Merge "Address IMSI privacy issues."

telephony/java/android/telephony/ImsiEncryptionInfo.aidl

@@ -0,0 +1,19 @@
+/*
+* Copyright (C) 2017 The Android Open Source Project
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*      http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package android.telephony;
+
+parcelable ImsiEncryptionInfo;

telephony/java/android/telephony/ImsiEncryptionInfo.java

@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.telephony;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+import android.util.Log;
+
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+
+/**
+ * Class to represent information sent by the carrier, which will be used to encrypt
+ * the IMSI + IMPI. The ecryption is being done by WLAN, and the modem.
+ *
+ * @hide
+ */
+public final class ImsiEncryptionInfo implements Parcelable {
+
+    private static final String LOG_TAG = "ImsiEncryptionInfo";
+    private static final boolean DBG = false;
+
+
+    private final String mcc;
+    private final String mnc;
+    private final PublicKey publicKey;
+    private final String keyIdentifier;
+    private final int keyType;
+
+    public ImsiEncryptionInfo(String mcc, String mnc, int keyType, String keyIdentifier,
+                              PublicKey publicKey) {
+        this.mcc = mcc;
+        this.mnc = mnc;
+        this.keyType = keyType;
+        this.publicKey = publicKey;
+        this.keyIdentifier = keyIdentifier;
+    }
+
+    public ImsiEncryptionInfo(Parcel in) {
+        int length = in.readInt();
+        byte b[] = new byte[length];
+        in.readByteArray(b);
+        publicKey = makeKeyObject(b);
+        mcc = in.readString();
+        mnc = in.readString();
+        keyIdentifier = in.readString();
+        keyType = in.readInt();
+
+    }
+
+    public String getMnc() {
+        return this.mnc;
+    }
+
+    public String getMcc() {
+        return this.mcc;
+    }
+
+    public String getKeyIdentifier() {
+        return this.keyIdentifier;
+    }
+
+    public int getKeyType() {
+        return this.keyType;
+    }
+
+    public PublicKey getPublicKey() {
+        return this.publicKey;
+    }
+
+    private static PublicKey makeKeyObject(byte[] publicKeyBytes) {
+        try {
+            X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(publicKeyBytes);
+            return KeyFactory.getInstance("RSA").generatePublic(pubKeySpec);
+        } catch (InvalidKeySpecException | NoSuchAlgorithmException ex) {
+            Log.e(LOG_TAG, "Error makeKeyObject: unable to convert into PublicKey", ex);
+        }
+     return null;
+    }
+
+    /** Implement the Parcelable interface */
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    public static final Parcelable.Creator<ImsiEncryptionInfo> CREATOR =
+            new Parcelable.Creator<ImsiEncryptionInfo>() {
+                @Override
+                public ImsiEncryptionInfo createFromParcel(Parcel in) {
+                    return new ImsiEncryptionInfo(in);
+                }
+
+                @Override
+                public ImsiEncryptionInfo[] newArray(int size) {
+                    return new ImsiEncryptionInfo[size];
+                }
+            };
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        byte[] b = publicKey.getEncoded();
+        dest.writeInt(b.length);
+        dest.writeByteArray(b);
+        dest.writeString(mcc);
+        dest.writeString(mnc);
+        dest.writeString(keyIdentifier);
+        dest.writeInt(keyType);
+    }
+
+    @Override
+    public String toString(){
+        return "[ImsiEncryptionInfo "
+                + "mcc=" + mcc
+                + "mnc=" + mnc
+                + "publicKey=" + publicKey
+                + ", keyIdentifier=" + keyIdentifier
+                + ", keyType=" + keyType
+                + "]";
+    }
+}

telephony/java/android/telephony/TelephonyManager.java

@@ -142,6 +142,12 @@ public class TelephonyManager {
     static public final int OTASP_SIM_UNPROVISIONED = 5;
 
 
+    /** @hide */
+    static public final int KEY_TYPE_EPDDG = 1;
+
+    /** @hide */
+    static public final int KEY_TYPE_WLAN = 2;
+
     private final Context mContext;
     private final int mSubId;
     private SubscriptionManager mSubscriptionManager;
@@ -2338,6 +2344,73 @@ public class TelephonyManager {
         }
     }
 
