Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server.locksettings.recoverablekeystore; |
| 18 | |
Robert Berry | d9f11a9 | 2018-02-26 16:37:06 +0000 | [diff] [blame] | 19 | import static android.security.keystore.recovery.RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT; |
| 20 | import static android.security.keystore.recovery.RecoveryController.ERROR_DECRYPTION_FAILED; |
Aseem Kumar | 23174b7 | 2018-04-03 11:35:51 -0700 | [diff] [blame] | 21 | import static android.security.keystore.recovery.RecoveryController.ERROR_DOWNGRADE_CERTIFICATE; |
Robert Berry | d9f11a9 | 2018-02-26 16:37:06 +0000 | [diff] [blame] | 22 | import static android.security.keystore.recovery.RecoveryController.ERROR_INSECURE_USER; |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 23 | import static android.security.keystore.recovery.RecoveryController.ERROR_INVALID_CERTIFICATE; |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 24 | import static android.security.keystore.recovery.RecoveryController.ERROR_INVALID_KEY_FORMAT; |
Robert Berry | d9f11a9 | 2018-02-26 16:37:06 +0000 | [diff] [blame] | 25 | import static android.security.keystore.recovery.RecoveryController.ERROR_NO_SNAPSHOT_PENDING; |
| 26 | import static android.security.keystore.recovery.RecoveryController.ERROR_SERVICE_INTERNAL_ERROR; |
| 27 | import static android.security.keystore.recovery.RecoveryController.ERROR_SESSION_EXPIRED; |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 28 | |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 29 | import android.Manifest; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 30 | import android.annotation.NonNull; |
| 31 | import android.annotation.Nullable; |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 32 | import android.app.PendingIntent; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 33 | import android.content.Context; |
| 34 | import android.os.Binder; |
| 35 | import android.os.RemoteException; |
| 36 | import android.os.ServiceSpecificException; |
| 37 | import android.os.UserHandle; |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 38 | import android.security.KeyStore; |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 39 | import android.security.keystore.recovery.KeyChainProtectionParams; |
| 40 | import android.security.keystore.recovery.KeyChainSnapshot; |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 41 | import android.security.keystore.recovery.RecoveryCertPath; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 42 | import android.security.keystore.recovery.RecoveryController; |
| 43 | import android.security.keystore.recovery.WrappedApplicationKey; |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 44 | import android.util.ArrayMap; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 45 | import android.util.Log; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 46 | |
| 47 | import com.android.internal.annotations.VisibleForTesting; |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 48 | import com.android.internal.util.HexDump; |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 49 | import com.android.internal.util.Preconditions; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 50 | import com.android.server.locksettings.recoverablekeystore.certificate.CertParsingException; |
Dmitry Dementyev | 482633f | 2018-04-03 16:47:24 -0700 | [diff] [blame] | 51 | import com.android.server.locksettings.recoverablekeystore.certificate.CertUtils; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 52 | import com.android.server.locksettings.recoverablekeystore.certificate.CertValidationException; |
| 53 | import com.android.server.locksettings.recoverablekeystore.certificate.CertXml; |
Dmitry Dementyev | 482633f | 2018-04-03 16:47:24 -0700 | [diff] [blame] | 54 | import com.android.server.locksettings.recoverablekeystore.certificate.SigXml; |
| 55 | import com.android.server.locksettings.recoverablekeystore.storage.ApplicationKeyStorage; |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 56 | import com.android.server.locksettings.recoverablekeystore.storage.CleanupManager; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 57 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; |
| 58 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 59 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 60 | |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 61 | import java.io.IOException; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 62 | import java.security.InvalidKeyException; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 63 | import java.security.KeyStoreException; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 64 | import java.security.NoSuchAlgorithmException; |
| 65 | import java.security.PublicKey; |
Bo Zhu | 8d6861e | 2018-03-21 20:45:09 -0700 | [diff] [blame] | 66 | import java.security.SecureRandom; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 67 | import java.security.UnrecoverableKeyException; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 68 | import java.security.cert.CertPath; |
| 69 | import java.security.cert.CertificateEncodingException; |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 70 | import java.security.cert.CertificateException; |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 71 | import java.security.cert.X509Certificate; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 72 | import java.security.spec.InvalidKeySpecException; |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 73 | import java.util.Arrays; |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 74 | import java.util.HashMap; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 75 | import java.util.List; |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 76 | import java.util.Locale; |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 77 | import java.util.Map; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 78 | import java.util.concurrent.ExecutorService; |
| 79 | import java.util.concurrent.Executors; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 80 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 81 | import javax.crypto.AEADBadTagException; |
| 82 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 83 | /** |
Robert Berry | 74928a1 | 2018-01-18 17:49:07 +0000 | [diff] [blame] | 84 | * Class with {@link RecoveryController} API implementation and internal methods to interact |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 85 | * with {@code LockSettingsService}. |
| 86 | * |
| 87 | * @hide |
| 88 | */ |
| 89 | public class RecoverableKeyStoreManager { |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 90 | private static final String TAG = "RecoverableKeyStoreMgr"; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 91 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 92 | private static RecoverableKeyStoreManager mInstance; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 93 | |
| 94 | private final Context mContext; |
| 95 | private final RecoverableKeyStoreDb mDatabase; |
| 96 | private final RecoverySessionStorage mRecoverySessionStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 97 | private final ExecutorService mExecutorService; |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 98 | private final RecoverySnapshotListenersStorage mListenersStorage; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 99 | private final RecoverableKeyGenerator mRecoverableKeyGenerator; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 100 | private final RecoverySnapshotStorage mSnapshotStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 101 | private final PlatformKeyManager mPlatformKeyManager; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 102 | private final ApplicationKeyStorage mApplicationKeyStorage; |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 103 | private final TestOnlyInsecureCertificateHelper mTestCertHelper; |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 104 | private final CleanupManager mCleanupManager; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 105 | |
| 106 | /** |
| 107 | * Returns a new or existing instance. |
| 108 | * |
| 109 | * @hide |
| 110 | */ |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 111 | public static synchronized RecoverableKeyStoreManager |
