Loading core/java/android/security/keystore/BackwardsCompat.java 0 → 100644 +127 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore; import java.util.ArrayList; import java.util.List; import java.util.function.Function; /** * Helpers for converting classes between old and new API, so we can preserve backwards * compatibility while teamfooding. This will be removed soon. * * @hide */ class BackwardsCompat { static KeychainProtectionParams toLegacyKeychainProtectionParams( android.security.keystore.recovery.KeychainProtectionParams keychainProtectionParams ) { return new KeychainProtectionParams.Builder() .setUserSecretType(keychainProtectionParams.getUserSecretType()) .setSecret(keychainProtectionParams.getSecret()) .setLockScreenUiFormat(keychainProtectionParams.getLockScreenUiFormat()) .setKeyDerivationParams( toLegacyKeyDerivationParams( keychainProtectionParams.getKeyDerivationParams())) .build(); } static KeyDerivationParams toLegacyKeyDerivationParams( android.security.keystore.recovery.KeyDerivationParams keyDerivationParams ) { return new KeyDerivationParams( keyDerivationParams.getAlgorithm(), keyDerivationParams.getSalt()); } static WrappedApplicationKey toLegacyWrappedApplicationKey( android.security.keystore.recovery.WrappedApplicationKey wrappedApplicationKey ) { return new WrappedApplicationKey.Builder() .setAlias(wrappedApplicationKey.getAlias()) .setEncryptedKeyMaterial(wrappedApplicationKey.getEncryptedKeyMaterial()) .build(); } static android.security.keystore.recovery.KeyDerivationParams fromLegacyKeyDerivationParams( KeyDerivationParams keyDerivationParams ) { return new android.security.keystore.recovery.KeyDerivationParams( keyDerivationParams.getAlgorithm(), keyDerivationParams.getSalt()); } static android.security.keystore.recovery.WrappedApplicationKey fromLegacyWrappedApplicationKey( WrappedApplicationKey wrappedApplicationKey ) { return new android.security.keystore.recovery.WrappedApplicationKey.Builder() .setAlias(wrappedApplicationKey.getAlias()) .setEncryptedKeyMaterial(wrappedApplicationKey.getEncryptedKeyMaterial()) .build(); } static List<android.security.keystore.recovery.WrappedApplicationKey> fromLegacyWrappedApplicationKeys(List<WrappedApplicationKey> wrappedApplicationKeys ) { return map(wrappedApplicationKeys, BackwardsCompat::fromLegacyWrappedApplicationKey); } static List<android.security.keystore.recovery.KeychainProtectionParams> fromLegacyKeychainProtectionParams( List<KeychainProtectionParams> keychainProtectionParams) { return map(keychainProtectionParams, BackwardsCompat::fromLegacyKeychainProtectionParam); } static android.security.keystore.recovery.KeychainProtectionParams fromLegacyKeychainProtectionParam(KeychainProtectionParams keychainProtectionParams) { return new android.security.keystore.recovery.KeychainProtectionParams.Builder() .setUserSecretType(keychainProtectionParams.getUserSecretType()) .setSecret(keychainProtectionParams.getSecret()) .setLockScreenUiFormat(keychainProtectionParams.getLockScreenUiFormat()) .setKeyDerivationParams( fromLegacyKeyDerivationParams( keychainProtectionParams.getKeyDerivationParams())) .build(); } static KeychainSnapshot toLegacyKeychainSnapshot( android.security.keystore.recovery.KeychainSnapshot keychainSnapshot ) { return new KeychainSnapshot.Builder() .setCounterId(keychainSnapshot.getCounterId()) .setEncryptedRecoveryKeyBlob(keychainSnapshot.getEncryptedRecoveryKeyBlob()) .setTrustedHardwarePublicKey(keychainSnapshot.getTrustedHardwarePublicKey()) .setSnapshotVersion(keychainSnapshot.getSnapshotVersion()) .setMaxAttempts(keychainSnapshot.getMaxAttempts()) .setServerParams(keychainSnapshot.getServerParams()) .setKeychainProtectionParams( map(keychainSnapshot.getKeychainProtectionParams(), BackwardsCompat::toLegacyKeychainProtectionParams)) .setWrappedApplicationKeys( map(keychainSnapshot.getWrappedApplicationKeys(), BackwardsCompat::toLegacyWrappedApplicationKey)) .build(); } static <A, B> List<B> map(List<A> as, Function<A, B> f) { ArrayList<B> bs = new ArrayList<>(as.size()); for (A a : as) { bs.add(f.apply(a)); } return bs; } } core/java/android/security/keystore/KeyDerivationParams.java +1 −1 Original line number Diff line number Diff line Loading @@ -61,7 +61,7 @@ public final class KeyDerivationParams implements Parcelable { return new KeyDerivationParams(ALGORITHM_SHA256, salt); } private KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) { KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) { mAlgorithm = algorithm; mSalt = Preconditions.checkNotNull(salt); } Loading core/java/android/security/keystore/RecoveryController.java +5 −25 Original line number Diff line number Diff line Loading @@ -167,7 +167,7 @@ public class RecoveryController { public @NonNull KeychainSnapshot getRecoveryData(@NonNull byte[] account) throws InternalRecoveryServiceException { try { return mBinder.getRecoveryData(account); return BackwardsCompat.toLegacyKeychainSnapshot(mBinder.getRecoveryData(account)); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { Loading Loading @@ -359,28 +359,6 @@ public class RecoveryController { } } /** * Method notifies KeyStore that a user-generated secret is available. This method generates a * symmetric session key which a trusted remote device can use to return a recovery key. Caller * should use {@link KeychainProtectionParams#clearSecret} to override the secret value in * memory. * * @param recoverySecret user generated secret together with parameters necessary to regenerate * it on a new device. * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ public void recoverySecretAvailable(@NonNull KeychainProtectionParams recoverySecret) throws InternalRecoveryServiceException { try { mBinder.recoverySecretAvailable(recoverySecret); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { throw wrapUnexpectedServiceSpecificException(e); } } /** * Initializes recovery session and returns a blob with proof of recovery secrets possession. * The method generates symmetric key for a session, which trusted remote device can use to Loading Loading @@ -417,7 +395,7 @@ public class RecoveryController { verifierPublicKey, vaultParams, vaultChallenge, secrets); BackwardsCompat.fromLegacyKeychainProtectionParams(secrets)); return new RecoveryClaim(recoverySession, recoveryClaim); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); Loading Loading @@ -451,7 +429,9 @@ public class RecoveryController { InternalRecoveryServiceException { try { return (Map<String, byte[]>) mBinder.recoverKeys( session.getSessionId(), recoveryKeyBlob, applicationKeys); session.getSessionId(), recoveryKeyBlob, BackwardsCompat.fromLegacyWrappedApplicationKeys(applicationKeys)); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { Loading core/java/android/security/keystore/recovery/BadCertificateFormatException.java 0 → 100644 +28 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore.recovery; /** * Error thrown when the recovery agent supplies an invalid X509 certificate. * * @hide */ public class BadCertificateFormatException extends RecoveryControllerException { public BadCertificateFormatException(String msg) { super(msg); } } core/java/android/security/keystore/recovery/DecryptionFailedException.java 0 → 100644 +30 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore.recovery; /** * Error thrown when decryption failed, due to an agent error. i.e., using the incorrect key, * trying to decrypt garbage data, trying to decrypt data that has somehow been corrupted, etc. * * @hide */ public class DecryptionFailedException extends RecoveryControllerException { public DecryptionFailedException(String msg) { super(msg); } } Loading
core/java/android/security/keystore/BackwardsCompat.java 0 → 100644 +127 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore; import java.util.ArrayList; import java.util.List; import java.util.function.Function; /** * Helpers for converting classes between old and new API, so we can preserve backwards * compatibility while teamfooding. This will be removed soon. * * @hide */ class BackwardsCompat { static KeychainProtectionParams toLegacyKeychainProtectionParams( android.security.keystore.recovery.KeychainProtectionParams keychainProtectionParams ) { return new KeychainProtectionParams.Builder() .setUserSecretType(keychainProtectionParams.getUserSecretType()) .setSecret(keychainProtectionParams.getSecret()) .setLockScreenUiFormat(keychainProtectionParams.getLockScreenUiFormat()) .setKeyDerivationParams( toLegacyKeyDerivationParams( keychainProtectionParams.getKeyDerivationParams())) .build(); } static KeyDerivationParams toLegacyKeyDerivationParams( android.security.keystore.recovery.KeyDerivationParams keyDerivationParams ) { return new KeyDerivationParams( keyDerivationParams.getAlgorithm(), keyDerivationParams.getSalt()); } static WrappedApplicationKey toLegacyWrappedApplicationKey( android.security.keystore.recovery.WrappedApplicationKey wrappedApplicationKey ) { return new WrappedApplicationKey.Builder() .setAlias(wrappedApplicationKey.getAlias()) .setEncryptedKeyMaterial(wrappedApplicationKey.getEncryptedKeyMaterial()) .build(); } static android.security.keystore.recovery.KeyDerivationParams fromLegacyKeyDerivationParams( KeyDerivationParams keyDerivationParams ) { return new android.security.keystore.recovery.KeyDerivationParams( keyDerivationParams.getAlgorithm(), keyDerivationParams.getSalt()); } static android.security.keystore.recovery.WrappedApplicationKey fromLegacyWrappedApplicationKey( WrappedApplicationKey wrappedApplicationKey ) { return new android.security.keystore.recovery.WrappedApplicationKey.Builder() .setAlias(wrappedApplicationKey.getAlias()) .setEncryptedKeyMaterial(wrappedApplicationKey.getEncryptedKeyMaterial()) .build(); } static List<android.security.keystore.recovery.WrappedApplicationKey> fromLegacyWrappedApplicationKeys(List<WrappedApplicationKey> wrappedApplicationKeys ) { return map(wrappedApplicationKeys, BackwardsCompat::fromLegacyWrappedApplicationKey); } static List<android.security.keystore.recovery.KeychainProtectionParams> fromLegacyKeychainProtectionParams( List<KeychainProtectionParams> keychainProtectionParams) { return