Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 17 | package com.android.server.locksettings.recoverablekeystore.storage; |
| 18 | |
| 19 | import android.content.Context; |
| 20 | import android.database.sqlite.SQLiteDatabase; |
| 21 | import android.database.sqlite.SQLiteOpenHelper; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 22 | import android.util.Log; |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 23 | |
| 24 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.KeysEntry; |
Bo Zhu | 584b923f | 2017-12-22 16:05:15 -0800 | [diff] [blame] | 25 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.RecoveryServiceMetadataEntry; |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 26 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.RootOfTrustEntry; |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 27 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDbContract.UserMetadataEntry; |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 28 | |
| 29 | /** |
| 30 | * Helper for creating the recoverable key database. |
| 31 | */ |
| 32 | class RecoverableKeyStoreDbHelper extends SQLiteOpenHelper { |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 33 | private static final String TAG = "RecoverableKeyStoreDbHp"; |
| 34 | |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 35 | static final int DATABASE_VERSION = 6; // Added user id serial number. |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 36 | private static final String DATABASE_NAME = "recoverablekeystore.db"; |
| 37 | |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 38 | private static final String SQL_CREATE_KEYS_ENTRY = |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 39 | "CREATE TABLE " + KeysEntry.TABLE_NAME + "( " |
| 40 | + KeysEntry._ID + " INTEGER PRIMARY KEY," |
Robert Berry | b7c06ea | 2017-12-21 13:37:23 +0000 | [diff] [blame] | 41 | + KeysEntry.COLUMN_NAME_USER_ID + " INTEGER," |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 42 | + KeysEntry.COLUMN_NAME_UID + " INTEGER," |
| 43 | + KeysEntry.COLUMN_NAME_ALIAS + " TEXT," |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 44 | + KeysEntry.COLUMN_NAME_NONCE + " BLOB," |
| 45 | + KeysEntry.COLUMN_NAME_WRAPPED_KEY + " BLOB," |
| 46 | + KeysEntry.COLUMN_NAME_GENERATION_ID + " INTEGER," |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 47 | + KeysEntry.COLUMN_NAME_LAST_SYNCED_AT + " INTEGER," |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 48 | + KeysEntry.COLUMN_NAME_RECOVERY_STATUS + " INTEGER," |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 49 | + KeysEntry.COLUMN_NAME_KEY_METADATA + " BLOB," |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 50 | + "UNIQUE(" + KeysEntry.COLUMN_NAME_UID + "," |
| 51 | + KeysEntry.COLUMN_NAME_ALIAS + "))"; |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 52 | |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 53 | private static final String SQL_CREATE_USER_METADATA_ENTRY = |
| 54 | "CREATE TABLE " + UserMetadataEntry.TABLE_NAME + "( " |
| 55 | + UserMetadataEntry._ID + " INTEGER PRIMARY KEY," |
| 56 | + UserMetadataEntry.COLUMN_NAME_USER_ID + " INTEGER UNIQUE," |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 57 | + UserMetadataEntry.COLUMN_NAME_PLATFORM_KEY_GENERATION_ID + " INTEGER," |
| 58 | + UserMetadataEntry.COLUMN_NAME_USER_SERIAL_NUMBER + " INTEGER DEFAULT -1)"; |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 59 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 60 | private static final String SQL_CREATE_RECOVERY_SERVICE_METADATA_ENTRY = |
Bo Zhu | 584b923f | 2017-12-22 16:05:15 -0800 | [diff] [blame] | 61 | "CREATE TABLE " + RecoveryServiceMetadataEntry.TABLE_NAME + " (" |
| 62 | + RecoveryServiceMetadataEntry._ID + " INTEGER PRIMARY KEY," |
| 63 | + RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID + " INTEGER," |
| 64 | + RecoveryServiceMetadataEntry.COLUMN_NAME_UID + " INTEGER," |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 65 | + RecoveryServiceMetadataEntry.COLUMN_NAME_SNAPSHOT_VERSION + " INTEGER," |
| 66 | + RecoveryServiceMetadataEntry.COLUMN_NAME_SHOULD_CREATE_SNAPSHOT + " INTEGER," |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 67 | + RecoveryServiceMetadataEntry.COLUMN_NAME_ACTIVE_ROOT_OF_TRUST + " TEXT," |
