Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server.locksettings.recoverablekeystore; |
| 18 | |
Robert Berry | 74928a1 | 2018-01-18 17:49:07 +0000 | [diff] [blame] | 19 | import static android.security.keystore.RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT; |
| 20 | import static android.security.keystore.RecoveryController.ERROR_DECRYPTION_FAILED; |
| 21 | import static android.security.keystore.RecoveryController.ERROR_INSECURE_USER; |
| 22 | import static android.security.keystore.RecoveryController.ERROR_NO_SNAPSHOT_PENDING; |
| 23 | import static android.security.keystore.RecoveryController.ERROR_SERVICE_INTERNAL_ERROR; |
| 24 | import static android.security.keystore.RecoveryController.ERROR_SESSION_EXPIRED; |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 25 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 26 | import android.annotation.NonNull; |
| 27 | import android.annotation.Nullable; |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 28 | import android.app.PendingIntent; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 29 | import android.content.Context; |
Dmitry Dementyev | ed89ea0 | 2018-01-11 13:53:52 -0800 | [diff] [blame] | 30 | import android.Manifest; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 31 | import android.os.Binder; |
| 32 | import android.os.RemoteException; |
| 33 | import android.os.ServiceSpecificException; |
| 34 | import android.os.UserHandle; |
| 35 | |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 36 | import android.security.keystore.recovery.KeyChainProtectionParams; |
| 37 | import android.security.keystore.recovery.KeyChainSnapshot; |
Robert Berry | 81ee34b | 2018-01-23 11:59:59 +0000 | [diff] [blame] | 38 | import android.security.keystore.recovery.RecoveryController; |
| 39 | import android.security.keystore.recovery.WrappedApplicationKey; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 40 | import android.util.Log; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 41 | |
| 42 | import com.android.internal.annotations.VisibleForTesting; |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 43 | import com.android.internal.util.HexDump; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 44 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; |
| 45 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 46 | import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 47 | |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 48 | import java.security.InvalidKeyException; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 49 | import java.security.KeyStoreException; |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 50 | import java.security.KeyFactory; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 51 | import java.security.NoSuchAlgorithmException; |
| 52 | import java.security.PublicKey; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 53 | import java.security.UnrecoverableKeyException; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 54 | import java.security.spec.InvalidKeySpecException; |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 55 | import java.security.spec.X509EncodedKeySpec; |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 56 | import java.util.Arrays; |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 57 | import java.util.HashMap; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 58 | import java.util.List; |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 59 | import java.util.Locale; |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 60 | import java.util.Map; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 61 | import java.util.concurrent.ExecutorService; |
| 62 | import java.util.concurrent.Executors; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 63 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 64 | import javax.crypto.AEADBadTagException; |
| 65 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 66 | /** |
Robert Berry | 74928a1 | 2018-01-18 17:49:07 +0000 | [diff] [blame] | 67 | * Class with {@link RecoveryController} API implementation and internal methods to interact |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 68 | * with {@code LockSettingsService}. |
| 69 | * |
| 70 | * @hide |
| 71 | */ |
| 72 | public class RecoverableKeyStoreManager { |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 73 | private static final String TAG = "RecoverableKeyStoreMgr"; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 74 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 75 | private static RecoverableKeyStoreManager mInstance; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 76 | |
| 77 | private final Context mContext; |
| 78 | private final RecoverableKeyStoreDb mDatabase; |
