Merge pull request #49 from KVVat/keytestingpatch15

mpgroover · web-flow · commit 96dcd755d51c · 2025-01-16T12:21:28.000-06:00
Add KeyTestingPatches for Android 15
diff --git a/niap-cc/KeyTestingPatches/Android15/0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch b/niap-cc/KeyTestingPatches/Android15/0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch
@@ -0,0 +1,31 @@
+From 55091e8d469bae3afbef58cfb33c50aa73861f26 Mon Sep 17 00:00:00 2001
+From: Paul Crowley <paulcrowley@google.com>
+Date: Thu, 18 Aug 2022 22:33:22 -0700
+Subject: [PATCH] DO NOT SUBMIT log disk encryption keys
+
+Bug: 121287968
+Test: DO NOT SUBMIT
+Change-Id: Ifc6f72b40dfe8c6edc5e9d9372ef670b9b3455ae
+---
+ KeyStorage.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/KeyStorage.cpp b/KeyStorage.cpp
+index 3ede67e..24b309b 100644
+--- a/KeyStorage.cpp
++++ b/KeyStorage.cpp
+@@ -655,6 +655,12 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe
+             return false;
+         }
+     }
++
++    KeyBuffer hexKey;
++    StrToHex(*key, hexKey);
++    hexKey.push_back('\0');
++    LOG(DEBUG) << "DO NOT SUBMIT log of key in " << dir << " " << hexKey.data();
++
+     return true;
+ }
+ 
+-- 
+2.37.1.595.g718a3a8f04-goog
diff --git a/niap-cc/KeyTestingPatches/Android15/0001-Dump-security-key.patch b/niap-cc/KeyTestingPatches/Android15/0001-Dump-security-key.patch
@@ -0,0 +1,29 @@
+From 5bfeb985b2eacef0e37f4d6286ede353d9f4fb30 Mon Sep 17 00:00:00 2001
+From: Sunil Ravi <sunilravi@google.com>
+Date: Sun, 10 Mar 2019 12:49:53 -0700
+Subject: [PATCH] Dump security key
+
+Dump security keys from supplicant
+
+Bug: 123907624
+Test: Regression test
+Change-Id: I77254d92077d20d6a9520d7cf9f55eecbb2853f6
+---
+ src/utils/wpa_debug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c
+index a338a20..919dc8a 100644
+--- a/src/utils/wpa_debug.c
++++ b/src/utils/wpa_debug.c
+@@ -390,7 +390,7 @@ void wpa_hexdump(int level, const char *title, const void *buf, size_t len)
+ 
+ void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len)
+ {
+-       _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys, 0);
++       _wpa_hexdump(level, title, buf, len, 1/* wpa_debug_show_keys */, 0);
+ }
+ 
+ 
+-- 
+2.28.0.236.gb10cc79966-goog
diff --git a/niap-cc/KeyTestingPatches/Android15/0001-SyntheticPasswordCrypto.java.patch b/niap-cc/KeyTestingPatches/Android15/0001-SyntheticPasswordCrypto.java.patch
@@ -0,0 +1,82 @@
+--- SyntheticPasswordCrypto.java	2023-10-02 05:35:22.189541116 +0000
++++ SyntheticPasswordCrypto.java.patched	2023-09-29 02:57:08.030762456 +0000
+@@ -23,11 +23,13 @@ import android.security.keystore2.Androi
+ import android.system.keystore2.Domain;
+ import android.system.keystore2.KeyDescriptor;
+ import android.text.TextUtils;
++import android.util.Log;
+ import android.util.Slog;
+ 
+ import com.android.internal.util.ArrayUtils;
+ 
+ import java.io.IOException;
++import java.io.UnsupportedEncodingException;
+ import java.security.InvalidAlgorithmParameterException;
+ import java.security.InvalidKeyException;
+ import java.security.KeyStore;
+@@ -253,6 +255,8 @@ class SyntheticPasswordCrypto {
+ 
+     protected static byte[] personalizedHash(byte[] personalization, byte[]... message) {
+         try {
++            StringBuilder logMessage = new StringBuilder();
++            logMessage.append("DO NOT SUBMIT personalizedHash");
+             final int PADDING_LENGTH = 128;
+             MessageDigest digest = MessageDigest.getInstance("SHA-512");
+             if (personalization.length > PADDING_LENGTH) {
+@@ -260,16 +264,55 @@ class SyntheticPasswordCrypto {
+             }
+             // Personalize the hash
+             // Pad it to the block size of the hash function
++            logMessage.append(" personalization: ");
++            logMessage.append(new String(personalization, "UTF-8"));
+             personalization = Arrays.copyOf(personalization, PADDING_LENGTH);
+             digest.update(personalization);
++            logMessage.append(" message: [");
+             for (byte[] data : message) {
++                logMessage.append(" ");
++                logMessage.append(bytesToHex(data));
+                 digest.update(data);
+             }
+-            return digest.digest();
++            logMessage.append(" ]");
++            byte[] res = digest.digest();
++            logMessage.append(" digest: ");
++            logMessage.append(bytesToHex(res));
++            Log.e(TAG, logMessage.toString());
++            return res;
+         } catch (NoSuchAlgorithmException e) {
+             throw new IllegalStateException("NoSuchAlgorithmException for SHA-512", e);
++        } catch (UnsupportedEncodingException e) {
++            throw new IllegalStateException("Unable to represent bytes as UTF-8", e);
+         }
+     }
++   /**
++    * Uppercase hex string for byte array
++    */
++   public static String bytesToHex(byte[] bytes) {
++       try {
++           return new String(bytesToHexBytes(bytes), "UTF-8");
++       } catch (UnsupportedEncodingException e) {
++           throw new RuntimeException(e);
++       }
++   }
++
++   protected static final byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes();
++   /**
++    * Converts bytes to hex.
++    */
++   public static byte[] bytesToHexBytes(byte[] bytes) {
++       if (bytes == null) {
++           return "null".getBytes();
++       }
++       byte[] hexBytes = new byte[bytes.length * 2];
++       for (int j = 0; j < bytes.length; j++) {
++           int v = bytes[j] & 0xFF;
++           hexBytes[j * 2] = HEX_ARRAY[v >>> 4];
++           hexBytes[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
++        }
++       return hexBytes;
++    }
+ 
+     static boolean migrateLockSettingsKey(String alias) {
+         final KeyDescriptor legacyKey = new KeyDescriptor();
diff --git a/niap-cc/KeyTestingPatches/Android15/0001-SyntheticPasswordManager.java.patch b/niap-cc/KeyTestingPatches/Android15/0001-SyntheticPasswordManager.java.patch
@@ -0,0 +1,71 @@
+--- SyntheticPasswordManager.java	2023-10-02 05:35:22.189541116 +0000
++++ SyntheticPasswordManager.java.patched	2023-09-29 02:55:56.394865625 +0000
+@@ -44,6 +44,7 @@ import android.service.gatekeeper.IGateK
+ import android.text.TextUtils;
+ import android.util.ArrayMap;
+ import android.util.ArraySet;
++import android.util.Log;
+ import android.util.Slog;
+ 
+ import com.android.internal.annotations.VisibleForTesting;
+@@ -225,8 +226,20 @@ class SyntheticPasswordManager {
+          */
+         private byte[] deriveSubkey(byte[] personalization) {
+             if (mVersion == SYNTHETIC_PASSWORD_VERSION_V3) {
+-                return (new SP800Derive(mSyntheticPassword))
+-                    .withContext(personalization, PERSONALIZATION_CONTEXT);
++
++                StringBuilder logMessage = new StringBuilder();
++                logMessage.append("DO NOT SUBMIT derivePassword");
++                logMessage.append(" personalization: ");
++                logMessage.append(SyntheticPasswordCrypto.bytesToHex(personalization));
++                logMessage.append(" context: ");
++                logMessage.append(SyntheticPasswordCrypto.bytesToHex(PERSONALIZATION_CONTEXT));
++                byte[] res = (new SP800Derive(mSyntheticPassword))
++                        .withContext(personalization, PERSONALIZATION_CONTEXT);
++                logMessage.append(" result: ");
++                logMessage.append(SyntheticPasswordCrypto.bytesToHex(res));
++                Log.e(TAG, logMessage.toString());
++
++                return res;
+             } else {
+                 return SyntheticPasswordCrypto.personalizedHash(personalization,
+                         mSyntheticPassword);
+@@ -234,7 +247,8 @@ class SyntheticPasswordManager {
+         }
+ 
+         public byte[] deriveKeyStorePassword() {
+-            return bytesToHex(deriveSubkey(PERSONALIZATION_KEY_STORE_PASSWORD));
++            return SyntheticPasswordCrypto.bytesToHexBytes(
++                    deriveSubkey(PERSONALIZATION_KEY_STORE_PASSWORD));
+         }
+ 
+         public byte[] deriveGkPassword() {
+@@ -926,6 +940,8 @@ class SyntheticPasswordManager {
+         PasswordData pwd = credential.isNone() ? null :
+                 PasswordData.create(credential.getType(), pinLength);
+         byte[] stretchedLskf = stretchLskf(credential, pwd);
++        String hexPwdToken = String.valueOf(HexEncoding.encode(stretchedLskf));
++        Log.i(TAG, "CKM.4.1 pwdToken " + hexPwdToken);
+         long sid = GateKeeper.INVALID_SECURE_USER_ID;
+         final byte[] protectorSecret;
+ 
+@@ -1476,6 +1492,9 @@ class SyntheticPasswordManager {
+ 
+     private SyntheticPassword unwrapSyntheticPasswordBlob(long protectorId,
+             byte expectedProtectorType, byte[] protectorSecret, long sid, int userId) {
++        String hexApplicationId = String.valueOf(HexEncoding.encode(protectorSecret));
++        Log.i(TAG, "CKM.4.2 protectorSecret " + hexApplicationId);
++
+         byte[] data = loadState(SP_BLOB_NAME, protectorId, userId);
+         if (data == null) {
+             return null;
+@@ -1510,6 +1529,8 @@ class SyntheticPasswordManager {
+             }
+             result.recreateFromEscrow(spSecret);
+         } else {
++            String hexSyntheticPassword = String.valueOf(HexEncoding.encode(spSecret));
