WifiConfigStore: Encrypt credentials for networks (3/4)

Encrypt/Decrypt preSharedKey & enterprise config's password fields.
When deserializing, handle migration from older config store
version file.

Any encryption failure are silently ignored. Decryption failures are
however non-recoverable.

Bug: 140485110
Test: atest com.android.server.wifi
Test: Manual verification
- Store a PSK network config on older build
- Upgrade to build with this CL
- Ensured that the psk was read correctly on upgrade
- Ensured that the psk was encrypted when stored on disk after upgrade
Change-Id: Ic7673cb375c9e5447ff4074ed78321152573e1c3
Merged-In: Ic7673cb375c9e5447ff4074ed78321152573e1c3

2 files changed, 66 insertions, 9 deletions

diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigStoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigStoreTest.java
index 9c16b1257..efa2d4336 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigStoreTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigStoreTest.java
@@ -16,8 +16,6 @@
 
 package com.android.server.wifi;
 
-import static com.android.server.wifi.WifiConfigStore.ZEROED_ENCRYPTED_DATA;
-
 import static org.junit.Assert.*;
 import static org.mockito.Mockito.*;
 
@@ -189,7 +187,7 @@ public class WifiConfigStoreTest {
         when(mContext.getPackageManager()).thenReturn(mPackageManager);
         when(mPackageManager.getNameForUid(anyInt())).thenReturn(TEST_CREATOR_NAME);
         when(mEncryptionUtil.encrypt(any(byte[].class)))
-                .thenReturn(ZEROED_ENCRYPTED_DATA);
+                .thenReturn(new EncryptedData(new byte[0], new byte[0]));
         when(mEncryptionUtil.decrypt(any(EncryptedData.class)))
                 .thenReturn(new byte[0]);
         mSharedStore = new MockStoreFile(WifiConfigStore.STORE_FILE_SHARED_GENERAL);
@@ -820,8 +818,8 @@ public class WifiConfigStoreTest {
      */
     @Test
     public void testReadVersion2StoreFile() throws Exception {
-        byte[] encryptedData = new byte[EncryptedData.ENCRYPTED_DATA_LENGTH];
-        byte[] iv = new byte[EncryptedData.IV_LENGTH];
+        byte[] encryptedData = new byte[0];
+        byte[] iv = new byte[0];
         Random random = new Random();
         random.nextBytes(encryptedData);
         random.nextBytes(iv);
diff --git a/tests/wifitests/src/com/android/server/wifi/util/XmlUtilTest.java b/tests/wifitests/src/com/android/server/wifi/util/XmlUtilTest.java
index 126a80d3c..66534d247 100644
--- a/tests/wifitests/src/com/android/server/wifi/util/XmlUtilTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/util/XmlUtilTest.java
@@ -35,7 +35,11 @@ import com.android.server.wifi.util.XmlUtil.NetworkSelectionStatusXmlUtil;
 import com.android.server.wifi.util.XmlUtil.WifiConfigurationXmlUtil;
 import com.android.server.wifi.util.XmlUtil.WifiEnterpriseConfigXmlUtil;
 
+import org.junit.Before;
 import org.junit.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmlpull.v1.XmlSerializer;
@@ -73,6 +77,13 @@ public class XmlUtilTest {
     private static final int TEST_PHASE2_METHOD = WifiEnterpriseConfig.Phase2.MSCHAPV2;
     private final String mXmlDocHeader = "XmlUtilTest";
 
+    @Mock private WifiConfigStoreEncryptionUtil mWifiConfigStoreEncryptionUtil;
+
+    @Before
+    public void setUp() throws Exception {
+        MockitoAnnotations.initMocks(this);
+    }
+
     /**
      * Verify that a open WifiConfiguration is serialized & deserialized correctly.
      */
@@ -101,6 +112,21 @@ public class XmlUtilTest {
     }
 
     /**
+     * Verify that a psk WifiConfiguration is serialized & deserialized correctly.
+     */
+    @Test
+    public void testPskWifiConfigurationSerializeDeserializeWithEncryption()
+            throws IOException, XmlPullParserException {
+        WifiConfiguration pskNetwork = WifiConfigurationTestUtil.createPskNetwork();
+        EncryptedData encryptedData = new EncryptedData(new byte[0], new byte[0]);
+        when(mWifiConfigStoreEncryptionUtil.encrypt(pskNetwork.preSharedKey.getBytes()))
+                .thenReturn(encryptedData);
+        when(mWifiConfigStoreEncryptionUtil.decrypt(encryptedData))
+                .thenReturn(pskNetwork.preSharedKey.getBytes());
+        serializeDeserializeWifiConfiguration(pskNetwork);
+    }
+
+    /**
      * Verify that a psk hidden WifiConfiguration is serialized & deserialized correctly.
      */
     @Test
@@ -382,6 +408,36 @@ public class XmlUtilTest {
     }
 