| 79 | private final RecoverySessionStorage mRecoverySessionStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 80 | private final ExecutorService mExecutorService; |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 81 | private final RecoverySnapshotListenersStorage mListenersStorage; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 82 | private final RecoverableKeyGenerator mRecoverableKeyGenerator; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 83 | private final RecoverySnapshotStorage mSnapshotStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 84 | private final PlatformKeyManager mPlatformKeyManager; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 85 | |
| 86 | /** |
| 87 | * Returns a new or existing instance. |
| 88 | * |
| 89 | * @hide |
| 90 | */ |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 91 | public static synchronized RecoverableKeyStoreManager getInstance(Context context) { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 92 | if (mInstance == null) { |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 93 | RecoverableKeyStoreDb db = RecoverableKeyStoreDb.newInstance(context); |
| 94 | PlatformKeyManager platformKeyManager; |
| 95 | try { |
| 96 | platformKeyManager = PlatformKeyManager.getInstance(context, db); |
| 97 | } catch (NoSuchAlgorithmException e) { |
| 98 | // Impossible: all algorithms must be supported by AOSP |
| 99 | throw new RuntimeException(e); |
| 100 | } catch (KeyStoreException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 101 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 102 | } |
| 103 | |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 104 | mInstance = new RecoverableKeyStoreManager( |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 105 | context.getApplicationContext(), |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 106 | db, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 107 | new RecoverySessionStorage(), |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 108 | Executors.newSingleThreadExecutor(), |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 109 | new RecoverySnapshotStorage(), |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 110 | new RecoverySnapshotListenersStorage(), |
| 111 | platformKeyManager); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 112 | } |
| 113 | return mInstance; |
| 114 | } |
| 115 | |
| 116 | @VisibleForTesting |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 117 | RecoverableKeyStoreManager( |
| 118 | Context context, |
| 119 | RecoverableKeyStoreDb recoverableKeyStoreDb, |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 120 | RecoverySessionStorage recoverySessionStorage, |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 121 | ExecutorService executorService, |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 122 | RecoverySnapshotStorage snapshotStorage, |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 123 | RecoverySnapshotListenersStorage listenersStorage, |
| 124 | PlatformKeyManager platformKeyManager) { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 125 | mContext = context; |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 126 | mDatabase = recoverableKeyStoreDb; |
| 127 | mRecoverySessionStorage = recoverySessionStorage; |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 128 | mExecutorService = executorService; |
Dmitry Dementyev | 3b17c63 | 2017-12-21 17:30:48 -0800 | [diff] [blame] | 129 | mListenersStorage = listenersStorage; |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 130 | mSnapshotStorage = snapshotStorage; |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 131 | mPlatformKeyManager = platformKeyManager; |
| 132 | |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 133 | try { |
| 134 | mRecoverableKeyGenerator = RecoverableKeyGenerator.newInstance(mDatabase); |
| 135 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 136 | Log.wtf(TAG, "AES keygen algorithm not available. AOSP must support this.", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 137 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 138 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 139 | } |
| 140 | |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 141 | public void initRecoveryService( |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 142 | @NonNull String rootCertificateAlias, @NonNull byte[] signedPublicKeyList) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 143 | throws RemoteException { |
| 144 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 145 | int userId = UserHandle.getCallingUserId(); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 146 | int uid = Binder.getCallingUid(); |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 147 | // TODO: open /system/etc/security/... cert file, and check the signature on the public keys |
| 148 | PublicKey publicKey; |
| 149 | try { |
| 150 | KeyFactory kf = KeyFactory.getInstance("EC"); |
| 151 | // TODO: Randomly choose a key from the list -- right now we just use the whole input |
| 152 | X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(signedPublicKeyList); |
| 153 | publicKey = kf.generatePublic(pkSpec); |
