1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "hwservicemanager"
18
19 #include "TokenManager.h"
20
21 #include <fcntl.h>
22
23 #include <hwbinder/IPCThreadState.h>
24 #include <log/log.h>
25 #include <openssl/hmac.h>
26 #include <openssl/rand.h>
27 #include <functional>
28
29 namespace android {
30 namespace hidl {
31 namespace token {
32 namespace V1_0 {
33 namespace implementation {
34
ReadRandomBytes(uint8_t * buf,size_t len)35 static void ReadRandomBytes(uint8_t *buf, size_t len) {
36 int fd = TEMP_FAILURE_RETRY(open("/dev/urandom", O_RDONLY | O_CLOEXEC | O_NOFOLLOW));
37 if (fd == -1) {
38 ALOGE("%s: cannot read /dev/urandom", __func__);
39 return;
40 }
41
42 size_t n;
43 while ((n = TEMP_FAILURE_RETRY(read(fd, buf, len))) > 0) {
44 len -= n;
45 buf += n;
46 }
47 if (len > 0) {
48 ALOGW("%s: there are %d bytes skipped", __func__, (int)len);
49 }
50 close(fd);
51 }
52
TokenManager()53 TokenManager::TokenManager() {
54 ReadRandomBytes(mKey.data(), mKey.size());
55 }
56
noteTmUsage(const char * action,size_t size)57 static void noteTmUsage(const char* action, size_t size) {
58 using android::hardware::IPCThreadState;
59 const auto& self = IPCThreadState::self();
60 ALOGI("TokenManager tokens count %s by (uid: %d, pid: %d), now: %zu", action,
61 self->getCallingUid(), self->getCallingPid(), size);
62 }
63
64 // Methods from ::android::hidl::token::V1_0::ITokenManager follow.
createToken(const sp<IBase> & store,createToken_cb hidl_cb)65 Return<void> TokenManager::createToken(const sp<IBase>& store, createToken_cb hidl_cb) {
66 TokenInterface interface = generateToken(store);
67
68 if (interface.interface == nullptr) {
69 hidl_cb({});
70 return Void();
71 }
72
73 uint64_t id = getTokenId(interface.token);
74
75 if (id != interface.id) {
76 ALOGE("Token creation failed.");
77 hidl_cb({});
78 return Void();
79 }
80
81 if (id == TOKEN_ID_NONE) {
82 hidl_cb({});
83 return Void();
84 }
85
86 mMap[id] = interface;
87 noteTmUsage("added", mMap.size());
88
89 hidl_cb(interface.token);
90 return Void();
91 }
92
93 std::unordered_map<uint64_t, TokenManager::TokenInterface>::const_iterator
lookupToken(const hidl_vec<uint8_t> & token)94 TokenManager::lookupToken(const hidl_vec<uint8_t> &token) {
95 uint64_t tokenId = getTokenId(token);
96
97 if (tokenId == TOKEN_ID_NONE) {
98 return mMap.end();
99 }
100
101 auto it = mMap.find(tokenId);
102
103 if (it == mMap.end()) {
104 return mMap.end();
105 }
106
107 const TokenInterface &interface = it->second;
108
109 if (!constantTimeCompare(token, interface.token)) {
110 ALOGE("Fetch of token with invalid hash.");
111 return mMap.end();
112 }
113
114 return it;
115 }
116
unregister(const hidl_vec<uint8_t> & token)117 Return<bool> TokenManager::unregister(const hidl_vec<uint8_t> &token) {
118 auto it = lookupToken(token);
119
120 if (it == mMap.end()) {
121 return false;
122 }
123
124 mMap.erase(it);
125 noteTmUsage("removed", mMap.size());
126
127 return true;
128 }
129
get(const hidl_vec<uint8_t> & token)130 Return<sp<IBase>> TokenManager::get(const hidl_vec<uint8_t> &token) {
131 auto it = lookupToken(token);
132
133 if (it == mMap.end()) {
134 return nullptr;
135 }
136
137 return it->second.interface;
138 }
139
140
generateToken(const sp<IBase> & interface)141 TokenManager::TokenInterface TokenManager::generateToken(const sp<IBase> &interface) {
142 uint64_t id = ++mTokenIndex;
143
144 std::array<uint8_t, EVP_MAX_MD_SIZE> hmac;
145 uint32_t hmacSize;
146
147 uint8_t *hmacOut = HMAC(EVP_sha256(),
148 mKey.data(), mKey.size(),
149 (uint8_t*) &id, sizeof(id),
150 hmac.data(), &hmacSize);
151
152 if (hmacOut == nullptr ||
153 hmacOut != hmac.data()) {
154 ALOGE("Generating token failed, got %p.", hmacOut);
155 return { nullptr, TOKEN_ID_NONE, {} };
156 }
157
158 // only care about the first HMAC_SIZE bytes of the HMAC
159 const hidl_vec<uint8_t> &token = makeToken(id, hmac.data(), hmacSize);
160
161 return { interface, id, token };
162 }
163
164 __attribute__((optnone))
constantTimeCompare(const hidl_vec<uint8_t> & t1,const hidl_vec<uint8_t> & t2)165 bool TokenManager::constantTimeCompare(const hidl_vec<uint8_t> &t1, const hidl_vec<uint8_t> &t2) {
166 if (t1.size() != t2.size()) {
167 return false;
168 }
169
170 uint8_t x = 0;
171 for (size_t i = 0; i < t1.size(); i++) {
172 x |= t1[i] ^ t2[i];
173 }
174
175 return x == 0;
176 }
177
getTokenId(const hidl_vec<uint8_t> & token)178 uint64_t TokenManager::getTokenId(const hidl_vec<uint8_t> &token) {
179 uint64_t id = 0;
180
181 if (token.size() < sizeof(id)) {
182 return TOKEN_ID_NONE;
183 }
184
185 memcpy(&id, token.data(), sizeof(id));
186
187 return id;
188 }
189
makeToken(const uint64_t id,const uint8_t * hmac,uint64_t hmacSize)190 hidl_vec<uint8_t> TokenManager::makeToken(const uint64_t id, const uint8_t *hmac, uint64_t hmacSize) {
191 hidl_vec<uint8_t> token;
192 token.resize(sizeof(id) + hmacSize);
193
194 memcpy(token.data(), &id, sizeof(id));
195 memcpy(token.data() + sizeof(id), hmac, hmacSize);
196
197 return token;
198 }
199
200
201 } // namespace implementation
202 } // namespace V1_0
203 } // namespace token
204 } // namespace hidl
205 } // namespace android
206