Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2018 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.security.keystore.recovery; |
| 18 | |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 19 | import android.Manifest; |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 20 | import android.annotation.NonNull; |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 21 | import android.annotation.RequiresPermission; |
| 22 | import android.annotation.SystemApi; |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 23 | import android.os.RemoteException; |
| 24 | import android.os.ServiceSpecificException; |
Max Bires | 13f98ce | 2018-11-02 10:50:40 -0700 | [diff] [blame] | 25 | import android.security.keystore.KeyPermanentlyInvalidatedException; |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 26 | import android.util.ArrayMap; |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 27 | import android.util.Log; |
| 28 | |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 29 | import java.security.Key; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 30 | import java.security.SecureRandom; |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 31 | import java.security.UnrecoverableKeyException; |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 32 | import java.security.cert.CertPath; |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 33 | import java.security.cert.CertificateException; |
| 34 | import java.util.List; |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 35 | import java.util.Locale; |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 36 | import java.util.Map; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 37 | |
| 38 | /** |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 39 | * Session to recover a {@link KeyChainSnapshot} from the remote trusted hardware, initiated by a |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 40 | * recovery agent. |
| 41 | * |
| 42 | * @hide |
| 43 | */ |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 44 | @SystemApi |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 45 | public class RecoverySession implements AutoCloseable { |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 46 | private static final String TAG = "RecoverySession"; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 47 | |
| 48 | private static final int SESSION_ID_LENGTH_BYTES = 16; |
| 49 | |
| 50 | private final String mSessionId; |
| 51 | private final RecoveryController mRecoveryController; |
| 52 | |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 53 | private RecoverySession(@NonNull RecoveryController recoveryController, |
| 54 | @NonNull String sessionId) { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 55 | mRecoveryController = recoveryController; |
| 56 | mSessionId = sessionId; |
| 57 | } |
| 58 | |
| 59 | /** |
Robert Berry | beafcb5 | 2018-02-26 19:00:29 +0000 | [diff] [blame] | 60 | * A new session, started by the {@link RecoveryController}. |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 61 | */ |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 62 | @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 63 | static @NonNull RecoverySession newInstance(RecoveryController recoveryController) { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 64 | return new RecoverySession(recoveryController, newSessionId()); |
| 65 | } |
| 66 | |
| 67 | /** |
| 68 | * Returns a new random session ID. |
| 69 | */ |
Dmitry Dementyev | 1e6a9dc | 2018-03-21 13:52:00 -0700 | [diff] [blame] | 70 | private static @NonNull String newSessionId() { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 71 | SecureRandom secureRandom = new SecureRandom(); |
| 72 | byte[] sessionId = new byte[SESSION_ID_LENGTH_BYTES]; |
| 73 | secureRandom.nextBytes(sessionId); |
| 74 | StringBuilder sb = new StringBuilder(); |
| 75 | for (byte b : sessionId) { |
| 76 | sb.append(Byte.toHexString(b, /*upperCase=*/ false)); |
| 77 | } |
| 78 | return sb.toString(); |
| 79 | } |
| 80 | |
| 81 | /** |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 82 | * Starts a recovery session and returns a blob with proof of recovery secret possession. |
| 83 | * The method generates a symmetric key for a session, which trusted remote device can use to |
| 84 | * return recovery key. |
| 85 | * |
| 86 | * @param rootCertificateAlias The alias of the root certificate that is already in the Android |
| 87 | * OS. The root certificate will be used for validating {@code verifierCertPath}. |
| 88 | * @param verifierCertPath The certificate path used to create the recovery blob on the source |
| 89 | * device. Keystore will verify the certificate path by using the root of trust. |
| 90 | * @param vaultParams Must match the parameters in the corresponding field in the recovery blob. |
| 91 | * Used to limit number of guesses. |
| 92 | * @param vaultChallenge Data passed from server for this recovery session and used to prevent |
| 93 | * replay attacks. |
| 94 | * @param secrets Secrets provided by user, the method only uses type and secret fields. |
Dmitry Dementyev | 86f5bb1 | 2018-03-27 16:58:50 -0700 | [diff] [blame] | 95 | * @return The binary blob with recovery claim. It is encrypted with verifierPublicKey |
| 96 | * and contains a proof of user secrets possession, session symmetric |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 97 | * key and parameters necessary to identify the counter with the number of failed recovery |
| 98 | * attempts. |
| 99 | * @throws CertificateException if the {@code verifierCertPath} is invalid. |
| 100 | * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery |
| 101 | * service. |
Bo Zhu | b31ab67 | 2018-03-20 22:44:18 -0700 | [diff] [blame] | 102 | */ |
| 103 | @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) |
| 104 | @NonNull public byte[] start( |
| 105 | @NonNull String rootCertificateAlias, |
| 106 | @NonNull CertPath verifierCertPath, |
| 107 | @NonNull byte[] vaultParams, |
| 108 | @NonNull byte[] vaultChallenge, |