| 154 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 155 | Log.wtf(TAG, "EC algorithm not available. AOSP must support this.", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 156 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 157 | } catch (InvalidKeySpecException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 158 | throw new ServiceSpecificException( |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 159 | ERROR_BAD_CERTIFICATE_FORMAT, "Not a valid X509 certificate."); |
Bo Zhu | 5b81fa6 | 2017-12-21 14:36:11 -0800 | [diff] [blame] | 160 | } |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 161 | long updatedRows = mDatabase.setRecoveryServicePublicKey(userId, uid, publicKey); |
| 162 | if (updatedRows > 0) { |
| 163 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 164 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 165 | } |
| 166 | |
| 167 | /** |
| 168 | * Gets all data necessary to recover application keys on new device. |
| 169 | * |
| 170 | * @return recovery data |
| 171 | * @hide |
| 172 | */ |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 173 | public @NonNull |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 174 | KeyChainSnapshot getRecoveryData(@NonNull byte[] account) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 175 | throws RemoteException { |
| 176 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 177 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 178 | KeyChainSnapshot snapshot = mSnapshotStorage.get(uid); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 179 | if (snapshot == null) { |
Dmitry Dementyev | 7d8c78a | 2018-01-12 19:14:07 -0800 | [diff] [blame] | 180 | throw new ServiceSpecificException(ERROR_NO_SNAPSHOT_PENDING); |
Robert Berry | bd086f1 | 2017-12-27 13:29:39 +0000 | [diff] [blame] | 181 | } |
| 182 | return snapshot; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 183 | } |
| 184 | |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 185 | public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent) |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 186 | throws RemoteException { |
| 187 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 188 | int uid = Binder.getCallingUid(); |
| 189 | mListenersStorage.setSnapshotListener(uid, intent); |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 190 | } |
| 191 | |
| 192 | /** |
| 193 | * Gets recovery snapshot versions for all accounts. Note that snapshot may have 0 application |
| 194 | * keys, but it still needs to be synced, if previous versions were not empty. |
| 195 | * |
| 196 | * @return Map from Recovery agent account to snapshot version. |
| 197 | */ |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 198 | public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions() |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 199 | throws RemoteException { |
| 200 | checkRecoverKeyStorePermission(); |
| 201 | throw new UnsupportedOperationException(); |
| 202 | } |
| 203 | |
Dmitry Dementyev | 7d8c78a | 2018-01-12 19:14:07 -0800 | [diff] [blame] | 204 | public void setServerParams(byte[] serverParams) throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 205 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 206 | int userId = UserHandle.getCallingUserId(); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 207 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 7d8c78a | 2018-01-12 19:14:07 -0800 | [diff] [blame] | 208 | long updatedRows = mDatabase.setServerParams(userId, uid, serverParams); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 209 | if (updatedRows > 0) { |
| 210 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 211 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 212 | } |
| 213 | |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 214 | /** |
| 215 | * Updates recovery status for the application given its {@code packageName}. |
| 216 | * |
| 217 | * @param packageName which recoverable key statuses will be returned |
| 218 | * @param aliases - KeyStore aliases or {@code null} for all aliases of the app |
| 219 | * @param status - new status |
| 220 | */ |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 221 | public void setRecoveryStatus( |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 222 | @NonNull String packageName, @Nullable String[] aliases, int status) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 223 | throws RemoteException { |
| 224 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 225 | int uid = Binder.getCallingUid(); |
| 226 | if (packageName != null) { |
| 227 | // TODO: get uid for package name, when many apps are supported. |
| 228 | } |
| 229 | if (aliases == null) { |
| 230 | // Get all keys for the app. |
| 231 | Map<String, Integer> allKeys = mDatabase.getStatusForAllKeys(uid); |
| 232 | aliases = new String[allKeys.size()]; |
| 233 | allKeys.keySet().toArray(aliases); |
| 234 | } |
