diff options
22 files changed, 385 insertions, 330 deletions
diff --git a/core/java/android/security/keystore/BackwardsCompat.java b/core/java/android/security/keystore/BackwardsCompat.java index 24921f03f136..69558c4d8aaf 100644 --- a/core/java/android/security/keystore/BackwardsCompat.java +++ b/core/java/android/security/keystore/BackwardsCompat.java @@ -30,7 +30,7 @@ class BackwardsCompat { static KeychainProtectionParams toLegacyKeychainProtectionParams( - android.security.keystore.recovery.KeychainProtectionParams keychainProtectionParams + android.security.keystore.recovery.KeyChainProtectionParams keychainProtectionParams ) { return new KeychainProtectionParams.Builder() .setUserSecretType(keychainProtectionParams.getUserSecretType()) @@ -80,15 +80,15 @@ class BackwardsCompat { return map(wrappedApplicationKeys, BackwardsCompat::fromLegacyWrappedApplicationKey); } - static List<android.security.keystore.recovery.KeychainProtectionParams> + static List<android.security.keystore.recovery.KeyChainProtectionParams> fromLegacyKeychainProtectionParams( List<KeychainProtectionParams> keychainProtectionParams) { return map(keychainProtectionParams, BackwardsCompat::fromLegacyKeychainProtectionParam); } - static android.security.keystore.recovery.KeychainProtectionParams + static android.security.keystore.recovery.KeyChainProtectionParams fromLegacyKeychainProtectionParam(KeychainProtectionParams keychainProtectionParams) { - return new android.security.keystore.recovery.KeychainProtectionParams.Builder() + return new android.security.keystore.recovery.KeyChainProtectionParams.Builder() .setUserSecretType(keychainProtectionParams.getUserSecretType()) .setSecret(keychainProtectionParams.getSecret()) .setLockScreenUiFormat(keychainProtectionParams.getLockScreenUiFormat()) @@ -99,7 +99,7 @@ class BackwardsCompat { } static KeychainSnapshot toLegacyKeychainSnapshot( - android.security.keystore.recovery.KeychainSnapshot keychainSnapshot + android.security.keystore.recovery.KeyChainSnapshot keychainSnapshot ) { return new KeychainSnapshot.Builder() .setCounterId(keychainSnapshot.getCounterId()) @@ -109,7 +109,7 @@ class BackwardsCompat { .setMaxAttempts(keychainSnapshot.getMaxAttempts()) .setServerParams(keychainSnapshot.getServerParams()) .setKeychainProtectionParams( - map(keychainSnapshot.getKeychainProtectionParams(), + map(keychainSnapshot.getKeyChainProtectionParams(), BackwardsCompat::toLegacyKeychainProtectionParams)) .setWrappedApplicationKeys( map(keychainSnapshot.getWrappedApplicationKeys(), diff --git a/core/java/android/security/keystore/recovery/DecryptionFailedException.java b/core/java/android/security/keystore/recovery/DecryptionFailedException.java index b414dc59834b..93f033feee14 100644 --- a/core/java/android/security/keystore/recovery/DecryptionFailedException.java +++ b/core/java/android/security/keystore/recovery/DecryptionFailedException.java @@ -16,13 +16,15 @@ package android.security.keystore.recovery; +import java.security.GeneralSecurityException; + /** * Error thrown when decryption failed, due to an agent error. i.e., using the incorrect key, * trying to decrypt garbage data, trying to decrypt data that has somehow been corrupted, etc. * * @hide */ -public class DecryptionFailedException extends RecoveryControllerException { +public class DecryptionFailedException extends GeneralSecurityException { public DecryptionFailedException(String msg) { super(msg); diff --git a/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java b/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java index 07a540ceea25..9a0322624540 100644 --- a/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java +++ b/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java @@ -16,6 +16,8 @@ package android.security.keystore.recovery; +import java.security.GeneralSecurityException; + /** * An error thrown when something went wrong internally in the recovery service. * @@ -24,7 +26,7 @@ package android.security.keystore.recovery; * * @hide */ -public class InternalRecoveryServiceException extends RecoveryControllerException { +public class InternalRecoveryServiceException extends GeneralSecurityException { public InternalRecoveryServiceException(String msg) { super(msg); } diff --git a/core/java/android/security/keystore/recovery/KeychainProtectionParams.aidl b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.aidl index 538573847b00..58edc84111fa 100644 --- a/core/java/android/security/keystore/recovery/KeychainProtectionParams.aidl +++ b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.aidl @@ -17,4 +17,4 @@ package android.security.keystore.recovery; /* @hide */ -parcelable KeychainProtectionParams; +parcelable KeyChainProtectionParams; diff --git a/core/java/android/security/keystore/recovery/KeychainProtectionParams.java b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java index 445815b48e7c..7ccb909d8e27 100644 --- a/core/java/android/security/keystore/recovery/KeychainProtectionParams.java +++ b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java @@ -28,7 +28,7 @@ import java.lang.annotation.RetentionPolicy; import java.util.Arrays; /** - * A {@link KeychainSnapshot} is protected with a key derived from the user's lock screen. This + * A {@link KeyChainSnapshot} is protected with a key derived from the user's lock screen. This * class wraps all the data necessary to derive the same key on a recovering device: * * <ul> @@ -38,7 +38,7 @@ import java.util.Arrays; * <li>The algorithm used to derive a key from the user's lock screen, e.g. SHA-256 with a salt. * </ul> * - * <p>As such, this data is sent along with the {@link KeychainSnapshot} when syncing the current + * <p>As such, this data is sent along with the {@link KeyChainSnapshot} when syncing the current * version of the keychain. * * <p>For now, the recoverable keychain only supports a single layer of protection, which is the @@ -47,10 +47,10 @@ import java.util.Arrays; * * @hide */ -public final class KeychainProtectionParams implements Parcelable { +public final class KeyChainProtectionParams implements Parcelable { /** @hide */ @Retention(RetentionPolicy.SOURCE) - @IntDef({TYPE_LOCKSCREEN, TYPE_CUSTOM_PASSWORD}) + @IntDef(prefix = {"TYPE_"}, value = {TYPE_LOCKSCREEN, TYPE_CUSTOM_PASSWORD}) public @interface UserSecretType { } @@ -66,24 +66,24 @@ public final class KeychainProtectionParams implements Parcelable { /** @hide */ @Retention(RetentionPolicy.SOURCE) - @IntDef({TYPE_PIN, TYPE_PASSWORD, TYPE_PATTERN}) + @IntDef(prefix = {"UI_FORMAT_"}, value = {UI_FORMAT_PIN, UI_FORMAT_PASSWORD, UI_FORMAT_PATTERN}) public @interface LockScreenUiFormat { } /** * Pin with digits only. */ - public static final int TYPE_PIN = 1; + public static final int UI_FORMAT_PIN = 1; /** * Password. String with latin-1 characters only. */ - public static final int TYPE_PASSWORD = 2; + public static final int UI_FORMAT_PASSWORD = 2; /** * Pattern with 3 by 3 grid. */ - public static final int TYPE_PATTERN = 3; + public static final int UI_FORMAT_PATTERN = 3; @UserSecretType private Integer mUserSecretType; @@ -102,7 +102,7 @@ public final class KeychainProtectionParams implements Parcelable { * @link {#clearSecret} to overwrite its value in memory. * @hide */ - public KeychainProtectionParams(@UserSecretType int userSecretType, + public KeyChainProtectionParams(@UserSecretType int userSecretType, @LockScreenUiFormat int lockScreenUiFormat, @NonNull KeyDerivationParams keyDerivationParams, @NonNull byte[] secret) { @@ -112,7 +112,7 @@ public final class KeychainProtectionParams implements Parcelable { mSecret = Preconditions.checkNotNull(secret); } - private KeychainProtectionParams() { + private KeyChainProtectionParams() { } @@ -126,11 +126,11 @@ public final class KeychainProtectionParams implements Parcelable { /** * Specifies UX shown to user during recovery. - * Default value is {@code TYPE_LOCKSCREEN} + * Default value is {@code UI_FORMAT_LOCKSCREEN} * - * @see TYPE_PIN - * @see TYPE_PASSWORD - * @see TYPE_PATTERN + * @see UI_FORMAT_PIN + * @see UI_FORMAT_PASSWORD + * @see UI_FORMAT_PATTERN */ public @LockScreenUiFormat int getLockScreenUiFormat() { return mLockScreenUiFormat; @@ -140,7 +140,7 @@ public final class KeychainProtectionParams implements Parcelable { * Specifies function used to derive symmetric key from user input * Format is defined in separate util class. */ - @NonNull public KeyDerivationParams getKeyDerivationParams() { + public @NonNull KeyDerivationParams getKeyDerivationParams() { return mKeyDerivationParams; } @@ -155,11 +155,10 @@ public final class KeychainProtectionParams implements Parcelable { } /** - * Builder for creating {@link KeychainProtectionParams}. + * Builder for creating {@link