| 109 | @NonNull List<KeyChainProtectionParams> secrets) |
| 110 | throws CertificateException, InternalRecoveryServiceException { |
| 111 | // Wrap the CertPath in a Parcelable so it can be passed via Binder calls. |
| 112 | RecoveryCertPath recoveryCertPath = |
| 113 | RecoveryCertPath.createRecoveryCertPath(verifierCertPath); |
| 114 | try { |
| 115 | byte[] recoveryClaim = |
| 116 | mRecoveryController.getBinder().startRecoverySessionWithCertPath( |
| 117 | mSessionId, |
| 118 | rootCertificateAlias, |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 119 | recoveryCertPath, |
| 120 | vaultParams, |
| 121 | vaultChallenge, |
| 122 | secrets); |
| 123 | return recoveryClaim; |
| 124 | } catch (RemoteException e) { |
| 125 | throw e.rethrowFromSystemServer(); |
| 126 | } catch (ServiceSpecificException e) { |
Bo Zhu | 7f414d9 | 2018-02-28 09:28:19 -0800 | [diff] [blame] | 127 | if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT |
| 128 | || e.errorCode == RecoveryController.ERROR_INVALID_CERTIFICATE) { |
Bo Zhu | 41d2dd2 | 2018-03-30 12:20:06 -0700 | [diff] [blame] | 129 | throw new CertificateException("Invalid certificate for recovery session", e); |
Bo Zhu | 7c1972f | 2018-02-22 21:43:52 -0800 | [diff] [blame] | 130 | } |
| 131 | throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); |
| 132 | } |
| 133 | } |
| 134 | |
| 135 | /** |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 136 | * Imports key chain snapshot recovered from a remote vault. |
| 137 | * |
| 138 | * @param recoveryKeyBlob Recovery blob encrypted by symmetric key generated for this session. |
| 139 | * @param applicationKeys Application keys. Key material can be decrypted using recoveryKeyBlob |
Dmitry Dementyev | 86f5bb1 | 2018-03-27 16:58:50 -0700 | [diff] [blame] | 140 | * and session key generated by {@link #start}. |
| 141 | * @return {@code Map} from recovered keys aliases to their references. |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 142 | * @throws SessionExpiredException if {@code session} has since been closed. |
| 143 | * @throws DecryptionFailedException if unable to decrypt the snapshot. |
| 144 | * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service. |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 145 | */ |
| 146 | @RequiresPermission(Manifest.permission.RECOVER_KEYSTORE) |
Dmitry Dementyev | fd4ae0b | 2018-03-23 11:06:24 -0700 | [diff] [blame] | 147 | @NonNull public Map<String, Key> recoverKeyChainSnapshot( |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 148 | @NonNull byte[] recoveryKeyBlob, |
| 149 | @NonNull List<WrappedApplicationKey> applicationKeys |
| 150 | ) throws SessionExpiredException, DecryptionFailedException, InternalRecoveryServiceException { |
| 151 | try { |
| 152 | Map<String, String> grantAliases = mRecoveryController |
| 153 | .getBinder() |
| 154 | .recoverKeyChainSnapshot(mSessionId, recoveryKeyBlob, applicationKeys); |
| 155 | return getKeysFromGrants(grantAliases); |
| 156 | } catch (RemoteException e) { |
| 157 | throw e.rethrowFromSystemServer(); |
| 158 | } catch (ServiceSpecificException e) { |
| 159 | if (e.errorCode == RecoveryController.ERROR_DECRYPTION_FAILED) { |
| 160 | throw new DecryptionFailedException(e.getMessage()); |
| 161 | } |
| 162 | if (e.errorCode == RecoveryController.ERROR_SESSION_EXPIRED) { |
| 163 | throw new SessionExpiredException(e.getMessage()); |
| 164 | } |
| 165 | throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); |
| 166 | } |
| 167 | } |
| 168 | |
| 169 | /** Given a map from alias to grant alias, returns a map from alias to a {@link Key} handle. */ |
Dmitry Dementyev | 0bbaf18 | 2018-03-23 17:36:58 -0700 | [diff] [blame] | 170 | private @NonNull Map<String, Key> getKeysFromGrants(@NonNull Map<String, String> grantAliases) |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 171 | throws InternalRecoveryServiceException { |
| 172 | ArrayMap<String, Key> keysByAlias = new ArrayMap<>(grantAliases.size()); |
| 173 | for (String alias : grantAliases.keySet()) { |
| 174 | String grantAlias = grantAliases.get(alias); |
| 175 | Key key; |
| 176 | try { |
| 177 | key = mRecoveryController.getKeyFromGrant(grantAlias); |
Max Bires | 13f98ce | 2018-11-02 10:50:40 -0700 | [diff] [blame] | 178 | } catch (KeyPermanentlyInvalidatedException | UnrecoverableKeyException e) { |
Robert Berry | 4a5c87d | 2018-03-19 18:00:46 +0000 | [diff] [blame] | 179 | throw new InternalRecoveryServiceException( |
| 180 | String.format( |
| 181 | Locale.US, |
| 182 | "Failed to get key '%s' from grant '%s'", |
| 183 | alias, |
| 184 | grantAlias), e); |
| 185 | } |
| 186 | keysByAlias.put(alias, key); |
| 187 | } |
| 188 | return keysByAlias; |
| 189 | } |
| 190 | |
| 191 | /** |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 192 | * An internal session ID, used by the framework to match recovery claims to snapshot responses. |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 193 | * |
| 194 | * @hide |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 195 | */ |
Dmitry Dementyev | ebe5327 | 2019-03-05 13:33:24 -0800 | [diff] [blame] | 196 | @NonNull String getSessionId() { |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 197 | return mSessionId; |
| 198 | } |
| 199 | |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 200 | /** |
Dmitry Dementyev | 86f5bb1 | 2018-03-27 16:58:50 -0700 | [diff] [blame] | 201 | * Deletes all data associated with {@code session}. |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 202 | */ |
Dmitry Dementyev | f8ae5de | 2018-01-08 18:08:23 -0800 | [diff] [blame] | 203 | @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 204 | @Override |
| 205 | public void close() { |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 206 | try { |
| 207 | mRecoveryController.getBinder().closeSession(mSessionId); |
| 208 | } catch (RemoteException | ServiceSpecificException e) { |
| 209 | Log.e(TAG, "Unexpected error trying to close session", e); |
| 210 | } |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 211 | } |
| 212 | } |