diff options
author | Oscar Shu <xshu@google.com> | 2019-11-05 22:01:37 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2019-11-05 22:01:37 +0000 |
commit | 5c8edef8c46845539d4c39b6b1dba33742b08f0e (patch) | |
tree | 1a2c76a6a162cd923d07c3ddd690e57e6dc07934 /service | |
parent | d55ea9ce6a76cbee22c7047ce6a9f1c24389acc2 (diff) | |
parent | 316dd9f75f489c8e4c26efaae56f1cdefe9a56b9 (diff) |
Merge "[MAC rand] Fix unit test slowness"
Diffstat (limited to 'service')
4 files changed, 143 insertions, 104 deletions
diff --git a/service/java/com/android/server/wifi/MacAddressUtil.java b/service/java/com/android/server/wifi/MacAddressUtil.java new file mode 100644 index 000000000..effa931a5 --- /dev/null +++ b/service/java/com/android/server/wifi/MacAddressUtil.java @@ -0,0 +1,133 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.wifi; + +import android.net.MacAddress; +import android.net.wifi.WifiConfiguration; +import android.security.keystore.AndroidKeyStoreProvider; +import android.security.keystore.KeyGenParameterSpec; +import android.security.keystore.KeyProperties; +import android.util.Log; + +import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.ProviderException; +import java.security.UnrecoverableKeyException; +import java.util.Arrays; + +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; + +/** + * Contains helper methods to support MAC randomization. + */ +public class MacAddressUtil { + private static final String TAG = "MacAddressUtil"; + private static final String MAC_RANDOMIZATION_ALIAS = "MacRandSecret"; + private static final long MAC_ADDRESS_VALID_LONG_MASK = (1L << 48) - 1; + private static final long MAC_ADDRESS_LOCALLY_ASSIGNED_MASK = 1L << 41; + private static final long MAC_ADDRESS_MULTICAST_MASK = 1L << 40; + + /** + * Computes the persistent randomized MAC of the given configuration using the given + * hash function. + * @param config the WifiConfiguration to compute MAC address for + * @param hashFunction the hash function that will perform the MAC address computation. + * @return The persistent randomized MAC address or null if inputs are invalid. + */ + public MacAddress calculatePersistentMacForConfiguration(WifiConfiguration config, + Mac hashFunction) { + if (config == null || hashFunction == null) { + return null; + } + byte[] hashedBytes = hashFunction.doFinal( + config.getSsidAndSecurityTypeString().getBytes(StandardCharsets.UTF_8)); + ByteBuffer bf = ByteBuffer.wrap(hashedBytes); + long longFromSsid = bf.getLong(); + /** + * Masks the generated long so that it represents a valid randomized MAC address. + * Specifically, this sets the locally assigned bit to 1, multicast bit to 0 + */ + longFromSsid &= MAC_ADDRESS_VALID_LONG_MASK; + longFromSsid |= MAC_ADDRESS_LOCALLY_ASSIGNED_MASK; + longFromSsid &= ~MAC_ADDRESS_MULTICAST_MASK; + bf.clear(); + bf.putLong(0, longFromSsid); + + // MacAddress.fromBytes requires input of length 6, which is obtained from the + // last 6 bytes from the generated long. + MacAddress macAddress = MacAddress.fromBytes(Arrays.copyOfRange(bf.array(), 2, 8)); + return macAddress; + } + + /** + * Retrieves a Hash function that could be used to calculate the persistent randomized MAC + * for a WifiConfiguration. + * @param uid the UID of the KeyStore to get the secret of the hash function from. + */ + public Mac obtainMacRandHashFunction(int uid) { + try { + KeyStore keyStore = AndroidKeyStoreProvider.getKeyStoreForUid(uid); + // tries to retrieve the secret, and generate a new one if it's unavailable. + Key key = keyStore.getKey(MAC_RANDOMIZATION_ALIAS, null); + if (key == null) { + key = generateAndPersistNewMacRandomizationSecret(uid); + } + if (key == null) { + Log.e(TAG, "Failed to generate secret for " + MAC_RANDOMIZATION_ALIAS); + return null; + } + Mac result = Mac.getInstance("HmacSHA256"); + result.init(key); + return result; + } catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeyException + | UnrecoverableKeyException | NoSuchProviderException e) { + Log.e(TAG, "Failure in obtainMacRandHashFunction", e); + return null; + } + } + + /** + * Generates and returns a secret key to use for Mac randomization. + * Will also persist the generated secret inside KeyStore, accessible in the + * future with KeyGenerator#getKey. + */ + private SecretKey generateAndPersistNewMacRandomizationSecret(int uid) { + try { + KeyGenerator keyGenerator = KeyGenerator.getInstance( + KeyProperties.KEY_ALGORITHM_HMAC_SHA256, "AndroidKeyStore"); + keyGenerator.init( + new KeyGenParameterSpec.Builder(MAC_RANDOMIZATION_ALIAS, + KeyProperties.PURPOSE_SIGN) + .setUid(uid) + .build()); + return keyGenerator.generateKey(); + } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException + | NoSuchProviderException | ProviderException e) { + Log.e(TAG, "Failure in generateMacRandomizationSecret", e); + return null; + } + } +} diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java index b4d5ef3bb..b0d679256 100644 --- a/service/java/com/android/server/wifi/WifiConfigManager.java +++ b/service/java/com/android/server/wifi/WifiConfigManager.java @@ -281,6 +281,7 @@ public class WifiConfigManager { private final WifiPermissionsUtil mWifiPermissionsUtil; private final WifiPermissionsWrapper mWifiPermissionsWrapper; private final WifiInjector mWifiInjector; + private final MacAddressUtil mMacAddressUtil; private boolean mConnectedMacRandomzationSupported; private final Mac mMac; @@ -472,7 +473,8 @@ public class WifiConfigManager { } catch (PackageManager.NameNotFoundException e) { Log.e(TAG, "Unable to resolve SystemUI's UID."); } - mMac = WifiConfigurationUtil.obtainMacRandHashFunction(Process.WIFI_UID); + mMacAddressUtil = mWifiInjector.getMacAddressUtil(); + mMac = mMacAddressUtil.obtainMacRandHashFunction(Process.WIFI_UID); if (mMac == null) { Log.wtf(TAG, "Failed to obtain secret for MAC randomization." + " All randomized MAC addresses are lost!"); @@ -571,7 +573,7 @@ public class WifiConfigManager { mRandomizedMacAddressMapping.remove(config.getSsidAndSecurityTypeString()); } } - return WifiConfigurationUtil.calculatePersistentMacForConfiguration(config, mMac); + return mMacAddressUtil.calculatePersistentMacForConfiguration(config, mMac); } /** diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java index f79cc9230..facc999bd 100644 --- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java +++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java @@ -26,9 +26,6 @@ import android.net.wifi.WifiEnterpriseConfig; import android.net.wifi.WifiNetworkSpecifier; import android.net.wifi.WifiScanner; import android.os.PatternMatcher; -import android.security.keystore.AndroidKeyStoreProvider; -import android.security.keystore.KeyGenParameterSpec; -import android.security.keystore.KeyProperties; import android.text.TextUtils; import android.util.Log; import android.util.Pair; @@ -37,27 +34,13 @@ import com.android.internal.annotations.VisibleForTesting; import com.android.server.wifi.util.NativeUtil; import com.android.server.wifi.util.TelephonyUtil; -import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.ProviderException; -import java.security.UnrecoverableKeyException; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.BitSet; import java.util.Comparator; import java.util.Objects; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.SecretKey; - /** * WifiConfiguration utility for any {@link android.net.wifi.WifiConfiguration} related operations. * Currently contains: @@ -88,10 +71,6 @@ public class WifiConfigurationUtil { new Pair(MacAddress.BROADCAST_ADDRESS, MacAddress.BROADCAST_ADDRESS); private static final Pair<MacAddress, MacAddress> MATCH_ALL_BSSID_PATTERN = new Pair(ALL_ZEROS_MAC_ADDRESS, ALL_ZEROS_MAC_ADDRESS); - private static final String MAC_RANDOMIZATION_ALIAS = "MacRandSecret"; - private static final long MAC_ADDRESS_VALID_LONG_MASK = (1L << 48) - 1; - private static final long MAC_ADDRESS_LOCALLY_ASSIGNED_MASK = 1L << 41; - private static final long MAC_ADDRESS_MULTICAST_MASK = 1L << 40; /** * Checks if the provided |wepKeys| array contains any non-null value; @@ -216,87 +195,6 @@ public class WifiConfigurationUtil { } /** - * Computes the persistent randomized MAC of the given configuration using the given - * hash function. - * @param config the WifiConfiguration to compute MAC address for - * @param hashFunction the hash function that will perform the MAC address computation. - * @return The persistent randomized MAC address or null if inputs are invalid. - */ - public static MacAddress calculatePersistentMacForConfiguration(WifiConfiguration config, - Mac hashFunction) { - if (config == null || hashFunction == null) { - return null; - } - byte[] hashedBytes = hashFunction.doFinal( - config.getSsidAndSecurityTypeString().getBytes(StandardCharsets.UTF_8)); - ByteBuffer bf = ByteBuffer.wrap(hashedBytes); - long longFromSsid = bf.getLong(); - /** - * Masks the generated long so that it represents a valid randomized MAC address. - * Specifically, this sets the locally assigned bit to 1, multicast bit to 0 - */ - longFromSsid &= MAC_ADDRESS_VALID_LONG_MASK; - longFromSsid |= MAC_ADDRESS_LOCALLY_ASSIGNED_MASK; - longFromSsid &= ~MAC_ADDRESS_MULTICAST_MASK; - bf.clear(); - bf.putLong(0, longFromSsid); - - // MacAddress.fromBytes requires input of length 6, which is obtained from the - // last 6 bytes from the generated long. - MacAddress macAddress = MacAddress.fromBytes(Arrays.copyOfRange(bf.array(), 2, 8)); - return macAddress; - } - - /** - * Retrieves a Hash function that could be used to calculate the persistent randomized MAC - * for a WifiConfiguration. - * @param uid the UID of the KeyStore to get the secret of the hash function from. - */ - public static Mac obtainMacRandHashFunction(int uid) { - try { - KeyStore keyStore = AndroidKeyStoreProvider.getKeyStoreForUid(uid); - // tries to retrieve the secret, and generate a new one if it's unavailable. - Key key = keyStore.getKey(MAC_RANDOMIZATION_ALIAS, null); - if (key == null) { - key = generateAndPersistNewMacRandomizationSecret(uid); - } - if (key == null) { - Log.e(TAG, "Failed to generate secret for " + MAC_RANDOMIZATION_ALIAS); - return null; - } - Mac result = Mac.getInstance("HmacSHA256"); - result.init(key); - return result; - } catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeyException - | UnrecoverableKeyException | NoSuchProviderException e) { - Log.e(TAG, "Failure in obtainMacRandHashFunction", e); - return null; - } - } - - /** - * Generates and returns a secret key to use for Mac randomization. - * Will also persist the generated secret inside KeyStore, accessible in the - * future with KeyGenerator#getKey. - */ - private static SecretKey generateAndPersistNewMacRandomizationSecret(int uid) { - try { - KeyGenerator keyGenerator = KeyGenerator.getInstance( - KeyProperties.KEY_ALGORITHM_HMAC_SHA256, "AndroidKeyStore"); - keyGenerator.init( - new KeyGenParameterSpec.Builder(MAC_RANDOMIZATION_ALIAS, - KeyProperties.PURPOSE_SIGN) - .setUid(uid) - .build()); - return keyGenerator.generateKey(); - } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException - | NoSuchProviderException | ProviderException e) { - Log.e(TAG, "Failure in generateMacRandomizationSecret", e); - return null; - } - } - - /** * Compare existing and new WifiEnterpriseConfig objects after a network update and return if * credential parameters have changed or not. * diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java index 219373501..1e2dac8d7 100644 --- a/service/java/com/android/server/wifi/WifiInjector.java +++ b/service/java/com/android/server/wifi/WifiInjector.java @@ -152,6 +152,7 @@ public class WifiInjector { private IpMemoryStore mIpMemoryStore; private final WifiThreadRunner mWifiThreadRunner; private BssidBlocklistMonitor mBssidBlocklistMonitor; + private final MacAddressUtil mMacAddressUtil; public WifiInjector(Context context) { if (context == null) { @@ -167,6 +168,7 @@ public class WifiInjector { sWifiInjector = this; mFrameworkFacade = new FrameworkFacade(); + mMacAddressUtil = new MacAddressUtil(); mContext = context; mBatteryStats = context.getSystemService(BatteryStatsManager.class); mWifiScoreCard = new WifiScoreCard(mClock, @@ -666,6 +668,10 @@ public class WifiInjector { return mRttHandlerThread; } + public MacAddressUtil getMacAddressUtil() { + return mMacAddressUtil; + } + /** * Returns a single instance of HalDeviceManager for injection. */ |