WifiConfigStore: Store integrity data in same file

Store the computed integrity data back in the same config store file. The previous approach of storing the integrity data in a separate file made config store updates non-atomic (look at associated bug for details). New approach: a) Store the integrity data at the start of each config store XML file (version + integrity == metadata for each file). b) Uprev the config store version to 2 to support the new format. c) Since we need to an-in place integrity check, when we write the file For writes: i) We fill up the integrity fields with the zeroes for the expected number of bytes in the store file contents. ii) Compute the integrity for the entire file contents. iii) Rewrite the document metadata (version & integrity data) with the newly computed integrity data in store file contents. iv) Write the file contents to disk. For reads: i) Parse out the version & integrity contents from the file contents. ii) Rewrite the document metadata (version & integrity data) with zeroed integrity data in store file contents. iii) Compute the integrity data for the modified file contents created from (ii) and validate the result with the parsed value from (i). iv) If the integrity check passes, continue with the parsing of the document, else abort. d) Since we need fixed size fields in the integrity fields, remove storage of keystore alias string from |EncryptedData|. This can anyway be trivially computed from the config store file name. Bug: 138482990 Test: Verified that the device does not lose any stored networks on reboot when the config store file is not modified. Test: Verified that the device discards all stored networks on reboot when the config store file is modified. Test: atest com.android.server.wifi Test: Will send for full regression test. Change-Id: I528d3402cb047cca3793be5f1386c4bb60c39a10
author: Roshan Pius <rpius@google.com> 2019-08-02 07:51:42 -0700
committer: Roshan Pius <rpius@google.com> 2019-08-07 16:42:45 -0700
commit: bc2c802713dcd70a2aa0d8b16238e45cc947a8b6 (patch)
tree: a0560508298f37cef58e8702e300d95b5ac29923 /tests/wifitests/src/com/android/server/wifi/util/DataIntegrityCheckerTest.java
parent: 138d7dbe7a142e286d656fdd57bc9b40b855c982 (diff)
download: android_frameworks_opt_net_wifi-bc2c802713dcd70a2aa0d8b16238e45cc947a8b6.tar.gz
android_frameworks_opt_net_wifi-bc2c802713dcd70a2aa0d8b16238e45cc947a8b6.tar.bz2
android_frameworks_opt_net_wifi-bc2c802713dcd70a2aa0d8b16238e45cc947a8b6.zip
1 files changed, 4 insertions, 23 deletions
diff --git a/tests/wifitests/src/com/android/server/wifi/util/DataIntegrityCheckerTest.java b/tests/wifitests/src/com/android/server/wifi/util/DataIntegrityCheckerTest.java
index b7076988b..c281b6440 100644
--- a/tests/wifitests/src/com/android/server/wifi/util/DataIntegrityCheckerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/util/DataIntegrityCheckerTest.java
@@ -22,7 +22,6 @@ import org.junit.Ignore;
 import org.junit.Test;
 
 import java.io.File;
-import java.security.DigestException;
 
 /**
  * Unit tests for {@link com.android.server.wifi.util.DataIntegrityChecker}.
@@ -45,8 +44,8 @@ public class DataIntegrityCheckerTest {
                 ".tmp");
         DataIntegrityChecker dataIntegrityChecker = new DataIntegrityChecker(
                 integrityFile.getParent());
-        dataIntegrityChecker.update(sGoodData);
-        assertTrue(dataIntegrityChecker.isOk(sGoodData));
+        EncryptedData encryptedData = dataIntegrityChecker.compute(sGoodData);
+        assertTrue(dataIntegrityChecker.isOk(sGoodData, encryptedData));
     }
 
     /**
@@ -64,25 +63,7 @@ public class DataIntegrityCheckerTest {
                 ".tmp");
         DataIntegrityChecker dataIntegrityChecker = new DataIntegrityChecker(
                 integrityFile.getParent());
-        dataIntegrityChecker.update(sGoodData);
-        assertFalse(dataIntegrityChecker.isOk(sBadData));
-    }
-
-    /**
-     * Verify a corner case where integrity of data that has never been
-     * updated passes and adds the token to the keystore.
-     *
-     * @throws Exception
-     */
-    @Test(expected = DigestException.class)
-    @Ignore
-    public void testIntegrityWithoutUpdate() throws Exception {
-        File tmpFile = File.createTempFile("testIntegrityWithoutUpdate", ".tmp");
-
-        DataIntegrityChecker dataIntegrityChecker = new DataIntegrityChecker(
-                tmpFile.getAbsolutePath());
-
-        // the integrity data is not known, so isOk throws a DigestException
-        assertTrue(dataIntegrityChecker.isOk(sGoodData));
+        EncryptedData encryptedData = dataIntegrityChecker.compute(sGoodData);
+        assertFalse(dataIntegrityChecker.isOk(sBadData, encryptedData));
     }
 }
author	Roshan Pius <rpius@google.com>	2019-08-02 07:51:42 -0700
committer	Roshan Pius <rpius@google.com>	2019-08-07 16:42:45 -0700
commit	bc2c802713dcd70a2aa0d8b16238e45cc947a8b6 (patch)
tree	a0560508298f37cef58e8702e300d95b5ac29923 /tests/wifitests/src/com/android/server/wifi/util/DataIntegrityCheckerTest.java
parent	138d7dbe7a142e286d656fdd57bc9b40b855c982 (diff)
download	android_frameworks_opt_net_wifi-bc2c802713dcd70a2aa0d8b16238e45cc947a8b6.tar.gz android_frameworks_opt_net_wifi-bc2c802713dcd70a2aa0d8b16238e45cc947a8b6.tar.bz2 android_frameworks_opt_net_wifi-bc2c802713dcd70a2aa0d8b16238e45cc947a8b6.zip