Revert "Throw exception when decrypting with the wrong key"
This reverts commit b575b07b6eed2fb419c531e76c5c643102f53ebd.
Reason for revert: Broken downstream builds (b/255797120)
Bug: 255797120
Change-Id: If5fe60ab2fa9dec0840f05d145b89d465244c553
diff --git a/security/security-crypto/src/androidTest/java/androidx/security/crypto/EncryptedFileTest.java b/security/security-crypto/src/androidTest/java/androidx/security/crypto/EncryptedFileTest.java
index 0dfdf03..2d1beec 100644
--- a/security/security-crypto/src/androidTest/java/androidx/security/crypto/EncryptedFileTest.java
+++ b/security/security-crypto/src/androidTest/java/androidx/security/crypto/EncryptedFileTest.java
@@ -50,7 +50,6 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.util.ArrayList;
@@ -124,11 +123,6 @@
mMasterKey = new MasterKey.Builder(mContext)
.setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
.build();
-
- keyStore.deleteEntry(EncryptedFileTest.SECOND_MASTER_KEY_ALIAS);
- mSecondMasterKey = new MasterKey.Builder(mContext, SECOND_MASTER_KEY_ALIAS)
- .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
- .build();
}
@Test
@@ -355,44 +349,6 @@
assertTrue("Keyset should have existed.", containsKeyset);
}
- @Test(expected = InvalidKeyException.class)
- public void testTwoMasterKeys() throws Exception {
- new EncryptedFile.Builder(
- mContext,
- new File(mContext.getFilesDir(), TestFileName.ENCRYPTED_FILE_1.toString()),
- mMasterKey,
- EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB)
- .build();
-
- // This will fail because implicitly we are decrypting the keyset created for mMasterKey
- // with this new mSecondMasterKey
- new EncryptedFile.Builder(
- mContext,
- new File(mContext.getFilesDir(), TestFileName.ENCRYPTED_FILE_2.toString()),
- mSecondMasterKey,
- EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB)
- .build();
- }
-
- @Test
- public void testTwoMasterKeysAndTwoKeysets() throws Exception {
- new EncryptedFile.Builder(
- mContext,
- new File(mContext.getFilesDir(), TestFileName.ENCRYPTED_FILE_1.toString()),
- mMasterKey,
- EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB)
- .build();
-
- // This should succeed because mSecondMasterKey gets its own keyset
- new EncryptedFile.Builder(
- mContext,
- new File(mContext.getFilesDir(), TestFileName.ENCRYPTED_FILE_2.toString()),
- mSecondMasterKey,
- EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB)
- .setKeysetAlias("second_keyset")
- .build();
- }
-
@SuppressWarnings("deprecation")
@Test
public void tinkTest() throws Exception {
diff --git a/security/security-crypto/src/main/java/androidx/security/crypto/EncryptedFile.java b/security/security-crypto/src/main/java/androidx/security/crypto/EncryptedFile.java
index b21f7e7..dfce616 100644
--- a/security/security-crypto/src/main/java/androidx/security/crypto/EncryptedFile.java
+++ b/security/security-crypto/src/main/java/androidx/security/crypto/EncryptedFile.java
@@ -30,7 +30,6 @@
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.StreamingAead;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
-import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import com.google.crypto.tink.streamingaead.StreamingAeadConfig;
import java.io.File;
@@ -43,7 +42,6 @@
import java.io.OutputStream;
import java.nio.channels.FileChannel;
import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
/**
* Class used to create and read encrypted files.
@@ -201,24 +199,15 @@
.withSharedPref(mContext, mKeysetAlias, mKeysetPrefName)
.withMasterKeyUri(KEYSTORE_PATH_URI + mMasterKeyAlias);
- AndroidKeysetManager keysetManager;
-
- try {
- // Building the keyset manager involves shared pref filesystem operations. To
- // control access to this global state in multi-threaded contexts we need to
- // ensure mutual exclusion of the build() function.
- synchronized (sLock) {
- keysetManager = keysetManagerBuilder.build();
- }
- } catch (InvalidProtocolBufferException e) {
- throw new InvalidKeyException("Used the wrong key (\"" + mMasterKeyAlias + "\") to "
- + "decrypt the keyset (\"" + mKeysetAlias + "\"). If you are using "
- + "multiple master keys you must call setKeysetPrefName() or "
- + "setKeysetAlias() to differentiate.",
- e);
+ // Building the keyset manager involves shared pref filesystem operations. To control
+ // access to this global state in multi-threaded contexts we need to ensure mutual
+ // exclusion of the build() function.
+ AndroidKeysetManager androidKeysetManager;
+ synchronized (sLock) {
+ androidKeysetManager = keysetManagerBuilder.build();
}
- KeysetHandle streamingAeadKeysetHandle = keysetManager.getKeysetHandle();
+ KeysetHandle streamingAeadKeysetHandle = androidKeysetManager.getKeysetHandle();
StreamingAead streamingAead =
streamingAeadKeysetHandle.getPrimitive(StreamingAead.class);
