RecoveryController.java revision 23174b7eaeb93918451c36bbbfad94bafd44bdd6
1/* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.security.keystore.recovery; 18 19import android.annotation.NonNull; 20import android.annotation.Nullable; 21import android.annotation.RequiresPermission; 22import android.annotation.SystemApi; 23import android.app.PendingIntent; 24import android.content.Context; 25import android.content.pm.PackageManager.NameNotFoundException; 26import android.os.RemoteException; 27import android.os.ServiceManager; 28import android.os.ServiceSpecificException; 29import android.security.KeyStore; 30import android.security.keystore.AndroidKeyStoreProvider; 31 32import com.android.internal.widget.ILockSettings; 33 34import java.security.Key; 35import java.security.UnrecoverableKeyException; 36import java.security.cert.CertPath; 37import java.security.cert.CertificateException; 38import java.security.cert.X509Certificate; 39import java.util.ArrayList; 40import java.util.List; 41import java.util.Map; 42 43/** 44 * Backs up cryptographic keys to remote secure hardware, encrypted with the user's lock screen. 45 * 46 * <p>A system app with the {@code android.permission.RECOVER_KEYSTORE} permission may generate or 47 * import recoverable keys using this class. To generate a key, the app must call 48 * {@link #generateKey(String)} with the desired alias for the key. This returns an AndroidKeyStore 49 * reference to a 256-bit {@link javax.crypto.SecretKey}, which can be used for AES/GCM/NoPadding. 50 * In order to get the same key again at a later time, the app can call {@link #getKey(String)} with 51 * the same alias. If a key is generated in this way the key's raw material is never directly 52 * exposed to the calling app. The system app may also import key material using 53 * {@link #importKey(String, byte[])}. The app may only generate and import keys for its own 54 * {@code uid}. 55 * 56 * <p>The same system app must also register a Recovery Agent to manage syncing recoverable keys to 57 * remote secure hardware. The Recovery Agent is a service that registers itself with the controller 58 * as follows: 59 * 60 * <ul> 61 * <li>Invokes {@link #initRecoveryService(String, byte[], byte[])} 62 * <ul> 63 * <li>The first argument is the alias of the root certificate used to verify trusted 64 * hardware modules. Each trusted hardware module must have a public key signed with this 65 * root of trust. Roots of trust must be shipped with the framework. The app can list all 66 * valid roots of trust by calling {@link #getRootCertificates()}. 67 * <li>The second argument is the UTF-8 bytes of the XML listing file. It lists the X509 68 * certificates containing the public keys of all available remote trusted hardware modules. 69 * Each of the X509 certificates can be validated against the chosen root of trust. 70 * <li>The third argument is the UTF-8 bytes of the XML signing file. The file contains a 71 * signature of the XML listing file. The signature can be validated against the chosen root 72 * of trust. 73 * </ul> 74 * <p>This will cause the controller to choose a random public key from the list. From then 75 * on the controller will attempt to sync the key chain with the trusted hardware module to whom 76 * that key belongs. 77 * <li>Invokes {@link #setServerParams(byte[])} with a byte string that identifies the device 78 * to a remote server. This server may act as the front-end to the trusted hardware modules. It 79 * is up to the Recovery Agent to decide how best to identify devices, but this could be, e.g., 80 * based on the <a href="https://developers.google.com/instance-id/">Instance ID</a> of the 81 * system app. 82 * <li>Invokes {@link #setRecoverySecretTypes(int[])} with a list of types of secret used to 83 * secure the recoverable key chain. For now only 84 * {@link KeyChainProtectionParams#TYPE_LOCKSCREEN} is supported. 85 * <li>Invokes {@link #setSnapshotCreatedPendingIntent(PendingIntent)} with a 86 * {@link PendingIntent} that is to be invoked whenever a new snapshot is created. Although the 87 * controller can create snapshots without the Recovery Agent registering this intent, it is a 88 * good idea to register the intent so that the Recovery Agent is able to sync this snapshot to 89 * the trusted hardware module as soon as it is available. 