| 235 | for (String alias: aliases) { |
| 236 | mDatabase.setRecoveryStatus(uid, alias, status); |
| 237 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 238 | } |
| 239 | |
| 240 | /** |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 241 | * Gets recovery status for caller or other application {@code packageName}. |
| 242 | * @param packageName which recoverable keys statuses will be returned. |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 243 | * |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 244 | * @return {@code Map} from KeyStore alias to recovery status. |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 245 | */ |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 246 | public @NonNull Map<String, Integer> getRecoveryStatus(@Nullable String packageName) |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 247 | throws RemoteException { |
| 248 | // Any application should be able to check status for its own keys. |
| 249 | // If caller is a recovery agent it can check statuses for other packages, but |
| 250 | // only for recoverable keys it manages. |
Dmitry Dementyev | ad88471 | 2017-12-20 12:38:36 -0800 | [diff] [blame] | 251 | return mDatabase.getStatusForAllKeys(Binder.getCallingUid()); |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 252 | } |
| 253 | |
| 254 | /** |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 255 | * Sets recovery secrets list used by all recovery agents for given {@code userId} |
| 256 | * |
| 257 | * @hide |
| 258 | */ |
| 259 | public void setRecoverySecretTypes( |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 260 | @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 261 | throws RemoteException { |
| 262 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 40dadb0 | 2018-01-10 18:03:37 -0800 | [diff] [blame] | 263 | int userId = UserHandle.getCallingUserId(); |
| 264 | int uid = Binder.getCallingUid(); |
| 265 | long updatedRows = mDatabase.setRecoverySecretTypes(userId, uid, secretTypes); |
| 266 | if (updatedRows > 0) { |
| 267 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 268 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 269 | } |
| 270 | |
| 271 | /** |
| 272 | * Gets secret types necessary to create Recovery Data. |
| 273 | * |
| 274 | * @return secret types |
| 275 | * @hide |
| 276 | */ |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 277 | public @NonNull int[] getRecoverySecretTypes() throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 278 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | bdfdf53 | 2017-12-27 11:58:45 -0800 | [diff] [blame] | 279 | return mDatabase.getRecoverySecretTypes(UserHandle.getCallingUserId(), |
| 280 | Binder.getCallingUid()); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 281 | } |
| 282 | |
| 283 | /** |
Dmitry Dementyev | ed89ea0 | 2018-01-11 13:53:52 -0800 | [diff] [blame] | 284 | * Gets secret types RecoveryManagers is waiting for to create new Recovery Data. |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 285 | * |
| 286 | * @return secret types |
| 287 | * @hide |
| 288 | */ |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 289 | public @NonNull int[] getPendingRecoverySecretTypes() throws RemoteException { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 290 | checkRecoverKeyStorePermission(); |
| 291 | throw new UnsupportedOperationException(); |
| 292 | } |
| 293 | |
| 294 | public void recoverySecretAvailable( |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 295 | @NonNull KeyChainProtectionParams recoverySecret) throws RemoteException { |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 296 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 297 | if (recoverySecret.getLockScreenUiFormat() == KeyChainProtectionParams.TYPE_LOCKSCREEN) { |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 298 | throw new SecurityException( |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 299 | "Caller " + uid + " is not allowed to set lock screen secret"); |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 300 | } |
| 301 | checkRecoverKeyStorePermission(); |
| 302 | // TODO: add hook from LockSettingsService to set lock screen secret. |
| 303 | throw new UnsupportedOperationException(); |
| 304 | } |
| 305 | |
| 306 | /** |
| 307 | * Initializes recovery session. |
| 308 | * |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 309 | * @param sessionId A unique ID to identify the recovery session. |
| 310 | * @param verifierPublicKey X509-encoded public key. |
| 311 | * @param vaultParams Additional params associated with vault. |
| 312 | * @param vaultChallenge Challenge issued by vault service. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 313 | * @param secrets Lock-screen hashes. For now only a single secret is supported. |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 314 | * @return Encrypted bytes of recovery claim. This can then be issued to the vault service. |
