Pull SecureBox.java out into its own library. SecureBox is needed by Settings for encrypting device credential and was inaccessible from services/core/java/com/android/server. Create a new SecureBox library to resolve. Test: atest com.android.server.locksettings.recoverablekeystore SecureBoxTests Bug: 258505917 Change-Id: I65484edf12b04dfe1642cd0c97bc999d26430395

commit: a2f766f3ee3783b847e18da8253f7690c2e5c556 [log] [tgz]
author: Brian Lee <brnlee@google.com> Mon Jan 09 16:58:45 2023 -0800
committer: Brian Lee <brnlee@google.com> Tue Jan 24 16:53:59 2023 -0800
tree: 9e2f53a6846c11a52cb2614e75aef71249516b16
parent: 2b9edf638ce78d4d7f4d647879d1835f0712ec47 [diff]
diff --git a/libs/securebox/Android.bp b/libs/securebox/Android.bp
new file mode 100644
index 0000000..a29c03c
--- /dev/null
+++ b/libs/securebox/Android.bp

@@ -0,0 +1,8 @@
+package {
+    default_applicable_licenses: ["frameworks_base_license"],
+}
+
+java_library {
+    name: "securebox",
+    srcs: ["src/**/*.java"],
+}

diff --git a/libs/securebox/OWNERS b/libs/securebox/OWNERS
new file mode 100644
index 0000000..e160799
--- /dev/null
+++ b/libs/securebox/OWNERS

@@ -0,0 +1 @@
+include /services/core/java/com/android/server/locksettings/recoverablekeystore/OWNERS

diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/SecureBox.java b/libs/securebox/src/com/android/security/SecureBox.java
similarity index 98%
rename from services/core/java/com/android/server/locksettings/recoverablekeystore/SecureBox.java
rename to libs/securebox/src/com/android/security/SecureBox.java
index 51a37b3..0ebaff4 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/SecureBox.java
+++ b/libs/securebox/src/com/android/security/SecureBox.java

@@ -14,11 +14,13 @@
  * limitations under the License.
  */
 
-package com.android.server.locksettings.recoverablekeystore;
+package com.android.security;
 
 import android.annotation.Nullable;
+
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.util.ArrayUtils;
+
 import java.math.BigInteger;
 import java.nio.BufferUnderflowException;
 import java.nio.ByteBuffer;
@@ -41,6 +43,7 @@
 import java.security.spec.EllipticCurve;
 import java.security.spec.InvalidKeySpecException;
 import java.util.Arrays;
+
 import javax.crypto.AEADBadTagException;
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -380,7 +383,7 @@
      * @param publicKey The public key.
      * @return The key packed into a 65-byte array.
      */
-    static byte[] encodePublicKey(PublicKey publicKey) {
+    public static byte[] encodePublicKey(PublicKey publicKey) {
         ECPoint point = ((ECPublicKey) publicKey).getW();
         byte[] x = point.getAffineX().toByteArray();
         byte[] y = point.getAffineY().toByteArray();
@@ -394,8 +397,13 @@
         return output;
     }
 
-    @VisibleForTesting
-    static PublicKey decodePublicKey(byte[] keyBytes)
+    /**
+     * Decodes byte[] encoded public key.
+     *
+     * @param keyBytes encoded public key
+     * @return the public key
+     */
+    public static PublicKey decodePublicKey(byte[] keyBytes)
             throws NoSuchAlgorithmException, InvalidKeyException {
         BigInteger x =
                 new BigInteger(

diff --git a/libs/securebox/tests/Android.bp b/libs/securebox/tests/Android.bp
new file mode 100644
index 0000000..7df546a
--- /dev/null
+++ b/libs/securebox/tests/Android.bp

@@ -0,0 +1,46 @@
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+    default_applicable_licenses: ["frameworks_base_license"],
+}
+
+android_test {
+    name: "SecureBoxTests",
+    srcs: [
+        "**/*.java",
+    ],
+    static_libs: [
+        "securebox",
+        "androidx.test.runner",
+        "androidx.test.rules",
+        "androidx.test.ext.junit",
+        "frameworks-base-testutils",
+        "junit",
+        "mockito-target-extended-minus-junit4",
+        "platform-test-annotations",
+        "testables",
+        "testng",
+        "truth-prebuilt",
+    ],
+    libs: [
+        "android.test.mock",
+        "android.test.base",
+        "android.test.runner",
+    ],
+    jni_libs: [
+        "libdexmakerjvmtiagent",
+        "libstaticjvmtiagent",
+    ],
+}

diff --git a/libs/securebox/tests/AndroidManifest.xml b/libs/securebox/tests/AndroidManifest.xml
new file mode 100644
index 0000000..3dc9563
--- /dev/null
+++ b/libs/securebox/tests/AndroidManifest.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2022 The Android Open Source Project
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+         http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:androidprv="http://schemas.android.com/apk/prv/res/android"
+    xmlns:tools="http://schemas.android.com/tools"
+    package="com.android.security.tests">
+
+    <application android:debuggable="true" android:largeHeap="true">
+        <uses-library android:name="android.test.mock" />
+        <uses-library android:name="android.test.runner" />
+    </application>
+
+    <instrumentation
+        android:name="androidx.test.runner.AndroidJUnitRunner"
+        android:label="Tests for SecureBox"
+        android:targetPackage="com.android.security.tests">
+    </instrumentation>
+
+</manifest>