90 * </ul> 91 * 92 * <p>The trusted hardware module's public key MUST be generated on secure hardware with protections 93 * equivalent to those described in the 94 * <a href="https://developer.android.com/preview/features/security/ckv-whitepaper.html">Google 95 * Cloud Key Vault Service whitepaper</a>. The trusted hardware module itself must protect the key 96 * chain from brute-forcing using the methods also described in the whitepaper: i.e., it should 97 * limit the number of allowed attempts to enter the lock screen. If the number of attempts is 98 * exceeded the key material must no longer be recoverable. 99 * 100 * <p>A recoverable key chain snapshot is considered pending if any of the following conditions 101 * are met: 102 * 103 * <ul> 104 * <li>The system app mutates the key chain. i.e., generates, imports, or removes a key. 105 * <li>The user changes their lock screen. 106 * </ul> 107 * 108 * <p>Whenever the user unlocks their device, if a snapshot is pending, the Recovery Controller 109 * generates a new snapshot. It follows these steps to do so: 110 * 111 * <ul> 112 * <li>Generates a 256-bit AES key using {@link java.security.SecureRandom}. This is the 113 * Recovery Key. 114 * <li>Wraps the key material of all keys in the recoverable key chain with the Recovery Key. 115 * <li>Encrypts the Recovery Key with both the public key of the trusted hardware module and a 116 * symmetric key derived from the user's lock screen. 117 * </ul> 118 * 119 * <p>The controller then writes this snapshot to disk, and uses the {@link PendingIntent} that was 120 * set by the Recovery Agent during initialization to inform it that a new snapshot is available. 121 * The snapshot only contains keys for that Recovery Agent's {@code uid} - i.e., keys the agent's 122 * app itself generated. If multiple Recovery Agents exist on the device, each will be notified of 123 * their new snapshots, and each snapshots' keys will be only those belonging to the same 124 * {@code uid}. 125 * 126 * <p>The Recovery Agent retrieves its most recent snapshot by calling 127 * {@link #getKeyChainSnapshot()}. It syncs the snapshot to the remote server. The snapshot contains 128 * the public key used for encryption, which the server uses to forward the encrypted recovery key 129 * to the correct trusted hardware module. The snapshot also contains the server params, which are 130 * used to identify this device to the server. 131 * 132 * <p>The client uses the server params to identify a device whose key chain it wishes to restore. 133 * This may be on a different device to the device that originally synced the key chain. The client 134 * sends the server params identifying the previous device to the server. The server returns the 135 * X509 certificate identifying the trusted hardware module in which the encrypted Recovery Key is 136 * stored. It also returns some vault parameters identifying that particular Recovery Key to the 137 * trusted hardware module. And it also returns a vault challenge, which is used as part of the 138 * vault opening protocol to ensure the recovery claim is fresh. See the whitepaper for more 139 * details. 140 * 141 * <p>The key chain is recovered via a {@link RecoverySession}. A Recovery Agent creates one by 142 * invoking {@link #createRecoverySession()}. It then invokes 143 * {@link RecoverySession#start(String, CertPath, byte[], byte[], List)} with these arguments: 144 * 145 * <ul> 146 * <li>The alias of the root of trust used to verify the trusted hardware module. 147 * <li>The X509 certificate of the trusted hardware module. 148 * <li>The vault parameters used to identify the Recovery Key to the trusted hardware module. 149 * <li>The vault challenge, as issued by the trusted hardware module. 150 * <li>A list of secrets, corresponding to the secrets used to protect the key chain. At the 151 * moment this is a single {@link KeyChainProtectionParams} containing the lock screen of the 152 * device whose key chain is to be recovered. 