null; 104 } 105 } 106 107 @Override 108 protected IWeaver getWeaverService() throws RemoteException { 109 return mWeaverService; 110 } 111 112 public void enableWeaver() { 113 mWeaverService = new MockWeaverService(); 114 initWeaverService(); 115 } 116 117} 118