Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server.locksettings.recoverablekeystore; |
| 18 | |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 19 | import static android.security.keystore.recovery.KeyChainProtectionParams.TYPE_LOCKSCREEN; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 20 | |
Dmitry Dementyev | abd713c | 2018-01-09 15:08:13 -0800 | [diff] [blame] | 21 | import android.annotation.Nullable; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 22 | import android.content.Context; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 23 | import android.security.keystore.recovery.KeyDerivationParams; |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 24 | import android.security.keystore.recovery.KeyChainProtectionParams; |
| 25 | import android.security.keystore.recovery.KeyChainSnapshot; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 26 | import android.security.keystore.recovery.WrappedApplicationKey; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 27 | import android.util.Log; |
| 28 | |
| 29 | import com.android.internal.annotations.VisibleForTesting; |
Dmitry Dementyev | 122bfe1 | 2018-01-10 18:56:36 -0800 | [diff] [blame] | 30 | import com.android.internal.util.ArrayUtils; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 31 | import com.android.internal.widget.LockPatternUtils; |
| 32 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 33 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 34 | |
| 35 | import java.nio.ByteBuffer; |
| 36 | import java.nio.ByteOrder; |
| 37 | import java.nio.charset.StandardCharsets; |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 38 | import java.security.GeneralSecurityException; |
Robert Berry | 26cbb6b | 2018-01-22 21:59:30 +0000 | [diff] [blame] | 39 | import java.security.InvalidAlgorithmParameterException; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 40 | import java.security.InvalidKeyException; |
| 41 | import java.security.KeyStoreException; |
| 42 | import java.security.MessageDigest; |
| 43 | import java.security.NoSuchAlgorithmException; |
| 44 | import java.security.PublicKey; |
| 45 | import java.security.SecureRandom; |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 46 | import java.security.UnrecoverableKeyException; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 47 | import java.security.cert.CertPath; |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 48 | import java.security.cert.CertificateException; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 49 | import java.util.ArrayList; |
| 50 | import java.util.List; |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 51 | import java.util.Map; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 52 | |
| 53 | import javax.crypto.KeyGenerator; |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 54 | import javax.crypto.NoSuchPaddingException; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 55 | import javax.crypto.SecretKey; |
| 56 | |
| 57 | /** |
| 58 | * Task to sync application keys to a remote vault service. |
| 59 | * |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 60 | * @hide |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 61 | */ |
| 62 | public class KeySyncTask implements Runnable { |
| 63 | private static final String TAG = "KeySyncTask"; |
| 64 | |
| 65 | private static final String RECOVERY_KEY_ALGORITHM = "AES"; |
| 66 | private static final int RECOVERY_KEY_SIZE_BITS = 256; |
| 67 | private static final int SALT_LENGTH_BYTES = 16; |
| 68 | private static final int LENGTH_PREFIX_BYTES = Integer.BYTES; |
| 69 | private static final String LOCK_SCREEN_HASH_ALGORITHM = "SHA-256"; |
Robert Berry | 94ea4e4 | 2017-12-28 12:08:30 +0000 | [diff] [blame] | 70 | private static final int TRUSTED_HARDWARE_MAX_ATTEMPTS = 10; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 71 | |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 72 | private final RecoverableKeyStoreDb mRecoverableKeyStoreDb; |
| 73 | private final int mUserId; |
| 74 | private final int mCredentialType; |
| 75 | private final String mCredential; |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 76 | private final boolean mCredentialUpdated; |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 77 | private final PlatformKeyManager mPlatformKeyManager; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 78 | private final RecoverySnapshotStorage mRecoverySnapshotStorage; |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 79 | private final RecoverySnapshotListenersStorage mSnapshotListenersStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 80 | |
