1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.content.pm;
18
19import android.os.Parcel;
20import android.os.Parcelable;
21import android.text.TextUtils;
22import android.util.Slog;
23
24import java.security.InvalidAlgorithmParameterException;
25import java.security.spec.AlgorithmParameterSpec;
26import java.util.Arrays;
27
28import javax.crypto.SecretKey;
29import javax.crypto.spec.IvParameterSpec;
30
31/**
32 * Represents encryption parameters used to read a container.
33 *
34 * @hide
35 */
36public class ContainerEncryptionParams implements Parcelable {
37    protected static final String TAG = "ContainerEncryptionParams";
38
39    /** What we print out first when toString() is called. */
40    private static final String TO_STRING_PREFIX = "ContainerEncryptionParams{";
41
42    /**
43     * Parameter type for parceling that indicates the next parameters are
44     * IvParameters.
45     */
46    private static final int ENC_PARAMS_IV_PARAMETERS = 1;
47
48    /** Parameter type for paceling that indicates there are no MAC parameters. */
49    private static final int MAC_PARAMS_NONE = 1;
50
51    /** The encryption algorithm used. */
52    private final String mEncryptionAlgorithm;
53
54    /** The parameter spec to be used for encryption. */
55    private final IvParameterSpec mEncryptionSpec;
56
57    /** Secret key to be used for decryption. */
58    private final SecretKey mEncryptionKey;
59
60    /** Algorithm name for the MAC to be used. */
61    private final String mMacAlgorithm;
62
63    /** The parameter spec to be used for the MAC tag authentication. */
64    private final AlgorithmParameterSpec mMacSpec;
65
66    /** Secret key to be used for MAC tag authentication. */
67    private final SecretKey mMacKey;
68
69    /** MAC tag authenticating the data in the container. */
70    private final byte[] mMacTag;
71
72    /** Offset into file where authenticated (e.g., MAC protected) data begins. */
73    private final long mAuthenticatedDataStart;
74
75    /** Offset into file where encrypted data begins. */
76    private final long mEncryptedDataStart;
77
78    /**
79     * Offset into file for the end of encrypted data (and, by extension,
80     * authenticated data) in file.
81     */
82    private final long mDataEnd;
83
84    public ContainerEncryptionParams(String encryptionAlgorithm,
85            AlgorithmParameterSpec encryptionSpec, SecretKey encryptionKey)
86            throws InvalidAlgorithmParameterException {
87        this(encryptionAlgorithm, encryptionSpec, encryptionKey, null, null, null, null, -1, -1,
88                -1);
89    }
90
91    /**
92     * Creates container encryption specifications for installing from encrypted
93     * containers.
94     *
95     * @param encryptionAlgorithm encryption algorithm to use; format matches
96     *            JCE
97     * @param encryptionSpec algorithm parameter specification
98     * @param encryptionKey key used for decryption
99     * @param macAlgorithm MAC algorithm to use; format matches JCE
100     * @param macSpec algorithm parameters specification, may be {@code null}
101     * @param macKey key used for authentication (i.e., for the MAC tag)
102     * @param macTag message authentication code (MAC) tag for the authenticated
103     *            data
104     * @param authenticatedDataStart offset of start of authenticated data in
105     *            stream
106     * @param encryptedDataStart offset of start of encrypted data in stream
107     * @param dataEnd offset of the end of both the authenticated and encrypted
108     *            data
109     * @throws InvalidAlgorithmParameterException
110     */
111    public ContainerEncryptionParams(String encryptionAlgorithm,
112            AlgorithmParameterSpec encryptionSpec, SecretKey encryptionKey, String macAlgorithm,
113            AlgorithmParameterSpec macSpec, SecretKey macKey, byte[] macTag,
114            long authenticatedDataStart, long encryptedDataStart, long dataEnd)
115            throws InvalidAlgorithmParameterException {
116        if (TextUtils.isEmpty(encryptionAlgorithm)) {
117            throw new NullPointerException("algorithm == null");
118        } else if (encryptionSpec == null) {
119            throw new NullPointerException("encryptionSpec == null");