KeyChainProtectionParams}. */ public static class Builder { - private KeychainProtectionParams - mInstance = new KeychainProtectionParams(); + private KeyChainProtectionParams mInstance = new KeyChainProtectionParams(); /** * Sets user secret type. @@ -177,9 +176,9 @@ public final class KeychainProtectionParams implements Parcelable { /** * Sets UI format. * - * @see TYPE_PIN - * @see TYPE_PASSWORD - * @see TYPE_PATTERN + * @see UI_FORMAT_PIN + * @see UI_FORMAT_PASSWORD + * @see UI_FORMAT_PATTERN * @param lockScreenUiFormat The UI format * @return This builder. */ @@ -213,14 +212,14 @@ public final class KeychainProtectionParams implements Parcelable { /** - * Creates a new {@link KeychainProtectionParams} instance. + * Creates a new {@link KeyChainProtectionParams} instance. * The instance will include default values, if {@link setSecret} * or {@link setUserSecretType} were not called. * * @return new instance * @throws NullPointerException if some required fields were not set. */ - @NonNull public KeychainProtectionParams build() { + @NonNull public KeyChainProtectionParams build() { if (mInstance.mUserSecretType == null) { mInstance.mUserSecretType = TYPE_LOCKSCREEN; } @@ -250,14 +249,14 @@ public final class KeychainProtectionParams implements Parcelable { Arrays.fill(mSecret, (byte) 0); } - public static final Creator<KeychainProtectionParams> CREATOR = - new Creator<KeychainProtectionParams>() { - public KeychainProtectionParams createFromParcel(Parcel in) { - return new KeychainProtectionParams(in); + public static final Parcelable.Creator<KeyChainProtectionParams> CREATOR = + new Parcelable.Creator<KeyChainProtectionParams>() { + public KeyChainProtectionParams createFromParcel(Parcel in) { + return new KeyChainProtectionParams(in); } - public KeychainProtectionParams[] newArray(int length) { - return new KeychainProtectionParams[length]; + public KeyChainProtectionParams[] newArray(int length) { + return new KeyChainProtectionParams[length]; } }; @@ -275,7 +274,7 @@ public final class KeychainProtectionParams implements Parcelable { /** * @hide */ - protected KeychainProtectionParams(Parcel in) { + protected KeyChainProtectionParams(Parcel in) { mUserSecretType = in.readInt(); mLockScreenUiFormat = in.readInt(); mKeyDerivationParams = in.readTypedObject(KeyDerivationParams.CREATOR); diff --git a/core/java/android/security/keystore/recovery/KeychainSnapshot.aidl b/core/java/android/security/keystore/recovery/KeyChainSnapshot.aidl index 7822f39bf269..d02a2eadb861 100644 --- a/core/java/android/security/keystore/recovery/KeychainSnapshot.aidl +++ b/core/java/android/security/keystore/recovery/KeyChainSnapshot.aidl @@ -17,4 +17,4 @@ package android.security.keystore.recovery; /* @hide */ -parcelable KeychainSnapshot; +parcelable KeyChainSnapshot; diff --git a/core/java/android/security/keystore/recovery/KeychainSnapshot.java b/core/java/android/security/keystore/recovery/KeyChainSnapshot.java index a8e2725c0339..9639bb5e5370 100644 --- a/core/java/android/security/keystore/recovery/KeychainSnapshot.java +++ b/core/java/android/security/keystore/recovery/KeyChainSnapshot.java @@ -42,7 +42,7 @@ import java.util.List; * * @hide */ -public final class KeychainSnapshot implements Parcelable { +public final class KeyChainSnapshot implements Parcelable { private static final int DEFAULT_MAX_ATTEMPTS = 10; private static final long DEFAULT_COUNTER_ID = 1L; @@ -51,7 +51,7 @@ public final class KeychainSnapshot implements Parcelable { private long mCounterId = DEFAULT_COUNTER_ID; private byte[] mServerParams; private byte[] mPublicKey; - private List<KeychainProtectionParams> mKeychainProtectionParams; + private List<KeyChainProtectionParams> mKeyChainProtectionParams; private List<WrappedApplicationKey> mEntryRecoveryData; private byte[] mEncryptedRecoveryKeyBlob; @@ -59,21 +59,21 @@ public final class KeychainSnapshot implements Parcelable { * @hide * Deprecated, consider using builder. */ - public KeychainSnapshot( + public KeyChainSnapshot( int snapshotVersion, - @NonNull List<KeychainProtectionParams> keychainProtectionParams, + @NonNull List<KeyChainProtectionParams> keyChainProtectionParams, @NonNull List<WrappedApplicationKey> wrappedApplicationKeys, @NonNull byte[] encryptedRecoveryKeyBlob) { mSnapshotVersion = snapshotVersion; - mKeychainProtectionParams = - Preconditions.checkCollectionElementsNotNull(keychainProtectionParams, - "keychainProtectionParams"); + mKeyChainProtectionParams = + Preconditions.checkCollectionElementsNotNull(keyChainProtectionParams, + "KeyChainProtectionParams"); mEntryRecoveryData = Preconditions.checkCollectionElementsNotNull(wrappedApplicationKeys, "wrappedApplicationKeys"); mEncryptedRecoveryKeyBlob = Preconditions.checkNotNull(encryptedRecoveryKeyBlob); } - private KeychainSnapshot() { + private KeyChainSnapshot() { } @@ -119,8 +119,8 @@ public final class KeychainSnapshot implements Parcelable { /** * UI and key derivation parameters. Note that combination of secrets may be used. */ - public @NonNull List<KeychainProtectionParams> getKeychainProtectionParams() { - return mKeychainProtectionParams; + public @NonNull List<KeyChainProtectionParams> getKeyChainProtectionParams() { + return mKeyChainProtectionParams; } /** @@ -138,23 +138,23 @@ public final class KeychainSnapshot implements Parcelable { return mEncryptedRecoveryKeyBlob; } - public static final Creator<KeychainSnapshot> CREATOR = - new Creator<KeychainSnapshot>() { - public KeychainSnapshot createFromParcel(Parcel in) { - return new KeychainSnapshot(in); + public static final Creator<KeyChainSnapshot> CREATOR = + new Creator<KeyChainSnapshot>() { + public KeyChainSnapshot createFromParcel(Parcel in) { + return new KeyChainSnapshot(in); } - public KeychainSnapshot[] newArray(int length) { - return new KeychainSnapshot[length]; + public KeyChainSnapshot[] newArray(int length) { + return new KeyChainSnapshot[length]; } }; /** - * Builder for creating {@link KeychainSnapshot}. + * Builder for creating {@link KeyChainSnapshot}. */ public static class Builder { - private KeychainSnapshot - mInstance = new KeychainSnapshot(); + private KeyChainSnapshot + mInstance = new KeyChainSnapshot(); /** * Snapshot version for given account. @@ -217,9 +217,9 @@ public final class KeychainSnapshot implements Parcelable { * @param recoveryMetadata The UI and key derivation parameters * @return This builder. */ - public Builder setKeychainProtectionParams( - @NonNull List<KeychainProtectionParams> recoveryMetadata) { - mInstance.mKeychainProtectionParams = recoveryMetadata; + public Builder setKeyChainProtectionParams( + @NonNull List<KeyChainProtectionParams> recoveryMetadata) { + mInstance.mKeyChainProtectionParams = recoveryMetadata; return this; } @@ -247,13 +247,13 @@ public final class KeychainSnapshot implements Parcelable { /** - * Creates a new {@link KeychainSnapshot} instance. + * Creates a new {@link KeyChainSnapshot} instance. * * @return new instance * @throws NullPointerException if some required fields were not set. */ - @NonNull public KeychainSnapshot build() { - Preconditions.checkCollectionElementsNotNull(mInstance.mKeychainProtectionParams, + @NonNull public KeyChainSnapshot build() { + Preconditions.checkCollectionElementsNotNull(mInstance.mKeyChainProtectionParams, "recoveryMetadata"); Preconditions.checkCollectionElementsNotNull(mInstance.mEntryRecoveryData, "entryRecoveryData"); @@ -270,7 +270,7 @@ public final class KeychainSnapshot implements Parcelable { @Override public void writeToParcel(Parcel out, int flags) { out.writeInt(mSnapshotVersion); - out.writeTypedList(mKeychainProtectionParams); + out.writeTypedList(mKeyChainProtectionParams); out.writeByteArray(mEncryptedRecoveryKeyBlob); out.writeTypedList(mEntryRecoveryData); out.writeInt(mMaxAttempts); @@ -282,9 +282,9 @@ public final class KeychainSnapshot implements Parcelable { /** * @hide */ - protected KeychainSnapshot(Parcel in) { + protected KeyChainSnapshot(Parcel in) { mSnapshotVersion = in.readInt(); - mKeychainProtectionParams = in.createTypedArrayList(KeychainProtectionParams.CREATOR); + mKeyChainProtectionParams = in.createTypedArrayList(KeyChainProtectionParams.CREATOR); mEncryptedRecoveryKeyBlob = in.createByteArray(); mEntryRecoveryData = in.createTypedArrayList(WrappedApplicationKey.CREATOR); mMaxAttempts = in.readInt(); diff --git a/core/java/android/security/keystore/recovery/KeyDerivationParams.java b/core/java/android/security/keystore/recovery/KeyDerivationParams.java index 90613952ae9b..20631b0f50f6 100644 --- a/core/java/android/security/keystore/recovery/KeyDerivationParams.java +++ b/core/java/android/security/keystore/recovery/KeyDerivationParams.java @@ -81,8 +81,8 @@ public final class KeyDerivationParams