| 81 | public static KeySyncTask newInstance( |
| 82 | Context context, |
| 83 | RecoverableKeyStoreDb recoverableKeyStoreDb, |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 84 | RecoverySnapshotStorage snapshotStorage, |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 85 | RecoverySnapshotListenersStorage recoverySnapshotListenersStorage, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 86 | int userId, |
| 87 | int credentialType, |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 88 | String credential, |
| 89 | boolean credentialUpdated |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 90 | ) throws NoSuchAlgorithmException, KeyStoreException, InsecureUserException { |
| 91 | return new KeySyncTask( |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 92 | recoverableKeyStoreDb, |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 93 | snapshotStorage, |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 94 | recoverySnapshotListenersStorage, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 95 | userId, |
| 96 | credentialType, |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 97 | credential, |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 98 | credentialUpdated, |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 99 | PlatformKeyManager.getInstance(context, recoverableKeyStoreDb)); |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 100 | } |
| 101 | |
| 102 | /** |
| 103 | * A new task. |
| 104 | * |
| 105 | * @param recoverableKeyStoreDb Database where the keys are stored. |
| 106 | * @param userId The uid of the user whose profile has been unlocked. |
Dmitry Dementyev | abd713c | 2018-01-09 15:08:13 -0800 | [diff] [blame] | 107 | * @param credentialType The type of credential as defined in {@code LockPatternUtils} |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 108 | * @param credential The credential, encoded as a {@link String}. |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 109 | * @param credentialUpdated signals weather credentials were updated. |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 110 | * @param platformKeyManager platform key manager |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 111 | */ |
| 112 | @VisibleForTesting |
| 113 | KeySyncTask( |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 114 | RecoverableKeyStoreDb recoverableKeyStoreDb, |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 115 | RecoverySnapshotStorage snapshotStorage, |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 116 | RecoverySnapshotListenersStorage recoverySnapshotListenersStorage, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 117 | int userId, |
| 118 | int credentialType, |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 119 | String credential, |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 120 | boolean credentialUpdated, |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 121 | PlatformKeyManager platformKeyManager) { |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 122 | mSnapshotListenersStorage = recoverySnapshotListenersStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 123 | mRecoverableKeyStoreDb = recoverableKeyStoreDb; |
| 124 | mUserId = userId; |
| 125 | mCredentialType = credentialType; |
| 126 | mCredential = credential; |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 127 | mCredentialUpdated = credentialUpdated; |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 128 | mPlatformKeyManager = platformKeyManager; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 129 | mRecoverySnapshotStorage = snapshotStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 130 | } |
| 131 | |
| 132 | @Override |
| 133 | public void run() { |
| 134 | try { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 135 | // Only one task is active If user unlocks phone many times in a short time interval. |
| 136 | synchronized(KeySyncTask.class) { |
| 137 | syncKeys(); |
| 138 | } |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 139 | } catch (Exception e) { |
| 140 | Log.e(TAG, "Unexpected exception thrown during KeySyncTask", e); |
| 141 | } |
| 142 | } |
| 143 | |
| 144 | private void syncKeys() { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 145 | if (mCredentialType == LockPatternUtils.CREDENTIAL_TYPE_NONE) { |
| 146 | // Application keys for the user will not be available for sync. |
