diff options
| author | 2019-09-04 16:21:28 +0100 | |
|---|---|---|
| committer | 2019-09-06 10:22:33 +0100 | |
| commit | ad52c6bc3a56f8ec7b7c32e38fe28659cbba7109 (patch) | |
| tree | 8298143d847ffd410c8de0cd9b64cdcebcaea444 /packages/BackupEncryption/src | |
| parent | 3c8783a3a263ab4bee316e63905f8bdaab74eff0 (diff) | |
Move backup encryption to separate APK
Test: atest -c --rebuild-module-info BackupEncryptionRoboTests
Change-Id: I5a8ac3a9c010bd3c516464dee333cef406c5dcfa
Diffstat (limited to 'packages/BackupEncryption/src')
39 files changed, 2993 insertions, 0 deletions
| diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/Chunk.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/Chunk.java new file mode 100644 index 000000000000..ba328609a77e --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/Chunk.java @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunk; + +import android.util.proto.ProtoInputStream; + +import java.io.IOException; + +/** + * Information about a chunk entry in a protobuf. Only used for reading from a {@link + * ProtoInputStream}. + */ +public class Chunk { +    /** +     * Reads a Chunk from a {@link ProtoInputStream}. Expects the message to be of format {@link +     * ChunksMetadataProto.Chunk}. +     * +     * @param inputStream currently at a {@link ChunksMetadataProto.Chunk} message. +     * @throws IOException when the message is not structured as expected or a field can not be +     *     read. +     */ +    static Chunk readFromProto(ProtoInputStream inputStream) throws IOException { +        Chunk result = new Chunk(); + +        while (inputStream.nextField() != ProtoInputStream.NO_MORE_FIELDS) { +            switch (inputStream.getFieldNumber()) { +                case (int) ChunksMetadataProto.Chunk.HASH: +                    result.mHash = inputStream.readBytes(ChunksMetadataProto.Chunk.HASH); +                    break; +                case (int) ChunksMetadataProto.Chunk.LENGTH: +                    result.mLength = inputStream.readInt(ChunksMetadataProto.Chunk.LENGTH); +                    break; +            } +        } + +        return result; +    } + +    private int mLength; +    private byte[] mHash; + +    /** Private constructor. This class should only be instantiated by calling readFromProto. */ +    private Chunk() { +        // Set default values for fields in case they are not available in the proto. +        mHash = new byte[]{}; +        mLength = 0; +    } + +    public int getLength() { +        return mLength; +    } + +    public byte[] getHash() { +        return mHash; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkHash.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkHash.java new file mode 100644 index 000000000000..1630eb8ff4e8 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkHash.java @@ -0,0 +1,90 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunk; + +import com.android.internal.util.Preconditions; + +import java.util.Arrays; +import java.util.Base64; + +/** + * Represents the SHA-256 hash of the plaintext of a chunk, which is frequently used as a key. + * + * <p>This class is {@link Comparable} and implements {@link #equals(Object)} and {@link + * #hashCode()}. + */ +public class ChunkHash implements Comparable<ChunkHash> { +    /** The length of the hash in bytes. The hash is a SHA-256, so this is 256 bits. */ +    public static final int HASH_LENGTH_BYTES = 256 / 8; + +    private static final int UNSIGNED_MASK = 0xFF; + +    private final byte[] mHash; + +    /** Constructs a new instance which wraps the given SHA-256 hash bytes. */ +    public ChunkHash(byte[] hash) { +        Preconditions.checkArgument(hash.length == HASH_LENGTH_BYTES, "Hash must have 256 bits"); +        mHash = hash; +    } + +    public byte[] getHash() { +        return mHash; +    } + +    @Override +    public boolean equals(Object o) { +        if (this == o) { +            return true; +        } +        if (!(o instanceof ChunkHash)) { +            return false; +        } + +        ChunkHash chunkHash = (ChunkHash) o; +        return Arrays.equals(mHash, chunkHash.mHash); +    } + +    @Override +    public int hashCode() { +        return Arrays.hashCode(mHash); +    } + +    @Override +    public int compareTo(ChunkHash other) { +        return lexicographicalCompareUnsignedBytes(getHash(), other.getHash()); +    } + +    @Override +    public String toString() { +        return Base64.getEncoder().encodeToString(mHash); +    } + +    private static int lexicographicalCompareUnsignedBytes(byte[] left, byte[] right) { +        int minLength = Math.min(left.length, right.length); +        for (int i = 0; i < minLength; i++) { +            int result = toInt(left[i]) - toInt(right[i]); +            if (result != 0) { +                return result; +            } +        } +        return left.length - right.length; +    } + +    private static int toInt(byte value) { +        return value & UNSIGNED_MASK; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkListingMap.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkListingMap.java new file mode 100644 index 000000000000..a44890118717 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkListingMap.java @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunk; + +import android.annotation.Nullable; +import android.util.proto.ProtoInputStream; + +import java.io.IOException; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; + +/** + * Chunk listing in a format optimized for quick look-up of chunks via their hash keys. This is + * useful when building an incremental backup. After a chunk has been produced, the algorithm can + * quickly look up whether the chunk existed in the previous backup by checking this chunk listing. + * It can then tell the server to use that chunk, through telling it the position and length of the + * chunk in the previous backup's blob. + */ +public class ChunkListingMap { +    /** +     * Reads a ChunkListingMap from a {@link ProtoInputStream}. Expects the message to be of format +     * {@link ChunksMetadataProto.ChunkListing}. +     * +     * @param inputStream Currently at a {@link ChunksMetadataProto.ChunkListing} message. +     * @throws IOException when the message is not structured as expected or a field can not be +     *     read. +     */ +    public static ChunkListingMap readFromProto(ProtoInputStream inputStream) throws IOException { +        Map<ChunkHash, Entry> entries = new HashMap(); + +        long start = 0; + +        while (inputStream.nextField() != ProtoInputStream.NO_MORE_FIELDS) { +            if (inputStream.getFieldNumber() == (int) ChunksMetadataProto.ChunkListing.CHUNKS) { +                long chunkToken = inputStream.start(ChunksMetadataProto.ChunkListing.CHUNKS); +                Chunk chunk = Chunk.readFromProto(inputStream); +                entries.put(new ChunkHash(chunk.getHash()), new Entry(start, chunk.getLength())); +                start += chunk.getLength(); +                inputStream.end(chunkToken); +            } +        } + +        return new ChunkListingMap(entries); +    } + +    private final Map<ChunkHash, Entry> mChunksByHash; + +    private ChunkListingMap(Map<ChunkHash, Entry> chunksByHash) { +        mChunksByHash = Collections.unmodifiableMap(new HashMap<>(chunksByHash)); +    } + +    /** Returns {@code true} if there is a chunk with the given SHA-256 MAC key in the listing. */ +    public boolean hasChunk(ChunkHash hash) { +        return mChunksByHash.containsKey(hash); +    } + +    /** +     * Returns the entry for the chunk with the given hash. +     * +     * @param hash The SHA-256 MAC of the plaintext of the chunk. +     * @return The entry, containing position and length of the chunk in the backup blob, or null if +     *     it does not exist. +     */ +    @Nullable +    public Entry getChunkEntry(ChunkHash hash) { +        return mChunksByHash.get(hash); +    } + +    /** Returns the number of chunks in this listing. */ +    public int getChunkCount() { +        return mChunksByHash.size(); +    } + +    /** Information about a chunk entry in a backup blob - i.e., its position and length. */ +    public static final class Entry { +        private final int mLength; +        private final long mStart; + +        private Entry(long start, int length) { +            mStart = start; +            mLength = length; +        } + +        /** Returns the length of the chunk in bytes. */ +        public int getLength() { +            return mLength; +        } + +        /** Returns the start position of the chunk in the backup blob, in bytes. */ +        public long getStart() { +            return mStart; +        } +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkOrderingType.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkOrderingType.java new file mode 100644 index 000000000000..8cb028e46e9d --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/ChunkOrderingType.java @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunk; + +import static com.android.server.backup.encryption.chunk.ChunksMetadataProto.CHUNK_ORDERING_TYPE_UNSPECIFIED; +import static com.android.server.backup.encryption.chunk.ChunksMetadataProto.EXPLICIT_STARTS; +import static com.android.server.backup.encryption.chunk.ChunksMetadataProto.INLINE_LENGTHS; + +import android.annotation.IntDef; + +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; + +/** IntDef corresponding to the ChunkOrderingType enum in the ChunksMetadataProto protobuf. */ +@IntDef({CHUNK_ORDERING_TYPE_UNSPECIFIED, EXPLICIT_STARTS, INLINE_LENGTHS}) +@Retention(RetentionPolicy.SOURCE) +public @interface ChunkOrderingType {} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/EncryptedChunkOrdering.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/EncryptedChunkOrdering.java new file mode 100644 index 000000000000..edf1b9abb822 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunk/EncryptedChunkOrdering.java @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunk; + +import java.util.Arrays; + +/** + * Holds the bytes of an encrypted {@link ChunksMetadataProto.ChunkOrdering}. + * + * <p>TODO(b/116575321): After all code is ported, remove the factory method and rename + * encryptedChunkOrdering() to getBytes(). + */ +public class EncryptedChunkOrdering { +    /** +     * Constructs a new object holding the given bytes of an encrypted {@link +     * ChunksMetadataProto.ChunkOrdering}. +     * +     * <p>Note that this just holds an ordering which is already encrypted, it does not encrypt the +     * ordering. +     */ +    public static EncryptedChunkOrdering create(byte[] encryptedChunkOrdering) { +        return new EncryptedChunkOrdering(encryptedChunkOrdering); +    } + +    private final byte[] mEncryptedChunkOrdering; + +    /** Get the encrypted chunk ordering */ +    public byte[] encryptedChunkOrdering() { +        return mEncryptedChunkOrdering; +    } + +    @Override +    public boolean equals(Object o) { +        if (this == o) { +            return true; +        } +        if (!(o instanceof EncryptedChunkOrdering)) { +            return false; +        } + +        EncryptedChunkOrdering encryptedChunkOrdering = (EncryptedChunkOrdering) o; +        return Arrays.equals( +                mEncryptedChunkOrdering, encryptedChunkOrdering.mEncryptedChunkOrdering); +    } + +    @Override +    public int hashCode() { +        return Arrays.hashCode(mEncryptedChunkOrdering); +    } + +    private EncryptedChunkOrdering(byte[] encryptedChunkOrdering) { +        mEncryptedChunkOrdering = encryptedChunkOrdering; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/BackupWriter.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/BackupWriter.java new file mode 100644 index 000000000000..baa820cbd558 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/BackupWriter.java @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import java.io.IOException; + +/** Writes backup data either as a diff script or as raw data, determined by the implementation. */ +public interface BackupWriter { +    /** Writes the given bytes to the output. */ +    void writeBytes(byte[] bytes) throws IOException; + +    /** +     * Writes an existing chunk from the previous backup to the output. +     * +     * <p>Note: not all implementations support this method. +     */ +    void writeChunk(long start, int length) throws IOException; + +    /** Returns the number of bytes written, included bytes copied from the old file. */ +    long getBytesWritten(); + +    /** +     * Indicates that no more bytes or chunks will be written. +     * +     * <p>After calling this, you may not call {@link #writeBytes(byte[])} or {@link +     * #writeChunk(long, int)} +     */ +    void flush() throws IOException; +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ByteRange.