com/android/server/backup/encryption/KeyValueEncrypter.java - platform/prebuilts/fullsdk/sources/android-31 - Git at Google

 /*
  * Copyright (C) 2019 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.server.backup.encryption;

 import static com.android.server.backup.encryption.BackupEncryptionService.TAG;

 import android.content.Context;
 import android.os.ParcelFileDescriptor;
 import android.util.Log;

 import com.android.server.backup.encryption.client.CryptoBackupServer;
 import com.android.server.backup.encryption.keys.KeyWrapUtils;
 import com.android.server.backup.encryption.keys.RecoverableKeyStoreSecondaryKey;
 import com.android.server.backup.encryption.protos.nano.WrappedKeyProto;
 import com.android.server.backup.encryption.tasks.EncryptedKvBackupTask;
 import com.android.server.backup.encryption.tasks.EncryptedKvRestoreTask;

 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.SecureRandom;
 import java.util.Map;

 public class KeyValueEncrypter {
     private final Context mContext;
     private final EncryptionKeyHelper mKeyHelper;

     public KeyValueEncrypter(Context context) {
         mContext = context;
         mKeyHelper = new EncryptionKeyHelper(mContext);
     }

     public void encryptKeyValueData(
             String packageName, ParcelFileDescriptor inputFd, OutputStream outputStream)
             throws Exception {
         EncryptedKvBackupTask.EncryptedKvBackupTaskFactory backupTaskFactory =
                 new EncryptedKvBackupTask.EncryptedKvBackupTaskFactory();
         EncryptedKvBackupTask backupTask =
                 backupTaskFactory.newInstance(
                         mContext,
                         new SecureRandom(),
                         new FileBackupServer(outputStream),
                         CryptoSettings.getInstance(mContext),
                         mKeyHelper.getKeyManagerProvider(),
                         inputFd,
                         packageName);
         backupTask.performBackup(/* incremental */ false);
     }

     public void decryptKeyValueData(String packageName,
             InputStream encryptedInputStream, ParcelFileDescriptor outputFd) throws Exception {
         RecoverableKeyStoreSecondaryKey secondaryKey = mKeyHelper.getActiveSecondaryKey();

         EncryptedKvRestoreTask.EncryptedKvRestoreTaskFactory restoreTaskFactory =
                 new EncryptedKvRestoreTask.EncryptedKvRestoreTaskFactory();
         EncryptedKvRestoreTask restoreTask =
                 restoreTaskFactory.newInstance(
                         mContext,
                         mKeyHelper.getKeyManagerProvider(),
                         new InputStreamFullRestoreDownloader(encryptedInputStream),
                         secondaryKey.getAlias(),
                         KeyWrapUtils.wrap(
                                 secondaryKey.getSecretKey(),
                                 mKeyHelper.getTertiaryKey(packageName, secondaryKey)));

         restoreTask.getRestoreData(outputFd);
     }

     // TODO(b/142455725): Extract into a commong class.
     private static class FileBackupServer implements CryptoBackupServer {
         private static final String EMPTY_DOC_ID = "";

         private final OutputStream mOutputStream;

         FileBackupServer(OutputStream outputStream) {
             mOutputStream = outputStream;
         }

         @Override
         public String uploadIncrementalBackup(
                 String packageName,
                 String oldDocId,
                 byte[] diffScript,
                 WrappedKeyProto.WrappedKey tertiaryKey) {
             throw new UnsupportedOperationException();
         }

         @Override
         public String uploadNonIncrementalBackup(
                 String packageName, byte[] data, WrappedKeyProto.WrappedKey tertiaryKey) {
             try {
                 mOutputStream.write(data);
             } catch (IOException e) {
                 Log.w(TAG, "Failed to write encrypted data to file: ", e);
             }

             return EMPTY_DOC_ID;
         }

         @Override
         public void setActiveSecondaryKeyAlias(
                 String keyAlias, Map<String, WrappedKeyProto.WrappedKey> tertiaryKeys) {
             // Do nothing.
         }
     }

     // TODO(b/142455725): Extract into a commong class.
     private static class InputStreamFullRestoreDownloader extends FullRestoreDownloader {
         private final InputStream mInputStream;

         InputStreamFullRestoreDownloader(InputStream inputStream) {
             mInputStream = inputStream;
         }

         @Override
         public int readNextChunk(byte[] buffer) throws IOException {
             return mInputStream.read(buffer);
         }

