1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.keystore.recovery; 18 19 import android.annotation.NonNull; 20 import android.annotation.Nullable; 21 import android.annotation.RequiresPermission; 22 import android.annotation.SystemApi; 23 import android.app.KeyguardManager; 24 import android.app.PendingIntent; 25 import android.content.Context; 26 import android.os.RemoteException; 27 import android.os.ServiceManager; 28 import android.os.ServiceSpecificException; 29 import android.security.KeyStore; 30 import android.security.keystore.AndroidKeyStoreProvider; 31 import android.security.keystore.KeyPermanentlyInvalidatedException; 32 33 import com.android.internal.widget.ILockSettings; 34 35 import java.security.Key; 36 import java.security.UnrecoverableKeyException; 37 import java.security.cert.CertPath; 38 import java.security.cert.CertificateException; 39 import java.security.cert.X509Certificate; 40 import java.util.ArrayList; 41 import java.util.List; 42 import java.util.Map; 43 44 /** 45 * Backs up cryptographic keys to remote secure hardware, encrypted with the user's lock screen. 46 * 47 * <p>A system app with the {@code android.permission.RECOVER_KEYSTORE} permission may generate or 48 * import recoverable keys using this class. To generate a key, the app must call 49 * {@link #generateKey(String)} with the desired alias for the key. This returns an AndroidKeyStore 50 * reference to a 256-bit {@link javax.crypto.SecretKey}, which can be used for AES/GCM/NoPadding. 51 * In order to get the same key again at a later time, the app can call {@link #getKey(String)} with 52 * the same alias. If a key is generated in this way the key's raw material is never directly 53 * exposed to the calling app. The system app may also import key material using 54 * {@link #importKey(String, byte[])}. The app may only generate and import keys for its own 55 * {@code uid}. 56 * 57 * <p>The same system app must also register a Recovery Agent to manage syncing recoverable keys to 58 * remote secure hardware. The Recovery Agent is a service that registers itself with the controller 59 * as follows: 60 * 61 * <ul> 62 * <li>Invokes {@link #initRecoveryService(String, byte[], byte[])} 63 * <ul> 64 * <li>The first argument is the alias of the root certificate used to verify trusted 65 * hardware modules. Each trusted hardware module must have a public key signed with this 66 * root of trust. Roots of trust must be shipped with the framework. The app can list all 67 * valid roots of trust by calling {@link #getRootCertificates()}. 68 * <li>The second argument is the UTF-8 bytes of the XML listing file. It lists the X509 69 * certificates containing the public keys of all available remote trusted hardware modules. 70 * Each of the X509 certificates can be validated against the chosen root of trust. 71 * <li>The third argument is the UTF-8 bytes of the XML signing file. The file contains a 72 * signature of the XML listing file. The signature can be validated against the chosen root 73 * of trust. 74 * </ul> 75 * <p>This will cause the controller to choose a random public key from the list. From then 76 * on the controller will attempt to sync the key chain with the trusted hardware module to whom 77 * that key belongs. 78 * <li>Invokes {@link #setServerParams(byte[])} with a byte string that identifies the device 79 * to a remote server. This server may act as the front-end to the trusted hardware modules. It 80 * is up to the Recovery Agent to decide how best to identify devices, but this could be, e.g., 81 * based on the <a href="https://developers.google.com/instance-id/">Instance ID</a> of the 82 * system app. 83 * <li>Invokes {@link #setRecoverySecretTypes(int[])} with a list of types of secret used to 84 * secure the recoverable key chain. For now only 85 * {@link KeyChainProtectionParams#TYPE_LOCKSCREEN} is supported. 86 * <li>Invokes {@link #setSnapshotCreatedPendingIntent(PendingIntent)} with a 87 * {@link PendingIntent} that is to be invoked whenever a new snapshot is created. Although the 88 * controller can create snapshots without the Recovery Agent registering this intent, it is a 89 * good idea to register the intent so that the Recovery Agent is able to sync this snapshot to 90 * the trusted hardware module as soon as it is available. 