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ByteRange.java new file mode 100644 index 000000000000..004d9e3b45f1 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ByteRange.java @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import com.android.internal.util.Preconditions; + +/** Representation of a range of bytes to be downloaded. */ +final class ByteRange { +    private final long mStart; +    private final long mEnd; + +    /** Creates a range of bytes which includes {@code mStart} and {@code mEnd}. */ +    ByteRange(long start, long end) { +        Preconditions.checkArgument(start >= 0); +        Preconditions.checkArgument(end >= start); +        mStart = start; +        mEnd = end; +    } + +    /** Returns the start of the {@code ByteRange}. The start is included in the range. */ +    long getStart() { +        return mStart; +    } + +    /** Returns the end of the {@code ByteRange}. The end is included in the range. */ +    long getEnd() { +        return mEnd; +    } + +    /** Returns the number of bytes included in the {@code ByteRange}. */ +    int getLength() { +        return (int) (mEnd - mStart + 1); +    } + +    /** Creates a new {@link ByteRange} from {@code mStart} to {@code mEnd + length}. */ +    ByteRange extend(long length) { +        Preconditions.checkArgument(length > 0); +        return new ByteRange(mStart, mEnd + length); +    } + +    @Override +    public boolean equals(Object o) { +        if (this == o) { +            return true; +        } +        if (!(o instanceof ByteRange)) { +            return false; +        } + +        ByteRange byteRange = (ByteRange) o; +        return (mEnd == byteRange.mEnd && mStart == byteRange.mStart); +    } + +    @Override +    public int hashCode() { +        int result = 17; +        result = 31 * result + (int) (mStart ^ (mStart >>> 32)); +        result = 31 * result + (int) (mEnd ^ (mEnd >>> 32)); +        return result; +    } + +    @Override +    public String toString() { +        return String.format("ByteRange{mStart=%d, mEnd=%d}", mStart, mEnd); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ChunkEncryptor.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ChunkEncryptor.java new file mode 100644 index 000000000000..48abc8cc4088 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ChunkEncryptor.java @@ -0,0 +1,92 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import com.android.server.backup.encryption.chunk.ChunkHash; + +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; + +/** Encrypts chunks of a file using AES/GCM. */ +public class ChunkEncryptor { +    private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding"; +    private static final int GCM_NONCE_LENGTH_BYTES = 12; +    private static final int GCM_TAG_LENGTH_BYTES = 16; + +    private final SecretKey mSecretKey; +    private final SecureRandom mSecureRandom; + +    /** +     * A new instance using {@code mSecretKey} to encrypt chunks and {@code mSecureRandom} to +     * generate nonces. +     */ +    public ChunkEncryptor(SecretKey secretKey, SecureRandom secureRandom) { +        this.mSecretKey = secretKey; +        this.mSecureRandom = secureRandom; +    } + +    /** +     * Transforms {@code plaintext} into an {@link EncryptedChunk}. +     * +     * @param plaintextHash The hash of the plaintext to encrypt, to attach as the key of the chunk. +     * @param plaintext Bytes to encrypt. +     * @throws InvalidKeyException If the given secret key is not a valid AES key for decryption. +     * @throws IllegalBlockSizeException If the input data cannot be encrypted using +     *     AES/GCM/NoPadding. This should never be the case. +     */ +    public EncryptedChunk encrypt(ChunkHash plaintextHash, byte[] plaintext) +            throws InvalidKeyException, IllegalBlockSizeException { +        byte[] nonce = generateNonce(); +        Cipher cipher; +        try { +            cipher = Cipher.getInstance(CIPHER_ALGORITHM); +            cipher.init( +                    Cipher.ENCRYPT_MODE, +                    mSecretKey, +                    new GCMParameterSpec(GCM_TAG_LENGTH_BYTES * 8, nonce)); +        } catch (NoSuchAlgorithmException +                | NoSuchPaddingException +                | InvalidAlgorithmParameterException e) { +            // This can not happen - AES/GCM/NoPadding is supported. +            throw new AssertionError(e); +        } +        byte[] encryptedBytes; +        try { +            encryptedBytes = cipher.doFinal(plaintext); +        } catch (BadPaddingException e) { +            // This can not happen - BadPaddingException can only be thrown in decrypt mode. +            throw new AssertionError("Impossible: threw BadPaddingException in encrypt mode."); +        } + +        return EncryptedChunk.create(/*key=*/ plaintextHash, nonce, encryptedBytes); +    } + +    private byte[] generateNonce() { +        byte[] nonce = new byte[GCM_NONCE_LENGTH_BYTES]; +        mSecureRandom.nextBytes(nonce); +        return nonce; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ChunkHasher.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ChunkHasher.java new file mode 100644 index 000000000000..02d498ccd726 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/ChunkHasher.java @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import com.android.server.backup.encryption.chunk.ChunkHash; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; + +import javax.crypto.Mac; +import javax.crypto.SecretKey; + +/** Computes the SHA-256 HMAC of a chunk of bytes. */ +public class ChunkHasher { +    private static final String MAC_ALGORITHM = "HmacSHA256"; + +    private final SecretKey mSecretKey; + +    /** Constructs a new hasher which computes the HMAC using the given secret key. */ +    public ChunkHasher(SecretKey secretKey) { +        this.mSecretKey = secretKey; +    } + +    /** Returns the SHA-256 over the given bytes. */ +    public ChunkHash computeHash(byte[] plaintext) throws InvalidKeyException { +        try { +            Mac mac = Mac.getInstance(MAC_ALGORITHM); +            mac.init(mSecretKey); +            return new ChunkHash(mac.doFinal(plaintext)); +        } catch (NoSuchAlgorithmException e) { +            // This can not happen - AES/GCM/NoPadding is available as part of the framework. +            throw new AssertionError(e); +        } +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/Chunker.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/Chunker.java new file mode 100644 index 000000000000..c9a6293ed060 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/Chunker.java @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; + +/** Splits an input stream into chunks, which are to be encrypted separately. */ +public interface Chunker { +    /** +     * Splits the input stream into chunks. +     * +     * @param inputStream The input stream. +     * @param chunkConsumer A function that processes each chunk as it is produced. +     * @throws IOException If there is a problem reading the input stream. +     * @throws GeneralSecurityException if the consumer function throws an error. +     */ +    void chunkify(InputStream inputStream, ChunkConsumer chunkConsumer) +            throws IOException, GeneralSecurityException; + +    /** Function that consumes chunks. */ +    interface ChunkConsumer { +        /** +         * Invoked for each chunk. +         * +         * @param chunk Plaintext bytes of chunk. +         * @throws GeneralSecurityException if there is an issue encrypting the chunk. +         */ +        void accept(byte[] chunk) throws GeneralSecurityException; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DecryptedChunkFileOutput.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DecryptedChunkFileOutput.java new file mode 100644 index 000000000000..ae2e150de4bc --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DecryptedChunkFileOutput.java @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import static com.android.internal.util.Preconditions.checkState; + +import android.annotation.Nullable; + +import com.android.internal.annotations.VisibleForTesting; +import com.android.server.backup.encryption.tasks.DecryptedChunkOutput; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +/** Writes plaintext chunks to a file, building a digest of the plaintext of the resulting file. */ +public class DecryptedChunkFileOutput implements DecryptedChunkOutput { +    @VisibleForTesting static final String DIGEST_ALGORITHM = "SHA-256"; + +    private final File mOutputFile; +    private final MessageDigest mMessageDigest; +    @Nullable private FileOutputStream mFileOutputStream; +    private boolean mClosed; +    @Nullable private byte[] mDigest; + +    /** +     * Constructs a new instance which writes chunks to the given file and uses the default message +     * digest algorithm. +     */ +    public DecryptedChunkFileOutput(File outputFile) { +        mOutputFile = outputFile; +        try { +            mMessageDigest = MessageDigest.getInstance(DIGEST_ALGORITHM); +        } catch (NoSuchAlgorithmException e) { +            throw new AssertionError( +                    "Impossible condition: JCE thinks it does not support AES.", e); +        } +    } + +    @Override +    public DecryptedChunkOutput open() throws IOException { +        checkState(mFileOutputStream == null, "Cannot open twice"); +        mFileOutputStream = new FileOutputStream(mOutputFile); +        return this; +    } + +    @Override +    public void processChunk(byte[] plaintextBuffer, int length) throws IOException { +        checkState(mFileOutputStream != null, "Must open before processing chunks"); +        mFileOutputStream.write(plaintextBuffer, /*off=*/ 0, length); +        mMessageDigest.update(plaintextBuffer, /*offset=*/ 0, length); +    } + +    @Override +    public byte[] getDigest() { +        checkState(mClosed, "Must close before getting mDigest"); + +        // After the first call to mDigest() the MessageDigest is reset, thus we must store the +        // result. +        if (mDigest == null) { +            mDigest = mMessageDigest.digest(); +        } +        return mDigest; +    } + +    @Override +    public void close() throws IOException { +        mFileOutputStream.close(); +        mClosed = true; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DiffScriptBackupWriter.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DiffScriptBackupWriter.java new file mode 100644 index 000000000000..69fb5cbf606d --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DiffScriptBackupWriter.java @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import com.android.internal.annotations.VisibleForTesting; + +import java.io.IOException; +import java.io.OutputStream; + +/** Writes backup data to a diff script, using a {@link SingleStreamDiffScriptWriter}. */ +public class DiffScriptBackupWriter implements BackupWriter { +    /** +     * The maximum size of a chunk in the diff script. The diff script writer {@code mWriter} will +     * buffer this many bytes in memory. +     */ +    private static final int ENCRYPTION_DIFF_SCRIPT_MAX_CHUNK_SIZE_BYTES = 1024 * 1024; + +    private final SingleStreamDiffScriptWriter mWriter; +    private long mBytesWritten; + +    /** +     * Constructs a new writer which writes the diff script to the given output stream, using the +     * maximum new chunk size {@code ENCRYPTION_DIFF_SCRIPT_MAX_CHUNK_SIZE_BYTES}. +     */ +    public static DiffScriptBackupWriter newInstance(OutputStream outputStream) { +        SingleStreamDiffScriptWriter writer = +                new SingleStreamDiffScriptWriter( +                        outputStream, ENCRYPTION_DIFF_SCRIPT_MAX_CHUNK_SIZE_BYTES); +        return new DiffScriptBackupWriter(writer); +    } + +    @VisibleForTesting +    DiffScriptBackupWriter(SingleStreamDiffScriptWriter writer) { +        mWriter = writer; +    } + +    @Override +    public void writeBytes(byte[] bytes) throws IOException { +        for (byte b : bytes) { +            mWriter.writeByte(b); +        } + +        mBytesWritten += bytes.length; +    } + +    @Override +    public void writeChunk(long start, int length) throws IOException { +        mWriter.writeChunk(start, length); +        mBytesWritten += length; +    } + +    @Override +    public long getBytesWritten() { +        return mBytesWritten; +    } + +    @Override +    public void flush() throws IOException { +        mWriter.flush(); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DiffScriptWriter.