Bo Zhu | 584b923f | 2017-12-22 16:05:15 -0800 | [diff] [blame] | 68 | + RecoveryServiceMetadataEntry.COLUMN_NAME_PUBLIC_KEY + " BLOB," |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 69 | + RecoveryServiceMetadataEntry.COLUMN_NAME_CERT_PATH + " BLOB," |
| 70 | + RecoveryServiceMetadataEntry.COLUMN_NAME_CERT_SERIAL + " INTEGER," |
Dmitry Dementyev | bdfdf53 | 2017-12-27 11:58:45 -0800 | [diff] [blame] | 71 | + RecoveryServiceMetadataEntry.COLUMN_NAME_SECRET_TYPES + " TEXT," |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 72 | + RecoveryServiceMetadataEntry.COLUMN_NAME_COUNTER_ID + " INTEGER," |
Dmitry Dementyev | 7d8c78a | 2018-01-12 19:14:07 -0800 | [diff] [blame] | 73 | + RecoveryServiceMetadataEntry.COLUMN_NAME_SERVER_PARAMS + " BLOB," |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 74 | + "UNIQUE(" |
Bo Zhu | 584b923f | 2017-12-22 16:05:15 -0800 | [diff] [blame] | 75 | + RecoveryServiceMetadataEntry.COLUMN_NAME_USER_ID + "," |
| 76 | + RecoveryServiceMetadataEntry.COLUMN_NAME_UID + "))"; |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 77 | |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 78 | private static final String SQL_CREATE_ROOT_OF_TRUST_ENTRY = |
| 79 | "CREATE TABLE " + RootOfTrustEntry.TABLE_NAME + " (" |
| 80 | + RootOfTrustEntry._ID + " INTEGER PRIMARY KEY," |
| 81 | + RootOfTrustEntry.COLUMN_NAME_USER_ID + " INTEGER," |
| 82 | + RootOfTrustEntry.COLUMN_NAME_UID + " INTEGER," |
Dmitry Dementyev | 5800c90 | 2019-03-05 14:53:24 -0800 | [diff] [blame] | 83 | + RootOfTrustEntry.COLUMN_NAME_ROOT_ALIAS + " TEXT," |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 84 | + RootOfTrustEntry.COLUMN_NAME_CERT_PATH + " BLOB," |
| 85 | + RootOfTrustEntry.COLUMN_NAME_CERT_SERIAL + " INTEGER," |
| 86 | + "UNIQUE(" |
| 87 | + RootOfTrustEntry.COLUMN_NAME_USER_ID + "," |
| 88 | + RootOfTrustEntry.COLUMN_NAME_UID + "," |
| 89 | + RootOfTrustEntry.COLUMN_NAME_ROOT_ALIAS + "))"; |
| 90 | |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 91 | private static final String SQL_DELETE_KEYS_ENTRY = |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 92 | "DROP TABLE IF EXISTS " + KeysEntry.TABLE_NAME; |
| 93 | |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 94 | private static final String SQL_DELETE_USER_METADATA_ENTRY = |
| 95 | "DROP TABLE IF EXISTS " + UserMetadataEntry.TABLE_NAME; |
| 96 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 97 | private static final String SQL_DELETE_RECOVERY_SERVICE_METADATA_ENTRY = |
Bo Zhu | 584b923f | 2017-12-22 16:05:15 -0800 | [diff] [blame] | 98 | "DROP TABLE IF EXISTS " + RecoveryServiceMetadataEntry.TABLE_NAME; |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 99 | |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 100 | private static final String SQL_DELETE_ROOT_OF_TRUST_ENTRY = |
| 101 | "DROP TABLE IF EXISTS " + RootOfTrustEntry.TABLE_NAME; |
| 102 | |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 103 | RecoverableKeyStoreDbHelper(Context context) { |
| 104 | super(context, DATABASE_NAME, null, DATABASE_VERSION); |
| 105 | } |
| 106 | |
| 107 | @Override |
| 108 | public void onCreate(SQLiteDatabase db) { |
Robert Berry | bc08840 | 2017-12-18 13:10:41 +0000 | [diff] [blame] | 109 | db.execSQL(SQL_CREATE_KEYS_ENTRY); |
| 110 | db.execSQL(SQL_CREATE_USER_METADATA_ENTRY); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 111 | db.execSQL(SQL_CREATE_RECOVERY_SERVICE_METADATA_ENTRY); |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 112 | db.execSQL(SQL_CREATE_ROOT_OF_TRUST_ENTRY); |
| 113 | } |
| 114 | |
| 115 | @Override |
| 116 | public void onDowngrade(SQLiteDatabase db, int oldVersion, int newVersion) { |
| 117 | Log.e(TAG, "Recreating recoverablekeystore after unexpected version downgrade."); |
| 118 | dropAllKnownTables(db); // Wipe database. |
| 119 | onCreate(db); |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 120 | } |
| 121 | |
| 122 | @Override |
| 123 | public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) { |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 124 | if (oldVersion < 2) { |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 125 | dropAllKnownTables(db); // Wipe database. |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 126 | onCreate(db); |