153 * </ul> 154 * 155 * <p>This method returns a byte array containing the Recovery Claim, which can be issued to the 156 * remote trusted hardware module. It is encrypted with the trusted hardware module's public key 157 * (which has itself been certified with the root of trust). It also contains an ephemeral symmetric 158 * key generated for this recovery session, which the remote trusted hardware module uses to encrypt 159 * its responses. This is the Session Key. 160 * 161 * <p>If the lock screen provided is correct, the remote trusted hardware module decrypts one of the 162 * layers of lock-screen encryption from the Recovery Key. It then returns this key, encrypted with 163 * the Session Key to the Recovery Agent. As the Recovery Agent does not know the Session Key, it 164 * must then invoke {@link RecoverySession#recoverKeyChainSnapshot(byte[], List)} with the encrypted 165 * Recovery Key and the list of wrapped application keys. The controller then decrypts the layer of 166 * encryption provided by the Session Key, and uses the lock screen to decrypt the final layer of 167 * encryption. It then uses the Recovery Key to decrypt all of the wrapped application keys, and 168 * imports them into its own KeyStore. The Recovery Agent's app may then access these keys by 169 * calling {@link #getKey(String)}. Only this app's {@code uid} may access the keys that have been 170 * recovered. 171 * 172 * @hide 173 */ 174@SystemApi 175public class RecoveryController { 176 private static final String TAG = "RecoveryController"; 177 178 /** Key has been successfully synced. */ 179 public static final int RECOVERY_STATUS_SYNCED = 0; 180 /** Waiting for recovery agent to sync the key. */ 181 public static final int RECOVERY_STATUS_SYNC_IN_PROGRESS = 1; 182 /** Key cannot be synced. */ 183 public static final int RECOVERY_STATUS_PERMANENT_FAILURE = 3; 184 185 /** 186 * Failed because no snapshot is yet pending to be synced for the user. 187 * 188 * @hide 189 */ 190 public static final int ERROR_NO_SNAPSHOT_PENDING = 21; 191 192 /** 193 * Failed due to an error internal to the recovery service. This is unexpected and indicates 194 * either a problem with the logic in the service, or a problem with a dependency of the 195 * service (such as AndroidKeyStore). 196 * 197 * @hide 198 */ 199 public static final int ERROR_SERVICE_INTERNAL_ERROR = 22; 200 201 /** 202 * Failed because the user does not have a lock screen set. 203 * 204 * @hide 205 */ 206 public static final int ERROR_INSECURE_USER = 23; 207 208 /** 209 * Error thrown when attempting to use a recovery session that has since been closed. 210 * 211 * @hide 212 */ 213 public static final int ERROR_SESSION_EXPIRED = 24; 214 215 /** 216 * Failed because the format of the provided certificate is incorrect, e.g., cannot be decoded 217 * properly or misses necessary fields. 218 * 219 * <p>Note that this is different from {@link #ERROR_INVALID_CERTIFICATE}, which implies the 220 * certificate has a correct format but cannot be validated. 221 * 222 * @hide 223 */ 224 public static final int ERROR_BAD_CERTIFICATE_FORMAT = 25; 225 226 /** 227 * Error thrown if decryption failed. This might be because the tag is wrong, the key is wrong, 228 * the data has become corrupted, the data has been tampered with, etc. 229 * 230 * @hide 231 */ 232 public static final int ERROR_DECRYPTION_FAILED = 26; 233 234 /** 235 * Error thrown if the format of a given key is invalid. This might be because the key has a 236 * wrong length, invalid content, etc. 237 * 238 * @hide 239 */ 240 public static final int ERROR_INVALID_KEY_FORMAT = 27; 241 242 /** 243 * Failed because the provided certificate cannot be validated, e.g., is expired or has invalid 244 * signatures. 245 * 246 * <p>Note that this is different from {@link #ERROR_BAD_CERTIFICATE_FORMAT}, which denotes 247 * incorrect certificate formats, e.g., due to wrong encoding or structure. 248 * 249 * @hide 250 */ 251 public static final int ERROR_INVALID_CERTIFICATE = 28; 252 253 254 /** 255 * Failed because the provided certificate contained serial version which is lower that the 256 * version device is already initialized with. It is not possible to downgrade serial version of 257 * the provided certificate. 258 * 259 * @hide 260 */ 261 public static final int ERROR_DOWNGRADE_CERTIFICATE = 29; 262 263 private final ILockSettings mBinder; 264 private final KeyStore mKeyStore; 265 266 private RecoveryController(ILockSettings binder, KeyStore keystore) { 267 mBinder = binder; 268 mKeyStore = keystore; 269 } 270 271 /** 272 * Internal method used by {@code RecoverySession}. 273 * 274 * @hide 275 */ 276 ILockSettings getBinder() { 277 return mBinder; 278 } 279 280 /** 281 * Gets a new instance of the class. 