| 112 | getInstance(Context context, KeyStore keystore) { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 113 | if (mInstance == null) { |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 114 | RecoverableKeyStoreDb db = RecoverableKeyStoreDb.newInstance(context); |
| 115 | PlatformKeyManager platformKeyManager; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 116 | ApplicationKeyStorage applicationKeyStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 117 | try { |
| 118 | platformKeyManager = PlatformKeyManager.getInstance(context, db); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 119 | applicationKeyStorage = ApplicationKeyStorage.getInstance(keystore); |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 120 | } catch (NoSuchAlgorithmException e) { |
| 121 | // Impossible: all algorithms must be supported by AOSP |
| 122 | throw new RuntimeException(e); |
| 123 | } catch (KeyStoreException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 124 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 125 | } |
| 126 | |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 127 | RecoverySnapshotStorage snapshotStorage = |
| 128 | RecoverySnapshotStorage.newInstance(); |
| 129 | CleanupManager cleanupManager = CleanupManager.getInstance( |
| 130 | context.getApplicationContext(), |
| 131 | snapshotStorage, |
| 132 | db, |
| 133 | applicationKeyStorage); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 134 | mInstance = new RecoverableKeyStoreManager( |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 135 | context.getApplicationContext(), |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 136 | db, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 137 | new RecoverySessionStorage(), |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 138 | Executors.newSingleThreadExecutor(), |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 139 | snapshotStorage, |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 140 | new RecoverySnapshotListenersStorage(), |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 141 | platformKeyManager, |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 142 | applicationKeyStorage, |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 143 | new TestOnlyInsecureCertificateHelper(), |
| 144 | cleanupManager); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 145 | } |
| 146 | return mInstance; |
| 147 | } |
| 148 | |
| 149 | @VisibleForTesting |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 150 | RecoverableKeyStoreManager( |
| 151 | Context context, |
| 152 | RecoverableKeyStoreDb recoverableKeyStoreDb, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 153 | RecoverySessionStorage recoverySessionStorage, |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 154 | ExecutorService executorService, |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 155 | RecoverySnapshotStorage snapshotStorage, |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 156 | RecoverySnapshotListenersStorage listenersStorage, |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 157 | PlatformKeyManager platformKeyManager, |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 158 | ApplicationKeyStorage applicationKeyStorage, |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 159 | TestOnlyInsecureCertificateHelper testOnlyInsecureCertificateHelper, |
| 160 | CleanupManager cleanupManager) { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 161 | mContext = context; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 162 | mDatabase = recoverableKeyStoreDb; |
| 163 | mRecoverySessionStorage = recoverySessionStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 164 | mExecutorService = executorService; |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 165 | mListenersStorage = listenersStorage; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 166 | mSnapshotStorage = snapshotStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 167 | mPlatformKeyManager = platformKeyManager; |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 168 | mApplicationKeyStorage = applicationKeyStorage; |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 169 | mTestCertHelper = testOnlyInsecureCertificateHelper; |
| 170 | mCleanupManager = cleanupManager; |
| 171 | // Clears data for removed users. |
| 172 | mCleanupManager.verifyKnownUsers(); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 173 | try { |
| 174 | mRecoverableKeyGenerator = RecoverableKeyGenerator.newInstance(mDatabase); |
| 175 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 176 | Log.wtf(TAG, "AES keygen algorithm not available. AOSP must support this.", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 177 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 178 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 179 | } |
| 180 | |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 181 | /** |
Dmitry Dementyev | 745d2c9 | 2018-04-13 14:10:05 -0700 | [diff] [blame] | 182 | * Used by {@link #initRecoveryServiceWithSigFile(String, byte[], byte[])}. |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 183 | */ |
Dmitry Dementyev | 745d2c9 | 2018-04-13 14:10:05 -0700 | [diff] [blame] | 184 | @VisibleForTesting |
| 185 | void initRecoveryService( |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 186 | @NonNull String rootCertificateAlias, @NonNull byte[] recoveryServiceCertFile) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 187 | throws RemoteException { |
| 188 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 189 | int userId = UserHandle.getCallingUserId(); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 190 | int uid = Binder.getCallingUid(); |
Bo Zhu | 0b8c82e | 2018-03-30 11:31:53 -0700 | [diff] [blame] | 191 | |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 192 | rootCertificateAlias |
| 193 | = mTestCertHelper.getDefaultCertificateAliasIfEmpty(rootCertificateAlias); |
Bo Zhu | 0b8c82e | 2018-03-30 11:31:53 -0700 | [diff] [blame] | 194 | if (!mTestCertHelper.isValidRootCertificateAlias(rootCertificateAlias)) { |
| 195 | throw new ServiceSpecificException( |
| 196 | ERROR_INVALID_CERTIFICATE, "Invalid root certificate alias"); |
| 197 | } |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 198 | // Always set active alias to the argument of the last call to initRecoveryService method, |
| 199 | // even if cert file is incorrect. |
| 200 | String activeRootAlias = mDatabase.getActiveRootOfTrust(userId, uid); |
| 201 | if (activeRootAlias == null) { |
| 202 | Log.d(TAG, "Root of trust for recovery agent + " + uid |
| 203 | + " is assigned for the first time to " + rootCertificateAlias); |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 204 | } else if (!activeRootAlias.equals(rootCertificateAlias)) { |
| 205 | Log.i(TAG, "Root of trust for recovery agent " + uid + " is changed to " |
| 206 | + rootCertificateAlias + " from " + activeRootAlias); |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 207 | } |
| 208 | long updatedRows = mDatabase.setActiveRootOfTrust(userId, uid, rootCertificateAlias); |
| 209 | if (updatedRows < 0) { |
| 210 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, |
| 211 | "Failed to set the root of trust in the local DB."); |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 212 | } |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 213 | |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 214 | CertXml certXml; |
| 215 | try { |
| 216 | certXml = CertXml.parse(recoveryServiceCertFile); |
| 217 | } catch (CertParsingException e) { |
Bo Zhu | ed00d25 | 2018-02-14 11:50:57 -0800 | [diff] [blame] | 218 | Log.d(TAG, "Failed to parse the input as a cert file: " + HexDump.toHexString( |
| 219 | recoveryServiceCertFile)); |
Bo Zhu | c98c843 | 2018-03-31 13:08:49 -0700 | [diff] [blame] | 220 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage()); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 221 | } |
| 222 | |
| 223 | // Check serial number |
| 224 | long newSerial = certXml.getSerial(); |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 225 | Long oldSerial = mDatabase.getRecoveryServiceCertSerial(userId, uid, rootCertificateAlias); |
Bo Zhu | b10ba44 | 2018-03-31 17:13:46 -0700 | [diff] [blame] | 226 | if (oldSerial != null && oldSerial >= newSerial |
