Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +16 −5 Original line number Diff line number Diff line Loading @@ -154,6 +154,7 @@ import java.util.List; import java.util.Map; import java.util.NoSuchElementException; import java.util.Objects; import java.util.Optional; import java.util.Set; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; Loading Loading @@ -261,7 +262,13 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public void onStart() { Optional<Boolean> keystore2_enabled = android.sysprop.Keystore2Properties.keystore2_enabled(); if (keystore2_enabled.isPresent() && keystore2_enabled.get()) { android.security.keystore2.AndroidKeyStoreProvider.install(); } else { AndroidKeyStoreProvider.install(); } mLockSettingsService = new LockSettingsService(getContext()); publishBinderService("lock_settings", mLockSettingsService); } Loading Loading @@ -542,7 +549,8 @@ public class LockSettingsService extends ILockSettings.Stub { public @NonNull ManagedProfilePasswordCache getManagedProfilePasswordCache() { try { java.security.KeyStore ks = java.security.KeyStore.getInstance("AndroidKeyStore"); java.security.KeyStore ks = java.security.KeyStore.getInstance( SyntheticPasswordCrypto.androidKeystoreProviderName()); ks.load(null); return new ManagedProfilePasswordCache(ks, getUserManager()); } catch (Exception e) { Loading Loading @@ -1284,7 +1292,8 @@ public class LockSettingsService extends ILockSettings.Stub { byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length); byte[] decryptionResult; java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); java.security.KeyStore keyStore = java.security.KeyStore.getInstance( SyntheticPasswordCrypto.androidKeystoreProviderName()); keyStore.load(null); SecretKey decryptionKey = (SecretKey) keyStore.getKey( LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null); Loading Loading @@ -1743,7 +1752,8 @@ public class LockSettingsService extends ILockSettings.Stub { KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES); keyGenerator.init(new SecureRandom()); SecretKey secretKey = keyGenerator.generateKey(); java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); java.security.KeyStore keyStore = java.security.KeyStore.getInstance( SyntheticPasswordCrypto.androidKeystoreProviderName()); keyStore.load(null); try { keyStore.setEntry( Loading Loading @@ -2299,7 +2309,8 @@ public class LockSettingsService extends ILockSettings.Stub { private void removeKeystoreProfileKey(int targetUserId) { Slog.i(TAG, "Remove keystore profile key for user: " + targetUserId); try { java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); java.security.KeyStore keyStore = java.security.KeyStore.getInstance( SyntheticPasswordCrypto.androidKeystoreProviderName()); keyStore.load(null); keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + targetUserId); keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + targetUserId); Loading services/core/java/com/android/server/locksettings/SyntheticPasswordCrypto.java +20 −4 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server.locksettings; import android.security.keystore.KeyProperties; import android.security.keystore.KeyProtection; import android.security.keystore2.AndroidKeyStoreProvider; import android.util.Slog; import java.io.ByteArrayOutputStream; Loading Loading @@ -125,7 +126,7 @@ public class SyntheticPasswordCrypto { public static byte[] decryptBlobV1(String keyAlias, byte[] blob, byte[] applicationId) { try { KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); KeyStore keyStore = KeyStore.getInstance(androidKeystoreProviderName()); keyStore.load(null); SecretKey decryptionKey = (SecretKey) keyStore.getKey(keyAlias, null); Loading @@ -140,9 +141,24 @@ public class SyntheticPasswordCrypto { } } /** * TODO This function redirects keystore access to the legacy keystore during a transitional * phase during which not all calling code has been adjusted to use Keystore 2.0. * This can be reverted to a constant of "AndroidKeyStore" when b/171305684 is complete. * The specific bug for this component is b/171305115. */ static String androidKeystoreProviderName() { if (AndroidKeyStoreProvider.isInstalled()) { return "AndroidKeyStoreLegacy"; } else { return "AndroidKeystore"; } } public static byte[] decryptBlob(String keyAlias, byte[] blob, byte[] applicationId) { try { KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); KeyStore keyStore = KeyStore.getInstance(androidKeystoreProviderName()); keyStore.load(null); SecretKey decryptionKey = (SecretKey) keyStore.getKey(keyAlias, null); Loading @@ -166,7 +182,7 @@ public class SyntheticPasswordCrypto { KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES); keyGenerator.init(AES_KEY_LENGTH * 8, new SecureRandom()); SecretKey secretKey = keyGenerator.generateKey(); KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); KeyStore keyStore = KeyStore.getInstance(androidKeystoreProviderName()); keyStore.load(null); KeyProtection.Builder builder = new KeyProtection.Builder(KeyProperties.PURPOSE_DECRYPT) .setBlockModes(KeyProperties.BLOCK_MODE_GCM) Loading Loading @@ -196,7 +212,7 @@ public class SyntheticPasswordCrypto { public static void destroyBlobKey(String keyAlias) { KeyStore keyStore; try { keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore = KeyStore.getInstance(androidKeystoreProviderName()); keyStore.load(null); keyStore.deleteEntry(keyAlias); Slog.i(TAG, "SP key deleted: " + keyAlias); Loading Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +16 −5 Original line number Diff line number Diff line Loading @@ -154,6 +154,7 @@ import java.util.List; import java.util.Map; import java.util.NoSuchElementException; import java.util.Objects; import java.util.Optional; import java.util.Set; import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; Loading Loading @@ -261,7 +262,13 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public void onStart() { Optional<Boolean> keystore2_enabled = android.sysprop.Keystore2Properties.keystore2_enabled(); if (keystore2_enabled.isPresent() && keystore2_enabled.get()) { android.security.keystore2.AndroidKeyStoreProvider.install(); } else { AndroidKeyStoreProvider.install(); } mLockSettingsService = new LockSettingsService(getContext()); publishBinderService("lock_settings", mLockSettingsService); } Loading Loading @@ -542,7 +549,8 @@ public class LockSettingsService extends ILockSettings.Stub { public @NonNull ManagedProfilePasswordCache getManagedProfilePasswordCache() { try { java.security.KeyStore ks = java.security.KeyStore.getInstance("AndroidKeyStore"); java.security.KeyStore ks = java.security.KeyStore.getInstance( SyntheticPasswordCrypto.androidKeystoreProviderName()); ks.load(null); return new ManagedProfilePasswordCache(ks, getUserManager()); } catch (Exception e) { Loading Loading @@ -1284,7 +1292,8 @@ public class LockSettingsService extends ILockSettings.Stub { byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length); byte[] decryptionResult; java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); java.security.KeyStore keyStore = java.security.KeyStore.getInstance( SyntheticPasswordCrypto.androidKeystoreProviderName()); keyStore.load(null); SecretKey decryptionKey = (SecretKey) keyStore.getKey( LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null); Loading Loading @@ -1743,7 +1752,8 @@ public class LockSettingsService extends ILockSettings.Stub { KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES); keyGenerator.init(new SecureRandom()); SecretKey secretKey = keyGenerator.generateKey(); java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); java.security.KeyStore keyStore = java.security.KeyStore.getInstance( SyntheticPasswordCrypto.androidKeystoreProviderName()); keyStore.load(null); try { keyStore.setEntry( Loading Loading @@ -2299,7 +2309,8 @@ public class LockSettingsService extends ILockSettings.Stub { private void removeKeystoreProfileKey(int targetUserId) { Slog.i(TAG, "Remove keystore profile key for user: " + targetUserId); try { java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore"); java.security.KeyStore keyStore = java.security.KeyStore.getInstance( SyntheticPasswordCrypto.androidKeystoreProviderName()); keyStore.load(null); keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_ENCRYPT + targetUserId); keyStore.deleteEntry(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + targetUserId); Loading
services/core/java/com/android/server/locksettings/SyntheticPasswordCrypto.java +20 −4 Original line number Diff line number Diff line Loading @@ -18,6 +18,7 @@ package com.android.server.locksettings; import android.security.keystore.KeyProperties; import android.security.keystore.KeyProtection; import android.security.keystore2.AndroidKeyStoreProvider; import android.util.Slog; import java.io.ByteArrayOutputStream; Loading Loading @@ -125,7 +126,7 @@ public class SyntheticPasswordCrypto { public static byte[] decryptBlobV1(String keyAlias, byte[] blob, byte[] applicationId) { try { KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); KeyStore keyStore = KeyStore.getInstance(androidKeystoreProviderName()); keyStore.load(null); SecretKey decryptionKey = (SecretKey) keyStore.getKey(keyAlias, null); Loading @@ -140,9 +141,24 @@ public class SyntheticPasswordCrypto { } } /** * TODO This function redirects keystore access to the legacy keystore during a transitional * phase during which not all calling code has been adjusted to use Keystore 2.0. * This can be reverted to a constant of "AndroidKeyStore" when b/171305684 is complete. * The specific bug for this component is b/171305115. */ static String androidKeystoreProviderName() { if (AndroidKeyStoreProvider.isInstalled()) { return "AndroidKeyStoreLegacy"; } else { return "AndroidKeystore"; } } public static byte[] decryptBlob(String keyAlias, byte[] blob, byte[] applicationId) { try { KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); KeyStore keyStore = KeyStore.getInstance(androidKeystoreProviderName()); keyStore.load(null); SecretKey decryptionKey = (SecretKey) keyStore.getKey(keyAlias, null); Loading @@ -166,7 +182,7 @@ public class SyntheticPasswordCrypto { KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES); keyGenerator.init(AES_KEY_LENGTH * 8, new SecureRandom()); SecretKey secretKey = keyGenerator.generateKey(); KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); KeyStore keyStore = KeyStore.getInstance(androidKeystoreProviderName()); keyStore.load(null); KeyProtection.Builder builder = new KeyProtection.Builder(KeyProperties.PURPOSE_DECRYPT) .setBlockModes(KeyProperties.BLOCK_MODE_GCM) Loading Loading @@ -196,7 +212,7 @@ public class SyntheticPasswordCrypto { public static void destroyBlobKey(String keyAlias) { KeyStore keyStore; try { keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore = KeyStore.getInstance(androidKeystoreProviderName()); keyStore.load(null); keyStore.deleteEntry(keyAlias); Slog.i(TAG, "SP key deleted: " + keyAlias); Loading
