Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.security.keystore.recovery; |
| 18 | |
| 19 | import android.annotation.NonNull; |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 20 | import android.annotation.SystemApi; |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 21 | import android.os.BadParcelableException; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 22 | import android.os.Parcel; |
| 23 | import android.os.Parcelable; |
| 24 | |
| 25 | import com.android.internal.util.Preconditions; |
| 26 | |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 27 | import java.security.cert.CertPath; |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 28 | import java.security.cert.CertificateException; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 29 | import java.util.List; |
| 30 | |
| 31 | /** |
| 32 | * A snapshot of a version of the keystore. Two events can trigger the generation of a new snapshot: |
| 33 | * |
| 34 | * <ul> |
| 35 | * <li>The user's lock screen changes. (A key derived from the user's lock screen is used to |
| 36 | * protected the keychain, which is why this forces a new snapshot.) |
| 37 | * <li>A key is added to or removed from the recoverable keychain. |
| 38 | * </ul> |
| 39 | * |
| 40 | * <p>The snapshot data is also encrypted with the remote trusted hardware's public key, so even |
| 41 | * the recovery agent itself should not be able to decipher the data. The recovery agent sends an |
| 42 | * instance of this to the remote trusted hardware whenever a new snapshot is generated. During a |
| 43 | * recovery flow, the recovery agent retrieves a snapshot from the remote trusted hardware. It then |
| 44 | * sends it to the framework, where it is decrypted using the user's lock screen from their previous |
| 45 | * device. |
| 46 | * |
| 47 | * @hide |
| 48 | */ |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 49 | @SystemApi |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 50 | public final class KeyChainSnapshot implements Parcelable { |
Robert Berry | 52c15f1 | 2018-03-29 10:21:50 +0100 | [diff] [blame] | 51 | |
| 52 | // IMPORTANT! PLEASE READ! |
| 53 | // ----------------------- |
| 54 | // If you edit this file (e.g., to add new fields), please MAKE SURE to also do the following: |
| 55 | // - Update the #writeToParcel(Parcel) method below |
| 56 | // - Update the #(Parcel) constructor below |
| 57 | // - Update android.security.keystore.recovery.KeyChainSnapshotTest to make sure nobody |
| 58 | // accidentally breaks your fields in the Parcel in the future. |
| 59 | // - Update com.android.server.locksettings.recoverablekeystore.serialization |
| 60 | // .KeyChainSnapshotSerializer to correctly serialize your new field |
| 61 | // - Update com.android.server.locksettings.recoverablekeystore.serialization |
| 62 | // .KeyChainSnapshotSerializer to correctly deserialize your new field |
| 63 | // - Update com.android.server.locksettings.recoverablekeystore.serialization |
| 64 | // .KeychainSnapshotSerializerTest to make sure nobody breaks serialization of your field |
| 65 | // in the future. |
| 66 | |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 67 | private static final int DEFAULT_MAX_ATTEMPTS = 10; |
| 68 | private static final long DEFAULT_COUNTER_ID = 1L; |
| 69 | |
| 70 | private int mSnapshotVersion; |
| 71 | private int mMaxAttempts = DEFAULT_MAX_ATTEMPTS; |
| 72 | private long mCounterId = DEFAULT_COUNTER_ID; |
| 73 | private byte[] mServerParams; |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 74 | private RecoveryCertPath mCertPath; // The cert path including necessary intermediate certs |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 75 | private List<KeyChainProtectionParams> mKeyChainProtectionParams; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 76 | private List<WrappedApplicationKey> mEntryRecoveryData; |
| 77 | private byte[] mEncryptedRecoveryKeyBlob; |
| 78 | |
| 79 | /** |
Dmitry Dementyev | 86f5bb1 | 2018-03-27 16:58:50 -0700 | [diff] [blame] | 80 | * Use builder to create an instance of the class. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 81 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 82 | private KeyChainSnapshot() { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 83 | |
| 84 | } |
| 85 | |
| 86 | /** |
Dmitry Dementyev | fd4ae0b | 2018-03-23 11:06:24 -0700 | [diff] [blame] | 87 | * Snapshot version for given recovery agent. It is incremented when user secret or list of |
| 88 | * application keys changes. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 89 | */ |
| 90 | public int getSnapshotVersion() { |
| 91 | return mSnapshotVersion; |
| 92 | } |
| 93 | |
| 94 | /** |
Dmitry Dementyev | 86f5bb1 | 2018-03-27 16:58:50 -0700 | [diff] [blame] | 95 | * Number of user secret guesses allowed during KeyChain recovery. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 96 | */ |
| 97 | public int getMaxAttempts() { |
| 98 | return mMaxAttempts; |
| 99 | } |
| 100 | |
| 101 | /** |
| 102 | * CounterId which is rotated together with user secret. |
| 103 | */ |
| 104 | public long getCounterId() { |
