Blame - gatekeeperd/SoftGateKeeper.h - android_system_core

blob: e5544114aa8cd26d3b7ee73f2813c5e76a24df06 [file] [log] [blame]

Andres Morales	ae24292	2015-05-18 09:26:19 -0700	[diff] [blame]	1	/*
				2	* Copyright 2015 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*
				16	*/
				17
				18	#ifndef SOFT_GATEKEEPER_H_
				19	#define SOFT_GATEKEEPER_H_
				20
				21	extern "C" {
				22	#include <openssl/rand.h>
				23	#include <crypto_scrypt.h>
				24	}
				25
				26	#include <UniquePtr.h>
				27	#include <gatekeeper/gatekeeper.h>
				28	#include <iostream>
				29	#include <unordered_map>
				30
				31	namespace gatekeeper {
				32
				33
				34	class SoftGateKeeper : public GateKeeper {
				35	public:
				36	static const uint32_t SIGNATURE_LENGTH_BYTES = 32;
				37
				38	// scrypt params
				39	static const uint64_t N = 16384;
				40	static const uint32_t r = 8;
				41	static const uint32_t p = 1;
				42
				43	static const int MAX_UINT_32_CHARS = 11;
				44
				45	SoftGateKeeper() {
				46	key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]);
				47	memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES);
				48	}
				49
				50	virtual ~SoftGateKeeper() {
				51	}
				52
				53	virtual bool GetAuthTokenKey(const uint8_t **auth_token_key,
				54	uint32_t *length) const {
				55	if (auth_token_key == NULL \|\| length == NULL) return false;
Andres Morales	e1f827f	2015-06-01 09:59:05 -0700	[diff] [blame]	56	uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
				57	memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
				58
				59	*auth_token_key = auth_token_key_copy;
Andres Morales	ae24292	2015-05-18 09:26:19 -0700	[diff] [blame]	60	*length = SIGNATURE_LENGTH_BYTES;
				61	return true;
				62	}
				63
				64	virtual void GetPasswordKey(const uint8_t *password_key, uint32_t length) {
				65	if (password_key == NULL \|\| length == NULL) return;
Andres Morales	e1f827f	2015-06-01 09:59:05 -0700	[diff] [blame]	66	uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
				67	memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
				68
				69	*password_key = password_key_copy;
Andres Morales	ae24292	2015-05-18 09:26:19 -0700	[diff] [blame]	70	*length = SIGNATURE_LENGTH_BYTES;
				71	}
				72
				73	virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length,
				74	const uint8_t , uint32_t, const uint8_t password,
				75	uint32_t password_length, salt_t salt) const {
				76	if (signature == NULL) return;
				77	crypto_scrypt(password, password_length, reinterpret_cast<uint8_t *>(&salt),
				78	sizeof(salt), N, r, p, signature, signature_length);
				79	}
				80
				81	virtual void GetRandom(void *random, uint32_t requested_length) const {
				82	if (random == NULL) return;
				83	RAND_pseudo_bytes((uint8_t *) random, requested_length);
				84	}
				85
				86	virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length,
				87	const uint8_t , uint32_t, const uint8_t , const uint32_t) const {
				88	if (signature == NULL) return;
				89	memset(signature, 0, signature_length);
				90	}
				91
				92	virtual uint64_t GetMillisecondsSinceBoot() const {
				93	struct timespec time;
				94	int res = clock_gettime(CLOCK_BOOTTIME, &time);
				95	if (res < 0) return 0;
				96	return (time.tv_sec * 1000) + (time.tv_nsec / 1000 / 1000);
				97	}
				98
				99	virtual bool IsHardwareBacked() const {
				100	return false;
				101	}
				102
Andres Morales	e1f827f	2015-06-01 09:59:05 -0700	[diff] [blame]	103	virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record,
				104	bool /* secure */) {
Andres Morales	ae24292	2015-05-18 09:26:19 -0700	[diff] [blame]	105	failure_record_t *stored = &failure_map_[uid];
				106	if (user_id != stored->secure_user_id) {
				107	stored->secure_user_id = user_id;
				108	stored->last_checked_timestamp = 0;
				109	stored->failure_counter = 0;
				110	}
				111	memcpy(record, stored, sizeof(*record));
				112	return true;
				113	}
				114
Andres Morales	e1f827f	2015-06-01 09:59:05 -0700	[diff] [blame]	115	virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool /* secure */) {
Andres Morales	ae24292	2015-05-18 09:26:19 -0700	[diff] [blame]	116	failure_record_t *stored = &failure_map_[uid];
				117	stored->secure_user_id = user_id;
				118	stored->last_checked_timestamp = 0;
				119	stored->failure_counter = 0;
Andres Morales	e1f827f	2015-06-01 09:59:05 -0700	[diff] [blame]	120	return true;
Andres Morales	ae24292	2015-05-18 09:26:19 -0700	[diff] [blame]	121	}
				122
Andres Morales	e1f827f	2015-06-01 09:59:05 -0700	[diff] [blame]	123	virtual bool WriteFailureRecord(uint32_t uid, failure_record_t record, bool / secure */) {
Andres Morales	ae24292	2015-05-18 09:26:19 -0700	[diff] [blame]	124	failure_map_[uid] = *record;
				125	return true;
				126	}
				127
				128	private:
Andres Morales	e1f827f	2015-06-01 09:59:05 -0700	[diff] [blame]	129	UniquePtr<uint8_t[]> key_;
Andres Morales	ae24292	2015-05-18 09:26:19 -0700	[diff] [blame]	130	std::unordered_map<uint32_t, failure_record_t> failure_map_;
				131	};
				132	}
				133
				134	#endif // SOFT_GATEKEEPER_H_
				135