| 127 | return; |
| 128 | } |
| 129 | |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 130 | if (oldVersion < 3 && newVersion >= 3) { |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 131 | upgradeDbForVersion3(db); |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 132 | oldVersion = 3; |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 133 | } |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 134 | |
| 135 | if (oldVersion < 4 && newVersion >= 4) { |
| 136 | upgradeDbForVersion4(db); |
| 137 | oldVersion = 4; |
| 138 | } |
| 139 | |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 140 | if (oldVersion < 5 && newVersion >= 5) { |
| 141 | upgradeDbForVersion5(db); |
| 142 | oldVersion = 5; |
| 143 | } |
| 144 | |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 145 | if (oldVersion < 6 && newVersion >= 6) { |
| 146 | upgradeDbForVersion6(db); |
| 147 | oldVersion = 6; |
| 148 | } |
| 149 | |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 150 | if (oldVersion != newVersion) { |
| 151 | Log.e(TAG, "Failed to update recoverablekeystore database to the most recent version"); |
| 152 | } |
| 153 | } |
| 154 | |
| 155 | private void dropAllKnownTables(SQLiteDatabase db) { |
| 156 | db.execSQL(SQL_DELETE_KEYS_ENTRY); |
| 157 | db.execSQL(SQL_DELETE_USER_METADATA_ENTRY); |
| 158 | db.execSQL(SQL_DELETE_RECOVERY_SERVICE_METADATA_ENTRY); |
| 159 | db.execSQL(SQL_DELETE_ROOT_OF_TRUST_ENTRY); |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 160 | } |
| 161 | |
| 162 | private void upgradeDbForVersion3(SQLiteDatabase db) { |
| 163 | // Add the two columns for cert path and cert serial number |
| 164 | addColumnToTable(db, RecoveryServiceMetadataEntry.TABLE_NAME, |
| 165 | RecoveryServiceMetadataEntry.COLUMN_NAME_CERT_PATH, "BLOB", /*defaultStr=*/ null); |
| 166 | addColumnToTable(db, RecoveryServiceMetadataEntry.TABLE_NAME, |
| 167 | RecoveryServiceMetadataEntry.COLUMN_NAME_CERT_SERIAL, "INTEGER", /*defaultStr=*/ |
| 168 | null); |
| 169 | } |
| 170 | |
Dmitry Dementyev | f34fc7e | 2018-03-26 17:31:29 -0700 | [diff] [blame] | 171 | private void upgradeDbForVersion4(SQLiteDatabase db) { |
| 172 | Log.d(TAG, "Updating recoverable keystore database to version 4"); |
| 173 | // Add new table with two columns for cert path and cert serial number. |
| 174 | db.execSQL(SQL_CREATE_ROOT_OF_TRUST_ENTRY); |
| 175 | // adds column to store root of trust currently used by the recovery agent |
| 176 | addColumnToTable(db, RecoveryServiceMetadataEntry.TABLE_NAME, |
| 177 | RecoveryServiceMetadataEntry.COLUMN_NAME_ACTIVE_ROOT_OF_TRUST, "TEXT", |
| 178 | /*defaultStr=*/ null); |
| 179 | } |
| 180 | |
Bo Zhu | 7ebcd66 | 2019-01-04 17:00:58 -0800 | [diff] [blame] | 181 | private void upgradeDbForVersion5(SQLiteDatabase db) { |
| 182 | Log.d(TAG, "Updating recoverable keystore database to version 5"); |
| 183 | // adds a column to store the metadata for application keys |
| 184 | addColumnToTable(db, KeysEntry.TABLE_NAME, |
| 185 | KeysEntry.COLUMN_NAME_KEY_METADATA, "BLOB", /*defaultStr=*/ null); |
| 186 | } |
| 187 | |
Dmitry Dementyev | 89f12d5 | 2019-02-28 12:26:01 -0800 | [diff] [blame] | 188 | private void upgradeDbForVersion6(SQLiteDatabase db) { |
| 189 | Log.d(TAG, "Updating recoverable keystore database to version 6"); |
| 190 | // adds a column to store the user serial number |
| 191 | addColumnToTable(db, UserMetadataEntry.TABLE_NAME, |
| 192 | UserMetadataEntry.COLUMN_NAME_USER_SERIAL_NUMBER, |
| 193 | "INTEGER DEFAULT -1", |
| 194 | /*defaultStr=*/ null); |
| 195 | } |
| 196 | |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 197 | private static void addColumnToTable( |
| 198 | SQLiteDatabase db, String tableName, String column, String columnType, |
| 199 | String defaultStr) { |
| 200 | Log.d(TAG, "Adding column " + column + " to " + tableName + "."); |
| 201 | |
| 202 | String alterStr = "ALTER TABLE " + tableName + " ADD COLUMN " + column + " " + columnType; |
| 203 | if (defaultStr != null && !defaultStr.isEmpty()) { |
| 204 | alterStr += " DEFAULT " + defaultStr; |
| 205 | } |
| 206 | |
| 207 | db.execSQL(alterStr + ";"); |
Robert Berry | 76cf083 | 2017-12-15 23:01:22 +0000 | [diff] [blame] | 208 | } |
| 209 | } |
Bo Zhu | 14d993d | 2018-02-03 21:38:48 -0800 | [diff] [blame] | 210 | |