+    /**
+     * Returns Carrier specific information that will be used to encrypt the IMSI and IMPI.
+     * This includes the public key and the key identifier. For multi-sim devices, if no subId
+     * has been specified, we will return the value for the dafault data sim.
+     * Return null if it is unavailable.
+     * <p>
+     * Requires Permission:
+     *   {@link android.Manifest.permission#READ_PHONE_STATE READ_PHONE_STATE}
+     * @param keyType whether the key is being used for wlan or epdg. Valid key types are
+     *        {@link TelephonyManager#KEY_TYPE_EPDDG} or
+     *        {@link TelephonyManager#KEY_TYPE_WLAN}.
+     * @return ImsiEncryptionInfo Carrier specific information that will be used to encrypt the
+     *         IMSI and IMPI. This includes the public key and the key identifier. This information
+     *         will be stored in the device keystore.
+     * @hide
+     */
+    public ImsiEncryptionInfo getCarrierInfoForImsiEncryption(int keyType) {
+        try {
+            IPhoneSubInfo info = getSubscriberInfo();
+            if (info == null) return null;
+            int subId = getSubId(SubscriptionManager.getDefaultDataSubscriptionId());
+            if (keyType != KEY_TYPE_EPDDG && keyType != KEY_TYPE_WLAN) {
+                throw new IllegalArgumentException("Invalid key type");
+            }
+            return info.getCarrierInfoForImsiEncryption(subId, keyType,
+                    mContext.getOpPackageName());
+        } catch (RemoteException ex) {
+            Rlog.e(TAG, "getCarrierInfoForImsiEncryption RemoteException", ex);
+            return null;
+        } catch (NullPointerException ex) {
+            // This could happen before phone restarts due to crashing
+            Rlog.e(TAG, "getCarrierInfoForImsiEncryption NullPointerException", ex);
+            return null;
+        }
+    }
+
+    /**
+     * Sets the Carrier specific information that will be used to encrypt the IMSI and IMPI.
+     * This includes the public key and the key identifier. This information will be stored in the
+     * device keystore.
+     * <p>
+     * Requires Permission:
+     *   {@link android.Manifest.permission#READ_PHONE_STATE READ_PHONE_STATE}
+     * @param imsiEncryptionInfo which includes the Key Type, the Public Key
+     *        (java.security.PublicKey) and the Key Identifier.and the Key Identifier.
+     *        The keyIdentifier Attribute value pair that helps a server locate
+     *        the private key to decrypt the permanent identity. This field is
+     *        optional and if it is present then it’s always separated from encrypted
+     *        permanent identity with “,”. Key identifier AVP is presented in ASCII string
+     *        with “name=value” format.
+     * @hide
+     */
+    public void setCarrierInfoForImsiEncryption(ImsiEncryptionInfo imsiEncryptionInfo) {
+        try {
+            IPhoneSubInfo info = getSubscriberInfo();
+            if (info == null) return;
+            info.setCarrierInfoForImsiEncryption(mSubId, mContext.getOpPackageName(),
+                    imsiEncryptionInfo);
+        } catch (NullPointerException ex) {
+            // This could happen before phone restarts due to crashing
+            return;
+        } catch (RemoteException ex) {
+            Rlog.e(TAG, "setCarrierInfoForImsiEncryption RemoteException", ex);
+            return;
+        }
+    }
+
     /**
      * Returns the Group Identifier Level1 for a GSM phone.
      * Return null if it is unavailable.

telephony/java/com/android/internal/telephony/IPhoneSubInfo.aidl

@@ -16,6 +16,8 @@
 
 package com.android.internal.telephony;
 
+import android.telephony.ImsiEncryptionInfo;
+
 /**
  * Interface used to retrieve various phone-related subscriber information.
  *
@@ -137,6 +139,18 @@ interface IPhoneSubInfo {
      */
     String getCompleteVoiceMailNumberForSubscriber(int subId);
 
+    /**
+     * Retrieves the Carrier information used to encrypt IMSI and IMPI.
+     */
+    ImsiEncryptionInfo getCarrierInfoForImsiEncryption(int subId, int keyType,
+    String callingPackage);
+
+    /**
+     * Stores the Carrier information used to encrypt IMSI and IMPI.
+     */
+    void setCarrierInfoForImsiEncryption(int subId, String callingPackage,
+    in ImsiEncryptionInfo imsiEncryptionInfo);
+
     /**
      * Retrieves the alpha identifier associated with the voice mail number.
      */