91 * </ul> 92 * 93 * <p>The trusted hardware module's public key MUST be generated on secure hardware with protections 94 * equivalent to those described in the 95 * <a href="https://developer.android.com/preview/features/security/ckv-whitepaper.html">Google 96 * Cloud Key Vault Service whitepaper</a>. The trusted hardware module itself must protect the key 97 * chain from brute-forcing using the methods also described in the whitepaper: i.e., it should 98 * limit the number of allowed attempts to enter the lock screen. If the number of attempts is 99 * exceeded the key material must no longer be recoverable. 100 * 101 * <p>A recoverable key chain snapshot is considered pending if any of the following conditions 102 * are met: 103 * 104 * <ul> 105 * <li>The system app mutates the key chain. i.e., generates, imports, or removes a key. 106 * <li>The user changes their lock screen. 107 * </ul> 108 * 109 * <p>Whenever the user unlocks their device, if a snapshot is pending, the Recovery Controller 110 * generates a new snapshot. It follows these steps to do so: 111 * 112 * <ul> 113 * <li>Generates a 256-bit AES key using {@link java.security.SecureRandom}. This is the 114 * Recovery Key. 115 * <li>Wraps the key material of all keys in the recoverable key chain with the Recovery Key. 116 * <li>Encrypts the Recovery Key with both the public key of the trusted hardware module and a 117 * symmetric key derived from the user's lock screen. 118 * </ul> 119 * 120 * <p>The controller then writes this snapshot to disk, and uses the {@link PendingIntent} that was 121 * set by the Recovery Agent during initialization to inform it that a new snapshot is available. 122 * The snapshot only contains keys for that Recovery Agent's {@code uid} - i.e., keys the agent's 123 * app itself generated. If multiple Recovery Agents exist on the device, each will be notified of 124 * their new snapshots, and each snapshots' keys will be only those belonging to the same 125 * {@code uid}. 126 * 127 * <p>The Recovery Agent retrieves its most recent snapshot by calling 128 * {@link #getKeyChainSnapshot()}. It syncs the snapshot to the remote server. The snapshot contains 129 * the public key used for encryption, which the server uses to forward the encrypted recovery key 130 * to the correct trusted hardware module. The snapshot also contains the server params, which are 131 * used to identify this device to the server. 132 * 133 * <p>The client uses the server params to identify a device whose key chain it wishes to restore. 134 * This may be on a different device to the device that originally synced the key chain. The client 135 * sends the server params identifying the previous device to the server. The server returns the 136 * X509 certificate identifying the trusted hardware module in which the encrypted Recovery Key is 137 * stored. It also returns some vault parameters identifying that particular Recovery Key to the 138 * trusted hardware module. And it also returns a vault challenge, which is used as part of the 139 * vault opening protocol to ensure the recovery claim is fresh. See the whitepaper for more 140 * details. 141 * 142 * <p>The key chain is recovered via a {@link RecoverySession}. A Recovery Agent creates one by 143 * invoking {@link #createRecoverySession()}. It then invokes 144 * {@link RecoverySession#start(String, CertPath, byte[], byte[], List)} with these arguments: 145 * 146 * <ul> 147 * <li>The alias of the root of trust used to verify the trusted hardware module. 148 * <li>The X509 certificate of the trusted hardware module. 149 * <li>The vault parameters used to identify the Recovery Key to the trusted hardware module. 150 * <li>The vault challenge, as issued by the trusted hardware module. 151 * <li>A list of secrets, corresponding to the secrets used to protect the key chain. At the 152 * moment this is a single {@link KeyChainProtectionParams} containing the lock screen of the 153 * device whose key chain is to be recovered. 