1 /* 2 * Copyright (C) 2023 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.ondevicepersonalization.services.util; 18 19 import android.annotation.NonNull; 20 import android.security.keystore.KeyGenParameterSpec; 21 import android.security.keystore.KeyProperties; 22 import android.util.Base64; 23 24 import java.io.ByteArrayInputStream; 25 import java.io.ByteArrayOutputStream; 26 import java.io.ObjectInputStream; 27 import java.io.ObjectOutputStream; 28 import java.io.Serializable; 29 import java.security.KeyStore; 30 31 import javax.crypto.Cipher; 32 import javax.crypto.KeyGenerator; 33 import javax.crypto.SealedObject; 34 import javax.crypto.SecretKey; 35 36 /** 37 * Utilities to encrypt and decrypt strings. 38 */ 39 public class CryptUtils { 40 private static final String KEY_ALIAS = "odp_key_alias"; 41 private static final String PROVIDER = "AndroidKeyStore"; 42 private static final String TRANSFORMATION = "AES/GCM/NoPadding"; 43 getSecretKey()44 private static SecretKey getSecretKey() throws Exception { 45 KeyStore keyStore = KeyStore.getInstance(PROVIDER); 46 keyStore.load(null); 47 if (keyStore.containsAlias(KEY_ALIAS)) { 48 KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry( 49 KEY_ALIAS, null); 50 return secretKeyEntry.getSecretKey(); 51 } else { 52 KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, 53 PROVIDER); 54 KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder(KEY_ALIAS, 55 KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT).setBlockModes( 56 KeyProperties.BLOCK_MODE_GCM).setEncryptionPaddings( 57 KeyProperties.ENCRYPTION_PADDING_NONE).build(); 58 keyGenerator.init(keyGenParameterSpec); 59 return keyGenerator.generateKey(); 60 } 61 } 62 63 /** Encrypts an object and produces a base64 string. */ encrypt(@onNull Serializable data)64 public static String encrypt(@NonNull Serializable data) throws Exception { 65 Cipher cipher = Cipher.getInstance(TRANSFORMATION); 66 cipher.init(Cipher.ENCRYPT_MODE, getSecretKey()); 67 68 SealedObject sealedData = new SealedObject(data, cipher); 69 70 try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); 71 ObjectOutputStream objectOutputStream = new ObjectOutputStream( 72 byteArrayOutputStream)) { 73 objectOutputStream.writeObject(sealedData); 74 byte[] sealedBytes = byteArrayOutputStream.toByteArray(); 75 return Base64.encodeToString(sealedBytes, Base64.URL_SAFE | Base64.NO_WRAP); 76 } 77 } 78 79 /** Decrypts a base64 string. */ decrypt(@onNull String base64data)80 public static Object decrypt(@NonNull String base64data) throws Exception { 81 byte[] cipherMessage = Base64.decode(base64data, Base64.URL_SAFE | Base64.NO_WRAP); 82 83 try (ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(cipherMessage); 84 ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream)) { 85 SealedObject sealedData = (SealedObject) objectInputStream.readObject(); 86 87 return sealedData.getObject(getSecretKey()); 88 } 89 } 90 CryptUtils()91 private CryptUtils() { 92 } 93 } 94