| 105 | return mCounterId; |
| 106 | } |
| 107 | |
| 108 | /** |
| 109 | * Server parameters. |
| 110 | */ |
| 111 | public @NonNull byte[] getServerParams() { |
| 112 | return mServerParams; |
| 113 | } |
| 114 | |
| 115 | /** |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 116 | * CertPath containing the public key used to encrypt {@code encryptedRecoveryKeyBlob}. |
| 117 | */ |
Dmitry Dementyev | 3b67e06 | 2018-03-22 17:55:27 -0700 | [diff] [blame] | 118 | public @NonNull CertPath getTrustedHardwareCertPath() { |
| 119 | try { |
| 120 | return mCertPath.getCertPath(); |
| 121 | } catch (CertificateException e) { |
| 122 | // Rethrow an unchecked exception as it should not happen. If such an issue exists, |
| 123 | // an exception should have been thrown during service initialization. |
| 124 | throw new BadParcelableException(e); |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 125 | } |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 126 | } |
| 127 | |
| 128 | /** |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 129 | * UI and key derivation parameters. Note that combination of secrets may be used. |
| 130 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 131 | public @NonNull List<KeyChainProtectionParams> getKeyChainProtectionParams() { |
| 132 | return mKeyChainProtectionParams; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 133 | } |
| 134 | |
| 135 | /** |
| 136 | * List of application keys, with key material encrypted by |
| 137 | * the recovery key ({@link #getEncryptedRecoveryKeyBlob}). |
| 138 | */ |
| 139 | public @NonNull List<WrappedApplicationKey> getWrappedApplicationKeys() { |
| 140 | return mEntryRecoveryData; |
| 141 | } |
| 142 | |
| 143 | /** |
| 144 | * Recovery key blob, encrypted by user secret and recovery service public key. |
| 145 | */ |
| 146 | public @NonNull byte[] getEncryptedRecoveryKeyBlob() { |
| 147 | return mEncryptedRecoveryKeyBlob; |
| 148 | } |
| 149 | |
Jeff Sharkey | 9e8f83d | 2019-02-28 12:06:45 -0700 | [diff] [blame] | 150 | public static final @android.annotation.NonNull Creator<KeyChainSnapshot> CREATOR = |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 151 | new Creator<KeyChainSnapshot>() { |
| 152 | public KeyChainSnapshot createFromParcel(Parcel in) { |
| 153 | return new KeyChainSnapshot(in); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 154 | } |
| 155 | |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 156 | public KeyChainSnapshot[] newArray(int length) { |
| 157 | return new KeyChainSnapshot[length]; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 158 | } |
| 159 | }; |
| 160 | |
| 161 | /** |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 162 | * Builder for creating {@link KeyChainSnapshot}. |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 163 | * @hide |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 164 | */ |
| 165 | public static class Builder { |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 166 | private KeyChainSnapshot mInstance = new KeyChainSnapshot(); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 167 | |
| 168 | /** |
Dmitry Dementyev | fd4ae0b | 2018-03-23 11:06:24 -0700 | [diff] [blame] | 169 | * Snapshot version for the recovery agent. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 170 | * |
| 171 | * @param snapshotVersion The snapshot version |
| 172 | * @return This builder. |
| 173 | */ |
| 174 | public Builder setSnapshotVersion(int snapshotVersion) { |
| 175 | mInstance.mSnapshotVersion = snapshotVersion; |
| 176 | return this; |
| 177 | } |
| 178 | |
| 179 | /** |
| 180 | * Sets the number of user secret guesses allowed during Keychain recovery. |
| 181 | * |
| 182 | * @param maxAttempts The maximum number of guesses. |
| 183 | * @return This builder. |
| 184 | */ |
| 185 | public Builder setMaxAttempts(int maxAttempts) { |
| 186 | mInstance.mMaxAttempts = maxAttempts; |
| 187 | return this; |
| 188 | } |
| 189 | |
| 190 | /** |
| 191 | * Sets counter id. |
| 192 | * |
| 193 | * @param counterId The counter id. |
| 194 | * @return This builder. |
| 195 | */ |
| 196 | public Builder setCounterId(long counterId) { |
| 197 | mInstance.mCounterId = counterId; |
| 198 | return this; |
| 199 | } |
| 200 | |
| 201 | /** |
| 202 | * Sets server parameters. |
| 203 | * |
| 204 | * @param serverParams The server parameters |
| 205 | * @return This builder. |
| 206 | */ |
| 207 | public Builder setServerParams(byte[] serverParams) { |
| 208 | mInstance.mServerParams = serverParams; |
| 209 | return this; |
| 210 | } |
| 211 | |
| 212 | /** |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 213 | * Sets CertPath used to validate the trusted hardware public key. The CertPath should |
| 214 | * contain a certificate of the trusted hardware public key and any necessary intermediate |
| 215 | * certificates. |
| 216 | * |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 217 | * @param certPath The certificate path |
| 218 | * @throws CertificateException if the given certificate path cannot be encoded properly |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 219 | * @return This builder. |