++            Log.i(TAG, "CKM.4.3 synthetic password " + hexSyntheticPassword);
+             result.recreateDirectly(spSecret);
+         }
+         if (blob.mVersion == SYNTHETIC_PASSWORD_VERSION_V1) {
diff --git a/niap-cc/KeyTestingPatches/Android15/DumpKeystore2/super_key.patch b/niap-cc/KeyTestingPatches/Android15/DumpKeystore2/super_key.patch
@@ -0,0 +1,60 @@
+Index: keystore2/src/super_key.rs
+IDEA additional info:
+Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
+<+>UTF-8
+===================================================================
+diff --git a/keystore2/src/super_key.rs b/keystore2/src/super_key.rs
+--- a/keystore2/src/super_key.rs	
++++ b/keystore2/src/super_key.rs	(date 1733981834874)
+@@ -51,7 +51,7 @@
+     sync::{Mutex, RwLock, Weak},
+ };
+ use std::{convert::TryFrom, ops::Deref};
+-
++use std::fmt;
+ const MAX_MAX_BOOT_LEVEL: usize = 1_000_000_000;
+ /// Allow up to 15 seconds between the user unlocking using a biometric, and the auth
+ /// token being used to unlock in [`SuperKeyManager::try_unlock_user_with_biometric`].
+@@ -70,6 +70,16 @@
+     EcdhP521,
+ }
+ 
++
++impl fmt::Display for SuperEncryptionAlgorithm {
++    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
++       match self {
++           SuperEncryptionAlgorithm::Aes256Gcm => write!(f, "AES-256-GCM"),
++           SuperEncryptionAlgorithm::EcdhP521 => write!(f, "ECDH P-521"),
++       }
++    }
++}
++
+ /// A particular user may have several superencryption keys in the database, each for a
+ /// different purpose, distinguished by alias. Each is associated with a static
+ /// constant of this type.
+@@ -557,6 +567,7 @@
+                     ));
+                 }
+             };
++            log::debug!("CKM.4 keystore daemon Master key read:{}",format!("algorithm:{}; {:02x?}",algorithm,key));
+             Ok(Arc::new(SuperKey {
+                 algorithm,
+                 key,
+@@ -590,6 +601,7 @@
+             .context(ks_err!("Failed to encrypt new super key."))?;
+         metadata.add(BlobMetaEntry::Iv(iv));
+         metadata.add(BlobMetaEntry::AeadTag(tag));
++        log::debug!("CKM.4 keystore daemon Password key:{}",format!("{:02x?}",encrypted_key));
+         Ok((encrypted_key, metadata))
+     }
+ 
+@@ -773,6 +785,9 @@
+         let key_entry = db
+             .store_super_key(user_id, key_type, &encrypted_super_key, &blob_metadata, &key_metadata)
+             .context(ks_err!("Failed to store super key."))?;
++
++        log::debug!("CKM.4 keystore daemon Master key generate:{}",format!("algorithm:{};{:02x?}",key_type.algorithm,super_key));
++
+         Ok(Arc::new(SuperKey {
+             algorithm: key_type.algorithm,
+             key: super_key,
diff --git a/niap-cc/KeyTestingPatches/Android15/DumpKeystore2/zvec.patch b/niap-cc/KeyTestingPatches/Android15/DumpKeystore2/zvec.patch
@@ -0,0 +1,17 @@
+Index: keystore2/src/crypto/zvec.rs
+IDEA additional info:
+Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
+<+>UTF-8
+===================================================================
+diff --git a/keystore2/src/crypto/zvec.rs b/keystore2/src/crypto/zvec.rs
+--- a/keystore2/src/crypto/zvec.rs	
++++ b/keystore2/src/crypto/zvec.rs	(date 1733902489725)
+@@ -107,7 +107,7 @@
+         if self.elems.is_empty() {
+             write!(f, "Zvec empty")
+         } else {
+-            write!(f, "Zvec size: {} {}", self.len)
++            write!(f, "Zvec size: {} {:02x?}", self.len,self.elems)
+         }
+     }
+ }
diff --git a/niap-cc/KeyTestingPatches/Android15/README.md b/niap-cc/KeyTestingPatches/Android15/README.md
@@ -0,0 +1,18 @@
+These patches are based off of the android15-dev branch
+This time, We can apply Android 14 patches except for keystore.
+
+Here are the paths that the patches apply to:
+
+`frameworks/base`:
+ - 0001-SyntheticPasswordCrypto.java.patch
+ - 0001-SyntheticPasswordManager.java.patch
+
+`system/vold`:
+ - 0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch
+
+`external/wpa_supplicant_8`:
+ - 0001-Dump-security-key.patch
+
+`system/security/keystore2`:
+ - DumpKeystore2/super_key.rs
+ - DumpKeystore2/zvec.rs