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DiffScriptWriter.java new file mode 100644 index 000000000000..49d15712d4cc --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/DiffScriptWriter.java @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import java.io.IOException; +import java.io.OutputStream; + +/** Writer that formats a Diff Script and writes it to an output source. */ +interface DiffScriptWriter { +    /** Adds a new byte to the diff script. */ +    void writeByte(byte b) throws IOException; + +    /** Adds a known chunk to the diff script. */ +    void writeChunk(long chunkStart, int chunkLength) throws IOException; + +    /** Indicates that no more bytes or chunks will be added to the diff script. */ +    void flush() throws IOException; + +    interface Factory { +        DiffScriptWriter create(OutputStream outputStream); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/EncryptedChunk.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/EncryptedChunk.java new file mode 100644 index 000000000000..cde59fa189de --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/EncryptedChunk.java @@ -0,0 +1,92 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import com.android.internal.util.Preconditions; +import com.android.server.backup.encryption.chunk.ChunkHash; + +import java.util.Arrays; +import java.util.Objects; + +/** + * A chunk of a file encrypted using AES/GCM. + * + * <p>TODO(b/116575321): After all code is ported, remove the factory method and rename + * encryptedBytes(), key() and nonce(). + */ +public class EncryptedChunk { +    public static final int KEY_LENGTH_BYTES = ChunkHash.HASH_LENGTH_BYTES; +    public static final int NONCE_LENGTH_BYTES = 12; + +    /** +     * Constructs a new instance with the given key, nonce, and encrypted bytes. +     * +     * @param key SHA-256 Hmac of the chunk plaintext. +     * @param nonce Nonce with which the bytes of the chunk were encrypted. +     * @param encryptedBytes Encrypted bytes of the chunk. +     */ +    public static EncryptedChunk create(ChunkHash key, byte[] nonce, byte[] encryptedBytes) { +        Preconditions.checkArgument( +                nonce.length == NONCE_LENGTH_BYTES, "Nonce does not have the correct length."); +        return new EncryptedChunk(key, nonce, encryptedBytes); +    } + +    private ChunkHash mKey; +    private byte[] mNonce; +    private byte[] mEncryptedBytes; + +    private EncryptedChunk(ChunkHash key, byte[] nonce, byte[] encryptedBytes) { +        mKey = key; +        mNonce = nonce; +        mEncryptedBytes = encryptedBytes; +    } + +    /** The SHA-256 Hmac of the plaintext bytes of the chunk. */ +    public ChunkHash key() { +        return mKey; +    } + +    /** The nonce with which the chunk was encrypted. */ +    public byte[] nonce() { +        return mNonce; +    } + +    /** The encrypted bytes of the chunk. */ +    public byte[] encryptedBytes() { +        return mEncryptedBytes; +    } + +    @Override +    public boolean equals(Object o) { +        if (this == o) { +            return true; +        } +        if (!(o instanceof EncryptedChunk)) { +            return false; +        } + +        EncryptedChunk encryptedChunkOrdering = (EncryptedChunk) o; +        return Arrays.equals(mEncryptedBytes, encryptedChunkOrdering.mEncryptedBytes) +                && Arrays.equals(mNonce, encryptedChunkOrdering.mNonce) +                && mKey.equals(encryptedChunkOrdering.mKey); +    } + +    @Override +    public int hashCode() { +        return Objects.hash(mKey, Arrays.hashCode(mNonce), Arrays.hashCode(mEncryptedBytes)); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/EncryptedChunkEncoder.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/EncryptedChunkEncoder.java new file mode 100644 index 000000000000..16beda32af17 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/EncryptedChunkEncoder.java @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import com.android.server.backup.encryption.chunk.ChunkOrderingType; + +import java.io.IOException; + +/** Encodes an {@link EncryptedChunk} as bytes to write to the encrypted backup file. */ +public interface EncryptedChunkEncoder { +    /** +     * Encodes the given chunk and asks the writer to write it. +     * +     * <p>The chunk will be encoded in the format [nonce]+[encrypted data]. +     * +     * <p>TODO(b/116575321): Choose a more descriptive method name after the code move is done. +     */ +    void writeChunkToWriter(BackupWriter writer, EncryptedChunk chunk) throws IOException; + +    /** +     * Returns the length in bytes that this chunk would be if encoded with {@link +     * #writeChunkToWriter}. +     */ +    int getEncodedLengthOfChunk(EncryptedChunk chunk); + +    /** +     * Returns the {@link ChunkOrderingType} that must be included in the backup file, when using +     * this decoder, so that the file may be correctly decoded. +     */ +    @ChunkOrderingType +    int getChunkOrderingType(); +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/InlineLengthsEncryptedChunkEncoder.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/InlineLengthsEncryptedChunkEncoder.java new file mode 100644 index 000000000000..7b38dd4a1dc3 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/InlineLengthsEncryptedChunkEncoder.java @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import com.android.server.backup.encryption.chunk.ChunkOrderingType; +import com.android.server.backup.encryption.chunk.ChunksMetadataProto; + +import java.io.IOException; + +/** + * Encodes an {@link EncryptedChunk} as bytes, prepending the length of the chunk. + * + * <p>This allows us to decode the backup file during restore without any extra information about + * the boundaries of the chunks. The backup file should contain a chunk ordering in mode {@link + * ChunksMetadataProto#INLINE_LENGTHS}. + * + * <p>We use this implementation during key value backup. + */ +public class InlineLengthsEncryptedChunkEncoder implements EncryptedChunkEncoder { +    public static final int BYTES_LENGTH = Integer.SIZE / Byte.SIZE; + +    private final LengthlessEncryptedChunkEncoder mLengthlessEncryptedChunkEncoder = +            new LengthlessEncryptedChunkEncoder(); + +    @Override +    public void writeChunkToWriter(BackupWriter writer, EncryptedChunk chunk) throws IOException { +        int length = mLengthlessEncryptedChunkEncoder.getEncodedLengthOfChunk(chunk); +        writer.writeBytes(toByteArray(length)); +        mLengthlessEncryptedChunkEncoder.writeChunkToWriter(writer, chunk); +    } + +    @Override +    public int getEncodedLengthOfChunk(EncryptedChunk chunk) { +        return BYTES_LENGTH + mLengthlessEncryptedChunkEncoder.getEncodedLengthOfChunk(chunk); +    } + +    @Override +    @ChunkOrderingType +    public int getChunkOrderingType() { +        return ChunksMetadataProto.INLINE_LENGTHS; +    } + +    /** +     * Returns a big-endian representation of {@code value} in a 4-element byte array; equivalent to +     * {@code ByteBuffer.allocate(4).putInt(value).array()}. For example, the input value {@code +     * 0x12131415} would yield the byte array {@code {0x12, 0x13, 0x14, 0x15}}. +     * +     * <p>Equivalent to guava's Ints.toByteArray. +     */ +    static byte[] toByteArray(int value) { +        return new byte[] { +            (byte) (value >> 24), (byte) (value >> 16), (byte) (value >> 8), (byte) value +        }; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/LengthlessEncryptedChunkEncoder.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/LengthlessEncryptedChunkEncoder.java new file mode 100644 index 000000000000..567f75d59513 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/LengthlessEncryptedChunkEncoder.java @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import com.android.server.backup.encryption.chunk.ChunkOrderingType; +import com.android.server.backup.encryption.chunk.ChunksMetadataProto; + +import java.io.IOException; + +/** + * Encodes an {@link EncryptedChunk} as bytes without including any information about the length of + * the chunk. + * + * <p>In order for us to decode the backup file during restore it must include a chunk ordering in + * mode {@link ChunksMetadataProto#EXPLICIT_STARTS}, which contains the boundaries of the chunks in + * the encrypted file. This information allows us to decode the backup file and divide it into + * chunks without including the length of each chunk inline. + * + * <p>We use this implementation during full backup. + */ +public class LengthlessEncryptedChunkEncoder implements EncryptedChunkEncoder { +    @Override +    public void writeChunkToWriter(BackupWriter writer, EncryptedChunk chunk) throws IOException { +        writer.writeBytes(chunk.nonce()); +        writer.writeBytes(chunk.encryptedBytes()); +    } + +    @Override +    public int getEncodedLengthOfChunk(EncryptedChunk chunk) { +        return chunk.nonce().length + chunk.encryptedBytes().length; +    } + +    @Override +    @ChunkOrderingType +    public int getChunkOrderingType() { +        return ChunksMetadataProto.EXPLICIT_STARTS; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/OutputStreamWrapper.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/OutputStreamWrapper.java new file mode 100644 index 000000000000..4aea60121810 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/OutputStreamWrapper.java @@ -0,0 +1,25 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import java.io.OutputStream; + +/** An interface that wraps one {@link OutputStream} with another for filtration purposes. */ +public interface OutputStreamWrapper { +    /** Wraps a given {@link OutputStream}. */ +    OutputStream wrap(OutputStream outputStream); +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/RawBackupWriter.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/RawBackupWriter.java new file mode 100644 index 000000000000..b211b0fc9470 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/RawBackupWriter.java @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import java.io.IOException; +import java.io.OutputStream; + +/** Writes data straight to an output stream. */ +public class RawBackupWriter implements BackupWriter { +    private final OutputStream mOutputStream; +    private long mBytesWritten; + +    /** Constructs a new writer which writes bytes to the given output stream. */ +    public RawBackupWriter(OutputStream outputStream) { +        this.mOutputStream = outputStream; +    } + +    @Override +    public void writeBytes(byte[] bytes) throws IOException { +        mOutputStream.write(bytes); +        mBytesWritten += bytes.length; +    } + +    @Override +    public void writeChunk(long start, int length) throws IOException { +        throw new UnsupportedOperationException("RawBackupWriter cannot write existing chunks"); +    } + +    @Override +    public long getBytesWritten() { +        return mBytesWritten; +    } + +    @Override +    public void flush() throws IOException { +        mOutputStream.flush(); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/SingleStreamDiffScriptWriter.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/SingleStreamDiffScriptWriter.java new file mode 100644 index 000000000000..0e4bd58345d5 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/SingleStreamDiffScriptWriter.java @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking; + +import android.annotation.Nullable; + +import com.android.internal.util.Preconditions; + +import java.io.IOException; +import java.io.OutputStream; +import java.nio.charset.Charset; +import java.util.Locale; + +/** + * A {@link DiffScriptWriter} that writes an entire diff script to a single {@link OutputStream}. + */ +public class SingleStreamDiffScriptWriter implements DiffScriptWriter { +    static final byte LINE_SEPARATOR = 0xA; +    private static final Charset UTF_8 = Charset.forName("UTF-8"); + +    private final int mMaxNewByteChunkSize; +    private final OutputStream mOutputStream; +    private final byte[] mByteBuffer; +    private int mBufferSize = 0; +    // Each chunk could be written immediately to the output stream. However, +    // it is possible that chunks may overlap. We therefore cache the most recent +    // reusable chunk and try to merge it with future chunks. +    private ByteRange mReusableChunk; + +    public SingleStreamDiffScriptWriter(OutputStream outputStream, int maxNewByteChunkSize) { +        mOutputStream = outputStream; +        mMaxNewByteChunkSize = maxNewByteChunkSize; +        mByteBuffer = new byte[maxNewByteChunkSize]; +    } + +    @Override +    public void writeByte(byte b) throws IOException { +        if (mReusableChunk != null) { +            writeReusableChunk(); +        } +        mByteBuffer[mBufferSize++] = b; +        if (mBufferSize == mMaxNewByteChunkSize) { +            writeByteBuffer(); +        } +    } + +    @Override +    public void writeChunk(long chunkStart, int chunkLength) throws IOException { +        Preconditions.checkArgument(chunkStart >= 0); +        Preconditions.checkArgument(chunkLength > 0); +        if (mBufferSize != 0) { +            writeByteBuffer(); +        } + +        if (mReusableChunk != null && mReusableChunk.getEnd() + 1 == chunkStart) { +            // The new chunk overlaps the old, so combine them into a single byte range. +            mReusableChunk = mReusableChunk.extend(chunkLength); +        } else { +            writeReusableChunk(); +            mReusableChunk = new ByteRange(chunkStart, chunkStart + chunkLength - 1); +        } +    } + +    @Override +    public void flush() throws IOException { +        Preconditions.checkState(!