154 * </ul> 155 * 156 * <p>This method returns a byte array containing the Recovery Claim, which can be issued to the 157 * remote trusted hardware module. It is encrypted with the trusted hardware module's public key 158 * (which has itself been certified with the root of trust). It also contains an ephemeral symmetric 159 * key generated for this recovery session, which the remote trusted hardware module uses to encrypt 160 * its responses. This is the Session Key. 161 * 162 * <p>If the lock screen provided is correct, the remote trusted hardware module decrypts one of the 163 * layers of lock-screen encryption from the Recovery Key. It then returns this key, encrypted with 164 * the Session Key to the Recovery Agent. As the Recovery Agent does not know the Session Key, it 165 * must then invoke {@link RecoverySession#recoverKeyChainSnapshot(byte[], List)} with the encrypted 166 * Recovery Key and the list of wrapped application keys. The controller then decrypts the layer of 167 * encryption provided by the Session Key, and uses the lock screen to decrypt the final layer of 168 * encryption. It then uses the Recovery Key to decrypt all of the wrapped application keys, and 169 * imports them into its own KeyStore. The Recovery Agent's app may then access these keys by 170 * calling {@link #getKey(String)}. Only this app's {@code uid} may access the keys that have been 171 * recovered. 172 * 173 * @hide 174 */ 175 @SystemApi 176 public class RecoveryController { 177 private static final String TAG = "RecoveryController"; 178 179 /** Key has been successfully synced. */ 180 public static final int RECOVERY_STATUS_SYNCED = 0; 181 /** Waiting for recovery agent to sync the key. */ 182 public static final int RECOVERY_STATUS_SYNC_IN_PROGRESS = 1; 183 /** Key cannot be synced. */ 184 public static final int RECOVERY_STATUS_PERMANENT_FAILURE = 3; 185 186 /** 187 * Failed because no snapshot is yet pending to be synced for the user. 188 * 189 * @hide 190 */ 191 public static final int ERROR_NO_SNAPSHOT_PENDING = 21; 192 193 /** 194 * Failed due to an error internal to the recovery service. This is unexpected and indicates 195 * either a problem with the logic in the service, or a problem with a dependency of the 196 * service (such as AndroidKeyStore). 197 * 198 * @hide 199 */ 200 public static final int ERROR_SERVICE_INTERNAL_ERROR = 22; 201 202 /** 203 * Failed because the user does not have a lock screen set. 204 * 205 * @hide 206 */ 207 public static final int ERROR_INSECURE_USER = 23; 208 209 /** 210 * Error thrown when attempting to use a recovery session that has since been closed. 211 * 212 * @hide 213 */ 214 public static final int ERROR_SESSION_EXPIRED = 24; 215 216 /** 217 * Failed because the format of the provided certificate is incorrect, e.g., cannot be decoded 218 * properly or misses necessary fields. 219 * 220 * <p>Note that this is different from {@link #ERROR_INVALID_CERTIFICATE}, which implies the 221 * certificate has a correct format but cannot be validated. 222 * 223 * @hide 224 */ 225 public static final int ERROR_BAD_CERTIFICATE_FORMAT = 25; 226 227 /** 228 * Error thrown if decryption failed. This might be because the tag is wrong, the key is wrong, 229 * the data has become corrupted, the data has been tampered with, etc. 230 * 231 * @hide 232 */ 233 public static final int ERROR_DECRYPTION_FAILED = 26; 234 235 /** 236 * Error thrown if the format of a given key is invalid. This might be because the key has a 237 * wrong length, invalid content, etc. 238 * 239 * @hide 240 */ 241 public static final int ERROR_INVALID_KEY_FORMAT = 27; 242 243 /** 244 * Failed because the provided certificate cannot be validated, e.g., is expired or has invalid 245 * signatures. 246 * 247 * <p>Note that this is different from {@link #ERROR_BAD_CERTIFICATE_FORMAT}, which denotes 248 * incorrect certificate formats, e.g., due to wrong encoding or structure. 249 * 250 * @hide 251 */ 252 public static final int ERROR_INVALID_CERTIFICATE = 28; 253 254 255 /** 256 * Failed because the provided certificate contained serial version which is lower that the 257 * version device is already initialized with. It is not possible to downgrade serial version of 258 * the provided certificate. 