Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.security.keystore.recovery; |
| 18 | |
| 19 | import android.annotation.IntDef; |
| 20 | import android.annotation.NonNull; |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 21 | import android.annotation.SystemApi; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 22 | import android.os.Parcel; |
| 23 | import android.os.Parcelable; |
| 24 | |
| 25 | import com.android.internal.util.Preconditions; |
| 26 | |
| 27 | import java.lang.annotation.Retention; |
| 28 | import java.lang.annotation.RetentionPolicy; |
| 29 | import java.util.Arrays; |
| 30 | |
| 31 | /** |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 32 | * A {@link KeyChainSnapshot} is protected with a key derived from the user's lock screen. This |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 33 | * class wraps all the data necessary to derive the same key on a recovering device: |
| 34 | * |
| 35 | * <ul> |
| 36 | * <li>UI parameters for the user's lock screen - so that if e.g., the user was using a pattern, |
| 37 | * the recovering device can display the pattern UI to the user when asking them to enter |
| 38 | * the lock screen from their previous device. |
| 39 | * <li>The algorithm used to derive a key from the user's lock screen, e.g. SHA-256 with a salt. |
| 40 | * </ul> |
| 41 | * |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 42 | * <p>As such, this data is sent along with the {@link KeyChainSnapshot} when syncing the current |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 43 | * version of the keychain. |
| 44 | * |
| 45 | * <p>For now, the recoverable keychain only supports a single layer of protection, which is the |
| 46 | * user's lock screen. In the future, the keychain will support multiple layers of protection |
| 47 | * (e.g. an additional keychain password, along with the lock screen). |
| 48 | * |
| 49 | * @hide |
| 50 | */ |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 51 | @SystemApi |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 52 | public final class KeyChainProtectionParams implements Parcelable { |
Robert Berry | 52c15f1 | 2018-03-29 10:21:50 +0100 | [diff] [blame] | 53 | |
| 54 | // IMPORTANT! PLEASE READ! |
| 55 | // ----------------------- |
| 56 | // If you edit this file (e.g., to add new fields), please MAKE SURE to also do the following: |
| 57 | // - Update the #writeToParcel(Parcel) method below |
| 58 | // - Update the #(Parcel) constructor below |
| 59 | // - Update android.security.keystore.recovery.KeyChainSnapshotTest to make sure nobody |
| 60 | // accidentally breaks your fields in the Parcel in the future. |
| 61 | // - Update com.android.server.locksettings.recoverablekeystore.serialization |
| 62 | // .KeyChainSnapshotSerializer to correctly serialize your new field |
| 63 | // - Update com.android.server.locksettings.recoverablekeystore.serialization |
| 64 | // .KeyChainSnapshotSerializer to correctly deserialize your new field |
| 65 | // - Update com.android.server.locksettings.recoverablekeystore.serialization |
| 66 | // .KeychainSnapshotSerializerTest to make sure nobody breaks serialization of your field |
| 67 | // in the future. |
| 68 | |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 69 | /** @hide */ |
| 70 | @Retention(RetentionPolicy.SOURCE) |
Aseem Kumar | 933dfc1 | 2018-03-22 22:09:34 -0700 | [diff] [blame] | 71 | @IntDef(prefix = {"TYPE_"}, value = {TYPE_LOCKSCREEN}) |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 72 | public @interface UserSecretType { |
| 73 | } |
| 74 | |
| 75 | /** |
| 76 | * Lockscreen secret is required to recover KeyStore. |
| 77 | */ |
| 78 | public static final int TYPE_LOCKSCREEN = 100; |
| 79 | |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 80 | /** @hide */ |
| 81 | @Retention(RetentionPolicy.SOURCE) |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 82 | @IntDef(prefix = {"UI_FORMAT_"}, value = {UI_FORMAT_PIN, UI_FORMAT_PASSWORD, UI_FORMAT_PATTERN}) |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 83 | public @interface LockScreenUiFormat { |