| 227 | && !mTestCertHelper.isTestOnlyCertificateAlias(rootCertificateAlias)) { |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 228 | if (oldSerial == newSerial) { |
| 229 | Log.i(TAG, "The cert file serial number is the same, so skip updating."); |
| 230 | } else { |
| 231 | Log.e(TAG, "The cert file serial number is older than the one in database."); |
Aseem Kumar | 23174b7 | 2018-04-03 11:35:51 -0700 | [diff] [blame] | 232 | throw new ServiceSpecificException(ERROR_DOWNGRADE_CERTIFICATE, |
| 233 | "The cert file serial number is older than the one in database."); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 234 | } |
| 235 | return; |
| 236 | } |
| 237 | Log.i(TAG, "Updating the certificate with the new serial number " + newSerial); |
| 238 | |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 239 | // Randomly choose and validate an endpoint certificate from the list |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 240 | CertPath certPath; |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 241 | X509Certificate rootCert = |
| 242 | mTestCertHelper.getRootCertificate(rootCertificateAlias); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 243 | try { |
| 244 | Log.d(TAG, "Getting and validating a random endpoint certificate"); |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 245 | certPath = certXml.getRandomEndpointCert(rootCert); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 246 | } catch (CertValidationException e) { |
| 247 | Log.e(TAG, "Invalid endpoint cert", e); |
Bo Zhu | 41d2dd2 | 2018-03-30 12:20:06 -0700 | [diff] [blame] | 248 | throw new ServiceSpecificException(ERROR_INVALID_CERTIFICATE, e.getMessage()); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 249 | } |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 250 | |
| 251 | // Save the chosen and validated certificate into database |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 252 | try { |
| 253 | Log.d(TAG, "Saving the randomly chosen endpoint certificate to database"); |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 254 | long updatedCertPathRows = mDatabase.setRecoveryServiceCertPath(userId, uid, |
| 255 | rootCertificateAlias, certPath); |
| 256 | if (updatedCertPathRows > 0) { |
| 257 | long updatedCertSerialRows = mDatabase.setRecoveryServiceCertSerial(userId, uid, |
| 258 | rootCertificateAlias, newSerial); |
| 259 | if (updatedCertSerialRows < 0) { |
| 260 | // Ideally CertPath and CertSerial should be updated together in single |
| 261 | // transaction, but since their mismatch doesn't create many problems |
| 262 | // extra complexity is unnecessary. |
| 263 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, |
| 264 | "Failed to set the certificate serial number in the local DB."); |
| 265 | } |
Dmitry Dementyev | 925f026 | 2018-04-12 12:10:50 -0700 | [diff] [blame] | 266 | if (mDatabase.getSnapshotVersion(userId, uid) != null) { |
Robert Berry | e8edf97 | 2018-03-27 11:45:11 +0100 | [diff] [blame] | 267 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
Dmitry Dementyev | 925f026 | 2018-04-12 12:10:50 -0700 | [diff] [blame] | 268 | Log.i(TAG, "This is a certificate change. Snapshot must be updated"); |
| 269 | } else { |
| 270 | Log.i(TAG, "This is a certificate change. Snapshot didn't exist"); |
Robert Berry | e8edf97 | 2018-03-27 11:45:11 +0100 | [diff] [blame] | 271 | } |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 272 | long updatedCounterIdRows = |
| 273 | mDatabase.setCounterId(userId, uid, new SecureRandom().nextLong()); |
| 274 | if (updatedCounterIdRows < 0) { |
| 275 | Log.e(TAG, "Failed to set the counter id in the local DB."); |
| 276 | } |
| 277 | } else if (updatedCertPathRows < 0) { |
| 278 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, |
| 279 | "Failed to set the certificate path in the local DB."); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 280 | } |
| 281 | } catch (CertificateEncodingException e) { |
| 282 | Log.e(TAG, "Failed to encode CertPath", e); |
Bo Zhu | 41d2dd2 | 2018-03-30 12:20:06 -0700 | [diff] [blame] | 283 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage()); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 284 | } |
| 285 | } |
| 286 | |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 287 | /** |
| 288 | * Initializes the recovery service with the two files {@code recoveryServiceCertFile} and |
| 289 | * {@code recoveryServiceSigFile}. |
| 290 | * |
| 291 | * @param rootCertificateAlias the alias for the root certificate that is used for validating |
| 292 | * the recovery service certificates. |
| 293 | * @param recoveryServiceCertFile the content of the XML file containing a list of certificates |
| 294 | * for the recovery service. |
| 295 | * @param recoveryServiceSigFile the content of the XML file containing the public-key signature |
| 296 | * over the entire content of {@code recoveryServiceCertFile}. |
| 297 | */ |
| 298 | public void initRecoveryServiceWithSigFile( |
| 299 | @NonNull String rootCertificateAlias, @NonNull byte[] recoveryServiceCertFile, |
| 300 | @NonNull byte[] recoveryServiceSigFile) |
| 301 | throws RemoteException { |
Dmitry Dementyev | a5945d5 | 2018-03-23 12:10:09 -0700 | [diff] [blame] | 302 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 303 | rootCertificateAlias = |
| 304 | mTestCertHelper.getDefaultCertificateAliasIfEmpty(rootCertificateAlias); |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 305 | Preconditions.checkNotNull(recoveryServiceCertFile, "recoveryServiceCertFile is null"); |
| 306 | Preconditions.checkNotNull(recoveryServiceSigFile, "recoveryServiceSigFile is null"); |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 307 | |
| 308 | SigXml sigXml; |
| 309 | try { |
| 310 | sigXml = SigXml.parse(recoveryServiceSigFile); |
| 311 | } catch (CertParsingException e) { |
| 312 | Log.d(TAG, "Failed to parse the sig file: " + HexDump.toHexString( |
| 313 | recoveryServiceSigFile)); |
Bo Zhu | 41d2dd2 | 2018-03-30 12:20:06 -0700 | [diff] [blame] | 314 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage()); |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 315 | } |
| 316 | |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 317 | X509Certificate rootCert = |
| 318 | mTestCertHelper.getRootCertificate(rootCertificateAlias); |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 319 | try { |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 320 | sigXml.verifyFileSignature(rootCert, recoveryServiceCertFile); |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 321 | } catch (CertValidationException e) { |
| 322 | Log.d(TAG, "The signature over the cert file is invalid." |
| 323 | + " Cert: " + HexDump.toHexString(recoveryServiceCertFile) |
| 324 | + " Sig: " + HexDump.toHexString(recoveryServiceSigFile)); |
Bo Zhu | 41d2dd2 | 2018-03-30 12:20:06 -0700 | [diff] [blame] | 325 | throw new ServiceSpecificException(ERROR_INVALID_CERTIFICATE, e.getMessage()); |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 326 | } |
| 327 | |
| 328 | initRecoveryService(rootCertificateAlias, recoveryServiceCertFile); |
| 329 | } |
| 330 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 331 | /** |
| 332 | * Gets all data necessary to recover application keys on new device. |
| 333 | * |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 334 | * @return KeyChain Snapshot. |
| 335 | * @throws ServiceSpecificException if no snapshot is pending. |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 336 | * @hide |
| 337 | */ |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 338 | public @NonNull KeyChainSnapshot getKeyChainSnapshot() |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 339 | throws RemoteException { |
| 340 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 341 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 342 | KeyChainSnapshot snapshot = mSnapshotStorage.get(uid); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 343 | if (snapshot == null) { |
Dmitry Dementyev | 7d8c78a | 2018-01-12 19:14:07 -0800 | [diff] [blame] | 344 | throw new ServiceSpecificException(ERROR_NO_SNAPSHOT_PENDING); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 345 | } |
| 346 | return snapshot; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 347 | } |
