Skip to content

Commit

Permalink
Merge pull request #49 from KVVat/keytestingpatch15
Browse files Browse the repository at this point in the history 
Add KeyTestingPatches for Android 15
  • Loading branch information
@mpgroover
mpgroover authored Jan 16, 2025
2 parents 055f829 + 8d9d803 commit 96dcd75
Show file tree
Hide file tree
Showing 7 changed files with 308 additions and 0 deletions.
31 changes: 31 additions & 0 deletions niap-cc/KeyTestingPatches/Android15/0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
From 55091e8d469bae3afbef58cfb33c50aa73861f26 Mon Sep 17 00:00:00 2001
From: Paul Crowley <[email protected]>
Date: Thu, 18 Aug 2022 22:33:22 -0700
Subject: [PATCH] DO NOT SUBMIT log disk encryption keys

Bug: 121287968
Test: DO NOT SUBMIT
Change-Id: Ifc6f72b40dfe8c6edc5e9d9372ef670b9b3455ae
---
KeyStorage.cpp | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 3ede67e..24b309b 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -655,6 +655,12 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe
return false;
}
}
+
+ KeyBuffer hexKey;
+ StrToHex(*key, hexKey);
+ hexKey.push_back('\0');
+ LOG(DEBUG) << "DO NOT SUBMIT log of key in " << dir << " " << hexKey.data();
+
return true;
}

--
2.37.1.595.g718a3a8f04-goog
29 changes: 29 additions & 0 deletions niap-cc/KeyTestingPatches/Android15/0001-Dump-security-key.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
From 5bfeb985b2eacef0e37f4d6286ede353d9f4fb30 Mon Sep 17 00:00:00 2001
From: Sunil Ravi <[email protected]>
Date: Sun, 10 Mar 2019 12:49:53 -0700
Subject: [PATCH] Dump security key

Dump security keys from supplicant

Bug: 123907624
Test: Regression test
Change-Id: I77254d92077d20d6a9520d7cf9f55eecbb2853f6
---
src/utils/wpa_debug.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
index a338a20..919dc8a 100644
--- a/src/utils/wpa_debug.c
+++ b/src/utils/wpa_debug.c
@@ -390,7 +390,7 @@ void wpa_hexdump(int level, const char *title, const void *buf, size_t len)

void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len)
{
- _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys, 0);
+ _wpa_hexdump(level, title, buf, len, 1/* wpa_debug_show_keys */, 0);
}


--
2.28.0.236.gb10cc79966-goog
82 changes: 82 additions & 0 deletions niap-cc/KeyTestingPatches/Android15/0001-SyntheticPasswordCrypto.java.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
--- SyntheticPasswordCrypto.java 2023-10-02 05:35:22.189541116 +0000
+++ SyntheticPasswordCrypto.java.patched 2023-09-29 02:57:08.030762456 +0000
@@ -23,11 +23,13 @@ import android.security.keystore2.Androi
import android.system.keystore2.Domain;
import android.system.keystore2.KeyDescriptor;
import android.text.TextUtils;
+import android.util.Log;
import android.util.Slog;

import com.android.internal.util.ArrayUtils;

import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
@@ -253,6 +255,8 @@ class SyntheticPasswordCrypto {

protected static byte[] personalizedHash(byte[] personalization, byte[]... message) {
try {
+ StringBuilder logMessage = new StringBuilder();
+ logMessage.append("DO NOT SUBMIT personalizedHash");
final int PADDING_LENGTH = 128;
MessageDigest digest = MessageDigest.getInstance("SHA-512");
if (personalization.length > PADDING_LENGTH) {
@@ -260,16 +264,55 @@ class SyntheticPasswordCrypto {
}
// Personalize the hash
// Pad it to the block size of the hash function
+ logMessage.append(" personalization: ");
+ logMessage.append(new String(personalization, "UTF-8"));
personalization = Arrays.copyOf(personalization, PADDING_LENGTH);
digest.update(personalization);
+ logMessage.append(" message: [");
for (byte[] data : message) {
+ logMessage.append(" ");
+ logMessage.append(bytesToHex(data));
digest.update(data);
}
- return digest.digest();
+ logMessage.append(" ]");
+ byte[] res = digest.digest();
+ logMessage.append(" digest: ");
+ logMessage.append(bytesToHex(res));
+ Log.e(TAG, logMessage.toString());
+ return res;
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("NoSuchAlgorithmException for SHA-512", e);
+ } catch (UnsupportedEncodingException e) {
+ throw new IllegalStateException("Unable to represent bytes as UTF-8", e);
}
}
+ /**
+ * Uppercase hex string for byte array
+ */
+ public static String bytesToHex(byte[] bytes) {
+ try {
+ return new String(bytesToHexBytes(bytes), "UTF-8");
+ } catch (UnsupportedEncodingException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ protected static final byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes();
+ /**
+ * Converts bytes to hex.
+ */
+ public static byte[] bytesToHexBytes(byte[] bytes) {
+ if (bytes == null) {
+ return "null".getBytes();
+ }
+ byte[] hexBytes = new byte[bytes.length * 2];
+ for (int j = 0; j < bytes.length; j++) {
+ int v = bytes[j] & 0xFF;
+ hexBytes[j * 2] = HEX_ARRAY[v >>> 4];
+ hexBytes[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
+ }
+ return hexBytes;
+ }

