Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server.locksettings.recoverablekeystore; |
| 18 | |
Robert Berry | d9f11a9 | 2018-02-26 16:37:06 +0000 | [diff] [blame] | 19 | import static android.security.keystore.recovery.RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT; |
| 20 | import static android.security.keystore.recovery.RecoveryController.ERROR_DECRYPTION_FAILED; |
| 21 | import static android.security.keystore.recovery.RecoveryController.ERROR_INSECURE_USER; |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame^] | 22 | import static android.security.keystore.recovery.RecoveryController.ERROR_INVALID_KEY_FORMAT; |
Robert Berry | d9f11a9 | 2018-02-26 16:37:06 +0000 | [diff] [blame] | 23 | import static android.security.keystore.recovery.RecoveryController.ERROR_NO_SNAPSHOT_PENDING; |
| 24 | import static android.security.keystore.recovery.RecoveryController.ERROR_SERVICE_INTERNAL_ERROR; |
| 25 | import static android.security.keystore.recovery.RecoveryController.ERROR_SESSION_EXPIRED; |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 26 | |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 27 | import android.Manifest; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 28 | import android.annotation.NonNull; |
| 29 | import android.annotation.Nullable; |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 30 | import android.app.PendingIntent; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 31 | import android.content.Context; |
| 32 | import android.os.Binder; |
| 33 | import android.os.RemoteException; |
| 34 | import android.os.ServiceSpecificException; |
| 35 | import android.os.UserHandle; |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 36 | import android.security.keystore.recovery.KeyChainProtectionParams; |
| 37 | import android.security.keystore.recovery.KeyChainSnapshot; |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 38 | import android.security.keystore.recovery.RecoveryCertPath; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 39 | import android.security.keystore.recovery.RecoveryController; |
| 40 | import android.security.keystore.recovery.WrappedApplicationKey; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 41 | import android.security.KeyStore; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 42 | import android.util.Log; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 43 | |
| 44 | import com.android.internal.annotations.VisibleForTesting; |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 45 | import com.android.internal.util.HexDump; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 46 | import com.android.server.locksettings.recoverablekeystore.storage.ApplicationKeyStorage; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 47 | import com.android.server.locksettings.recoverablekeystore.certificate.CertParsingException; |
| 48 | import com.android.server.locksettings.recoverablekeystore.certificate.CertValidationException; |
| 49 | import com.android.server.locksettings.recoverablekeystore.certificate.CertXml; |
| 50 | import com.android.server.locksettings.recoverablekeystore.certificate.TrustedRootCert; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 51 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; |
| 52 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 53 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 54 | |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 55 | import java.security.InvalidKeyException; |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 56 | import java.security.KeyFactory; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 57 | import java.security.KeyStoreException; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 58 | import java.security.NoSuchAlgorithmException; |
| 59 | import java.security.PublicKey; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 60 | import java.security.UnrecoverableKeyException; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 61 | import java.security.cert.CertPath; |
| 62 | import java.security.cert.CertificateEncodingException; |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 63 | import java.security.cert.CertificateException; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 64 | import java.security.spec.InvalidKeySpecException; |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 65 | import java.security.spec.X509EncodedKeySpec; |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 66 | import java.util.Arrays; |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 67 | import java.util.HashMap; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 68 | import java.util.List; |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 69 | import java.util.Locale; |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 70 | import java.util.Map; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 71 | import java.util.concurrent.ExecutorService; |
| 72 | import java.util.concurrent.Executors; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 73 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 74 | import javax.crypto.AEADBadTagException; |
| 75 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 76 | /** |
Robert Berry | 74928a1 | 2018-01-18 17:49:07 +0000 | [diff] [blame] | 77 | * Class with {@link RecoveryController} API implementation and internal methods to interact |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 78 | * with {@code LockSettingsService}. |
| 79 | * |
| 80 | * @hide |
| 81 | */ |
| 82 | public class RecoverableKeyStoreManager { |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 83 | private static final String TAG = "RecoverableKeyStoreMgr"; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 84 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 85 | private static RecoverableKeyStoreManager mInstance; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 86 | |
| 87 | private final Context mContext; |
| 88 | private final RecoverableKeyStoreDb mDatabase; |