implements Parcelable { return mSalt; } - public static final Creator<KeyDerivationParams> CREATOR = - new Creator<KeyDerivationParams>() { + public static final Parcelable.Creator<KeyDerivationParams> CREATOR = + new Parcelable.Creator<KeyDerivationParams>() { public KeyDerivationParams createFromParcel(Parcel in) { return new KeyDerivationParams(in); } diff --git a/core/java/android/security/keystore/recovery/LockScreenRequiredException.java b/core/java/android/security/keystore/recovery/LockScreenRequiredException.java index ced23685690e..acf893b2aeb3 100644 --- a/core/java/android/security/keystore/recovery/LockScreenRequiredException.java +++ b/core/java/android/security/keystore/recovery/LockScreenRequiredException.java @@ -16,6 +16,8 @@ package android.security.keystore.recovery; +import java.security.GeneralSecurityException; + /** * Error thrown when trying to generate keys for a profile that has no lock screen set. * @@ -23,7 +25,7 @@ package android.security.keystore.recovery; * * @hide */ -public class LockScreenRequiredException extends RecoveryControllerException { +public class LockScreenRequiredException extends GeneralSecurityException { public LockScreenRequiredException(String msg) { super(msg); } diff --git a/core/java/android/security/keystore/recovery/RecoveryController.java b/core/java/android/security/keystore/recovery/RecoveryController.java index 1908ce22bac2..20873171dc41 100644 --- a/core/java/android/security/keystore/recovery/RecoveryController.java +++ b/core/java/android/security/keystore/recovery/RecoveryController.java @@ -18,15 +18,18 @@ package android.security.keystore.recovery; import android.annotation.NonNull; import android.annotation.Nullable; +import android.annotation.RequiresPermission; import android.app.PendingIntent; +import android.content.Context; import android.content.pm.PackageManager.NameNotFoundException; import android.os.RemoteException; import android.os.ServiceManager; import android.os.ServiceSpecificException; -import android.util.Log; import com.android.internal.widget.ILockSettings; +import java.security.cert.CertificateException; +import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -114,9 +117,18 @@ public class RecoveryController { } /** + * Internal method used by {@code RecoverySession}. + * + * @hide + */ + ILockSettings getBinder() { + return mBinder; + } + + /** * Gets a new instance of the class. */ - public static RecoveryController getInstance() { + public static RecoveryController getInstance(Context context) { ILockSettings lockSettings = ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings")); return new RecoveryController(lockSettings); @@ -136,38 +148,39 @@ public class RecoveryController { * * @param rootCertificateAlias alias of a root certificate preinstalled on the device * @param signedPublicKeyList binary blob a list of X509 certificates and signature - * @throws BadCertificateFormatException if the {@code signedPublicKeyList} is in a bad format. + * @throws CertificateException if the {@code signedPublicKeyList} is in a bad format. * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public void initRecoveryService( @NonNull String rootCertificateAlias, @NonNull byte[] signedPublicKeyList) - throws BadCertificateFormatException, InternalRecoveryServiceException { + throws CertificateException, InternalRecoveryServiceException { try { mBinder.initRecoveryService(rootCertificateAlias, signedPublicKeyList); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT) { - throw new BadCertificateFormatException(e.getMessage()); + throw new CertificateException(e.getMessage()); } throw wrapUnexpectedServiceSpecificException(e); } } /** - * Returns data necessary to store all recoverable keys for given account. Key material is + * Returns data necessary to store all recoverable keys. Key material is * encrypted with user secret and recovery public key. * - * @param account specific to Recovery agent. * @return Data necessary to recover keystore. * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ - @NonNull public KeychainSnapshot getRecoveryData(@NonNull byte[] account) + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) + public @NonNull KeyChainSnapshot getRecoveryData() throws InternalRecoveryServiceException { try { - return mBinder.getRecoveryData(account); + return mBinder.getRecoveryData(/*account=*/ new byte[]{}); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { @@ -188,6 +201,7 @@ public class RecoveryController { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent) throws InternalRecoveryServiceException { try { @@ -200,22 +214,19 @@ public class RecoveryController { } /** - * Returns a map from recovery agent accounts to corresponding KeyStore recovery snapshot - * version. Version zero is used, if no snapshots were created for the account. + * Server parameters used to generate new recovery key blobs. This value will be included in + * {@code KeyChainSnapshot.getEncryptedRecoveryKeyBlob()}. The same value must be included + * in vaultParams {@link #startRecoverySession} * - * @return Map from recovery agent accounts to snapshot versions. - * @see KeychainSnapshot#getSnapshotVersion + * @param serverParams included in recovery key blob. + * @see #getRecoveryData * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ - public @NonNull Map<byte[], Integer> getRecoverySnapshotVersions() - throws InternalRecoveryServiceException { + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) + public void setServerParams(byte[] serverParams) throws InternalRecoveryServiceException { try { - // IPC doesn't support generic Maps. - @SuppressWarnings("unchecked") - Map<byte[], Integer> result = - (Map<byte[], Integer>) mBinder.getRecoverySnapshotVersions(); - return result; + mBinder.setServerParams(serverParams); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { @@ -224,18 +235,17 @@ public class RecoveryController { } /** - * Server parameters used to generate new recovery key blobs. This value will be included in - * {@code KeychainSnapshot.getEncryptedRecoveryKeyBlob()}. The same value must be included - * in vaultParams {@link #startRecoverySession} + * Gets aliases of recoverable keys for the application. + * @param packageName which recoverable keys' aliases will be returned. * - * @param serverParams included in recovery key blob. - * @see #getRecoveryData - * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery - * service. + * @return {@code List} of all aliases. */ - public void setServerParams(byte[] serverParams) throws InternalRecoveryServiceException { + public List<String> getAliases(@Nullable String packageName) + throws RemoteException, InternalRecoveryServiceException { try { - mBinder.setServerParams(serverParams); + // TODO: update aidl + Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(packageName); + return new ArrayList<>(allStatuses.keySet()); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { @@ -244,21 +254,23 @@ public class RecoveryController { } /** - * Updates recovery status for given keys. It is used to notify keystore that key was + * Updates recovery status for given key. It is used to notify keystore that key was * successfully stored on the server or there were an error. Application can check this value * using {@code getRecoveyStatus}. * - * @param packageName Application whose recoverable keys' statuses are to be updated. - * @param aliases List of application-specific key aliases. If the array is empty, updates the - * status for all existing recoverable keys. + * @param packageName Application whose recoverable key's status are to be updated. + * @param alias Application-specific key alias. * @param status Status specific to recovery agent. * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ + @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) public void setRecoveryStatus( - @NonNull String packageName, @Nullable String[] aliases, int status) + @NonNull String packageName, String alias, int status) throws NameNotFoundException, InternalRecoveryServiceException { try { + // TODO: update aidl + String[] aliases = alias == null ? null : new String[]{alias}; mBinder.setRecoveryStatus(packageName, aliases, status); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); @@ -268,7 +280,7 @@ public class RecoveryController { } /** - * Returns a {@code Map} from Application's KeyStore key aliases to their recovery status. + * Returns recovery status for Application's KeyStore key. * Negative status values are reserved for recovery agent specific codes. List of common codes: * * <ul> @@ -278,18 +290,24 @@ public class RecoveryController { * <li>{@link #RECOVERY_STATUS_PERMANENT_FAILURE} * </ul> * - * @return {@code