Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / bb22a6c50d609dffc7002f906f4d385d7c7cbfdc / . / keystore / keymaster_enforcement.h
blob: d7b27fcd74a48974dc8cba513595e2e537efd723 [file] [log] [blame]
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYMASTER_ENFORCEMENT_H
18#define KEYSTORE_KEYMASTER_ENFORCEMENT_H
19
20#include <stdio.h>
21
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]22#include <keystore/keymaster_types.h>
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]23
24namespace keystore {
25
26typedef uint64_t km_id_t;
27
28class KeymasterEnforcementContext {
29 public:
30 virtual ~KeymasterEnforcementContext() {}
31 /*
32 * Get current time.
33 */
34};
35
36class AccessTimeMap;
37class AccessCountMap;
38
39class KeymasterEnforcement {
40 public:
41 /**
42 * Construct a KeymasterEnforcement.
43 */
44 KeymasterEnforcement(uint32_t max_access_time_map_size, uint32_t max_access_count_map_size);
45 virtual ~KeymasterEnforcement();
46
47 /**
48 * Iterates through the authorization set and returns the corresponding keymaster error. Will
49 * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
50 * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
51 */
52 ErrorCode AuthorizeOperation(const KeyPurpose purpose, const km_id_t keyid,
53 const AuthorizationSet& auth_set,
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]54 const AuthorizationSet& operation_params,
55 const HardwareAuthToken& auth_token, uint64_t op_handle,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]56 bool is_begin_operation);
57
58 /**
59 * Iterates through the authorization set and returns the corresponding keymaster error. Will
60 * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
61 * the given operation params. Used for encrypt, decrypt sign, and verify.
62 */
63 ErrorCode AuthorizeBegin(const KeyPurpose purpose, const km_id_t keyid,
64 const AuthorizationSet& auth_set,
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]65 const AuthorizationSet& operation_params,
66 NullOr<const HardwareAuthToken&> auth_token);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]67
68 /**
69 * Iterates through the authorization set and returns the corresponding keymaster error. Will
70 * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
71 * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
72 */
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]73 ErrorCode AuthorizeUpdate(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
74 uint64_t op_handle) {
75 return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]76 }
77
78 /**
79 * Iterates through the authorization set and returns the corresponding keymaster error. Will
80 * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
81 * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
82 */
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]83 ErrorCode AuthorizeFinish(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
84 uint64_t op_handle) {
85 return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]86 }
87
88 /**
89 * Creates a key ID for use in subsequent calls to AuthorizeOperation. Clients needn't use this
90 * method of creating key IDs, as long as they use something consistent and unique. This method
91 * hashes the key blob.
92 *
93 * Returns false if an error in the crypto library prevents creation of an ID.
94 */
95 static bool CreateKeyId(const hidl_vec<uint8_t>& key_blob, km_id_t* keyid);
96
97 //
98 // Methods that must be implemented by subclasses
99 //
100 // The time-related methods address the fact that different enforcement contexts may have
101 // different time-related capabilities. In particular:
102 //
103 // - They may or may not be able to check dates against real-world clocks.
104 //
105 // - They may or may not be able to check timestampls against authentication trustlets (minters
106 // of hw_auth_token_t structs).
107 //
108 // - They must have some time source for relative times, but may not be able to provide more
109 // than reliability and monotonicity.
110
111 /*
112 * Returns true if the specified activation date has passed, or if activation cannot be
113 * enforced.
114 */
115 virtual bool activation_date_valid(uint64_t activation_date) const = 0;
116
117 /*
118 * Returns true if the specified expiration date has passed. Returns false if it has not, or if
119 * expiration cannot be enforced.
120 */
121 virtual bool expiration_date_passed(uint64_t expiration_date) const = 0;
122
123 /*
124 * Returns true if the specified auth_token is older than the specified timeout.
125 */
Janis Danisevskis8f737ad2017-11-21 12:30:15 -0800[diff] [blame]126 virtual bool auth_token_timed_out(const HardwareAuthToken& token, uint32_t timeout) const = 0;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]127
128 /*
129 * Get current time in seconds from some starting point. This value is used to compute relative
130 * times between events. It must be monotonically increasing, and must not skip or lag. It
131 * need not have any relation to any external time standard (other than the duration of
132 * "second").
133 *
134 * On POSIX systems, it's recommented to use clock_gettime(CLOCK_MONOTONIC, ...) to implement
135 * this method.
136 */
137 virtual uint32_t get_current_time() const = 0;
138
139 /*
140 * Returns true if the specified auth_token has a valid signature, or if signature validation is
141 * not available.
142 */
Janis Danisevskis8f737ad2017-11-21 12:30:15 -0800[diff] [blame]143 virtual bool ValidateTokenSignature(const HardwareAuthToken& token) const = 0;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]144
145 private:
146 ErrorCode AuthorizeUpdateOrFinish(const AuthorizationSet& auth_set,
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]147 const HardwareAuthToken& auth_token, uint64_t op_handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]148
149 bool MinTimeBetweenOpsPassed(uint32_t min_time_between, const km_id_t keyid);
150 bool MaxUsesPerBootNotExceeded(const km_id_t keyid, uint32_t max_uses);
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]151 bool AuthTokenMatches(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
152 const uint64_t user_secure_id, const int auth_type_index,
153 const int auth_timeout_index, const uint64_t op_handle,
154 bool is_begin_operation) const;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]155
156 AccessTimeMap* access_time_map_;
157 AccessCountMap* access_count_map_;
158};
159
160}; /* namespace keystore */
161
162#endif // KEYSTORE_KEYMASTER_ENFORCEMENT_H