platform/hardware/amlogic/gatekeeper.git - Unnamed repository; edit this file 'description' to name the repository.

1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */
17
18 #ifndef SOFT_GATEKEEPER_H_
19 #define SOFT_GATEKEEPER_H_
20
21 extern "C" {
22 #include <openssl/rand.h>
23 #include <openssl/sha.h>
24 #include <openssl/hmac.h>
25
26 #include <crypto_scrypt.h>
27 }
28
29 #include <android-base/memory.h>
30 #include <gatekeeper/gatekeeper.h>
31
32 #include <iostream>
33 #include <unordered_map>
34 #include <memory>
35
36 #define HMAC_SHA_256_KEY_SIZE 32
37
38 namespace gatekeeper {
39
40 struct fast_hash_t {
41     uint64_t salt;
42     uint8_t digest[SHA256_DIGEST_LENGTH];
43 };
44
45 class SoftGateKeeper : public GateKeeper {
46 public:
47     static const uint32_t SIGNATURE_LENGTH_BYTES = 32;
48
49     // scrypt params
50     static const uint64_t N = 16384;
51     static const uint32_t r = 8;
52     static const uint32_t p = 1;
53
54     static const int MAX_UINT_32_CHARS = 11;
55
56     SoftGateKeeper() {
57         key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]);
58         memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES);
59     }
60
61     virtual ~SoftGateKeeper() {
62     }
63
64     virtual bool GetAuthTokenKey(const uint8_t **auth_token_key,
65             uint32_t *length) const {
66         if (auth_token_key == NULL || length == NULL) return false;
67         uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
68         memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
69
70         *auth_token_key = auth_token_key_copy;
71         *length = SIGNATURE_LENGTH_BYTES;
72         return true;
73     }
74
75     virtual void GetPasswordKey(const uint8_t **password_key, uint32_t *length) {
76         if (password_key == NULL || length == NULL) return;
77         uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
78         memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
79
80         *password_key = password_key_copy;
81         *length = SIGNATURE_LENGTH_BYTES;
82     }
83
84     virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length,
85             const uint8_t *, uint32_t, const uint8_t *password,
86             uint32_t password_length, salt_t salt) const {
87         if (signature == NULL) return;
88         crypto_scrypt(password, password_length, reinterpret_cast<uint8_t *>(&salt),
89                 sizeof(salt), N, r, p, signature, signature_length);
90     }
91
92     virtual void GetRandom(void *random, uint32_t requested_length) const {
93         if (random == NULL) return;
94         RAND_pseudo_bytes((uint8_t *) random, requested_length);
95     }
96
97     virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length,
98             const uint8_t *key, uint32_t key_length, const uint8_t *message, const uint32_t length) const {
99         if (signature == NULL) return;
100         uint8_t buf[HMAC_SHA_256_KEY_SIZE];
101         size_t buf_len;
102         HMAC(EVP_sha256(), key, key_length, message, length, buf, (unsigned int *)&buf_len);
103         size_t to_write = buf_len;
104         if (buf_len > signature_length) to_write = signature_length;
105         memset(signature, 0, signature_length);
106         memcpy(signature, buf, to_write);
107     }
108
109     virtual uint64_t GetMillisecondsSinceBoot() const {
110         struct timespec time;
111         int res = clock_gettime(CLOCK_BOOTTIME, &time);
112         if (res < 0) return 0;
113         return (time.tv_sec * 1000) + (time.tv_nsec / 1000 / 1000);
114     }
115
116     virtual bool IsHardwareBacked() const {
117         return true;
118     }
119
120     virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record,
121             bool /* secure */) {
122         failure_record_t *stored = &failure_map_[uid];
123         if (user_id != stored->secure_user_id) {
124             stored->secure_user_id = user_id;
125             stored->last_checked_timestamp = 0;
126             stored->failure_counter = 0;
127         }
128         memcpy(record, stored, sizeof(*record));