Map} from KeyStore alias to recovery status. + * @param packageName Application whose recoverable key status is returned. + * @param alias Application-specific key alias. + * @return Recovery status. * @see #setRecoveryStatus * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ - public Map<String, Integer> getRecoveryStatus() throws InternalRecoveryServiceException { + public int getRecoveryStatus(String packageName, String alias) + throws InternalRecoveryServiceException { try { - // IPC doesn't support generic Maps. - @SuppressWarnings("unchecked") - Map<String, Integer> result = - (Map<String, Integer>) mBinder.getRecoveryStatus(/*packageName=*/ null); - return result; + // TODO: update aidl + Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(packageName); + Integer status = allStatuses.get(alias); + if (status == null) { + return RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE; + } else { + return status; + } } catch (RemoteException e) { throw e.rethrowFromSystemServer(); } catch (ServiceSpecificException e) { @@ -301,13 +319,13 @@ public class RecoveryController { * Specifies a set of secret types used for end-to-end keystore encryption. Knowing all of them * is necessary to recover data. * - * @param secretTypes {@link KeychainProtectionParams#TYPE_LOCKSCREEN} or {@link - * KeychainProtectionParams#TYPE_CUSTOM_PASSWORD} + * @param secretTypes {@link KeyChainProtectionParams#TYPE_LOCKSCREEN} or {@link + * KeyChainProtectionParams#TYPE_CUSTOM_PASSWORD} * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ public void setRecoverySecretTypes( - @NonNull @KeychainProtectionParams.UserSecretType int[] secretTypes) + @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) throws InternalRecoveryServiceException { try { mBinder.setRecoverySecretTypes(secretTypes); @@ -320,14 +338,14 @@ public class RecoveryController { /** * Defines a set of secret types used for end-to-end keystore encryption. Knowing all of them is - * necessary to generate KeychainSnapshot. + * necessary to generate KeyChainSnapshot. * * @return list of recovery secret types - * @see KeychainSnapshot + * @see KeyChainSnapshot * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ - public @NonNull @KeychainProtectionParams.UserSecretType int[] getRecoverySecretTypes() + public @NonNull @KeyChainProtectionParams.UserSecretType int[] getRecoverySecretTypes() throws InternalRecoveryServiceException { try { return mBinder.getRecoverySecretTypes(); @@ -348,7 +366,7 @@ public class RecoveryController { * service. */ @NonNull - public @KeychainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes() + public @KeyChainProtectionParams.UserSecretType int[] getPendingRecoverySecretTypes() throws InternalRecoveryServiceException { try { return mBinder.getPendingRecoverySecretTypes(); @@ -362,7 +380,7 @@ public class RecoveryController { /** * Method notifies KeyStore that a user-generated secret is available. This method generates a * symmetric session key which a trusted remote device can use to return a recovery key. Caller - * should use {@link KeychainProtectionParams#clearSecret} to override the secret value in + * should use {@link KeyChainProtectionParams#clearSecret} to override the secret value in * memory. * * @param recoverySecret user generated secret together with parameters necessary to regenerate @@ -370,7 +388,7 @@ public class RecoveryController { * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. */ - public void recoverySecretAvailable(@NonNull KeychainProtectionParams recoverySecret) + public void recoverySecretAvailable(@NonNull KeyChainProtectionParams recoverySecret) throws InternalRecoveryServiceException { try { mBinder.recoverySecretAvailable(recoverySecret); @@ -382,117 +400,21 @@ public class RecoveryController { } /** - * Initializes recovery session and returns a blob with proof of recovery secrets possession. - * The method generates symmetric key for a session, which trusted remote device can use to - * return recovery key. - * - * @param verifierPublicKey Encoded {@code java.security.cert.X509Certificate} with Public key - * used to create the recovery blob on the source device. - * Keystore will verify the certificate using root of trust. - * @param vaultParams Must match the parameters in the corresponding field in the recovery blob. - * Used to limit number of guesses. - * @param vaultChallenge Data passed from server for this recovery session and used to prevent - * replay attacks - * @param secrets Secrets provided by user, the method only uses type and secret fields. - * @return The recovery claim. Claim provides a b binary blob with recovery claim. It is - * encrypted with verifierPublicKey and contains a proof of user secrets, session symmetric - * key and parameters necessary to identify the counter with the number of failed recovery - * attempts. - * @throws BadCertificateFormatException if the {@code verifierPublicKey} is in an incorrect - * format. - * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery - * service. - */ - @NonNull public RecoveryClaim startRecoverySession( - @NonNull byte[] verifierPublicKey, - @NonNull byte[] vaultParams, - @NonNull byte[] vaultChallenge, - @NonNull List<KeychainProtectionParams> secrets) - throws BadCertificateFormatException, InternalRecoveryServiceException { - try { - RecoverySession recoverySession = RecoverySession.newInstance(this); - byte[] recoveryClaim = - mBinder.startRecoverySession( - recoverySession.getSessionId(), - verifierPublicKey, - vaultParams, - vaultChallenge, - secrets); - return new RecoveryClaim(recoverySession, recoveryClaim); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } catch (ServiceSpecificException e) { - if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT) { - throw new BadCertificateFormatException(e.getMessage()); - } - throw wrapUnexpectedServiceSpecificException(e); - } - } - - /** - * Imports keys. - * - * @param session Related recovery session, as originally created by invoking - * {@link #startRecoverySession(byte[], byte[], byte[], List)}. - * @param recoveryKeyBlob Recovery blob encrypted by symmetric key generated for this session. - * @param applicationKeys Application keys. Key material can be decrypted using recoveryKeyBlob - * and session. KeyStore only uses package names from the application info in {@link - * WrappedApplicationKey}. Caller is responsibility to perform certificates check. - * @return Map from alias to raw key material. - * @throws SessionExpiredException if {@code session} has since been closed. - * @throws DecryptionFailedException if unable to decrypt the snapshot. - * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service. - */ - public Map<String, byte[]> recoverKeys( - @NonNull RecoverySession session, - @NonNull byte[] recoveryKeyBlob, - @NonNull List<WrappedApplicationKey> applicationKeys) - throws SessionExpiredException, DecryptionFailedException, - InternalRecoveryServiceException { - try { - return (Map<String, byte[]>) mBinder.recoverKeys( - session.getSessionId(), recoveryKeyBlob, applicationKeys); - } catch (RemoteException e) { - throw e.rethrowFromSystemServer(); - } catch (ServiceSpecificException e) { - if (e.errorCode == ERROR_DECRYPTION_FAILED) { - throw new DecryptionFailedException(e.getMessage()); - } - if (e.errorCode == ERROR_SESSION_EXPIRED) { - throw new SessionExpiredException(e.getMessage()); - } - throw wrapUnexpectedServiceSpecificException(e); - } - } - - /** - * Deletes all data associated with {@code session}. Should not be invoked directly but via - * {@link RecoverySession#close()}. - * - * @hide - */ - void closeSession(RecoverySession session) { - try { - mBinder.closeSession(session.getSessionId()); - } catch (RemoteException | ServiceSpecificException e) { - Log.e(TAG, "Unexpected error trying to close session", e); - } - } - - /** * Generates a key called {@code alias} and loads it into the recoverable key store. Returns the * raw material of the key. * * @param alias The key alias. + * @param account The account associated with the key * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery * service. * @throws LockScreenRequiredException if the user has not set a lock screen. This is required * to generate recoverable keys, as the snapshots are encrypted using a key derived from the * lock screen. */ - public byte[] generateAndStoreKey(@NonNull String alias) + public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) throws InternalRecoveryServiceException, LockScreenRequiredException { try { + // TODO: add account return mBinder.generateAndStoreKey(alias); } catch (RemoteException e) { throw e.rethrowFromSystemServer(); @@ -521,7 +443,7 @@ public class RecoveryController { } } - private