| 89 | private final RecoverySessionStorage mRecoverySessionStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 90 | private final ExecutorService mExecutorService; |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 91 | private final RecoverySnapshotListenersStorage mListenersStorage; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 92 | private final RecoverableKeyGenerator mRecoverableKeyGenerator; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 93 | private final RecoverySnapshotStorage mSnapshotStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 94 | private final PlatformKeyManager mPlatformKeyManager; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 95 | private final KeyStore mKeyStore; |
| 96 | private final ApplicationKeyStorage mApplicationKeyStorage; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 97 | |
| 98 | /** |
| 99 | * Returns a new or existing instance. |
| 100 | * |
| 101 | * @hide |
| 102 | */ |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 103 | public static synchronized RecoverableKeyStoreManager |
| 104 | getInstance(Context context, KeyStore keystore) { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 105 | if (mInstance == null) { |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 106 | RecoverableKeyStoreDb db = RecoverableKeyStoreDb.newInstance(context); |
| 107 | PlatformKeyManager platformKeyManager; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 108 | ApplicationKeyStorage applicationKeyStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 109 | try { |
| 110 | platformKeyManager = PlatformKeyManager.getInstance(context, db); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 111 | applicationKeyStorage = ApplicationKeyStorage.getInstance(keystore); |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 112 | } catch (NoSuchAlgorithmException e) { |
| 113 | // Impossible: all algorithms must be supported by AOSP |
| 114 | throw new RuntimeException(e); |
| 115 | } catch (KeyStoreException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 116 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 117 | } |
| 118 | |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 119 | mInstance = new RecoverableKeyStoreManager( |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 120 | context.getApplicationContext(), |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 121 | keystore, |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 122 | db, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 123 | new RecoverySessionStorage(), |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 124 | Executors.newSingleThreadExecutor(), |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 125 | new RecoverySnapshotStorage(), |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 126 | new RecoverySnapshotListenersStorage(), |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 127 | platformKeyManager, |
| 128 | applicationKeyStorage); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 129 | } |
| 130 | return mInstance; |
| 131 | } |
| 132 | |
| 133 | @VisibleForTesting |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 134 | RecoverableKeyStoreManager( |
| 135 | Context context, |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 136 | KeyStore keystore, |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 137 | RecoverableKeyStoreDb recoverableKeyStoreDb, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 138 | RecoverySessionStorage recoverySessionStorage, |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 139 | ExecutorService executorService, |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 140 | RecoverySnapshotStorage snapshotStorage, |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 141 | RecoverySnapshotListenersStorage listenersStorage, |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 142 | PlatformKeyManager platformKeyManager, |
| 143 | ApplicationKeyStorage applicationKeyStorage) { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 144 | mContext = context; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 145 | mKeyStore = keystore; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 146 | mDatabase = recoverableKeyStoreDb; |
| 147 | mRecoverySessionStorage = recoverySessionStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 148 | mExecutorService = executorService; |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 149 | mListenersStorage = listenersStorage; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 150 | mSnapshotStorage = snapshotStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 151 | mPlatformKeyManager = platformKeyManager; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 152 | mApplicationKeyStorage = applicationKeyStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 153 | |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 154 | try { |
| 155 | mRecoverableKeyGenerator = RecoverableKeyGenerator.newInstance(mDatabase); |
| 156 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 157 | Log.wtf(TAG, "AES keygen algorithm not available. AOSP must support this.", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 158 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 159 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 160 | } |
| 161 | |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 162 | public void initRecoveryService( |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 163 | @NonNull String rootCertificateAlias, @NonNull byte[] recoveryServiceCertFile) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 164 | throws RemoteException { |
| 165 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 166 | int userId = UserHandle.getCallingUserId(); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 167 | int uid = Binder.getCallingUid(); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 168 | |
| 169 | // TODO: Check the public-key signature on the whole file before parsing it |
| 170 | |
| 171 | CertXml certXml; |
| 172 | try { |
| 173 | certXml = CertXml.parse(recoveryServiceCertFile); |
| 174 | } catch (CertParsingException e) { |
| 175 | // TODO: Do not use raw key bytes anymore once the other components are updated |
Bo Zhu | ed00d25 | 2018-02-14 11:50:57 -0800 | [diff] [blame] | 176 | Log.d(TAG, "Failed to parse the input as a cert file: " + HexDump.toHexString( |
| 177 | recoveryServiceCertFile)); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 178 | PublicKey publicKey = parseEcPublicKey(recoveryServiceCertFile); |
| 179 | if (mDatabase.setRecoveryServicePublicKey(userId, uid, publicKey) > 0) { |
| 180 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 181 | } |
