1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 * 16 */ 17 18 #ifndef SOFT_GATEKEEPER_H_ 19 #define SOFT_GATEKEEPER_H_ 20 21 extern "C" { 22 #include <openssl/rand.h> 23 #include <openssl/sha.h> 24 25 #include <crypto_scrypt.h> 26 } 27 28 #include <android-base/memory.h> 29 #include <gatekeeper/gatekeeper.h> 30 31 #include <iostream> 32 #include <unordered_map> 33 #include <memory> 34 35 namespace gatekeeper { 36 37 struct fast_hash_t { 38 uint64_t salt; 39 uint8_t digest[SHA256_DIGEST_LENGTH]; 40 }; 41 42 class SoftGateKeeper : public GateKeeper { 43 public: 44 static const uint32_t SIGNATURE_LENGTH_BYTES = 32; 45 46 // scrypt params 47 static const uint64_t N = 16384; 48 static const uint32_t r = 8; 49 static const uint32_t p = 1; 50 51 static const int MAX_UINT_32_CHARS = 11; 52 53 SoftGateKeeper() { 54 key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]); 55 memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES); 56 } 57 58 virtual ~SoftGateKeeper() { 59 } 60 61 virtual bool GetAuthTokenKey(const uint8_t **auth_token_key, 62 uint32_t *length) const { 63 if (auth_token_key == NULL || length == NULL) return false; 64 uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES]; 65 memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES); 66 67 *auth_token_key = auth_token_key_copy; 68 *length = SIGNATURE_LENGTH_BYTES; 69 return true; 70 } 71 72 virtual void GetPasswordKey(const uint8_t **password_key, uint32_t *length) { 73 if (password_key == NULL || length == NULL) return; 74 uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES]; 75 memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES); 76 77 *password_key = password_key_copy; 78 *length = SIGNATURE_LENGTH_BYTES; 79 } 80 81 virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length, 82 const uint8_t *, uint32_t, const uint8_t *password, 83 uint32_t password_length, salt_t salt) const { 84 if (signature == NULL) return; 85 crypto_scrypt(password, password_length, reinterpret_cast<uint8_t *>(&salt), 86 sizeof(salt), N, r, p, signature, signature_length); 87 } 88 89 virtual void GetRandom(void *random, uint32_t requested_length) const { 90 if (random == NULL) return; 91 RAND_pseudo_bytes((uint8_t *) random, requested_length); 92 } 93 94 virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length, 95 const uint8_t *, uint32_t, const uint8_t *, const uint32_t) const { 96 if (signature == NULL) return; 97 memset(signature, 0, signature_length); 98 } 99 100 virtual uint64_t GetMillisecondsSinceBoot() const { 101 struct timespec time; 102 int res = clock_gettime(CLOCK_BOOTTIME, &time); 103 if (res < 0) return 0; 104 return (time.tv_sec * 1000) + (time.tv_nsec / 1000 / 1000); 105 } 106 107 virtual bool IsHardwareBacked() const { 108 return false; 109 } 110 111 virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record, 112 bool /* secure */) { 113 failure_record_t *stored = &failure_map_[uid]; 114 if (user_id != stored->secure_user_id) { 115 stored->secure_user_id = user_id; 116 stored->last_checked_timestamp = 0; 117 stored->failure_counter = 0; 118 } 119 memcpy(record, stored, sizeof(*record)); 120 return true; 121 } 122 123 virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool /* secure */) { 124 failure_record_t *stored = &failure_map_[uid]; 125 stored->secure_user_id = user_id; 126 stored->last_checked_timestamp = 0; 127 stored->failure_counter = 0; 128 return true; 129 } 130 131 virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool /* secure */) { 132 failure_map_[uid] = *record; 133 return true; 134 } 135 136 fast_hash_t ComputeFastHash(const SizedBuffer &password, uint64_t salt) { 137 fast_hash_t fast_hash; 138 size_t digest_size = password.length + sizeof(salt); 139 std::unique_ptr<uint8_t[]> digest(new uint8_t[digest_size]); 140 memcpy(digest.get(), &salt, sizeof(salt)); 141 memcpy(digest.get() + sizeof(salt), password.buffer.get(), password.length); 142 143 SHA256(digest.get(), digest_size, (uint8_t *) &fast_hash.digest); 144 145 fast_hash.salt = salt; 146 return fast_hash; 147 } 148 149 bool VerifyFast(const fast_hash_t &fast_hash, const SizedBuffer &password) { 150 fast_hash_t computed = ComputeFastHash(password, fast_hash.salt); 151 return memcmp(computed.digest, fast_hash.digest, SHA256_DIGEST_LENGTH) == 0; 152 } 153 154 bool DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password) { 155 uint64_t user_id = android::base::get_unaligned<secure_id_t>(&expected_handle->user_id); 156 FastHashMap::const_iterator it = fast_hash_map_.find(user_id); 157 if (it != fast_hash_map_.end() && VerifyFast(it->second, password)) { 158 return true; 159 } else { 160 if (GateKeeper::DoVerify(expected_handle, password)) { 161 uint64_t salt; 162 GetRandom(&salt, sizeof(salt)); 163 fast_hash_map_[user_id] = ComputeFastHash(password, salt); 164 return true; 165 } 166 } 167 168 return false; 169 } 170 171 private: 172 173 typedef std::unordered_map<uint32_t, failure_record_t> FailureRecordMap; 174 typedef std::unordered_map<uint64_t, fast_hash_t> FastHashMap; 175 176 std::unique_ptr<uint8_t[]> key_; 177 FailureRecordMap failure_map_; 178 FastHashMap fast_hash_map_; 179 }; 180 } 181 182 #endif // SOFT_GATEKEEPER_H_ 183
