Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 1 | package com.android.server.accounts; |
| 2 | |
| 3 | import android.annotation.NonNull; |
| 4 | import android.annotation.Nullable; |
| 5 | import android.os.Bundle; |
| 6 | import android.os.Parcel; |
| 7 | import android.util.Log; |
| 8 | |
| 9 | import com.android.internal.util.Preconditions; |
| 10 | |
| 11 | import java.security.GeneralSecurityException; |
| 12 | import java.security.NoSuchAlgorithmException; |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 13 | |
| 14 | import javax.crypto.Cipher; |
| 15 | import javax.crypto.KeyGenerator; |
| 16 | import javax.crypto.Mac; |
| 17 | import javax.crypto.SecretKey; |
| 18 | import javax.crypto.spec.IvParameterSpec; |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 19 | |
| 20 | /** |
| 21 | * A crypto helper for encrypting and decrypting bundle with in-memory symmetric |
| 22 | * key for {@link AccountManagerService}. |
| 23 | */ |
| 24 | /* default */ class CryptoHelper { |
| 25 | private static final String TAG = "Account"; |
| 26 | |
| 27 | private static final String KEY_CIPHER = "cipher"; |
| 28 | private static final String KEY_MAC = "mac"; |
| 29 | private static final String KEY_ALGORITHM = "AES"; |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 30 | private static final String KEY_IV = "iv"; |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 31 | private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding"; |
| 32 | private static final String MAC_ALGORITHM = "HMACSHA256"; |
| 33 | private static final int IV_LENGTH = 16; |
| 34 | |
| 35 | private static CryptoHelper sInstance; |
| 36 | // Keys used for encrypting and decrypting data returned in a Bundle. |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 37 | private final SecretKey mEncryptionKey; |
| 38 | private final SecretKey mMacKey; |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 39 | |
| 40 | /* default */ synchronized static CryptoHelper getInstance() throws NoSuchAlgorithmException { |
| 41 | if (sInstance == null) { |
| 42 | sInstance = new CryptoHelper(); |
| 43 | } |
| 44 | return sInstance; |
| 45 | } |
| 46 | |
| 47 | private CryptoHelper() throws NoSuchAlgorithmException { |
| 48 | KeyGenerator kgen = KeyGenerator.getInstance(KEY_ALGORITHM); |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 49 | mEncryptionKey = kgen.generateKey(); |
| 50 | // Use a different key for mac-ing than encryption/decryption. |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 51 | kgen = KeyGenerator.getInstance(MAC_ALGORITHM); |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 52 | mMacKey = kgen.generateKey(); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 53 | } |
| 54 | |
| 55 | @NonNull |
| 56 | /* default */ Bundle encryptBundle(@NonNull Bundle bundle) throws GeneralSecurityException { |
| 57 | Preconditions.checkNotNull(bundle, "Cannot encrypt null bundle."); |
| 58 | Parcel parcel = Parcel.obtain(); |
| 59 | bundle.writeToParcel(parcel, 0); |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 60 | byte[] clearBytes = parcel.marshall(); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 61 | parcel.recycle(); |
| 62 | |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 63 | Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); |
| 64 | cipher.init(Cipher.ENCRYPT_MODE, mEncryptionKey); |
| 65 | byte[] encryptedBytes = cipher.doFinal(clearBytes); |
| 66 | byte[] iv = cipher.getIV(); |
| 67 | byte[] mac = createMac(encryptedBytes, iv); |
| 68 | |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 69 | Bundle encryptedBundle = new Bundle(); |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 70 | encryptedBundle.putByteArray(KEY_CIPHER, encryptedBytes); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 71 | encryptedBundle.putByteArray(KEY_MAC, mac); |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 72 | encryptedBundle.putByteArray(KEY_IV, iv); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 73 | |
| 74 | return encryptedBundle; |
| 75 | } |
| 76 | |
| 77 | @Nullable |
| 78 | /* default */ Bundle decryptBundle(@NonNull Bundle bundle) throws GeneralSecurityException { |
| 79 | Preconditions.checkNotNull(bundle, "Cannot decrypt null bundle."); |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 80 | byte[] iv = bundle.getByteArray(KEY_IV); |
| 81 | byte[] encryptedBytes = bundle.getByteArray(KEY_CIPHER); |
| 82 | byte[] mac = bundle.getByteArray(KEY_MAC); |
| 83 | if (!verifyMac(encryptedBytes, iv, mac)) { |
| 84 | Log.w(TAG, "Escrow mac mismatched!"); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 85 | return null; |
| 86 | } |
| 87 | |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 88 | IvParameterSpec ivSpec = new IvParameterSpec(iv); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 89 | Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 90 | cipher.init(Cipher.DECRYPT_MODE, mEncryptionKey, ivSpec); |
| 91 | byte[] decryptedBytes = cipher.doFinal(encryptedBytes); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 92 | |
| 93 | Parcel decryptedParcel = Parcel.obtain(); |
| 94 | decryptedParcel.unmarshall(decryptedBytes, 0, decryptedBytes.length); |
| 95 | decryptedParcel.setDataPosition(0); |
| 96 | Bundle decryptedBundle = new Bundle(); |
| 97 | decryptedBundle.readFromParcel(decryptedParcel); |
| 98 | decryptedParcel.recycle(); |
| 99 | return decryptedBundle; |
| 100 | } |
| 101 | |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 102 | private boolean verifyMac(@Nullable byte[] cipherArray, @Nullable byte[] iv, @Nullable byte[] macArray) |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 103 | throws GeneralSecurityException { |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 104 | if (cipherArray == null || cipherArray.length == 0 || macArray == null |
| 105 | || macArray.length == 0) { |
| 106 | if (Log.isLoggable(TAG, Log.VERBOSE)) { |
| 107 | Log.v(TAG, "Cipher or MAC is empty!"); |
| 108 | } |
| 109 | return false; |
| 110 | } |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 111 | return constantTimeArrayEquals(macArray, createMac(cipherArray, iv)); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 112 | } |
| 113 | |
| 114 | @NonNull |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 115 | private byte[] createMac(@NonNull byte[] cipher, @NonNull byte[] iv) throws GeneralSecurityException { |
| 116 | Mac mac = Mac.getInstance(MAC_ALGORITHM); |
| 117 | mac.init(mMacKey); |
| 118 | mac.update(cipher); |
| 119 | mac.update(iv); |
| 120 | return mac.doFinal(); |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 121 | } |
| 122 | |
Carlos Valdivia | 766b283 | 2016-04-06 17:42:51 -0700 | [diff] [blame] | 123 | private static boolean constantTimeArrayEquals(byte[] a, byte[] b) { |
| 124 | if (a == null || b == null) { |
| 125 | return a == b; |
| 126 | } |
| 127 | if (a.length != b.length) { |
| 128 | return false; |
| 129 | } |
| 130 | boolean isEqual = true; |
| 131 | for (int i = 0; i < b.length; i++) { |
| 132 | isEqual &= (a[i] == b[i]); |
| 133 | } |
| 134 | return isEqual; |
Sandra Kwan | 7881228 | 2015-11-04 11:19:47 -0800 | [diff] [blame] | 135 | } |
| 136 | } |