Merge "Migrate CryptoSettings"

1 files changed, 233 insertions, 0 deletions

diff --git a/packages/BackupEncryption/src/com/android/server/backup/encryption/CryptoSettings.java b/packages/BackupEncryption/src/com/android/server/backup/encryption/CryptoSettings.java
new file mode 100644
index 000000000000..2010620f76ed
--- /dev/null
+++ b/packages/BackupEncryption/src/com/android/server/backup/encryption/CryptoSettings.java
@@ -0,0 +1,233 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.backup.encryption;
+
+import static com.android.internal.util.Preconditions.checkNotNull;
+import static com.android.internal.util.Preconditions.checkState;
+
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.content.SharedPreferences.Editor;
+import android.security.keystore.recovery.InternalRecoveryServiceException;
+import android.security.keystore.recovery.RecoveryController;
+import android.util.Slog;
+
+import com.android.internal.annotations.VisibleForTesting;
+
+import java.security.KeyStoreException;
+import java.util.Optional;
+
+/**
+ * State about encrypted backups that needs to be remembered.
+ */
+public class CryptoSettings {
+
+    private static final String TAG = "CryptoSettings";
+
+    private static final String SHARED_PREFERENCES_NAME = "crypto_settings";
+
+    private static final String KEY_IS_INITIALIZED = "isInitialized";
+    private static final String KEY_ACTIVE_SECONDARY_ALIAS = "activeSecondary";
+    private static final String KEY_NEXT_SECONDARY_ALIAS = "nextSecondary";
+    private static final String SECONDARY_KEY_LAST_ROTATED_AT = "secondaryKeyLastRotatedAt";
+    private static final String[] SETTINGS_FOR_BACKUP = {
+        KEY_IS_INITIALIZED,
+        KEY_ACTIVE_SECONDARY_ALIAS,
+        KEY_NEXT_SECONDARY_ALIAS,
+        SECONDARY_KEY_LAST_ROTATED_AT
+    };
+
+    private static final String KEY_ANCESTRAL_SECONDARY_KEY_VERSION =
+            "ancestral_secondary_key_version";
+
+    private final SharedPreferences mSharedPreferences;
+    private final Context mContext;
+
+    /**
+     * A new instance.
+     *
+     * @param context For looking up the {@link SharedPreferences}, for storing state.
+     * @return The instance.
+     */
+    public static CryptoSettings getInstance(Context context) {
+        // We need single process mode because CryptoSettings may be used from several processes
+        // simultaneously.
+        SharedPreferences sharedPreferences =
+                context.getSharedPreferences(SHARED_PREFERENCES_NAME, Context.MODE_PRIVATE);
+        return new CryptoSettings(sharedPreferences, context);
+    }
+
+    /**
+     * A new instance using {@link SharedPreferences} in the default mode.
+     *
+     * <p>This will not work across multiple processes but will work in tests.
+     */
+    @VisibleForTesting
+    public static CryptoSettings getInstanceForTesting(Context context) {
+        SharedPreferences sharedPreferences =
+                context.getSharedPreferences(SHARED_PREFERENCES_NAME, Context.MODE_PRIVATE);
+        return new CryptoSettings(sharedPreferences, context);
+    }
+
+    private CryptoSettings(SharedPreferences sharedPreferences, Context context) {
+        mSharedPreferences = checkNotNull(sharedPreferences);
+        mContext = checkNotNull(context);
+    }
+
+    /**
+     * The alias of the current active secondary key. This should be used to retrieve the key from
+     * AndroidKeyStore.
+     */
+    public Optional<String> getActiveSecondaryKeyAlias() {
+        return getStringInSharedPrefs(KEY_ACTIVE_SECONDARY_ALIAS);
+    }
+
+    /**
+     * The alias of the secondary key to which the client is rotating. The rotation is not
+     * immediate, which is why this setting is needed. Once the next key is created, it can take up
+     * to 72 hours potentially (or longer if the user has no network) for the next key to be synced
+     * with the keystore. Only after that has happened does the client attempt to re-wrap all
+     * tertiary keys and commit the rotation.
+     */
+    public Optional<String> getNextSecondaryKeyAlias() {
+        return getStringInSharedPrefs(KEY_NEXT_SECONDARY_ALIAS);
+    }
+
+    /**
+     * If the settings have been initialized.
+     */
+    public boolean getIsInitialized() {
+        return mSharedPreferences.getBoolean(KEY_IS_INITIALIZED, false);
+    }
+
+    /**
+     * Sets the alias of the currently active secondary key.
+     *
+     * @param activeAlias The alias, as in AndroidKeyStore.
+     * @throws IllegalArgumentException if the alias is not in the user's keystore.
