From d8283a81f3bc427f84f0d54816d275f8ebeb2ce5 Mon Sep 17 00:00:00 2001 From: Shawn Willden Date: Thu, 23 May 2019 12:01:59 -0600 Subject: [PATCH] Fix encryption/decryption of large blocks. There's a long-standing bug (since ~Marshmallow) that causes AndroidKeyStore to truncate large (>64 KiB) blocks of data. This can be avoided by callers by processing data in smaller chunks, and smaller chunks are more memory-efficient while not being much (if any) more time-efficient. But, Keystore should handle large blocks correctly. This CL adds a test to all block cipher tests that attempts to encrypt and then decrypt a 100 KiB block. Bug: 123391046 Test: CtsKeystoreTestCases Change-Id: I0c0286fd5360d4fe62cbd8130aa0c17f97318801 --- .../KeyStoreCryptoOperationChunkedStreamer.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java b/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java index dbb79bcd5aeaf..e0304787142d0 100644 --- a/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java +++ b/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java @@ -162,15 +162,15 @@ class KeyStoreCryptoOperationChunkedStreamer implements KeyStoreCryptoOperationS } if ((opResult.output != null) && (opResult.output.length > 0)) { - if (inputLength > 0) { + if (inputLength + mBufferedLength > 0) { // More output might be produced in this loop -- buffer the current output if (bufferedOutput == null) { bufferedOutput = new ByteArrayOutputStream(); - try { - bufferedOutput.write(opResult.output); - } catch (IOException e) { - throw new ProviderException("Failed to buffer output", e); - } + } + try { + bufferedOutput.write(opResult.output); + } catch (IOException e) { + throw new ProviderException("Failed to buffer output", e); } } else { // No more output will be produced in this loop