Home | History | Annotate | Download | only in gatekeeperd
      1 /*
      2  * Copyright 2015 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  *
     16  */
     17 
     18 #ifndef SOFT_GATEKEEPER_H_
     19 #define SOFT_GATEKEEPER_H_
     20 
     21 extern "C" {
     22 #include <openssl/rand.h>
     23 #include <openssl/sha.h>
     24 
     25 #include <crypto_scrypt.h>
     26 }
     27 
     28 #include <android-base/memory.h>
     29 #include <UniquePtr.h>
     30 #include <gatekeeper/gatekeeper.h>
     31 
     32 #include <iostream>
     33 #include <unordered_map>
     34 
     35 namespace gatekeeper {
     36 
     37 struct fast_hash_t {
     38     uint64_t salt;
     39     uint8_t digest[SHA256_DIGEST_LENGTH];
     40 };
     41 
     42 class SoftGateKeeper : public GateKeeper {
     43 public:
     44     static const uint32_t SIGNATURE_LENGTH_BYTES = 32;
     45 
     46     // scrypt params
     47     static const uint64_t N = 16384;
     48     static const uint32_t r = 8;
     49     static const uint32_t p = 1;
     50 
     51     static const int MAX_UINT_32_CHARS = 11;
     52 
     53     SoftGateKeeper() {
     54         key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]);
     55         memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES);
     56     }
     57 
     58     virtual ~SoftGateKeeper() {
     59     }
     60 
     61     virtual bool GetAuthTokenKey(const uint8_t **auth_token_key,
     62             uint32_t *length) const {
     63         if (auth_token_key == NULL || length == NULL) return false;
     64         uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
     65         memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
     66 
     67         *auth_token_key = auth_token_key_copy;
     68         *length = SIGNATURE_LENGTH_BYTES;
     69         return true;
     70     }
     71 
     72     virtual void GetPasswordKey(const uint8_t **password_key, uint32_t *length) {
     73         if (password_key == NULL || length == NULL) return;
     74         uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
     75         memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
     76 
     77         *password_key = password_key_copy;
     78         *length = SIGNATURE_LENGTH_BYTES;
     79     }
     80 
     81     virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length,
     82             const uint8_t *, uint32_t, const uint8_t *password,
     83             uint32_t password_length, salt_t salt) const {
     84         if (signature == NULL) return;
     85         crypto_scrypt(password, password_length, reinterpret_cast<uint8_t *>(&salt),
     86                 sizeof(salt), N, r, p, signature, signature_length);
     87     }
     88 
     89     virtual void GetRandom(void *random, uint32_t requested_length) const {
     90         if (random == NULL) return;
     91         RAND_pseudo_bytes((uint8_t *) random, requested_length);
     92     }
     93 
     94     virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length,
     95             const uint8_t *, uint32_t, const uint8_t *, const uint32_t) const {
     96         if (signature == NULL) return;
     97         memset(signature, 0, signature_length);
     98     }
     99 
    100     virtual uint64_t GetMillisecondsSinceBoot() const {
    101         struct timespec time;
    102         int res = clock_gettime(CLOCK_BOOTTIME, &time);
    103         if (res < 0) return 0;
    104         return (time.tv_sec * 1000) + (time.tv_nsec / 1000 / 1000);
    105     }
    106 
    107     virtual bool IsHardwareBacked() const {
    108         return false;
    109     }
    110 
    111     virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record,
    112             bool /* secure */) {
    113         failure_record_t *stored = &failure_map_[uid];
    114         if (user_id != stored->secure_user_id) {
    115             stored->secure_user_id = user_id;
    116             stored->last_checked_timestamp = 0;
    117             stored->failure_counter = 0;
    118         }
    119         memcpy(record, stored, sizeof(*record));
    120         return true;
    121     }
    122 
    123     virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool /* secure */) {
    124         failure_record_t *stored = &failure_map_[uid];
    125         stored->secure_user_id = user_id;
    126         stored->last_checked_timestamp = 0;
    127         stored->failure_counter = 0;
    128         return true;
    129     }
    130 
    131     virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool /* secure */) {
    132         failure_map_[uid] = *record;
    133         return true;
    134     }
    135 
    136     fast_hash_t ComputeFastHash(const SizedBuffer &password, uint64_t salt) {
    137         fast_hash_t fast_hash;
    138         size_t digest_size = password.length + sizeof(salt);
    139         std::unique_ptr<uint8_t[]> digest(new uint8_t[digest_size]);
    140         memcpy(digest.get(), &salt, sizeof(salt));
    141         memcpy(digest.get() + sizeof(salt), password.buffer.get(), password.length);
    142 
    143         SHA256(digest.get(), digest_size, (uint8_t *) &fast_hash.digest);
    144 
    145         fast_hash.salt = salt;
    146         return fast_hash;
    147     }
    148 
    149     bool VerifyFast(const fast_hash_t &fast_hash, const SizedBuffer &password) {
    150         fast_hash_t computed = ComputeFastHash(password, fast_hash.salt);
    151         return memcmp(computed.digest, fast_hash.digest, SHA256_DIGEST_LENGTH) == 0;
    152     }
    153 
    154     bool DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password) {
    155         uint64_t user_id = android::base::get_unaligned(&expected_handle->user_id);
    156         FastHashMap::const_iterator it = fast_hash_map_.find(user_id);
    157         if (it != fast_hash_map_.end() && VerifyFast(it->second, password)) {
    158             return true;
    159         } else {
    160             if (GateKeeper::DoVerify(expected_handle, password)) {
    161                 uint64_t salt;
    162                 GetRandom(&salt, sizeof(salt));
    163                 fast_hash_map_[user_id] = ComputeFastHash(password, salt);
    164                 return true;
    165             }
    166         }
    167 
    168         return false;
    169     }
    170 
    171 private:
    172 
    173     typedef std::unordered_map<uint32_t, failure_record_t> FailureRecordMap;
    174     typedef std::unordered_map<uint64_t, fast_hash_t> FastHashMap;
    175 
    176     UniquePtr<uint8_t[]> key_;
    177     FailureRecordMap failure_map_;
    178     FastHashMap fast_hash_map_;
    179 };
    180 }
    181 
    182 #endif // SOFT_GATEKEEPER_H_
    183