• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef KEYSTORE_USER_STATE_H_
18 #define KEYSTORE_USER_STATE_H_
19 
20 #include <sys/types.h>
21 
22 #include <openssl/aes.h>
23 
24 #include <utils/String8.h>
25 
26 #include <keystore/keystore.h>
27 
28 #include "blob.h"
29 #include "keystore_utils.h"
30 
31 #include <android-base/logging.h>
32 #include <condition_variable>
33 #include <keystore/keystore_concurrency.h>
34 #include <mutex>
35 #include <set>
36 #include <vector>
37 
38 namespace keystore {
39 
40 class UserState;
41 
42 template <typename UserState> using LockedUserState = ProxyLock<UnlockProxyLockHelper<UserState>>;
43 
44 class UserState {
45   public:
46     explicit UserState(uid_t userId);
47 
48     bool initialize();
49 
getUserId()50     uid_t getUserId() const { return mUserId; }
getUserDirName()51     const std::string& getUserDirName() const { return mMasterKeyEntry.user_dir(); }
52 
getMasterKeyFileName()53     std::string getMasterKeyFileName() const { return mMasterKeyEntry.getKeyBlobPath(); }
54 
55     void setState(State state);
getState()56     State getState() const { return mState; }
57 
getRetry()58     int8_t getRetry() const { return mRetry; }
59 
60     void zeroizeMasterKeysInMemory();
61     bool deleteMasterKey();
62 
63     ResponseCode initialize(const android::String8& pw);
64 
65     ResponseCode copyMasterKey(LockedUserState<UserState>* src);
66     ResponseCode copyMasterKeyFile(LockedUserState<UserState>* src);
67     ResponseCode writeMasterKey(const android::String8& pw);
68     ResponseCode readMasterKey(const android::String8& pw);
69 
getEncryptionKey()70     const std::vector<uint8_t>& getEncryptionKey() const { return mMasterKey; }
71 
72     bool reset();
73 
74     bool operator<(const UserState& rhs) const;
75     bool operator<(uid_t userId) const;
76 
77   private:
78     static const int SHA1_DIGEST_SIZE_BYTES = 16;
79     static const int SHA256_DIGEST_SIZE_BYTES = 32;
80 
81     static const int MASTER_KEY_SIZE_BYTES = SHA256_DIGEST_SIZE_BYTES;
82     static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8;
83 
84     static const int MAX_RETRY = 4;
85     static const size_t SALT_SIZE = 16;
86 
87     void generateKeyFromPassword(std::vector<uint8_t>& key, const android::String8& pw,
88                                  uint8_t* salt);
89     bool generateSalt();
90     bool generateMasterKey();
91     void setupMasterKeys();
92 
93     KeyBlobEntry mMasterKeyEntry;
94 
95     uid_t mUserId;
96     State mState;
97     int8_t mRetry;
98 
99     std::vector<uint8_t> mMasterKey;
100     uint8_t mSalt[SALT_SIZE];
101 };
102 
103 bool operator<(uid_t userId, const UserState& rhs);
104 
105 class UserStateDB {
106   public:
107     LockedUserState<UserState> getUserState(uid_t userId);
108     LockedUserState<UserState> getUserStateByUid(uid_t uid);
109     LockedUserState<const UserState> getUserState(uid_t userId) const;
110     LockedUserState<const UserState> getUserStateByUid(uid_t uid) const;
111 
112   private:
113     mutable std::set<const UserState*> locked_state_;
114     mutable std::mutex locked_state_mutex_;
115     mutable std::condition_variable locked_state_mutex_cond_var_;
116 
117     template <typename UserState>
get(std::unique_lock<std::mutex> lock,UserState * entry)118     LockedUserState<UserState> get(std::unique_lock<std::mutex> lock, UserState* entry) const {
119         locked_state_mutex_cond_var_.wait(
120             lock, [&] { return locked_state_.find(entry) == locked_state_.end(); });
121         locked_state_.insert(entry);
122         return {entry, [&](UserState* entry) {
123                     std::unique_lock<std::mutex> lock(locked_state_mutex_);
124                     locked_state_.erase(entry);
125                     lock.unlock();
126                     locked_state_mutex_cond_var_.notify_all();
127                 }};
128     }
129 
130     std::map<uid_t, UserState> mMasterKeys;
131 };
132 
133 }  //  namespace keystore
134 
135 #endif  // KEYSTORE_USER_STATE_H_
136