Merge cherrypicks of [3365569, 3365570, 3366860, 3366878, 3365571, 3365572, 3366918, 3365573, 3365589, 3365590, 3366938, 3366902, 3365574, 3365575, 3365576, 3365577, 3366958, 3365824, 3365591, 3366959, 3366960, 3366961, 3366962, 3366963, 3366964, 3366965, 3366919, 3366966, 3366967, 3366968, 3366969, 3366970, 3367018, 3367019, 3365592, 3365593, 3366985, 3365825, 3366988, 3366989, 3366990, 3366991, 3366992, 3366993, 3366994, 3367004, 3367005, 3367006, 3367007, 3367008, 3367009, 3367010, 3367011, 3367012, 3367013, 3367014, 3367015, 3367016, 3367017, 3367038, 3367039, 3367040, 3367041, 3367042, 3367044, 3367045, 3367046, 3367049, 3367050, 3367052, 3367053, 3367054, 3367055, 3367056, 3366920, 3366921, 3366922, 3367079] into oc-mr1-release

android-build-team Robot · android-build-team Robot · commit 23fbf77b8d60 · 2017-12-14T21:22:17.000Z
Change-Id: Iae843903b50e7df11a333cabfff45861e4a17355
diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordCrypto.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordCrypto.java
@@ -112,14 +112,28 @@ public static byte[] decrypt(byte[] keyBytes, byte[] personalisation, byte[] cip
         }
     }
 
-    public static byte[] decryptBlob(String keyAlias, byte[] blob, byte[] applicationId) {
+    public static byte[] decryptBlobV1(String keyAlias, byte[] blob, byte[] applicationId) {
         try {
             KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
             keyStore.load(null);
 
             SecretKey decryptionKey = (SecretKey) keyStore.getKey(keyAlias, null);
             byte[] intermediate = decrypt(applicationId, APPLICATION_ID_PERSONALIZATION, blob);
             return decrypt(decryptionKey, intermediate);
+        } catch (Exception e) {
+            e.printStackTrace();
+            throw new RuntimeException("Failed to decrypt blob", e);
+        }
+    }
+
+    public static byte[] decryptBlob(String keyAlias, byte[] blob, byte[] applicationId) {
+        try {
+            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
+            keyStore.load(null);
+
+            SecretKey decryptionKey = (SecretKey) keyStore.getKey(keyAlias, null);
+            byte[] intermediate = decrypt(decryptionKey, blob);
+            return decrypt(applicationId, APPLICATION_ID_PERSONALIZATION, intermediate);
         } catch (CertificateException | IOException | BadPaddingException
                 | IllegalBlockSizeException
                 | KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException
@@ -150,9 +164,8 @@ public static byte[] createBlob(String keyAlias, byte[] data, byte[] application
             keyStore.setEntry(keyAlias,
                     new KeyStore.SecretKeyEntry(secretKey),
                     builder.build());
-            byte[] intermediate = encrypt(secretKey, data);
-            return encrypt(applicationId, APPLICATION_ID_PERSONALIZATION, intermediate);
-
+            byte[] intermediate = encrypt(applicationId, APPLICATION_ID_PERSONALIZATION, data);
+            return encrypt(secretKey, intermediate);
         } catch (CertificateException | IOException | BadPaddingException
                 | IllegalBlockSizeException
                 | KeyStoreException | NoSuchPaddingException | NoSuchAlgorithmException
diff --git a/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java b/services/core/java/com/android/server/locksettings/SyntheticPasswordManager.java
@@ -101,7 +101,8 @@ public class SyntheticPasswordManager {
     private static final byte WEAVER_VERSION = 1;
     private static final int INVALID_WEAVER_SLOT = -1;
 
-    private static final byte SYNTHETIC_PASSWORD_VERSION = 1;
+    private static final byte SYNTHETIC_PASSWORD_VERSION_V1 = 1;
+    private static final byte SYNTHETIC_PASSWORD_VERSION = 2;
     private static final byte SYNTHETIC_PASSWORD_PASSWORD_BASED = 0;
     private static final byte SYNTHETIC_PASSWORD_TOKEN_BASED = 1;
 