InternalRecoveryServiceException wrapUnexpectedServiceSpecificException( + InternalRecoveryServiceException wrapUnexpectedServiceSpecificException( ServiceSpecificException e) { if (e.errorCode == ERROR_SERVICE_INTERNAL_ERROR) { return new InternalRecoveryServiceException(e.getMessage()); diff --git a/core/java/android/security/keystore/recovery/RecoverySession.java b/core/java/android/security/keystore/recovery/RecoverySession.java index 89f894529739..11bea962d4b4 100644 --- a/core/java/android/security/keystore/recovery/RecoverySession.java +++ b/core/java/android/security/keystore/recovery/RecoverySession.java @@ -16,15 +16,24 @@ package android.security.keystore.recovery; +import android.annotation.NonNull; +import android.os.RemoteException; +import android.os.ServiceSpecificException; +import android.util.Log; + import java.security.SecureRandom; +import java.security.cert.CertificateException; +import java.util.List; +import java.util.Map; /** - * Session to recover a {@link KeychainSnapshot} from the remote trusted hardware, initiated by a + * Session to recover a {@link KeyChainSnapshot} from the remote trusted hardware, initiated by a * recovery agent. * * @hide */ public class RecoverySession implements AutoCloseable { + private static final String TAG = "RecoverySession"; private static final int SESSION_ID_LENGTH_BYTES = 16; @@ -58,14 +67,106 @@ public class RecoverySession implements AutoCloseable { } /** + * Starts a recovery session and returns a blob with proof of recovery secret possession. + * The method generates a symmetric key for a session, which trusted remote device can use to + * return recovery key. + * + * @param verifierPublicKey Encoded {@code java.security.cert.X509Certificate} with Public key + * used to create the recovery blob on the source device. + * Keystore will verify the certificate using root of trust. + * @param vaultParams Must match the parameters in the corresponding field in the recovery blob. + * Used to limit number of guesses. + * @param vaultChallenge Data passed from server for this recovery session and used to prevent + * replay attacks + * @param secrets Secrets provided by user, the method only uses type and secret fields. + * @return The recovery claim. Claim provides a b binary blob with recovery claim. It is + * encrypted with verifierPublicKey and contains a proof of user secrets, session symmetric + * key and parameters necessary to identify the counter with the number of failed recovery + * attempts. + * @throws CertificateException if the {@code verifierPublicKey} is in an incorrect + * format. + * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery + * service. + */ + @NonNull public byte[] start( + @NonNull byte[] verifierPublicKey, + @NonNull byte[] vaultParams, + @NonNull byte[] vaultChallenge, + @NonNull List<KeyChainProtectionParams> secrets) + throws CertificateException, InternalRecoveryServiceException { + try { + byte[] recoveryClaim = + mRecoveryController.getBinder().startRecoverySession( + mSessionId, + verifierPublicKey, + vaultParams, + vaultChallenge, + secrets); + return recoveryClaim; + } catch (RemoteException e) { + throw e.rethrowFromSystemServer(); + } catch (ServiceSpecificException e) { + if (e.errorCode == RecoveryController.ERROR_BAD_CERTIFICATE_FORMAT) { + throw new CertificateException(e.getMessage()); + } + throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); + } + } + + /** + * Imports keys. + * + * @param recoveryKeyBlob Recovery blob encrypted by symmetric key generated for this session. + * @param applicationKeys Application keys. Key material can be decrypted using recoveryKeyBlob + * and session. KeyStore only uses package names from the application info in {@link + * WrappedApplicationKey}. Caller is responsibility to perform certificates check. + * @return Map from alias to raw key material. + * @throws SessionExpiredException if {@code session} has since been closed. + * @throws DecryptionFailedException if unable to decrypt the snapshot. + * @throws InternalRecoveryServiceException if an error occurs internal to the recovery service. + */ + public Map<String, byte[]> recoverKeys( + @NonNull byte[] recoveryKeyBlob, + @NonNull List<WrappedApplicationKey> applicationKeys) + throws SessionExpiredException, DecryptionFailedException, + InternalRecoveryServiceException { + try { + return (Map<String, byte[]>) mRecoveryController.getBinder().recoverKeys( + mSessionId, recoveryKeyBlob, applicationKeys); + } catch (RemoteException e) { + throw e.rethrowFromSystemServer(); + } catch (ServiceSpecificException e) { + if (e.errorCode == RecoveryController.ERROR_DECRYPTION_FAILED) { + throw new DecryptionFailedException(e.getMessage()); + } + if (e.errorCode == RecoveryController.ERROR_SESSION_EXPIRED) { + throw new SessionExpiredException(e.getMessage()); + } + throw mRecoveryController.wrapUnexpectedServiceSpecificException(e); + } + } + + /** * An internal session ID, used by the framework to match recovery claims to snapshot responses. + * + * @hide */ String getSessionId() { return mSessionId; } + /** + * Deletes all data associated with {@code session}. Should not be invoked directly but via + * {@link RecoverySession#close()}. + * + * @hide + */ @Override public void close() { - mRecoveryController.closeSession(this); + try { + mRecoveryController.getBinder().closeSession(mSessionId); + } catch (RemoteException | ServiceSpecificException e) { + Log.e(TAG, "Unexpected error trying to close session", e); + } } } diff --git a/core/java/android/security/keystore/recovery/SessionExpiredException.java b/core/java/android/security/keystore/recovery/SessionExpiredException.java index 7fc2b0560d69..abee62e24a09 100644 --- a/core/java/android/security/keystore/recovery/SessionExpiredException.java +++ b/core/java/android/security/keystore/recovery/SessionExpiredException.java @@ -16,12 +16,15 @@ package android.security.keystore.recovery; +import java.security.GeneralSecurityException; + + /** * Error thrown when attempting to use a {@link RecoverySession} that has since expired. * * @hide */ -public class SessionExpiredException extends RecoveryControllerException { +public class SessionExpiredException extends GeneralSecurityException { public SessionExpiredException(String msg) { super(msg); } diff --git a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java index bca03b389e43..27191375a7f2 100644 --- a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java +++ b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java @@ -27,6 +27,7 @@ import com.android.internal.util.Preconditions; * * <ul> * <li>Alias - Keystore alias of the key. + * <li>Account Recovery Agent specific account associated with the key. * <li>Encrypted key material. * </ul> * @@ -39,13 +40,13 @@ public final class WrappedApplicationKey implements Parcelable { private String mAlias; // The only supported format is AES-256 symmetric key. private byte[] mEncryptedKeyMaterial; + private byte[] mAccount; /** * Builder for creating {@link WrappedApplicationKey}. */ public static class Builder { - private WrappedApplicationKey - mInstance = new WrappedApplicationKey(); + private WrappedApplicationKey mInstance = new WrappedApplicationKey(); /** * Sets Application-specific alias of the key. @@ -59,6 +60,17 @@ public final class WrappedApplicationKey implements Parcelable { } /** + * Sets Recovery agent specific account. + * + * @param account The account. + * @return This builder. + */ + public Builder setAccount(@NonNull byte[] account) { + mInstance.mAccount = account; + return this; + } + + /** * Sets key material encrypted by recovery key. * * @param encryptedKeyMaterial The key material @@ -79,12 +91,14 @@ public final class WrappedApplicationKey implements Parcelable { @NonNull public WrappedApplicationKey build() { Preconditions.checkNotNull(mInstance.mAlias); Preconditions.checkNotNull(mInstance.mEncryptedKeyMaterial); + if (mInstance.mAccount == null) { + mInstance.mAccount = new byte[]{}; + } return mInstance; } } private WrappedApplicationKey() { - } /** @@ -110,8 +124,16 @@ public final class WrappedApplicationKey implements Parcelable { return mEncryptedKeyMaterial; } - public static final Creator<WrappedApplicationKey> CREATOR = - new Creator<WrappedApplicationKey>() { + /** Account, default value is empty array */ + public @NonNull byte[] getAccount() { + if (mAccount == null) { + return new byte[]{}; + } + return mAccount; + } + + public static final Parcelable.Creator<WrappedApplicationKey> CREATOR = + new Parcelable.Creator<WrappedApplicationKey>() { public WrappedApplicationKey createFromParcel(Parcel in) { return new WrappedApplicationKey(in); } @@ -128,6 +150,7 @@ public final class WrappedApplicationKey