129         return true;
130     }
131
132     virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool /* secure */) {
133         failure_record_t *stored = &failure_map_[uid];
134         stored->secure_user_id = user_id;
135         stored->last_checked_timestamp = 0;
136         stored->failure_counter = 0;
137         return true;
138     }
139
140     virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool /* secure */) {
141         failure_map_[uid] = *record;
142         return true;
143     }
144
145     fast_hash_t ComputeFastHash(const SizedBuffer &password, uint64_t salt) {
146         fast_hash_t fast_hash;
147         size_t digest_size = password.length + sizeof(salt);
148         std::unique_ptr<uint8_t[]> digest(new uint8_t[digest_size]);
149         memcpy(digest.get(), &salt, sizeof(salt));
150         memcpy(digest.get() + sizeof(salt), password.buffer.get(), password.length);
151
152         SHA256(digest.get(), digest_size, (uint8_t *) &fast_hash.digest);
153
154         fast_hash.salt = salt;
155         return fast_hash;
156     }
157
158     bool VerifyFast(const fast_hash_t &fast_hash, const SizedBuffer &password) {
159         fast_hash_t computed = ComputeFastHash(password, fast_hash.salt);
160         return memcmp(computed.digest, fast_hash.digest, SHA256_DIGEST_LENGTH) == 0;
161     }
162
163     bool DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password) {
164         uint64_t user_id = android::base::get_unaligned<secure_id_t>(&expected_handle->user_id);
165         FastHashMap::const_iterator it = fast_hash_map_.find(user_id);
166         if (it != fast_hash_map_.end() && VerifyFast(it->second, password)) {
167             return true;
168         } else {
169             if (GateKeeper::DoVerify(expected_handle, password)) {
170                 uint64_t salt;
171                 GetRandom(&salt, sizeof(salt));
172                 fast_hash_map_[user_id] = ComputeFastHash(password, salt);
173                 return true;
174             }
175         }
176
177         return false;
178     }
179
180 private:
181
182     typedef std::unordered_map<uint32_t, failure_record_t> FailureRecordMap;
183     typedef std::unordered_map<uint64_t, fast_hash_t> FastHashMap;
184
185     std::unique_ptr<uint8_t[]> key_;
186     FailureRecordMap failure_map_;
187     FastHashMap fast_hash_map_;
188 };
189 }
190
191 #endif // SOFT_GATEKEEPER_H_
192
1	/*
2	* Copyright 2015 The Android Open Source Project
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* http://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*
16	*/
17
18	#ifndef SOFT_GATEKEEPER_H_
19	#define SOFT_GATEKEEPER_H_
20
21	extern "C" {
22	#include <openssl/rand.h>
23	#include <openssl/sha.h>
24	#include <openssl/hmac.h>
25
26	#include <crypto_scrypt.h>
27	}
28
29	#include <android-base/memory.h>
30	#include <gatekeeper/gatekeeper.h>
31
32	#include <iostream>
33	#include <unordered_map>
34	#include <memory>
35
36	#define HMAC_SHA_256_KEY_SIZE 32
37
38	namespace gatekeeper {
39
40	struct fast_hash_t {
41	uint64_t salt;
42	uint8_t digest[SHA256_DIGEST_LENGTH];
43	};
44
45	class SoftGateKeeper : public GateKeeper {
46	public:
47	static const uint32_t SIGNATURE_LENGTH_BYTES = 32;
48
49	// scrypt params
50	static const uint64_t N = 16384;
51	static const uint32_t r = 8;
52	static const uint32_t p = 1;
53
54	static const int MAX_UINT_32_CHARS = 11;
55
56	SoftGateKeeper() {
57	key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]);
58	memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES);
59	}
60
61	virtual ~SoftGateKeeper() {
62	}
63
64	virtual bool GetAuthTokenKey(const uint8_t **auth_token_key,
65	uint32_t *length) const {
66	if (auth_token_key == NULL \|\| length == NULL) return false;
67	uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
68	memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
69
70	*auth_token_key = auth_token_key_copy;
71	*length = SIGNATURE_LENGTH_BYTES;
72	return true;
73	}
74
75	virtual void GetPasswordKey(const uint8_t *password_key, uint32_t length) {