(mBufferSize != 0 && mReusableChunk != null)); +        if (mBufferSize != 0) { +            writeByteBuffer(); +        } +        if (mReusableChunk != null) { +            writeReusableChunk(); +        } +        mOutputStream.flush(); +    } + +    private void writeByteBuffer() throws IOException { +        mOutputStream.write(Integer.toString(mBufferSize).getBytes(UTF_8)); +        mOutputStream.write(LINE_SEPARATOR); +        mOutputStream.write(mByteBuffer, 0, mBufferSize); +        mOutputStream.write(LINE_SEPARATOR); +        mBufferSize = 0; +    } + +    private void writeReusableChunk() throws IOException { +        if (mReusableChunk != null) { +            mOutputStream.write( +                    String.format( +                                    Locale.US, +                                    "%d-%d", +                                    mReusableChunk.getStart(), +                                    mReusableChunk.getEnd()) +                            .getBytes(UTF_8)); +            mOutputStream.write(LINE_SEPARATOR); +            mReusableChunk = null; +        } +    } + +    /** A factory that creates {@link SingleStreamDiffScriptWriter}s. */ +    public static class Factory implements DiffScriptWriter.Factory { +        private final int mMaxNewByteChunkSize; +        private final OutputStreamWrapper mOutputStreamWrapper; + +        public Factory(int maxNewByteChunkSize, @Nullable OutputStreamWrapper outputStreamWrapper) { +            mMaxNewByteChunkSize = maxNewByteChunkSize; +            mOutputStreamWrapper = outputStreamWrapper; +        } + +        @Override +        public SingleStreamDiffScriptWriter create(OutputStream outputStream) { +            if (mOutputStreamWrapper != null) { +                outputStream = mOutputStreamWrapper.wrap(outputStream); +            } +            return new SingleStreamDiffScriptWriter(outputStream, mMaxNewByteChunkSize); +        } +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/ContentDefinedChunker.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/ContentDefinedChunker.java new file mode 100644 index 000000000000..18011f620b24 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/ContentDefinedChunker.java @@ -0,0 +1,136 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking.cdc; + +import static com.android.internal.util.Preconditions.checkArgument; + +import com.android.server.backup.encryption.chunking.Chunker; + +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.util.Arrays; + +/** Splits a stream of bytes into variable-sized chunks, using content-defined chunking. */ +public class ContentDefinedChunker implements Chunker { +    private static final int WINDOW_SIZE = 31; +    private static final byte DEFAULT_OUT_BYTE = (byte) 0; + +    private final byte[] mChunkBuffer; +    private final RabinFingerprint64 mRabinFingerprint64; +    private final FingerprintMixer mFingerprintMixer; +    private final BreakpointPredicate mBreakpointPredicate; +    private final int mMinChunkSize; +    private final int mMaxChunkSize; + +    /** +     * Constructor. +     * +     * @param minChunkSize The minimum size of a chunk. No chunk will be produced of a size smaller +     *     than this except possibly at the very end of the stream. +     * @param maxChunkSize The maximum size of a chunk. No chunk will be produced of a larger size. +     * @param rabinFingerprint64 Calculates fingerprints, with which to determine breakpoints. +     * @param breakpointPredicate Given a Rabin fingerprint, returns whether this ought to be a +     *     breakpoint. +     */ +    public ContentDefinedChunker( +            int minChunkSize, +            int maxChunkSize, +            RabinFingerprint64 rabinFingerprint64, +            FingerprintMixer fingerprintMixer, +            BreakpointPredicate breakpointPredicate) { +        checkArgument( +                minChunkSize >= WINDOW_SIZE, +                "Minimum chunk size must be greater than window size."); +        checkArgument( +                maxChunkSize >= minChunkSize, +                "Maximum chunk size cannot be smaller than minimum chunk size."); +        mChunkBuffer = new byte[maxChunkSize]; +        mRabinFingerprint64 = rabinFingerprint64; +        mBreakpointPredicate = breakpointPredicate; +        mFingerprintMixer = fingerprintMixer; +        mMinChunkSize = minChunkSize; +        mMaxChunkSize = maxChunkSize; +    } + +    /** +     * Breaks the input stream into variable-sized chunks. +     * +     * @param inputStream The input bytes to break into chunks. +     * @param chunkConsumer A function to process each chunk as it's generated. +     * @throws IOException Thrown if there is an issue reading from the input stream. +     * @throws GeneralSecurityException Thrown if the {@link ChunkConsumer} throws it. +     */ +    @Override +    public void chunkify(InputStream inputStream, ChunkConsumer chunkConsumer) +            throws IOException, GeneralSecurityException { +        int chunkLength; +        int initialReadLength = mMinChunkSize - WINDOW_SIZE; + +        // Performance optimization - there is no reason to calculate fingerprints for windows +        // ending before the minimum chunk size. +        while ((chunkLength = +                        inputStream.read(mChunkBuffer, /*off=*/ 0, /*len=*/ initialReadLength)) +                != -1) { +            int b; +            long fingerprint = 0L; + +            while ((b = inputStream.read()) != -1) { +                byte inByte = (byte) b; +                byte outByte = getCurrentWindowStartByte(chunkLength); +                mChunkBuffer[chunkLength++] = inByte; + +                fingerprint = +                        mRabinFingerprint64.computeFingerprint64(inByte, outByte, fingerprint); + +                if (chunkLength >= mMaxChunkSize +                        || (chunkLength >= mMinChunkSize +                                && mBreakpointPredicate.isBreakpoint( +                                        mFingerprintMixer.mix(fingerprint)))) { +                    chunkConsumer.accept(Arrays.copyOf(mChunkBuffer, chunkLength)); +                    chunkLength = 0; +                    break; +                } +            } + +            if (chunkLength > 0) { +                chunkConsumer.accept(Arrays.copyOf(mChunkBuffer, chunkLength)); +            } +        } +    } + +    private byte getCurrentWindowStartByte(int chunkLength) { +        if (chunkLength < mMinChunkSize) { +            return DEFAULT_OUT_BYTE; +        } else { +            return mChunkBuffer[chunkLength - WINDOW_SIZE]; +        } +    } + +    /** Whether the current fingerprint indicates the end of a chunk. */ +    public interface BreakpointPredicate { + +        /** +         * Returns {@code true} if the fingerprint of the last {@code WINDOW_SIZE} bytes indicates +         * the chunk ought to end at this position. +         * +         * @param fingerprint Fingerprint of the last {@code WINDOW_SIZE} bytes. +         * @return Whether this ought to be a chunk breakpoint. +         */ +        boolean isBreakpoint(long fingerprint); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/FingerprintMixer.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/FingerprintMixer.java new file mode 100644 index 000000000000..e9f30505c112 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/FingerprintMixer.java @@ -0,0 +1,95 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking.cdc; + +import static com.android.internal.util.Preconditions.checkArgument; + +import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; +import java.security.InvalidKeyException; + +import javax.crypto.SecretKey; + +/** + * Helper for mixing fingerprint with key material. + * + * <p>We do this as otherwise the Rabin fingerprint leaks information about the plaintext. i.e., if + * two users have the same file, it will be partitioned by Rabin in the same way, allowing us to + * infer that it is the same as another user's file. + * + * <p>By mixing the fingerprint with the user's secret key, the chunking method is different on a + * per key basis. Each application has its own {@link SecretKey}, so we cannot infer that a file is + * the same even across multiple applications owned by the same user, never mind across multiple + * users. + * + * <p>Instead of directly mixing the fingerprint with the user's secret, we first securely and + * deterministically derive a secondary chunking key. As Rabin is not a cryptographically secure + * hash, it might otherwise leak information about the user's secret. This prevents that from + * happening. + */ +public class FingerprintMixer { +    public static final int SALT_LENGTH_BYTES = 256 / Byte.SIZE; +    private static final String DERIVED_KEY_NAME = "RabinFingerprint64Mixer"; + +    private final long mAddend; +    private final long mMultiplicand; + +    /** +     * A new instance from a given secret key and salt. Salt must be the same across incremental +     * backups, or a different chunking strategy will be used each time, defeating the dedup. +     * +     * @param secretKey The application-specific secret. +     * @param salt The salt. +     * @throws InvalidKeyException If the encoded form of {@code secretKey} is inaccessible. +     */ +    public FingerprintMixer(SecretKey secretKey, byte[] salt) throws InvalidKeyException { +        checkArgument(salt.length == SALT_LENGTH_BYTES, "Requires a 256-bit salt."); +        byte[] keyBytes = secretKey.getEncoded(); +        if (keyBytes == null) { +            throw new InvalidKeyException("SecretKey must support encoding for FingerprintMixer."); +        } +        byte[] derivedKey = +                Hkdf.hkdf(keyBytes, salt, DERIVED_KEY_NAME.getBytes(StandardCharsets.UTF_8)); +        ByteBuffer buffer = ByteBuffer.wrap(derivedKey); +        mAddend = buffer.getLong(); +        // Multiplicand must be odd - otherwise we lose some bits of the Rabin fingerprint when +        // mixing +        mMultiplicand = buffer.getLong() | 1; +    } + +    /** +     * Mixes the fingerprint with the derived key material. This is performed by adding part of the +     * derived key and multiplying by another part of the derived key (which is forced to be odd, so +     * that the operation is reversible). +     * +     * @param fingerprint A 64-bit Rabin fingerprint. +     * @return The mixed fingerprint. +     */ +    long mix(long fingerprint) { +        return ((fingerprint + mAddend) * mMultiplicand); +    } + +    /** The addend part of the derived key. */ +    long getAddend() { +        return mAddend; +    } + +    /** The multiplicand part of the derived key. */ +    long getMultiplicand() { +        return mMultiplicand; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/Hkdf.