Bo Zhu | ed00d25 | 2018-02-14 11:50:57 -0800 | [diff] [blame] | 182 | Log.d(TAG, "Successfully set the input as the raw public key"); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 183 | return; |
| 184 | } |
| 185 | |
| 186 | // Check serial number |
| 187 | long newSerial = certXml.getSerial(); |
| 188 | Long oldSerial = mDatabase.getRecoveryServiceCertSerial(userId, uid); |
| 189 | if (oldSerial != null && oldSerial >= newSerial) { |
| 190 | if (oldSerial == newSerial) { |
| 191 | Log.i(TAG, "The cert file serial number is the same, so skip updating."); |
| 192 | } else { |
| 193 | Log.e(TAG, "The cert file serial number is older than the one in database."); |
| 194 | } |
| 195 | return; |
| 196 | } |
| 197 | Log.i(TAG, "Updating the certificate with the new serial number " + newSerial); |
| 198 | |
| 199 | CertPath certPath; |
| 200 | try { |
| 201 | Log.d(TAG, "Getting and validating a random endpoint certificate"); |
| 202 | certPath = certXml.getRandomEndpointCert(TrustedRootCert.TRUSTED_ROOT_CERT); |
| 203 | } catch (CertValidationException e) { |
| 204 | Log.e(TAG, "Invalid endpoint cert", e); |
| 205 | throw new ServiceSpecificException( |
| 206 | ERROR_BAD_CERTIFICATE_FORMAT, "Failed to validate certificate."); |
| 207 | } |
| 208 | try { |
| 209 | Log.d(TAG, "Saving the randomly chosen endpoint certificate to database"); |
| 210 | if (mDatabase.setRecoveryServiceCertPath(userId, uid, certPath) > 0) { |
| 211 | mDatabase.setRecoveryServiceCertSerial(userId, uid, newSerial); |
| 212 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 213 | } |
| 214 | } catch (CertificateEncodingException e) { |
| 215 | Log.e(TAG, "Failed to encode CertPath", e); |
| 216 | throw new ServiceSpecificException( |
| 217 | ERROR_BAD_CERTIFICATE_FORMAT, "Failed to encode CertPath."); |
| 218 | } |
| 219 | } |
| 220 | |
| 221 | private PublicKey parseEcPublicKey(@NonNull byte[] bytes) throws ServiceSpecificException { |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 222 | try { |
| 223 | KeyFactory kf = KeyFactory.getInstance("EC"); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 224 | X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(bytes); |
| 225 | return kf.generatePublic(pkSpec); |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 226 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 227 | Log.wtf(TAG, "EC algorithm not available. AOSP must support this.", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 228 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 229 | } catch (InvalidKeySpecException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 230 | throw new ServiceSpecificException( |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 231 | ERROR_BAD_CERTIFICATE_FORMAT, "Not a valid X509 certificate."); |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 232 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 233 | } |
| 234 | |
| 235 | /** |
| 236 | * Gets all data necessary to recover application keys on new device. |
| 237 | * |
| 238 | * @return recovery data |
| 239 | * @hide |
| 240 | */ |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 241 | public @NonNull |
Dmitry Dementyev | b4fb987 | 2018-01-26 11:49:34 -0800 | [diff] [blame] | 242 | KeyChainSnapshot getKeyChainSnapshot() |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 243 | throws RemoteException { |
| 244 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 245 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 246 | KeyChainSnapshot snapshot = mSnapshotStorage.get(uid); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 247 | if (snapshot == null) { |
Dmitry Dementyev | 7d8c78a | 2018-01-12 19:14:07 -0800 | [diff] [blame] | 248 | throw new ServiceSpecificException(ERROR_NO_SNAPSHOT_PENDING); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 249 | } |
| 250 | return snapshot; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 251 | } |
| 252 | |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 253 | public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent) |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 254 | throws RemoteException { |
| 255 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 256 | int uid = Binder.getCallingUid(); |
| 257 | mListenersStorage.setSnapshotListener(uid, intent); |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 258 | } |
| 259 | |
| 260 | /** |
| 261 | * Gets recovery snapshot versions for all accounts. Note that snapshot may have 0 application |
| 262 | * keys, but it still needs to be synced, if previous versions were not empty. |
| 263 | * |
| 264 | * @return Map from Recovery agent account to snapshot version. |
| 265 | */ |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 266 | public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions() |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 267 | throws RemoteException { |
| 268 | checkRecoverKeyStorePermission(); |
| 269 | throw new UnsupportedOperationException(); |
| 270 | } |
| 271 | |
Dmitry Dementyev | 7d8c78a | 2018-01-12 19:14:07 -0800 | [diff] [blame] | 272 | public void setServerParams(byte[] serverParams) throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 273 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 274 | int userId = UserHandle.getCallingUserId(); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 275 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 7d8c78a | 2018-01-12 19:14:07 -0800 | [diff] [blame] | 276 | long updatedRows = mDatabase.setServerParams(userId, uid, serverParams); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 277 | if (updatedRows > 0) { |
| 278 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 279 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 280 | } |
| 281 | |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 282 | /** |
Robert Berry | bbe02ae | 2018-02-20 19:47:43 +0000 | [diff] [blame] | 283 | * Sets the recovery status of key with {@code alias} to {@code status}. |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 284 | */ |
Robert Berry | bbe02ae | 2018-02-20 19:47:43 +0000 | [diff] [blame] | 285 | public void setRecoveryStatus(String alias, int status) throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 286 | checkRecoverKeyStorePermission(); |
Robert Berry | bbe02ae | 2018-02-20 19:47:43 +0000 | [diff] [blame] | 287 | mDatabase.setRecoveryStatus(Binder.getCallingUid(), alias, status); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 288 | } |
| 289 | |
| 290 | /** |
Robert Berry | 56f06b4 | 2018-02-23 13:31:32 +0000 | [diff] [blame] | 291 | * Returns recovery statuses for all keys belonging to the calling uid. |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 292 | * |
Robert Berry | 56f06b4 | 2018-02-23 13:31:32 +0000 | [diff] [blame] | 293 | * @return {@link Map} from key alias to recovery status. Recovery status is one of |
| 294 | * {@link RecoveryController#RECOVERY_STATUS_SYNCED}, |
| 295 | * {@link RecoveryController#RECOVERY_STATUS_SYNC_IN_PROGRESS} or |
| 296 | * {@link RecoveryController#RECOVERY_STATUS_PERMANENT_FAILURE}. |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 297 | */ |
Robert Berry | 56f06b4 | 2018-02-23 13:31:32 +0000 | [diff] [blame] | 298 | public @NonNull Map<String, Integer> getRecoveryStatus() throws RemoteException { |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 299 | return mDatabase.getStatusForAllKeys(Binder.getCallingUid()); |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 300 | } |
| 301 | |
| 302 | /** |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 303 | * Sets recovery secrets list used by all recovery agents for given {@code userId} |
| 304 | * |
| 305 | * @hide |
| 306 | */ |
| 307 | public void setRecoverySecretTypes( |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 308 | @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 309 | throws RemoteException { |
| 310 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 311 | int userId = UserHandle.getCallingUserId(); |
| 312 | int uid = Binder.getCallingUid(); |
| 313 | long updatedRows = mDatabase.setRecoverySecretTypes(userId, uid, secretTypes); |
| 314 | if (updatedRows > 0) { |
| 315 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 316 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 317 | } |
| 318 | |
| 319 | /** |
| 320 | * Gets secret types necessary to create Recovery Data. |
| 321 | * |
| 322 | * @return secret types |
| 323 | * @hide |
| 324 | */ |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 325 | public @NonNull int[] getRecoverySecretTypes() throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 326 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | bdfdf53 | 2017-12-27 11:58:45 -0800 | [diff] [blame] | 327 | return mDatabase.getRecoverySecretTypes(UserHandle.getCallingUserId(), |
| 328 | Binder.getCallingUid()); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 329 | } |
| 330 | |
| 331 | /** |
Dmitry Dementyev | ed89ea0 | 2018-01-11 13:53:52 -0800 | [diff] [blame] | 332 | * Gets secret types RecoveryManagers is waiting for to create new Recovery Data. |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 333 | * |
| 334 | * @return secret types |
| 335 | * @hide |
| 336 | */ |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 337 | public @NonNull int[] getPendingRecoverySecretTypes() throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 338 | checkRecoverKeyStorePermission(); |
| 339 | throw new UnsupportedOperationException(); |
| 340 | } |
| 341 | |
| 342 | public void recoverySecretAvailable( |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 343 | @NonNull KeyChainProtectionParams recoverySecret) throws RemoteException { |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 344 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 345 | if (recoverySecret.getLockScreenUiFormat() == KeyChainProtectionParams.TYPE_LOCKSCREEN) { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 346 | throw new SecurityException( |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 347 | "Caller " + uid + " is not allowed to set lock screen secret"); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 348 | } |
| 349 | checkRecoverKeyStorePermission(); |
| 350 | // TODO: add hook from LockSettingsService to set lock screen secret. |
| 351 | throw new UnsupportedOperationException(); |
| 352 | } |
| 353 | |
| 354 | /** |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 355 | * Initializes recovery session given the X509-encoded public key of the recovery service. |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 356 | * |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 357 | * @param sessionId A unique ID to identify the recovery session. |
| 358 | * @param verifierPublicKey X509-encoded public key. |
| 359 | * @param vaultParams Additional params associated with vault. |
| 360 | * @param vaultChallenge Challenge issued by vault service. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 361 | * @param secrets Lock-screen hashes. For now only a single secret is supported. |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 362 | * @return Encrypted bytes of recovery claim. This can then be issued to the vault service. |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 363 | * @deprecated Use {@link #startRecoverySessionWithCertPath(String, RecoveryCertPath, byte[], |
| 364 | * byte[], List)} instead. |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 365 | * |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 366 | * @hide |
| 367 | */ |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 368 | public @NonNull byte[] startRecoverySession( |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 369 | @NonNull String sessionId, |
| 370 | @NonNull byte[] verifierPublicKey, |
| 371 | @NonNull byte[] vaultParams, |
| 372 | @NonNull byte[] vaultChallenge, |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 373 | @NonNull List<KeyChainProtectionParams> secrets) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 374 | throws RemoteException { |
| 375 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 376 | int uid = Binder.getCallingUid(); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 377 | |
| 378 | if (secrets.size() != 1) { |
Robert Berry | 9e1bd36 | 2018-01-17 23:28:45 +0000 | [diff] [blame] | 379 | throw new UnsupportedOperationException( |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 380 | "Only a single KeyChainProtectionParams is supported"); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 381 | } |
| 382 | |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 383 | PublicKey publicKey; |
