diff --git a/niap-cc/KeyTestingPatches/Android14/0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch b/niap-cc/KeyTestingPatches/Android14/0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch new file mode 100644 index 00000000..6560189a --- /dev/null +++ b/niap-cc/KeyTestingPatches/Android14/0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch @@ -0,0 +1,31 @@ +From 55091e8d469bae3afbef58cfb33c50aa73861f26 Mon Sep 17 00:00:00 2001 +From: Paul Crowley +Date: Thu, 18 Aug 2022 22:33:22 -0700 +Subject: [PATCH] DO NOT SUBMIT log disk encryption keys + +Bug: 121287968 +Test: DO NOT SUBMIT +Change-Id: Ifc6f72b40dfe8c6edc5e9d9372ef670b9b3455ae +--- + KeyStorage.cpp | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/KeyStorage.cpp b/KeyStorage.cpp +index 3ede67e..24b309b 100644 +--- a/KeyStorage.cpp ++++ b/KeyStorage.cpp +@@ -655,6 +655,12 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe + return false; + } + } ++ ++ KeyBuffer hexKey; ++ StrToHex(*key, hexKey); ++ hexKey.push_back('\0'); ++ LOG(DEBUG) << "DO NOT SUBMIT log of key in " << dir << " " << hexKey.data(); ++ + return true; + } + +-- +2.37.1.595.g718a3a8f04-goog diff --git a/niap-cc/KeyTestingPatches/Android14/0001-Dump-master-key-when-generated-and-read.patch b/niap-cc/KeyTestingPatches/Android14/0001-Dump-master-key-when-generated-and-read.patch new file mode 100644 index 00000000..e5e0d8e9 --- /dev/null +++ b/niap-cc/KeyTestingPatches/Android14/0001-Dump-master-key-when-generated-and-read.patch @@ -0,0 +1,72 @@ +From c8c40e55019a2b88fd4811ab1ffb1f40b620f96e Mon Sep 17 00:00:00 2001 +From: Branden Archer +Date: Thu, 11 Jul 2019 08:42:51 -0700 +Subject: [PATCH] Dump master key when generated and read + +Test: manual +Change-Id: Ic0e09e6299be173d885c7f543b0eeb1342dff0df +--- + keystore/user_state.cpp | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/keystore/user_state.cpp b/keystore/user_state.cpp +index 30dfe3c..2b88580 100644 +--- a/keystore/user_state.cpp ++++ b/keystore/user_state.cpp +@@ -20,6 +20,8 @@ + + #include + #include ++#include ++#include + #include + #include + #include +@@ -148,6 +150,18 @@ ResponseCode UserState::writeMasterKey(const android::String8& pw) { + return lockedEntry.writeBlobs(masterKeyBlob, {}, passwordKey, STATE_NO_ERROR); + } + ++static std::string hexEncode(const std::vector& input) { ++ std::stringstream hexStream; ++ for (std::vector::const_iterator it = input.begin(); it != input.end(); ++it) { ++ char raw[20] = {0}; ++ snprintf(raw, sizeof(raw), "%02x", *it); ++ hexStream << raw; ++ } ++ std::string result; ++ hexStream >> result; ++ return result; ++} ++ + ResponseCode UserState::readMasterKey(const android::String8& pw) { + + auto lockedEntry = LockedKeyBlobEntry::get(mMasterKeyEntry); +@@ -200,6 +214,8 @@ ResponseCode UserState::readMasterKey(const android::String8& pw) { + if (response == ResponseCode::NO_ERROR) { + mMasterKey = std::vector(masterKeyBlob.getValue(), + masterKeyBlob.getValue() + masterKeyBlob.getLength()); ++ std::string hexKeyBlob = hexEncode(mMasterKey); ++ ALOGI("CKM.4 keystore daemon Master key read: %s %lu", hexKeyBlob.c_str(), mMasterKey.size()); + + setupMasterKeys(); + } +@@ -255,6 +271,8 @@ void UserState::generateKeyFromPassword(std::vector& key, const android + + PKCS5_PBKDF2_HMAC(reinterpret_cast(pw.string()), pw.length(), salt, saltSize, 8192, + digest, key.size(), key.data()); ++ std::string hexKey = hexEncode(key); ++ ALOGI("CKM.4 keystore daemon Password key: %s", hexKey.c_str()); + } + + bool UserState::generateSalt() { +@@ -269,6 +287,8 @@ bool UserState::generateMasterKey() { + if (!generateSalt()) { + return false; + } ++ std::string hexKey = hexEncode(mMasterKey); ++ ALOGI("CKM.4 keystore daemon Master key generate: %s %lu", hexKey.c_str(), mMasterKey.size()); + return true; + } + +-- +2.28.0.163.g6104cc2f0b6-goog diff --git a/niap-cc/KeyTestingPatches/Android14/0001-Dump-security-key.patch b/niap-cc/KeyTestingPatches/Android14/0001-Dump-security-key.patch new file mode 100644 index 00000000..b3d3dfc6 --- /dev/null +++ b/niap-cc/KeyTestingPatches/Android14/0001-Dump-security-key.patch @@ -0,0 +1,29 @@ +From 5bfeb985b2eacef0e37f4d6286ede353d9f4fb30 Mon Sep 17 00:00:00 2001 +From: Sunil Ravi +Date: Sun, 10 Mar 2019 12:49:53 -0700 +Subject: [PATCH] Dump security key + +Dump security keys from supplicant + +Bug: 123907624 +Test: Regression test +Change-Id: I77254d92077d20d6a9520d7cf9f55eecbb2853f6 +--- + src/utils/wpa_debug.