1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.server.locksettings.recoverablekeystore.storage;
18 
19 import android.provider.BaseColumns;
20 
21 /**
22  * Contract for recoverable key database. Describes the tables present.
23  *
24  * Make sure that {@code removeUserFromAllKnownTables} is updated, when new table is added.
25  */
26 class RecoverableKeyStoreDbContract {
27     /**
28      * Table holding wrapped keys, and information about when they were last synced.
29      */
30     static class KeysEntry implements BaseColumns {
31         static final String TABLE_NAME = "keys";
32 
33         /**
34          * The user id of the profile the application is running under.
35          */
36         static final String COLUMN_NAME_USER_ID = "user_id";
37 
38         /**
39          * The uid of the application that generated the key.
40          */
41         static final String COLUMN_NAME_UID = "uid";
42 
43         /**
44          * The alias of the key, as set in AndroidKeyStore.
45          */
46         static final String COLUMN_NAME_ALIAS = "alias";
47 
48         /**
49          * Nonce with which the key was encrypted.
50          */
51         static final String COLUMN_NAME_NONCE = "nonce";
52 
53         /**
54          * Encrypted bytes of the key.
55          */
56         static final String COLUMN_NAME_WRAPPED_KEY = "wrapped_key";
57 
58         /**
59          * Generation ID of the platform key that was used to encrypt this key.
60          */
61         static final String COLUMN_NAME_GENERATION_ID = "platform_key_generation_id";
62 
63         /**
64          * Timestamp of when this key was last synced with remote storage, or -1 if never synced.
65          */
66         static final String COLUMN_NAME_LAST_SYNCED_AT = "last_synced_at";
67 
68         /**
69          * Status of the key sync {@code RecoveryController#setRecoveryStatus}
70          */
71         static final String COLUMN_NAME_RECOVERY_STATUS = "recovery_status";
72 
73         /**
74          * Data blob that will be authenticated (but encrypted) together with the key when the key
75          * is uploaded to cloud.
76          */
77         static final String COLUMN_NAME_KEY_METADATA = "key_metadata";
78     }
79 
80     /**
81      * Recoverable KeyStore metadata for a specific user profile.
82      */
83     static class UserMetadataEntry implements BaseColumns {
84         static final String TABLE_NAME = "user_metadata";
85 
86         /**
87          * User ID of the profile.
88          */
89         static final String COLUMN_NAME_USER_ID = "user_id";
90 
91         /**
92          * Every time a new platform key is generated for a user, this increments. The platform key
93          * is used to wrap recoverable keys on disk.
94          */
95         static final String COLUMN_NAME_PLATFORM_KEY_GENERATION_ID = "platform_key_generation_id";
96 
97         /**
98          * Serial number for the user which can not be reused. Default value is {@code -1}.
99          */
100         static final String COLUMN_NAME_USER_SERIAL_NUMBER = "user_serial_number";
101     }
102 
103     /**
104      * Table holding metadata of the recovery service.
105      */
106     static class RecoveryServiceMetadataEntry implements BaseColumns {
107         static final String TABLE_NAME = "recovery_service_metadata";
108 
109         /**
110          * The user id of the profile the application is running under.
111          */
112         static final String COLUMN_NAME_USER_ID = "user_id";
113 
114         /**
115          * The uid of the application that initializes the local recovery components.
116          */
117         static final String COLUMN_NAME_UID = "uid";
118 
119         /**
120          * Version of the latest recovery snapshot.
121          */
122         static final String COLUMN_NAME_SNAPSHOT_VERSION = "snapshot_version";
123 
124         /**
125          * Flag to generate new snapshot.
126          */
127         static final String COLUMN_NAME_SHOULD_CREATE_SNAPSHOT = "should_create_snapshot";
128 
129         /**
130          * The public key of the recovery service.
131          * Deprecated.
132          */
133         static final String COLUMN_NAME_PUBLIC_KEY = "public_key";
134 
135         /**
136          * The certificate path of the recovery service.
137          * Deprecated.
138          */
139         static final String COLUMN_NAME_CERT_PATH = "cert_path";
140 
141         /**
142          * The serial number contained in the certificate XML file of the recovery service.
143          * Deprecated.
144          */
145         static final String COLUMN_NAME_CERT_SERIAL = "cert_serial";
146 
147         /**
148          * Secret types used for end-to-end encryption.
149          */
150         static final String COLUMN_NAME_SECRET_TYPES = "secret_types";
151 
152         /**
153          * Locally generated random number.
154          */
155         static final String COLUMN_NAME_COUNTER_ID = "counter_id";
156 
157         /**
158          * The server parameters of the recovery service.
159          */
160         static final String COLUMN_NAME_SERVER_PARAMS = "server_params";
161 
162         /**
163          * Active root of trust
164          */
165         static final String COLUMN_NAME_ACTIVE_ROOT_OF_TRUST = "active_root_of_trust";
166     }
167 
168     /**
169      * Table data for given recovery agent and root of trust pair.
170      */
171     static class RootOfTrustEntry implements BaseColumns {
172         static final String TABLE_NAME = "root_of_trust";
173 
174         /**
175          * The user id of the profile the application is running under.
176          */
177         static final String COLUMN_NAME_USER_ID = "user_id";
178 
179         /**
180          * The uid of the application that initializes the local recovery components.
181          */
182         static final String COLUMN_NAME_UID = "uid";
183 
184         /**
185          * Root of trust alias
186          */
187         static final String COLUMN_NAME_ROOT_ALIAS = "root_alias";
188 
189         /**
190          * The certificate path of the recovery service.
191          */
192         static final String COLUMN_NAME_CERT_PATH = "cert_path";
193 
194         /**
195          * The serial number contained in the certificate XML file of the recovery service.
196          */
197         static final String COLUMN_NAME_CERT_SERIAL = "cert_serial";
198     }
199 }
200