| 384 | try { |
| 385 | publicKey = KeySyncUtils.deserializePublicKey(verifierPublicKey); |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 386 | } catch (InvalidKeySpecException e) { |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 387 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, |
| 388 | "Not a valid X509 key"); |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 389 | } |
| 390 | // The raw public key bytes contained in vaultParams must match the ones given in |
| 391 | // verifierPublicKey; otherwise, the user secret may be decrypted by a key that is not owned |
| 392 | // by the original recovery service. |
| 393 | if (!publicKeysMatch(publicKey, vaultParams)) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 394 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 395 | "The public keys given in verifierPublicKey and vaultParams do not match."); |
| 396 | } |
| 397 | |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 398 | byte[] keyClaimant = KeySyncUtils.generateKeyClaimant(); |
| 399 | byte[] kfHash = secrets.get(0).getSecret(); |
| 400 | mRecoverySessionStorage.add( |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 401 | uid, |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 402 | new RecoverySessionStorage.Entry(sessionId, kfHash, keyClaimant, vaultParams)); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 403 | |
| 404 | try { |
| 405 | byte[] thmKfHash = KeySyncUtils.calculateThmKfHash(kfHash); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 406 | return KeySyncUtils.encryptRecoveryClaim( |
| 407 | publicKey, |
| 408 | vaultParams, |
| 409 | vaultChallenge, |
| 410 | thmKfHash, |
| 411 | keyClaimant); |
| 412 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 413 | Log.wtf(TAG, "SecureBox algorithm missing. AOSP must support this.", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 414 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 415 | } catch (InvalidKeyException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 416 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage()); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 417 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 418 | } |
| 419 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 420 | /** |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 421 | * Initializes recovery session given the certificate path of the recovery service. |
| 422 | * |
| 423 | * @param sessionId A unique ID to identify the recovery session. |
| 424 | * @param verifierCertPath The certificate path of the recovery service. |
| 425 | * @param vaultParams Additional params associated with vault. |
| 426 | * @param vaultChallenge Challenge issued by vault service. |
| 427 | * @param secrets Lock-screen hashes. For now only a single secret is supported. |
| 428 | * @return Encrypted bytes of recovery claim. This can then be issued to the vault service. |
| 429 | * |
| 430 | * @hide |
| 431 | */ |
| 432 | public @NonNull byte[] startRecoverySessionWithCertPath( |
| 433 | @NonNull String sessionId, |
| 434 | @NonNull RecoveryCertPath verifierCertPath, |
| 435 | @NonNull byte[] vaultParams, |
| 436 | @NonNull byte[] vaultChallenge, |
| 437 | @NonNull List<KeyChainProtectionParams> secrets) |
| 438 | throws RemoteException { |
| 439 | checkRecoverKeyStorePermission(); |
| 440 | |
| 441 | CertPath certPath; |
| 442 | try { |
| 443 | certPath = verifierCertPath.getCertPath(); |
| 444 | } catch (CertificateException e) { |
| 445 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, |
| 446 | "Failed decode the certificate path"); |
| 447 | } |
| 448 | |
| 449 | // TODO: Validate the cert path according to the root of trust |
| 450 | |
| 451 | if (certPath.getCertificates().isEmpty()) { |
| 452 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, |
| 453 | "The given CertPath is empty"); |
| 454 | } |
| 455 | byte[] verifierPublicKey = certPath.getCertificates().get(0).getPublicKey().getEncoded(); |
| 456 | if (verifierPublicKey == null) { |
| 457 | Log.e(TAG, "Failed to encode verifierPublicKey"); |
| 458 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, |
| 459 | "Failed to encode verifierPublicKey"); |
| 460 | } |
| 461 | |
| 462 | return startRecoverySession( |
| 463 | sessionId, verifierPublicKey, vaultParams, vaultChallenge, secrets); |
| 464 | } |
| 465 | |
| 466 | /** |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 467 | * Invoked by a recovery agent after a successful recovery claim is sent to the remote vault |
| 468 | * service. |
| 469 | * |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 470 | * @param sessionId The session ID used to generate the claim. See |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 471 | * {@link #startRecoverySession(String, byte[], byte[], byte[], List)}. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 472 | * @param encryptedRecoveryKey The encrypted recovery key blob returned by the remote vault |
| 473 | * service. |
| 474 | * @param applicationKeys The encrypted key blobs returned by the remote vault service. These |
| 475 | * were wrapped with the recovery key. |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 476 | * @return Map from alias to raw key material. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 477 | * @throws RemoteException if an error occurred recovering the keys. |
| 478 | */ |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 479 | public Map<String, byte[]> recoverKeys( |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 480 | @NonNull String sessionId, |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 481 | @NonNull byte[] encryptedRecoveryKey, |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 482 | @NonNull List<WrappedApplicationKey> applicationKeys) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 483 | throws RemoteException { |
| 484 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 485 | int uid = Binder.getCallingUid(); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 486 | RecoverySessionStorage.Entry sessionEntry = mRecoverySessionStorage.get(uid, sessionId); |
| 487 | if (sessionEntry == null) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 488 | throw new ServiceSpecificException(ERROR_SESSION_EXPIRED, |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 489 | String.format(Locale.US, |