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/Hkdf.java new file mode 100644 index 000000000000..6f4f549ab2d7 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/Hkdf.java @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking.cdc; + +import static com.android.internal.util.Preconditions.checkNotNull; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; + +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; + +/** + * Secure HKDF utils. Allows client to deterministically derive additional key material from a base + * secret. If the derived key material is compromised, this does not in of itself compromise the + * root secret. + * + * <p>TODO(b/116575321): After all code is ported, rename this class to HkdfUtils. + */ +public final class Hkdf { +    private static final byte[] CONSTANT_01 = {0x01}; +    private static final String HmacSHA256 = "HmacSHA256"; +    private static final String AES = "AES"; + +    /** +     * Implements HKDF (RFC 5869) with the SHA-256 hash and a 256-bit output key length. +     * +     * <p>IMPORTANT: The use or edit of this method requires a security review. +     * +     * @param masterKey Master key from which to derive sub-keys. +     * @param salt A randomly generated 256-bit byte string. +     * @param data Arbitrary information that is bound to the derived key (i.e., used in its +     *     creation). +     * @return Raw derived key bytes = HKDF-SHA256(masterKey, salt, data). +     * @throws InvalidKeyException If the salt can not be used as a valid key. +     */ +    static byte[] hkdf(byte[] masterKey, byte[] salt, byte[] data) throws InvalidKeyException { +        checkNotNull(masterKey, "HKDF requires master key to be set."); +        checkNotNull(salt, "HKDF requires a salt."); +        checkNotNull(data, "No data provided to HKDF."); +        return hkdfSha256Expand(hkdfSha256Extract(masterKey, salt), data); +    } + +    private Hkdf() {} + +    /** +     * The HKDF (RFC 5869) extraction function, using the SHA-256 hash function. This function is +     * used to pre-process the {@code inputKeyMaterial} and mix it with the {@code salt}, producing +     * output suitable for use with HKDF expansion function (which produces the actual derived key). +     * +     * <p>IMPORTANT: The use or edit of this method requires a security review. +     * +     * @see #hkdfSha256Expand(byte[], byte[]) +     * @return HMAC-SHA256(salt, inputKeyMaterial) (salt is the "key" for the HMAC) +     * @throws InvalidKeyException If the salt can not be used as a valid key. +     */ +    private static byte[] hkdfSha256Extract(byte[] inputKeyMaterial, byte[] salt) +            throws InvalidKeyException { +        // Note that the SecretKey encoding format is defined to be RAW, so the encoded form should +        // be consistent across implementations. +        Mac sha256; +        try { +            sha256 = Mac.getInstance(HmacSHA256); +        } catch (NoSuchAlgorithmException e) { +            // This can not happen - HmacSHA256 is supported by the platform. +            throw new AssertionError(e); +        } +        sha256.init(new SecretKeySpec(salt, AES)); + +        return sha256.doFinal(inputKeyMaterial); +    } + +    /** +     * Special case of HKDF (RFC 5869) expansion function, using the SHA-256 hash function and +     * allowing for a maximum output length of 256 bits. +     * +     * <p>IMPORTANT: The use or edit of this method requires a security review. +     * +     * @param pseudoRandomKey Generated by {@link #hkdfSha256Extract(byte[], byte[])}. +     * @param info Arbitrary information the derived key should be bound to. +     * @return Raw derived key bytes = HMAC-SHA256(pseudoRandomKey, info | 0x01). +     * @throws InvalidKeyException If the salt can not be used as a valid key. +     */ +    private static byte[] hkdfSha256Expand(byte[] pseudoRandomKey, byte[] info) +            throws InvalidKeyException { +        // Note that RFC 5869 computes number of blocks N = ceil(hash length / output length), but +        // here we only deal with a 256 bit hash up to a 256 bit output, yielding N=1. +        Mac sha256; +        try { +            sha256 = Mac.getInstance(HmacSHA256); +        } catch (NoSuchAlgorithmException e) { +            // This can not happen - HmacSHA256 is supported by the platform. +            throw new AssertionError(e); +        } +        sha256.init(new SecretKeySpec(pseudoRandomKey, AES)); + +        sha256.update(info); +        sha256.update(CONSTANT_01); +        return sha256.doFinal(); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/IsChunkBreakpoint.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/IsChunkBreakpoint.java new file mode 100644 index 000000000000..e867e7c1b801 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/IsChunkBreakpoint.java @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking.cdc; + +import static com.android.internal.util.Preconditions.checkArgument; + +import com.android.server.backup.encryption.chunking.cdc.ContentDefinedChunker.BreakpointPredicate; + +/** + * Function to determine whether a 64-bit fingerprint ought to be a chunk breakpoint. + * + * <p>This works by checking whether there are at least n leading zeros in the fingerprint. n is + * calculated to on average cause a breakpoint after a given number of trials (provided in the + * constructor). This allows us to choose a number of trials that gives a desired average chunk + * size. This works because the fingerprint is pseudo-randomly distributed. + */ +public class IsChunkBreakpoint implements BreakpointPredicate { +    private final int mLeadingZeros; +    private final long mBitmask; + +    /** +     * A new instance that causes a breakpoint after a given number of trials on average. +     * +     * @param averageNumberOfTrialsUntilBreakpoint The number of trials after which on average to +     *     create a new chunk. If this is not a power of 2, some precision is sacrificed (i.e., on +     *     average, breaks will actually happen after the nearest power of 2 to the average number +     *     of trials passed in). +     */ +    public IsChunkBreakpoint(long averageNumberOfTrialsUntilBreakpoint) { +        checkArgument( +                averageNumberOfTrialsUntilBreakpoint >= 0, +                "Average number of trials must be non-negative"); + +        // Want n leading zeros after t trials. +        // P(leading zeros = n) = 1/2^n +        // Expected num trials to get n leading zeros = 1/2^-n +        // t = 1/2^-n +        // n = log2(t) +        mLeadingZeros = (int) Math.round(log2(averageNumberOfTrialsUntilBreakpoint)); +        mBitmask = ~(~0L >>> mLeadingZeros); +    } + +    /** +     * Returns {@code true} if {@code fingerprint} indicates that there should be a chunk +     * breakpoint. +     */ +    @Override +    public boolean isBreakpoint(long fingerprint) { +        return (fingerprint & mBitmask) == 0; +    } + +    /** Returns the number of leading zeros in the fingerprint that causes a breakpoint. */ +    public int getLeadingZeros() { +        return mLeadingZeros; +    } + +    /** +     * Calculates log base 2 of x. Not the most efficient possible implementation, but it's simple, +     * obviously correct, and is only invoked on object construction. +     */ +    private static double log2(double x) { +        return Math.log(x) / Math.log(2); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/RabinFingerprint64.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/RabinFingerprint64.java new file mode 100644 index 000000000000..1e14ffa5ad77 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/chunking/cdc/RabinFingerprint64.java @@ -0,0 +1,113 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.chunking.cdc; + +/** Helper to calculate a 64-bit Rabin fingerprint over a 31-byte window. */ +public class RabinFingerprint64 { +    private static final long DEFAULT_IRREDUCIBLE_POLYNOMIAL_64 = 0x000000000000001BL; +    private static final int POLYNOMIAL_DEGREE = 64; +    private static final int SLIDING_WINDOW_SIZE_BYTES = 31; + +    private final long mPoly64; +    // Auxiliary tables to speed up the computation of Rabin fingerprints. +    private final long[] mTableFP64 = new long[256]; +    private final long[] mTableOutByte = new long[256]; + +    /** +     * Constructs a new instance over the given irreducible 64-degree polynomial. It is up to the +     * caller to determine that the polynomial is irreducible. If it is not the fingerprinting will +     * not behave as expected. +     * +     * @param poly64 The polynomial. +     */ +    public RabinFingerprint64(long poly64) { +        mPoly64 = poly64; +    } + +    /** Constructs a new instance using {@code x^64 + x^4 + x + 1} as the irreducible polynomial. */ +    public RabinFingerprint64() { +        this(DEFAULT_IRREDUCIBLE_POLYNOMIAL_64); +        computeFingerprintTables64(); +        computeFingerprintTables64Windowed(); +    } + +    /** +     * Computes the fingerprint for the new sliding window given the fingerprint of the previous +     * sliding window, the byte sliding in, and the byte sliding out. +     * +     * @param inChar The new char coming into the sliding window. +     * @param outChar The left most char sliding out of the window. +     * @param fingerPrint Fingerprint for previous window. +     * @return New fingerprint for the new sliding window. +     */ +    public long computeFingerprint64(byte inChar, byte outChar, long fingerPrint) { +        return (fingerPrint << 8) +                ^ (inChar & 0xFF) +                ^ mTableFP64[(int) (fingerPrint >>> 56)] +                ^ mTableOutByte[outChar & 0xFF]; +    } + +    /** Compute auxiliary tables to speed up the fingerprint computation. */ +    private void computeFingerprintTables64() { +        long[] degreesRes64 = new long[POLYNOMIAL_DEGREE]; +        degreesRes64[0] = mPoly64; +        for (int i = 1; i < POLYNOMIAL_DEGREE; i++) { +            if ((degreesRes64[i - 1] & (1L << 63)) == 0) { +                degreesRes64[i] = degreesRes64[i - 1] << 1; +            } else { +                degreesRes64[i] = (degreesRes64[i - 1] << 1) ^ mPoly64; +            } +        } +        for (int i = 0; i < 256; i++) { +            int currIndex = i; +            for (int j = 0; (currIndex > 0) && (j < 8); j++) { +                if ((currIndex & 0x1) == 1) { +                    mTableFP64[i] ^= degreesRes64[j]; +                } +                currIndex >>>= 1; +            } +        } +    } + +    /** +     * Compute auxiliary table {@code mTableOutByte} to facilitate the computing of fingerprints for +     * sliding windows. This table is to take care of the effect on the fingerprint when the +     * leftmost byte in the window slides out. +     */ +    private void computeFingerprintTables64Windowed() { +        // Auxiliary array degsRes64[8] defined by: <code>degsRes64[i] = x^(8 * +        // SLIDING_WINDOW_SIZE_BYTES + i) mod this.mPoly64.</code> +        long[] degsRes64 = new long[8]; +        degsRes64[0] = mPoly64; +        for (int i = 65; i < 8 * (SLIDING_WINDOW_SIZE_BYTES + 1); i++) { +            if ((degsRes64[(i - 1) % 8] & (1L << 63)) == 0) { +                degsRes64[i % 8] = degsRes64[(i - 1) % 8] << 1; +            } else { +                degsRes64[i % 8] = (degsRes64[(i - 1) % 8] << 1) ^ mPoly64; +            } +        } +        for (int i = 0; i < 256; i++) { +            int currIndex = i; +            for (int j = 0; (currIndex > 0) && (j < 8); j++) { +                if ((currIndex & 0x1) == 1) { +                    mTableOutByte[i] ^= degsRes64[j]; +                } +                currIndex >>>= 1; +            } +        } +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/RecoverableKeyStoreSecondaryKey.