diff --git a/libs/securebox/tests/AndroidTest.xml b/libs/securebox/tests/AndroidTest.xml
new file mode 100644
index 0000000..54abd135
--- /dev/null
+++ b/libs/securebox/tests/AndroidTest.xml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2022 The Android Open Source Project
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<configuration description="Runs Tests for SecureBox">
+    <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
+        <option name="cleanup-apks" value="true" />
+        <option name="install-arg" value="-t" />
+        <option name="test-file-name" value="SecureBoxTests.apk" />
+    </target_preparer>
+
+    <option name="test-suite-tag" value="apct" />
+    <option name="test-suite-tag" value="framework-base-presubmit" />
+    <option name="test-tag" value="SecureBoxTests" />
+    <test class="com.android.tradefed.testtype.AndroidJUnitTest" >
+        <option name="package" value="com.android.security.tests" />
+        <option name="runner" value="androidx.test.runner.AndroidJUnitRunner" />
+        <option name="hidden-api-checks" value="false"/>
+    </test>
+</configuration>

diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/SecureBoxTest.java b/libs/securebox/tests/src/com/android/security/SecureBoxTest.java
similarity index 98%
rename from services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/SecureBoxTest.java
rename to libs/securebox/tests/src/com/android/security/SecureBoxTest.java
index 34235bd..b6e2365 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/SecureBoxTest.java
+++ b/libs/securebox/tests/src/com/android/security/SecureBoxTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package com.android.server.locksettings.recoverablekeystore;
+package com.android.security;
 
 import static com.google.common.truth.Truth.assertThat;
 
@@ -24,11 +24,11 @@
 import androidx.test.filters.SmallTest;
 import androidx.test.runner.AndroidJUnit4;
 
+import com.android.internal.util.ArrayUtils;
+
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
-import com.android.internal.util.ArrayUtils;
-
 import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
 import java.security.InvalidKeyException;

diff --git a/services/core/Android.bp b/services/core/Android.bp
index c0bb586..f65ed33 100644
--- a/services/core/Android.bp
+++ b/services/core/Android.bp

@@ -182,6 +182,7 @@
         "SurfaceFlingerProperties",
         "com.android.sysprop.watchdog",
         "ImmutabilityAnnotation",
+        "securebox",
     ],
     javac_shard_size: 50,
     javacflags: [

diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncUtils.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncUtils.java
index 7921619..2818caa 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncUtils.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncUtils.java

@@ -21,6 +21,7 @@
 
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.util.ArrayUtils;
+import com.android.security.SecureBox;
 
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;

diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
index 7c80d8a..b437421 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java

@@ -44,6 +44,7 @@
 
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.internal.util.HexDump;
+import com.android.security.SecureBox;
 import com.android.server.locksettings.recoverablekeystore.certificate.CertParsingException;
 import com.android.server.locksettings.recoverablekeystore.certificate.CertUtils;
 import com.android.server.locksettings.recoverablekeystore.certificate.CertValidationException;

diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RemoteLockscreenValidationSessionStorage.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RemoteLockscreenValidationSessionStorage.java
index b94548b..267a72e 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RemoteLockscreenValidationSessionStorage.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RemoteLockscreenValidationSessionStorage.java

@@ -23,7 +23,7 @@
 import android.util.SparseArray;
 
 import com.android.internal.annotations.VisibleForTesting;
-import com.android.server.locksettings.recoverablekeystore.SecureBox;
+import com.android.security.SecureBox;
 
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;

diff --git a/services/tests/servicestests/Android.bp b/services/tests/servicestests/Android.bp
index ced2a4b..3a7b9a4 100644
--- a/services/tests/servicestests/Android.bp
+++ b/services/tests/servicestests/Android.bp

@@ -62,6 +62,7 @@
         "junit-params",
         "ActivityContext",
         "coretests-aidl",
+        "securebox",
     ],
 
     libs: [

diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
index ea5caa8..cc1100b 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java

@@ -55,6 +55,7 @@
 import androidx.test.runner.AndroidJUnit4;
 
 import com.android.internal.util.ArrayUtils;
+import com.android.security.SecureBox;
 import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb;
 import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage;
 

diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncUtilsTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncUtilsTest.java
index 19a606e..1cf4471 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncUtilsTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncUtilsTest.java

@@ -28,6 +28,8 @@
 import androidx.test.runner.AndroidJUnit4;
 
 import com.android.internal.util.ArrayUtils;
+import com.android.security.SecureBox;
+
 import com.google.common.collect.ImmutableMap;
 
 import org.junit.Test;

diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
index 1b983f0b..bb79fd8 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java

@@ -60,6 +60,7 @@
 
 import com.android.internal.util.ArrayUtils;
 import com.android.internal.widget.LockPatternUtils;
+import com.android.security.SecureBox;
 import com.android.server.locksettings.recoverablekeystore.storage.ApplicationKeyStorage;
 import com.android.server.locksettings.recoverablekeystore.storage.CleanupManager;
 import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb;

diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RemoteLockscreenValidationSessionStorageTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RemoteLockscreenValidationSessionStorageTest.java
index a1cf128..05d30ed 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RemoteLockscreenValidationSessionStorageTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RemoteLockscreenValidationSessionStorageTest.java

@@ -23,7 +23,7 @@
 import androidx.test.filters.SmallTest;
 import androidx.test.runner.AndroidJUnit4;
 
-import com.android.server.locksettings.recoverablekeystore.SecureBox;
+import com.android.security.SecureBox;
 
 import org.junit.Before;
 import org.junit.Test;
commit	a2f766f3ee3783b847e18da8253f7690c2e5c556	[log] [tgz]
author	Brian Lee <brnlee@google.com>	Mon Jan 09 16:58:45 2023 -0800
committer	Brian Lee <brnlee@google.com>	Tue Jan 24 16:53:59 2023 -0800
tree	9e2f53a6846c11a52cb2614e75aef71249516b16
parent	2b9edf638ce78d4d7f4d647879d1835f0712ec47 [diff]