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/utils/wpa_debug.c b/src/utils/wpa_debug.c +index a338a20..919dc8a 100644 +--- a/src/utils/wpa_debug.c ++++ b/src/utils/wpa_debug.c +@@ -390,7 +390,7 @@ void wpa_hexdump(int level, const char *title, const void *buf, size_t len) + + void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len) + { +- _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys, 0); ++ _wpa_hexdump(level, title, buf, len, 1/* wpa_debug_show_keys */, 0); + } + + +-- +2.28.0.236.gb10cc79966-goog diff --git a/niap-cc/KeyTestingPatches/Android14/0001-SyntheticPasswordCrypto.java.patch b/niap-cc/KeyTestingPatches/Android14/0001-SyntheticPasswordCrypto.java.patch new file mode 100644 index 00000000..9d57a407 --- /dev/null +++ b/niap-cc/KeyTestingPatches/Android14/0001-SyntheticPasswordCrypto.java.patch @@ -0,0 +1,82 @@ +--- SyntheticPasswordCrypto.java 2023-10-02 05:35:22.189541116 +0000 ++++ SyntheticPasswordCrypto.java.patched 2023-09-29 02:57:08.030762456 +0000 +@@ -23,11 +23,13 @@ import android.security.keystore2.Androi + import android.system.keystore2.Domain; + import android.system.keystore2.KeyDescriptor; + import android.text.TextUtils; ++import android.util.Log; + import android.util.Slog; + + import com.android.internal.util.ArrayUtils; + + import java.io.IOException; ++import java.io.UnsupportedEncodingException; + import java.security.InvalidAlgorithmParameterException; + import java.security.InvalidKeyException; + import java.security.KeyStore; +@@ -253,6 +255,8 @@ class SyntheticPasswordCrypto { + + protected static byte[] personalizedHash(byte[] personalization, byte[]... message) { + try { ++ StringBuilder logMessage = new StringBuilder(); ++ logMessage.append("DO NOT SUBMIT personalizedHash"); + final int PADDING_LENGTH = 128; + MessageDigest digest = MessageDigest.getInstance("SHA-512"); + if (personalization.length > PADDING_LENGTH) { +@@ -260,16 +264,55 @@ class SyntheticPasswordCrypto { + } + // Personalize the hash + // Pad it to the block size of the hash function ++ logMessage.append(" personalization: "); ++ logMessage.append(new String(personalization, "UTF-8")); + personalization = Arrays.copyOf(personalization, PADDING_LENGTH); + digest.update(personalization); ++ logMessage.append(" message: ["); + for (byte[] data : message) { ++ logMessage.append(" "); ++ logMessage.append(bytesToHex(data)); + digest.update(data); + } +- return digest.digest(); ++ logMessage.append(" ]"); ++ byte[] res = digest.digest(); ++ logMessage.append(" digest: "); ++ logMessage.append(bytesToHex(res)); ++ Log.e(TAG, logMessage.toString()); ++ return res; + } catch (NoSuchAlgorithmException e) { + throw new IllegalStateException("NoSuchAlgorithmException for SHA-512", e); ++ } catch (UnsupportedEncodingException e) { ++ throw new IllegalStateException("Unable to represent bytes as UTF-8", e); + } + } ++ /** ++ * Uppercase hex string for byte array ++ */ ++ public static String bytesToHex(byte[] bytes) { ++ try { ++ return new String(bytesToHexBytes(bytes), "UTF-8"); ++ } catch (UnsupportedEncodingException e) { ++ throw new RuntimeException(e); ++ } ++ } ++ ++ protected static final byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes(); ++ /** ++ * Converts bytes to hex. ++ */ ++ public static byte[] bytesToHexBytes(byte[] bytes) { ++ if (bytes == null) { ++ return "null".getBytes(); ++ } ++ byte[] hexBytes = new byte[bytes.length * 2]; ++ for (int j = 0; j < bytes.length; j++) { ++ int v = bytes[j] & 0xFF; ++ hexBytes[j * 2] = HEX_ARRAY[v >>> 4]; ++ hexBytes[j * 2 + 1] = HEX_ARRAY[v & 0x0F]; ++ } ++ return hexBytes; ++ } + + static boolean migrateLockSettingsKey(String alias) { + final KeyDescriptor