| 147 | Log.w(TAG, "Credentials are not set for user " + mUserId); |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 148 | int generation = mPlatformKeyManager.getGenerationId(mUserId); |
| 149 | mPlatformKeyManager.invalidatePlatformKey(mUserId, generation); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 150 | return; |
| 151 | } |
Aseem Kumar | 3326da5 | 2018-03-12 18:05:16 -0700 | [diff] [blame] | 152 | if (isCustomLockScreen()) { |
| 153 | Log.w(TAG, "Unsupported credential type " + mCredentialType + "for user " + mUserId); |
| 154 | mRecoverableKeyStoreDb.invalidateKeysForUserIdOnCustomScreenLock(mUserId); |
| 155 | return; |
| 156 | } |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 157 | |
| 158 | List<Integer> recoveryAgents = mRecoverableKeyStoreDb.getRecoveryAgents(mUserId); |
| 159 | for (int uid : recoveryAgents) { |
| 160 | syncKeysForAgent(uid); |
| 161 | } |
| 162 | if (recoveryAgents.isEmpty()) { |
| 163 | Log.w(TAG, "No recovery agent initialized for user " + mUserId); |
| 164 | } |
| 165 | } |
| 166 | |
Aseem Kumar | 3326da5 | 2018-03-12 18:05:16 -0700 | [diff] [blame] | 167 | private boolean isCustomLockScreen() { |
| 168 | return mCredentialType != LockPatternUtils.CREDENTIAL_TYPE_NONE |
| 169 | && mCredentialType != LockPatternUtils.CREDENTIAL_TYPE_PATTERN |
| 170 | && mCredentialType != LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; |
| 171 | } |
| 172 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 173 | private void syncKeysForAgent(int recoveryAgentUid) { |
Dmitry Dementyev | 907e275 | 2018-01-26 10:54:52 -0800 | [diff] [blame] | 174 | boolean recreateCurrentVersion = false; |
Robert Berry | 2fd4b59 | 2018-03-15 15:28:05 +0000 | [diff] [blame] | 175 | if (!shouldCreateSnapshot(recoveryAgentUid)) { |
Dmitry Dementyev | 907e275 | 2018-01-26 10:54:52 -0800 | [diff] [blame] | 176 | recreateCurrentVersion = |
| 177 | (mRecoverableKeyStoreDb.getSnapshotVersion(mUserId, recoveryAgentUid) != null) |
| 178 | && (mRecoverySnapshotStorage.get(recoveryAgentUid) == null); |
| 179 | if (recreateCurrentVersion) { |
| 180 | Log.d(TAG, "Recreating most recent snapshot"); |
| 181 | } else { |
| 182 | Log.d(TAG, "Key sync not needed."); |
| 183 | return; |
| 184 | } |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 185 | } |
| 186 | |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 187 | PublicKey publicKey; |
| 188 | CertPath certPath = mRecoverableKeyStoreDb.getRecoveryServiceCertPath(mUserId, |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 189 | recoveryAgentUid); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 190 | if (certPath != null) { |
| 191 | Log.d(TAG, "Using the public key in stored CertPath for syncing"); |
| 192 | publicKey = certPath.getCertificates().get(0).getPublicKey(); |
| 193 | } else { |
| 194 | Log.d(TAG, "Using the stored raw public key for syncing"); |
| 195 | publicKey = mRecoverableKeyStoreDb.getRecoveryServicePublicKey(mUserId, |
| 196 | recoveryAgentUid); |
| 197 | } |
Robert Berry | aa3f4ca | 2017-12-27 10:53:58 +0000 | [diff] [blame] | 198 | if (publicKey == null) { |
| 199 | Log.w(TAG, "Not initialized for KeySync: no public key set. Cancelling task."); |
| 200 | return; |
| 201 | } |
| 202 | |
Bo Zhu | 4ff2b3f | 2018-01-17 17:34:26 -0800 | [diff] [blame] | 203 | byte[] vaultHandle = mRecoverableKeyStoreDb.getServerParams(mUserId, recoveryAgentUid); |
| 204 | if (vaultHandle == null) { |
Robert Berry | 94ea4e4 | 2017-12-28 12:08:30 +0000 | [diff] [blame] | 205 | Log.w(TAG, "No device ID set for user " + mUserId); |
| 206 | return; |
| 207 | } |
| 208 | |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 209 | byte[] salt = generateSalt(); |
| 210 | byte[] localLskfHash = hashCredentials(salt, mCredential); |
| 211 | |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 212 | Map<String, SecretKey> rawKeys; |
| 213 | try { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 214 | rawKeys = getKeysToSync(recoveryAgentUid); |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 215 | } catch (GeneralSecurityException e) { |
| 216 | Log.e(TAG, "Failed to load recoverable keys for sync", e); |
| 217 | return; |
| 218 | } catch (InsecureUserException e) { |
| 219 | Log.wtf(TAG, "A screen unlock triggered the key sync flow, so user must have " |
| 220 | + "lock screen. This should be impossible.", e); |
| 221 | return; |
| 222 | } catch (BadPlatformKeyException e) { |
| 223 | Log.wtf(TAG, "Loaded keys for same generation ID as platform key, so " |
| 224 | + "BadPlatformKeyException should be impossible.", e); |