         @Override
         public void finish(FinishType finishType) {
             try {
                 mInputStream.close();
             } catch (IOException e) {
                 Log.w(TAG, "Error while reading restore data");
             }
         }
     }
 }
	/*
	* Copyright (C) 2019 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.server.backup.encryption;

	import static com.android.server.backup.encryption.BackupEncryptionService.TAG;

	import android.content.Context;
	import android.os.ParcelFileDescriptor;
	import android.util.Log;

	import com.android.server.backup.encryption.client.CryptoBackupServer;
	import com.android.server.backup.encryption.keys.KeyWrapUtils;
	import com.android.server.backup.encryption.keys.RecoverableKeyStoreSecondaryKey;
	import com.android.server.backup.encryption.protos.nano.WrappedKeyProto;
	import com.android.server.backup.encryption.tasks.EncryptedKvBackupTask;
	import com.android.server.backup.encryption.tasks.EncryptedKvRestoreTask;

	import java.io.IOException;
	import java.io.InputStream;
	import java.io.OutputStream;
	import java.security.SecureRandom;
	import java.util.Map;

	public class KeyValueEncrypter {
	private final Context mContext;
	private final EncryptionKeyHelper mKeyHelper;

	public KeyValueEncrypter(Context context) {
	mContext = context;
	mKeyHelper = new EncryptionKeyHelper(mContext);
	}

	public void encryptKeyValueData(
	String packageName, ParcelFileDescriptor inputFd, OutputStream outputStream)
	throws Exception {
	EncryptedKvBackupTask.EncryptedKvBackupTaskFactory backupTaskFactory =
	new EncryptedKvBackupTask.EncryptedKvBackupTaskFactory();
	EncryptedKvBackupTask backupTask =
	backupTaskFactory.newInstance(
	mContext,
	new SecureRandom(),
	new FileBackupServer(outputStream),
	CryptoSettings.getInstance(mContext),
	mKeyHelper.getKeyManagerProvider(),
	inputFd,
	packageName);
	backupTask.performBackup(/* incremental */ false);
	}

	public void decryptKeyValueData(String packageName,
	InputStream encryptedInputStream, ParcelFileDescriptor outputFd) throws Exception {
	RecoverableKeyStoreSecondaryKey secondaryKey = mKeyHelper.getActiveSecondaryKey();

	EncryptedKvRestoreTask.EncryptedKvRestoreTaskFactory restoreTaskFactory =
	new EncryptedKvRestoreTask.EncryptedKvRestoreTaskFactory();
	EncryptedKvRestoreTask restoreTask =
	restoreTaskFactory.newInstance(
	mContext,
	mKeyHelper.getKeyManagerProvider(),
	new InputStreamFullRestoreDownloader(encryptedInputStream),
	secondaryKey.getAlias(),
	KeyWrapUtils.wrap(
	secondaryKey.getSecretKey(),
	mKeyHelper.getTertiaryKey(packageName, secondaryKey)));

	restoreTask.getRestoreData(outputFd);
	}

	// TODO(b/142455725): Extract into a commong class.
	private static class FileBackupServer implements CryptoBackupServer {
	private static final String EMPTY_DOC_ID = "";

	private final OutputStream mOutputStream;

	FileBackupServer(OutputStream outputStream) {
	mOutputStream = outputStream;
	}

	@Override
	public String uploadIncrementalBackup(
	String packageName,
	String oldDocId,
	byte[] diffScript,
	WrappedKeyProto.WrappedKey tertiaryKey) {
	throw new UnsupportedOperationException();
	}

	@Override
	public String uploadNonIncrementalBackup(
	String packageName, byte[] data, WrappedKeyProto.WrappedKey tertiaryKey) {
	try {
	mOutputStream.write(data);
	} catch (IOException e) {
	Log.w(TAG, "Failed to write encrypted data to file: ", e);
	}

	return EMPTY_DOC_ID;
	}

	@Override
	public void setActiveSecondaryKeyAlias(
	String keyAlias, Map<String, WrappedKeyProto.WrappedKey> tertiaryKeys) {
	// Do nothing.
	}
	}

	// TODO(b/142455725): Extract into a commong class.
	private static class InputStreamFullRestoreDownloader extends FullRestoreDownloader {
	private final InputStream mInputStream;

	InputStreamFullRestoreDownloader(InputStream inputStream) {
	mInputStream = inputStream;
	}

	@Override
	public int readNextChunk(byte[] buffer) throws IOException {
	return mInputStream.read(buffer);
	}

	@Override
	public void finish(FinishType finishType) {
	try {
	mInputStream.close();
	} catch (IOException e) {
	Log.w(TAG, "Error while reading restore data");
	}
	}
	}
	}