implements Parcelable { public void writeToParcel(Parcel out, int flags) { out.writeString(mAlias); out.writeByteArray(mEncryptedKeyMaterial); + out.writeByteArray(mAccount); } /** @@ -136,6 +159,7 @@ public final class WrappedApplicationKey implements Parcelable { protected WrappedApplicationKey(Parcel in) { mAlias = in.readString(); mEncryptedKeyMaterial = in.createByteArray(); + mAccount = in.createByteArray(); } @Override diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl index f9da1eb26669..927d75753eca 100644 --- a/core/java/com/android/internal/widget/ILockSettings.aidl +++ b/core/java/com/android/internal/widget/ILockSettings.aidl @@ -20,8 +20,8 @@ import android.app.PendingIntent; import android.app.trust.IStrongAuthTracker; import android.os.Bundle; import android.security.keystore.recovery.WrappedApplicationKey; -import android.security.keystore.recovery.KeychainSnapshot; -import android.security.keystore.recovery.KeychainProtectionParams; +import android.security.keystore.recovery.KeyChainSnapshot; +import android.security.keystore.recovery.KeyChainProtectionParams; import com.android.internal.widget.ICheckCredentialProgressCallback; import com.android.internal.widget.VerifyCredentialResponse; @@ -64,7 +64,7 @@ interface ILockSettings { // {@code ServiceSpecificException} may be thrown to signal an error, which caller can // convert to {@code RecoveryManagerException}. void initRecoveryService(in String rootCertificateAlias, in byte[] signedPublicKeyList); - KeychainSnapshot getRecoveryData(in byte[] account); + KeyChainSnapshot getRecoveryData(in byte[] account); byte[] generateAndStoreKey(String alias); void removeKey(String alias); void setSnapshotCreatedPendingIntent(in PendingIntent intent); @@ -75,10 +75,10 @@ interface ILockSettings { void setRecoverySecretTypes(in int[] secretTypes); int[] getRecoverySecretTypes(); int[] getPendingRecoverySecretTypes(); - void recoverySecretAvailable(in KeychainProtectionParams recoverySecret); + void recoverySecretAvailable(in KeyChainProtectionParams recoverySecret); byte[] startRecoverySession(in String sessionId, in byte[] verifierPublicKey, in byte[] vaultParams, in byte[] vaultChallenge, - in List<KeychainProtectionParams> secrets); + in List<KeyChainProtectionParams> secrets); Map/*<String, byte[]>*/ recoverKeys(in String sessionId, in byte[] recoveryKeyBlob, in List<WrappedApplicationKey> applicationKeys); void closeSession(in String sessionId); diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index a6753ab09103..51abe9f81db4 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -79,9 +79,9 @@ import android.security.keystore.AndroidKeyStoreProvider; import android.security.keystore.KeyProperties; import android.security.keystore.KeyProtection; import android.security.keystore.UserNotAuthenticatedException; -import android.security.keystore.recovery.KeychainProtectionParams; +import android.security.keystore.recovery.KeyChainProtectionParams; import android.security.keystore.recovery.WrappedApplicationKey; -import android.security.keystore.recovery.KeychainSnapshot; +import android.security.keystore.recovery.KeyChainSnapshot; import android.service.gatekeeper.GateKeeperResponse; import android.service.gatekeeper.IGateKeeperService; import android.text.TextUtils; @@ -1980,7 +1980,7 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public KeychainSnapshot getRecoveryData(@NonNull byte[] account) throws RemoteException { + public KeyChainSnapshot getRecoveryData(@NonNull byte[] account) throws RemoteException { return mRecoverableKeyStoreManager.getRecoveryData(account); } @@ -2009,7 +2009,7 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public void setRecoverySecretTypes(@NonNull @KeychainProtectionParams.UserSecretType + public void setRecoverySecretTypes(@NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) throws RemoteException { mRecoverableKeyStoreManager.setRecoverySecretTypes(secretTypes); } @@ -2026,7 +2026,7 @@ public class LockSettingsService extends ILockSettings.Stub { } @Override - public void recoverySecretAvailable(@NonNull KeychainProtectionParams recoverySecret) + public void recoverySecretAvailable(@NonNull KeyChainProtectionParams recoverySecret) throws RemoteException { mRecoverableKeyStoreManager.recoverySecretAvailable(recoverySecret); } @@ -2034,7 +2034,7 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public byte[] startRecoverySession(@NonNull String sessionId, @NonNull byte[] verifierPublicKey, @NonNull byte[] vaultParams, - @NonNull byte[] vaultChallenge, @NonNull List<KeychainProtectionParams> secrets) + @NonNull byte[] vaultChallenge, @NonNull List<KeyChainProtectionParams> secrets) throws RemoteException { return mRecoverableKeyStoreManager.startRecoverySession(sessionId, verifierPublicKey, vaultParams, vaultChallenge, secrets); diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java index 6fcbcbcbfad9..e1e769cdfb16 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/KeySyncTask.java @@ -16,13 +16,13 @@ package com.android.server.locksettings.recoverablekeystore; -import static android.security.keystore.recovery.KeychainProtectionParams.TYPE_LOCKSCREEN; +import static android.security.keystore.recovery.KeyChainProtectionParams.TYPE_LOCKSCREEN; import android.annotation.Nullable; import android.content.Context; import android.security.keystore.recovery.KeyDerivationParams; -import android.security.keystore.recovery.KeychainProtectionParams; -import android.security.keystore.recovery.KeychainSnapshot; +import android.security.keystore.recovery.KeyChainProtectionParams; +import android.security.keystore.recovery.KeyChainSnapshot; import android.security.keystore.recovery.WrappedApplicationKey; import android.util.Log; @@ -255,12 +255,12 @@ public class KeySyncTask implements Runnable { } // TODO: store raw data in RecoveryServiceMetadataEntry and generate Parcelables later // TODO: use Builder. - KeychainProtectionParams metadata = new KeychainProtectionParams( + KeyChainProtectionParams metadata = new KeyChainProtectionParams( /*userSecretType=*/ TYPE_LOCKSCREEN, /*lockScreenUiFormat=*/ getUiFormat(mCredentialType, mCredential), /*keyDerivationParams=*/ KeyDerivationParams.createSha256Params(salt), /*secret=*/ new byte[0]); - ArrayList<KeychainProtectionParams> metadataList = new ArrayList<>(); + ArrayList<KeyChainProtectionParams> metadataList = new ArrayList<>(); metadataList.add(metadata); int snapshotVersion = incrementSnapshotVersion(recoveryAgentUid); @@ -268,13 +268,13 @@ public class KeySyncTask implements Runnable { // If application keys are not updated, snapshot will not be created on next unlock. mRecoverableKeyStoreDb.setShouldCreateSnapshot(mUserId, recoveryAgentUid, false); - mRecoverySnapshotStorage.put(recoveryAgentUid, new KeychainSnapshot.Builder() + mRecoverySnapshotStorage.put(recoveryAgentUid, new KeyChainSnapshot.Builder() .setSnapshotVersion(snapshotVersion) .setMaxAttempts(TRUSTED_HARDWARE_MAX_ATTEMPTS) .setCounterId(counterId) .setTrustedHardwarePublicKey(SecureBox.encodePublicKey(publicKey)) .setServerParams(vaultHandle) - .setKeychainProtectionParams(metadataList) + .setKeyChainProtectionParams(metadataList) .setWrappedApplicationKeys(createApplicationKeyEntries(encryptedApplicationKeys)) .setEncryptedRecoveryKeyBlob(encryptedRecoveryKey) .build()); @@ -317,7 +317,7 @@ public class KeySyncTask implements Runnable { */ private boolean shoudCreateSnapshot(int recoveryAgentUid) { int[] types = mRecoverableKeyStoreDb.getRecoverySecretTypes(mUserId, recoveryAgentUid); - if (!ArrayUtils.contains(types, KeychainProtectionParams.TYPE_LOCKSCREEN)) { + if (!ArrayUtils.contains(types, KeyChainProtectionParams.TYPE_LOCKSCREEN)) { // Only lockscreen type is supported. // We will need to pass extra argument to KeySyncTask to support custom pass phrase. return false; @@ -340,14 +340,14 @@ public class KeySyncTask implements Runnable { * @return The format - either pattern, pin, or password. */ @VisibleForTesting - @KeychainProtectionParams.LockScreenUiFormat static int getUiFormat( + @KeyChainProtectionParams.LockScreenUiFormat static int getUiFormat( int credentialType, String credential) { if (credentialType == LockPatternUtils.CREDENTIAL_TYPE_PATTERN) { - return KeychainProtectionParams.TYPE_PATTERN; + return KeyChainProtectionParams.UI_FORMAT_PATTERN; } else if (isPin(credential)) { - return KeychainProtectionParams.TYPE_PIN; + return KeyChainProtectionParams.UI_FORMAT_PIN; } else { - return KeychainProtectionParams.TYPE_PASSWORD; + return KeyChainProtectionParams.UI_FORMAT_PASSWORD; } } diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java index ac3cef2fa7ef..b6c3c66924f0 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java @@ -33,8 +33,8 @@ import android.os.RemoteException; import android.os.ServiceSpecificException; import android.os.UserHandle; -import android.security.keystore.recovery.KeychainProtectionParams; -import android.security.keystore.recovery.KeychainSnapshot; +import android.security.keystore.recovery.KeyChainProtectionParams; +import android.security.keystore.recovery.KeyChainSnapshot; import android.security.keystore.recovery.RecoveryController; import android.security.keystore.recovery.WrappedApplicationKey; import android.util.Log; @@ -170,11 +170,11 @@ public class RecoverableKeyStoreManager { * @hide */ public @NonNull - KeychainSnapshot getRecoveryData(@NonNull byte[] account) + KeyChainSnapshot getRecoveryData(@NonNull byte[] account) throws RemoteException { checkRecoverKeyStorePermission(); int uid = Binder.getCallingUid(); - KeychainSnapshot snapshot = mSnapshotStorage.get(uid); + KeyChainSnapshot snapshot = mSnapshotStorage.get(uid); if (snapshot == null) { throw new ServiceSpecificException(ERROR_NO_SNAPSHOT_PENDING); } @@ -256,7 +256,7 @@ public class RecoverableKeyStoreManager { * @hide */ public void setRecoverySecretTypes( - @NonNull @KeychainProtectionParams.UserSecretType int[] secretTypes) + @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) throws RemoteException { checkRecoverKeyStorePermission(); int userId = UserHandle.getCallingUserId(); @@ -291,9 +291,9 @@ public class RecoverableKeyStoreManager { } public void recoverySecretAvailable( - @NonNull KeychainProtectionParams recoverySecret) throws RemoteException { + @NonNull KeyChainProtectionParams recoverySecret) throws RemoteException { int uid = Binder.getCallingUid(); - if (recoverySecret.getLockScreenUiFormat() == KeychainProtectionParams.TYPE_LOCKSCREEN) { + if (recoverySecret.getLockScreenUiFormat() == KeyChainProtectionParams.TYPE_LOCKSCREEN) { throw new SecurityException( "Caller " + uid + " is not allowed to set lock screen secret"); } @@ -319,14 +319,14 @@ public class RecoverableKeyStoreManager { @NonNull byte[] verifierPublicKey, @NonNull byte[] vaultParams, @NonNull byte[] vaultChallenge, - @NonNull List<KeychainProtectionParams> secrets) + @NonNull List<KeyChainProtectionParams> secrets) throws RemoteException { checkRecoverKeyStorePermission(); int uid = Binder.getCallingUid(); if (secrets.size() != 1) { throw new UnsupportedOperationException( - "Only a single KeychainProtectionParams is supported"); + "Only a single KeyChainProtectionParams is supported"); } PublicKey publicKey; diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java index 2b1416e06182..f2e71b37b7f9 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverableKeyStoreDb.java @@ -404,7 +404,7 @@ public class RecoverableKeyStoreDb { /** * Updates the list of user secret types used for end-to-end encryption. * If no secret types are set, recovery snapshot will not be created. - * See {@code KeychainProtectionParams} + * See {@code KeyChainProtectionParams} * * @param userId The userId of the profile the application is running under. * @param uid The uid of the application. diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorage.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorage.java index 7cde7ab0589c..3f93cc6f5f88 100644 --- a/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorage.java +++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorage.java @@ -17,7 +17,7 @@ package com.android.server.locksettings.recoverablekeystore.storage; import android.annotation.Nullable; -import android.security.keystore.recovery.KeychainSnapshot; +import android.security.keystore.recovery.KeyChainSnapshot; import android.util.SparseArray; import com.android.internal.annotations.GuardedBy; @@ -34,12 +34,12 @@ import com.android.internal.annotations.GuardedBy; */ public class RecoverySnapshotStorage { @GuardedBy("this") - private final SparseArray<KeychainSnapshot> mSnapshotByUid = new SparseArray<>(); + private final SparseArray<KeyChainSnapshot> mSnapshotByUid = new SparseArray<>(); /** * Sets the latest {@code snapshot} for the recovery agent {@code uid}. */ - public synchronized void put(int uid, KeychainSnapshot snapshot) { + public synchronized void put(int uid, KeyChainSnapshot snapshot) { mSnapshotByUid.put(uid, snapshot); } @@ -47,7 +47,7 @@ public class RecoverySnapshotStorage { * Returns the latest snapshot for the recovery agent {@code uid}, or null if none exists. */ @Nullable - public synchronized KeychainSnapshot get(int uid) { + public synchronized KeyChainSnapshot get(int uid) { return mSnapshotByUid.get(uid); } diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java index 6edaf87e135f..6a3a260361c9 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/KeySyncTaskTest.java @@ -16,11 +16,11 @@ package com.android.server.locksettings.recoverablekeystore; -import static android.security.keystore.recovery.KeychainProtectionParams.TYPE_LOCKSCREEN; +import static android.security.keystore.recovery.KeyChainProtectionParams.TYPE_LOCKSCREEN; -import static android.security.keystore.recovery.KeychainProtectionParams.TYPE_PASSWORD; -import static android.security.keystore.recovery.KeychainProtectionParams.TYPE_PATTERN; -import static android.security.keystore.recovery.KeychainProtectionParams.TYPE_PIN; +import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PASSWORD; +import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PATTERN; +import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PIN; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PASSWORD; import static com.android.internal.widget.LockPatternUtils.CREDENTIAL_TYPE_PATTERN; @@ -41,7 +41,7 @@ import android.security.keystore.AndroidKeyStoreSecretKey; import android.security.keystore.KeyGenParameterSpec; import android.security.keystore.KeyProperties; import android.security.keystore.recovery.KeyDerivationParams; -import android.security.keystore.recovery.KeychainSnapshot; +import android.security.keystore.recovery.KeyChainSnapshot; import android.security.keystore.recovery.WrappedApplicationKey; import android.support.test.InstrumentationRegistry; import android.support.test.filters.SmallTest; @@ -190,19 +190,19 @@ public class KeySyncTaskTest { @Test public void getUiFormat_returnsPinIfPin() { - assertEquals(TYPE_PIN, + assertEquals(UI_FORMAT_PIN, KeySyncTask.getUiFormat(CREDENTIAL_TYPE_PASSWORD, "1234")); } @Test public void getUiFormat_returnsPasswordIfPassword() { - assertEquals(TYPE_PASSWORD, + assertEquals(UI_FORMAT_PASSWORD, KeySyncTask.getUiFormat(CREDENTIAL_TYPE_PASSWORD, "1234a")); } @Test public void getUiFormat_returnsPatternIfPattern() { - assertEquals(TYPE_PATTERN, + assertEquals(UI_FORMAT_PATTERN, KeySyncTask.getUiFormat(CREDENTIAL_TYPE_PATTERN, "1234")); } @@ -287,33 +287,33 @@ public class KeySyncTaskTest { mKeySyncTask.run(); - KeychainSnapshot keychainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); - KeyDerivationParams KeyDerivationParams = - keychainSnapshot.getKeychainProtectionParams().get(0).getKeyDerivationParams(); - assertThat(KeyDerivationParams.getAlgorithm()).isEqualTo( + KeyChainSnapshot keyChainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); + KeyDerivationParams keyDerivationParams = + keyChainSnapshot.getKeyChainProtectionParams().get(0).getKeyDerivationParams(); + assertThat(keyDerivationParams.getAlgorithm()).isEqualTo( KeyDerivationParams.ALGORITHM_SHA256); verify(mSnapshotListenersStorage).recoverySnapshotAvailable(TEST_RECOVERY_AGENT_UID); byte[] lockScreenHash = KeySyncTask.hashCredentials( - KeyDerivationParams.getSalt(), + keyDerivationParams.getSalt(), TEST_CREDENTIAL); Long counterId = mRecoverableKeyStoreDb.getCounterId(TEST_USER_ID, TEST_RECOVERY_AGENT_UID); counterId = 1L; // TODO: use value from the database. assertThat(counterId).isNotNull(); byte[] recoveryKey = decryptThmEncryptedKey( lockScreenHash, - keychainSnapshot.getEncryptedRecoveryKeyBlob(), + keyChainSnapshot.getEncryptedRecoveryKeyBlob(), /*vaultParams=*/ KeySyncUtils.packVaultParams( mKeyPair.getPublic(), counterId, /*maxAttempts=*/ 10, TEST_VAULT_HANDLE)); - List<WrappedApplicationKey> applicationKeys = keychainSnapshot.getWrappedApplicationKeys(); + List<WrappedApplicationKey> applicationKeys = keyChainSnapshot.getWrappedApplicationKeys(); assertThat(applicationKeys).hasSize(1); - assertThat(keychainSnapshot.getCounterId()).isEqualTo(counterId); - assertThat(keychainSnapshot.getMaxAttempts()).isEqualTo(10); - assertThat(keychainSnapshot.getTrustedHardwarePublicKey()) + assertThat(keyChainSnapshot.getCounterId()).isEqualTo(counterId); + assertThat(keyChainSnapshot.getMaxAttempts()).isEqualTo(10); + assertThat(keyChainSnapshot.getTrustedHardwarePublicKey()) .isEqualTo(SecureBox.encodePublicKey(mKeyPair.getPublic())); - assertThat(keychainSnapshot.getServerParams()).isEqualTo(TEST_VAULT_HANDLE); + assertThat(keyChainSnapshot.getServerParams()).isEqualTo(TEST_VAULT_HANDLE); WrappedApplicationKey