blob: 972dd2468e7af94040dbdfdeaed10932aad5d696
1 | /* |
2 | * Copyright 2015 The Android Open Source Project |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | * you may not use this file except in compliance with the License. |
6 | * You may obtain a copy of the License at |
7 | * |
8 | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | * |
10 | * Unless required by applicable law or agreed to in writing, software |
11 | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | * See the License for the specific language governing permissions and |
14 | * limitations under the License. |
15 | * |
16 | */ |
17 | |
18 | #ifndef SOFT_GATEKEEPER_H_ |
19 | #define SOFT_GATEKEEPER_H_ |
20 | |
21 | extern "C" { |
22 | #include <openssl/rand.h> |
23 | #include <openssl/sha.h> |
24 | |
25 | #include <crypto_scrypt.h> |
26 | } |
27 | |
28 | #include <android-base/memory.h> |
29 | #include <UniquePtr.h> |
30 | #include <gatekeeper/gatekeeper.h> |
31 | |
32 | #include <iostream> |
33 | #include <unordered_map> |
34 | |
35 | namespace gatekeeper { |
36 | |
37 | struct fast_hash_t { |
38 | uint64_t salt; |
39 | uint8_t digest[SHA256_DIGEST_LENGTH]; |
40 | }; |
41 | |
42 | class SoftGateKeeper : public GateKeeper { |
43 | public: |
44 | static const uint32_t SIGNATURE_LENGTH_BYTES = 32; |
45 | |
46 | // scrypt params |
47 | static const uint64_t N = 16384; |
48 | static const uint32_t r = 8; |
49 | static const uint32_t p = 1; |
50 | |
51 | static const int MAX_UINT_32_CHARS = 11; |
52 | |
53 | SoftGateKeeper() { |
54 | key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]); |
55 | memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES); |
56 | } |
57 | |
58 | virtual ~SoftGateKeeper() { |
59 | } |
60 | |
61 | virtual bool GetAuthTokenKey(const uint8_t **auth_token_key, |
62 | uint32_t *length) const { |
63 | if (auth_token_key == NULL || length == NULL) return false; |
64 | uint8_t *auth_token_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES]; |
65 | memcpy(auth_token_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES); |
66 | |
67 | *auth_token_key = auth_token_key_copy; |
68 | *length = SIGNATURE_LENGTH_BYTES; |
69 | return true; |
70 | } |
71 | |
72 | virtual void GetPasswordKey(const uint8_t **password_key, uint32_t *length) { |
73 | if (password_key == NULL || length == NULL) return; |
74 | uint8_t *password_key_copy = new uint8_t[SIGNATURE_LENGTH_BYTES]; |
75 | memcpy(password_key_copy, key_.get(), SIGNATURE_LENGTH_BYTES); |
76 | |
77 | *password_key = password_key_copy; |
78 | *length = SIGNATURE_LENGTH_BYTES; |
79 | } |
80 | |
81 | virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length, |
82 | const uint8_t *, uint32_t, const uint8_t *password, |
83 | uint32_t password_length, salt_t salt) const { |
84 | if (signature == NULL) return; |
85 | crypto_scrypt(password, password_length, reinterpret_cast<uint8_t *>(&salt), |
86 | sizeof(salt), N, r, p, signature, signature_length); |
87 | } |
88 | |
89 | virtual void GetRandom(void *random, uint32_t requested_length) const { |
90 | if (random == NULL) return; |
91 | RAND_pseudo_bytes((uint8_t *) random, requested_length); |
92 | } |
93 | |
94 | virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length, |
95 | const uint8_t *, uint32_t, const uint8_t *, const uint32_t) const { |
96 | if (signature == NULL) return; |
97 | memset(signature, 0, signature_length); |
98 | } |
99 | |
100 | virtual uint64_t GetMillisecondsSinceBoot() const { |
101 | struct timespec time; |
102 | int res = clock_gettime(CLOCK_BOOTTIME, &time); |
103 | if (res < 0) return 0; |
104 | return (time.tv_sec * 1000) + (time.tv_nsec / 1000 / 1000); |
105 | } |
106 | |
107 | virtual bool IsHardwareBacked() const { |
108 | return true; |
109 | } |
110 | |
111 | virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t *record, |
112 | bool /* secure */) { |
113 | failure_record_t *stored = &failure_map_[uid]; |
114 | if (user_id != stored->secure_user_id) { |
115 | stored->secure_user_id = user_id; |
116 | stored->last_checked_timestamp = 0; |
117 | stored->failure_counter = 0; |
118 | } |
119 | memcpy(record, stored, sizeof(*record)); |
120 | return true; |
121 | } |
122 | |
123 | virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool /* secure */) { |
124 | failure_record_t *stored = &failure_map_[uid]; |
125 | stored->secure_user_id = user_id; |
126 | stored->last_checked_timestamp = 0; |
127 | stored->failure_counter = 0; |
128 | return true; |
129 | } |
130 | |
131 | virtual bool WriteFailureRecord(uint32_t uid, failure_record_t *record, bool /* secure */) { |
132 | failure_map_[uid] = *record; |
133 | return true; |
134 | } |
135 | |
136 | fast_hash_t ComputeFastHash(const SizedBuffer &password, uint64_t salt) { |
137 | fast_hash_t fast_hash; |
138 | size_t digest_size = password.length + sizeof(salt); |
139 | std::unique_ptr<uint8_t[]> digest(new uint8_t[digest_size]); |
140 | memcpy(digest.get(), &salt, sizeof(salt)); |
141 | memcpy(digest.get() + sizeof(salt), password.buffer.get(), password.length); |
142 | |
143 | SHA256(digest.get(), digest_size, (uint8_t *) &fast_hash.digest); |
144 | |
145 | fast_hash.salt = salt; |
146 | return fast_hash; |
147 | } |
148 | |
149 | bool VerifyFast(const fast_hash_t &fast_hash, const SizedBuffer &password) { |
150 | fast_hash_t computed = ComputeFastHash(password, fast_hash.salt); |
151 | return memcmp(computed.digest, fast_hash.digest, SHA256_DIGEST_LENGTH) == 0; |
152 | } |
153 | |
154 | bool DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password) { |
155 | uint64_t user_id = android::base::get_unaligned<secure_id_t>(&expected_handle->user_id); |
156 | FastHashMap::const_iterator it = fast_hash_map_.find(user_id); |
157 | if (it != fast_hash_map_.end() && VerifyFast(it->second, password)) { |
158 | return true; |
159 | } else { |
160 | if (GateKeeper::DoVerify(expected_handle, password)) { |
161 | uint64_t salt; |
162 | GetRandom(&salt, sizeof(salt)); |
163 | fast_hash_map_[user_id] = ComputeFastHash(password, salt); |
164 | return true; |
165 | } |
166 | } |
167 | |
168 | return false; |
169 | } |
170 | |
171 | private: |
172 | |
173 | typedef std::unordered_map<uint32_t, failure_record_t> FailureRecordMap; |
174 | typedef std::unordered_map<uint64_t, fast_hash_t> FastHashMap; |
175 | |
176 | UniquePtr<uint8_t[]> key_; |
177 | FailureRecordMap failure_map_; |
178 | FastHashMap fast_hash_map_; |
179 | }; |
180 | } |
181 | |
182 | #endif // SOFT_GATEKEEPER_H_ |
183 |