map(keychainProtectionParams, BackwardsCompat::fromLegacyKeychainProtectionParam); } static android.security.keystore.recovery.KeychainProtectionParams fromLegacyKeychainProtectionParam(KeychainProtectionParams keychainProtectionParams) { return new android.security.keystore.recovery.KeychainProtectionParams.Builder() .setUserSecretType(keychainProtectionParams.getUserSecretType()) .setSecret(keychainProtectionParams.getSecret()) .setLockScreenUiFormat(keychainProtectionParams.getLockScreenUiFormat()) .setKeyDerivationParams( fromLegacyKeyDerivationParams( keychainProtectionParams.getKeyDerivationParams())) .build(); } static KeychainSnapshot toLegacyKeychainSnapshot( android.security.keystore.recovery.KeychainSnapshot keychainSnapshot ) { return new KeychainSnapshot.Builder() .setCounterId(keychainSnapshot.getCounterId()) .setEncryptedRecoveryKeyBlob(keychainSnapshot.getEncryptedRecoveryKeyBlob()) .setTrustedHardwarePublicKey(keychainSnapshot.getTrustedHardwarePublicKey()) .setSnapshotVersion(keychainSnapshot.getSnapshotVersion()) .setMaxAttempts(keychainSnapshot.getMaxAttempts()) .setServerParams(keychainSnapshot.getServerParams()) .setKeychainProtectionParams( map(keychainSnapshot.getKeychainProtectionParams(), BackwardsCompat::toLegacyKeychainProtectionParams)) .setWrappedApplicationKeys( map(keychainSnapshot.getWrappedApplicationKeys(), BackwardsCompat::toLegacyWrappedApplicationKey)) .build(); } static <A, B> List<B> map(List<A> as, Function<A, B> f) { ArrayList<B> bs = new ArrayList<>(as.size()); for (A a : as) { bs.add(f.apply(a)); } return bs; } }
core/java/android/security/keystore/KeyDerivationParams.java +1 −1 Original line number Diff line number Diff line Loading @@ -61,7 +61,7 @@ public final class KeyDerivationParams implements Parcelable { return new KeyDerivationParams(ALGORITHM_SHA256, salt); } private KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) { KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) { mAlgorithm = algorithm; mSalt = Preconditions.checkNotNull(salt); } Loading
core/java/android/security/keystore/RecoveryController.java +5 −25 Original line number Diff line number Diff line Loading @@ -167,7 +167,7 @@ public class RecoveryController { public @NonNull KeychainSnapshot getRecoveryData(@NonNull byte[] account) throws InternalRecoveryServiceException { try { return mBinder.getRecoveryData(account); return BackwardsCompat.toLegacyKeychainSnapshot(mBinder.getRecoveryData(account)); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { Loading Loading @@ -359,28 +359,6 @@ public class RecoveryController { } } /** * Method notifies KeyStore that a user-generated secret is available. This method generates a * symmetric session key which a trusted remote device can use to return a recovery key. Caller * should use {@link KeychainProtectionParams#clearSecret} to override the secret value in * memory. * * @param recoverySecret user generated secret together with parameters necessary to regenerate * it on a new device. * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ public void recoverySecretAvailable(@NonNull KeychainProtectionParams recoverySecret) throws InternalRecoveryServiceException { try { mBinder.recoverySecretAvailable(recoverySecret); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { throw wrapUnexpectedServiceSpecificException(e); } } /** * Initializes recovery session and returns a blob with proof of recovery secrets possession. * The method generates symmetric key for a session, which trusted remote device can use to Loading Loading @@ -417,7 +395,7 @@ public class RecoveryController { verifierPublicKey, vaultParams, vaultChallenge, secrets); BackwardsCompat.fromLegacyKeychainProtectionParams(secrets)); return new RecoveryClaim(recoverySession, recoveryClaim); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); Loading Loading @@ -451,7 +429,9 @@ public class RecoveryController { InternalRecoveryServiceException { try { return (Map<String, byte[]>) mBinder.recoverKeys( session.getSessionId(), recoveryKeyBlob, applicationKeys); session.getSessionId(), recoveryKeyBlob, BackwardsCompat.fromLegacyWrappedApplicationKeys(applicationKeys)); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { Loading
core/java/android/security/keystore/recovery/BadCertificateFormatException.java 0 → 100644 +28 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore.recovery; /** * Error thrown when the recovery agent supplies an invalid X509 certificate. * * @hide */ public class BadCertificateFormatException extends RecoveryControllerException { public BadCertificateFormatException(String msg) { super(msg); } }
core/java/android/security/keystore/recovery/DecryptionFailedException.java 0 → 100644 +30 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore.recovery; /** * Error thrown when decryption failed, due to an agent error. i.e., using the incorrect key, * trying to decrypt garbage data, trying to decrypt data that has somehow been corrupted, etc. * * @hide */ public class DecryptionFailedException extends RecoveryControllerException { public DecryptionFailedException(String msg) { super(msg); } }