282 */ 283 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 284 @NonNull public static RecoveryController getInstance(@NonNull Context context) { 285 ILockSettings lockSettings = 286 ILockSettings.Stub.asInterface(ServiceManager.getService("lock_settings")); 287 return new RecoveryController(lockSettings, KeyStore.getInstance()); 288 } 289 290 /** 291 * @deprecated Use {@link #initRecoveryService(String, byte[], byte[])} instead. 292 */ 293 @Deprecated 294 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 295 public void initRecoveryService( 296 @NonNull String rootCertificateAlias, @NonNull byte[] signedPublicKeyList) 297 throws CertificateException, InternalRecoveryServiceException { 298 try { 299 mBinder.initRecoveryService(rootCertificateAlias, signedPublicKeyList); 300 } catch (RemoteException e) { 301 throw e.rethrowFromSystemServer(); 302 } catch (ServiceSpecificException e) { 303 if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT 304 || e.errorCode == ERROR_INVALID_CERTIFICATE) { 305 throw new CertificateException("Invalid certificate for recovery service", e); 306 } 307 throw wrapUnexpectedServiceSpecificException(e); 308 } 309 } 310 311 /** 312 * Initializes the recovery service for the calling application. The detailed steps should be: 313 * <ol> 314 * <li>Parse {@code signatureFile} to get relevant information. 315 * <li>Validate the signer's X509 certificate, contained in {@code signatureFile}, against 316 * the root certificate pre-installed in the OS and chosen by {@code 317 * rootCertificateAlias}. 318 * <li>Verify the public-key signature, contained in {@code signatureFile}, and verify it 319 * against the entire {@code certificateFile}. 320 * <li>Parse {@code certificateFile} to get relevant information. 321 * <li>Check the serial number, contained in {@code certificateFile}, and skip the following 322 * steps if the serial number is not larger than the one previously stored. 323 * <li>Randomly choose a X509 certificate from the endpoint X509 certificates, contained in 324 * {@code certificateFile}, and validate it against the root certificate pre-installed 325 * in the OS and chosen by {@code rootCertificateAlias}. 326 * <li>Store the chosen X509 certificate and the serial in local database for later use. 327 * </ol> 328 * 329 * @param rootCertificateAlias the alias of a root certificate pre-installed in the OS 330 * @param certificateFile the binary content of the XML file containing a list of recovery 331 * service X509 certificates, and other metadata including the serial number 332 * @param signatureFile the binary content of the XML file containing the public-key signature 333 * of the entire certificate file, and a signer's X509 certificate 334 * @throws CertificateException if the given certificate files cannot be parsed or validated 335 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 336 * service. 337 */ 338 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 339 public void initRecoveryService( 340 @NonNull String rootCertificateAlias, @NonNull byte[] certificateFile, 341 @NonNull byte[] signatureFile) 342 throws CertificateException, InternalRecoveryServiceException { 343 try { 344 mBinder.initRecoveryServiceWithSigFile( 345 rootCertificateAlias, certificateFile, signatureFile); 346 } catch (RemoteException e) { 347 throw e.rethrowFromSystemServer(); 348 } catch (ServiceSpecificException e) { 349 if (e.errorCode == ERROR_BAD_CERTIFICATE_FORMAT 350 || e.errorCode == ERROR_INVALID_CERTIFICATE) { 351 throw new CertificateException("Invalid certificate for recovery service", e); 352 } 353 if (e.errorCode == ERROR_DOWNGRADE_CERTIFICATE) { 354 throw new CertificateException( 355 "Downgrading certificate serial version isn't supported.", e); 356 } 357 throw wrapUnexpectedServiceSpecificException(e); 358 } 359 } 360 361 /** 362 * @deprecated Use {@link #getKeyChainSnapshot()} 363 */ 364 @Deprecated 365 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 366 public @Nullable KeyChainSnapshot getRecoveryData() throws InternalRecoveryServiceException { 367 return getKeyChainSnapshot(); 368 } 369 370 /** 371 * Returns data necessary to store all recoverable keys. Key material is 372 * encrypted with user secret and recovery public key. 373 * 374 * @return Data necessary to recover keystore or {@code null} if snapshot is not available. 375 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 376 * service. 