259 * 260 * @hide 261 */ 262 public static final int ERROR_DOWNGRADE_CERTIFICATE = 29; 263 264 private final ILockSettings mBinder; 265 private final KeyStore mKeyStore; 266 RecoveryController(ILockSettings binder, KeyStore keystore)267 private RecoveryController(ILockSettings binder, KeyStore keystore) { 268 mBinder = binder; 269 mKeyStore = keystore; 270 } 271 272 /** 273 * Internal method used by {@code RecoverySession}. 274 * 275 * @hide 276 */ getBinder()277 ILockSettings getBinder() { 278 return mBinder; 279 } 280 281 /** 282 * Gets a new instance of the class. 283 */ 284 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) getInstance(@onNull Context context)285 @NonNull public static RecoveryController getInstance(@NonNull Context context) { 286 // lockSettings may be null. 287 ILockSettings lockSettings = 288 ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings")); 289 return new RecoveryController(lockSettings, KeyStore.getInstance()); 290 } 291 292 /** 293 * Checks whether the recoverable key store is currently available. 294 * 295 * <p>If it returns true, the device must currently be using a screen lock that is supported for 296 * use with the recoverable key store, i.e. AOSP PIN, pattern or password. 297 */ 298 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) isRecoverableKeyStoreEnabled(@onNull Context context)299 public static boolean isRecoverableKeyStoreEnabled(@NonNull Context context) { 300 KeyguardManager keyguardManager = context.getSystemService(KeyguardManager.class); 301 return keyguardManager != null && keyguardManager.isDeviceSecure(); 302 } 303 304 /** 305 * Initializes the recovery service for the calling application. The detailed steps should be: 306 * <ol> 307 * <li>Parse {@code signatureFile} to get relevant information. 308 * <li>Validate the signer's X509 certificate, contained in {@code signatureFile}, against 309 * the root certificate pre-installed in the OS and chosen by {@code 310 * rootCertificateAlias}. 311 * <li>Verify the public-key signature, contained in {@code signatureFile}, and verify it 312 * against the entire {@code certificateFile}. 313 * <li>Parse {@code certificateFile} to get relevant information. 314 * <li>Check the serial number, contained in {@code certificateFile}, and skip the following 315 * steps if the serial number is not larger than the one previously stored. 316 * <li>Randomly choose a X509 certificate from the endpoint X509 certificates, contained in 317 * {@code certificateFile}, and validate it against the root certificate pre-installed 318 * in the OS and chosen by {@code rootCertificateAlias}. 319 * <li>Store the chosen X509 certificate and the serial in local database for later use. 320 * </ol> 321 * 322 * @param rootCertificateAlias the alias of a root certificate pre-installed in the OS 323 * @param certificateFile the binary content of the XML file containing a list of recovery 324 * service X509 certificates, and other metadata including the serial number 325 * @param signatureFile the binary content of the XML file containing the public-key signature 326 * of the entire certificate file, and a signer's X509 certificate 327 * @throws CertificateException if the given certificate files cannot be parsed or validated 328 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 329 * service. 330 */ 331 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) initRecoveryService( @onNull String rootCertificateAlias, @NonNull byte[] certificateFile, @NonNull byte[] signatureFile)332 public void initRecoveryService( 333 @NonNull String rootCertificateAlias, @NonNull byte[] certificateFile, 334 @NonNull byte[] signatureFile) 335 throws CertificateException, InternalRecoveryServiceException { 336 try { 337 mBinder.initRecoveryServiceWithSigFile( 338 rootCertificateAlias, certificateFile, signatureFile); 339 } catch (RemoteException e) { 340 throw e.rethrowFromSystemServer(); 341 } catch (ServiceSpecificException e) { 342 if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT 343 || e.errorCode == ERROR_INVALID_CERTIFICATE) { 344 throw new CertificateException("Invalid certificate for recovery service", e); 345 } 346 if (e.errorCode == ERROR_DOWNGRADE_CERTIFICATE) { 347 throw new CertificateException( 348 "Downgrading certificate serial version isn't supported.", e); 349 } 350 throw wrapUnexpectedServiceSpecificException(e); 351 } 352 } 353 354 /** 355 * Returns data necessary to store all recoverable keys. Key material is 356 * encrypted with user secret and recovery public key. 357 * 358 * @return Data necessary to recover keystore or {@code null} if snapshot is not available. 