src.com.android.server.wifi.util.DataIntegrityChecker Maven / Gradle / Ivy
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.wifi.util;
import android.annotation.NonNull;
import android.os.SystemProperties;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
import android.text.TextUtils;
import android.util.Log;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
/**
* Tools to provide integrity checking of byte arrays based on NIAP Common Criteria Protection
* Profile FCS_STG_EXT.3.1.
*/
public class DataIntegrityChecker {
private static final String TAG = "DataIntegrityChecker";
private static final String FILE_SUFFIX = ".encrypted-checksum";
private static final String ALIAS_SUFFIX = ".data-integrity-checker-key";
private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding";
private static final String DIGEST_ALGORITHM = "SHA-256";
private static final int GCM_TAG_LENGTH = 128;
private static final String KEY_STORE = "AndroidKeyStore";
/**
* When KEYSTORE_FAILURE_RETURN_VALUE is true, all cryptographic operation failures will not
* enforce security and {@link #isOk(byte[])} always return true.
*/
private static final boolean KEYSTORE_FAILURE_RETURN_VALUE = true;
private final File mIntegrityFile;
/**
* Construct a new integrity checker to update and check if/when a data file was altered
* outside expected conditions.
*
* @param integrityFilename The {@link File} path prefix for where the integrity data is stored.
* A file will be created in the name of integrityFile with the suffix
* {@link DataIntegrityChecker#FILE_SUFFIX} We recommend using the same
* path as the file for which integrity is performed on.
* @throws NullPointerException When integrity file is null or the empty string.
*/
public DataIntegrityChecker(@NonNull String integrityFilename) {
if (TextUtils.isEmpty(integrityFilename)) {
throw new NullPointerException("integrityFilename must not be null or the empty "
+ "string");
}
mIntegrityFile = new File(integrityFilename + FILE_SUFFIX);
}
/**
* Computes a digest of a byte array, encrypt it, and store the result
*
* Call this method immediately before storing the byte array
*
* @param data The data desired to ensure integrity
*/
public void update(byte[] data) {
if (data == null || data.length < 1) {
reportException(new Exception("No data to update"), "No data to update.");
return;
}
byte[] digest = getDigest(data);
if (digest == null || digest.length < 1) {
return;
}
String alias = mIntegrityFile.getName() + ALIAS_SUFFIX;
EncryptedData integrityData = encrypt(digest, alias);
if (integrityData != null) {
writeIntegrityData(integrityData, mIntegrityFile);
} else {
reportException(new Exception("integrityData null upon update"),
"integrityData null upon update");
}
}
/**
* Check the integrity of a given byte array
*
* Call this method immediately before trusting the byte array. This method will return false
* when the byte array was altered since the last {@link #update(byte[])}
* call, when {@link #update(byte[])} has never been called, or if there is
* an underlying issue with the cryptographic functions or the key store.
*
* @param data The data to check if its been altered
* @throws DigestException The integrity mIntegrityFile cannot be read. Ensure
* {@link #isOk(byte[])} is called after {@link #update(byte[])}. Otherwise, consider the
* result vacuously true and immediately call {@link #update(byte[])}.
* @return true if the data was not altered since {@link #update(byte[])} was last called
*/
public boolean isOk(byte[] data) throws DigestException {
if (data == null || data.length < 1) {
return KEYSTORE_FAILURE_RETURN_VALUE;
}
byte[] currentDigest = getDigest(data);
if (currentDigest == null || currentDigest.length < 1) {
return KEYSTORE_FAILURE_RETURN_VALUE;
}
EncryptedData encryptedData = null;
try {
encryptedData = readIntegrityData(mIntegrityFile);
} catch (IOException e) {
reportException(e, "readIntegrityData had an IO exception");
return KEYSTORE_FAILURE_RETURN_VALUE;
} catch (ClassNotFoundException e) {
reportException(e, "readIntegrityData could not find the class EncryptedData");
return KEYSTORE_FAILURE_RETURN_VALUE;
}
if (encryptedData == null) {
// File not found is not considered to be an error.
