Search in sources :

Example 16 with CredentialHash

use of com.android.server.LockSettingsStorage.CredentialHash in project android_frameworks_base by crdroidandroid.

the class LockSettingsService method setLockPasswordInternal.

private void setLockPasswordInternal(String password, String savedCredential, int userId) throws RemoteException {
    byte[] currentHandle = getCurrentHandle(userId);
    if (password == null) {
        clearUserKeyProtection(userId);
        getGateKeeperService().clearSecureUserId(userId);
        mStorage.writePasswordHash(null, userId);
        setKeystorePassword(null, userId);
        fixateNewestUserKeyAuth(userId);
        onUserLockChanged(userId);
        notifyActivePasswordMetricsAvailable(null, userId);
        return;
    }
    if (isManagedProfileWithUnifiedLock(userId)) {
        // get credential from keystore when managed profile has unified lock
        try {
            savedCredential = getDecryptedPasswordForTiedProfile(userId);
        } catch (FileNotFoundException e) {
            Slog.i(TAG, "Child profile key not found");
        } catch (UnrecoverableKeyException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | CertificateException | IOException e) {
            Slog.e(TAG, "Failed to decrypt child profile key", e);
        }
    } else {
        if (currentHandle == null) {
            if (savedCredential != null) {
                Slog.w(TAG, "Saved credential provided, but none stored");
            }
            savedCredential = null;
        }
    }
    byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, password, userId);
    if (enrolledHandle != null) {
        CredentialHash willStore = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER);
        setUserKeyProtection(userId, password, doVerifyPassword(password, willStore, true, 0, userId, null));
        mStorage.writePasswordHash(enrolledHandle, userId);
        fixateNewestUserKeyAuth(userId);
        onUserLockChanged(userId);
    } else {
        throw new RemoteException("Failed to enroll password");
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) CredentialHash(com.android.server.LockSettingsStorage.CredentialHash) FileNotFoundException(java.io.FileNotFoundException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RemoteException(android.os.RemoteException)

Example 17 with CredentialHash

use of com.android.server.LockSettingsStorage.CredentialHash in project platform_frameworks_base by android.

the class LockSettingsService method doVerifyPattern.

private VerifyCredentialResponse doVerifyPattern(String pattern, boolean hasChallenge, long challenge, int userId, ICheckCredentialProgressCallback progressCallback) throws RemoteException {
    checkPasswordReadPermission(userId);
    if (TextUtils.isEmpty(pattern)) {
        throw new IllegalArgumentException("Pattern can't be null or empty");
    }
    CredentialHash storedHash = mStorage.readPatternHash(userId);
    return doVerifyPattern(pattern, storedHash, hasChallenge, challenge, userId, progressCallback);
}
Also used : CredentialHash(com.android.server.LockSettingsStorage.CredentialHash)

Example 18 with CredentialHash

use of com.android.server.LockSettingsStorage.CredentialHash in project platform_frameworks_base by android.

the class LockSettingsService method doVerifyPassword.

private VerifyCredentialResponse doVerifyPassword(String password, boolean hasChallenge, long challenge, int userId, ICheckCredentialProgressCallback progressCallback) throws RemoteException {
    checkPasswordReadPermission(userId);
    if (TextUtils.isEmpty(password)) {
        throw new IllegalArgumentException("Password can't be null or empty");
    }
    CredentialHash storedHash = mStorage.readPasswordHash(userId);
    return doVerifyPassword(password, storedHash, hasChallenge, challenge, userId, progressCallback);
}
Also used : CredentialHash(com.android.server.LockSettingsStorage.CredentialHash)

Example 19 with CredentialHash

use of com.android.server.LockSettingsStorage.CredentialHash in project android_frameworks_base by AOSPA.

the class LockSettingsService method getCurrentHandle.

private byte[] getCurrentHandle(int userId) {
    CredentialHash credential;
    byte[] currentHandle;
    int currentHandleType = mStorage.getStoredCredentialType(userId);
    switch(currentHandleType) {
        case CredentialHash.TYPE_PATTERN:
            credential = mStorage.readPatternHash(userId);
            currentHandle = credential != null ? credential.hash : null;
            break;
        case CredentialHash.TYPE_PASSWORD:
            credential = mStorage.readPasswordHash(userId);
            currentHandle = credential != null ? credential.hash : null;
            break;
        case CredentialHash.TYPE_NONE:
        default:
            currentHandle = null;
            break;
    }
    // sanity check
    if (currentHandleType != CredentialHash.TYPE_NONE && currentHandle == null) {
        Slog.e(TAG, "Stored handle type [" + currentHandleType + "] but no handle available");
    }
    return currentHandle;
}
Also used : CredentialHash(com.android.server.LockSettingsStorage.CredentialHash)

Example 20 with CredentialHash

use of com.android.server.LockSettingsStorage.CredentialHash in project android_frameworks_base by AOSPA.

the class LockSettingsService method setLockPatternInternal.

private void setLockPatternInternal(String pattern, String savedCredential, int userId) throws RemoteException {
    byte[] currentHandle = getCurrentHandle(userId);
    if (pattern == null) {
        clearUserKeyProtection(userId);
        getGateKeeperService().clearSecureUserId(userId);
        mStorage.writePatternHash(null, userId);
        setKeystorePassword(null, userId);
        fixateNewestUserKeyAuth(userId);
        onUserLockChanged(userId);
        notifyActivePasswordMetricsAvailable(null, userId);
        return;
    }
    if (isManagedProfileWithUnifiedLock(userId)) {
        // get credential from keystore when managed profile has unified lock
        try {
            savedCredential = getDecryptedPasswordForTiedProfile(userId);
        } catch (UnrecoverableKeyException | InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException | CertificateException | IOException e) {
            if (e instanceof FileNotFoundException) {
                Slog.i(TAG, "Child profile key not found");
            } else {
                Slog.e(TAG, "Failed to decrypt child profile key", e);
            }
        }
    } else {
        if (currentHandle == null) {
            if (savedCredential != null) {
                Slog.w(TAG, "Saved credential provided, but none stored");
            }
            savedCredential = null;
        }
    }
    byte[] enrolledHandle = enrollCredential(currentHandle, savedCredential, pattern, userId);
    if (enrolledHandle != null) {
        CredentialHash willStore = new CredentialHash(enrolledHandle, CredentialHash.VERSION_GATEKEEPER);
        setUserKeyProtection(userId, pattern, doVerifyPattern(pattern, willStore, true, 0, userId, null));
        mStorage.writePatternHash(enrolledHandle, userId);
        fixateNewestUserKeyAuth(userId);
        onUserLockChanged(userId);
    } else {
        throw new RemoteException("Failed to enroll pattern");
    }
}
Also used : InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) CredentialHash(com.android.server.LockSettingsStorage.CredentialHash) FileNotFoundException(java.io.FileNotFoundException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) IOException(java.io.IOException) InvalidKeyException(java.security.InvalidKeyException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RemoteException(android.os.RemoteException)

Aggregations

CredentialHash (com.android.server.LockSettingsStorage.CredentialHash)25 RemoteException (android.os.RemoteException)10 FileNotFoundException (java.io.FileNotFoundException)10 IOException (java.io.IOException)10 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)10 InvalidKeyException (java.security.InvalidKeyException)10 KeyStoreException (java.security.KeyStoreException)10 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)10 UnrecoverableKeyException (java.security.UnrecoverableKeyException)10 CertificateException (java.security.cert.CertificateException)10 BadPaddingException (javax.crypto.BadPaddingException)10 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)10 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)10