1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.locksettings.recoverablekeystore.storage; 18 19 import android.provider.BaseColumns; 20 21 /** 22 * Contract for recoverable key database. Describes the tables present. 23 * 24 * Make sure that {@code removeUserFromAllKnownTables} is updated, when new table is added. 25 */ 26 class RecoverableKeyStoreDbContract { 27 /** 28 * Table holding wrapped keys, and information about when they were last synced. 29 */ 30 static class KeysEntry implements BaseColumns { 31 static final String TABLE_NAME = "keys"; 32 33 /** 34 * The user id of the profile the application is running under. 35 */ 36 static final String COLUMN_NAME_USER_ID = "user_id"; 37 38 /** 39 * The uid of the application that generated the key. 40 */ 41 static final String COLUMN_NAME_UID = "uid"; 42 43 /** 44 * The alias of the key, as set in AndroidKeyStore. 45 */ 46 static final String COLUMN_NAME_ALIAS = "alias"; 47 48 /** 49 * Nonce with which the key was encrypted. 50 */ 51 static final String COLUMN_NAME_NONCE = "nonce"; 52 53 /** 54 * Encrypted bytes of the key. 55 */ 56 static final String COLUMN_NAME_WRAPPED_KEY = "wrapped_key"; 57 58 /** 59 * Generation ID of the platform key that was used to encrypt this key. 60 */ 61 static final String COLUMN_NAME_GENERATION_ID = "platform_key_generation_id"; 62 63 /** 64 * Timestamp of when this key was last synced with remote storage, or -1 if never synced. 65 */ 66 static final String COLUMN_NAME_LAST_SYNCED_AT = "last_synced_at"; 67 68 /** 69 * Status of the key sync {@code RecoveryController#setRecoveryStatus} 70 */ 71 static final String COLUMN_NAME_RECOVERY_STATUS = "recovery_status"; 72 73 /** 74 * Data blob that will be authenticated (but encrypted) together with the key when the key 75 * is uploaded to cloud. 76 */ 77 static final String COLUMN_NAME_KEY_METADATA = "key_metadata"; 78 } 79 80 /** 81 * Recoverable KeyStore metadata for a specific user profile. 82 */ 83 static class UserMetadataEntry implements BaseColumns { 84 static final String TABLE_NAME = "user_metadata"; 85 86 /** 87 * User ID of the profile. 88 */ 89 static final String COLUMN_NAME_USER_ID = "user_id"; 90 91 /** 92 * Every time a new platform key is generated for a user, this increments. The platform key 93 * is used to wrap recoverable keys on disk. 94 */ 95 static final String COLUMN_NAME_PLATFORM_KEY_GENERATION_ID = "platform_key_generation_id"; 96 97 /** 98 * Serial number for the user which can not be reused. Default value is {@code -1}. 99 */ 100 static final String COLUMN_NAME_USER_SERIAL_NUMBER = "user_serial_number"; 101 102 /** 103 * Number of invalid lockscreen credentials guess from a remote device. 104 */ 105 static final String COLUMN_NAME_BAD_REMOTE_GUESS_COUNTER = "bad_remote_guess_counter"; 106 } 107 108 /** 109 * Table holding metadata of the recovery service. 110 */ 111 static class RecoveryServiceMetadataEntry implements BaseColumns { 112 static final String TABLE_NAME = "recovery_service_metadata"; 113 114 /** 115 * The user id of the profile the application is running under. 116 */ 117 static final String COLUMN_NAME_USER_ID = "user_id"; 118 119 /** 120 * The uid of the application that initializes the local recovery components. 121 */ 122 static final String COLUMN_NAME_UID = "uid"; 123 124 /** 125 * Version of the latest recovery snapshot. 126 */ 127 static final String COLUMN_NAME_SNAPSHOT_VERSION = "snapshot_version"; 128 129 /** 130 * Flag to generate new snapshot. 131 */ 132 static final String COLUMN_NAME_SHOULD_CREATE_SNAPSHOT = "should_create_snapshot"; 133 134 /** 135 * The public key of the recovery service. 136 * Deprecated. 137 */ 138 static final String COLUMN_NAME_PUBLIC_KEY = "public_key"; 139 140 /** 141 * The certificate path of the recovery service. 142 * Deprecated. 143 */ 144 static final String COLUMN_NAME_CERT_PATH = "cert_path"; 145 146 /** 147 * The serial number contained in the certificate XML file of the recovery service. 148 * Deprecated. 149 */ 150 static final String COLUMN_NAME_CERT_SERIAL = "cert_serial"; 151 152 /** 153 * Secret types used for end-to-end encryption. 154 */ 155 static final String COLUMN_NAME_SECRET_TYPES = "secret_types"; 156 157 /** 158 * Locally generated random number. 159 */ 160 static final String COLUMN_NAME_COUNTER_ID = "counter_id"; 161 162 /** 163 * The server parameters of the recovery service. 164 */ 165 static final String COLUMN_NAME_SERVER_PARAMS = "server_params"; 166 167 /** 168 * Active root of trust 169 */ 170 static final String COLUMN_NAME_ACTIVE_ROOT_OF_TRUST = "active_root_of_trust"; 171 } 172 173 /** 174 * Table data for given recovery agent and root of trust pair. 175 */ 176 static class RootOfTrustEntry implements BaseColumns { 177 static final String TABLE_NAME = "root_of_trust"; 178 179 /** 180 * The user id of the profile the application is running under. 181 */ 182 static final String COLUMN_NAME_USER_ID = "user_id"; 183 184 /** 185 * The uid of the application that initializes the local recovery components. 186 */ 187 static final String COLUMN_NAME_UID = "uid"; 188 189 /** 190 * Root of trust alias 191 */ 192 static final String COLUMN_NAME_ROOT_ALIAS = "root_alias"; 193 194 /** 195 * The certificate path of the recovery service. 196 */ 197 static final String COLUMN_NAME_CERT_PATH = "cert_path"; 198 199 /** 200 * The serial number contained in the certificate XML file of the recovery service. 201 */ 202 static final String COLUMN_NAME_CERT_SERIAL = "cert_serial"; 203 } 204 } 205