| 84 | } |
| 85 | |
| 86 | /** |
| 87 | * Pin with digits only. |
| 88 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 89 | public static final int UI_FORMAT_PIN = 1; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 90 | |
| 91 | /** |
| 92 | * Password. String with latin-1 characters only. |
| 93 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 94 | public static final int UI_FORMAT_PASSWORD = 2; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 95 | |
| 96 | /** |
| 97 | * Pattern with 3 by 3 grid. |
| 98 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 99 | public static final int UI_FORMAT_PATTERN = 3; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 100 | |
| 101 | @UserSecretType |
| 102 | private Integer mUserSecretType; |
| 103 | |
| 104 | @LockScreenUiFormat |
| 105 | private Integer mLockScreenUiFormat; |
| 106 | |
| 107 | /** |
| 108 | * Parameters of the key derivation function, including algorithm, difficulty, salt. |
| 109 | */ |
| 110 | private KeyDerivationParams mKeyDerivationParams; |
| 111 | private byte[] mSecret; // Derived from user secret. The field must have limited visibility. |
| 112 | |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 113 | private KeyChainProtectionParams() { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 114 | |
| 115 | } |
| 116 | |
| 117 | /** |
| 118 | * @see TYPE_LOCKSCREEN |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 119 | */ |
| 120 | public @UserSecretType int getUserSecretType() { |
| 121 | return mUserSecretType; |
| 122 | } |
| 123 | |
| 124 | /** |
| 125 | * Specifies UX shown to user during recovery. |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 126 | * Default value is {@code UI_FORMAT_LOCKSCREEN} |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 127 | * |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 128 | * @see UI_FORMAT_PIN |
| 129 | * @see UI_FORMAT_PASSWORD |
| 130 | * @see UI_FORMAT_PATTERN |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 131 | */ |
| 132 | public @LockScreenUiFormat int getLockScreenUiFormat() { |
| 133 | return mLockScreenUiFormat; |
| 134 | } |
| 135 | |
| 136 | /** |
| 137 | * Specifies function used to derive symmetric key from user input |
| 138 | * Format is defined in separate util class. |
| 139 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 140 | public @NonNull KeyDerivationParams getKeyDerivationParams() { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 141 | return mKeyDerivationParams; |
| 142 | } |
| 143 | |
| 144 | /** |
| 145 | * Secret derived from user input. |
| 146 | * Default value is empty array |
| 147 | * |
| 148 | * @return secret or empty array |
| 149 | */ |
| 150 | public @NonNull byte[] getSecret() { |
| 151 | return mSecret; |
| 152 | } |
| 153 | |
| 154 | /** |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 155 | * Builder for creating {@link KeyChainProtectionParams}. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 156 | */ |
| 157 | public static class Builder { |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 158 | private KeyChainProtectionParams mInstance = new KeyChainProtectionParams(); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 159 | |
| 160 | /** |
| 161 | * Sets user secret type. |
Dmitry Dementyev | 16d9db5 | 2018-03-26 11:31:46 -0700 | [diff] [blame] | 162 | * Default value is {@link TYPE_LOCKSCREEN}. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 163 | * |
| 164 | * @see TYPE_LOCKSCREEN |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 165 | * @param userSecretType The secret type |
| 166 | * @return This builder. |
| 167 | */ |
| 168 | public Builder setUserSecretType(@UserSecretType int userSecretType) { |
| 169 | mInstance.mUserSecretType = userSecretType; |
| 170 | return this; |
| 171 | } |
| 172 | |
| 173 | /** |
| 174 | * Sets UI format. |
| 175 | * |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 176 | * @see UI_FORMAT_PIN |
| 177 | * @see UI_FORMAT_PASSWORD |
| 178 | * @see UI_FORMAT_PATTERN |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 179 | * @param lockScreenUiFormat The UI format |
