Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2015 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 17 | #ifndef KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_ |
| 18 | #define KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_ |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 19 | |
| 20 | #include <time.h> |
| 21 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 22 | #include "keymaster_enforcement.h" |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 23 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 24 | namespace keystore { |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 25 | /** |
| 26 | * This is a specialization of the KeymasterEnforcement class to be used by Keystore to enforce |
| 27 | * keymaster requirements on all key operation. |
| 28 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 29 | class KeystoreKeymasterEnforcement : public KeymasterEnforcement { |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 30 | public: |
| 31 | KeystoreKeymasterEnforcement() : KeymasterEnforcement(64, 64) {} |
| 32 | |
| 33 | uint32_t get_current_time() const override { |
| 34 | struct timespec tp; |
| 35 | int err = clock_gettime(CLOCK_MONOTONIC, &tp); |
| 36 | if (err || tp.tv_sec < 0) |
| 37 | return 0; |
| 38 | return static_cast<uint32_t>(tp.tv_sec); |
| 39 | } |
| 40 | |
| 41 | bool activation_date_valid(uint64_t activation_date) const override { |
Yi Kong | e353f25 | 2018-07-30 01:38:39 -0700 | [diff] [blame] | 42 | time_t now = time(nullptr); |
Alex Klyubin | 5375241 | 2015-06-23 09:44:45 -0700 | [diff] [blame] | 43 | if (now == static_cast<time_t>(-1)) { |
| 44 | // Failed to obtain current time -- fail safe: activation_date hasn't yet occurred. |
| 45 | return false; |
| 46 | } else if (now < 0) { |
| 47 | // Current time is prior to start of the epoch -- activation_date hasn't yet occurred. |
| 48 | return false; |
| 49 | } |
| 50 | |
| 51 | // time(NULL) returns seconds since epoch and "loses" milliseconds information. We thus add |
| 52 | // 999 ms to now_date to avoid a situation where an activation_date of up to 999ms in the |
| 53 | // past may still be considered to still be in the future. This can be removed once |
| 54 | // time(NULL) is replaced by a millisecond-precise source of time. |
| 55 | uint64_t now_date = static_cast<uint64_t>(now) * 1000 + 999; |
| 56 | return now_date >= activation_date; |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 57 | } |
| 58 | |
| 59 | bool expiration_date_passed(uint64_t expiration_date) const override { |
Yi Kong | e353f25 | 2018-07-30 01:38:39 -0700 | [diff] [blame] | 60 | time_t now = time(nullptr); |
Alex Klyubin | 5375241 | 2015-06-23 09:44:45 -0700 | [diff] [blame] | 61 | if (now == static_cast<time_t>(-1)) { |
| 62 | // Failed to obtain current time -- fail safe: expiration_date has passed. |
| 63 | return true; |
| 64 | } else if (now < 0) { |
| 65 | // Current time is prior to start of the epoch: expiration_date hasn't yet occurred. |
| 66 | return false; |
| 67 | } |
| 68 | |
| 69 | // time(NULL) returns seconds since epoch and "loses" milliseconds information. As a result, |
| 70 | // expiration_date of up to 999 ms in the past may still be considered in the future. This |
| 71 | // is OK. |
| 72 | uint64_t now_date = static_cast<uint64_t>(now) * 1000; |
| 73 | return now_date > expiration_date; |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 74 | } |
| 75 | |
Janis Danisevskis | 8f737ad | 2017-11-21 12:30:15 -0800 | [diff] [blame] | 76 | bool auth_token_timed_out(const HardwareAuthToken&, uint32_t) const { |
Shawn Willden | 06114e6 | 2015-06-30 15:47:54 -0600 | [diff] [blame] | 77 | // Assume the token has not timed out, because AuthTokenTable would not have returned it if |
| 78 | // the timeout were past. Secure hardware will also check timeouts if it supports them. |
| 79 | return false; |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 80 | } |
| 81 | |
Janis Danisevskis | 8f737ad | 2017-11-21 12:30:15 -0800 | [diff] [blame] | 82 | bool ValidateTokenSignature(const HardwareAuthToken&) const override { |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 83 | // Non-secure world cannot validate token signatures because it doesn't have access to the |
| 84 | // signing key. Assume the token is good. |
| 85 | return true; |
| 86 | } |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 87 | |
Brian Young | 9a947d5 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 88 | bool is_device_locked(int32_t userId) const override { |
| 89 | // If we haven't had a set call for this user yet, assume the device is locked. |
| 90 | if (mIsDeviceLockedForUser.count(userId) == 0) return true; |
| 91 | return mIsDeviceLockedForUser.find(userId)->second; |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 92 | } |
| 93 | |
Brian Young | 9a947d5 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 94 | void set_device_locked(bool isLocked, int32_t userId) { |
| 95 | mIsDeviceLockedForUser[userId] = isLocked; |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 96 | } |
Brian Young | 9a947d5 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 97 | |
| 98 | private: |
| 99 | std::map<int32_t, bool> mIsDeviceLockedForUser; |
Shawn Willden | 9221bff | 2015-06-18 18:23:54 -0600 | [diff] [blame] | 100 | }; |
| 101 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 102 | } // namespace keystore |
| 103 | |
| 104 | #endif // KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_ |