| 225 | return; |
| 226 | } |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 227 | |
| 228 | SecretKey recoveryKey; |
| 229 | try { |
| 230 | recoveryKey = generateRecoveryKey(); |
| 231 | } catch (NoSuchAlgorithmException e) { |
| 232 | Log.wtf("AES should never be unavailable", e); |
| 233 | return; |
| 234 | } |
| 235 | |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 236 | Map<String, byte[]> encryptedApplicationKeys; |
| 237 | try { |
| 238 | encryptedApplicationKeys = KeySyncUtils.encryptKeysWithRecoveryKey( |
| 239 | recoveryKey, rawKeys); |
| 240 | } catch (InvalidKeyException | NoSuchAlgorithmException e) { |
| 241 | Log.wtf(TAG, |
| 242 | "Should be impossible: could not encrypt application keys with random key", |
| 243 | e); |
| 244 | return; |
| 245 | } |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 246 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 247 | Long counterId; |
| 248 | // counter id is generated exactly once for each credentials value. |
| 249 | if (mCredentialUpdated) { |
| 250 | counterId = generateAndStoreCounterId(recoveryAgentUid); |
| 251 | } else { |
| 252 | counterId = mRecoverableKeyStoreDb.getCounterId(mUserId, recoveryAgentUid); |
| 253 | if (counterId == null) { |
| 254 | counterId = generateAndStoreCounterId(recoveryAgentUid); |
| 255 | } |
| 256 | } |
Dmitry Dementyev | ae6ec6d | 2018-01-18 14:29:49 -0800 | [diff] [blame] | 257 | |
Robert Berry | 94ea4e4 | 2017-12-28 12:08:30 +0000 | [diff] [blame] | 258 | byte[] vaultParams = KeySyncUtils.packVaultParams( |
| 259 | publicKey, |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 260 | counterId, |
Bo Zhu | 4ff2b3f | 2018-01-17 17:34:26 -0800 | [diff] [blame] | 261 | TRUSTED_HARDWARE_MAX_ATTEMPTS, |
| 262 | vaultHandle); |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 263 | |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 264 | byte[] encryptedRecoveryKey; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 265 | try { |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 266 | encryptedRecoveryKey = KeySyncUtils.thmEncryptRecoveryKey( |
Robert Berry | aa3f4ca | 2017-12-27 10:53:58 +0000 | [diff] [blame] | 267 | publicKey, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 268 | localLskfHash, |
| 269 | vaultParams, |
| 270 | recoveryKey); |
| 271 | } catch (NoSuchAlgorithmException e) { |
| 272 | Log.wtf(TAG, "SecureBox encrypt algorithms unavailable", e); |
| 273 | return; |
| 274 | } catch (InvalidKeyException e) { |
| 275 | Log.e(TAG,"Could not encrypt with recovery key", e); |
| 276 | return; |
| 277 | } |
Dmitry Dementyev | 907e275 | 2018-01-26 10:54:52 -0800 | [diff] [blame] | 278 | KeyChainProtectionParams metadata = new KeyChainProtectionParams.Builder() |
| 279 | .setUserSecretType(TYPE_LOCKSCREEN) |
| 280 | .setLockScreenUiFormat(getUiFormat(mCredentialType, mCredential)) |
| 281 | .setKeyDerivationParams(KeyDerivationParams.createSha256Params(salt)) |
| 282 | .setSecret(new byte[0]) |
| 283 | .build(); |
| 284 | |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 285 | ArrayList<KeyChainProtectionParams> metadataList = new ArrayList<>(); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 286 | metadataList.add(metadata); |
| 287 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 288 | // If application keys are not updated, snapshot will not be created on next unlock. |
| 289 | mRecoverableKeyStoreDb.setShouldCreateSnapshot(mUserId, recoveryAgentUid, false); |
| 290 | |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 291 | KeyChainSnapshot.Builder keyChainSnapshotBuilder = new KeyChainSnapshot.Builder() |
Dmitry Dementyev | 907e275 | 2018-01-26 10:54:52 -0800 | [diff] [blame] | 292 | .setSnapshotVersion(getSnapshotVersion(recoveryAgentUid, recreateCurrentVersion)) |
Dmitry Dementyev | add1bad | 2018-01-18 16:44:08 -0800 | [diff] [blame] | 293 | .setMaxAttempts(TRUSTED_HARDWARE_MAX_ATTEMPTS) |
| 294 | .setCounterId(counterId) |
| 295 | .setTrustedHardwarePublicKey(SecureBox.encodePublicKey(publicKey)) |
| 296 | .setServerParams(vaultHandle) |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 297 | .setKeyChainProtectionParams(metadataList) |
Dmitry Dementyev | add1bad | 2018-01-18 16:44:08 -0800 | [diff] [blame] | 298 | .setWrappedApplicationKeys(createApplicationKeyEntries(encryptedApplicationKeys)) |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 299 | .setEncryptedRecoveryKeyBlob(encryptedRecoveryKey); |
| 300 | try { |
| 301 | keyChainSnapshotBuilder.setTrustedHardwareCertPath(certPath); |
