Blame - keystore/auth_token_table.h - platform/system/security

blob: 76cf8169810d9c1e387e3daa019352f7d43a7cca [file] [log] [blame]

Shawn Willden	489dfe1	2015-03-17 10:13:27 -0600	[diff] [blame]	1	/*
				2	* Copyright (C) 2015 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	#include <memory>
				18	#include <vector>
				19
				20	#include <hardware/hw_auth_token.h>
				21	#include <keymaster/authorization_set.h>
				22
Shawn Willden	c1d1fee	2016-01-26 22:44:56 -0700	[diff] [blame]	23	#ifndef KEYSTORE_AUTH_TOKEN_TABLE_H_
				24	#define KEYSTORE_AUTH_TOKEN_TABLE_H_
Shawn Willden	489dfe1	2015-03-17 10:13:27 -0600	[diff] [blame]	25
				26	namespace keymaster {
				27
				28	namespace test {
				29	class AuthTokenTableTest;
				30	} // namespace test
				31
				32	time_t clock_gettime_raw();
				33
				34	/**
				35	* AuthTokenTable manages a set of received authorization tokens and can provide the appropriate
				36	* token for authorizing a key operation.
				37	*
				38	* To keep the table from growing without bound, superseded entries are removed when possible, and
				39	* least recently used entries are automatically pruned when when the table exceeds a size limit,
				40	* which is expected to be relatively small, since the implementation uses a linear search.
				41	*/
				42	class AuthTokenTable {
				43	public:
				44	AuthTokenTable(size_t max_entries = 32, time_t (*clock_function)() = clock_gettime_raw)
Tucker Sylvestro	0ab28b7	2016-08-05 18:02:47 -0400	[diff] [blame^]	45	: max_entries_(max_entries), last_off_body_(clock_function()), clock_function_(clock_function) {}
Shawn Willden	489dfe1	2015-03-17 10:13:27 -0600	[diff] [blame]	46
				47	enum Error {
				48	OK,
				49	AUTH_NOT_REQUIRED = -1,
				50	AUTH_TOKEN_EXPIRED = -2, // Found a matching token, but it's too old.
				51	AUTH_TOKEN_WRONG_SID = -3, // Found a token with the right challenge, but wrong SID. This
				52	// most likely indicates that the authenticator was updated
				53	// (e.g. new fingerprint enrolled).
				54	OP_HANDLE_REQUIRED = -4, // The key requires auth per use but op_handle was zero.
				55	AUTH_TOKEN_NOT_FOUND = -5,
				56	};
				57
				58	/**
				59	* Add an authorization token to the table. The table takes ownership of the argument.
				60	*/
				61	void AddAuthenticationToken(const hw_auth_token_t* token);
				62
				63	/**
				64	* Find an authorization token that authorizes the operation specified by \p operation_handle on
				65	* a key with the characteristics specified in \p key_info.
				66	*
				67	* This method is O(n * m), where n is the number of KM_TAG_USER_SECURE_ID entries in key_info
				68	* and m is the number of entries in the table. It could be made better, but n and m should
				69	* always be small.
				70	*
				71	* The table retains ownership of the returned object.
				72	*/
Shawn Willden	b2ffa42	2015-06-17 12:18:55 -0600	[diff] [blame]	73	Error FindAuthorization(const AuthorizationSet& key_info, keymaster_purpose_t purpose,
Shawn Willden	489dfe1	2015-03-17 10:13:27 -0600	[diff] [blame]	74	keymaster_operation_handle_t op_handle, const hw_auth_token_t** found);
				75
				76	/**
				77	* Find an authorization token that authorizes the operation specified by \p operation_handle on
				78	* a key with the characteristics specified in \p key_info.
				79	*
				80	* This method is O(n * m), where n is the number of KM_TAG_USER_SECURE_ID entries in key_info
				81	* and m is the number of entries in the table. It could be made better, but n and m should
				82	* always be small.
				83	*
				84	* The table retains ownership of the returned object.