| 490 | "Application uid=%d does not have pending session '%s'", uid, sessionId)); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 491 | } |
| 492 | |
| 493 | try { |
| 494 | byte[] recoveryKey = decryptRecoveryKey(sessionEntry, encryptedRecoveryKey); |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 495 | return recoverApplicationKeys(recoveryKey, applicationKeys); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 496 | } finally { |
| 497 | sessionEntry.destroy(); |
| 498 | mRecoverySessionStorage.remove(uid); |
| 499 | } |
| 500 | } |
| 501 | |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 502 | /** |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 503 | * Deprecated |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 504 | * Generates a key named {@code alias} in the recoverable store for the calling uid. Then |
| 505 | * returns the raw key material. |
| 506 | * |
| 507 | * <p>TODO: Once AndroidKeyStore has added move api, do not return raw bytes. |
| 508 | * |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame^] | 509 | * @deprecated |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 510 | * @hide |
| 511 | */ |
| 512 | public byte[] generateAndStoreKey(@NonNull String alias) throws RemoteException { |
| 513 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 514 | int userId = UserHandle.getCallingUserId(); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 515 | |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 516 | PlatformEncryptionKey encryptionKey; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 517 | try { |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 518 | encryptionKey = mPlatformKeyManager.getEncryptKey(userId); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 519 | } catch (NoSuchAlgorithmException e) { |
| 520 | // Impossible: all algorithms must be supported by AOSP |
| 521 | throw new RuntimeException(e); |
| 522 | } catch (KeyStoreException | UnrecoverableKeyException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 523 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 524 | } catch (InsecureUserException e) { |
| 525 | throw new ServiceSpecificException(ERROR_INSECURE_USER, e.getMessage()); |
| 526 | } |
| 527 | |
| 528 | try { |
| 529 | return mRecoverableKeyGenerator.generateAndStoreKey(encryptionKey, userId, uid, alias); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 530 | } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) { |
| 531 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 532 | } |
| 533 | } |
| 534 | |
Robert Berry | 2bcdad9 | 2018-01-18 12:53:29 +0000 | [diff] [blame] | 535 | /** |
| 536 | * Destroys the session with the given {@code sessionId}. |
| 537 | */ |
| 538 | public void closeSession(@NonNull String sessionId) throws RemoteException { |
| 539 | mRecoverySessionStorage.remove(Binder.getCallingUid(), sessionId); |
| 540 | } |
| 541 | |
Robert Berry | 5daccec | 2018-01-06 19:16:25 +0000 | [diff] [blame] | 542 | public void removeKey(@NonNull String alias) throws RemoteException { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 543 | int uid = Binder.getCallingUid(); |
| 544 | int userId = UserHandle.getCallingUserId(); |
| 545 | |
| 546 | boolean wasRemoved = mDatabase.removeKey(uid, alias); |
| 547 | if (wasRemoved) { |
| 548 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 549 | mApplicationKeyStorage.deleteEntry(userId, uid, alias); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 550 | } |
Robert Berry | 5daccec | 2018-01-06 19:16:25 +0000 | [diff] [blame] | 551 | } |
| 552 | |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 553 | /** |
| 554 | * Generates a key named {@code alias} in caller's namespace. |
| 555 | * The key is stored in system service keystore namespace. |
| 556 | * |
| 557 | * @return grant alias, which caller can use to access the key. |
| 558 | */ |
Robert Berry | a3b9947 | 2018-02-23 15:59:02 +0000 | [diff] [blame] | 559 | public String generateKey(@NonNull String alias) throws RemoteException { |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 560 | int uid = Binder.getCallingUid(); |
| 561 | int userId = UserHandle.getCallingUserId(); |
| 562 | |
| 563 | PlatformEncryptionKey encryptionKey; |
| 564 | try { |
| 565 | encryptionKey = mPlatformKeyManager.getEncryptKey(userId); |
| 566 | } catch (NoSuchAlgorithmException e) { |
| 567 | // Impossible: all algorithms must be supported by AOSP |
| 568 | throw new RuntimeException(e); |
| 569 | } catch (KeyStoreException | UnrecoverableKeyException e) { |
| 570 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 571 | } catch (InsecureUserException e) { |
| 572 | throw new ServiceSpecificException(ERROR_INSECURE_USER, e.getMessage()); |
| 573 | } |
| 574 | |
| 575 | try { |
| 576 | byte[] secretKey = |
| 577 | mRecoverableKeyGenerator.generateAndStoreKey(encryptionKey, userId, uid, alias); |
| 578 | mApplicationKeyStorage.setSymmetricKeyEntry(userId, uid, alias, secretKey); |
Robert Berry | a3b9947 | 2018-02-23 15:59:02 +0000 | [diff] [blame] | 579 | return mApplicationKeyStorage.getGrantAlias(userId, uid, alias); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 580 | } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) { |
| 581 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 582 | } |
| 583 | } |
| 584 | |
| 585 | /** |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame^] | 586 | * Imports a 256-bit AES-GCM key named {@code alias}. The key is stored in system service |
| 587 | * keystore namespace. |
| 588 | * |
| 589 | * @param alias the alias provided by caller as a reference to the key. |
| 590 | * @param keyBytes the raw bytes of the 256-bit AES key. |
| 591 | * @return grant alias, which caller can use to access the key. |
| 592 | * @throws RemoteException if the given key is invalid or some internal errors occur. |
| 593 | * |
| 594 | * @hide |
| 595 | */ |
| 596 | public String importKey(@NonNull String alias, @NonNull byte[] keyBytes) |
| 597 | throws RemoteException { |
| 598 | if (keyBytes == null || |
| 599 | keyBytes.length != RecoverableKeyGenerator.KEY_SIZE_BITS / Byte.SIZE) { |
| 600 | Log.e(TAG, "The given key for import doesn't have the required length " |
| 601 | + RecoverableKeyGenerator.KEY_SIZE_BITS); |
| 602 | throw new ServiceSpecificException(ERROR_INVALID_KEY_FORMAT, |
