Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / 3b3599385a88ae26fce0484c20a34cc911fed000 / . / keystore / keymaster_enforcement.h
blob: 9bfb2256d5d17dd42e19e3cf2312330f0afd5aa0 [file] [log] [blame]
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYMASTER_ENFORCEMENT_H
18#define KEYSTORE_KEYMASTER_ENFORCEMENT_H
19
20#include <stdio.h>
21
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]22#include <keystore/keymaster_types.h>
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]23
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]24#include <list>
25#include <mutex>
26#include <optional>
27
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]28namespace keystore {
29
30typedef uint64_t km_id_t;
31
32class KeymasterEnforcementContext {
33 public:
34 virtual ~KeymasterEnforcementContext() {}
35 /*
36 * Get current time.
37 */
38};
39
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]40class AccessTimeMap {
41 public:
42 explicit AccessTimeMap(uint32_t max_size) : max_size_(max_size) {}
43
44 /* If the key is found, returns true and fills \p last_access_time. If not found returns
45 * false. */
46 bool LastKeyAccessTime(km_id_t keyid, uint32_t* last_access_time) const;
47
48 /* Updates the last key access time with the currentTime parameter. Adds the key if
49 * needed, returning false if key cannot be added because list is full. */
50 bool UpdateKeyAccessTime(km_id_t keyid, uint32_t current_time, uint32_t timeout);
51
52 private:
53 mutable std::mutex list_lock_;
54 struct AccessTime {
55 km_id_t keyid;
56 uint32_t access_time;
57 uint32_t timeout;
58 };
59 std::list<AccessTime> last_access_list_;
60 const uint32_t max_size_;
61};
62
63class AccessCountMap {
64 public:
65 explicit AccessCountMap(uint32_t max_size) : max_size_(max_size) {}
66
67 /* If the key is found, returns true and fills \p count. If not found returns
68 * false. */
69 bool KeyAccessCount(km_id_t keyid, uint32_t* count) const;
70
71 /* Increments key access count, adding an entry if the key has never been used. Returns
72 * false if the list has reached maximum size. */
73 bool IncrementKeyAccessCount(km_id_t keyid);
74
75 private:
76 mutable std::mutex list_lock_;
77 struct AccessCount {
78 km_id_t keyid;
79 uint64_t access_count;
80 };
81 std::list<AccessCount> access_count_list_;
82 const uint32_t max_size_;
83};
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]84
85class KeymasterEnforcement {
86 public:
87 /**
88 * Construct a KeymasterEnforcement.
89 */
90 KeymasterEnforcement(uint32_t max_access_time_map_size, uint32_t max_access_count_map_size);
91 virtual ~KeymasterEnforcement();
92
93 /**
94 * Iterates through the authorization set and returns the corresponding keymaster error. Will
95 * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
96 * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
97 */
98 ErrorCode AuthorizeOperation(const KeyPurpose purpose, const km_id_t keyid,
99 const AuthorizationSet& auth_set,
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]100 const AuthorizationSet& operation_params,
101 const HardwareAuthToken& auth_token, uint64_t op_handle,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]102 bool is_begin_operation);
103
104 /**
105 * Iterates through the authorization set and returns the corresponding keymaster error. Will
106 * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
107 * the given operation params. Used for encrypt, decrypt sign, and verify.
108 */
109 ErrorCode AuthorizeBegin(const KeyPurpose purpose, const km_id_t keyid,
110 const AuthorizationSet& auth_set,
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]111 const AuthorizationSet& operation_params,
112 NullOr<const HardwareAuthToken&> auth_token);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]113
114 /**
115 * Iterates through the authorization set and returns the corresponding keymaster error. Will
116 * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
117 * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
118 */
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]119 ErrorCode AuthorizeUpdate(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
120 uint64_t op_handle) {
121 return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]122 }
123
124 /**
125 * Iterates through the authorization set and returns the corresponding keymaster error. Will
126 * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
127 * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
128 */
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]129 ErrorCode AuthorizeFinish(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
130 uint64_t op_handle) {
131 return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]132 }
133
134 /**
135 * Creates a key ID for use in subsequent calls to AuthorizeOperation. Clients needn't use this
136 * method of creating key IDs, as long as they use something consistent and unique. This method
137 * hashes the key blob.
138 *
139 * Returns false if an error in the crypto library prevents creation of an ID.
140 */
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]141 static std::optional<km_id_t> CreateKeyId(const hidl_vec<uint8_t>& key_blob);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]142
143 //
144 // Methods that must be implemented by subclasses
145 //
146 // The time-related methods address the fact that different enforcement contexts may have
147 // different time-related capabilities. In particular:
148 //
149 // - They may or may not be able to check dates against real-world clocks.
150 //
151 // - They may or may not be able to check timestampls against authentication trustlets (minters
152 // of hw_auth_token_t structs).
153 //
154 // - They must have some time source for relative times, but may not be able to provide more
155 // than reliability and monotonicity.
156
157 /*
158 * Returns true if the specified activation date has passed, or if activation cannot be
159 * enforced.
160 */
161 virtual bool activation_date_valid(uint64_t activation_date) const = 0;
162
163 /*
164 * Returns true if the specified expiration date has passed. Returns false if it has not, or if
165 * expiration cannot be enforced.
166 */
167 virtual bool expiration_date_passed(uint64_t expiration_date) const = 0;
168
169 /*
170 * Returns true if the specified auth_token is older than the specified timeout.
171 */
Janis Danisevskis8f737ad2017-11-21 12:30:15 -0800[diff] [blame]172 virtual bool auth_token_timed_out(const HardwareAuthToken& token, uint32_t timeout) const = 0;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]173
174 /*
175 * Get current time in seconds from some starting point. This value is used to compute relative
176 * times between events. It must be monotonically increasing, and must not skip or lag. It
177 * need not have any relation to any external time standard (other than the duration of
178 * "second").
179 *
180 * On POSIX systems, it's recommented to use clock_gettime(CLOCK_MONOTONIC, ...) to implement
181 * this method.
182 */
183 virtual uint32_t get_current_time() const = 0;
184
185 /*
186 * Returns true if the specified auth_token has a valid signature, or if signature validation is
187 * not available.
188 */
Janis Danisevskis8f737ad2017-11-21 12:30:15 -0800[diff] [blame]189 virtual bool ValidateTokenSignature(const HardwareAuthToken& token) const = 0;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]190
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]191 /*
192 * Returns true if the device screen is currently locked for the specified user.
193 */
194 virtual bool is_device_locked(int32_t userId) const = 0;
195
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]196 private:
197 ErrorCode AuthorizeUpdateOrFinish(const AuthorizationSet& auth_set,
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]198 const HardwareAuthToken& auth_token, uint64_t op_handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]199
200 bool MinTimeBetweenOpsPassed(uint32_t min_time_between, const km_id_t keyid);
201 bool MaxUsesPerBootNotExceeded(const km_id_t keyid, uint32_t max_uses);
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]202 bool AuthTokenMatches(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
203 const uint64_t user_secure_id, const int auth_type_index,
204 const int auth_timeout_index, const uint64_t op_handle,
205 bool is_begin_operation) const;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]206
Janis Danisevskisff3d7f42018-10-08 07:15:09 -0700[diff] [blame]207 AccessTimeMap access_time_map_;
208 AccessCountMap access_count_map_;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]209};
210
211}; /* namespace keystore */
212
213#endif // KEYSTORE_KEYMASTER_ENFORCEMENT_H