summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
authorOscar Shu <xshu@google.com>2019-11-05 22:01:37 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2019-11-05 22:01:37 +0000
commit5c8edef8c46845539d4c39b6b1dba33742b08f0e (patch)
tree1a2c76a6a162cd923d07c3ddd690e57e6dc07934 /service
parentd55ea9ce6a76cbee22c7047ce6a9f1c24389acc2 (diff)
parent316dd9f75f489c8e4c26efaae56f1cdefe9a56b9 (diff)
Merge "[MAC rand] Fix unit test slowness"
Diffstat (limited to 'service')
-rw-r--r--service/java/com/android/server/wifi/MacAddressUtil.java133
-rw-r--r--service/java/com/android/server/wifi/WifiConfigManager.java6
-rw-r--r--service/java/com/android/server/wifi/WifiConfigurationUtil.java102
-rw-r--r--service/java/com/android/server/wifi/WifiInjector.java6
4 files changed, 143 insertions, 104 deletions
diff --git a/service/java/com/android/server/wifi/MacAddressUtil.java b/service/java/com/android/server/wifi/MacAddressUtil.java
new file mode 100644
index 000000000..effa931a5
--- /dev/null
+++ b/service/java/com/android/server/wifi/MacAddressUtil.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.wifi;
+
+import android.net.MacAddress;
+import android.net.wifi.WifiConfiguration;
+import android.security.keystore.AndroidKeyStoreProvider;
+import android.security.keystore.KeyGenParameterSpec;
+import android.security.keystore.KeyProperties;
+import android.util.Log;
+
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.ProviderException;
+import java.security.UnrecoverableKeyException;
+import java.util.Arrays;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+
+/**
+ * Contains helper methods to support MAC randomization.
+ */
+public class MacAddressUtil {
+ private static final String TAG = "MacAddressUtil";
+ private static final String MAC_RANDOMIZATION_ALIAS = "MacRandSecret";
+ private static final long MAC_ADDRESS_VALID_LONG_MASK = (1L << 48) - 1;
+ private static final long MAC_ADDRESS_LOCALLY_ASSIGNED_MASK = 1L << 41;
+ private static final long MAC_ADDRESS_MULTICAST_MASK = 1L << 40;
+
+ /**
+ * Computes the persistent randomized MAC of the given configuration using the given
+ * hash function.
+ * @param config the WifiConfiguration to compute MAC address for
+ * @param hashFunction the hash function that will perform the MAC address computation.
+ * @return The persistent randomized MAC address or null if inputs are invalid.
+ */
+ public MacAddress calculatePersistentMacForConfiguration(WifiConfiguration config,
+ Mac hashFunction) {
+ if (config == null || hashFunction == null) {
+ return null;
+ }
+ byte[] hashedBytes = hashFunction.doFinal(
+ config.getSsidAndSecurityTypeString().getBytes(StandardCharsets.UTF_8));
+ ByteBuffer bf = ByteBuffer.wrap(hashedBytes);
+ long longFromSsid = bf.getLong();
+ /**
+ * Masks the generated long so that it represents a valid randomized MAC address.
+ * Specifically, this sets the locally assigned bit to 1, multicast bit to 0
+ */
+ longFromSsid &= MAC_ADDRESS_VALID_LONG_MASK;
+ longFromSsid |= MAC_ADDRESS_LOCALLY_ASSIGNED_MASK;
+ longFromSsid &= ~MAC_ADDRESS_MULTICAST_MASK;
+ bf.clear();
+ bf.putLong(0, longFromSsid);
+
+ // MacAddress.fromBytes requires input of length 6, which is obtained from the
+ // last 6 bytes from the generated long.
+ MacAddress macAddress = MacAddress.fromBytes(Arrays.copyOfRange(bf.array(), 2, 8));
+ return macAddress;
+ }
+
+ /**
+ * Retrieves a Hash function that could be used to calculate the persistent randomized MAC
+ * for a WifiConfiguration.
+ * @param uid the UID of the KeyStore to get the secret of the hash function from.
+ */
+ public Mac obtainMacRandHashFunction(int uid) {
+ try {
+ KeyStore keyStore = AndroidKeyStoreProvider.getKeyStoreForUid(uid);
+ // tries to retrieve the secret, and generate a new one if it's unavailable.
+ Key key = keyStore.getKey(MAC_RANDOMIZATION_ALIAS, null);
+ if (key == null) {
+ key = generateAndPersistNewMacRandomizationSecret(uid);
+ }
+ if (key == null) {
+ Log.e(TAG, "Failed to generate secret for " + MAC_RANDOMIZATION_ALIAS);
+ return null;
+ }
+ Mac result = Mac.getInstance("HmacSHA256");
+ result.init(key);
+ return result;
+ } catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeyException
+ | UnrecoverableKeyException | NoSuchProviderException e) {
+ Log.e(TAG, "Failure in obtainMacRandHashFunction", e);
+ return null;
+ }
+ }
+
+ /**
+ * Generates and returns a secret key to use for Mac randomization.
+ * Will also persist the generated secret inside KeyStore, accessible in the
+ * future with KeyGenerator#getKey.
+ */
+ private SecretKey generateAndPersistNewMacRandomizationSecret(int uid) {
+ try {
+ KeyGenerator keyGenerator = KeyGenerator.getInstance(
+ KeyProperties.KEY_ALGORITHM_HMAC_SHA256, "AndroidKeyStore");
+ keyGenerator.init(
+ new KeyGenParameterSpec.Builder(MAC_RANDOMIZATION_ALIAS,
+ KeyProperties.PURPOSE_SIGN)
+ .setUid(uid)
+ .build());
+ return keyGenerator.generateKey();
+ } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException
+ | NoSuchProviderException | ProviderException e) {
+ Log.e(TAG, "Failure in generateMacRandomizationSecret", e);
+ return null;
+ }
+ }
+}
diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index b4d5ef3bb..b0d679256 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -281,6 +281,7 @@ public class WifiConfigManager {
private final WifiPermissionsUtil mWifiPermissionsUtil;
private final WifiPermissionsWrapper mWifiPermissionsWrapper;
private final WifiInjector mWifiInjector;
+ private final MacAddressUtil mMacAddressUtil;
private boolean mConnectedMacRandomzationSupported;
private final Mac mMac;
@@ -472,7 +473,8 @@ public class WifiConfigManager {
} catch (PackageManager.NameNotFoundException e) {
Log.e(TAG, "Unable to resolve SystemUI's UID.");
}
- mMac = WifiConfigurationUtil.obtainMacRandHashFunction(Process.WIFI_UID);
+ mMacAddressUtil = mWifiInjector.getMacAddressUtil();
+ mMac = mMacAddressUtil.obtainMacRandHashFunction(Process.WIFI_UID);
if (mMac == null) {
Log.wtf(TAG, "Failed to obtain secret for MAC randomization."
+ " All randomized MAC addresses are lost!");
@@ -571,7 +573,7 @@ public class WifiConfigManager {
mRandomizedMacAddressMapping.remove(config.getSsidAndSecurityTypeString());
}
}
- return WifiConfigurationUtil.calculatePersistentMacForConfiguration(config, mMac);
+ return mMacAddressUtil.calculatePersistentMacForConfiguration(config, mMac);
}
/**
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index f79cc9230..facc999bd 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -26,9 +26,6 @@ import android.net.wifi.WifiEnterpriseConfig;
import android.net.wifi.WifiNetworkSpecifier;
import android.net.wifi.WifiScanner;
import android.os.PatternMatcher;
-import android.security.keystore.AndroidKeyStoreProvider;
-import android.security.keystore.KeyGenParameterSpec;
-import android.security.keystore.KeyProperties;
import android.text.TextUtils;
import android.util.Log;
import android.util.Pair;
@@ -37,27 +34,13 @@ import com.android.internal.annotations.VisibleForTesting;
import com.android.server.wifi.util.NativeUtil;
import com.android.server.wifi.util.TelephonyUtil;
-import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.ProviderException;
-import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.BitSet;
import java.util.Comparator;
import java.util.Objects;
-import javax.crypto.KeyGenerator;
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-
/**
* WifiConfiguration utility for any {@link android.net.wifi.WifiConfiguration} related operations.
* Currently contains:
@@ -88,10 +71,6 @@ public class WifiConfigurationUtil {
new Pair(MacAddress.BROADCAST_ADDRESS, MacAddress.BROADCAST_ADDRESS);
private static final Pair<MacAddress, MacAddress> MATCH_ALL_BSSID_PATTERN =
new Pair(ALL_ZEROS_MAC_ADDRESS, ALL_ZEROS_MAC_ADDRESS);
- private static final String MAC_RANDOMIZATION_ALIAS = "MacRandSecret";
- private static final long MAC_ADDRESS_VALID_LONG_MASK = (1L << 48) - 1;
- private static final long MAC_ADDRESS_LOCALLY_ASSIGNED_MASK = 1L << 41;
- private static final long MAC_ADDRESS_MULTICAST_MASK = 1L << 40;
/**
* Checks if the provided |wepKeys| array contains any non-null value;
@@ -216,87 +195,6 @@ public class WifiConfigurationUtil {
}
/**
- * Computes the persistent randomized MAC of the given configuration using the given
- * hash function.