| 180 | * @return This builder. |
| 181 | */ |
| 182 | public Builder setLockScreenUiFormat(@LockScreenUiFormat int lockScreenUiFormat) { |
| 183 | mInstance.mLockScreenUiFormat = lockScreenUiFormat; |
| 184 | return this; |
| 185 | } |
| 186 | |
| 187 | /** |
| 188 | * Sets parameters of the key derivation function. |
| 189 | * |
Dmitry Dementyev | 16d9db5 | 2018-03-26 11:31:46 -0700 | [diff] [blame] | 190 | * @param keyDerivationParams Key derivation parameters |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 191 | * @return This builder. |
| 192 | */ |
| 193 | public Builder setKeyDerivationParams(@NonNull KeyDerivationParams |
| 194 | keyDerivationParams) { |
| 195 | mInstance.mKeyDerivationParams = keyDerivationParams; |
| 196 | return this; |
| 197 | } |
| 198 | |
| 199 | /** |
| 200 | * Secret derived from user input, or empty array. |
| 201 | * |
| 202 | * @param secret The secret. |
| 203 | * @return This builder. |
| 204 | */ |
| 205 | public Builder setSecret(@NonNull byte[] secret) { |
| 206 | mInstance.mSecret = secret; |
| 207 | return this; |
| 208 | } |
| 209 | |
| 210 | |
| 211 | /** |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 212 | * Creates a new {@link KeyChainProtectionParams} instance. |
Aseem Kumar | c1742e5 | 2018-03-12 14:34:58 -0700 | [diff] [blame] | 213 | * The instance will include default values, if {@link #setSecret} |
| 214 | * or {@link #setUserSecretType} were not called. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 215 | * |
| 216 | * @return new instance |
| 217 | * @throws NullPointerException if some required fields were not set. |
| 218 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 219 | @NonNull public KeyChainProtectionParams build() { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 220 | if (mInstance.mUserSecretType == null) { |
| 221 | mInstance.mUserSecretType = TYPE_LOCKSCREEN; |
| 222 | } |
| 223 | Preconditions.checkNotNull(mInstance.mLockScreenUiFormat); |
| 224 | Preconditions.checkNotNull(mInstance.mKeyDerivationParams); |
| 225 | if (mInstance.mSecret == null) { |
| 226 | mInstance.mSecret = new byte[]{}; |
| 227 | } |
| 228 | return mInstance; |
| 229 | } |
| 230 | } |
| 231 | |
| 232 | /** |
Dmitry Dementyev | 19da340 | 2018-01-30 13:16:47 -0800 | [diff] [blame] | 233 | * Fills secret with zeroes. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 234 | */ |
| 235 | public void clearSecret() { |
| 236 | Arrays.fill(mSecret, (byte) 0); |
| 237 | } |
| 238 | |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 239 | public static final Parcelable.Creator<KeyChainProtectionParams> CREATOR = |
| 240 | new Parcelable.Creator<KeyChainProtectionParams>() { |
| 241 | public KeyChainProtectionParams createFromParcel(Parcel in) { |
| 242 | return new KeyChainProtectionParams(in); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 243 | } |
| 244 | |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 245 | public KeyChainProtectionParams[] newArray(int length) { |
| 246 | return new KeyChainProtectionParams[length]; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 247 | } |
| 248 | }; |
| 249 | |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 250 | @Override |
| 251 | public void writeToParcel(Parcel out, int flags) { |
| 252 | out.writeInt(mUserSecretType); |
| 253 | out.writeInt(mLockScreenUiFormat); |
| 254 | out.writeTypedObject(mKeyDerivationParams, flags); |
| 255 | out.writeByteArray(mSecret); |
| 256 | } |
| 257 | |
| 258 | /** |
| 259 | * @hide |
| 260 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 261 | protected KeyChainProtectionParams(Parcel in) { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 262 | mUserSecretType = in.readInt(); |
| 263 | mLockScreenUiFormat = in.readInt(); |
| 264 | mKeyDerivationParams = in.readTypedObject(KeyDerivationParams.CREATOR); |
| 265 | mSecret = in.createByteArray(); |
| 266 | } |
| 267 | |
| 268 | @Override |
| 269 | public int describeContents() { |
| 270 | return 0; |
| 271 | } |
| 272 | } |