| 603 | "The given key does not contain " + RecoverableKeyGenerator.KEY_SIZE_BITS |
| 604 | + " bits."); |
| 605 | } |
| 606 | |
| 607 | int uid = Binder.getCallingUid(); |
| 608 | int userId = UserHandle.getCallingUserId(); |
| 609 | |
| 610 | // TODO: Refactor RecoverableKeyGenerator to wrap the PlatformKey logic |
| 611 | |
| 612 | PlatformEncryptionKey encryptionKey; |
| 613 | try { |
| 614 | encryptionKey = mPlatformKeyManager.getEncryptKey(userId); |
| 615 | } catch (NoSuchAlgorithmException e) { |
| 616 | // Impossible: all algorithms must be supported by AOSP |
| 617 | throw new RuntimeException(e); |
| 618 | } catch (KeyStoreException | UnrecoverableKeyException e) { |
| 619 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 620 | } catch (InsecureUserException e) { |
| 621 | throw new ServiceSpecificException(ERROR_INSECURE_USER, e.getMessage()); |
| 622 | } |
| 623 | |
| 624 | try { |
| 625 | // Wrap the key by the platform key and store the wrapped key locally |
| 626 | mRecoverableKeyGenerator.importKey(encryptionKey, userId, uid, alias, keyBytes); |
| 627 | |
| 628 | // Import the key to Android KeyStore and get grant |
| 629 | mApplicationKeyStorage.setSymmetricKeyEntry(userId, uid, alias, keyBytes); |
| 630 | return mApplicationKeyStorage.getGrantAlias(userId, uid, alias); |
| 631 | } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) { |
| 632 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 633 | } |
| 634 | } |
| 635 | |
| 636 | /** |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 637 | * Gets a key named {@code alias} in caller's namespace. |
| 638 | * |
| 639 | * @return grant alias, which caller can use to access the key. |
| 640 | */ |
| 641 | public String getKey(@NonNull String alias) throws RemoteException { |
| 642 | int uid = Binder.getCallingUid(); |
| 643 | int userId = UserHandle.getCallingUserId(); |
| 644 | String grantAlias = mApplicationKeyStorage.getGrantAlias(userId, uid, alias); |
| 645 | return grantAlias; |
| 646 | } |
| 647 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 648 | private byte[] decryptRecoveryKey( |
| 649 | RecoverySessionStorage.Entry sessionEntry, byte[] encryptedClaimResponse) |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 650 | throws RemoteException, ServiceSpecificException { |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 651 | byte[] locallyEncryptedKey; |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 652 | try { |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 653 | locallyEncryptedKey = KeySyncUtils.decryptRecoveryClaimResponse( |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 654 | sessionEntry.getKeyClaimant(), |
| 655 | sessionEntry.getVaultParams(), |
| 656 | encryptedClaimResponse); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 657 | } catch (InvalidKeyException e) { |
| 658 | Log.e(TAG, "Got InvalidKeyException during decrypting recovery claim response", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 659 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 660 | "Failed to decrypt recovery key " + e.getMessage()); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 661 | } catch (AEADBadTagException e) { |
| 662 | Log.e(TAG, "Got AEADBadTagException during decrypting recovery claim response", e); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 663 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 664 | "Failed to decrypt recovery key " + e.getMessage()); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 665 | } catch (NoSuchAlgorithmException e) { |
| 666 | // Should never happen: all the algorithms used are required by AOSP implementations |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 667 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 668 | } |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 669 | |
| 670 | try { |
Bo Zhu | 9d05bfb | 2018-01-29 17:22:03 -0800 | [diff] [blame] | 671 | return KeySyncUtils.decryptRecoveryKey(sessionEntry.getLskfHash(), locallyEncryptedKey); |
| 672 | } catch (InvalidKeyException e) { |
| 673 | Log.e(TAG, "Got InvalidKeyException during decrypting recovery key", e); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 674 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 675 | "Failed to decrypt recovery key " + e.getMessage()); |
| 676 | } catch (AEADBadTagException e) { |
| 677 | Log.e(TAG, "Got AEADBadTagException during decrypting recovery key", e); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 678 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 679 | "Failed to decrypt recovery key " + e.getMessage()); |
| 680 | } catch (NoSuchAlgorithmException e) { |
| 681 | // Should never happen: all the algorithms used are required by AOSP implementations |
| 682 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 683 | } |
| 684 | } |
| 685 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 686 | /** |
| 687 | * Uses {@code recoveryKey} to decrypt {@code applicationKeys}. |
| 688 | * |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 689 | * @return Map from alias to raw key material. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 690 | * @throws RemoteException if an error occurred decrypting the keys. |
| 691 | */ |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 692 | private Map<String, byte[]> recoverApplicationKeys( |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 693 | @NonNull byte[] recoveryKey, |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 694 | @NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException { |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 695 | HashMap<String, byte[]> keyMaterialByAlias = new HashMap<>(); |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 696 | for (WrappedApplicationKey applicationKey : applicationKeys) { |
Dmitry Dementyev | 07c76555 | 2018-01-08 17:31:59 -0800 | [diff] [blame] | 697 | String alias = applicationKey.getAlias(); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 698 | byte[] encryptedKeyMaterial = applicationKey.getEncryptedKeyMaterial(); |
| 699 | |
| 700 | try { |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 701 | byte[] keyMaterial = |
| 702 | KeySyncUtils.decryptApplicationKey(recoveryKey, encryptedKeyMaterial); |