| 315 | * |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 316 | * @hide |
| 317 | */ |
Dmitry Dementyev | b8b030b | 2017-12-19 11:02:54 -0800 | [diff] [blame] | 318 | public @NonNull byte[] startRecoverySession( |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 319 | @NonNull String sessionId, |
| 320 | @NonNull byte[] verifierPublicKey, |
| 321 | @NonNull byte[] vaultParams, |
| 322 | @NonNull byte[] vaultChallenge, |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 323 | @NonNull List<KeyChainProtectionParams> secrets) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 324 | throws RemoteException { |
| 325 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 326 | int uid = Binder.getCallingUid(); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 327 | |
| 328 | if (secrets.size() != 1) { |
Robert Berry | 9e1bd36 | 2018-01-17 23:28:45 +0000 | [diff] [blame] | 329 | throw new UnsupportedOperationException( |
Dmitry Dementyev | 0916e7c | 2018-01-23 13:02:08 -0800 | [diff] [blame] | 330 | "Only a single KeyChainProtectionParams is supported"); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 331 | } |
| 332 | |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 333 | PublicKey publicKey; |
| 334 | try { |
| 335 | publicKey = KeySyncUtils.deserializePublicKey(verifierPublicKey); |
| 336 | } catch (NoSuchAlgorithmException e) { |
| 337 | // Should never happen |
| 338 | throw new RuntimeException(e); |
| 339 | } catch (InvalidKeySpecException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 340 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, "Not a valid X509 key"); |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 341 | } |
| 342 | // The raw public key bytes contained in vaultParams must match the ones given in |
| 343 | // verifierPublicKey; otherwise, the user secret may be decrypted by a key that is not owned |
| 344 | // by the original recovery service. |
| 345 | if (!publicKeysMatch(publicKey, vaultParams)) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 346 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 347 | "The public keys given in verifierPublicKey and vaultParams do not match."); |
| 348 | } |
| 349 | |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 350 | byte[] keyClaimant = KeySyncUtils.generateKeyClaimant(); |
| 351 | byte[] kfHash = secrets.get(0).getSecret(); |
| 352 | mRecoverySessionStorage.add( |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 353 | uid, |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 354 | new RecoverySessionStorage.Entry(sessionId, kfHash, keyClaimant, vaultParams)); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 355 | |
| 356 | try { |
| 357 | byte[] thmKfHash = KeySyncUtils.calculateThmKfHash(kfHash); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 358 | return KeySyncUtils.encryptRecoveryClaim( |
| 359 | publicKey, |
| 360 | vaultParams, |
| 361 | vaultChallenge, |
| 362 | thmKfHash, |
| 363 | keyClaimant); |
| 364 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 365 | Log.wtf(TAG, "SecureBox algorithm missing. AOSP must support this.", e); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 366 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 367 | } catch (InvalidKeyException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 368 | throw new ServiceSpecificException(ERROR_BAD_CERTIFICATE_FORMAT, e.getMessage()); |
Robert Berry | e16fa98 | 2017-12-20 15:59:37 +0000 | [diff] [blame] | 369 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 370 | } |
| 371 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 372 | /** |
| 373 | * Invoked by a recovery agent after a successful recovery claim is sent to the remote vault |
| 374 | * service. |
| 375 | * |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 376 | * @param sessionId The session ID used to generate the claim. See |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 377 | * {@link #startRecoverySession(String, byte[], byte[], byte[], List)}. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 378 | * @param encryptedRecoveryKey The encrypted recovery key blob returned by the remote vault |
| 379 | * service. |
| 380 | * @param applicationKeys The encrypted key blobs returned by the remote vault service. These |
| 381 | * were wrapped with the recovery key. |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 382 | * @return Map from alias to raw key material. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 383 | * @throws RemoteException if an error occurred recovering the keys. |
| 384 | */ |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 385 | public Map<String, byte[]> recoverKeys( |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 386 | @NonNull String sessionId, |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 387 | @NonNull byte[] encryptedRecoveryKey, |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 388 | @NonNull List<WrappedApplicationKey> applicationKeys) |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 389 | throws RemoteException { |