377 */ 378 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 379 public @Nullable KeyChainSnapshot getKeyChainSnapshot() 380 throws InternalRecoveryServiceException { 381 try { 382 return mBinder.getKeyChainSnapshot(); 383 } catch (RemoteException e) { 384 throw e.rethrowFromSystemServer(); 385 } catch (ServiceSpecificException e) { 386 if (e.errorCode == ERROR_NO_SNAPSHOT_PENDING) { 387 return null; 388 } 389 throw wrapUnexpectedServiceSpecificException(e); 390 } 391 } 392 393 /** 394 * Sets a listener which notifies recovery agent that new recovery snapshot is available. {@link 395 * #getKeyChainSnapshot} can be used to get the snapshot. Note that every recovery agent can 396 * have at most one registered listener at any time. 397 * 398 * @param intent triggered when new snapshot is available. Unregisters listener if the value is 399 * {@code null}. 400 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 401 * service. 402 */ 403 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 404 public void setSnapshotCreatedPendingIntent(@Nullable PendingIntent intent) 405 throws InternalRecoveryServiceException { 406 try { 407 mBinder.setSnapshotCreatedPendingIntent(intent); 408 } catch (RemoteException e) { 409 throw e.rethrowFromSystemServer(); 410 } catch (ServiceSpecificException e) { 411 throw wrapUnexpectedServiceSpecificException(e); 412 } 413 } 414 415 /** 416 * Server parameters used to generate new recovery key blobs. This value will be included in 417 * {@code KeyChainSnapshot.getEncryptedRecoveryKeyBlob()}. The same value must be included 418 * in vaultParams {@link RecoverySession#start(CertPath, byte[], byte[], List)}. 419 * 420 * @param serverParams included in recovery key blob. 421 * @see #getKeyChainSnapshot 422 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 423 * service. 424 */ 425 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 426 public void setServerParams(@NonNull byte[] serverParams) 427 throws InternalRecoveryServiceException { 428 try { 429 mBinder.setServerParams(serverParams); 430 } catch (RemoteException e) { 431 throw e.rethrowFromSystemServer(); 432 } catch (ServiceSpecificException e) { 433 throw wrapUnexpectedServiceSpecificException(e); 434 } 435 } 436 437 /** 438 * @deprecated Use {@link #getAliases()}. 439 */ 440 @Deprecated 441 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 442 public List<String> getAliases(@Nullable String packageName) 443 throws InternalRecoveryServiceException { 444 return getAliases(); 445 } 446 447 /** 448 * Returns a list of aliases of keys belonging to the application. 449 */ 450 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 451 public @NonNull List<String> getAliases() throws InternalRecoveryServiceException { 452 try { 453 Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(); 454 return new ArrayList<>(allStatuses.keySet()); 455 } catch (RemoteException e) { 456 throw e.rethrowFromSystemServer(); 457 } catch (ServiceSpecificException e) { 458 throw wrapUnexpectedServiceSpecificException(e); 459 } 460 } 461 462 /** 463 * @deprecated Use {@link #setRecoveryStatus(String, int)} 464 */ 465 @Deprecated 466 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 467 public void setRecoveryStatus( 468 @NonNull String packageName, String alias, int status) 469 throws NameNotFoundException, InternalRecoveryServiceException { 470 setRecoveryStatus(alias, status); 471 } 472 473 /** 474 * Sets the recovery status for given key. It is used to notify the keystore that the key was 475 * successfully stored on the server or that there was an error. An application can check this 476 * value using {@link #getRecoveryStatus(String, String)}. 477 * 478 * @param alias The alias of the key whose status to set. 479 * @param status The status of the key. One of {@link #RECOVERY_STATUS_SYNCED}, 480 * {@link #RECOVERY_STATUS_SYNC_IN_PROGRESS} or {@link #RECOVERY_STATUS_PERMANENT_FAILURE}. 481 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 482 * service. 483 */ 484 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 485 public void setRecoveryStatus(@NonNull String alias, int status) 486 throws InternalRecoveryServiceException { 487 try { 488 mBinder.setRecoveryStatus(alias, status); 489 } catch (RemoteException e) { 490 throw e.rethrowFromSystemServer(); 491 } catch (ServiceSpecificException e) { 492 throw wrapUnexpectedServiceSpecificException(e); 493 } 494 } 495 496 /** 497 * @deprecated Use {@link #getRecoveryStatus(String)}. 