keyData = applicationKeys.get(0); assertEquals(TEST_APP_KEY_ALIAS, keyData.getAlias()); assertThat(keyData.getAlias()).isEqualTo(keyData.getAlias()); @@ -332,14 +332,14 @@ public class KeySyncTaskTest { mKeySyncTask.run(); - KeychainSnapshot keychainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); - assertThat(keychainSnapshot.getSnapshotVersion()).isEqualTo(1); // default value; + KeyChainSnapshot keyChainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); + assertThat(keyChainSnapshot.getSnapshotVersion()).isEqualTo(1); // default value; mRecoverableKeyStoreDb.setShouldCreateSnapshot(TEST_USER_ID, TEST_RECOVERY_AGENT_UID, true); mKeySyncTask.run(); - keychainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); - assertThat(keychainSnapshot.getSnapshotVersion()).isEqualTo(2); // Updated + keyChainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); + assertThat(keyChainSnapshot.getSnapshotVersion()).isEqualTo(2); // Updated } @Test @@ -362,10 +362,10 @@ public class KeySyncTaskTest { mKeySyncTask.run(); - KeychainSnapshot keychainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); - assertThat(keychainSnapshot.getKeychainProtectionParams()).hasSize(1); - assertThat(keychainSnapshot.getKeychainProtectionParams().get(0).getLockScreenUiFormat()). - isEqualTo(TYPE_PASSWORD); + KeyChainSnapshot keyChainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); + assertThat(keyChainSnapshot.getKeyChainProtectionParams()).hasSize(1); + assertThat(keyChainSnapshot.getKeyChainProtectionParams().get(0).getLockScreenUiFormat()). + isEqualTo(UI_FORMAT_PASSWORD); } @Test @@ -388,11 +388,11 @@ public class KeySyncTaskTest { mKeySyncTask.run(); - KeychainSnapshot keychainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); - assertThat(keychainSnapshot.getKeychainProtectionParams()).hasSize(1); + KeyChainSnapshot keyChainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); + assertThat(keyChainSnapshot.getKeyChainProtectionParams()).hasSize(1); // Password with only digits is changed to pin. - assertThat(keychainSnapshot.getKeychainProtectionParams().get(0).getLockScreenUiFormat()). - isEqualTo(TYPE_PIN); + assertThat(keyChainSnapshot.getKeyChainProtectionParams().get(0).getLockScreenUiFormat()). + isEqualTo(UI_FORMAT_PIN); } @Test @@ -415,10 +415,10 @@ public class KeySyncTaskTest { mKeySyncTask.run(); - KeychainSnapshot keychainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); - assertThat(keychainSnapshot.getKeychainProtectionParams()).hasSize(1); - assertThat(keychainSnapshot.getKeychainProtectionParams().get(0).getLockScreenUiFormat()). - isEqualTo(TYPE_PATTERN); + KeyChainSnapshot keyChainSnapshot = mRecoverySnapshotStorage.get(TEST_RECOVERY_AGENT_UID); + assertThat(keyChainSnapshot.getKeyChainProtectionParams()).hasSize(1); + assertThat(keyChainSnapshot.getKeyChainProtectionParams().get(0).getLockScreenUiFormat()). + isEqualTo(UI_FORMAT_PATTERN); } @Test diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java index a3a2e4764edc..c863aabb905f 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java @@ -16,8 +16,8 @@ package com.android.server.locksettings.recoverablekeystore; -import static android.security.keystore.recovery.KeychainProtectionParams.TYPE_LOCKSCREEN; -import static android.security.keystore.recovery.KeychainProtectionParams.TYPE_PASSWORD; +import static android.security.keystore.recovery.KeyChainProtectionParams.TYPE_LOCKSCREEN; +import static android.security.keystore.recovery.KeyChainProtectionParams.UI_FORMAT_PASSWORD; import static com.google.common.truth.Truth.assertThat; import static org.junit.Assert.assertArrayEquals; @@ -43,7 +43,7 @@ import android.security.keystore.AndroidKeyStoreSecretKey; import android.security.keystore.KeyGenParameterSpec; import android.security.keystore.KeyProperties; import android.security.keystore.recovery.KeyDerivationParams; -import android.security.keystore.recovery.KeychainProtectionParams; +import android.security.keystore.recovery.KeyChainProtectionParams; import android.security.keystore.recovery.WrappedApplicationKey; import android.support.test.filters.SmallTest; import android.support.test.InstrumentationRegistry; @@ -250,9 +250,9 @@ public class RecoverableKeyStoreManagerTest { TEST_VAULT_PARAMS, TEST_VAULT_CHALLENGE, ImmutableList.of( - new KeychainProtectionParams( + new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); @@ -269,9 +269,9 @@ public class RecoverableKeyStoreManagerTest { TEST_VAULT_PARAMS, TEST_VAULT_CHALLENGE, ImmutableList.of( - new KeychainProtectionParams( + new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); @@ -290,9 +290,9 @@ public class RecoverableKeyStoreManagerTest { TEST_VAULT_PARAMS, TEST_VAULT_CHALLENGE, ImmutableList.of( - new KeychainProtectionParams( + new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); @@ -309,9 +309,9 @@ public class RecoverableKeyStoreManagerTest { TEST_VAULT_PARAMS, TEST_VAULT_CHALLENGE, ImmutableList.of( - new KeychainProtectionParams( + new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); @@ -332,7 +332,7 @@ public class RecoverableKeyStoreManagerTest { fail("should have thrown"); } catch (UnsupportedOperationException e) { assertThat(e.getMessage()).startsWith( - "Only a single KeychainProtectionParams is supported"); + "Only a single KeyChainProtectionParams is supported"); } } @@ -345,9 +345,9 @@ public class RecoverableKeyStoreManagerTest { TEST_VAULT_PARAMS, TEST_VAULT_CHALLENGE, ImmutableList.of( - new KeychainProtectionParams( + new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); fail("should have thrown"); @@ -367,9 +367,9 @@ public class RecoverableKeyStoreManagerTest { vaultParams, TEST_VAULT_CHALLENGE, ImmutableList.of( - new KeychainProtectionParams( + new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); fail("should have thrown"); @@ -400,9 +400,9 @@ public class RecoverableKeyStoreManagerTest { TEST_PUBLIC_KEY, TEST_VAULT_PARAMS, TEST_VAULT_CHALLENGE, - ImmutableList.of(new KeychainProtectionParams( + ImmutableList.of(new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); @@ -424,9 +424,9 @@ public class RecoverableKeyStoreManagerTest { TEST_PUBLIC_KEY, TEST_VAULT_PARAMS, TEST_VAULT_CHALLENGE, - ImmutableList.of(new KeychainProtectionParams( + ImmutableList.of(new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); byte[] keyClaimant = mRecoverySessionStorage.get(Binder.getCallingUid(), TEST_SESSION_ID) @@ -456,9 +456,9 @@ public class RecoverableKeyStoreManagerTest { TEST_PUBLIC_KEY, TEST_VAULT_PARAMS, TEST_VAULT_CHALLENGE, - ImmutableList.of(new KeychainProtectionParams( + ImmutableList.of(new KeyChainProtectionParams( TYPE_LOCKSCREEN, - TYPE_PASSWORD, + UI_FORMAT_PASSWORD, KeyDerivationParams.createSha256Params(TEST_SALT), TEST_SECRET))); byte[] keyClaimant = mRecoverySessionStorage.get(Binder.getCallingUid(), TEST_SESSION_ID) diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorageTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorageTest.java index 89c5c6c8a072..d61a294b1a39 100644 --- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorageTest.java +++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/storage/RecoverySnapshotStorageTest.java @@ -3,7 +3,7 @@ package com.android.server.locksettings.recoverablekeystore.storage; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNull; -import android.security.keystore.recovery.KeychainSnapshot; +import android.security.keystore.recovery.KeyChainSnapshot; import android.support.test.filters.SmallTest; import android.support.test.runner.AndroidJUnit4; @@ -26,25 +26,25 @@ public class RecoverySnapshotStorageTest { @Test public void get_returnsSetSnapshot() { int userId = 1000; - KeychainSnapshot keychainSnapshot = new KeychainSnapshot( + KeyChainSnapshot keyChainSnapshot = new KeyChainSnapshot( /*snapshotVersion=*/ 1, new ArrayList<>(), new ArrayList<>(), new byte[0]); - mRecoverySnapshotStorage.put(userId, keychainSnapshot); + mRecoverySnapshotStorage.put(userId, keyChainSnapshot); - assertEquals(keychainSnapshot, mRecoverySnapshotStorage.get(userId)); + assertEquals(keyChainSnapshot, mRecoverySnapshotStorage.get(userId)); } @Test public void remove_removesSnapshots() { int userId = 1000; - KeychainSnapshot keychainSnapshot = new KeychainSnapshot( + KeyChainSnapshot keyChainSnapshot = new KeyChainSnapshot( /*snapshotVersion=*/ 1, new ArrayList<>(), new ArrayList<>(), new byte[0]); - mRecoverySnapshotStorage.put(userId, keychainSnapshot); + mRecoverySnapshotStorage.put(userId, keyChainSnapshot); mRecoverySnapshotStorage.remove(userId); |