| 348 | |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 349 | public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent) |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 350 | throws RemoteException { |
| 351 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 352 | int uid = Binder.getCallingUid(); |
| 353 | mListenersStorage.setSnapshotListener(uid, intent); |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 354 | } |
| 355 | |
Robert Berry | 8f9038c | 2018-03-26 11:36:40 +0100 | [diff] [blame] | 356 | /** |
| 357 | * Set the server params for the user's key chain. This is used to uniquely identify a key |
| 358 | * chain. Along with the counter ID, it is used to uniquely identify an instance of a vault. |
| 359 | */ |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 360 | public void setServerParams(@NonNull byte[] serverParams) throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 361 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 362 | int userId = UserHandle.getCallingUserId(); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 363 | int uid = Binder.getCallingUid(); |
Robert Berry | 8f9038c | 2018-03-26 11:36:40 +0100 | [diff] [blame] | 364 | |
| 365 | byte[] currentServerParams = mDatabase.getServerParams(userId, uid); |
| 366 | |
| 367 | if (Arrays.equals(serverParams, currentServerParams)) { |
| 368 | Log.v(TAG, "Not updating server params - same as old value."); |
| 369 | return; |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 370 | } |
Robert Berry | 8f9038c | 2018-03-26 11:36:40 +0100 | [diff] [blame] | 371 | |
| 372 | long updatedRows = mDatabase.setServerParams(userId, uid, serverParams); |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 373 | if (updatedRows < 0) { |
Robert Berry | 8f9038c | 2018-03-26 11:36:40 +0100 | [diff] [blame] | 374 | throw new ServiceSpecificException( |
| 375 | ERROR_SERVICE_INTERNAL_ERROR, "Database failure trying to set server params."); |
| 376 | } |
| 377 | |
| 378 | if (currentServerParams == null) { |
| 379 | Log.i(TAG, "Initialized server params."); |
| 380 | return; |
| 381 | } |
| 382 | |
Dmitry Dementyev | 925f026 | 2018-04-12 12:10:50 -0700 | [diff] [blame] | 383 | if (mDatabase.getSnapshotVersion(userId, uid) != null) { |
| 384 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 385 | Log.i(TAG, "Updated server params. Snapshot must be updated"); |
| 386 | } else { |
| 387 | Log.i(TAG, "Updated server params. Snapshot didn't exist"); |
| 388 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 389 | } |
| 390 | |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 391 | /** |
Robert Berry | bbe02ae | 2018-02-20 19:47:43 +0000 | [diff] [blame] | 392 | * Sets the recovery status of key with {@code alias} to {@code status}. |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 393 | */ |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 394 | public void setRecoveryStatus(@NonNull String alias, int status) throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 395 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 396 | Preconditions.checkNotNull(alias, "alias is null"); |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 397 | long updatedRows = mDatabase.setRecoveryStatus(Binder.getCallingUid(), alias, status); |
| 398 | if (updatedRows < 0) { |
| 399 | throw new ServiceSpecificException( |
| 400 | ERROR_SERVICE_INTERNAL_ERROR, |
| 401 | "Failed to set the key recovery status in the local DB."); |
| 402 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 403 | } |
| 404 | |
| 405 | /** |
Robert Berry | 56f06b4 | 2018-02-23 13:31:32 +0000 | [diff] [blame] | 406 | * Returns recovery statuses for all keys belonging to the calling uid. |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 407 | * |
Robert Berry | 56f06b4 | 2018-02-23 13:31:32 +0000 | [diff] [blame] | 408 | * @return {@link Map} from key alias to recovery status. Recovery status is one of |
| 409 | * {@link RecoveryController#RECOVERY_STATUS_SYNCED}, |
| 410 | * {@link RecoveryController#RECOVERY_STATUS_SYNC_IN_PROGRESS} or |
| 411 | * {@link RecoveryController#RECOVERY_STATUS_PERMANENT_FAILURE}. |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 412 | */ |
Robert Berry | 56f06b4 | 2018-02-23 13:31:32 +0000 | [diff] [blame] | 413 | public @NonNull Map<String, Integer> getRecoveryStatus() throws RemoteException { |
Dmitry Dementyev | a5945d5 | 2018-03-23 12:10:09 -0700 | [diff] [blame] | 414 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 415 | return mDatabase.getStatusForAllKeys(Binder.getCallingUid()); |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 416 | } |
| 417 | |
| 418 | /** |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 419 | * Sets recovery secrets list used by all recovery agents for given {@code userId} |
| 420 | * |
| 421 | * @hide |
| 422 | */ |
| 423 | public void setRecoverySecretTypes( |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 424 | @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 425 | throws RemoteException { |
| 426 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 427 | Preconditions.checkNotNull(secretTypes, "secretTypes is null"); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 428 | int userId = UserHandle.getCallingUserId(); |
| 429 | int uid = Binder.getCallingUid(); |
Robert Berry | 5a1acefb | 2018-03-26 14:41:30 +0100 | [diff] [blame] | 430 | |
| 431 | int[] currentSecretTypes = mDatabase.getRecoverySecretTypes(userId, uid); |
| 432 | if (Arrays.equals(secretTypes, currentSecretTypes)) { |
| 433 | Log.v(TAG, "Not updating secret types - same as old value."); |
| 434 | return; |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 435 | } |
Robert Berry | 5a1acefb | 2018-03-26 14:41:30 +0100 | [diff] [blame] | 436 | |
| 437 | long updatedRows = mDatabase.setRecoverySecretTypes(userId, uid, secretTypes); |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 438 | if (updatedRows < 0) { |
Robert Berry | 5a1acefb | 2018-03-26 14:41:30 +0100 | [diff] [blame] | 439 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, |
| 440 | "Database error trying to set secret types."); |
| 441 | } |
| 442 | |
| 443 | if (currentSecretTypes.length == 0) { |
| 444 | Log.i(TAG, "Initialized secret types."); |
| 445 | return; |
| 446 | } |
| 447 | |
| 448 | Log.i(TAG, "Updated secret types. Snapshot pending."); |
Dmitry Dementyev | 925f026 | 2018-04-12 12:10:50 -0700 | [diff] [blame] | 449 | if (mDatabase.getSnapshotVersion(userId, uid) != null) { |
| 450 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 451 | Log.i(TAG, "Updated secret types. Snapshot must be updated"); |
| 452 | } else { |
| 453 | Log.i(TAG, "Updated secret types. Snapshot didn't exist"); |
| 454 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 455 | } |
| 456 | |
| 457 | /** |
| 458 | * Gets secret types necessary to create Recovery Data. |
| 459 | * |
| 460 | * @return secret types |
| 461 | * @hide |
| 462 | */ |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 463 | public @NonNull int[] getRecoverySecretTypes() throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 464 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | bdfdf53 | 2017-12-27 11:58:45 -0800 | [diff] [blame] | 465 | return mDatabase.getRecoverySecretTypes(UserHandle.getCallingUserId(), |
| 466 | Binder.getCallingUid()); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 467 | } |
| 468 | |
| 469 | /** |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 470 | * Initializes recovery session given the X509-encoded public key of the recovery service. |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 471 | * |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 472 | * @param sessionId A unique ID to identify the recovery session. |
| 473 | * @param verifierPublicKey X509-encoded public key. |
| 474 | * @param vaultParams Additional params associated with vault. |
| 475 | * @param vaultChallenge Challenge issued by vault service. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 476 | * @param secrets Lock-screen hashes. For now only a single secret is supported. |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 477 | * @return Encrypted bytes of recovery claim. This can then be issued to the vault service. |