| 390 | checkRecoverKeyStorePermission(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 391 | int uid = Binder.getCallingUid(); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 392 | RecoverySessionStorage.Entry sessionEntry = mRecoverySessionStorage.get(uid, sessionId); |
| 393 | if (sessionEntry == null) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 394 | throw new ServiceSpecificException(ERROR_SESSION_EXPIRED, |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 395 | String.format(Locale.US, |
| 396 | "Application uid=%d does not have pending session '%s'", uid, sessionId)); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 397 | } |
| 398 | |
| 399 | try { |
| 400 | byte[] recoveryKey = decryptRecoveryKey(sessionEntry, encryptedRecoveryKey); |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 401 | return recoverApplicationKeys(recoveryKey, applicationKeys); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 402 | } finally { |
| 403 | sessionEntry.destroy(); |
| 404 | mRecoverySessionStorage.remove(uid); |
| 405 | } |
| 406 | } |
| 407 | |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 408 | /** |
| 409 | * Generates a key named {@code alias} in the recoverable store for the calling uid. Then |
| 410 | * returns the raw key material. |
| 411 | * |
| 412 | * <p>TODO: Once AndroidKeyStore has added move api, do not return raw bytes. |
| 413 | * |
| 414 | * @hide |
| 415 | */ |
| 416 | public byte[] generateAndStoreKey(@NonNull String alias) throws RemoteException { |
| 417 | int uid = Binder.getCallingUid(); |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 418 | int userId = UserHandle.getCallingUserId(); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 419 | |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 420 | PlatformEncryptionKey encryptionKey; |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 421 | try { |
Bo Zhu | 3462c83 | 2018-01-04 22:42:36 -0800 | [diff] [blame] | 422 | encryptionKey = mPlatformKeyManager.getEncryptKey(userId); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 423 | } catch (NoSuchAlgorithmException e) { |
| 424 | // Impossible: all algorithms must be supported by AOSP |
| 425 | throw new RuntimeException(e); |
| 426 | } catch (KeyStoreException | UnrecoverableKeyException e) { |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 427 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 428 | } catch (InsecureUserException e) { |
| 429 | throw new ServiceSpecificException(ERROR_INSECURE_USER, e.getMessage()); |
| 430 | } |
| 431 | |
| 432 | try { |
| 433 | return mRecoverableKeyGenerator.generateAndStoreKey(encryptionKey, userId, uid, alias); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 434 | } catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) { |
| 435 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | cfc990a | 2017-12-22 15:54:30 +0000 | [diff] [blame] | 436 | } |
| 437 | } |
| 438 | |
Robert Berry | 2bcdad9 | 2018-01-18 12:53:29 +0000 | [diff] [blame] | 439 | /** |
| 440 | * Destroys the session with the given {@code sessionId}. |
| 441 | */ |
| 442 | public void closeSession(@NonNull String sessionId) throws RemoteException { |
| 443 | mRecoverySessionStorage.remove(Binder.getCallingUid(), sessionId); |
| 444 | } |
| 445 | |
Robert Berry | 5daccec | 2018-01-06 19:16:25 +0000 | [diff] [blame] | 446 | public void removeKey(@NonNull String alias) throws RemoteException { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 447 | int uid = Binder.getCallingUid(); |
| 448 | int userId = UserHandle.getCallingUserId(); |
| 449 | |
| 450 | boolean wasRemoved = mDatabase.removeKey(uid, alias); |
| 451 | if (wasRemoved) { |
| 452 | mDatabase.setShouldCreateSnapshot(userId, uid, true); |
| 453 | } |
Robert Berry | 5daccec | 2018-01-06 19:16:25 +0000 | [diff] [blame] | 454 | } |
| 455 | |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 456 | private byte[] decryptRecoveryKey( |
| 457 | RecoverySessionStorage.Entry sessionEntry, byte[] encryptedClaimResponse) |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 458 | throws RemoteException, ServiceSpecificException { |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 459 | // TODO: Remove the extensive loggings in this function |
| 460 | byte[] locallyEncryptedKey; |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 461 | try { |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 462 | locallyEncryptedKey = KeySyncUtils.decryptRecoveryClaimResponse( |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 463 | sessionEntry.getKeyClaimant(), |
| 464 | sessionEntry.getVaultParams(), |
| 465 | encryptedClaimResponse); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 466 | } catch (InvalidKeyException e) { |
| 467 | Log.e(TAG, "Got InvalidKeyException during decrypting recovery claim response", e); |
| 468 | Log.e(TAG, constructLoggingMessage("sessionEntry.getKeyClaimant()", |
