1 /*
2  * Copyright (C) 2013 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.example.android.vault;
18 
19 import android.content.Context;
20 import android.security.KeyPairGeneratorSpec;
21 
22 import java.io.IOException;
23 import java.math.BigInteger;
24 import java.security.GeneralSecurityException;
25 import java.security.KeyPair;
26 import java.security.KeyPairGenerator;
27 import java.security.KeyStore;
28 import java.util.Calendar;
29 import java.util.GregorianCalendar;
30 
31 import javax.crypto.Cipher;
32 import javax.crypto.SecretKey;
33 import javax.security.auth.x500.X500Principal;
34 
35 /**
36  * Wraps {@link SecretKey} instances using a public/private key pair stored in
37  * the platform {@link KeyStore}. This allows us to protect symmetric keys with
38  * hardware-backed crypto, if provided by the device.
39  * <p>
40  * See <a href="http://en.wikipedia.org/wiki/Key_Wrap">key wrapping</a> for more
41  * details.
42  * <p>
43  * Not inherently thread safe.
44  */
45 public class SecretKeyWrapper {
46     private final Cipher mCipher;
47     private final KeyPair mPair;
48 
49     /**
50      * Create a wrapper using the public/private key pair with the given alias.
51      * If no pair with that alias exists, it will be generated.
52      */
SecretKeyWrapper(Context context, String alias)53     public SecretKeyWrapper(Context context, String alias)
54             throws GeneralSecurityException, IOException {
55         mCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
56 
57         final KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
58         keyStore.load(null);
59 
60         if (!keyStore.containsAlias(alias)) {
61             generateKeyPair(context, alias);
62         }
63 
64         // Even if we just generated the key, always read it back to ensure we
65         // can read it successfully.
66         final KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(
67                 alias, null);
68         mPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey());
69     }
70 
generateKeyPair(Context context, String alias)71     private static void generateKeyPair(Context context, String alias)
72             throws GeneralSecurityException {
73         final Calendar start = new GregorianCalendar();
74         final Calendar end = new GregorianCalendar();
75         end.add(Calendar.YEAR, 100);
76 
77         final KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
78                 .setAlias(alias)
79                 .setSubject(new X500Principal("CN=" + alias))
80                 .setSerialNumber(BigInteger.ONE)
81                 .setStartDate(start.getTime())
82                 .setEndDate(end.getTime())
83                 .build();
84 
85         final KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA", "AndroidKeyStore");
86         gen.initialize(spec);
87         gen.generateKeyPair();
88     }
89 
90     /**
91      * Wrap a {@link SecretKey} using the public key assigned to this wrapper.
92      * Use {@link #unwrap(byte[])} to later recover the original
93      * {@link SecretKey}.
94      *
95      * @return a wrapped version of the given {@link SecretKey} that can be
96      *         safely stored on untrusted storage.
97      */
wrap(SecretKey key)98     public byte[] wrap(SecretKey key) throws GeneralSecurityException {
99         mCipher.init(Cipher.WRAP_MODE, mPair.getPublic());
100         return mCipher.wrap(key);
101     }
102 
103     /**
104      * Unwrap a {@link SecretKey} using the private key assigned to this
105      * wrapper.
106      *
107      * @param blob a wrapped {@link SecretKey} as previously returned by
108      *            {@link #wrap(SecretKey)}.
109      */
unwrap(byte[] blob)110     public SecretKey unwrap(byte[] blob) throws GeneralSecurityException {
111         mCipher.init(Cipher.UNWRAP_MODE, mPair.getPrivate());
112         return (SecretKey) mCipher.unwrap(blob, "AES", Cipher.SECRET_KEY);
113     }
114 }
115