     /**
+     * Verify that a WifiEnterpriseConfig object is serialized & deserialized correctly.
+     */
+    @Test
+    public void testWifiEnterpriseConfigSerializeDeserializeWithEncryption()
+            throws IOException, XmlPullParserException {
+        WifiEnterpriseConfig config = new WifiEnterpriseConfig();
+        config.setFieldValue(WifiEnterpriseConfig.IDENTITY_KEY, TEST_IDENTITY);
+        config.setFieldValue(WifiEnterpriseConfig.ANON_IDENTITY_KEY, TEST_ANON_IDENTITY);
+        config.setFieldValue(WifiEnterpriseConfig.PASSWORD_KEY, TEST_PASSWORD);
+        config.setFieldValue(WifiEnterpriseConfig.CLIENT_CERT_KEY, TEST_CLIENT_CERT);
+        config.setFieldValue(WifiEnterpriseConfig.CA_CERT_KEY, TEST_CA_CERT);
+        config.setFieldValue(WifiEnterpriseConfig.SUBJECT_MATCH_KEY, TEST_SUBJECT_MATCH);
+        config.setFieldValue(WifiEnterpriseConfig.ENGINE_KEY, TEST_ENGINE);
+        config.setFieldValue(WifiEnterpriseConfig.ENGINE_ID_KEY, TEST_ENGINE_ID);
+        config.setFieldValue(WifiEnterpriseConfig.PRIVATE_KEY_ID_KEY, TEST_PRIVATE_KEY_ID);
+        config.setFieldValue(WifiEnterpriseConfig.ALTSUBJECT_MATCH_KEY, TEST_ALTSUBJECT_MATCH);
+        config.setFieldValue(WifiEnterpriseConfig.DOM_SUFFIX_MATCH_KEY, TEST_DOM_SUFFIX_MATCH);
+        config.setFieldValue(WifiEnterpriseConfig.CA_PATH_KEY, TEST_CA_PATH);
+        config.setEapMethod(TEST_EAP_METHOD);
+        config.setPhase2Method(TEST_PHASE2_METHOD);
+
+        EncryptedData encryptedData = new EncryptedData(new byte[0], new byte[0]);
+        when(mWifiConfigStoreEncryptionUtil.encrypt(TEST_PASSWORD.getBytes()))
+                .thenReturn(encryptedData);
+        when(mWifiConfigStoreEncryptionUtil.decrypt(encryptedData))
+                .thenReturn(TEST_PASSWORD.getBytes());
+        serializeDeserializeWifiEnterpriseConfig(config);
+    }
+
+    /**
      * Verify that an illegal argument exception is thrown when trying to parse out a corrupted
      * WifiEnterpriseConfig.
      *
@@ -474,7 +530,7 @@ public class XmlUtilTest {
         out.setOutput(outputStream, StandardCharsets.UTF_8.name());
         XmlUtil.writeDocumentStart(out, mXmlDocHeader);
         WifiConfigurationXmlUtil.writeToXmlForConfigStore(
-                out, configuration, mock(WifiConfigStoreEncryptionUtil.class));
+                out, configuration, mWifiConfigStoreEncryptionUtil);
         XmlUtil.writeDocumentEnd(out, mXmlDocHeader);
         return outputStream.toByteArray();
     }
@@ -487,7 +543,9 @@ public class XmlUtilTest {
         in.setInput(inputStream, StandardCharsets.UTF_8.name());
         XmlUtil.gotoDocumentStart(in, mXmlDocHeader);
         return WifiConfigurationXmlUtil.parseFromXml(
-                in, in.getDepth(), false, mock(WifiConfigStoreEncryptionUtil.class));
+                in, in.getDepth(),
+                mWifiConfigStoreEncryptionUtil != null,
+                mWifiConfigStoreEncryptionUtil);
     }
 
     /**
@@ -596,7 +654,7 @@ public class XmlUtilTest {
         out.setOutput(outputStream, StandardCharsets.UTF_8.name());
         XmlUtil.writeDocumentStart(out, mXmlDocHeader);
         WifiEnterpriseConfigXmlUtil.writeToXml(
-                out, config, mock(WifiConfigStoreEncryptionUtil.class));
+                out, config, mWifiConfigStoreEncryptionUtil);
         XmlUtil.writeDocumentEnd(out, mXmlDocHeader);
         return outputStream.toByteArray();
     }
@@ -608,7 +666,8 @@ public class XmlUtilTest {
         in.setInput(inputStream, StandardCharsets.UTF_8.name());
         XmlUtil.gotoDocumentStart(in, mXmlDocHeader);
         return WifiEnterpriseConfigXmlUtil.parseFromXml(
-                in, in.getDepth(), false, mock(WifiConfigStoreEncryptionUtil.class));
+                in, in.getDepth(), mWifiConfigStoreEncryptionUtil != null,
+                mWifiConfigStoreEncryptionUtil);
     }
 
     private void serializeDeserializeWifiEnterpriseConfig(WifiEnterpriseConfig config)