498 */ 499 @Deprecated 500 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 501 public int getRecoveryStatus(String packageName, String alias) 502 throws InternalRecoveryServiceException { 503 return getRecoveryStatus(alias); 504 } 505 506 /** 507 * Returns the recovery status for the key with the given {@code alias}. 508 * 509 * <ul> 510 * <li>{@link #RECOVERY_STATUS_SYNCED} 511 * <li>{@link #RECOVERY_STATUS_SYNC_IN_PROGRESS} 512 * <li>{@link #RECOVERY_STATUS_PERMANENT_FAILURE} 513 * </ul> 514 * 515 * @see #setRecoveryStatus(String, int) 516 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 517 * service. 518 */ 519 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 520 public int getRecoveryStatus(@NonNull String alias) throws InternalRecoveryServiceException { 521 try { 522 Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(); 523 Integer status = allStatuses.get(alias); 524 if (status == null) { 525 return RecoveryController.RECOVERY_STATUS_PERMANENT_FAILURE; 526 } else { 527 return status; 528 } 529 } catch (RemoteException e) { 530 throw e.rethrowFromSystemServer(); 531 } catch (ServiceSpecificException e) { 532 throw wrapUnexpectedServiceSpecificException(e); 533 } 534 } 535 536 /** 537 * Specifies a set of secret types used for end-to-end keystore encryption. Knowing all of them 538 * is necessary to recover data. 539 * 540 * @param secretTypes {@link KeyChainProtectionParams#TYPE_LOCKSCREEN} 541 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 542 * service. 543 */ 544 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 545 public void setRecoverySecretTypes( 546 @NonNull @KeyChainProtectionParams.UserSecretType int[] secretTypes) 547 throws InternalRecoveryServiceException { 548 try { 549 mBinder.setRecoverySecretTypes(secretTypes); 550 } catch (RemoteException e) { 551 throw e.rethrowFromSystemServer(); 552 } catch (ServiceSpecificException e) { 553 throw wrapUnexpectedServiceSpecificException(e); 554 } 555 } 556 557 /** 558 * Defines a set of secret types used for end-to-end keystore encryption. Knowing all of them is 559 * necessary to generate KeyChainSnapshot. 560 * 561 * @return list of recovery secret types 562 * @see KeyChainSnapshot 563 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 564 * service. 565 */ 566 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 567 public @NonNull @KeyChainProtectionParams.UserSecretType int[] getRecoverySecretTypes() 568 throws InternalRecoveryServiceException { 569 try { 570 return mBinder.getRecoverySecretTypes(); 571 } catch (RemoteException e) { 572 throw e.rethrowFromSystemServer(); 573 } catch (ServiceSpecificException e) { 574 throw wrapUnexpectedServiceSpecificException(e); 575 } 576 } 577 578 /** 579 * Deprecated. 580 * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable 581 * key store. Returns the raw material of the key. 582 * 583 * @param alias The key alias. 584 * @param account The account associated with the key 585 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 586 * service. 587 * @throws LockScreenRequiredException if the user has not set a lock screen. This is required 588 * to generate recoverable keys, as the snapshots are encrypted using a key derived from the 589 * lock screen. 590 */ 591 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 592 public byte[] generateAndStoreKey(@NonNull String alias, byte[] account) 593 throws InternalRecoveryServiceException, LockScreenRequiredException { 594 throw new UnsupportedOperationException("Operation is not supported, use generateKey"); 595 } 596 597 /** 598 * @deprecated Use {@link #generateKey(String)}. 599 */ 600 @Deprecated 601 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 602 public Key generateKey(@NonNull String alias, byte[] account) 603 throws InternalRecoveryServiceException, LockScreenRequiredException { 604 return generateKey(alias); 605 } 606 607 /** 608 * Generates a recoverable key with the given {@code alias}. 609 * 610 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 611 * service. 