359 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 360 * service. 361 */ 362 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) getKeyChainSnapshot()363 public @Nullable KeyChainSnapshot getKeyChainSnapshot() 364 throws InternalRecoveryServiceException { 365 try { 366 return mBinder.getKeyChainSnapshot(); 367 } catch (RemoteException e) { 368 throw e.rethrowFromSystemServer(); 369 } catch (ServiceSpecificException e) { 370 if (e.errorCode == ERROR_NO_SNAPSHOT_PENDING) { 371 return null; 372 } 373 throw wrapUnexpectedServiceSpecificException(e); 374 } 375 } 376 377 /** 378 * Sets a listener which notifies recovery agent that new recovery snapshot is available. {@link 379 * #getKeyChainSnapshot} can be used to get the snapshot. Note that every recovery agent can 380 * have at most one registered listener at any time. 381 * 382 * @param intent triggered when new snapshot is available. Unregisters listener if the value is 383 * {@code null}. 384 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 385 * service. 386 */ 387 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) setSnapshotCreatedPendingIntent(@ullable PendingIntent intent)388 public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent) 389 throws InternalRecoveryServiceException { 390 try { 391 mBinder.setSnapshotCreatedPendingIntent(intent); 392 } catch (RemoteException e) { 393 throw e.rethrowFromSystemServer(); 394 } catch (ServiceSpecificException e) { 395 throw wrapUnexpectedServiceSpecificException(e); 396 } 397 } 398 399 /** 400 * Server parameters used to generate new recovery key blobs. This value will be included in 401 * {@code KeyChainSnapshot.getEncryptedRecoveryKeyBlob()}. The same value must be included 402 * in vaultParams {@link RecoverySession#start(CertPath, byte[], byte[], List)}. 403 * 404 * @param serverParams included in recovery key blob. 405 * @see #getKeyChainSnapshot 406 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 407 * service. 408 */ 409 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) setServerParams(@onNull byte[] serverParams)410 public void setServerParams(@NonNull byte[] serverParams) 411 throws InternalRecoveryServiceException { 412 try { 413 mBinder.setServerParams(serverParams); 414 } catch (RemoteException e) { 415 throw e.rethrowFromSystemServer(); 416 } catch (ServiceSpecificException e) { 417 throw wrapUnexpectedServiceSpecificException(e); 418 } 419 } 420 421 /** 422 * Returns a list of aliases of keys belonging to the application. 423 */ 424 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) getAliases()425 public @NonNull List<String> getAliases() throws InternalRecoveryServiceException { 426 try { 427 Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(); 428 return new ArrayList<>(allStatuses.keySet()); 429 } catch (RemoteException e) { 430 throw e.rethrowFromSystemServer(); 431 } catch (ServiceSpecificException e) { 432 throw wrapUnexpectedServiceSpecificException(e); 433 } 434 } 435 436 /** 437 * Sets the recovery status for given key. It is used to notify the keystore that the key was 438 * successfully stored on the server or that there was an error. An application can check this 439 * value using {@link #getRecoveryStatus(String, String)}. 440 * 441 * @param alias The alias of the key whose status to set. 442 * @param status The status of the key. One of {@link #RECOVERY_STATUS_SYNCED}, 443 * {@link #RECOVERY_STATUS_SYNC_IN_PROGRESS} or {@link #RECOVERY_STATUS_PERMANENT_FAILURE}. 444 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 445 * service. 446 */ 447 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) setRecoveryStatus(@onNull String alias, int status)448 public void setRecoveryStatus(@NonNull String alias, int status) 449 throws InternalRecoveryServiceException { 450 try { 451 mBinder.setRecoveryStatus(alias, status); 452 } catch (RemoteException e) { 453 throw e.rethrowFromSystemServer(); 454 } catch (ServiceSpecificException e) { 455 throw wrapUnexpectedServiceSpecificException(e); 456 } 457 } 458 459 /** 460 * Returns the recovery status for the key with the given {@code alias}. 