67  *   The SP has an associated password handle, which binds to the SID for that user. The password
68  *   handle is persisted by SyntheticPasswordManager internally.
73  *     SP_HANDLE_NAME: GateKeeper password handle of synthetic password. Only available if user
78  *     for each SP blob under the user (stored under the corresponding handle):
92     private static final String SP_HANDLE_NAME = "handle";
209         // For GateKeeper-based credential, this is the password handle returned by GK,
405         for (long handle : mStorage.listSyntheticPasswordHandlesForUser(SP_BLOB_NAME, userId)) {
406             destroyWeaverSlot(handle, userId);
407             destroySPBlobKey(getHandleName(handle));
411     public int getCredentialType(long handle, int userId) {
412         byte[] passwordData = loadState(PASSWORD_DATA_NAME, handle, userId);
430      * (the corresponding synthetic password handle is persisted by SyntheticPasswordManager
434      * SyntheticPasswordManager will nuke any SP handle previously persisted. In this case,
463      * Enroll a new password handle and SID for the given synthetic password and persist it on disk.
477     // Nuke the SP handle (and as a result, its SID) for the given user.
518     private int loadWeaverSlot(long handle, int userId) {
520         byte[] data = loadState(WEAVER_SLOT_NAME, handle, userId);
528             Log.e(TAG, "Invalid weaver slot version of handle " + handle);
534     private void saveWeaverSlot(int slot, long handle, int userId) {
538         saveState(WEAVER_SLOT_NAME, buffer.array(), handle, userId);
541     private void destroyWeaverSlot(long handle, int userId) {
542         int slot = loadWeaverSlot(handle, userId);
543         destroyState(WEAVER_SLOT_NAME, handle, userId);
574             for (Long handle : entry.getValue()) {
575                 int slot = loadWeaverSlot(handle, entry.getKey());
598      * handle logic around SID or SP handle. The caller should separately ensure that the user's SID
613         long handle = generateHandle();
628             saveWeaverSlot(weaverSlot, handle, userId);
648                     createSecdiscardable(handle, userId));
651         saveState(PASSWORD_DATA_NAME, pwd.toBytes(), handle, userId);
653         createSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_PASSWORD_BASED, authToken,
655         return handle;
683     public void migrateFrpPasswordLocked(long handle, UserInfo userInfo, int requestedQuality) {
686             PasswordData pwd = PasswordData.fromBytes(loadState(PASSWORD_DATA_NAME, handle,
689                 int weaverSlot = loadWeaverSlot(handle, userInfo.id);
730         long handle = generateHandle();
746         tokenMap.get(userId).put(handle, tokenData);
747         return handle;
757     public boolean removePendingToken(long handle, int userId) {
761         return tokenMap.get(userId).remove(handle) != null;
764     public boolean activateTokenBasedSyntheticPassword(long handle, AuthenticationToken authToken,
769         TokenData tokenData = tokenMap.get(userId).get(handle);
786             saveWeaverSlot(slot, handle, userId);
788         saveSecdiscardable(handle, tokenData.secdiscardableOnDisk, userId);
789         createSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_TOKEN_BASED, authToken,
791         tokenMap.get(userId).remove(handle);
795     private void createSyntheticPasswordBlob(long handle, byte type, AuthenticationToken authToken,
803         byte[] content = createSPBlob(getHandleName(handle), secret, applicationId, sid);
808         saveState(SP_BLOB_NAME, blob, handle, userId);
813      * blob handle generated previously. If the decryption is successful, initiate a GateKeeper
819             long handle, String credential, int userId,
825         PasswordData pwd = PasswordData.fromBytes(loadState(PASSWORD_DATA_NAME, handle, userId));
831         int weaverSlot = loadWeaverSlot(handle, userId);
857                         saveState(PASSWORD_DATA_NAME, pwd.toBytes(), handle, userId);
878                     loadSecdiscardable(handle, userId));
885         result.authToken = unwrapSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_PASSWORD_BASED,
895      * blob handle generated previously. If the decryption is successful, initiate a GateKeeper
899             IGateKeeperService gatekeeper, long handle, byte[] token, int userId)
902         byte[] secdiscardable = loadSecdiscardable(handle, userId);
903         int slotId = loadWeaverSlot(handle, userId);
921         result.authToken = unwrapSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_TOKEN_BASED,
936     private AuthenticationToken unwrapSyntheticPasswordBlob(long handle, byte type,
938         byte[] blob = loadState(SP_BLOB_NAME, handle, userId);
951             secret = SyntheticPasswordCrypto.decryptBlobV1(getHandleName(handle),
954             secret = decryptSPBlob(getHandleName(handle),
973             createSyntheticPasswordBlob(handle, type, result, applicationId, sid, userId);
979      * performs GK verifyChallenge and returns auth token, re-enrolling SP password handle
990             // There is no password handle associated with the given user, i.e. the user is not
1006                     // Call self again to re-verify with updated handle
1009                     Log.w(TAG, "Fail to re-enroll SP handle for user " + userId);
1010                     // Fall through, return existing handle
1021     public boolean existsHandle(long handle, int userId) {
1022         return hasState(SP_BLOB_NAME, handle, userId);
1025     public void destroyTokenBasedSyntheticPassword(long handle, int userId) {
1026         destroySyntheticPassword(handle, userId);
1027         destroyState(SECDISCARDABLE_NAME, handle, userId);
1030     public void destroyPasswordBasedSyntheticPassword(long handle, int userId) {
1031         destroySyntheticPassword(handle, userId);
1032         destroyState(SECDISCARDABLE_NAME, handle, userId);
1033         destroyState(PASSWORD_DATA_NAME, handle, userId);
1036     private void destroySyntheticPassword(long handle, int userId) {
1037         destroyState(SP_BLOB_NAME, handle, userId);
1038         destroySPBlobKey(getHandleName(handle));
1039         if (hasState(WEAVER_SLOT_NAME, handle, userId)) {
1040             destroyWeaverSlot(handle, userId);
1062     private byte[] createSecdiscardable(long handle, int userId) {
1064         saveSecdiscardable(handle, data, userId);
1068     private void saveSecdiscardable(long handle, byte[] secdiscardable, int userId) {
1069         saveState(SECDISCARDABLE_NAME, secdiscardable, handle, userId);
1072     private byte[] loadSecdiscardable(long handle, int userId) {
1073         return loadState(SECDISCARDABLE_NAME, handle, userId);
1076     private boolean hasState(String stateName, long handle, int userId) {
1077         return !ArrayUtils.isEmpty(loadState(stateName, handle, userId));
1080     private byte[] loadState(String stateName, long handle, int userId) {
1081         return mStorage.readSyntheticPasswordState(userId, handle, stateName);
1084     private void saveState(String stateName, byte[] data, long handle, int userId) {
1085         mStorage.writeSyntheticPasswordState(userId, handle, stateName, data);
1088     private void destroyState(String stateName, long handle, int userId) {
1089         mStorage.deleteSyntheticPasswordState(userId, handle, stateName);
1126     private String getHandleName(long handle) {
1127         return String.format("%s%x", LockPatternUtils.SYNTHETIC_PASSWORD_KEY_PREFIX, handle);
1147     protected long sidFromPasswordHandle(byte[] handle) {
1148         return nativeSidFromPasswordHandle(handle);
1155     native long nativeSidFromPasswordHandle(byte[] handle);

Indexes created Sun Aug 12 02:23:12 CEST 2018