| 703 | keyMaterialByAlias.put(alias, keyMaterial); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 704 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 705 | Log.wtf(TAG, "Missing SecureBox algorithm. AOSP required to support this.", e); |
| 706 | throw new ServiceSpecificException( |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 707 | ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | a9a04e2 | 2018-01-26 11:38:11 -0800 | [diff] [blame] | 708 | } catch (InvalidKeyException e) { |
Bo Zhu | a9a04e2 | 2018-01-26 11:38:11 -0800 | [diff] [blame] | 709 | Log.e(TAG, "Got InvalidKeyException during decrypting application key with alias: " |
| 710 | + alias, e); |
Bo Zhu | a9a04e2 | 2018-01-26 11:38:11 -0800 | [diff] [blame] | 711 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 712 | "Failed to recover key with alias '" + alias + "': " + e.getMessage()); |
| 713 | } catch (AEADBadTagException e) { |
Bo Zhu | a9a04e2 | 2018-01-26 11:38:11 -0800 | [diff] [blame] | 714 | Log.e(TAG, "Got AEADBadTagException during decrypting application key with alias: " |
| 715 | + alias, e); |
Bo Zhu | 4857cb5 | 2018-02-06 14:34:48 -0800 | [diff] [blame] | 716 | // Ignore the exception to continue to recover the other application keys. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 717 | } |
| 718 | } |
Bo Zhu | ae0682d | 2018-02-13 10:23:39 -0800 | [diff] [blame] | 719 | if (!applicationKeys.isEmpty() && keyMaterialByAlias.isEmpty()) { |
Bo Zhu | 4857cb5 | 2018-02-06 14:34:48 -0800 | [diff] [blame] | 720 | Log.e(TAG, "Failed to recover any of the application keys."); |
| 721 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 722 | "Failed to recover any of the application keys."); |
| 723 | } |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 724 | return keyMaterialByAlias; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 725 | } |
| 726 | |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 727 | /** |
| 728 | * This function can only be used inside LockSettingsService. |
| 729 | * |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 730 | * @param storedHashType from {@code CredentialHash} |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 731 | * @param credential - unencrypted String. Password length should be at most 16 symbols {@code |
| 732 | * mPasswordMaxLength} |
| 733 | * @param userId for user who just unlocked the device. |
| 734 | * @hide |
| 735 | */ |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 736 | public void lockScreenSecretAvailable( |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 737 | int storedHashType, @NonNull String credential, int userId) { |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 738 | // So as not to block the critical path unlocking the phone, defer to another thread. |
| 739 | try { |
| 740 | mExecutorService.execute(KeySyncTask.newInstance( |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 741 | mContext, |
| 742 | mDatabase, |
| 743 | mSnapshotStorage, |
| 744 | mListenersStorage, |
| 745 | userId, |
| 746 | storedHashType, |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 747 | credential, |
| 748 | /*credentialUpdated=*/ false)); |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 749 | } catch (NoSuchAlgorithmException e) { |
| 750 | Log.wtf(TAG, "Should never happen - algorithm unavailable for KeySync", e); |
| 751 | } catch (KeyStoreException e) { |
| 752 | Log.e(TAG, "Key store error encountered during recoverable key sync", e); |
| 753 | } catch (InsecureUserException e) { |
| 754 | Log.wtf(TAG, "Impossible - insecure user, but user just entered lock screen", e); |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 755 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 756 | } |
| 757 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 758 | /** |
| 759 | * This function can only be used inside LockSettingsService. |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 760 | * |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 761 | * @param storedHashType from {@code CredentialHash} |
| 762 | * @param credential - unencrypted String |
| 763 | * @param userId for the user whose lock screen credentials were changed. |
| 764 | * @hide |
| 765 | */ |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 766 | public void lockScreenSecretChanged( |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 767 | int storedHashType, |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 768 | @Nullable String credential, |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 769 | int userId) { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 770 | // So as not to block the critical path unlocking the phone, defer to another thread. |
| 771 | try { |
| 772 | mExecutorService.execute(KeySyncTask.newInstance( |
| 773 | mContext, |
| 774 | mDatabase, |
| 775 | mSnapshotStorage, |
| 776 | mListenersStorage, |
| 777 | userId, |
| 778 | storedHashType, |
| 779 | credential, |
| 780 | /*credentialUpdated=*/ true)); |
| 781 | } catch (NoSuchAlgorithmException e) { |
| 782 | Log.wtf(TAG, "Should never happen - algorithm unavailable for KeySync", e); |
| 783 | } catch (KeyStoreException e) { |
| 784 | Log.e(TAG, "Key store error encountered during recoverable key sync", e); |
| 785 | } catch (InsecureUserException e) { |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 786 | Log.e(TAG, "InsecureUserException during lock screen secret update", e); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 787 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 788 | } |
| 789 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 790 | private void checkRecoverKeyStorePermission() { |
| 791 | mContext.enforceCallingOrSelfPermission( |
Dmitry Dementyev | ed89ea0 | 2018-01-11 13:53:52 -0800 | [diff] [blame] | 792 | Manifest.permission.RECOVER_KEYSTORE, |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 793 | "Caller " + Binder.getCallingUid() + " doesn't have RecoverKeyStore permission."); |
| 794 | } |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 795 | |
| 796 | private boolean publicKeysMatch(PublicKey publicKey, byte[] vaultParams) { |
| 797 | byte[] encodedPublicKey = SecureBox.encodePublicKey(publicKey); |
| 798 | return Arrays.equals(encodedPublicKey, Arrays.copyOf(vaultParams, encodedPublicKey.length)); |
| 799 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 800 | } |