• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_
18 #define KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_
19 
20 #include <time.h>
21 
22 #include "keymaster_enforcement.h"
23 
24 namespace keystore {
25 /**
26  * This is a specialization of the KeymasterEnforcement class to be used by Keystore to enforce
27  * keymaster requirements on all key operation.
28  */
29 class KeystoreKeymasterEnforcement : public KeymasterEnforcement {
30   public:
KeystoreKeymasterEnforcement()31     KeystoreKeymasterEnforcement() : KeymasterEnforcement(64, 64) {}
32 
get_current_time()33     uint32_t get_current_time() const override {
34         struct timespec tp;
35         int err = clock_gettime(CLOCK_MONOTONIC, &tp);
36         if (err || tp.tv_sec < 0)
37             return 0;
38         return static_cast<uint32_t>(tp.tv_sec);
39     }
40 
activation_date_valid(uint64_t activation_date)41     bool activation_date_valid(uint64_t activation_date) const override {
42         time_t now = time(nullptr);
43         if (now == static_cast<time_t>(-1)) {
44             // Failed to obtain current time -- fail safe: activation_date hasn't yet occurred.
45             return false;
46         } else if (now < 0) {
47             // Current time is prior to start of the epoch -- activation_date hasn't yet occurred.
48             return false;
49         }
50 
51         // time(NULL) returns seconds since epoch and "loses" milliseconds information. We thus add
52         // 999 ms to now_date to avoid a situation where an activation_date of up to 999ms in the
53         // past may still be considered to still be in the future. This can be removed once
54         // time(NULL) is replaced by a millisecond-precise source of time.
55         uint64_t now_date = static_cast<uint64_t>(now) * 1000 + 999;
56         return now_date >= activation_date;
57     }
58 
expiration_date_passed(uint64_t expiration_date)59     bool expiration_date_passed(uint64_t expiration_date) const override {
60         time_t now = time(nullptr);
61         if (now == static_cast<time_t>(-1)) {
62             // Failed to obtain current time -- fail safe: expiration_date has passed.
63             return true;
64         } else if (now < 0) {
65             // Current time is prior to start of the epoch: expiration_date hasn't yet occurred.
66             return false;
67         }
68 
69         // time(NULL) returns seconds since epoch and "loses" milliseconds information. As a result,
70         // expiration_date of up to 999 ms in the past may still be considered in the future. This
71         // is OK.
72         uint64_t now_date = static_cast<uint64_t>(now) * 1000;
73         return now_date > expiration_date;
74     }
75 
auth_token_timed_out(const HardwareAuthToken &,uint32_t)76     bool auth_token_timed_out(const HardwareAuthToken&, uint32_t) const {
77         // Assume the token has not timed out, because AuthTokenTable would not have returned it if
78         // the timeout were past.  Secure hardware will also check timeouts if it supports them.
79         return false;
80     }
81 
ValidateTokenSignature(const HardwareAuthToken &)82     bool ValidateTokenSignature(const HardwareAuthToken&) const override {
83         // Non-secure world cannot validate token signatures because it doesn't have access to the
84         // signing key. Assume the token is good.
85         return true;
86     }
87 
is_device_locked(int32_t userId)88     bool is_device_locked(int32_t userId) const override {
89         std::lock_guard<std::mutex> lock(is_device_locked_for_user_map_lock_);
90         // If we haven't had a set call for this user yet, assume the device is locked.
91         if (mIsDeviceLockedForUser.count(userId) == 0) return true;
92         return mIsDeviceLockedForUser.find(userId)->second;
93     }
94 
set_device_locked(bool isLocked,int32_t userId)95     void set_device_locked(bool isLocked, int32_t userId) {
96         std::lock_guard<std::mutex> lock(is_device_locked_for_user_map_lock_);
97         mIsDeviceLockedForUser[userId] = isLocked;
98     }
99 
100   private:
101     mutable std::mutex is_device_locked_for_user_map_lock_;
102     std::map<int32_t, bool> mIsDeviceLockedForUser;
103 };
104 
105 } // namespace keystore
106 
107 #endif  // KEYSTORE_KEYSTORE_KEYMASTER_ENFORCEMENT_H_
108