				85	*/
				86	Error FindAuthorization(const keymaster_key_param_t* params, size_t params_count,
Shawn Willden	b2ffa42	2015-06-17 12:18:55 -0600	[diff] [blame]	87	keymaster_purpose_t purpose, keymaster_operation_handle_t op_handle,
				88	const hw_auth_token_t** found) {
				89	return FindAuthorization(AuthorizationSet(params, params_count), purpose, op_handle, found);
Shawn Willden	489dfe1	2015-03-17 10:13:27 -0600	[diff] [blame]	90	}
				91
				92	/**
Shawn Willden	489dfe1	2015-03-17 10:13:27 -0600	[diff] [blame]	93	* Mark operation completed. This allows tokens associated with the specified operation to be
				94	* superseded by new tokens.
				95	*/
				96	void MarkCompleted(const keymaster_operation_handle_t op_handle);
				97
Tucker Sylvestro	0ab28b7	2016-08-05 18:02:47 -0400	[diff] [blame^]	98	/**
				99	* Update the last_off_body_ timestamp so that tokens which remain authorized only so long as
				100	* the device stays on body can be revoked.
				101	*/
				102	void onDeviceOffBody();
				103
Chad Brubaker	bbc7648	2015-04-16 15:16:44 -0700	[diff] [blame]	104	void Clear();
				105
Shawn Willden	489dfe1	2015-03-17 10:13:27 -0600	[diff] [blame]	106	size_t size() { return entries_.size(); }
				107
				108	private:
				109	friend class AuthTokenTableTest;
				110
				111	class Entry {
				112	public:
				113	Entry(const hw_auth_token_t* token, time_t current_time);
				114	Entry(Entry&& entry) { *this = std::move(entry); }
				115
				116	void operator=(Entry&& rhs) {
				117	token_ = std::move(rhs.token_);
				118	time_received_ = rhs.time_received_;
				119	last_use_ = rhs.last_use_;
				120	operation_completed_ = rhs.operation_completed_;
				121	}
				122
				123	bool operator<(const Entry& rhs) const { return last_use_ < rhs.last_use_; }
				124
				125	void UpdateLastUse(time_t time);
				126
				127	bool Supersedes(const Entry& entry) const;
				128	bool SatisfiesAuth(const std::vector<uint64_t>& sids, hw_authenticator_type_t auth_type);
				129
				130	bool is_newer_than(const Entry* entry) {
				131	if (!entry)
				132	return true;
				133	return timestamp_host_order() > entry->timestamp_host_order();
				134	}
				135
				136	void mark_completed() { operation_completed_ = true; }
				137
				138	const hw_auth_token_t* token() { return token_.get(); }
				139	time_t time_received() const { return time_received_; }
				140	bool completed() const { return operation_completed_; }
				141	uint32_t timestamp_host_order() const;
				142	hw_authenticator_type_t authenticator_type() const;
				143
				144	private:
				145	std::unique_ptr<const hw_auth_token_t> token_;
				146	time_t time_received_;
				147	time_t last_use_;
				148	bool operation_completed_;
				149	};
				150
				151	Error FindAuthPerOpAuthorization(const std::vector<uint64_t>& sids,
				152	hw_authenticator_type_t auth_type,
				153	keymaster_operation_handle_t op_handle,
				154	const hw_auth_token_t** found);
				155	Error FindTimedAuthorization(const std::vector<uint64_t>& sids,
				156	hw_authenticator_type_t auth_type,
				157	const AuthorizationSet& key_info, const hw_auth_token_t** found);
				158	void ExtractSids(const AuthorizationSet& key_info, std::vector<uint64_t>* sids);
				159	void RemoveEntriesSupersededBy(const Entry& entry);
				160	bool IsSupersededBySomeEntry(const Entry& entry);
				161
				162	std::vector<Entry> entries_;
				163	size_t max_entries_;
Tucker Sylvestro	0ab28b7	2016-08-05 18:02:47 -0400	[diff] [blame^]	164	time_t last_off_body_;
Shawn Willden	489dfe1	2015-03-17 10:13:27 -0600	[diff] [blame]	165	time_t (*clock_function_)();
				166	};
				167
				168	} // namespace keymaster
				169
Shawn Willden	c1d1fee	2016-01-26 22:44:56 -0700	[diff] [blame]	170	#endif // KEYSTORE_AUTH_TOKEN_TABLE_H_