Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / 3b3599385a88ae26fce0484c20a34cc911fed000 / . / keystore / keystore_keymaster_enforcement.h
blob: e7515a1f34db3e87b22e233fc043f1fcefb61070 [file] [log] [blame]
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]17#ifndef KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_
18#define KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]19
20#include <time.h>
21
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]22#include "keymaster_enforcement.h"
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]23
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]24namespace keystore {
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]25/**
26 * This is a specialization of the KeymasterEnforcement class to be used by Keystore to enforce
27 * keymaster requirements on all key operation.
28 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]29class KeystoreKeymasterEnforcement : public KeymasterEnforcement {
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]30 public:
31 KeystoreKeymasterEnforcement() : KeymasterEnforcement(64, 64) {}
32
33 uint32_t get_current_time() const override {
34 struct timespec tp;
35 int err = clock_gettime(CLOCK_MONOTONIC, &tp);
36 if (err || tp.tv_sec < 0)
37 return 0;
38 return static_cast<uint32_t>(tp.tv_sec);
39 }
40
41 bool activation_date_valid(uint64_t activation_date) const override {
Yi Konge353f252018-07-30 01:38:39 -0700[diff] [blame]42 time_t now = time(nullptr);
Alex Klyubin53752412015-06-23 09:44:45 -0700[diff] [blame]43 if (now == static_cast<time_t>(-1)) {
44 // Failed to obtain current time -- fail safe: activation_date hasn't yet occurred.
45 return false;
46 } else if (now < 0) {
47 // Current time is prior to start of the epoch -- activation_date hasn't yet occurred.
48 return false;
49 }
50
51 // time(NULL) returns seconds since epoch and "loses" milliseconds information. We thus add
52 // 999 ms to now_date to avoid a situation where an activation_date of up to 999ms in the
53 // past may still be considered to still be in the future. This can be removed once
54 // time(NULL) is replaced by a millisecond-precise source of time.
55 uint64_t now_date = static_cast<uint64_t>(now) * 1000 + 999;
56 return now_date >= activation_date;
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]57 }
58
59 bool expiration_date_passed(uint64_t expiration_date) const override {
Yi Konge353f252018-07-30 01:38:39 -0700[diff] [blame]60 time_t now = time(nullptr);
Alex Klyubin53752412015-06-23 09:44:45 -0700[diff] [blame]61 if (now == static_cast<time_t>(-1)) {
62 // Failed to obtain current time -- fail safe: expiration_date has passed.
63 return true;
64 } else if (now < 0) {
65 // Current time is prior to start of the epoch: expiration_date hasn't yet occurred.
66 return false;
67 }
68
69 // time(NULL) returns seconds since epoch and "loses" milliseconds information. As a result,
70 // expiration_date of up to 999 ms in the past may still be considered in the future. This
71 // is OK.
72 uint64_t now_date = static_cast<uint64_t>(now) * 1000;
73 return now_date > expiration_date;
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]74 }
75
Janis Danisevskis8f737ad2017-11-21 12:30:15 -0800[diff] [blame]76 bool auth_token_timed_out(const HardwareAuthToken&, uint32_t) const {
Shawn Willden06114e62015-06-30 15:47:54 -0600[diff] [blame]77 // Assume the token has not timed out, because AuthTokenTable would not have returned it if
78 // the timeout were past. Secure hardware will also check timeouts if it supports them.
79 return false;
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]80 }
81
Janis Danisevskis8f737ad2017-11-21 12:30:15 -0800[diff] [blame]82 bool ValidateTokenSignature(const HardwareAuthToken&) const override {
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]83 // Non-secure world cannot validate token signatures because it doesn't have access to the
84 // signing key. Assume the token is good.
85 return true;
86 }
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]87
Brian Young9a947d52018-02-23 18:03:14 +0000[diff] [blame]88 bool is_device_locked(int32_t userId) const override {
89 // If we haven't had a set call for this user yet, assume the device is locked.
90 if (mIsDeviceLockedForUser.count(userId) == 0) return true;
91 return mIsDeviceLockedForUser.find(userId)->second;
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]92 }
93
Brian Young9a947d52018-02-23 18:03:14 +0000[diff] [blame]94 void set_device_locked(bool isLocked, int32_t userId) {
95 mIsDeviceLockedForUser[userId] = isLocked;
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]96 }
Brian Young9a947d52018-02-23 18:03:14 +0000[diff] [blame]97
98 private:
99 std::map<int32_t, bool> mIsDeviceLockedForUser;
Shawn Willden9221bff2015-06-18 18:23:54 -0600[diff] [blame]100};
101
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]102} // namespace keystore
103
104#endif // KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_