461 * 462 * <ul> 463 * <li>{@link #RECOVERY_STATUS_SYNCED} 464 * <li>{@link #RECOVERY_STATUS_SYNC_IN_PROGRESS} 465 * <li>{@link #RECOVERY_STATUS_PERMANENT_FAILURE} 466 * </ul> 467 * 468 * @see #setRecoveryStatus(String, int) 469 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 470 * service. 471 */ 472 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) getRecoveryStatus(@onNull String alias)473 public int getRecoveryStatus(@NonNull String alias) throws InternalRecoveryServiceException { 474 try { 475 Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(); 476 Integer status = allStatuses.get(alias); 477 if (status == null) { 478 return RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE; 479 } else { 480 return status; 481 } 482 } catch (RemoteException e) { 483 throw e.rethrowFromSystemServer(); 484 } catch (ServiceSpecificException e) { 485 throw wrapUnexpectedServiceSpecificException(e); 486 } 487 } 488 489 /** 490 * Specifies a set of secret types used for end-to-end keystore encryption. Knowing all of them 491 * is necessary to recover data. 492 * 493 * @param secretTypes {@link KeyChainProtectionParams#TYPE_LOCKSCREEN} 494 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 495 * service. 496 */ 497 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) setRecoverySecretTypes( @onNull @eyChainProtectionParams.UserSecretType int[] secretTypes)498 public void setRecoverySecretTypes( 499 @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) 500 throws InternalRecoveryServiceException { 501 try { 502 mBinder.setRecoverySecretTypes(secretTypes); 503 } catch (RemoteException e) { 504 throw e.rethrowFromSystemServer(); 505 } catch (ServiceSpecificException e) { 506 throw wrapUnexpectedServiceSpecificException(e); 507 } 508 } 509 510 /** 511 * Defines a set of secret types used for end-to-end keystore encryption. Knowing all of them is 512 * necessary to generate KeyChainSnapshot. 513 * 514 * @return list of recovery secret types 515 * @see KeyChainSnapshot 516 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 517 * service. 518 */ 519 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) getRecoverySecretTypes()520 public @NonNull @KeyChainProtectionParams.UserSecretType int[] getRecoverySecretTypes() 521 throws InternalRecoveryServiceException { 522 try { 523 return mBinder.getRecoverySecretTypes(); 524 } catch (RemoteException e) { 525 throw e.rethrowFromSystemServer(); 526 } catch (ServiceSpecificException e) { 527 throw wrapUnexpectedServiceSpecificException(e); 528 } 529 } 530 531 /** 532 * Generates a recoverable key with the given {@code alias}. 533 * 534 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 535 * service. 536 * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock 537 * screen is required to generate recoverable keys. 538 * 539 * @deprecated Use the method {@link #generateKey(String, byte[])} instead. 540 */ 541 @Deprecated 542 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) generateKey(@onNull String alias)543 public @NonNull Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException, 544 LockScreenRequiredException { 545 try { 546 String grantAlias = mBinder.generateKey(alias); 547 if (grantAlias == null) { 548 throw new InternalRecoveryServiceException("null grant alias"); 549 } 550 return getKeyFromGrant(grantAlias); 551 } catch (RemoteException e) { 552 throw e.rethrowFromSystemServer(); 553 } catch (KeyPermanentlyInvalidatedException | UnrecoverableKeyException e) { 554 throw new InternalRecoveryServiceException("Failed to get key from keystore", e); 555 } catch (ServiceSpecificException e) { 556 if (e.errorCode == ERROR_INSECURE_USER) { 557 throw new LockScreenRequiredException(e.getMessage()); 558 } 559 throw wrapUnexpectedServiceSpecificException(e); 560 } 561 } 562 563 /** 564 * Generates a recoverable key with the given {@code alias} and {@code metadata}. 565 * 566 * <p>The metadata should contain any data that needs to be cryptographically bound to the 567 * generated key, but does not need to be encrypted by the key. For example, the metadata can 568 * be a byte string describing the algorithms and non-secret parameters to be used with the 569 * key. The supplied metadata can later be obtained via 570 * {@link WrappedApplicationKey#getMetadata()}. 