1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef TRUSTY_GATEKEEPER_H_
18 #define TRUSTY_GATEKEEPER_H_
19 
20 #include <stdio.h>
21 
22 #include <gatekeeper/gatekeeper.h>
23 
24 #define TLOG_TAG "trusty_gatekeeper"
25 #include <trusty_log.h>
26 
27 namespace gatekeeper {
28 
29 template <typename T>
30 struct FreeDeleter {
operatorFreeDeleter31     inline void operator()(T* p) const {
32         free(p);
33     }
34 };
35 
36 struct __attribute__((packed)) mem_failure_record_t {
37     struct failure_record_t failure_record;
38     uint32_t uid;
39 };
40 
41 class TrustyGateKeeper : public GateKeeper {
42 public:
43     TrustyGateKeeper();
44 
45     long OpenSession();
46     void CloseSession();
47 
48 protected:
49     // See gatekeeper/gatekeeper.h for documentation
50 
51     virtual bool GetAuthTokenKey(const uint8_t** auth_token_key,
52                                  uint32_t* length) const;
53 
54     virtual void GetPasswordKey(const uint8_t** password_key, uint32_t* length);
55 
56     virtual void ComputePasswordSignature(uint8_t* signature,
57                                           uint32_t signature_length,
58                                           const uint8_t* key,
59                                           uint32_t key_length,
60                                           const uint8_t* password,
61                                           uint32_t password_length,
62                                           salt_t salt) const;
63 
64     virtual void GetRandom(void* random, uint32_t requested_size) const;
65     virtual void ComputeSignature(uint8_t* signature,
66                                   uint32_t signature_length,
67                                   const uint8_t* key,
68                                   uint32_t key_length,
69                                   const uint8_t* message,
70                                   const uint32_t length) const;
71     virtual uint64_t GetMillisecondsSinceBoot() const;
72 
73     virtual bool GetFailureRecord(uint32_t uid,
74                                   secure_id_t user_id,
75                                   failure_record_t* record,
76                                   bool secure);
77     virtual bool WriteFailureRecord(uint32_t uid,
78                                     failure_record_t* record,
79                                     bool secure);
80     virtual bool ClearFailureRecord(uint32_t uid,
81                                     secure_id_t user_id,
82                                     bool secure);
83     virtual gatekeeper_error_t RemoveUser(uint32_t uid);
84     virtual gatekeeper_error_t RemoveAllUsers();
85 
86     virtual bool IsHardwareBacked() const;
87 
88 private:
89     bool SeedRngIfNeeded();
90     bool ShouldReseedRng();
91     bool ReseedRng();
92 
93     long DerivePasswordKey();
94     void ClearPasswordKey();
95 
96     void InitMemoryRecords();
97     bool GetMemoryRecord(uint32_t uid, secure_id_t user_id, failure_record_t* record);
98     bool WriteMemoryRecord(uint32_t uid, failure_record_t* record);
99     bool GetSecureFailureRecord(uint32_t uid,
100                                 secure_id_t user_id,
101                                 failure_record_t* record);
102     bool WriteSecureFailureRecord(uint32_t uid, failure_record_t* record);
103 
104     UniquePtr<uint8_t[]> password_key_;
105     bool rng_initialized_;
106     int calls_since_reseed_;
107 
108     int num_mem_records_;
109     UniquePtr<mem_failure_record_t[]> mem_records_;
110 
111     mutable UniquePtr<uint8_t, FreeDeleter<uint8_t>>
112             cached_auth_token_key_;
113     mutable size_t cached_auth_token_key_len_;
114 };
115 
116 }  // namespace gatekeeper
117 
118 #endif  // TRUSTY_GATEKEEPER_H_
119