76	if (password_key == NULL \|\| length == NULL) return;
77	uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES];
78	memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES);
79
80	*password_key = password_key_copy;
81	*length = SIGNATURE_LENGTH_BYTES;
82	}
83
84	virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length,
85	const uint8_t , uint32_t, const uint8_t password,
86	uint32_t password_length, salt_t salt) const {
87	if (signature == NULL) return;
88	crypto_scrypt(password, password_length, reinterpret_cast<uint8_t *>(&salt),
89	sizeof(salt), N, r, p, signature, signature_length);
90	}
91
92	virtual void GetRandom(void *random, uint32_t requested_length) const {
93	if (random == NULL) return;
94	RAND_pseudo_bytes((uint8_t *) random, requested_length);
95	}
96
97	virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length,
98	const uint8_t key, uint32_t key_length, const uint8_t message, const uint32_t length) const {
99	if (signature == NULL) return;
100	uint8_t buf[HMAC_SHA_256_KEY_SIZE];
101	size_t buf_len;
102	HMAC(EVP_sha256(), key, key_length, message, length, buf, (unsigned int *)&buf_len);
103	size_t to_write = buf_len;
104	if (buf_len > signature_length) to_write = signature_length;
105	memset(signature, 0, signature_length);
106	memcpy(signature, buf, to_write);
107	}
108
109	virtual uint64_t GetMillisecondsSinceBoot() const {
110	struct timespec time;
111	int res = clock_gettime(CLOCK_BOOTTIME, &time);
112	if (res < 0) return 0;
113	return (time.tv_sec * 1000) + (time.tv_nsec / 1000 / 1000);
114	}
115
116	virtual bool IsHardwareBacked() const {
117	return true;
118	}
119
120	virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record,
121	bool /* secure */) {
122	failure_record_t *stored = &failure_map_[uid];
123	if (user_id != stored->secure_user_id) {
124	stored->secure_user_id = user_id;
125	stored->last_checked_timestamp = 0;
126	stored->failure_counter = 0;
127	}
128	memcpy(record, stored, sizeof(*record));
129	return true;
130	}
131
132	virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool /* secure */) {
133	failure_record_t *stored = &failure_map_[uid];
134	stored->secure_user_id = user_id;
135	stored->last_checked_timestamp = 0;
136	stored->failure_counter = 0;
137	return true;
138	}
139
140	virtual bool WriteFailureRecord(uint32_t uid, failure_record_t record, bool / secure */) {
141	failure_map_[uid] = *record;
142	return true;
143	}
144
145	fast_hash_t ComputeFastHash(const SizedBuffer &password, uint64_t salt) {
146	fast_hash_t fast_hash;
147	size_t digest_size = password.length + sizeof(salt);
148	std::unique_ptr<uint8_t[]> digest(new uint8_t[digest_size]);
149	memcpy(digest.get(), &salt, sizeof(salt));
150	memcpy(digest.get() + sizeof(salt), password.buffer.get(), password.length);
151
152	SHA256(digest.get(), digest_size, (uint8_t *) &fast_hash.digest);
153
154	fast_hash.salt = salt;
155	return fast_hash;
156	}
157
158	bool VerifyFast(const fast_hash_t &fast_hash, const SizedBuffer &password) {
159	fast_hash_t computed = ComputeFastHash(password, fast_hash.salt);
160	return memcmp(computed.digest, fast_hash.digest, SHA256_DIGEST_LENGTH) == 0;
161	}
162
163	bool DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password) {
164	uint64_t user_id = android::base::get_unaligned<secure_id_t>(&expected_handle->user_id);
165	FastHashMap::const_iterator it = fast_hash_map_.find(user_id);
166	if (it != fast_hash_map_.end() && VerifyFast(it->second, password)) {
167	return true;
168	} else {
169	if (GateKeeper::DoVerify(expected_handle, password)) {
170	uint64_t salt;
171	GetRandom(&salt, sizeof(salt));
172	fast_hash_map_[user_id] = ComputeFastHash(password, salt);
173	return true;
174	}
175	}
176
177	return false;
178	}
179
180	private:
181
182	typedef std::unordered_map<uint32_t, failure_record_t> FailureRecordMap;
183	typedef std::unordered_map<uint64_t, fast_hash_t> FastHashMap;
184
185	std::unique_ptr<uint8_t[]> key_;
186	FailureRecordMap failure_map_;
187	FastHashMap fast_hash_map_;
188	};
189	}
190
191	#endif // SOFT_GATEKEEPER_H_
192