/*
|
* Copyright (C) 2019 The Android Open Source Project
|
*
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
* you may not use this file except in compliance with the License.
|
* You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing, software
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
* See the License for the specific language governing permissions and
|
* limitations under the License.
|
*/
|
|
package com.android.server.wifi.util;
|
|
import android.annotation.NonNull;
|
import android.os.SystemProperties;
|
import android.security.keystore.KeyGenParameterSpec;
|
import android.security.keystore.KeyProperties;
|
import android.text.TextUtils;
|
import android.util.Log;
|
|
import java.io.File;
|
import java.io.FileInputStream;
|
import java.io.FileNotFoundException;
|
import java.io.FileOutputStream;
|
import java.io.IOException;
|
import java.io.ObjectInputStream;
|
import java.io.ObjectOutputStream;
|
import java.security.DigestException;
|
import java.security.InvalidAlgorithmParameterException;
|
import java.security.InvalidKeyException;
|
import java.security.KeyStore;
|
import java.security.KeyStoreException;
|
import java.security.MessageDigest;
|
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchProviderException;
|
import java.security.UnrecoverableEntryException;
|
import java.security.cert.CertificateException;
|
|
import javax.crypto.BadPaddingException;
|
import javax.crypto.Cipher;
|
import javax.crypto.IllegalBlockSizeException;
|
import javax.crypto.KeyGenerator;
|
import javax.crypto.NoSuchPaddingException;
|
import javax.crypto.SecretKey;
|
import javax.crypto.spec.GCMParameterSpec;
|
|
/**
|
* Tools to provide integrity checking of byte arrays based on NIAP Common Criteria Protection
|
* Profile <a href="https://www.niap-ccevs.org/MMO/PP/-417-/#FCS_STG_EXT.3.1">FCS_STG_EXT.3.1</a>.
|
*/
|
public class DataIntegrityChecker {
|
private static final String TAG = "DataIntegrityChecker";
|
|
private static final String FILE_SUFFIX = ".encrypted-checksum";
|
private static final String ALIAS_SUFFIX = ".data-integrity-checker-key";
|
private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding";
|
private static final String DIGEST_ALGORITHM = "SHA-256";
|
private static final int GCM_TAG_LENGTH = 128;
|
private static final String KEY_STORE = "AndroidKeyStore";
|
|
/**
|
* When KEYSTORE_FAILURE_RETURN_VALUE is true, all cryptographic operation failures will not
|
* enforce security and {@link #isOk(byte[])} always return true.
|
*/
|
private static final boolean KEYSTORE_FAILURE_RETURN_VALUE = true;
|
|
private final File mIntegrityFile;
|
|
/**
|
* Construct a new integrity checker to update and check if/when a data file was altered
|
* outside expected conditions.
|
*
|
* @param integrityFilename The {@link File} path prefix for where the integrity data is stored.
|
* A file will be created in the name of integrityFile with the suffix
|
* {@link DataIntegrityChecker#FILE_SUFFIX} We recommend using the same
|
* path as the file for which integrity is performed on.
|
* @throws NullPointerException When integrity file is null or the empty string.
|
*/
|
public DataIntegrityChecker(@NonNull String integrityFilename) {
|
if (TextUtils.isEmpty(integrityFilename)) {
|
throw new NullPointerException("integrityFilename must not be null or the empty "
|
+ "string");
|
}
|
mIntegrityFile = new File(integrityFilename + FILE_SUFFIX);
|
}
|
|
/**
|
* Computes a digest of a byte array, encrypt it, and store the result
|
*
|
* Call this method immediately before storing the byte array
|
*
|
* @param data The data desired to ensure integrity
|
*/
|
public void update(byte[] data) {
|
if (data == null || data.length < 1) {
|
reportException(new Exception("No data to update"), "No data to update.");
|
return;
|
}
|
byte[] digest = getDigest(data);
|
if (digest == null || digest.length < 1) {
|
return;
|
}
|
String alias = mIntegrityFile.getName() + ALIAS_SUFFIX;
|
EncryptedData integrityData = encrypt(digest, alias);
|
if (integrityData != null) {
|
writeIntegrityData(integrityData, mIntegrityFile);
|
} else {
|
reportException(new Exception("integrityData null upon update"),
|
"integrityData null upon update");
|
}
|
}
|
|
/**
|
* Check the integrity of a given byte array
|
*
|
* Call this method immediately before trusting the byte array. This method will return false
|
* when the byte array was altered since the last {@link #update(byte[])}
|
* call, when {@link #update(byte[])} has never been called, or if there is
|
* an underlying issue with the cryptographic functions or the key store.