612 * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock 613 * screen is required to generate recoverable keys. 614 */ 615 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 616 public @NonNull Key generateKey(@NonNull String alias) throws InternalRecoveryServiceException, 617 LockScreenRequiredException { 618 try { 619 String grantAlias = mBinder.generateKey(alias); 620 if (grantAlias == null) { 621 throw new InternalRecoveryServiceException("null grant alias"); 622 } 623 return getKeyFromGrant(grantAlias); 624 } catch (RemoteException e) { 625 throw e.rethrowFromSystemServer(); 626 } catch (UnrecoverableKeyException e) { 627 throw new InternalRecoveryServiceException("Failed to get key from keystore", e); 628 } catch (ServiceSpecificException e) { 629 if (e.errorCode == ERROR_INSECURE_USER) { 630 throw new LockScreenRequiredException(e.getMessage()); 631 } 632 throw wrapUnexpectedServiceSpecificException(e); 633 } 634 } 635 636 /** 637 * Imports a 256-bit recoverable AES key with the given {@code alias} and the raw bytes {@code 638 * keyBytes}. 639 * 640 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 641 * service. 642 * @throws LockScreenRequiredException if the user does not have a lock screen set. A lock 643 * screen is required to generate recoverable keys. 644 * 645 */ 646 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 647 public @NonNull Key importKey(@NonNull String alias, @NonNull byte[] keyBytes) 648 throws InternalRecoveryServiceException, LockScreenRequiredException { 649 try { 650 String grantAlias = mBinder.importKey(alias, keyBytes); 651 if (grantAlias == null) { 652 throw new InternalRecoveryServiceException("Null grant alias"); 653 } 654 return getKeyFromGrant(grantAlias); 655 } catch (RemoteException e) { 656 throw e.rethrowFromSystemServer(); 657 } catch (UnrecoverableKeyException e) { 658 throw new InternalRecoveryServiceException("Failed to get key from keystore", e); 659 } catch (ServiceSpecificException e) { 660 if (e.errorCode == ERROR_INSECURE_USER) { 661 throw new LockScreenRequiredException(e.getMessage()); 662 } 663 throw wrapUnexpectedServiceSpecificException(e); 664 } 665 } 666 667 /** 668 * Gets a key called {@code alias} from the recoverable key store. 669 * 670 * @param alias The key alias. 671 * @return The key. 672 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 673 * service. 674 * @throws UnrecoverableKeyException if key is permanently invalidated or not found. 675 */ 676 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 677 public @Nullable Key getKey(@NonNull String alias) 678 throws InternalRecoveryServiceException, UnrecoverableKeyException { 679 try { 680 String grantAlias = mBinder.getKey(alias); 681 if (grantAlias == null || "".equals(grantAlias)) { 682 return null; 683 } 684 return getKeyFromGrant(grantAlias); 685 } catch (RemoteException e) { 686 throw e.rethrowFromSystemServer(); 687 } catch (ServiceSpecificException e) { 688 throw wrapUnexpectedServiceSpecificException(e); 689 } 690 } 691 692 /** 693 * Returns the key with the given {@code grantAlias}. 694 */ 695 @NonNull Key getKeyFromGrant(@NonNull String grantAlias) throws UnrecoverableKeyException { 696 return AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore( 697 mKeyStore, 698 grantAlias, 699 KeyStore.UID_SELF); 700 } 701 702 /** 703 * Removes a key called {@code alias} from the recoverable key store. 704 * 705 * @param alias The key alias. 706 * @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery 707 * service. 708 */ 709 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 710 public void removeKey(@NonNull String alias) throws InternalRecoveryServiceException { 711 try { 712 mBinder.removeKey(alias); 713 } catch (RemoteException e) { 714 throw e.rethrowFromSystemServer(); 715 } catch (ServiceSpecificException e) { 716 throw wrapUnexpectedServiceSpecificException(e); 717 } 718 } 719 720 /** 721 * Returns a new {@link RecoverySession}. 722 * 723 * <p>A recovery session is required to restore keys from a remote store. 724 */ 725 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 726 public @NonNull RecoverySession createRecoverySession() { 727 return RecoverySession.newInstance(this); 728 } 729 730 @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE) 731 public @NonNull Map<String, X509Certificate> getRootCertificates() { 732 return TrustedRootCertificates.getRootCertificates(); 733 } 734 735 InternalRecoveryServiceException wrapUnexpectedServiceSpecificException( 736 ServiceSpecificException e) { 737 if (e.errorCode == ERROR_SERVICE_INTERNAL_ERROR) { 738 return new InternalRecoveryServiceException(e.getMessage()); 739 } 740 741 // Should never happen. If it does, it's a bug, and we need to update how the method that 742 // called this throws its exceptions. 743 return new InternalRecoveryServiceException("Unexpected error code for method: " 744 + e.errorCode, e); 745 } 746} 747