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/RecoverableKeyStoreSecondaryKey.java new file mode 100644 index 000000000000..f356b4f102e2 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/RecoverableKeyStoreSecondaryKey.java @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.keys; + +import static com.android.internal.util.Preconditions.checkNotNull; + +import android.annotation.IntDef; +import android.content.Context; +import android.security.keystore.recovery.InternalRecoveryServiceException; +import android.security.keystore.recovery.RecoveryController; +import android.util.Slog; + +import javax.crypto.SecretKey; + +/** + * Wraps a {@link RecoveryController}'s {@link SecretKey}. These are kept in "AndroidKeyStore" (a + * provider for {@link java.security.KeyStore} and {@link javax.crypto.KeyGenerator}. They are also + * synced with the recoverable key store, wrapped by the primary key. This allows them to be + * recovered on a user's subsequent device through providing their lock screen secret. + */ +public class RecoverableKeyStoreSecondaryKey { +    private static final String TAG = "RecoverableKeyStoreSecondaryKey"; + +    private final String mAlias; +    private final SecretKey mSecretKey; + +    /** +     * A new instance. +     * +     * @param alias The alias. It is keyed with this in AndroidKeyStore and the recoverable key +     *     store. +     * @param secretKey The key. +     */ +    public RecoverableKeyStoreSecondaryKey(String alias, SecretKey secretKey) { +        mAlias = checkNotNull(alias); +        mSecretKey = checkNotNull(secretKey); +    } + +    /** +     * The ID, as stored in the recoverable {@link java.security.KeyStore}, and as used to identify +     * wrapped tertiary keys on the backup server. +     */ +    public String getAlias() { +        return mAlias; +    } + +    /** The secret key, to be used to wrap tertiary keys. */ +    public SecretKey getSecretKey() { +        return mSecretKey; +    } + +    /** +     * The status of the key. i.e., whether it's been synced to remote trusted hardware. +     * +     * @param context The application context. +     * @return One of {@link Status#SYNCED}, {@link Status#NOT_SYNCED} or {@link Status#DESTROYED}. +     */ +    public @Status int getStatus(Context context) { +        try { +            return getStatusInternal(context); +        } catch (InternalRecoveryServiceException e) { +            Slog.wtf(TAG, "Internal error getting recovery status", e); +            // Return NOT_SYNCED by default, as we do not want the backups to fail or to repeatedly +            // attempt to reinitialize. +            return Status.NOT_SYNCED; +        } +    } + +    private @Status int getStatusInternal(Context context) throws InternalRecoveryServiceException { +        int status = RecoveryController.getInstance(context).getRecoveryStatus(mAlias); +        switch (status) { +            case RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE: +                return Status.DESTROYED; +            case RecoveryController.RECOVERY_STATUS_SYNCED: +                return Status.SYNCED; +            case RecoveryController.RECOVERY_STATUS_SYNC_IN_PROGRESS: +                return Status.NOT_SYNCED; +            default: +                // Throw an exception if we encounter a status that doesn't match any of the above. +                throw new InternalRecoveryServiceException( +                        "Unexpected status from getRecoveryStatus: " + status); +        } +    } + +    /** Status of a key in the recoverable key store. */ +    @IntDef({Status.NOT_SYNCED, Status.SYNCED, Status.DESTROYED}) +    public @interface Status { +        /** +         * The key has not yet been synced to remote trusted hardware. This may be because the user +         * has not yet unlocked their device. +         */ +        int NOT_SYNCED = 1; + +        /** +         * The key has been synced with remote trusted hardware. It should now be recoverable on +         * another device. +         */ +        int SYNCED = 2; + +        /** The key has been lost forever. This can occur if the user disables their lock screen. */ +        int DESTROYED = 3; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/RecoverableKeyStoreSecondaryKeyManager.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/RecoverableKeyStoreSecondaryKeyManager.java new file mode 100644 index 000000000000..c89076b9928f --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/RecoverableKeyStoreSecondaryKeyManager.java @@ -0,0 +1,120 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.keys; + +import android.content.Context; +import android.security.keystore.recovery.InternalRecoveryServiceException; +import android.security.keystore.recovery.LockScreenRequiredException; +import android.security.keystore.recovery.RecoveryController; + +import com.android.internal.annotations.VisibleForTesting; + +import libcore.util.HexEncoding; + +import java.security.SecureRandom; +import java.security.UnrecoverableKeyException; +import java.util.Optional; + +import javax.crypto.SecretKey; + +/** + * Manages generating, deleting, and retrieving secondary keys through {@link RecoveryController}. + * + * <p>The recoverable key store will be synced remotely via the {@link RecoveryController}, allowing + * recovery of keys on other devices owned by the user. + */ +public class RecoverableKeyStoreSecondaryKeyManager { +    private static final String BACKUP_KEY_ALIAS_PREFIX = +            "com.android.server.backup/recoverablekeystore/"; +    private static final int BACKUP_KEY_SUFFIX_LENGTH_BITS = 128; +    private static final int BITS_PER_BYTE = 8; + +    /** A new instance. */ +    public static RecoverableKeyStoreSecondaryKeyManager getInstance(Context context) { +        return new RecoverableKeyStoreSecondaryKeyManager( +                RecoveryController.getInstance(context), new SecureRandom()); +    } + +    private final RecoveryController mRecoveryController; +    private final SecureRandom mSecureRandom; + +    @VisibleForTesting +    public RecoverableKeyStoreSecondaryKeyManager( +            RecoveryController recoveryController, SecureRandom secureRandom) { +        mRecoveryController = recoveryController; +        mSecureRandom = secureRandom; +    } + +    /** +     * Generates a new recoverable key using the {@link RecoveryController}. +     * +     * @throws InternalRecoveryServiceException if an unexpected error occurred generating the key. +     * @throws LockScreenRequiredException if the user does not have a lock screen. A lock screen is +     *     required to generate a recoverable key. +     */ +    public RecoverableKeyStoreSecondaryKey generate() +            throws InternalRecoveryServiceException, LockScreenRequiredException, +                    UnrecoverableKeyException { +        String alias = generateId(); +        mRecoveryController.generateKey(alias); +        SecretKey key = (SecretKey) mRecoveryController.getKey(alias); +        if (key == null) { +            throw new InternalRecoveryServiceException( +                    String.format( +                            "Generated key %s but could not get it back immediately afterwards.", +                            alias)); +        } +        return new RecoverableKeyStoreSecondaryKey(alias, key); +    } + +    /** +     * Removes the secondary key. This means the key will no longer be recoverable. +     * +     * @param alias The alias of the key. +     * @throws InternalRecoveryServiceException if there was a {@link RecoveryController} error. +     */ +    public void remove(String alias) throws InternalRecoveryServiceException { +        mRecoveryController.removeKey(alias); +    } + +    /** +     * Returns the {@link RecoverableKeyStoreSecondaryKey} with {@code alias} if it is in the {@link +     * RecoveryController}. Otherwise, {@link Optional#empty()}. +     */ +    public Optional<RecoverableKeyStoreSecondaryKey> get(String alias) +            throws InternalRecoveryServiceException, UnrecoverableKeyException { +        SecretKey secretKey = (SecretKey) mRecoveryController.getKey(alias); +        return Optional.ofNullable(secretKey) +                .map(key -> new RecoverableKeyStoreSecondaryKey(alias, key)); +    } + +    /** +     * Generates a new key alias. This has more entropy than a UUID - it can be considered +     * universally unique. +     */ +    private String generateId() { +        byte[] id = new byte[BACKUP_KEY_SUFFIX_LENGTH_BITS / BITS_PER_BYTE]; +        mSecureRandom.nextBytes(id); +        return BACKUP_KEY_ALIAS_PREFIX + HexEncoding.encodeToString(id); +    } + +    /** Constructs a {@link RecoverableKeyStoreSecondaryKeyManager}. */ +    public interface RecoverableKeyStoreSecondaryKeyManagerProvider { +        /** Returns a newly constructed {@link RecoverableKeyStoreSecondaryKeyManager}. */ +        RecoverableKeyStoreSecondaryKeyManager get(); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/TertiaryKeyGenerator.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/TertiaryKeyGenerator.java new file mode 100644 index 000000000000..a425c720b9b8 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/TertiaryKeyGenerator.java @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.keys; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; + +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; + +/** 256-bit AES key generator. Each app should have its own separate AES key. */ +public class TertiaryKeyGenerator { +    private static final int KEY_SIZE_BITS = 256; +    private static final String KEY_ALGORITHM = "AES"; + +    private final KeyGenerator mKeyGenerator; + +    /** New instance generating keys using {@code secureRandom}. */ +    public TertiaryKeyGenerator(SecureRandom secureRandom) { +        try { +            mKeyGenerator = KeyGenerator.getInstance(KEY_ALGORITHM); +            mKeyGenerator.init(KEY_SIZE_BITS, secureRandom); +        } catch (NoSuchAlgorithmException e) { +            throw new AssertionError( +                    "Impossible condition: JCE thinks it does not support AES.", e); +        } +    } + +    /** Generates a new random AES key. */ +    public SecretKey generate() { +        return mKeyGenerator.generateKey(); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/TertiaryKeyRotationTracker.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/TertiaryKeyRotationTracker.java new file mode 100644 index 000000000000..ec90f6c8c95e --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/keys/TertiaryKeyRotationTracker.java @@ -0,0 +1,113 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.keys; + +import android.content.Context; +import android.content.SharedPreferences; +import android.util.Slog; + +import com.android.internal.annotations.VisibleForTesting; + +import java.util.Locale; + +/** + * Tracks when a tertiary key rotation is due. + * + * <p>After a certain number of incremental backups, the device schedules a full backup, which will + * generate a new encryption key, effecting a key rotation. We should do this on a regular basis so + * that if a key does become compromised it has limited value to the attacker. + * + * <p>No additional synchronization of this class is provided. Only one instance should be used at + * any time. This should be fine as there should be no parallelism in backups. + */ +public class TertiaryKeyRotationTracker { +    private static final int MAX_BACKUPS_UNTIL_TERTIARY_KEY_ROTATION = 31; +    private static final String SHARED_PREFERENCES_NAME = "tertiary_key_rotation_tracker"; + +    private static final String TAG = "TertiaryKeyRotationTracker"; +    private static final boolean DEBUG = false; + +    /** +     * A new instance, using {@code context} to commit data to disk via {@link SharedPreferences}. +     */ +    public static TertiaryKeyRotationTracker getInstance(Context context) { +        return new TertiaryKeyRotationTracker( +                context.getSharedPreferences(SHARED_PREFERENCES_NAME, Context.MODE_PRIVATE)); +    } + +    private final SharedPreferences mSharedPreferences; + +    /** New instance, storing data in {@code mSharedPreferences}. */ +    @VisibleForTesting +    TertiaryKeyRotationTracker(SharedPreferences sharedPreferences) { +        mSharedPreferences = sharedPreferences; +    } + +    /** +     * Returns {@code true} if the given app is due having its key rotated. +     * +     * @param packageName The package name of the app. +     */ +    public boolean isKeyRotationDue(String packageName) { +        return getBackupsSinceRotation(packageName) >= MAX_BACKUPS_UNTIL_TERTIARY_KEY_ROTATION; +    } + +    /** +     * Records that an incremental backup has occurred. Each incremental backup brings the app +     * closer to the time when its key should be rotated. +     * +     * @param packageName The package name of the app for which the backup occurred. +     */ +    public void recordBackup(String packageName) { +        int backupsSinceRotation = getBackupsSinceRotation(packageName) + 1; +        mSharedPreferences.edit().putInt(packageName, backupsSinceRotation).apply(); +        if (DEBUG) { +            Slog.d( +                    TAG, +                    String.format( +                            Locale.US, +                            "Incremental backup for %s. %d backups until key rotation.", +                            packageName, +                            Math.max( +                                    0, +                                    MAX_BACKUPS_UNTIL_TERTIARY_KEY_ROTATION +                                            - backupsSinceRotation))); +        } +    } + +    /** +     * Resets the rotation delay for the given app. Should be invoked after a key rotation. +     * +     * @param packageName Package name of the app whose key has rotated. +     */ +    public void resetCountdown(String packageName) { +        mSharedPreferences.edit().putInt(packageName, 0).apply(); +    } + +    /** Marks all enrolled packages for key rotation. */ +    public void markAllForRotation() { +        SharedPreferences.Editor editor = mSharedPreferences.edit(); +        for (String packageName : mSharedPreferences.getAll().keySet()) { +            editor.putInt(packageName, MAX_BACKUPS_UNTIL_TERTIARY_KEY_ROTATION); +        } +        editor.apply(); +    } + +    private int getBackupsSinceRotation(String packageName) { +        return mSharedPreferences.getInt(packageName, 0); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDb.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDb.java new file mode 100644 index 000000000000..9f6c03a6f393 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDb.java @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.storage; + +import android.content.Context; + +/** + * Backup encryption SQLite database. All instances are threadsafe. + * + * <p>The database is automatically opened when accessing one of the tables. After the caller is + * done they must call {@link #close()}. + */ +public class BackupEncryptionDb { +    private final BackupEncryptionDbHelper mHelper; + +    /** A new instance, using the storage defined by {@code context}. */ +    public static BackupEncryptionDb newInstance(Context context) { +        BackupEncryptionDbHelper helper = new BackupEncryptionDbHelper(context); +        helper.setWriteAheadLoggingEnabled(true); +        return new BackupEncryptionDb(helper); +    } + +    private BackupEncryptionDb(BackupEncryptionDbHelper helper) { +        mHelper = helper; +    } + +    public TertiaryKeysTable getTertiaryKeysTable() { +        return new TertiaryKeysTable(mHelper); +    } + +    /** Deletes the database. */ +    public void clear() throws EncryptionDbException { +        mHelper.resetDatabase(); +    } + +    /** +     * Closes the database if it is open. +     * +     * <p>After calling this, the caller may access one of the tables again which will automatically +     * reopen the database. +     */ +    public void close() { +        mHelper.close(); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDbContract.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDbContract.java new file mode 100644 index 000000000000..5e8a8d9fc2ae --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDbContract.java @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.storage; + +import android.provider.BaseColumns; + +/** Contract for the backup encryption database. Describes tables present. */ +class BackupEncryptionDbContract { +    /** +     * Table containing tertiary keys belonging to the user. Tertiary keys are wrapped by a +     * secondary key, which never leaves {@code AndroidKeyStore} (a provider for {@link +     * java.security.KeyStore}). Each application has a tertiary key, which is used to encrypt the +     * backup data. +     */ +    static class TertiaryKeysEntry implements BaseColumns { +        static final String TABLE_NAME = "tertiary_keys"; + +        /** Alias of the secondary key used to wrap the tertiary key. */ +        static final String COLUMN_NAME_SECONDARY_KEY_ALIAS = "secondary_key_alias"; + +        /** Name of the package to which the tertiary key belongs. */ +        static final String COLUMN_NAME_PACKAGE_NAME = "package_name"; + +        /** Encrypted bytes of the tertiary key. */ +        static final String COLUMN_NAME_WRAPPED_KEY_BYTES = "wrapped_key_bytes"; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDbHelper.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDbHelper.java new file mode 100644 index 000000000000..c70634248dca --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/BackupEncryptionDbHelper.java @@ -0,0 +1,102 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.storage; + +import static com.android.server.backup.encryption.storage.BackupEncryptionDbContract.TertiaryKeysEntry; + +import android.content.Context; +import android.database.sqlite.SQLiteDatabase; +import android.database.sqlite.SQLiteException; +import android.database.sqlite.SQLiteOpenHelper; + +/** Helper for creating an instance of the backup encryption database. */ +class BackupEncryptionDbHelper extends SQLiteOpenHelper { +    private static final int DATABASE_VERSION = 1; +    static final String DATABASE_NAME = "backupencryption.db"; + +    private static final String SQL_CREATE_TERTIARY_KEYS_ENTRY = +            "CREATE TABLE " +                    + TertiaryKeysEntry.TABLE_NAME +                    + " ( " +                    + TertiaryKeysEntry._ID +                    + " INTEGER PRIMARY KEY," +                    + TertiaryKeysEntry.COLUMN_NAME_SECONDARY_KEY_ALIAS +                    + " TEXT," +                    + TertiaryKeysEntry.COLUMN_NAME_PACKAGE_NAME +                    + " TEXT," +                    + TertiaryKeysEntry.COLUMN_NAME_WRAPPED_KEY_BYTES +                    + " BLOB," +                    + "UNIQUE(" +                    + TertiaryKeysEntry.COLUMN_NAME_SECONDARY_KEY_ALIAS +                    + "," +                    + TertiaryKeysEntry.COLUMN_NAME_PACKAGE_NAME +                    + "))"; + +    private static final String SQL_DROP_TERTIARY_KEYS_ENTRY = +            "DROP TABLE IF EXISTS " + TertiaryKeysEntry.TABLE_NAME; + +    BackupEncryptionDbHelper(Context context) { +        super(context, DATABASE_NAME, /*factory=*/ null, DATABASE_VERSION); +    } + +    public void resetDatabase() throws EncryptionDbException { +        SQLiteDatabase db = getWritableDatabaseSafe(); +        db.execSQL(SQL_DROP_TERTIARY_KEYS_ENTRY); +        onCreate(db); +    } + +    @Override +    public void onCreate(SQLiteDatabase db) { +        db.execSQL(SQL_CREATE_TERTIARY_KEYS_ENTRY); +    } + +    @Override +    public void onUpgrade(SQLiteDatabase db, int oldVersion, int newVersion) { +        db.execSQL(SQL_DROP_TERTIARY_KEYS_ENTRY); +        onCreate(db); +    } + +    @Override +    public void onDowngrade(SQLiteDatabase db, int oldVersion, int newVersion) { +        db.execSQL(SQL_DROP_TERTIARY_KEYS_ENTRY); +        onCreate(db); +    } + +    /** +     * Calls {@link #getWritableDatabase()}, but catches the unchecked {@link SQLiteException} and +     * rethrows {@link EncryptionDbException}. +     */ +    public SQLiteDatabase getWritableDatabaseSafe() throws EncryptionDbException { +        try { +            return super.getWritableDatabase(); +        } catch (SQLiteException e) { +            throw new EncryptionDbException(e); +        } +    } + +    /** +     * Calls {@link #getReadableDatabase()}, but catches the unchecked {@link SQLiteException} and +     * rethrows {@link EncryptionDbException}. +     */ +    public SQLiteDatabase getReadableDatabaseSafe() throws EncryptionDbException { +        try { +            return super.getReadableDatabase(); +        } catch (SQLiteException e) { +            throw new EncryptionDbException(e); +        } +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/EncryptionDbException.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/EncryptionDbException.java new file mode 100644 index 000000000000..82f7dead1b50 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/EncryptionDbException.java @@ -0,0 +1,26 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.storage; + +import java.io.IOException; + +/** Thrown when there is a problem reading or writing the encryption database. */ +public class EncryptionDbException extends IOException { +    public EncryptionDbException(Throwable cause) { +        super(cause); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/TertiaryKey.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/TertiaryKey.java new file mode 100644 index 000000000000..39a2c6ebb9c3 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/TertiaryKey.java @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.storage; + +/** Wrapped bytes of a tertiary key. */ +public class TertiaryKey { +    private final String mSecondaryKeyAlias; +    private final String mPackageName; +    private final byte[] mWrappedKeyBytes; + +    /** +     * Creates a new instance. +     * +     * @param secondaryKeyAlias Alias of the secondary used to wrap the key. +     * @param packageName The package name of the app to which the key belongs. +     * @param wrappedKeyBytes The wrapped key bytes. +     */ +    public TertiaryKey(String secondaryKeyAlias, String packageName, byte[] wrappedKeyBytes) { +        mSecondaryKeyAlias = secondaryKeyAlias; +        mPackageName = packageName; +        mWrappedKeyBytes = wrappedKeyBytes; +    } + +    /** Returns the alias of the secondary key used to wrap this tertiary key. */ +    public String getSecondaryKeyAlias() { +        return mSecondaryKeyAlias; +    } + +    /** Returns the package name of the application this key relates to. */ +    public String getPackageName() { +        return mPackageName; +    } + +    /** Returns the wrapped bytes of the key. */ +    public byte[] getWrappedKeyBytes() { +        return mWrappedKeyBytes; +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/TertiaryKeysTable.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/TertiaryKeysTable.java new file mode 100644 index 000000000000..d8d40c402a84 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/storage/TertiaryKeysTable.java @@ -0,0 +1,134 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.storage; + +import static com.android.server.backup.encryption.storage.BackupEncryptionDbContract.TertiaryKeysEntry; + +import android.content.ContentValues; +import android.database.Cursor; +import android.database.sqlite.SQLiteDatabase; +import android.util.ArrayMap; + +import java.util.Collections; +import java.util.Map; +import java.util.Optional; + +/** Database table for storing and retrieving tertiary keys. */ +public class TertiaryKeysTable { +    private final BackupEncryptionDbHelper mHelper; + +    TertiaryKeysTable(BackupEncryptionDbHelper helper) { +        mHelper = helper; +    } + +    /** +     * Adds the {@code tertiaryKey} to the database. +     * +     * @return The primary key of the inserted row if successful, -1 otherwise. +     */ +    public long addKey(TertiaryKey tertiaryKey) throws EncryptionDbException { +        SQLiteDatabase db = mHelper.getWritableDatabaseSafe(); +        ContentValues values = new ContentValues(); +        values.put( +                TertiaryKeysEntry.COLUMN_NAME_SECONDARY_KEY_ALIAS, +                tertiaryKey.getSecondaryKeyAlias()); +        values.put(TertiaryKeysEntry.COLUMN_NAME_PACKAGE_NAME, tertiaryKey.getPackageName()); +        values.put( +                TertiaryKeysEntry.COLUMN_NAME_WRAPPED_KEY_BYTES, tertiaryKey.getWrappedKeyBytes()); +        return db.replace(TertiaryKeysEntry.TABLE_NAME, /*nullColumnHack=*/ null, values); +    } + +    /** Gets the key wrapped by {@code secondaryKeyAlias} for app with {@code packageName}. */ +    public Optional<TertiaryKey> getKey(String secondaryKeyAlias, String packageName) +            throws EncryptionDbException { +        SQLiteDatabase db = mHelper.getReadableDatabaseSafe(); +        String[] projection = { +            TertiaryKeysEntry._ID, +            TertiaryKeysEntry.COLUMN_NAME_SECONDARY_KEY_ALIAS, +            TertiaryKeysEntry.COLUMN_NAME_PACKAGE_NAME, +            TertiaryKeysEntry.COLUMN_NAME_WRAPPED_KEY_BYTES +        }; +        String selection = +                TertiaryKeysEntry.COLUMN_NAME_SECONDARY_KEY_ALIAS +                        + " = ? AND " +                        + TertiaryKeysEntry.COLUMN_NAME_PACKAGE_NAME +                        + " = ?"; +        String[] selectionArguments = {secondaryKeyAlias, packageName}; + +        try (Cursor cursor = +                db.query( +                        TertiaryKeysEntry.TABLE_NAME, +                        projection, +                        selection, +                        selectionArguments, +                        /*groupBy=*/ null, +                        /*having=*/ null, +                        /*orderBy=*/ null)) { +            int count = cursor.getCount(); +            if (count == 0) { +                return Optional.empty(); +            } + +            cursor.moveToFirst(); +            byte[] wrappedKeyBytes = +                    cursor.getBlob( +                            cursor.getColumnIndexOrThrow( +                                    TertiaryKeysEntry.COLUMN_NAME_WRAPPED_KEY_BYTES)); +            return Optional.of(new TertiaryKey(secondaryKeyAlias, packageName, wrappedKeyBytes)); +        } +    } + +    /** Returns all keys wrapped with {@code tertiaryKeyAlias} as an unmodifiable map. */ +    public Map<String, TertiaryKey> getAllKeys(String secondaryKeyAlias) +            throws EncryptionDbException { +        SQLiteDatabase db = mHelper.getReadableDatabaseSafe(); +        String[] projection = { +            TertiaryKeysEntry._ID, +            TertiaryKeysEntry.COLUMN_NAME_SECONDARY_KEY_ALIAS, +            TertiaryKeysEntry.COLUMN_NAME_PACKAGE_NAME, +            TertiaryKeysEntry.COLUMN_NAME_WRAPPED_KEY_BYTES +        }; +        String selection = TertiaryKeysEntry.COLUMN_NAME_SECONDARY_KEY_ALIAS + " = ?"; +        String[] selectionArguments = {secondaryKeyAlias}; + +        Map<String, TertiaryKey> keysByPackageName = new ArrayMap<>(); +        try (Cursor cursor = +                db.query( +                        TertiaryKeysEntry.TABLE_NAME, +                        projection, +                        selection, +                        selectionArguments, +                        /*groupBy=*/ null, +                        /*having=*/ null, +                        /*orderBy=*/ null)) { +            while (cursor.moveToNext()) { +                String packageName = +                        cursor.getString( +                                cursor.getColumnIndexOrThrow( +                                        TertiaryKeysEntry.COLUMN_NAME_PACKAGE_NAME)); +                byte[] wrappedKeyBytes = +                        cursor.getBlob( +                                cursor.getColumnIndexOrThrow( +                                        TertiaryKeysEntry.COLUMN_NAME_WRAPPED_KEY_BYTES)); +                keysByPackageName.put( +                        packageName, +                        new TertiaryKey(secondaryKeyAlias, packageName, wrappedKeyBytes)); +            } +        } +        return Collections.unmodifiableMap(keysByPackageName); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/BackupEncrypter.