throw new DigestException("No stored digest is available to compare.");
}
byte[] storedDigest = decrypt(encryptedData);
if (storedDigest == null) {
return KEYSTORE_FAILURE_RETURN_VALUE;
}
return constantTimeEquals(storedDigest, currentDigest);
}
private byte[] getDigest(byte[] data) {
try {
return MessageDigest.getInstance(DIGEST_ALGORITHM).digest(data);
} catch (NoSuchAlgorithmException e) {
reportException(e, "getDigest could not find algorithm: " + DIGEST_ALGORITHM);
return null;
}
}
private EncryptedData encrypt(byte[] data, String keyAlias) {
EncryptedData encryptedData = null;
try {
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
SecretKey secretKeyReference = getOrCreateSecretKey(keyAlias);
if (secretKeyReference != null) {
cipher.init(Cipher.ENCRYPT_MODE, secretKeyReference);
encryptedData = new EncryptedData(cipher.doFinal(data), cipher.getIV(), keyAlias);
} else {
reportException(new Exception("secretKeyReference is null."),
"secretKeyReference is null.");
}
} catch (NoSuchAlgorithmException e) {
reportException(e, "encrypt could not find the algorithm: " + CIPHER_ALGORITHM);
} catch (NoSuchPaddingException e) {
reportException(e, "encrypt had a padding exception");
} catch (InvalidKeyException e) {
reportException(e, "encrypt received an invalid key");
} catch (BadPaddingException e) {
reportException(e, "encrypt had a padding problem");
} catch (IllegalBlockSizeException e) {
reportException(e, "encrypt had an illegal block size");
}
return encryptedData;
}
private byte[] decrypt(EncryptedData encryptedData) {
byte[] decryptedData = null;
try {
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH, encryptedData.getIv());
SecretKey secretKeyReference = getOrCreateSecretKey(encryptedData.getKeyAlias());
if (secretKeyReference != null) {
cipher.init(Cipher.DECRYPT_MODE, secretKeyReference, spec);
decryptedData = cipher.doFinal(encryptedData.getEncryptedData());
}
} catch (NoSuchAlgorithmException e) {
reportException(e, "decrypt could not find cipher algorithm " + CIPHER_ALGORITHM);
} catch (NoSuchPaddingException e) {
reportException(e, "decrypt could not find padding algorithm");
} catch (IllegalBlockSizeException e) {
reportException(e, "decrypt had a illegal block size");
} catch (BadPaddingException e) {
reportException(e, "decrypt had bad padding");
} catch (InvalidKeyException e) {
reportException(e, "decrypt had an invalid key");
} catch (InvalidAlgorithmParameterException e) {
reportException(e, "decrypt had an invalid algorithm parameter");
}
return decryptedData;
}
private SecretKey getOrCreateSecretKey(String keyAlias) {
SecretKey secretKey = null;
try {
KeyStore keyStore = KeyStore.getInstance(KEY_STORE);
keyStore.load(null);
if (keyStore.containsAlias(keyAlias)) { // The key exists in key store. Get the key.
KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore
.getEntry(keyAlias, null);
if (secretKeyEntry != null) {
secretKey = secretKeyEntry.getSecretKey();
} else {
reportException(new Exception("keystore contains the alias and the secret key "
+ "entry was null"),
"keystore contains the alias and the secret key entry was null");
}
} else { // The key does not exist in key store. Create the key and store it.
KeyGenerator keyGenerator = KeyGenerator
.getInstance(KeyProperties.KEY_ALGORITHM_AES, KEY_STORE);
KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder(keyAlias,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build();
keyGenerator.init(keyGenParameterSpec);
secretKey = keyGenerator.generateKey();
}
} catch (CertificateException e) {
reportException(e, "getOrCreateSecretKey had a certificate exception.");
} catch (InvalidAlgorithmParameterException e) {
reportException(e, "getOrCreateSecretKey had an invalid algorithm parameter");
} catch (IOException e) {
reportException(e, "getOrCreateSecretKey had an IO exception.");
} catch (KeyStoreException e) {
reportException(e, "getOrCreateSecretKey cannot find the keystore: " + KEY_STORE);
} catch (NoSuchAlgorithmException e) {
reportException(e, "getOrCreateSecretKey cannot find algorithm");
} catch (NoSuchProviderException e) {
reportException(e, "getOrCreateSecretKey cannot find crypto provider");
} catch (UnrecoverableEntryException e) {
reportException(e, "getOrCreateSecretKey had an unrecoverable entry exception.");
}
return secretKey;
}
private void writeIntegrityData(EncryptedData encryptedData, File file) {
try (FileOutputStream fos = new FileOutputStream(file);
ObjectOutputStream oos = new ObjectOutputStream(fos)) {
oos.writeObject(encryptedData);
} catch (FileNotFoundException e) {
reportException(e, "writeIntegrityData could not find the integrity file");
} catch (IOException e) {
reportException(e, "writeIntegrityData had an IO exception");
}
}
private EncryptedData readIntegrityData(File file) throws IOException, ClassNotFoundException {
try (FileInputStream fis = new FileInputStream(file);
ObjectInputStream ois = new ObjectInputStream(fis)) {
return (EncryptedData) ois.readObject();
} catch (FileNotFoundException e) {
// File not found, this is not considered to be a real error. The file will be created
// by the system next time the data file is written. Note that it is not possible for
// non system user to delete or modify the file.
Log.w(TAG, "readIntegrityData could not find integrity file");
}
return null;
}
private boolean constantTimeEquals(byte[] a, byte[] b) {
if (a == null && b == null) {
return true;
}
if (a == null || b == null || a.length != b.length) {
return false;
}
byte differenceAccumulator = 0;
for (int i = 0; i < a.length; ++i) {
differenceAccumulator |= a[i] ^ b[i];
}
return (differenceAccumulator == 0);
}
/* TODO(b/128526030): Remove this error reporting code upon resolving the bug. */
private static final boolean REQUEST_BUG_REPORT = false;
private void reportException(Exception exception, String error) {
Log.wtf(TAG, "An irrecoverable key store error was encountered: " + error);
if (REQUEST_BUG_REPORT) {
SystemProperties.set("dumpstate.options", "bugreportwifi");
SystemProperties.set("ctl.start", "bugreport");
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy