Loading services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +48 −3 Original line number Diff line number Diff line Loading @@ -40,6 +40,7 @@ import android.security.keystore.recovery.WrappedApplicationKey; import android.util.Log; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.HexDump; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; Loading Loading @@ -455,22 +456,66 @@ public class RecoverableKeyStoreManager { private byte[] decryptRecoveryKey( RecoverySessionStorage.Entry sessionEntry, byte[] encryptedClaimResponse) throws RemoteException, ServiceSpecificException { // TODO: Remove the extensive loggings in this function byte[] locallyEncryptedKey; try { byte[] locallyEncryptedKey = KeySyncUtils.decryptRecoveryClaimResponse( locallyEncryptedKey = KeySyncUtils.decryptRecoveryClaimResponse( sessionEntry.getKeyClaimant(), sessionEntry.getVaultParams(), encryptedClaimResponse); return KeySyncUtils.decryptRecoveryKey(sessionEntry.getLskfHash(), locallyEncryptedKey); } catch (InvalidKeyException | AEADBadTagException e) { } catch (InvalidKeyException e) { Log.e(TAG, "Got InvalidKeyException during decrypting recovery claim response", e); Log.e(TAG, constructLoggingMessage("sessionEntry.getKeyClaimant()", sessionEntry.getKeyClaimant())); Log.e(TAG, constructLoggingMessage("sessionEntry.getVaultParams()", sessionEntry.getVaultParams())); Log.e(TAG, constructLoggingMessage("encryptedClaimResponse", encryptedClaimResponse)); throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, "Failed to decrypt recovery key " + e.getMessage()); } catch (AEADBadTagException e) { Log.e(TAG, "Got AEADBadTagException during decrypting recovery claim response", e); Log.e(TAG, constructLoggingMessage("sessionEntry.getKeyClaimant()", sessionEntry.getKeyClaimant())); Log.e(TAG, constructLoggingMessage("sessionEntry.getVaultParams()", sessionEntry.getVaultParams())); Log.e(TAG, constructLoggingMessage("encryptedClaimResponse", encryptedClaimResponse)); throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, "Failed to decrypt recovery key " + e.getMessage()); } catch (NoSuchAlgorithmException e) { // Should never happen: all the algorithms used are required by AOSP implementations throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); } try { return KeySyncUtils.decryptRecoveryKey(sessionEntry.getLskfHash(), locallyEncryptedKey); } catch (InvalidKeyException e) { Log.e(TAG, "Got InvalidKeyException during decrypting recovery key", e); Log.e(TAG, constructLoggingMessage("sessionEntry.getLskfHash()", sessionEntry.getLskfHash())); Log.e(TAG, constructLoggingMessage("locallyEncryptedKey", locallyEncryptedKey)); throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, "Failed to decrypt recovery key " + e.getMessage()); } catch (AEADBadTagException e) { Log.e(TAG, "Got AEADBadTagException during decrypting recovery key", e); Log.e(TAG, constructLoggingMessage("sessionEntry.getLskfHash()", sessionEntry.getLskfHash())); Log.e(TAG, constructLoggingMessage("locallyEncryptedKey", locallyEncryptedKey)); throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, "Failed to decrypt recovery key " + e.getMessage()); } catch (NoSuchAlgorithmException e) { // Should never happen: all the algorithms used are required by AOSP implementations throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); } } private String constructLoggingMessage(String key, byte[] value) { if (value == null) { return key + " is null"; } else { return key + ": " + HexDump.toHexString(value); } } /** * Uses {@code recoveryKey} to decrypt {@code applicationKeys}. * Loading Loading
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +48 −3 Original line number Diff line number Diff line Loading @@ -40,6 +40,7 @@ import android.security.keystore.recovery.WrappedApplicationKey; import android.util.Log; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.HexDump; import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySessionStorage; import com.android.server.locksettings.recoverablekeystore.storage.RecoverySnapshotStorage; Loading Loading @@ -455,22 +456,66 @@ public class RecoverableKeyStoreManager { private byte[] decryptRecoveryKey( RecoverySessionStorage.Entry sessionEntry, byte[] encryptedClaimResponse) throws RemoteException, ServiceSpecificException { // TODO: Remove the extensive loggings in this function byte[] locallyEncryptedKey; try { byte[] locallyEncryptedKey = KeySyncUtils.decryptRecoveryClaimResponse( locallyEncryptedKey = KeySyncUtils.decryptRecoveryClaimResponse( sessionEntry.getKeyClaimant(), sessionEntry.getVaultParams(), encryptedClaimResponse); return KeySyncUtils.decryptRecoveryKey(sessionEntry.getLskfHash(), locallyEncryptedKey); } catch (InvalidKeyException | AEADBadTagException e) { } catch (InvalidKeyException e) { Log.e(TAG, "Got InvalidKeyException during decrypting recovery claim response", e); Log.e(TAG, constructLoggingMessage("sessionEntry.getKeyClaimant()", sessionEntry.getKeyClaimant())); Log.e(TAG, constructLoggingMessage("sessionEntry.getVaultParams()", sessionEntry.getVaultParams())); Log.e(TAG, constructLoggingMessage("encryptedClaimResponse", encryptedClaimResponse)); throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, "Failed to decrypt recovery key " + e.getMessage()); } catch (AEADBadTagException e) { Log.e(TAG, "Got AEADBadTagException during decrypting recovery claim response", e); Log.e(TAG, constructLoggingMessage("sessionEntry.getKeyClaimant()", sessionEntry.getKeyClaimant())); Log.e(TAG, constructLoggingMessage("sessionEntry.getVaultParams()", sessionEntry.getVaultParams())); Log.e(TAG, constructLoggingMessage("encryptedClaimResponse", encryptedClaimResponse)); throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, "Failed to decrypt recovery key " + e.getMessage()); } catch (NoSuchAlgorithmException e) { // Should never happen: all the algorithms used are required by AOSP implementations throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); } try { return KeySyncUtils.decryptRecoveryKey(sessionEntry.getLskfHash(), locallyEncryptedKey); } catch (InvalidKeyException e) { Log.e(TAG, "Got InvalidKeyException during decrypting recovery key", e); Log.e(TAG, constructLoggingMessage("sessionEntry.getLskfHash()", sessionEntry.getLskfHash())); Log.e(TAG, constructLoggingMessage("locallyEncryptedKey", locallyEncryptedKey)); throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, "Failed to decrypt recovery key " + e.getMessage()); } catch (AEADBadTagException e) { Log.e(TAG, "Got AEADBadTagException during decrypting recovery key", e); Log.e(TAG, constructLoggingMessage("sessionEntry.getLskfHash()", sessionEntry.getLskfHash())); Log.e(TAG, constructLoggingMessage("locallyEncryptedKey", locallyEncryptedKey)); throw new ServiceSpecificException(ERROR_DECRYPTION_FAILED, "Failed to decrypt recovery key " + e.getMessage()); } catch (NoSuchAlgorithmException e) { // Should never happen: all the algorithms used are required by AOSP implementations throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage()); } } private String constructLoggingMessage(String key, byte[] value) { if (value == null) { return key + " is null"; } else { return key + ": " + HexDump.toHexString(value); } } /** * Uses {@code recoveryKey} to decrypt {@code applicationKeys}. * Loading