| 302 | } catch(CertificateException e) { |
| 303 | // Should not happen, as it's just deserialized from bytes stored in the db |
| 304 | Log.wtf(TAG, "Cannot serialize CertPath when calling setTrustedHardwareCertPath", e); |
| 305 | return; |
| 306 | } |
| 307 | mRecoverySnapshotStorage.put(recoveryAgentUid, keyChainSnapshotBuilder.build()); |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 308 | mSnapshotListenersStorage.recoverySnapshotAvailable(recoveryAgentUid); |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 309 | } |
| 310 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 311 | @VisibleForTesting |
Dmitry Dementyev | 907e275 | 2018-01-26 10:54:52 -0800 | [diff] [blame] | 312 | int getSnapshotVersion(int recoveryAgentUid, boolean recreateCurrentVersion) { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 313 | Long snapshotVersion = mRecoverableKeyStoreDb.getSnapshotVersion(mUserId, recoveryAgentUid); |
Dmitry Dementyev | 907e275 | 2018-01-26 10:54:52 -0800 | [diff] [blame] | 314 | if (recreateCurrentVersion) { |
| 315 | // version shouldn't be null at this moment. |
| 316 | snapshotVersion = snapshotVersion == null ? 1 : snapshotVersion; |
| 317 | } else { |
| 318 | snapshotVersion = snapshotVersion == null ? 1 : snapshotVersion + 1; |
| 319 | } |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 320 | mRecoverableKeyStoreDb.setSnapshotVersion(mUserId, recoveryAgentUid, snapshotVersion); |
| 321 | |
| 322 | return snapshotVersion.intValue(); |
| 323 | } |
| 324 | |
| 325 | private long generateAndStoreCounterId(int recoveryAgentUid) { |
| 326 | long counter = new SecureRandom().nextLong(); |
| 327 | mRecoverableKeyStoreDb.setCounterId(mUserId, recoveryAgentUid, counter); |
| 328 | return counter; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 329 | } |
| 330 | |
| 331 | /** |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 332 | * Returns all of the recoverable keys for the user. |
| 333 | */ |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 334 | private Map<String, SecretKey> getKeysToSync(int recoveryAgentUid) |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 335 | throws InsecureUserException, KeyStoreException, UnrecoverableKeyException, |
Robert Berry | 26cbb6b | 2018-01-22 21:59:30 +0000 | [diff] [blame] | 336 | NoSuchAlgorithmException, NoSuchPaddingException, BadPlatformKeyException, |
| 337 | InvalidKeyException, InvalidAlgorithmParameterException { |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 338 | PlatformDecryptionKey decryptKey = mPlatformKeyManager.getDecryptKey(mUserId);; |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 339 | Map<String, WrappedKey> wrappedKeys = mRecoverableKeyStoreDb.getAllKeys( |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 340 | mUserId, recoveryAgentUid, decryptKey.getGenerationId()); |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 341 | return WrappedKey.unwrapKeys(decryptKey, wrappedKeys); |
| 342 | } |
| 343 | |
| 344 | /** |
| 345 | * Returns {@code true} if a sync is pending. |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 346 | * @param recoveryAgentUid uid of the recovery agent. |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 347 | */ |
Robert Berry | 2fd4b59 | 2018-03-15 15:28:05 +0000 | [diff] [blame] | 348 | private boolean shouldCreateSnapshot(int recoveryAgentUid) { |
Dmitry Dementyev | 122bfe1 | 2018-01-10 18:56:36 -0800 | [diff] [blame] | 349 | int[] types = mRecoverableKeyStoreDb.getRecoverySecretTypes(mUserId, recoveryAgentUid); |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 350 | if (!ArrayUtils.contains(types, KeyChainProtectionParams.TYPE_LOCKSCREEN)) { |
Dmitry Dementyev | 122bfe1 | 2018-01-10 18:56:36 -0800 | [diff] [blame] | 351 | // Only lockscreen type is supported. |
| 352 | // We will need to pass extra argument to KeySyncTask to support custom pass phrase. |
| 353 | return false; |
| 354 | } |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 355 | if (mCredentialUpdated) { |
| 356 | // Sync credential if at least one snapshot was created. |
| 357 | if (mRecoverableKeyStoreDb.getSnapshotVersion(mUserId, recoveryAgentUid) != null) { |
| 358 | mRecoverableKeyStoreDb.setShouldCreateSnapshot(mUserId, recoveryAgentUid, true); |
| 359 | return true; |
| 360 | } |
| 361 | } |
| 362 | |
| 363 | return mRecoverableKeyStoreDb.getShouldCreateSnapshot(mUserId, recoveryAgentUid); |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 364 | } |
| 365 | |