|
*
|
* @param data The data to check if its been altered
|
* @throws DigestException The integrity mIntegrityFile cannot be read. Ensure
|
* {@link #isOk(byte[])} is called after {@link #update(byte[])}. Otherwise, consider the
|
* result vacuously true and immediately call {@link #update(byte[])}.
|
* @return true if the data was not altered since {@link #update(byte[])} was last called
|
*/
|
public boolean isOk(byte[] data) throws DigestException {
|
if (data == null || data.length < 1) {
|
return KEYSTORE_FAILURE_RETURN_VALUE;
|
}
|
byte[] currentDigest = getDigest(data);
|
if (currentDigest == null || currentDigest.length < 1) {
|
return KEYSTORE_FAILURE_RETURN_VALUE;
|
}
|
|
EncryptedData encryptedData = null;
|
|
try {
|
encryptedData = readIntegrityData(mIntegrityFile);
|
} catch (IOException e) {
|
reportException(e, "readIntegrityData had an IO exception");
|
return KEYSTORE_FAILURE_RETURN_VALUE;
|
} catch (ClassNotFoundException e) {
|
reportException(e, "readIntegrityData could not find the class EncryptedData");
|
return KEYSTORE_FAILURE_RETURN_VALUE;
|
}
|
|
if (encryptedData == null) {
|
// File not found is not considered to be an error.
|
throw new DigestException("No stored digest is available to compare.");
|
}
|
byte[] storedDigest = decrypt(encryptedData);
|
if (storedDigest == null) {
|
return KEYSTORE_FAILURE_RETURN_VALUE;
|
}
|
return constantTimeEquals(storedDigest, currentDigest);
|
}
|
|
private byte[] getDigest(byte[] data) {
|
try {
|
return MessageDigest.getInstance(DIGEST_ALGORITHM).digest(data);
|
} catch (NoSuchAlgorithmException e) {
|
reportException(e, "getDigest could not find algorithm: " + DIGEST_ALGORITHM);
|
return null;
|
}
|
}
|
|
private EncryptedData encrypt(byte[] data, String keyAlias) {
|
EncryptedData encryptedData = null;
|
try {
|
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
|
SecretKey secretKeyReference = getOrCreateSecretKey(keyAlias);
|
if (secretKeyReference != null) {
|
cipher.init(Cipher.ENCRYPT_MODE, secretKeyReference);
|
encryptedData = new EncryptedData(cipher.doFinal(data), cipher.getIV(), keyAlias);
|
} else {
|
reportException(new Exception("secretKeyReference is null."),
|
"secretKeyReference is null.");
|
}
|
} catch (NoSuchAlgorithmException e) {
|
reportException(e, "encrypt could not find the algorithm: " + CIPHER_ALGORITHM);
|
} catch (NoSuchPaddingException e) {
|
reportException(e, "encrypt had a padding exception");
|
} catch (InvalidKeyException e) {
|
reportException(e, "encrypt received an invalid key");
|
} catch (BadPaddingException e) {
|
reportException(e, "encrypt had a padding problem");
|
} catch (IllegalBlockSizeException e) {
|
reportException(e, "encrypt had an illegal block size");
|
}
|
return encryptedData;
|
}
|
|
private byte[] decrypt(EncryptedData encryptedData) {
|
byte[] decryptedData = null;
|
try {
|
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
|
GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH, encryptedData.getIv());
|
SecretKey secretKeyReference = getOrCreateSecretKey(encryptedData.getKeyAlias());
|
if (secretKeyReference != null) {
|
cipher.init(Cipher.DECRYPT_MODE, secretKeyReference, spec);
|
decryptedData = cipher.doFinal(encryptedData.getEncryptedData());
|
}
|
} catch (NoSuchAlgorithmException e) {
|
reportException(e, "decrypt could not find cipher algorithm " + CIPHER_ALGORITHM);
|
} catch (NoSuchPaddingException e) {
|
reportException(e, "decrypt could not find padding algorithm");
|
} catch (IllegalBlockSizeException e) {
|
reportException(e, "decrypt had a illegal block size");
|
} catch (BadPaddingException e) {
|
reportException(e, "decrypt had bad padding");
|
} catch (InvalidKeyException e) {
|
reportException(e, "decrypt had an invalid key");
|
} catch (InvalidAlgorithmParameterException e) {
|
reportException(e, "decrypt had an invalid algorithm parameter");
|
}
|
return decryptedData;
|
}
|
|
private SecretKey getOrCreateSecretKey(String keyAlias) {
|
SecretKey secretKey = null;
|
try {
|
KeyStore keyStore = KeyStore.getInstance(KEY_STORE);
|
keyStore.load(null);
|
if (keyStore.containsAlias(keyAlias)) { // The key exists in key store. Get the key.