legacyKey = new KeyDescriptor(); diff --git a/niap-cc/KeyTestingPatches/Android14/0001-SyntheticPasswordManager.java.patch b/niap-cc/KeyTestingPatches/Android14/0001-SyntheticPasswordManager.java.patch new file mode 100644 index 00000000..c93fa505 --- /dev/null +++ b/niap-cc/KeyTestingPatches/Android14/0001-SyntheticPasswordManager.java.patch @@ -0,0 +1,71 @@ +--- SyntheticPasswordManager.java 2023-10-02 05:35:22.189541116 +0000 ++++ SyntheticPasswordManager.java.patched 2023-09-29 02:55:56.394865625 +0000 +@@ -44,6 +44,7 @@ import android.service.gatekeeper.IGateK + import android.text.TextUtils; + import android.util.ArrayMap; + import android.util.ArraySet; ++import android.util.Log; + import android.util.Slog; + + import com.android.internal.annotations.VisibleForTesting; +@@ -225,8 +226,20 @@ class SyntheticPasswordManager { + */ + private byte[] deriveSubkey(byte[] personalization) { + if (mVersion == SYNTHETIC_PASSWORD_VERSION_V3) { +- return (new SP800Derive(mSyntheticPassword)) +- .withContext(personalization, PERSONALIZATION_CONTEXT); ++ ++ StringBuilder logMessage = new StringBuilder(); ++ logMessage.append("DO NOT SUBMIT derivePassword"); ++ logMessage.append(" personalization: "); ++ logMessage.append(SyntheticPasswordCrypto.bytesToHex(personalization)); ++ logMessage.append(" context: "); ++ logMessage.append(SyntheticPasswordCrypto.bytesToHex(PERSONALIZATION_CONTEXT)); ++ byte[] res = (new SP800Derive(mSyntheticPassword)) ++ .withContext(personalization, PERSONALIZATION_CONTEXT); ++ logMessage.append(" result: "); ++ logMessage.append(SyntheticPasswordCrypto.bytesToHex(res)); ++ Log.e(TAG, logMessage.toString()); ++ ++ return res; + } else { + return SyntheticPasswordCrypto.personalizedHash(personalization, + mSyntheticPassword); +@@ -234,7 +247,8 @@ class SyntheticPasswordManager { + } + + public byte[] deriveKeyStorePassword() { +- return bytesToHex(deriveSubkey(PERSONALIZATION_KEY_STORE_PASSWORD)); ++ return SyntheticPasswordCrypto.bytesToHexBytes( ++ deriveSubkey(PERSONALIZATION_KEY_STORE_PASSWORD)); + } + + public byte[] deriveGkPassword() { +@@ -926,6 +940,8 @@ class SyntheticPasswordManager { + PasswordData pwd = credential.isNone() ? null : + PasswordData.create(credential.getType(), pinLength); + byte[] stretchedLskf = stretchLskf(credential, pwd); ++ String hexPwdToken = String.valueOf(HexEncoding.encode(stretchedLskf)); ++ Log.i(TAG, "CKM.4.1 pwdToken " + hexPwdToken); + long sid = GateKeeper.INVALID_SECURE_USER_ID; + final byte[] protectorSecret; + +@@ -1476,6 +1492,9 @@ class SyntheticPasswordManager { + + private SyntheticPassword unwrapSyntheticPasswordBlob(long protectorId, + byte expectedProtectorType, byte[] protectorSecret, long sid, int userId) { ++ String hexApplicationId = String.valueOf(HexEncoding.encode(protectorSecret)); ++ Log.i(TAG, "CKM.4.2 protectorSecret " + hexApplicationId); ++ + byte[] data = loadState(SP_BLOB_NAME, protectorId, userId); + if (data == null) { + return null; +@@ -1510,6 +1529,8 @@ class SyntheticPasswordManager { + } + result.recreateFromEscrow(spSecret); + } else { ++ String hexSyntheticPassword = String.valueOf(HexEncoding.encode(spSecret)); ++ Log.i(TAG, "CKM.4.3 synthetic password " + hexSyntheticPassword); + result.recreateDirectly(spSecret); + } + if (blob.mVersion == SYNTHETIC_PASSWORD_VERSION_V1) { diff --git a/niap-cc/KeyTestingPatches/Android14/README.md b/niap-cc/KeyTestingPatches/Android14/README.md new file mode 100644 index 00000000..a2d679f1 --- /dev/null +++ b/niap-cc/KeyTestingPatches/Android14/README.md @@ -0,0 +1,18 @@ +These patches are based off of the android14-dev branch +at this revision of `platform/manifest`: +0c5badf0612adf69a92757c743c0bef1be63f67d + +Here are the paths that the patches apply to: + +`frameworks/base`: + - 0001-SyntheticPasswordCrypto.java.patch + - 0001-SyntheticPasswordManager.java.patch + +`system/vold`: + - 0001-DO-NOT-SUBMIT-log-disk-encryption-keys.patch + +`system/security`: + - 0001-Dump-master-key-when-generated-and-read.patch + +`external/wpa_supplicant_8`: + - 0001-Dump-security-key.patch