| 366 | /** |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 367 | * The UI best suited to entering the given lock screen. This is synced with the vault so the |
| 368 | * user can be shown the same UI when recovering the vault on another device. |
| 369 | * |
| 370 | * @return The format - either pattern, pin, or password. |
| 371 | */ |
| 372 | @VisibleForTesting |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 373 | @KeyChainProtectionParams.LockScreenUiFormat static int getUiFormat( |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 374 | int credentialType, String credential) { |
| 375 | if (credentialType == LockPatternUtils.CREDENTIAL_TYPE_PATTERN) { |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 376 | return KeyChainProtectionParams.UI_FORMAT_PATTERN; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 377 | } else if (isPin(credential)) { |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 378 | return KeyChainProtectionParams.UI_FORMAT_PIN; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 379 | } else { |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 380 | return KeyChainProtectionParams.UI_FORMAT_PASSWORD; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 381 | } |
| 382 | } |
| 383 | |
| 384 | /** |
| 385 | * Generates a salt to include with the lock screen hash. |
| 386 | * |
| 387 | * @return The salt. |
| 388 | */ |
| 389 | private byte[] generateSalt() { |
| 390 | byte[] salt = new byte[SALT_LENGTH_BYTES]; |
| 391 | new SecureRandom().nextBytes(salt); |
| 392 | return salt; |
| 393 | } |
| 394 | |
| 395 | /** |
| 396 | * Returns {@code true} if {@code credential} looks like a pin. |
| 397 | */ |
| 398 | @VisibleForTesting |
Dmitry Dementyev | abd713c | 2018-01-09 15:08:13 -0800 | [diff] [blame] | 399 | static boolean isPin(@Nullable String credential) { |
| 400 | if (credential == null) { |
| 401 | return false; |
| 402 | } |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 403 | int length = credential.length(); |
| 404 | for (int i = 0; i < length; i++) { |
| 405 | if (!Character.isDigit(credential.charAt(i))) { |
| 406 | return false; |
| 407 | } |
| 408 | } |
| 409 | return true; |
| 410 | } |
| 411 | |
| 412 | /** |
| 413 | * Hashes {@code credentials} with the given {@code salt}. |
| 414 | * |
| 415 | * @return The SHA-256 hash. |
| 416 | */ |
| 417 | @VisibleForTesting |
| 418 | static byte[] hashCredentials(byte[] salt, String credentials) { |
| 419 | byte[] credentialsBytes = credentials.getBytes(StandardCharsets.UTF_8); |
| 420 | ByteBuffer byteBuffer = ByteBuffer.allocate( |
| 421 | salt.length + credentialsBytes.length + LENGTH_PREFIX_BYTES * 2); |
| 422 | byteBuffer.order(ByteOrder.LITTLE_ENDIAN); |
| 423 | byteBuffer.putInt(salt.length); |
| 424 | byteBuffer.put(salt); |
| 425 | byteBuffer.putInt(credentialsBytes.length); |
| 426 | byteBuffer.put(credentialsBytes); |
| 427 | byte[] bytes = byteBuffer.array(); |
| 428 | |
| 429 | try { |
| 430 | return MessageDigest.getInstance(LOCK_SCREEN_HASH_ALGORITHM).digest(bytes); |
| 431 | } catch (NoSuchAlgorithmException e) { |
| 432 | // Impossible, SHA-256 must be supported on Android. |
| 433 | throw new RuntimeException(e); |
| 434 | } |
| 435 | } |
| 436 | |
| 437 | private static SecretKey generateRecoveryKey() throws NoSuchAlgorithmException { |
| 438 | KeyGenerator keyGenerator = KeyGenerator.getInstance(RECOVERY_KEY_ALGORITHM); |
| 439 | keyGenerator.init(RECOVERY_KEY_SIZE_BITS); |
| 440 | return keyGenerator.generateKey(); |
| 441 | } |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 442 | |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 443 | private static List<WrappedApplicationKey> createApplicationKeyEntries( |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 444 | Map<String, byte[]> encryptedApplicationKeys) { |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 445 | ArrayList<WrappedApplicationKey> keyEntries = new ArrayList<>(); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 446 | for (String alias : encryptedApplicationKeys.keySet()) { |
Dmitry Dementyev | 907e275 | 2018-01-26 10:54:52 -0800 | [diff] [blame] | 447 | keyEntries.add(new WrappedApplicationKey.Builder() |
| 448 | .setAlias(alias) |
| 449 | .setEncryptedKeyMaterial(encryptedApplicationKeys.get(alias)) |
| 450 | .build()); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 451 | } |
| 452 | return keyEntries; |
Robert Berry | f0a4bea | 2017-12-22 13:17:32 +0000 | [diff] [blame] | 453 | } |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 454 | } |