571 * 572 * <p>During the key recovery process, the same metadata has to be supplied via 573 * {@link WrappedApplicationKey.Builder#setMetadata(byte[])}; otherwise, the recovery process 574 * will fail due to the checking of the cryptographic binding. This can help prevent 575 * potential attacks that try to swap key materials on the backup server and trick the 576 * application to use keys with different algorithms or parameters. 577 * 578 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 579 * service. 580 * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock 581 * screen is required to generate recoverable keys. 582 */ 583 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) generateKey(@onNull String alias, @Nullable byte[] metadata)584 public @NonNull Key generateKey(@NonNull String alias, @Nullable byte[] metadata) 585 throws InternalRecoveryServiceException, LockScreenRequiredException { 586 try { 587 String grantAlias = mBinder.generateKeyWithMetadata(alias, metadata); 588 if (grantAlias == null) { 589 throw new InternalRecoveryServiceException("null grant alias"); 590 } 591 return getKeyFromGrant(grantAlias); 592 } catch (RemoteException e) { 593 throw e.rethrowFromSystemServer(); 594 } catch (KeyPermanentlyInvalidatedException | UnrecoverableKeyException e) { 595 throw new InternalRecoveryServiceException("Failed to get key from keystore", e); 596 } catch (ServiceSpecificException e) { 597 if (e.errorCode == ERROR_INSECURE_USER) { 598 throw new LockScreenRequiredException(e.getMessage()); 599 } 600 throw wrapUnexpectedServiceSpecificException(e); 601 } 602 } 603 604 /** 605 * Imports a 256-bit recoverable AES key with the given {@code alias} and the raw bytes {@code 606 * keyBytes}. 607 * 608 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 609 * service. 610 * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock 611 * screen is required to generate recoverable keys. 612 * 613 * @deprecated Use the method {@link #importKey(String, byte[], byte[])} instead. 614 */ 615 @Deprecated 616 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) importKey(@onNull String alias, @NonNull byte[] keyBytes)617 public @NonNull Key importKey(@NonNull String alias, @NonNull byte[] keyBytes) 618 throws InternalRecoveryServiceException, LockScreenRequiredException { 619 try { 620 String grantAlias = mBinder.importKey(alias, keyBytes); 621 if (grantAlias == null) { 622 throw new InternalRecoveryServiceException("Null grant alias"); 623 } 624 return getKeyFromGrant(grantAlias); 625 } catch (RemoteException e) { 626 throw e.rethrowFromSystemServer(); 627 } catch (KeyPermanentlyInvalidatedException | UnrecoverableKeyException e) { 628 throw new InternalRecoveryServiceException("Failed to get key from keystore", e); 629 } catch (ServiceSpecificException e) { 630 if (e.errorCode == ERROR_INSECURE_USER) { 631 throw new LockScreenRequiredException(e.getMessage()); 632 } 633 throw wrapUnexpectedServiceSpecificException(e); 634 } 635 } 636 637 /** 638 * Imports a recoverable 256-bit AES key with the given {@code alias}, the raw bytes {@code 639 * keyBytes}, and the {@code metadata}. 640 * 641 * <p>The metadata should contain any data that needs to be cryptographically bound to the 642 * imported key, but does not need to be encrypted by the key. For example, the metadata can 643 * be a byte string describing the algorithms and non-secret parameters to be used with the 644 * key. The supplied metadata can later be obtained via 645 * {@link WrappedApplicationKey#getMetadata()}. 646 * 647 * <p>During the key recovery process, the same metadata has to be supplied via 648 * {@link WrappedApplicationKey.Builder#setMetadata(byte[])}; otherwise, the recovery process 649 * will fail due to the checking of the cryptographic binding. This can help prevent 650 * potential attacks that try to swap key materials on the backup server and trick the 651 * application to use keys with different algorithms or parameters. 652 * 653 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 654 * service. 