1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef TRUSTY_GATEKEEPER_H_ 18 #define TRUSTY_GATEKEEPER_H_ 19 20 #include <stdio.h> 21 22 #include <gatekeeper/gatekeeper.h> 23 24 #define TLOG_TAG "trusty_gatekeeper" 25 #include <trusty_log.h> 26 27 namespace gatekeeper { 28 29 template <typename T> 30 struct FreeDeleter { operatorFreeDeleter31 inline void operator()(T* p) const { 32 free(p); 33 } 34 }; 35 36 struct __attribute__((packed)) mem_failure_record_t { 37 struct failure_record_t failure_record; 38 uint32_t uid; 39 }; 40 41 class TrustyGateKeeper : public GateKeeper { 42 public: 43 TrustyGateKeeper(); 44 45 long OpenSession(); 46 void CloseSession(); 47 48 protected: 49 // See gatekeeper/gatekeeper.h for documentation 50 51 virtual bool GetAuthTokenKey(const uint8_t** auth_token_key, 52 uint32_t* length) const; 53 54 virtual void GetPasswordKey(const uint8_t** password_key, uint32_t* length); 55 56 virtual void ComputePasswordSignature(uint8_t* signature, 57 uint32_t signature_length, 58 const uint8_t* key, 59 uint32_t key_length, 60 const uint8_t* password, 61 uint32_t password_length, 62 salt_t salt) const; 63 64 virtual void GetRandom(void* random, uint32_t requested_size) const; 65 virtual void ComputeSignature(uint8_t* signature, 66 uint32_t signature_length, 67 const uint8_t* key, 68 uint32_t key_length, 69 const uint8_t* message, 70 const uint32_t length) const; 71 virtual uint64_t GetMillisecondsSinceBoot() const; 72 73 virtual bool GetFailureRecord(uint32_t uid, 74 secure_id_t user_id, 75 failure_record_t* record, 76 bool secure); 77 virtual bool WriteFailureRecord(uint32_t uid, 78 failure_record_t* record, 79 bool secure); 80 virtual bool ClearFailureRecord(uint32_t uid, 81 secure_id_t user_id, 82 bool secure); 83 virtual gatekeeper_error_t RemoveUser(uint32_t uid); 84 virtual gatekeeper_error_t RemoveAllUsers(); 85 86 virtual bool IsHardwareBacked() const; 87 88 private: 89 bool SeedRngIfNeeded(); 90 bool ShouldReseedRng(); 91 bool ReseedRng(); 92 93 long DerivePasswordKey(); 94 void ClearPasswordKey(); 95 96 void InitMemoryRecords(); 97 bool GetMemoryRecord(uint32_t uid, secure_id_t user_id, failure_record_t* record); 98 bool WriteMemoryRecord(uint32_t uid, failure_record_t* record); 99 bool GetSecureFailureRecord(uint32_t uid, 100 secure_id_t user_id, 101 failure_record_t* record); 102 bool WriteSecureFailureRecord(uint32_t uid, failure_record_t* record); 103 104 UniquePtr<uint8_t[]> password_key_; 105 bool rng_initialized_; 106 int calls_since_reseed_; 107 108 int num_mem_records_; 109 UniquePtr<mem_failure_record_t[]> mem_records_; 110 111 mutable UniquePtr<uint8_t, FreeDeleter<uint8_t>> 112 cached_auth_token_key_; 113 mutable size_t cached_auth_token_key_len_; 114 }; 115 116 } // namespace gatekeeper 117 118 #endif // TRUSTY_GATEKEEPER_H_ 119