- * @param config the WifiConfiguration to compute MAC address for
- * @param hashFunction the hash function that will perform the MAC address computation.
- * @return The persistent randomized MAC address or null if inputs are invalid.
- */
- public static MacAddress calculatePersistentMacForConfiguration(WifiConfiguration config,
- Mac hashFunction) {
- if (config == null || hashFunction == null) {
- return null;
- }
- byte[] hashedBytes = hashFunction.doFinal(
- config.getSsidAndSecurityTypeString().getBytes(StandardCharsets.UTF_8));
- ByteBuffer bf = ByteBuffer.wrap(hashedBytes);
- long longFromSsid = bf.getLong();
- /**
- * Masks the generated long so that it represents a valid randomized MAC address.
- * Specifically, this sets the locally assigned bit to 1, multicast bit to 0
- */
- longFromSsid &= MAC_ADDRESS_VALID_LONG_MASK;
- longFromSsid |= MAC_ADDRESS_LOCALLY_ASSIGNED_MASK;
- longFromSsid &= ~MAC_ADDRESS_MULTICAST_MASK;
- bf.clear();
- bf.putLong(0, longFromSsid);
-
- // MacAddress.fromBytes requires input of length 6, which is obtained from the
- // last 6 bytes from the generated long.
- MacAddress macAddress = MacAddress.fromBytes(Arrays.copyOfRange(bf.array(), 2, 8));
- return macAddress;
- }
-
- /**
- * Retrieves a Hash function that could be used to calculate the persistent randomized MAC
- * for a WifiConfiguration.
- * @param uid the UID of the KeyStore to get the secret of the hash function from.
- */
- public static Mac obtainMacRandHashFunction(int uid) {
- try {
- KeyStore keyStore = AndroidKeyStoreProvider.getKeyStoreForUid(uid);
- // tries to retrieve the secret, and generate a new one if it's unavailable.
- Key key = keyStore.getKey(MAC_RANDOMIZATION_ALIAS, null);
- if (key == null) {
- key = generateAndPersistNewMacRandomizationSecret(uid);
- }
- if (key == null) {
- Log.e(TAG, "Failed to generate secret for " + MAC_RANDOMIZATION_ALIAS);
- return null;
- }
- Mac result = Mac.getInstance("HmacSHA256");
- result.init(key);
- return result;
- } catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeyException
- | UnrecoverableKeyException | NoSuchProviderException e) {
- Log.e(TAG, "Failure in obtainMacRandHashFunction", e);
- return null;
- }
- }
-
- /**
- * Generates and returns a secret key to use for Mac randomization.
- * Will also persist the generated secret inside KeyStore, accessible in the
- * future with KeyGenerator#getKey.
- */
- private static SecretKey generateAndPersistNewMacRandomizationSecret(int uid) {
- try {
- KeyGenerator keyGenerator = KeyGenerator.getInstance(
- KeyProperties.KEY_ALGORITHM_HMAC_SHA256, "AndroidKeyStore");
- keyGenerator.init(
- new KeyGenParameterSpec.Builder(MAC_RANDOMIZATION_ALIAS,
- KeyProperties.PURPOSE_SIGN)
- .setUid(uid)
- .build());
- return keyGenerator.generateKey();
- } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException
- | NoSuchProviderException | ProviderException e) {
- Log.e(TAG, "Failure in generateMacRandomizationSecret", e);
- return null;
- }
- }
-
- /**
* Compare existing and new WifiEnterpriseConfig objects after a network update and return if
* credential parameters have changed or not.
*
diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java
index 219373501..1e2dac8d7 100644
--- a/service/java/com/android/server/wifi/WifiInjector.java
+++ b/service/java/com/android/server/wifi/WifiInjector.java
@@ -152,6 +152,7 @@ public class WifiInjector {
private IpMemoryStore mIpMemoryStore;
private final WifiThreadRunner mWifiThreadRunner;
private BssidBlocklistMonitor mBssidBlocklistMonitor;
+ private final MacAddressUtil mMacAddressUtil;
public WifiInjector(Context context) {
if (context == null) {
@@ -167,6 +168,7 @@ public class WifiInjector {
sWifiInjector = this;
mFrameworkFacade = new FrameworkFacade();
+ mMacAddressUtil = new MacAddressUtil();
mContext = context;
mBatteryStats = context.getSystemService(BatteryStatsManager.class);
mWifiScoreCard = new WifiScoreCard(mClock,
@@ -666,6 +668,10 @@ public class WifiInjector {
return mRttHandlerThread;
}
+ public MacAddressUtil getMacAddressUtil() {
+ return mMacAddressUtil;
+ }
+
/**
* Returns a single instance of HalDeviceManager for injection.
*/