static boolean migrateLockSettingsKey(String alias) {
final KeyDescriptor legacyKey = new KeyDescriptor();
71 changes: 71 additions & 0 deletions niap-cc/KeyTestingPatches/Android15/0001-SyntheticPasswordManager.java.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
--- SyntheticPasswordManager.java 2023-10-02 05:35:22.189541116 +0000
+++ SyntheticPasswordManager.java.patched 2023-09-29 02:55:56.394865625 +0000
@@ -44,6 +44,7 @@ import android.service.gatekeeper.IGateK
import android.text.TextUtils;
import android.util.ArrayMap;
import android.util.ArraySet;
+import android.util.Log;
import android.util.Slog;

import com.android.internal.annotations.VisibleForTesting;
@@ -225,8 +226,20 @@ class SyntheticPasswordManager {
*/
private byte[] deriveSubkey(byte[] personalization) {
if (mVersion == SYNTHETIC_PASSWORD_VERSION_V3) {
- return (new SP800Derive(mSyntheticPassword))
- .withContext(personalization, PERSONALIZATION_CONTEXT);
+
+ StringBuilder logMessage = new StringBuilder();
+ logMessage.append("DO NOT SUBMIT derivePassword");
+ logMessage.append(" personalization: ");
+ logMessage.append(SyntheticPasswordCrypto.bytesToHex(personalization));
+ logMessage.append(" context: ");
+ logMessage.append(SyntheticPasswordCrypto.bytesToHex(PERSONALIZATION_CONTEXT));
+ byte[] res = (new SP800Derive(mSyntheticPassword))
+ .withContext(personalization, PERSONALIZATION_CONTEXT);
+ logMessage.append(" result: ");
+ logMessage.append(SyntheticPasswordCrypto.bytesToHex(res));
+ Log.e(TAG, logMessage.toString());
+
+ return res;
} else {
return SyntheticPasswordCrypto.personalizedHash(personalization,
mSyntheticPassword);
@@ -234,7 +247,8 @@ class SyntheticPasswordManager {
}

public byte[] deriveKeyStorePassword() {
- return bytesToHex(deriveSubkey(PERSONALIZATION_KEY_STORE_PASSWORD));
+ return SyntheticPasswordCrypto.bytesToHexBytes(
+ deriveSubkey(PERSONALIZATION_KEY_STORE_PASSWORD));
}

public byte[] deriveGkPassword() {
@@ -926,6 +940,8 @@ class SyntheticPasswordManager {
PasswordData pwd = credential.isNone() ? null :
PasswordData.create(credential.getType(), pinLength);
byte[] stretchedLskf = stretchLskf(credential, pwd);
+ String hexPwdToken = String.valueOf(HexEncoding.encode(stretchedLskf));
+ Log.i(TAG, "CKM.4.1 pwdToken " + hexPwdToken);
long sid = GateKeeper.INVALID_SECURE_USER_ID;
final byte[] protectorSecret;