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/BackupEncrypter.java new file mode 100644 index 000000000000..95d0d97b4073 --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/BackupEncrypter.java @@ -0,0 +1,90 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.tasks; + +import static java.util.Collections.unmodifiableList; + +import android.annotation.Nullable; + +import com.android.server.backup.encryption.chunk.ChunkHash; +import com.android.server.backup.encryption.chunking.EncryptedChunk; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import javax.crypto.SecretKey; + +/** Task which reads data from some source, splits it into chunks and encrypts new chunks. */ +public interface BackupEncrypter { +    /** The algorithm which we use to compute the digest of the backup file plaintext. */ +    String MESSAGE_DIGEST_ALGORITHM = "SHA-256"; + +    /** +     * Splits the backup input into encrypted chunks and encrypts new chunks. +     * +     * @param secretKey Key used to encrypt backup. +     * @param fingerprintMixerSalt Fingerprint mixer salt used for content-defined chunking during a +     *     full backup. Should be {@code null} for a key-value backup. +     * @param existingChunks Set of the SHA-256 Macs of chunks the server already has. +     * @return a result containing an array of new encrypted chunks to upload, and an ordered +     *     listing of the chunks in the backup file. +     * @throws IOException if a problem occurs reading from the backup data. +     * @throws GeneralSecurityException if there is a problem encrypting the data. +     */ +    Result backup( +            SecretKey secretKey, +            @Nullable byte[] fingerprintMixerSalt, +            Set<ChunkHash> existingChunks) +            throws IOException, GeneralSecurityException; + +    /** +     * The result of an incremental backup. Contains new encrypted chunks to upload, and an ordered +     * list of the chunks in the backup file. +     */ +    class Result { +        private final List<ChunkHash> mAllChunks; +        private final List<EncryptedChunk> mNewChunks; +        private final byte[] mDigest; + +        public Result(List<ChunkHash> allChunks, List<EncryptedChunk> newChunks, byte[] digest) { +            mAllChunks = unmodifiableList(new ArrayList<>(allChunks)); +            mDigest = digest; +            mNewChunks = unmodifiableList(new ArrayList<>(newChunks)); +        } + +        /** +         * Returns an unmodifiable list of the hashes of all the chunks in the backup, in the order +         * they appear in the plaintext. +         */ +        public List<ChunkHash> getAllChunks() { +            return mAllChunks; +        } + +        /** Returns an unmodifiable list of the new chunks in the backup. */ +        public List<EncryptedChunk> getNewChunks() { +            return mNewChunks; +        } + +        /** Returns the message digest of the backup. */ +        public byte[] getDigest() { +            return mDigest; +        } +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/BackupStreamEncrypter.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/BackupStreamEncrypter.java new file mode 100644 index 000000000000..45798d32885a --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/BackupStreamEncrypter.java @@ -0,0 +1,127 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.tasks; + +import android.util.Slog; + +import com.android.server.backup.encryption.chunk.ChunkHash; +import com.android.server.backup.encryption.chunking.ChunkEncryptor; +import com.android.server.backup.encryption.chunking.ChunkHasher; +import com.android.server.backup.encryption.chunking.EncryptedChunk; +import com.android.server.backup.encryption.chunking.cdc.ContentDefinedChunker; +import com.android.server.backup.encryption.chunking.cdc.FingerprintMixer; +import com.android.server.backup.encryption.chunking.cdc.IsChunkBreakpoint; +import com.android.server.backup.encryption.chunking.cdc.RabinFingerprint64; + +import java.io.IOException; +import java.io.InputStream; +import java.security.GeneralSecurityException; +import java.security.MessageDigest; +import java.security.SecureRandom; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.crypto.SecretKey; + +/** + * Splits backup data into variable-sized chunks using content-defined chunking, then encrypts the + * chunks. Given a hash of the SHA-256s of existing chunks, performs an incremental backup (i.e., + * only encrypts new chunks). + */ +public class BackupStreamEncrypter implements BackupEncrypter { +    private static final String TAG = "BackupStreamEncryptor"; + +    private final InputStream mData; +    private final int mMinChunkSizeBytes; +    private final int mMaxChunkSizeBytes; +    private final int mAverageChunkSizeBytes; + +    /** +     * A new instance over the given distribution of chunk sizes. +     * +     * @param data The data to be backed up. +     * @param minChunkSizeBytes The minimum chunk size. No chunk will be smaller than this. +     * @param maxChunkSizeBytes The maximum chunk size. No chunk will be larger than this. +     * @param averageChunkSizeBytes The average chunk size. The mean size of chunks will be roughly +     *     this (with a few tens of bytes of overhead for the initialization vector and message +     *     authentication code). +     */ +    public BackupStreamEncrypter( +            InputStream data, +            int minChunkSizeBytes, +            int maxChunkSizeBytes, +            int averageChunkSizeBytes) { +        this.mData = data; +        this.mMinChunkSizeBytes = minChunkSizeBytes; +        this.mMaxChunkSizeBytes = maxChunkSizeBytes; +        this.mAverageChunkSizeBytes = averageChunkSizeBytes; +    } + +    @Override +    public Result backup( +            SecretKey secretKey, byte[] fingerprintMixerSalt, Set<ChunkHash> existingChunks) +            throws IOException, GeneralSecurityException { +        MessageDigest messageDigest = +                MessageDigest.getInstance(BackupEncrypter.MESSAGE_DIGEST_ALGORITHM); +        RabinFingerprint64 rabinFingerprint64 = new RabinFingerprint64(); +        FingerprintMixer fingerprintMixer = new FingerprintMixer(secretKey, fingerprintMixerSalt); +        IsChunkBreakpoint isChunkBreakpoint = +                new IsChunkBreakpoint(mAverageChunkSizeBytes - mMinChunkSizeBytes); +        ContentDefinedChunker chunker = +                new ContentDefinedChunker( +                        mMinChunkSizeBytes, +                        mMaxChunkSizeBytes, +                        rabinFingerprint64, +                        fingerprintMixer, +                        isChunkBreakpoint); +        ChunkHasher chunkHasher = new ChunkHasher(secretKey); +        ChunkEncryptor encryptor = new ChunkEncryptor(secretKey, new SecureRandom()); +        Set<ChunkHash> includedChunks = new HashSet<>(); +        // New chunks will be added only once to this list, even if they occur multiple times. +        List<EncryptedChunk> newChunks = new ArrayList<>(); +        // All chunks (including multiple occurrences) will be added to the chunkListing. +        List<ChunkHash> chunkListing = new ArrayList<>(); + +        includedChunks.addAll(existingChunks); + +        chunker.chunkify( +                mData, +                chunk -> { +                    messageDigest.update(chunk); +                    ChunkHash key = chunkHasher.computeHash(chunk); + +                    if (!includedChunks.contains(key)) { +                        newChunks.add(encryptor.encrypt(key, chunk)); +                        includedChunks.add(key); +                    } +                    chunkListing.add(key); +                }); + +        Slog.i( +                TAG, +                String.format( +                        "Chunks: %d total, %d unique, %d new", +                        chunkListing.size(), new HashSet<>(chunkListing).size(), newChunks.size())); +        return new Result( +                Collections.unmodifiableList(chunkListing), +                Collections.unmodifiableList(newChunks), +                messageDigest.digest()); +    } +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/DecryptedChunkOutput.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/DecryptedChunkOutput.java new file mode 100644 index 000000000000..e3df3c1eb96f --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/DecryptedChunkOutput.java @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.tasks; + +import java.io.Closeable; +import java.io.IOException; +import java.security.InvalidKeyException; + +/** + * Accepts the plaintext bytes of decrypted chunks and writes them to some output. Also keeps track + * of the message digest of the chunks. + */ +public interface DecryptedChunkOutput extends Closeable { +    /** +     * Opens whatever output the implementation chooses, ready to process chunks. +     * +     * @return {@code this}, to allow use with try-with-resources +     */ +    DecryptedChunkOutput open() throws IOException; + +    /** +     * Writes the plaintext bytes of chunk to whatever output the implementation chooses. Also +     * updates the digest with the chunk. +     * +     * <p>You must call {@link #open()} before this method, and you may not call it after calling +     * {@link Closeable#close()}. +     * +     * @param plaintextBuffer An array containing the bytes of the plaintext of the chunk, starting +     *     at index 0. +     * @param length The length in bytes of the plaintext contained in {@code plaintextBuffer}. +     */ +    void processChunk(byte[] plaintextBuffer, int length) throws IOException, InvalidKeyException; + +    /** +     * Returns the message digest of all the chunks processed by {@link #processChunk}. +     * +     * <p>You must call {@link Closeable#close()} before calling this method. +     */ +    byte[] getDigest(); +} diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/EncryptedRestoreException.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/EncryptedRestoreException.java new file mode 100644 index 000000000000..487c0d92f6fd --- /dev/null +++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/tasks/EncryptedRestoreException.java @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + *      http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.server.backup.encryption.tasks; + +/** Wraps any exception related to encryption which occurs during restore. */ +public class EncryptedRestoreException extends Exception { +    public EncryptedRestoreException(String message) { +        super(message); +    } + +    public EncryptedRestoreException(Throwable cause) { +        super(cause); +    } + +    public EncryptedRestoreException(String message, Throwable cause) { +        super(message, cause); +    } +} |