| 469 | sessionEntry.getKeyClaimant())); |
| 470 | Log.e(TAG, constructLoggingMessage("sessionEntry.getVaultParams()", |
| 471 | sessionEntry.getVaultParams())); |
| 472 | Log.e(TAG, constructLoggingMessage("encryptedClaimResponse", encryptedClaimResponse)); |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 473 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
Dmitry Dementyev | 1429831 | 2018-01-04 15:19:19 -0800 | [diff] [blame] | 474 | "Failed to decrypt recovery key " + e.getMessage()); |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 475 | } catch (AEADBadTagException e) { |
| 476 | Log.e(TAG, "Got AEADBadTagException during decrypting recovery claim response", e); |
| 477 | Log.e(TAG, constructLoggingMessage("sessionEntry.getKeyClaimant()", |
| 478 | sessionEntry.getKeyClaimant())); |
| 479 | Log.e(TAG, constructLoggingMessage("sessionEntry.getVaultParams()", |
| 480 | sessionEntry.getVaultParams())); |
| 481 | Log.e(TAG, constructLoggingMessage("encryptedClaimResponse", encryptedClaimResponse)); |
| 482 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 483 | "Failed to decrypt recovery key " + e.getMessage()); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 484 | } catch (NoSuchAlgorithmException e) { |
| 485 | // Should never happen: all the algorithms used are required by AOSP implementations |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 486 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 487 | } |
Bo Zhu | 31a40c0 | 2018-01-24 17:40:29 -0800 | [diff] [blame] | 488 | |
| 489 | try { |
| 490 | return KeySyncUtils.decryptRecoveryKey(sessionEntry.getLskfHash(), locallyEncryptedKey); |
| 491 | } catch (InvalidKeyException e) { |
| 492 | Log.e(TAG, "Got InvalidKeyException during decrypting recovery key", e); |
| 493 | Log.e(TAG, constructLoggingMessage("sessionEntry.getLskfHash()", |
| 494 | sessionEntry.getLskfHash())); |
| 495 | Log.e(TAG, constructLoggingMessage("locallyEncryptedKey", locallyEncryptedKey)); |
| 496 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 497 | "Failed to decrypt recovery key " + e.getMessage()); |
| 498 | } catch (AEADBadTagException e) { |
| 499 | Log.e(TAG, "Got AEADBadTagException during decrypting recovery key", e); |
| 500 | Log.e(TAG, constructLoggingMessage("sessionEntry.getLskfHash()", |
| 501 | sessionEntry.getLskfHash())); |
| 502 | Log.e(TAG, constructLoggingMessage("locallyEncryptedKey", locallyEncryptedKey)); |
| 503 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 504 | "Failed to decrypt recovery key " + e.getMessage()); |
| 505 | } catch (NoSuchAlgorithmException e) { |
| 506 | // Should never happen: all the algorithms used are required by AOSP implementations |
| 507 | throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
| 508 | } |
| 509 | } |
| 510 | |
| 511 | private String constructLoggingMessage(String key, byte[] value) { |
| 512 | if (value == null) { |
| 513 | return key + " is null"; |
| 514 | } else { |
| 515 | return key + ": " + HexDump.toHexString(value); |
| 516 | } |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 517 | } |
| 518 | |
| 519 | /** |
| 520 | * Uses {@code recoveryKey} to decrypt {@code applicationKeys}. |
| 521 | * |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 522 | * @return Map from alias to raw key material. |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 523 | * @throws RemoteException if an error occurred decrypting the keys. |
| 524 | */ |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 525 | private Map<String, byte[]> recoverApplicationKeys( |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 526 | @NonNull byte[] recoveryKey, |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 527 | @NonNull List<WrappedApplicationKey> applicationKeys) throws RemoteException { |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 528 | HashMap<String, byte[]> keyMaterialByAlias = new HashMap<>(); |
Robert Berry | 5f13870 | 2018-01-17 15:18:05 +0000 | [diff] [blame] | 529 | for (WrappedApplicationKey applicationKey : applicationKeys) { |
Dmitry Dementyev | 07c76555 | 2018-01-08 17:31:59 -0800 | [diff] [blame] | 530 | String alias = applicationKey.getAlias(); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 531 | byte[] encryptedKeyMaterial = applicationKey.getEncryptedKeyMaterial(); |
| 532 | |
| 533 | try { |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 534 | byte[] keyMaterial = |
| 535 | KeySyncUtils.decryptApplicationKey(recoveryKey, encryptedKeyMaterial); |
| 536 | keyMaterialByAlias.put(alias, keyMaterial); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 537 | } catch (NoSuchAlgorithmException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 538 | Log.wtf(TAG, "Missing SecureBox algorithm. AOSP required to support this.", e); |
| 539 | throw new ServiceSpecificException( |
Robert Berry | a16cd59 | 2018-01-17 14:43:09 +0000 | [diff] [blame] | 540 | ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 541 | } catch (InvalidKeyException | AEADBadTagException e) { |