| 220 | */ |
Dmitry Dementyev | 3b67e06 | 2018-03-22 17:55:27 -0700 | [diff] [blame] | 221 | public Builder setTrustedHardwareCertPath(@NonNull CertPath certPath) |
| 222 | throws CertificateException { |
| 223 | mInstance.mCertPath = RecoveryCertPath.createRecoveryCertPath(certPath); |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 224 | return this; |
| 225 | } |
| 226 | |
| 227 | /** |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 228 | * Sets UI and key derivation parameters |
| 229 | * |
Dmitry Dementyev | 16d9db5 | 2018-03-26 11:31:46 -0700 | [diff] [blame] | 230 | * @param keyChainProtectionParams The UI and key derivation parameters |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 231 | * @return This builder. |
| 232 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 233 | public Builder setKeyChainProtectionParams( |
Dmitry Dementyev | 16d9db5 | 2018-03-26 11:31:46 -0700 | [diff] [blame] | 234 | @NonNull List<KeyChainProtectionParams> keyChainProtectionParams) { |
| 235 | mInstance.mKeyChainProtectionParams = keyChainProtectionParams; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 236 | return this; |
| 237 | } |
| 238 | |
| 239 | /** |
| 240 | * List of application keys. |
| 241 | * |
| 242 | * @param entryRecoveryData List of application keys |
| 243 | * @return This builder. |
| 244 | */ |
| 245 | public Builder setWrappedApplicationKeys(List<WrappedApplicationKey> entryRecoveryData) { |
| 246 | mInstance.mEntryRecoveryData = entryRecoveryData; |
| 247 | return this; |
| 248 | } |
| 249 | |
| 250 | /** |
Dmitry Dementyev | 3b67e06 | 2018-03-22 17:55:27 -0700 | [diff] [blame] | 251 | * Sets recovery key blob. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 252 | * |
| 253 | * @param encryptedRecoveryKeyBlob The recovery key blob. |
| 254 | * @return This builder. |
| 255 | */ |
| 256 | public Builder setEncryptedRecoveryKeyBlob(@NonNull byte[] encryptedRecoveryKeyBlob) { |
| 257 | mInstance.mEncryptedRecoveryKeyBlob = encryptedRecoveryKeyBlob; |
| 258 | return this; |
| 259 | } |
| 260 | |
| 261 | |
| 262 | /** |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 263 | * Creates a new {@link KeyChainSnapshot} instance. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 264 | * |
| 265 | * @return new instance |
Dmitry Dementyev | 3b67e06 | 2018-03-22 17:55:27 -0700 | [diff] [blame] | 266 | * @throws NullPointerException if some of the required fields were not set. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 267 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 268 | @NonNull public KeyChainSnapshot build() { |
| 269 | Preconditions.checkCollectionElementsNotNull(mInstance.mKeyChainProtectionParams, |
Dmitry Dementyev | 16d9db5 | 2018-03-26 11:31:46 -0700 | [diff] [blame] | 270 | "keyChainProtectionParams"); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 271 | Preconditions.checkCollectionElementsNotNull(mInstance.mEntryRecoveryData, |
| 272 | "entryRecoveryData"); |
| 273 | Preconditions.checkNotNull(mInstance.mEncryptedRecoveryKeyBlob); |
| 274 | Preconditions.checkNotNull(mInstance.mServerParams); |
Dmitry Dementyev | 3b67e06 | 2018-03-22 17:55:27 -0700 | [diff] [blame] | 275 | Preconditions.checkNotNull(mInstance.mCertPath); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 276 | return mInstance; |
| 277 | } |
| 278 | } |
| 279 | |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 280 | @Override |
| 281 | public void writeToParcel(Parcel out, int flags) { |
| 282 | out.writeInt(mSnapshotVersion); |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 283 | out.writeTypedList(mKeyChainProtectionParams); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 284 | out.writeByteArray(mEncryptedRecoveryKeyBlob); |
| 285 | out.writeTypedList(mEntryRecoveryData); |
| 286 | out.writeInt(mMaxAttempts); |
| 287 | out.writeLong(mCounterId); |
| 288 | out.writeByteArray(mServerParams); |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 289 | out.writeTypedObject(mCertPath, /* no flags */ 0); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 290 | } |
| 291 | |
| 292 | /** |
| 293 | * @hide |
| 294 | */ |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 295 | protected KeyChainSnapshot(Parcel in) { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 296 | mSnapshotVersion = in.readInt(); |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 297 | mKeyChainProtectionParams = in.createTypedArrayList(KeyChainProtectionParams.CREATOR); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 298 | mEncryptedRecoveryKeyBlob = in.createByteArray(); |
| 299 | mEntryRecoveryData = in.createTypedArrayList(WrappedApplicationKey.CREATOR); |
| 300 | mMaxAttempts = in.readInt(); |
| 301 | mCounterId = in.readLong(); |
| 302 | mServerParams = in.createByteArray(); |
Bo Zhu | 6361080 | 2018-03-09 12:32:13 -0800 | [diff] [blame] | 303 | mCertPath = in.readTypedObject(RecoveryCertPath.CREATOR); |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 304 | } |
| 305 | |
| 306 | @Override |
| 307 | public int describeContents() { |
| 308 | return 0; |
| 309 | } |
| 310 | } |