120        } else if (encryptionKey == null) {
121            throw new NullPointerException("encryptionKey == null");
122        }
123
124        if (!TextUtils.isEmpty(macAlgorithm)) {
125            if (macKey == null) {
126                throw new NullPointerException("macKey == null");
127            }
128        }
129
130        if (!(encryptionSpec instanceof IvParameterSpec)) {
131            throw new InvalidAlgorithmParameterException(
132                    "Unknown parameter spec class; must be IvParameters");
133        }
134
135        mEncryptionAlgorithm = encryptionAlgorithm;
136        mEncryptionSpec = (IvParameterSpec) encryptionSpec;
137        mEncryptionKey = encryptionKey;
138
139        mMacAlgorithm = macAlgorithm;
140        mMacSpec = macSpec;
141        mMacKey = macKey;
142        mMacTag = macTag;
143
144        mAuthenticatedDataStart = authenticatedDataStart;
145        mEncryptedDataStart = encryptedDataStart;
146        mDataEnd = dataEnd;
147    }
148
149    public String getEncryptionAlgorithm() {
150        return mEncryptionAlgorithm;
151    }
152
153    public AlgorithmParameterSpec getEncryptionSpec() {
154        return mEncryptionSpec;
155    }
156
157    public SecretKey getEncryptionKey() {
158        return mEncryptionKey;
159    }
160
161    public String getMacAlgorithm() {
162        return mMacAlgorithm;
163    }
164
165    public AlgorithmParameterSpec getMacSpec() {
166        return mMacSpec;
167    }
168
169    public SecretKey getMacKey() {
170        return mMacKey;
171    }
172
173    public byte[] getMacTag() {
174        return mMacTag;
175    }
176
177    public long getAuthenticatedDataStart() {
178        return mAuthenticatedDataStart;
179    }
180
181    public long getEncryptedDataStart() {
182        return mEncryptedDataStart;
183    }
184
185    public long getDataEnd() {
186        return mDataEnd;
187    }
188
189    @Override
190    public int describeContents() {
191        return 0;
192    }
193
194    @Override
195    public boolean equals(Object o) {
196        if (this == o) {
197            return true;
198        }
199
200        if (!(o instanceof ContainerEncryptionParams)) {
201            return false;
202        }
203
204        final ContainerEncryptionParams other = (ContainerEncryptionParams) o;
205
206        // Primitive comparison
207        if ((mAuthenticatedDataStart != other.mAuthenticatedDataStart)
208                || (mEncryptedDataStart != other.mEncryptedDataStart)
209                || (mDataEnd != other.mDataEnd)) {
210            return false;
211        }
212
213        // String comparison
214        if (!mEncryptionAlgorithm.equals(other.mEncryptionAlgorithm)
215                || !mMacAlgorithm.equals(other.mMacAlgorithm)) {
216            return false;
217        }
218
219        // Object comparison
220        if (!isSecretKeyEqual(mEncryptionKey, other.mEncryptionKey)
221                || !isSecretKeyEqual(mMacKey, other.mMacKey)) {
222            return false;
223        }
224
225        if (!Arrays.equals(mEncryptionSpec.getIV(), other.mEncryptionSpec.getIV())
226                || !Arrays.equals(mMacTag, other.mMacTag) || (mMacSpec != other.mMacSpec)) {
227            return false;
228        }
229
230        return true;
231    }
232
233    private static final boolean isSecretKeyEqual(SecretKey key1, SecretKey key2) {
234        final String keyFormat = key1.getFormat();
235        final String otherKeyFormat = key2.getFormat();
236
237        if (keyFormat == null) {
238            if (keyFormat != otherKeyFormat) {
239                return false;
240            }
241
242            if (key1.getEncoded() != key2.getEncoded()) {
243                return false;
244            }
245        } else {
246            if (!keyFormat.equals(key2.getFormat())) {
247                return false;
248            }
249
250            if (!Arrays.equals(key1.getEncoded(), key2.getEncoded())) {
251                return false;
252            }
253        }
254
255        return true;
256    }
257
258    @Override
259    public int hashCode() {
260        int hash = 3;
261
262        hash += 5 * mEncryptionAlgorithm.hashCode();
263        hash += 7 * Arrays.hashCode(mEncryptionSpec.getIV());
264        hash += 11 * mEncryptionKey.hashCode();