@@ -792,6 +793,7 @@ public AuthenticationResult unwrapPasswordBasedSyntheticPassword(IGateKeeperServ
         byte[] pwdToken = computePasswordToken(credential, pwd);
 
         final byte[] applicationId;
+        final long sid;
         int weaverSlot = loadWeaverSlot(handle, userId);
         if (weaverSlot != INVALID_WEAVER_SLOT) {
             // Weaver based user password
@@ -804,6 +806,7 @@ public AuthenticationResult unwrapPasswordBasedSyntheticPassword(IGateKeeperServ
             if (result.gkResponse.getResponseCode() != VerifyCredentialResponse.RESPONSE_OK) {
                 return result;
             }
+            sid = GateKeeper.INVALID_SECURE_USER_ID;
             applicationId = transformUnderWeaverSecret(pwdToken, result.gkResponse.getPayload());
         } else {
             byte[] gkPwdToken = passwordTokenToGkInput(pwdToken);
@@ -836,12 +839,13 @@ public AuthenticationResult unwrapPasswordBasedSyntheticPassword(IGateKeeperServ
                 result.gkResponse = VerifyCredentialResponse.ERROR;
                 return result;
             }
+            sid = sidFromPasswordHandle(pwd.passwordHandle);
             applicationId = transformUnderSecdiscardable(pwdToken,
                     loadSecdiscardable(handle, userId));
         }
 
         result.authToken = unwrapSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_PASSWORD_BASED,
-                applicationId, userId);
+                applicationId, sid, userId);
 
         // Perform verifyChallenge to refresh auth tokens for GK if user password exists.
         result.gkResponse = verifyChallenge(gatekeeper, result.authToken, 0L, userId);
@@ -877,7 +881,7 @@ public AuthenticationResult unwrapPasswordBasedSyntheticPassword(IGateKeeperServ
         }
         byte[] applicationId = transformUnderSecdiscardable(token, secdiscardable);
         result.authToken = unwrapSyntheticPasswordBlob(handle, SYNTHETIC_PASSWORD_TOKEN_BASED,
-                applicationId, userId);
+                applicationId, 0L, userId);
         if (result.authToken != null) {
             result.gkResponse = verifyChallenge(gatekeeper, result.authToken, 0L, userId);
             if (result.gkResponse == null) {
@@ -892,19 +896,26 @@ public AuthenticationResult unwrapPasswordBasedSyntheticPassword(IGateKeeperServ
     }
 
     private AuthenticationToken unwrapSyntheticPasswordBlob(long handle, byte type,
-            byte[] applicationId, int userId) {
+            byte[] applicationId, long sid, int userId) {
         byte[] blob = loadState(SP_BLOB_NAME, handle, userId);
         if (blob == null) {
             return null;
         }
-        if (blob[0] != SYNTHETIC_PASSWORD_VERSION) {
+        final byte version = blob[0];
+        if (version != SYNTHETIC_PASSWORD_VERSION && version != SYNTHETIC_PASSWORD_VERSION_V1) {
             throw new RuntimeException("Unknown blob version");
         }
         if (blob[1] != type) {
             throw new RuntimeException("Invalid blob type");
         }
-        byte[] secret = decryptSPBlob(getHandleName(handle),
+        final byte[] secret;
+        if (version == SYNTHETIC_PASSWORD_VERSION_V1) {
+            secret = SyntheticPasswordCrypto.decryptBlobV1(getHandleName(handle),
+                    Arrays.copyOfRange(blob, 2, blob.length), applicationId);
+        } else {
+            secret = decryptSPBlob(getHandleName(handle),
                 Arrays.copyOfRange(blob, 2, blob.length), applicationId);
+        }
         if (secret == null) {
             Log.e(TAG, "Fail to decrypt SP for user " + userId);
             return null;
@@ -919,6 +930,10 @@ private AuthenticationToken unwrapSyntheticPasswordBlob(long handle, byte type,
         } else {
             result.syntheticPassword = new String(secret);
         }
+        if (version == SYNTHETIC_PASSWORD_VERSION_V1) {
+            Log.i(TAG, "Upgrade v1 SP blob for user " + userId + ", type = " + type);
+            createSyntheticPasswordBlob(handle, type, result, applicationId, sid, userId);
+        }
         return result;
     }
 