655 * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock 656 * screen is required to generate recoverable keys. 657 */ 658 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) importKey(@onNull String alias, @NonNull byte[] keyBytes, @Nullable byte[] metadata)659 public @NonNull Key importKey(@NonNull String alias, @NonNull byte[] keyBytes, 660 @Nullable byte[] metadata) 661 throws InternalRecoveryServiceException, LockScreenRequiredException { 662 try { 663 String grantAlias = mBinder.importKeyWithMetadata(alias, keyBytes, metadata); 664 if (grantAlias == null) { 665 throw new InternalRecoveryServiceException("Null grant alias"); 666 } 667 return getKeyFromGrant(grantAlias); 668 } catch (RemoteException e) { 669 throw e.rethrowFromSystemServer(); 670 } catch (KeyPermanentlyInvalidatedException | UnrecoverableKeyException e) { 671 throw new InternalRecoveryServiceException("Failed to get key from keystore", e); 672 } catch (ServiceSpecificException e) { 673 if (e.errorCode == ERROR_INSECURE_USER) { 674 throw new LockScreenRequiredException(e.getMessage()); 675 } 676 throw wrapUnexpectedServiceSpecificException(e); 677 } 678 } 679 680 /** 681 * Gets a key called {@code alias} from the recoverable key store. 682 * 683 * @param alias The key alias. 684 * @return The key. 685 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 686 * service. 687 * @throws UnrecoverableKeyException if key is permanently invalidated or not found. 688 */ 689 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) getKey(@onNull String alias)690 public @Nullable Key getKey(@NonNull String alias) 691 throws InternalRecoveryServiceException, UnrecoverableKeyException { 692 try { 693 String grantAlias = mBinder.getKey(alias); 694 if (grantAlias == null || "".equals(grantAlias)) { 695 return null; 696 } 697 return getKeyFromGrant(grantAlias); 698 } catch (RemoteException e) { 699 throw e.rethrowFromSystemServer(); 700 } catch (KeyPermanentlyInvalidatedException | UnrecoverableKeyException e) { 701 throw new UnrecoverableKeyException(e.getMessage()); 702 } catch (ServiceSpecificException e) { 703 throw wrapUnexpectedServiceSpecificException(e); 704 } 705 } 706 707 /** 708 * Returns the key with the given {@code grantAlias}. 709 */ getKeyFromGrant(@onNull String grantAlias)710 @NonNull Key getKeyFromGrant(@NonNull String grantAlias) 711 throws UnrecoverableKeyException, KeyPermanentlyInvalidatedException { 712 return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore( 713 mKeyStore, 714 grantAlias, 715 KeyStore.UID_SELF); 716 } 717 718 /** 719 * Removes a key called {@code alias} from the recoverable key store. 720 * 721 * @param alias The key alias. 722 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 723 * service. 724 */ 725 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) removeKey(@onNull String alias)726 public void removeKey(@NonNull String alias) throws InternalRecoveryServiceException { 727 try { 728 mBinder.removeKey(alias); 729 } catch (RemoteException e) { 730 throw e.rethrowFromSystemServer(); 731 } catch (ServiceSpecificException e) { 732 throw wrapUnexpectedServiceSpecificException(e); 733 } 734 } 735 736 /** 737 * Returns a new {@link RecoverySession}. 738 * 739 * <p>A recovery session is required to restore keys from a remote store. 740 */ 741 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) createRecoverySession()742 public @NonNull RecoverySession createRecoverySession() { 743 return RecoverySession.newInstance(this); 744 } 745 746 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) getRootCertificates()747 public @NonNull Map<String, X509Certificate> getRootCertificates() { 748 return TrustedRootCertificates.getRootCertificates(); 749 } 750 wrapUnexpectedServiceSpecificException( ServiceSpecificException e)751 InternalRecoveryServiceException wrapUnexpectedServiceSpecificException( 752 ServiceSpecificException e) { 753 if (e.errorCode == ERROR_SERVICE_INTERNAL_ERROR) { 754 return new InternalRecoveryServiceException(e.getMessage()); 755 } 756 757 // Should never happen. If it does, it's a bug, and we need to update how the method that 758 // called this throws its exceptions. 759 return new InternalRecoveryServiceException("Unexpected error code for method: " 760 + e.errorCode, e); 761 } 762 } 763