@@ -1476,6 +1492,9 @@ class SyntheticPasswordManager {

private SyntheticPassword unwrapSyntheticPasswordBlob(long protectorId,
byte expectedProtectorType, byte[] protectorSecret, long sid, int userId) {
+ String hexApplicationId = String.valueOf(HexEncoding.encode(protectorSecret));
+ Log.i(TAG, "CKM.4.2 protectorSecret " + hexApplicationId);
+
byte[] data = loadState(SP_BLOB_NAME, protectorId, userId);
if (data == null) {
return null;
@@ -1510,6 +1529,8 @@ class SyntheticPasswordManager {
}
result.recreateFromEscrow(spSecret);
} else {
+ String hexSyntheticPassword = String.valueOf(HexEncoding.encode(spSecret));
+ Log.i(TAG, "CKM.4.3 synthetic password " + hexSyntheticPassword);
result.recreateDirectly(spSecret);
}
if (blob.mVersion == SYNTHETIC_PASSWORD_VERSION_V1) {
60 changes: 60 additions & 0 deletions niap-cc/KeyTestingPatches/Android15/DumpKeystore2/super_key.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
Index: keystore2/src/super_key.rs
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/keystore2/src/super_key.rs b/keystore2/src/super_key.rs
--- a/keystore2/src/super_key.rs
+++ b/keystore2/src/super_key.rs (date 1733981834874)
@@ -51,7 +51,7 @@
sync::{Mutex, RwLock, Weak},
};
use std::{convert::TryFrom, ops::Deref};
-
+use std::fmt;
const MAX_MAX_BOOT_LEVEL: usize = 1_000_000_000;
/// Allow up to 15 seconds between the user unlocking using a biometric, and the auth
/// token being used to unlock in [`SuperKeyManager::try_unlock_user_with_biometric`].
@@ -70,6 +70,16 @@
EcdhP521,
}

+
+impl fmt::Display for SuperEncryptionAlgorithm {
+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ match self {
+ SuperEncryptionAlgorithm::Aes256Gcm => write!(f, "AES-256-GCM"),
+ SuperEncryptionAlgorithm::EcdhP521 => write!(f, "ECDH P-521"),
+ }
+ }
+}
+
/// A particular user may have several superencryption keys in the database, each for a
/// different purpose, distinguished by alias. Each is associated with a static
/// constant of this type.
@@ -557,6 +567,7 @@
));
}
};
+ log::debug!("CKM.4 keystore daemon Master key read:{}",format!("algorithm:{}; {:02x?}",algorithm,key));
Ok(Arc::new(SuperKey {
algorithm,
key,
@@ -590,6 +601,7 @@
.context(ks_err!("Failed to encrypt new super key."))?;
metadata.add(BlobMetaEntry::Iv(iv));
metadata.add(BlobMetaEntry::AeadTag(tag));
+ log::debug!("CKM.4 keystore daemon Password key:{}",format!("{:02x?}",encrypted_key));
Ok((encrypted_key, metadata))
}

@@ -773,6 +785,9 @@
let key_entry = db
.store_super_key(user_id, key_type, &encrypted_super_key, &blob_metadata, &key_metadata)
.context(ks_err!("Failed to store super key."))?;
+
+ log::debug!("CKM.4 keystore daemon Master key generate:{}",format!("algorithm:{};{:02x?}",key_type.algorithm,super_key));
+
Ok(Arc::new(SuperKey {
algorithm: key_type.algorithm,
key: super_key,
17 changes: 17 additions & 0 deletions niap-cc/KeyTestingPatches/Android15/DumpKeystore2/zvec.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
Index: keystore2/src/crypto/zvec.rs
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
diff --git a/keystore2/src/crypto/zvec.rs b/keystore2/src/crypto/zvec.rs
--- a/keystore2/src/crypto/zvec.rs
+++ b/keystore2/src/crypto/zvec.rs (date 1733902489725)
@@ -107,7 +107,7 @@
if self.elems.is_empty() {
write!(f, "Zvec empty")
} else {
- write!(f, "Zvec size: {} {}", self.len)
+ write!(f, "Zvec size: {} {:02x?}", self.len,self.elems)
}
}
}
18 changes: 18 additions & 0 deletions niap-cc/KeyTestingPatches/Android15/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
These patches are based off of the android15-dev branch
This time, We can apply Android 14 patches except for keystore.

Here are the paths that the patches apply to:

`frameworks/base`:
- 0001-SyntheticPasswordCrypto.java.patch
- 0001-SyntheticPasswordManager.java.patch

`system/vold`:
- 0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch

`external/wpa_supplicant_8`:
- 0001-Dump-security-key.patch

`system/security/keystore2`:
- DumpKeystore2/super_key.rs
- DumpKeystore2/zvec.rs

0 comments on commit 96dcd75

Please sign in to comment.