path: root/soft/SoftGateKeeper.h (plain)
blob: 2f4f4d7e64c79b4facda05d581ff273f258013a1

1	/*
2	* Copyright 2015 The Android Open Source Project
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* http://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*
16	*/
17
18	#ifndef SOFT_GATEKEEPER_H_
19	#define SOFT_GATEKEEPER_H_
20
21	extern "C" {
22	#include <openssl/rand.h>
23	#include <openssl/sha.h>
24
25	#include <crypto_scrypt.h>
26	}
27
28	#include <android-base/memory.h>
29	#include <gatekeeper/gatekeeper.h>
30
31	#include <iostream>
32	#include <unordered_map>
33	#include <memory>
34
35	namespace gatekeeper {
36
37	struct fast_hash_t {
38	uint64_t salt;
39	uint8_t digest[SHA256_DIGEST_LENGTH];
40	};
41
42	class SoftGateKeeper : public GateKeeper {
43	public:
44	static const uint32_t SIGNATURE_LENGTH_BYTES = 32;
45
46	// scrypt params
47	static const uint64_t N = 16384;
48	static const uint32_t r = 8;
49	static const uint32_t p = 1;
50
51	static const int MAX_UINT_32_CHARS = 11;
52
53	SoftGateKeeper() {
54	key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]);
55	memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES);
56	}
57
58	virtual ~SoftGateKeeper() {
59	}
60
61	virtual bool GetAuthTokenKey(const uint8_t **auth_token_key,
62	uint32_t *length) const {
63	if (auth_token_key == NULL || length == NULL) return false;
64	uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
65	memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
66
67	*auth_token_key = auth_token_key_copy;
68	*length = SIGNATURE_LENGTH_BYTES;
69	return true;
70	}
71
72	virtual void GetPasswordKey(const uint8_t **password_key, uint32_t *length) {
73	if (password_key == NULL || length == NULL) return;
74	uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
75	memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
76
77	*password_key = password_key_copy;
78	*length = SIGNATURE_LENGTH_BYTES;
79	}
80
81	virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length,
82	const uint8_t *, uint32_t, const uint8_t *password,
83	uint32_t password_length, salt_t salt) const {
84	if (signature == NULL) return;
85	crypto_scrypt(password, password_length, reinterpret_cast<uint8_t *>(&salt),
86	sizeof(salt), N, r, p, signature, signature_length);
87	}
88
89	virtual void GetRandom(void *random, uint32_t requested_length) const {
90	if (random == NULL) return;
91	RAND_pseudo_bytes((uint8_t *) random, requested_length);
92	}
93
94	virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length,
95	const uint8_t *, uint32_t, const uint8_t *, const uint32_t) const {
96	if (signature == NULL) return;
97	memset(signature, 0, signature_length);
98	}
99
100	virtual uint64_t GetMillisecondsSinceBoot() const {
101	struct timespec time;
102	int res = clock_gettime(CLOCK_BOOTTIME, &time);
103	if (res < 0) return 0;
104	return (time.tv_sec * 1000) + (time.tv_nsec / 1000 / 1000);
105	}
106
107	virtual bool IsHardwareBacked() const {
108	return false;
109	}
110
111	virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record,
112	bool /* secure */) {
113	failure_record_t *stored = &failure_map_[uid];
114	if (user_id != stored->secure_user_id) {
115	stored->secure_user_id = user_id;
116	stored->last_checked_timestamp = 0;
117	stored->failure_counter = 0;
118	}
119	memcpy(record, stored, sizeof(*record));
120	return true;
121	}
122
123	virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool /* secure */) {
124	failure_record_t *stored = &failure_map_[uid];
125	stored->secure_user_id = user_id;
126	stored->last_checked_timestamp = 0;
127	stored->failure_counter = 0;
128	return true;
129	}
130
131	virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool /* secure */) {
132	failure_map_[uid] = *record;
133	return true;
134	}
135
136	fast_hash_t ComputeFastHash(const SizedBuffer &password, uint64_t salt) {
137	fast_hash_t fast_hash;
138	size_t digest_size = password.length + sizeof(salt);
139	std::unique_ptr<uint8_t[]> digest(new uint8_t[digest_size]);
140	memcpy(digest.get(), &salt, sizeof(salt));
141	memcpy(digest.get() + sizeof(salt), password.buffer.get(), password.length);
142
143	SHA256(digest.get(), digest_size, (uint8_t *) &fast_hash.digest);
144
145	fast_hash.salt = salt;
146	return fast_hash;
147	}
148
149	bool VerifyFast(const fast_hash_t &fast_hash, const SizedBuffer &password) {
150	fast_hash_t computed = ComputeFastHash(password, fast_hash.salt);
151	return memcmp(computed.digest, fast_hash.digest, SHA256_DIGEST_LENGTH) == 0;
152	}
153
154	bool DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password) {
155	uint64_t user_id = android::base::get_unaligned<secure_id_t>(&expected_handle->user_id);
156	FastHashMap::const_iterator it = fast_hash_map_.find(user_id);
157	if (it != fast_hash_map_.end() && VerifyFast(it->second, password)) {
158	return true;
159	} else {
160	if (GateKeeper::DoVerify(expected_handle, password)) {
161	uint64_t salt;
162	GetRandom(&salt, sizeof(salt));
163	fast_hash_map_[user_id] = ComputeFastHash(password, salt);
164	return true;
165	}
166	}
167
168	return false;
169	}
170
171	private:
172
173	typedef std::unordered_map<uint32_t, failure_record_t> FailureRecordMap;
174	typedef std::unordered_map<uint64_t, fast_hash_t> FastHashMap;
175
176	std::unique_ptr<uint8_t[]> key_;
177	FailureRecordMap failure_map_;
178	FastHashMap fast_hash_map_;
179	};
180	}
181
182	#endif // SOFT_GATEKEEPER_H_
183