+     */
+    public void setActiveSecondaryKeyAlias(String activeAlias) throws IllegalArgumentException {
+        assertIsValidAlias(activeAlias);
+        mSharedPreferences.edit().putString(KEY_ACTIVE_SECONDARY_ALIAS, activeAlias).apply();
+    }
+
+    /**
+     * Sets the alias of the secondary key to which the client is rotating.
+     *
+     * @param nextAlias The alias, as in AndroidKeyStore.
+     * @throws KeyStoreException if unable to check whether alias is valid in the keystore.
+     * @throws IllegalArgumentException if the alias is not in the user's keystore.
+     */
+    public void setNextSecondaryAlias(String nextAlias) throws IllegalArgumentException {
+        assertIsValidAlias(nextAlias);
+        mSharedPreferences.edit().putString(KEY_NEXT_SECONDARY_ALIAS, nextAlias).apply();
+    }
+
+    /**
+     * Unsets the alias of the key to which the client is rotating. This is generally performed once
+     * a rotation is complete.
+     */
+    public void removeNextSecondaryKeyAlias() {
+        mSharedPreferences.edit().remove(KEY_NEXT_SECONDARY_ALIAS).apply();
+    }
+
+    /**
+     * Sets the timestamp of when the secondary key was last rotated.
+     *
+     * @param timestamp The timestamp to set.
+     */
+    public void setSecondaryLastRotated(long timestamp) {
+        mSharedPreferences.edit().putLong(SECONDARY_KEY_LAST_ROTATED_AT, timestamp).apply();
+    }
+
+    /**
+     * Returns a timestamp of when the secondary key was last rotated.
+     *
+     * @return The timestamp.
+     */
+    public Optional<Long> getSecondaryLastRotated() {
+        if (!mSharedPreferences.contains(SECONDARY_KEY_LAST_ROTATED_AT)) {
+            return Optional.empty();
+        }
+        return Optional.of(mSharedPreferences.getLong(SECONDARY_KEY_LAST_ROTATED_AT, -1));
+    }
+
+    /**
+     * Sets the settings to have been initialized. (Otherwise loading should try to initialize
+     * again.)
+     */
+    private void setIsInitialized() {
+        mSharedPreferences.edit().putBoolean(KEY_IS_INITIALIZED, true).apply();
+    }
+
+    /**
+     * Initializes with the given key alias.
+     *
+     * @param alias The secondary key alias to be set as active.
+     * @throws IllegalArgumentException if the alias does not reference a valid key.
+     * @throws IllegalStateException if attempting to initialize an already initialized settings.
+     */
+    public void initializeWithKeyAlias(String alias) throws IllegalArgumentException {
+        checkState(
+                !getIsInitialized(), "Attempting to initialize an already initialized settings.");
+        setActiveSecondaryKeyAlias(alias);
+        setIsInitialized();
+    }
+
+    /** Returns the secondary key version of the encrypted backup set to restore from (if set). */
+    public Optional<String> getAncestralSecondaryKeyVersion() {
+        return Optional.ofNullable(
+                mSharedPreferences.getString(KEY_ANCESTRAL_SECONDARY_KEY_VERSION, null));
+    }
+
+    /** Sets the secondary key version of the encrypted backup set to restore from. */
+    public void setAncestralSecondaryKeyVersion(String ancestralSecondaryKeyVersion) {
+        mSharedPreferences
+                .edit()
+                .putString(KEY_ANCESTRAL_SECONDARY_KEY_VERSION, ancestralSecondaryKeyVersion)
+                .apply();
+    }
+
+    /** Deletes all crypto settings related to backup (as opposed to restore). */
+    public void clearAllSettingsForBackup() {
+        Editor sharedPrefsEditor = mSharedPreferences.edit();
+        for (String backupSettingKey : SETTINGS_FOR_BACKUP) {
+            sharedPrefsEditor.remove(backupSettingKey);
+        }
+        sharedPrefsEditor.apply();
+
+        Slog.d(TAG, "Cleared crypto settings for backup");
+    }
+
+    /**
+     * Throws {@link IllegalArgumentException} if the alias does not refer to a key that is in
+     * the {@link RecoveryController}.
+     */
+    private void assertIsValidAlias(String alias) throws IllegalArgumentException {
+        try {
+            if (!RecoveryController.getInstance(mContext).getAliases().contains(alias)) {
+                throw new IllegalArgumentException(alias + " is not in RecoveryController");
+            }
+        } catch (InternalRecoveryServiceException e) {
+            throw new IllegalArgumentException("Problem accessing recovery service", e);
+        }
+    }
+
+    private Optional<String> getStringInSharedPrefs(String key) {
+        return Optional.ofNullable(mSharedPreferences.getString(key, null));
+    }
+}