265        hash += 13 * mMacAlgorithm.hashCode();
266        hash += 17 * mMacKey.hashCode();
267        hash += 19 * Arrays.hashCode(mMacTag);
268        hash += 23 * mAuthenticatedDataStart;
269        hash += 29 * mEncryptedDataStart;
270        hash += 31 * mDataEnd;
271
272        return hash;
273    }
274
275    @Override
276    public String toString() {
277        final StringBuilder sb = new StringBuilder(TO_STRING_PREFIX);
278
279        sb.append("mEncryptionAlgorithm=\"");
280        sb.append(mEncryptionAlgorithm);
281        sb.append("\",");
282        sb.append("mEncryptionSpec=");
283        sb.append(mEncryptionSpec.toString());
284        sb.append("mEncryptionKey=");
285        sb.append(mEncryptionKey.toString());
286
287        sb.append("mMacAlgorithm=\"");
288        sb.append(mMacAlgorithm);
289        sb.append("\",");
290        sb.append("mMacSpec=");
291        sb.append(mMacSpec.toString());
292        sb.append("mMacKey=");
293        sb.append(mMacKey.toString());
294
295        sb.append(",mAuthenticatedDataStart=");
296        sb.append(mAuthenticatedDataStart);
297        sb.append(",mEncryptedDataStart=");
298        sb.append(mEncryptedDataStart);
299        sb.append(",mDataEnd=");
300        sb.append(mDataEnd);
301        sb.append('}');
302
303        return sb.toString();
304    }
305
306    @Override
307    public void writeToParcel(Parcel dest, int flags) {
308        dest.writeString(mEncryptionAlgorithm);
309        dest.writeInt(ENC_PARAMS_IV_PARAMETERS);
310        dest.writeByteArray(mEncryptionSpec.getIV());
311        dest.writeSerializable(mEncryptionKey);
312
313        dest.writeString(mMacAlgorithm);
314        dest.writeInt(MAC_PARAMS_NONE);
315        dest.writeByteArray(new byte[0]);
316        dest.writeSerializable(mMacKey);
317
318        dest.writeByteArray(mMacTag);
319
320        dest.writeLong(mAuthenticatedDataStart);
321        dest.writeLong(mEncryptedDataStart);
322        dest.writeLong(mDataEnd);
323    }
324
325    private ContainerEncryptionParams(Parcel source) throws InvalidAlgorithmParameterException {
326        mEncryptionAlgorithm = source.readString();
327        final int encParamType = source.readInt();
328        final byte[] encParamsEncoded = source.createByteArray();
329        mEncryptionKey = (SecretKey) source.readSerializable();
330
331        mMacAlgorithm = source.readString();
332        final int macParamType = source.readInt();
333        source.createByteArray(); // byte[] macParamsEncoded
334        mMacKey = (SecretKey) source.readSerializable();
335
336        mMacTag = source.createByteArray();
337
338        mAuthenticatedDataStart = source.readLong();
339        mEncryptedDataStart = source.readLong();
340        mDataEnd = source.readLong();
341
342        switch (encParamType) {
343            case ENC_PARAMS_IV_PARAMETERS:
344                mEncryptionSpec = new IvParameterSpec(encParamsEncoded);
345                break;
346            default:
347                throw new InvalidAlgorithmParameterException("Unknown parameter type "
348                        + encParamType);
349        }
350
351        switch (macParamType) {
352            case MAC_PARAMS_NONE:
353                mMacSpec = null;
354                break;
355            default:
356                throw new InvalidAlgorithmParameterException("Unknown parameter type "
357                        + macParamType);
358        }
359
360        if (mEncryptionKey == null) {
361            throw new NullPointerException("encryptionKey == null");
362        }
363    }
364
365    public static final Parcelable.Creator<ContainerEncryptionParams> CREATOR =
366            new Parcelable.Creator<ContainerEncryptionParams>() {
367        public ContainerEncryptionParams createFromParcel(Parcel source) {
368            try {
369                return new ContainerEncryptionParams(source);
370            } catch (InvalidAlgorithmParameterException e) {
371                Slog.e(TAG, "Invalid algorithm parameters specified", e);
372                return null;
373            }
374        }
375
376        public ContainerEncryptionParams[] newArray(int size) {
377            return new ContainerEncryptionParams[size];
378        }
379    };
380}