Bo Zhu | f23c203 | 2018-03-21 22:46:55 -0700 | [diff] [blame] | 478 | * @deprecated Use {@link #startRecoverySessionWithCertPath(String, String, RecoveryCertPath, |
| 479 | * byte[], byte[], List)} instead. |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 480 | * |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 481 | * @hide |
| 482 | */ |
Dmitry Dementyev | 745d2c9 | 2018-04-13 14:10:05 -0700 | [diff] [blame] | 483 | @VisibleForTesting |
| 484 | @NonNull byte[] startRecoverySession( |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 485 | @NonNull String sessionId, |
| 486 | @NonNull byte[] verifierPublicKey, |
| 487 | @NonNull byte[] vaultParams, |
| 488 | @NonNull byte[] vaultChallenge, |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 489 | @NonNull List<KeyChainProtectionParams> secrets) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 490 | throws RemoteException { |
| 491 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 492 | int uid = Binder.getCallingUid(); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 493 | |
| 494 | if (secrets.size() != 1) { |
Robert Berry | 9e1bd36 | 2018-01-17 23:28:45 +0000 | [diff] [blame] | 495 | throw new UnsupportedOperationException( |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 496 | "Only a single KeyChainProtectionParams is supported"); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 497 | } |
| 498 | |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 499 | PublicKey publicKey; |
| 500 | try { |
| 501 | publicKey = KeySyncUtils.deserializePublicKey(verifierPublicKey); |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 502 | } catch (InvalidKeySpecException e) { |
Bo Zhu | 41d2dd2 | 2018-03-30 12:20:06 -0700 | [diff] [blame] | 503 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage()); |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 504 | } |
| 505 | // The raw public key bytes contained in vaultParams must match the ones given in |
| 506 | // verifierPublicKey; otherwise, the user secret may be decrypted by a key that is not owned |
| 507 | // by the original recovery service. |
| 508 | if (!publicKeysMatch(publicKey, vaultParams)) { |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 509 | throw new ServiceSpecificException(ERROR_INVALID_CERTIFICATE, |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 510 | "The public keys given in verifierPublicKey and vaultParams do not match."); |
| 511 | } |
| 512 | |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 513 | byte[] keyClaimant = KeySyncUtils.generateKeyClaimant(); |
| 514 | byte[] kfHash = secrets.get(0).getSecret(); |
| 515 | mRecoverySessionStorage.add( |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 516 | uid, |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 517 | new RecoverySessionStorage.Entry(sessionId, kfHash, keyClaimant, vaultParams)); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 518 | |
Bo Zhu | f23c203 | 2018-03-21 22:46:55 -0700 | [diff] [blame] | 519 | Log.i(TAG, "Received VaultParams for recovery: " + HexDump.toHexString(vaultParams)); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 520 | try { |
| 521 | byte[] thmKfHash = KeySyncUtils.calculateThmKfHash(kfHash); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 522 | return KeySyncUtils.encryptRecoveryClaim( |
| 523 | publicKey, |
| 524 | vaultParams, |
| 525 | vaultChallenge, |
| 526 | thmKfHash, |
| 527 | keyClaimant); |
| 528 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 529 | Log.wtf(TAG, "SecureBox algorithm missing. AOSP must support this.", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 530 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 531 | } catch (InvalidKeyException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 532 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage()); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 533 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 534 | } |
| 535 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 536 | /** |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 537 | * Initializes recovery session given the certificate path of the recovery service. |
| 538 | * |
| 539 | * @param sessionId A unique ID to identify the recovery session. |
| 540 | * @param verifierCertPath The certificate path of the recovery service. |
| 541 | * @param vaultParams Additional params associated with vault. |
| 542 | * @param vaultChallenge Challenge issued by vault service. |
| 543 | * @param secrets Lock-screen hashes. For now only a single secret is supported. |
| 544 | * @return Encrypted bytes of recovery claim. This can then be issued to the vault service. |
| 545 | * |
| 546 | * @hide |
| 547 | */ |
| 548 | public @NonNull byte[] startRecoverySessionWithCertPath( |
| 549 | @NonNull String sessionId, |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 550 | @NonNull String rootCertificateAlias, |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 551 | @NonNull RecoveryCertPath verifierCertPath, |
| 552 | @NonNull byte[] vaultParams, |
| 553 | @NonNull byte[] vaultChallenge, |
| 554 | @NonNull List<KeyChainProtectionParams> secrets) |
| 555 | throws RemoteException { |
| 556 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 557 | rootCertificateAlias = |
| 558 | mTestCertHelper.getDefaultCertificateAliasIfEmpty(rootCertificateAlias); |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 559 | Preconditions.checkNotNull(sessionId, "invalid session"); |
| 560 | Preconditions.checkNotNull(verifierCertPath, "verifierCertPath is null"); |
| 561 | Preconditions.checkNotNull(vaultParams, "vaultParams is null"); |
| 562 | Preconditions.checkNotNull(vaultChallenge, "vaultChallenge is null"); |
| 563 | Preconditions.checkNotNull(secrets, "secrets is null"); |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 564 | CertPath certPath; |
| 565 | try { |
| 566 | certPath = verifierCertPath.getCertPath(); |
| 567 | } catch (CertificateException e) { |
Bo Zhu | 41d2dd2 | 2018-03-30 12:20:06 -0700 | [diff] [blame] | 568 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage()); |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 569 | } |
| 570 | |
Bo Zhu | 7ce4ea5 | 2018-02-27 23:52:19 -0800 | [diff] [blame] | 571 | try { |
Dmitry Dementyev | 57ca3da | 2018-03-28 12:36:45 -0700 | [diff] [blame] | 572 | CertUtils.validateCertPath( |
| 573 | mTestCertHelper.getRootCertificate(rootCertificateAlias), certPath); |
Bo Zhu | 7ce4ea5 | 2018-02-27 23:52:19 -0800 | [diff] [blame] | 574 | } catch (CertValidationException e) { |
| 575 | Log.e(TAG, "Failed to validate the given cert path", e); |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 576 | throw new ServiceSpecificException(ERROR_INVALID_CERTIFICATE, e.getMessage()); |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 577 | } |
Bo Zhu | 7ce4ea5 | 2018-02-27 23:52:19 -0800 | [diff] [blame] | 578 | |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 579 | byte[] verifierPublicKey = certPath.getCertificates().get(0).getPublicKey().getEncoded(); |
| 580 | if (verifierPublicKey == null) { |
| 581 | Log.e(TAG, "Failed to encode verifierPublicKey"); |
| 582 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, |
| 583 | "Failed to encode verifierPublicKey"); |
| 584 | } |
| 585 | |
| 586 | return startRecoverySession( |
| 587 | sessionId, verifierPublicKey, vaultParams, vaultChallenge, secrets); |
| 588 | } |
| 589 | |
| 590 | /** |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 591 | * Invoked by a recovery agent after a successful recovery claim is sent to the remote vault |
| 592 | * service. |
| 593 | * |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 594 | * @param sessionId The session ID used to generate the claim. See |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 595 | * {@link #startRecoverySession(String, byte[], byte[], byte[], List)}. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 596 | * @param encryptedRecoveryKey The encrypted recovery key blob returned by the remote vault |
| 597 | * service. |
| 598 | * @param applicationKeys The encrypted key blobs returned by the remote vault service. These |
| 599 | * were wrapped with the recovery key. |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 600 | * @throws RemoteException if an error occurred recovering the keys. |
| 601 | */ |