|
KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore
|
.getEntry(keyAlias, null);
|
if (secretKeyEntry != null) {
|
secretKey = secretKeyEntry.getSecretKey();
|
} else {
|
reportException(new Exception("keystore contains the alias and the secret key "
|
+ "entry was null"),
|
"keystore contains the alias and the secret key entry was null");
|
}
|
} else { // The key does not exist in key store. Create the key and store it.
|
KeyGenerator keyGenerator = KeyGenerator
|
.getInstance(KeyProperties.KEY_ALGORITHM_AES, KEY_STORE);
|
|
KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder(keyAlias,
|
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
|
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
|
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
|
.build();
|
|
keyGenerator.init(keyGenParameterSpec);
|
secretKey = keyGenerator.generateKey();
|
}
|
} catch (CertificateException e) {
|
reportException(e, "getOrCreateSecretKey had a certificate exception.");
|
} catch (InvalidAlgorithmParameterException e) {
|
reportException(e, "getOrCreateSecretKey had an invalid algorithm parameter");
|
} catch (IOException e) {
|
reportException(e, "getOrCreateSecretKey had an IO exception.");
|
} catch (KeyStoreException e) {
|
reportException(e, "getOrCreateSecretKey cannot find the keystore: " + KEY_STORE);
|
} catch (NoSuchAlgorithmException e) {
|
reportException(e, "getOrCreateSecretKey cannot find algorithm");
|
} catch (NoSuchProviderException e) {
|
reportException(e, "getOrCreateSecretKey cannot find crypto provider");
|
} catch (UnrecoverableEntryException e) {
|
reportException(e, "getOrCreateSecretKey had an unrecoverable entry exception.");
|
}
|
return secretKey;
|
}
|
|
private void writeIntegrityData(EncryptedData encryptedData, File file) {
|
try (FileOutputStream fos = new FileOutputStream(file);
|
ObjectOutputStream oos = new ObjectOutputStream(fos)) {
|
oos.writeObject(encryptedData);
|
} catch (FileNotFoundException e) {
|
reportException(e, "writeIntegrityData could not find the integrity file");
|
} catch (IOException e) {
|
reportException(e, "writeIntegrityData had an IO exception");
|
}
|
}
|
|
private EncryptedData readIntegrityData(File file) throws IOException, ClassNotFoundException {
|
try (FileInputStream fis = new FileInputStream(file);
|
ObjectInputStream ois = new ObjectInputStream(fis)) {
|
return (EncryptedData) ois.readObject();
|
} catch (FileNotFoundException e) {
|
// File not found, this is not considered to be a real error. The file will be created
|
// by the system next time the data file is written. Note that it is not possible for
|
// non system user to delete or modify the file.
|
Log.w(TAG, "readIntegrityData could not find integrity file");
|
}
|
return null;
|
}
|
|
private boolean constantTimeEquals(byte[] a, byte[] b) {
|
if (a == null && b == null) {
|
return true;
|
}
|
|
if (a == null || b == null || a.length != b.length) {
|
return false;
|
}
|
|
byte differenceAccumulator = 0;
|
for (int i = 0; i < a.length; ++i) {
|
differenceAccumulator |= a[i] ^ b[i];
|
}
|
return (differenceAccumulator == 0);
|
}
|
|
/* TODO(b/128526030): Remove this error reporting code upon resolving the bug. */
|
private static final boolean REQUEST_BUG_REPORT = false;
|
private void reportException(Exception exception, String error) {
|
Log.wtf(TAG, "An irrecoverable key store error was encountered: " + error);
|
if (REQUEST_BUG_REPORT) {
|
SystemProperties.set("dumpstate.options", "bugreportwifi");
|
SystemProperties.set("ctl.start", "bugreport");
|
}
|
}
|
}
|
