| /* |
| * Copyright (C) 2019 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.server.backup.encryption; |
| |
| import static com.android.server.backup.encryption.BackupEncryptionService.TAG; |
| |
| import android.content.Context; |
| import android.os.ParcelFileDescriptor; |
| import android.util.Log; |
| |
| import com.android.server.backup.encryption.client.CryptoBackupServer; |
| import com.android.server.backup.encryption.keys.KeyWrapUtils; |
| import com.android.server.backup.encryption.keys.RecoverableKeyStoreSecondaryKey; |
| import com.android.server.backup.encryption.protos.nano.WrappedKeyProto; |
| import com.android.server.backup.encryption.tasks.EncryptedKvBackupTask; |
| import com.android.server.backup.encryption.tasks.EncryptedKvRestoreTask; |
| |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.io.OutputStream; |
| import java.security.SecureRandom; |
| import java.util.Map; |
| |
| public class KeyValueEncrypter { |
| private final Context mContext; |
| private final EncryptionKeyHelper mKeyHelper; |
| |
| public KeyValueEncrypter(Context context) { |
| mContext = context; |
| mKeyHelper = new EncryptionKeyHelper(mContext); |
| } |
| |
| public void encryptKeyValueData( |
| String packageName, ParcelFileDescriptor inputFd, OutputStream outputStream) |
| throws Exception { |
| EncryptedKvBackupTask.EncryptedKvBackupTaskFactory backupTaskFactory = |
| new EncryptedKvBackupTask.EncryptedKvBackupTaskFactory(); |
| EncryptedKvBackupTask backupTask = |
| backupTaskFactory.newInstance( |
| mContext, |
| new SecureRandom(), |
| new FileBackupServer(outputStream), |
| CryptoSettings.getInstance(mContext), |
| mKeyHelper.getKeyManagerProvider(), |
| inputFd, |
| packageName); |
| backupTask.performBackup(/* incremental */ false); |
| } |
| |
| public void decryptKeyValueData(String packageName, |
| InputStream encryptedInputStream, ParcelFileDescriptor outputFd) throws Exception { |
| RecoverableKeyStoreSecondaryKey secondaryKey = mKeyHelper.getActiveSecondaryKey(); |
| |
| EncryptedKvRestoreTask.EncryptedKvRestoreTaskFactory restoreTaskFactory = |
| new EncryptedKvRestoreTask.EncryptedKvRestoreTaskFactory(); |
| EncryptedKvRestoreTask restoreTask = |
| restoreTaskFactory.newInstance( |
| mContext, |
| mKeyHelper.getKeyManagerProvider(), |
| new InputStreamFullRestoreDownloader(encryptedInputStream), |
| secondaryKey.getAlias(), |
| KeyWrapUtils.wrap( |
| secondaryKey.getSecretKey(), |
| mKeyHelper.getTertiaryKey(packageName, secondaryKey))); |
| |
| restoreTask.getRestoreData(outputFd); |
| } |
| |
| // TODO(b/142455725): Extract into a commong class. |
| private static class FileBackupServer implements CryptoBackupServer { |
| private static final String EMPTY_DOC_ID = ""; |
| |
| private final OutputStream mOutputStream; |
| |
| FileBackupServer(OutputStream outputStream) { |
| mOutputStream = outputStream; |
| } |
| |
| @Override |
| public String uploadIncrementalBackup( |
| String packageName, |
| String oldDocId, |
| byte[] diffScript, |
| WrappedKeyProto.WrappedKey tertiaryKey) { |
| throw new UnsupportedOperationException(); |
| } |
| |
| @Override |
| public String uploadNonIncrementalBackup( |
| String packageName, byte[] data, WrappedKeyProto.WrappedKey tertiaryKey) { |
| try { |
| mOutputStream.write(data); |
| } catch (IOException e) { |
| Log.w(TAG, "Failed to write encrypted data to file: ", e); |
| } |
| |
| return EMPTY_DOC_ID; |
| } |
| |
| @Override |
| public void setActiveSecondaryKeyAlias( |
| String keyAlias, Map<String, WrappedKeyProto.WrappedKey> tertiaryKeys) { |
| // Do nothing. |
| } |
| } |
| |
| // TODO(b/142455725): Extract into a commong class. |
| private static class InputStreamFullRestoreDownloader extends FullRestoreDownloader { |
| private final InputStream mInputStream; |
| |
| InputStreamFullRestoreDownloader(InputStream inputStream) { |
| mInputStream = inputStream; |
| } |
| |
| @Override |
| public int readNextChunk(byte[] buffer) throws IOException { |
| return mInputStream.read(buffer); |
| } |
| |
| @Override |
| public void finish(FinishType finishType) { |
| try { |
| mInputStream.close(); |
| } catch (IOException e) { |
| Log.w(TAG, "Error while reading restore data"); |
| } |
| } |
| } |
| } |