Dmitry Dementyev | fd4ae0b | 2018-03-23 11:06:24 -0700 | [diff] [blame] | 602 | public @NonNull Map<String, String> recoverKeyChainSnapshot( |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 603 | @NonNull String sessionId, |
| 604 | @NonNull byte[] encryptedRecoveryKey, |
| 605 | @NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException { |
| 606 | checkRecoverKeyStorePermission(); |
| 607 | int userId = UserHandle.getCallingUserId(); |
| 608 | int uid = Binder.getCallingUid(); |
| 609 | RecoverySessionStorage.Entry sessionEntry = mRecoverySessionStorage.get(uid, sessionId); |
| 610 | if (sessionEntry == null) { |
| 611 | throw new ServiceSpecificException(ERROR_SESSION_EXPIRED, |
| 612 | String.format(Locale.US, |
| 613 | "Application uid=%d does not have pending session '%s'", |
| 614 | uid, |
| 615 | sessionId)); |
| 616 | } |
| 617 | |
| 618 | try { |
| 619 | byte[] recoveryKey = decryptRecoveryKey(sessionEntry, encryptedRecoveryKey); |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 620 | Map<String, byte[]> keysByAlias = recoverApplicationKeys(recoveryKey, |
| 621 | applicationKeys); |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 622 | return importKeyMaterials(userId, uid, keysByAlias); |
| 623 | } catch (KeyStoreException e) { |
| 624 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 625 | } finally { |
| 626 | sessionEntry.destroy(); |
| 627 | mRecoverySessionStorage.remove(uid); |
| 628 | } |
| 629 | } |
| 630 | |
| 631 | /** |
| 632 | * Imports the key materials, returning a map from alias to grant alias for the calling user. |
| 633 | * |
| 634 | * @param userId The calling user ID. |
| 635 | * @param uid The calling uid. |
| 636 | * @param keysByAlias The key materials, keyed by alias. |
| 637 | * @throws KeyStoreException if an error occurs importing the key or getting the grant. |
| 638 | */ |
Dmitry Dementyev | fd4ae0b | 2018-03-23 11:06:24 -0700 | [diff] [blame] | 639 | private @NonNull Map<String, String> importKeyMaterials( |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 640 | int userId, int uid, Map<String, byte[]> keysByAlias) |
| 641 | throws KeyStoreException { |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 642 | ArrayMap<String, String> grantAliasesByAlias = new ArrayMap<>(keysByAlias.size()); |
| 643 | for (String alias : keysByAlias.keySet()) { |
| 644 | mApplicationKeyStorage.setSymmetricKeyEntry(userId, uid, alias, keysByAlias.get(alias)); |
| 645 | String grantAlias = getAlias(userId, uid, alias); |
| 646 | Log.i(TAG, String.format(Locale.US, "Import %s -> %s", alias, grantAlias)); |
| 647 | grantAliasesByAlias.put(alias, grantAlias); |
| 648 | } |
| 649 | return grantAliasesByAlias; |
| 650 | } |
| 651 | |
| 652 | /** |
| 653 | * Returns an alias for the key. |
| 654 | * |
| 655 | * @param userId The user ID of the calling process. |
| 656 | * @param uid The uid of the calling process. |
| 657 | * @param alias The alias of the key. |
| 658 | * @return The alias in the calling process's keystore. |
| 659 | */ |
Dmitry Dementyev | 4da14e0 | 2018-03-23 15:18:33 -0700 | [diff] [blame] | 660 | private @Nullable String getAlias(int userId, int uid, String alias) { |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 661 | return mApplicationKeyStorage.getGrantAlias(userId, uid, alias); |
| 662 | } |
| 663 | |
| 664 | /** |
Robert Berry | 2bcdad9 | 2018-01-18 12:53:29 +0000 | [diff] [blame] | 665 | * Destroys the session with the given {@code sessionId}. |
| 666 | */ |
| 667 | public void closeSession(@NonNull String sessionId) throws RemoteException { |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 668 | checkRecoverKeyStorePermission(); |
| 669 | Preconditions.checkNotNull(sessionId, "invalid session"); |
Robert Berry | 2bcdad9 | 2018-01-18 12:53:29 +0000 | [diff] [blame] | 670 | mRecoverySessionStorage.remove(Binder.getCallingUid(), sessionId); |
| 671 | } |
| 672 | |
Robert Berry | 5daccec | 2018-01-06 19:16:25 +0000 | [diff] [blame] | 673 | public void removeKey(@NonNull String alias) throws RemoteException { |
Dmitry Dementyev | a5945d5 | 2018-03-23 12:10:09 -0700 | [diff] [blame] | 674 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 675 | Preconditions.checkNotNull(alias, "alias is null"); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 676 | int uid = Binder.getCallingUid(); |
| 677 | int userId = UserHandle.getCallingUserId(); |
| 678 | |
| 679 | boolean wasRemoved = mDatabase.removeKey(uid, alias); |
| 680 | if (wasRemoved) { |
| 681 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 682 | mApplicationKeyStorage.deleteEntry(userId, uid, alias); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 683 | } |
Robert Berry | 5daccec | 2018-01-06 19:16:25 +0000 | [diff] [blame] | 684 | } |
| 685 | |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 686 | /** |
| 687 | * Generates a key named {@code alias} in caller's namespace. |
| 688 | * The key is stored in system service keystore namespace. |
| 689 | * |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 690 | * @param alias the alias provided by caller as a reference to the key. |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 691 | * @return grant alias, which caller can use to access the key. |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 692 | * @throws RemoteException if certain internal errors occur. |
| 693 | * |
| 694 | * @deprecated Use {@link #generateKeyWithMetadata(String, byte[])} instead. |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 695 | */ |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 696 | @Deprecated |
Robert Berry | a3b9947 | 2018-02-23 15:59:02 +0000 | [diff] [blame] | 697 | public String generateKey(@NonNull String alias) throws RemoteException { |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 698 | return generateKeyWithMetadata(alias, /*metadata=*/ null); |
| 699 | } |
| 700 | |
| 701 | /** |
| 702 | * Generates a key named {@code alias} with the {@code metadata} in caller's namespace. |
| 703 | * The key is stored in system service keystore namespace. |
| 704 | * |
| 705 | * @param alias the alias provided by caller as a reference to the key. |
| 706 | * @param metadata the optional metadata blob that will authenticated (but unencrypted) together |
| 707 | * with the key material when the key is uploaded to cloud. |
| 708 | * @return grant alias, which caller can use to access the key. |
| 709 | * @throws RemoteException if certain internal errors occur. |
| 710 | */ |
| 711 | public String generateKeyWithMetadata(@NonNull String alias, @Nullable byte[] metadata) |
| 712 | throws RemoteException { |
Dmitry Dementyev | a5945d5 | 2018-03-23 12:10:09 -0700 | [diff] [blame] | 713 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 714 | Preconditions.checkNotNull(alias, "alias is null"); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 715 | int uid = Binder.getCallingUid(); |
| 716 | int userId = UserHandle.getCallingUserId(); |
| 717 | |
| 718 | PlatformEncryptionKey encryptionKey; |
| 719 | try { |
| 720 | encryptionKey = mPlatformKeyManager.getEncryptKey(userId); |
| 721 | } catch (NoSuchAlgorithmException e) { |
| 722 | // Impossible: all algorithms must be supported by AOSP |
| 723 | throw new RuntimeException(e); |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 724 | } catch (KeyStoreException | UnrecoverableKeyException | IOException e) { |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 725 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 726 | } catch (InsecureUserException e) { |
| 727 | throw new ServiceSpecificException(ERROR_INSECURE_USER, e.getMessage()); |
| 728 | } |
| 729 | |
| 730 | try { |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 731 | byte[] secretKey = mRecoverableKeyGenerator.generateAndStoreKey(encryptionKey, userId, |
| 732 | uid, alias, metadata); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 733 | mApplicationKeyStorage.setSymmetricKeyEntry(userId, uid, alias, secretKey); |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 734 | return getAlias(userId, uid, alias); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 735 | } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) { |
| 736 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 737 | } |
| 738 | } |
| 739 | |
| 740 | /** |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame] | 741 | * Imports a 256-bit AES-GCM key named {@code alias}. The key is stored in system service |
| 742 | * keystore namespace. |
| 743 | * |
| 744 | * @param alias the alias provided by caller as a reference to the key. |
| 745 | * @param keyBytes the raw bytes of the 256-bit AES key. |
| 746 | * @return grant alias, which caller can use to access the key. |
| 747 | * @throws RemoteException if the given key is invalid or some internal errors occur. |
| 748 | * |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 749 | * @deprecated Use {{@link #importKeyWithMetadata(String, byte[], byte[])}} instead. |
| 750 | * |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame] | 751 | * @hide |
| 752 | */ |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 753 | @Deprecated |
Dmitry Dementyev | 4da14e0 | 2018-03-23 15:18:33 -0700 | [diff] [blame] | 754 | public @Nullable String importKey(@NonNull String alias, @NonNull byte[] keyBytes) |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame] | 755 | throws RemoteException { |
Bo Zhu | c704834 | 2019-01-03 14:04:58 -0800 | [diff] [blame] | 756 | return importKeyWithMetadata(alias, keyBytes, /*metadata=*/ null); |
| 757 | } |
| 758 | |
| 759 | /** |
| 760 | * Imports a 256-bit AES-GCM key named {@code alias} with the given {@code metadata}. The key is |
| 761 | * stored in system service keystore namespace. |
| 762 | * |
| 763 | * @param alias the alias provided by caller as a reference to the key. |
| 764 | * @param keyBytes the raw bytes of the 256-bit AES key. |
| 765 | * @param metadata the metadata to be authenticated (but unencrypted) together with the key. |
| 766 | * @return grant alias, which caller can use to access the key. |
| 767 | * @throws RemoteException if the given key is invalid or some internal errors occur. |
| 768 | * |
| 769 | * @hide |
| 770 | */ |
| 771 | public @Nullable String importKeyWithMetadata(@NonNull String alias, @NonNull byte[] keyBytes, |
| 772 | @Nullable byte[] metadata) throws RemoteException { |
Dmitry Dementyev | a5945d5 | 2018-03-23 12:10:09 -0700 | [diff] [blame] | 773 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 774 | Preconditions.checkNotNull(alias, "alias is null"); |
| 775 | Preconditions.checkNotNull(keyBytes, "keyBytes is null"); |
| 776 | if (keyBytes.length != RecoverableKeyGenerator.KEY_SIZE_BITS / Byte.SIZE) { |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame] | 777 | Log.e(TAG, "The given key for import doesn't have the required length " |
| 778 | + RecoverableKeyGenerator.KEY_SIZE_BITS); |
| 779 | throw new ServiceSpecificException(ERROR_INVALID_KEY_FORMAT, |
| 780 | "The given key does not contain " + RecoverableKeyGenerator.KEY_SIZE_BITS |
| 781 | + " bits."); |
| 782 | } |
| 783 | |
| 784 | int uid = Binder.getCallingUid(); |
| 785 | int userId = UserHandle.getCallingUserId(); |
| 786 | |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame] | 787 | PlatformEncryptionKey encryptionKey; |
| 788 | try { |
| 789 | encryptionKey = mPlatformKeyManager.getEncryptKey(userId); |
| 790 | } catch (NoSuchAlgorithmException e) { |
| 791 | // Impossible: all algorithms must be supported by AOSP |
| 792 | throw new RuntimeException(e); |
Dmitry Dementyev | 20eaaa4 | 2018-05-09 13:05:04 -0700 | [diff] [blame] | 793 | } catch (KeyStoreException | UnrecoverableKeyException | IOException e) { |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame] | 794 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 795 | } catch (InsecureUserException e) { |
| 796 | throw new ServiceSpecificException(ERROR_INSECURE_USER, e.getMessage()); |
| 797 | } |
| 798 | |
| 799 | try { |
| 800 | // Wrap the key by the platform key and store the wrapped key locally |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 801 | mRecoverableKeyGenerator.importKey(encryptionKey, userId, uid, alias, keyBytes, |
| 802 | metadata); |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame] | 803 | |
| 804 | // Import the key to Android KeyStore and get grant |
| 805 | mApplicationKeyStorage.setSymmetricKeyEntry(userId, uid, alias, keyBytes); |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 806 | return getAlias(userId, uid, alias); |
Bo Zhu | 2c8e538 | 2018-02-26 15:54:25 -0800 | [diff] [blame] | 807 | } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) { |
| 808 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 809 | } |
| 810 | } |
| 811 | |
| 812 | /** |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 813 | * Gets a key named {@code alias} in caller's namespace. |
| 814 | * |
| 815 | * @return grant alias, which caller can use to access the key. |
| 816 | */ |
Dmitry Dementyev | 4da14e0 | 2018-03-23 15:18:33 -0700 | [diff] [blame] | 817 | public @Nullable String getKey(@NonNull String alias) throws RemoteException { |
Dmitry Dementyev | a5945d5 | 2018-03-23 12:10:09 -0700 | [diff] [blame] | 818 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 819 | Preconditions.checkNotNull(alias, "alias is null"); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 820 | int uid = Binder.getCallingUid(); |
| 821 | int userId = UserHandle.getCallingUserId(); |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 822 | return getAlias(userId, uid, alias); |
Dmitry Dementyev | 29b9de5 | 2018-01-31 16:09:32 -0800 | [diff] [blame] | 823 | } |
| 824 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 825 | private byte[] decryptRecoveryKey( |
| 826 | RecoverySessionStorage.Entry sessionEntry, byte[] encryptedClaimResponse) |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 827 | throws RemoteException, ServiceSpecificException { |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 828 | byte[] locallyEncryptedKey; |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 829 | try { |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 830 | locallyEncryptedKey = KeySyncUtils.decryptRecoveryClaimResponse( |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 831 | sessionEntry.getKeyClaimant(), |
| 832 | sessionEntry.getVaultParams(), |
| 833 | encryptedClaimResponse); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 834 | } catch (InvalidKeyException e) { |
| 835 | Log.e(TAG, "Got InvalidKeyException during decrypting recovery claim response", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 836 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 837 | "Failed to decrypt recovery key " + e.getMessage()); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 838 | } catch (AEADBadTagException e) { |
| 839 | Log.e(TAG, "Got AEADBadTagException during decrypting recovery claim response", e); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 840 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 841 | "Failed to decrypt recovery key " + e.getMessage()); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 842 | } catch (NoSuchAlgorithmException e) { |
| 843 | // Should never happen: all the algorithms used are required by AOSP implementations |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 844 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 845 | } |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 846 | |
| 847 | try { |
Bo Zhu | 9d05bfb | 2018-01-29 17:22:03 -0800 | [diff] [blame] | 848 | return KeySyncUtils.decryptRecoveryKey(sessionEntry.getLskfHash(), locallyEncryptedKey); |
| 849 | } catch (InvalidKeyException e) { |
| 850 | Log.e(TAG, "Got InvalidKeyException during decrypting recovery key", e); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 851 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 852 | "Failed to decrypt recovery key " + e.getMessage()); |
| 853 | } catch (AEADBadTagException e) { |
| 854 | Log.e(TAG, "Got AEADBadTagException during decrypting recovery key", e); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 855 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 856 | "Failed to decrypt recovery key " + e.getMessage()); |
| 857 | } catch (NoSuchAlgorithmException e) { |
| 858 | // Should never happen: all the algorithms used are required by AOSP implementations |
| 859 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 860 | } |
| 861 | } |
| 862 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 863 | /** |
| 864 | * Uses {@code recoveryKey} to decrypt {@code applicationKeys}. |
| 865 | * |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 866 | * @return Map from alias to raw key material. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 867 | * @throws RemoteException if an error occurred decrypting the keys. |
| 868 | */ |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 869 | private @NonNull Map<String, byte[]> recoverApplicationKeys(@NonNull byte[] recoveryKey, |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 870 | @NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException { |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 871 | HashMap<String, byte[]> keyMaterialByAlias = new HashMap<>(); |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 872 | for (WrappedApplicationKey applicationKey : applicationKeys) { |
Dmitry Dementyev | 07c76555 | 2018-01-08 17:31:59 -0800 | [diff] [blame] | 873 | String alias = applicationKey.getAlias(); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 874 | byte[] encryptedKeyMaterial = applicationKey.getEncryptedKeyMaterial(); |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 875 | byte[] keyMetadata = applicationKey.getMetadata(); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 876 | |
| 877 | try { |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 878 | byte[] keyMaterial = KeySyncUtils.decryptApplicationKey(recoveryKey, |
| 879 | encryptedKeyMaterial, keyMetadata); |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 880 | keyMaterialByAlias.put(alias, keyMaterial); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 881 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 882 | Log.wtf(TAG, "Missing SecureBox algorithm. AOSP required to support this.", e); |
| 883 | throw new ServiceSpecificException( |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 884 | ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | a9a04e2 | 2018-01-26 11:38:11 -0800 | [diff] [blame] | 885 | } catch (InvalidKeyException e) { |
Bo Zhu | a9a04e2 | 2018-01-26 11:38:11 -0800 | [diff] [blame] | 886 | Log.e(TAG, "Got InvalidKeyException during decrypting application key with alias: " |
| 887 | + alias, e); |
Bo Zhu | a9a04e2 | 2018-01-26 11:38:11 -0800 | [diff] [blame] | 888 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 889 | "Failed to recover key with alias '" + alias + "': " + e.getMessage()); |
| 890 | } catch (AEADBadTagException e) { |
Bo Zhu | a9a04e2 | 2018-01-26 11:38:11 -0800 | [diff] [blame] | 891 | Log.e(TAG, "Got AEADBadTagException during decrypting application key with alias: " |
| 892 | + alias, e); |
Bo Zhu | 4857cb5 | 2018-02-06 14:34:48 -0800 | [diff] [blame] | 893 | // Ignore the exception to continue to recover the other application keys. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 894 | } |
| 895 | } |
Bo Zhu | ae0682d | 2018-02-13 10:23:39 -0800 | [diff] [blame] | 896 | if (!applicationKeys.isEmpty() && keyMaterialByAlias.isEmpty()) { |
Bo Zhu | 4857cb5 | 2018-02-06 14:34:48 -0800 | [diff] [blame] | 897 | Log.e(TAG, "Failed to recover any of the application keys."); |
| 898 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 899 | "Failed to recover any of the application keys."); |
| 900 | } |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 901 | return keyMaterialByAlias; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 902 | } |
| 903 | |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 904 | /** |
| 905 | * This function can only be used inside LockSettingsService. |
| 906 | * |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 907 | * @param storedHashType from {@code CredentialHash} |
Rich Cannings | f64ec63 | 2019-02-21 12:40:36 -0800 | [diff] [blame] | 908 | * @param credential - unencrypted byte array. Password length should be at most 16 symbols |
| 909 | * {@code mPasswordMaxLength} |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 910 | * @param userId for user who just unlocked the device. |
| 911 | * @hide |
| 912 | */ |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 913 | public void lockScreenSecretAvailable( |
Rich Cannings | f64ec63 | 2019-02-21 12:40:36 -0800 | [diff] [blame] | 914 | int storedHashType, @NonNull byte[] credential, int userId) { |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 915 | // So as not to block the critical path unlocking the phone, defer to another thread. |
| 916 | try { |
| 917 | mExecutorService.execute(KeySyncTask.newInstance( |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 918 | mContext, |
| 919 | mDatabase, |
| 920 | mSnapshotStorage, |
| 921 | mListenersStorage, |
| 922 | userId, |
| 923 | storedHashType, |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 924 | credential, |
| 925 | /*credentialUpdated=*/ false)); |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 926 | } catch (NoSuchAlgorithmException e) { |
| 927 | Log.wtf(TAG, "Should never happen - algorithm unavailable for KeySync", e); |
| 928 | } catch (KeyStoreException e) { |
| 929 | Log.e(TAG, "Key store error encountered during recoverable key sync", e); |
| 930 | } catch (InsecureUserException e) { |
| 931 | Log.wtf(TAG, "Impossible - insecure user, but user just entered lock screen", e); |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 932 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 933 | } |
| 934 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 935 | /** |
| 936 | * This function can only be used inside LockSettingsService. |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 937 | * |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 938 | * @param storedHashType from {@code CredentialHash} |
Rich Cannings | f64ec63 | 2019-02-21 12:40:36 -0800 | [diff] [blame] | 939 | * @param credential - unencrypted byte array |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 940 | * @param userId for the user whose lock screen credentials were changed. |
| 941 | * @hide |
| 942 | */ |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 943 | public void lockScreenSecretChanged( |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 944 | int storedHashType, |
Rich Cannings | f64ec63 | 2019-02-21 12:40:36 -0800 | [diff] [blame] | 945 | @Nullable byte[] credential, |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 946 | int userId) { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 947 | // So as not to block the critical path unlocking the phone, defer to another thread. |
| 948 | try { |
| 949 | mExecutorService.execute(KeySyncTask.newInstance( |
| 950 | mContext, |
| 951 | mDatabase, |
| 952 | mSnapshotStorage, |
| 953 | mListenersStorage, |
| 954 | userId, |
| 955 | storedHashType, |
| 956 | credential, |
| 957 | /*credentialUpdated=*/ true)); |
| 958 | } catch (NoSuchAlgorithmException e) { |
| 959 | Log.wtf(TAG, "Should never happen - algorithm unavailable for KeySync", e); |
| 960 | } catch (KeyStoreException e) { |
| 961 | Log.e(TAG, "Key store error encountered during recoverable key sync", e); |
| 962 | } catch (InsecureUserException e) { |
Dmitry Dementyev | 6e16724 | 2018-01-25 15:29:50 -0800 | [diff] [blame] | 963 | Log.e(TAG, "InsecureUserException during lock screen secret update", e); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 964 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 965 | } |
| 966 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 967 | private void checkRecoverKeyStorePermission() { |
| 968 | mContext.enforceCallingOrSelfPermission( |
Dmitry Dementyev | ed89ea0 | 2018-01-11 13:53:52 -0800 | [diff] [blame] | 969 | Manifest.permission.RECOVER_KEYSTORE, |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 970 | "Caller " + Binder.getCallingUid() + " doesn't have RecoverKeyStore permission."); |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 971 | int userId = UserHandle.getCallingUserId(); |
| 972 | int uid = Binder.getCallingUid(); |
| 973 | mCleanupManager.registerRecoveryAgent(userId, uid); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 974 | } |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 975 | |
| 976 | private boolean publicKeysMatch(PublicKey publicKey, byte[] vaultParams) { |
| 977 | byte[] encodedPublicKey = SecureBox.encodePublicKey(publicKey); |
| 978 | return Arrays.equals(encodedPublicKey, Arrays.copyOf(vaultParams, encodedPublicKey.length)); |
| 979 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 980 | } |