Robert Berry | 97e5558 | 2018-01-05 12:43:13 +0000 | [diff] [blame] | 542 | throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, |
| 543 | "Failed to recover key with alias '" + alias + "': " + e.getMessage()); |
Robert Berry | b9a220b | 2017-12-21 12:41:01 +0000 | [diff] [blame] | 544 | } |
| 545 | } |
Robert Berry | bd4c43c | 2017-12-22 11:35:14 +0000 | [diff] [blame] | 546 | return keyMaterialByAlias; |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 547 | } |
| 548 | |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 549 | /** |
| 550 | * This function can only be used inside LockSettingsService. |
| 551 | * |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 552 | * @param storedHashType from {@code CredentialHash} |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 553 | * @param credential - unencrypted String. Password length should be at most 16 symbols {@code |
| 554 | * mPasswordMaxLength} |
| 555 | * @param userId for user who just unlocked the device. |
| 556 | * @hide |
| 557 | */ |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 558 | public void lockScreenSecretAvailable( |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 559 | int storedHashType, @NonNull String credential, int userId) { |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 560 | // So as not to block the critical path unlocking the phone, defer to another thread. |
| 561 | try { |
| 562 | mExecutorService.execute(KeySyncTask.newInstance( |
Robert Berry | 9104404 | 2017-12-27 12:05:58 +0000 | [diff] [blame] | 563 | mContext, |
| 564 | mDatabase, |
| 565 | mSnapshotStorage, |
| 566 | mListenersStorage, |
| 567 | userId, |
| 568 | storedHashType, |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 569 | credential, |
| 570 | /*credentialUpdated=*/ false)); |
Robert Berry | 4a534ec | 2017-12-21 15:44:02 +0000 | [diff] [blame] | 571 | } catch (NoSuchAlgorithmException e) { |
| 572 | Log.wtf(TAG, "Should never happen - algorithm unavailable for KeySync", e); |
| 573 | } catch (KeyStoreException e) { |
| 574 | Log.e(TAG, "Key store error encountered during recoverable key sync", e); |
| 575 | } catch (InsecureUserException e) { |
| 576 | Log.wtf(TAG, "Impossible - insecure user, but user just entered lock screen", e); |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 577 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 578 | } |
| 579 | |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 580 | /** |
| 581 | * This function can only be used inside LockSettingsService. |
| 582 | * @param storedHashType from {@code CredentialHash} |
| 583 | * @param credential - unencrypted String |
| 584 | * @param userId for the user whose lock screen credentials were changed. |
| 585 | * @hide |
| 586 | */ |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 587 | public void lockScreenSecretChanged( |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 588 | int storedHashType, |
Dmitry Dementyev | 6a509e4 | 2017-12-19 14:47:26 -0800 | [diff] [blame] | 589 | @Nullable String credential, |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 590 | int userId) { |
Dmitry Dementyev | 77183ef | 2018-01-05 15:46:00 -0800 | [diff] [blame] | 591 | // So as not to block the critical path unlocking the phone, defer to another thread. |
| 592 | try { |
| 593 | mExecutorService.execute(KeySyncTask.newInstance( |
| 594 | mContext, |
| 595 | mDatabase, |
| 596 | mSnapshotStorage, |
| 597 | mListenersStorage, |
| 598 | userId, |
| 599 | storedHashType, |
| 600 | credential, |
| 601 | /*credentialUpdated=*/ true)); |
| 602 | } catch (NoSuchAlgorithmException e) { |
| 603 | Log.wtf(TAG, "Should never happen - algorithm unavailable for KeySync", e); |
| 604 | } catch (KeyStoreException e) { |
| 605 | Log.e(TAG, "Key store error encountered during recoverable key sync", e); |
| 606 | } catch (InsecureUserException e) { |
| 607 | Log.wtf(TAG, "Impossible - insecure user, but user just entered lock screen", e); |
| 608 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 609 | } |
| 610 | |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 611 | private void checkRecoverKeyStorePermission() { |
| 612 | mContext.enforceCallingOrSelfPermission( |
Dmitry Dementyev | ed89ea0 | 2018-01-11 13:53:52 -0800 | [diff] [blame] | 613 | Manifest.permission.RECOVER_KEYSTORE, |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 614 | "Caller " + Binder.getCallingUid() + " doesn't have RecoverKeyStore permission."); |
| 615 | } |
Bo Zhu | def7ffd | 2018-01-05 14:50:52 -0800 | [diff] [blame] | 616 | |
| 617 | private boolean publicKeysMatch(PublicKey publicKey, byte[] vaultParams) { |
| 618 | byte[] encodedPublicKey = SecureBox.encodePublicKey(publicKey); |
| 619 | return Arrays.equals(encodedPublicKey, Arrays.copyOf(vaultParams, encodedPublicKey.length)); |
| 620 | } |
Dmitry Dementyev | 1aa9613 | 2017-12-11 11:33:12 -0800 | [diff] [blame] | 621 | } |