• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef KEYSTORE_KEYMASTER_ENFORCEMENT_H
18 #define KEYSTORE_KEYMASTER_ENFORCEMENT_H
19 
20 #include <stdio.h>
21 
22 #include <keystore/keymaster_types.h>
23 
24 namespace keystore {
25 
26 typedef uint64_t km_id_t;
27 
28 class KeymasterEnforcementContext {
29   public:
~KeymasterEnforcementContext()30     virtual ~KeymasterEnforcementContext() {}
31     /*
32      * Get current time.
33      */
34 };
35 
36 class AccessTimeMap;
37 class AccessCountMap;
38 
39 class KeymasterEnforcement {
40   public:
41     /**
42      * Construct a KeymasterEnforcement.
43      */
44     KeymasterEnforcement(uint32_t max_access_time_map_size, uint32_t max_access_count_map_size);
45     virtual ~KeymasterEnforcement();
46 
47     /**
48      * Iterates through the authorization set and returns the corresponding keymaster error. Will
49      * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
50      * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
51      */
52     ErrorCode AuthorizeOperation(const KeyPurpose purpose, const km_id_t keyid,
53                                  const AuthorizationSet& auth_set,
54                                  const AuthorizationSet& operation_params,
55                                  const HardwareAuthToken& auth_token, uint64_t op_handle,
56                                  bool is_begin_operation);
57 
58     /**
59      * Iterates through the authorization set and returns the corresponding keymaster error. Will
60      * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
61      * the given operation params. Used for encrypt, decrypt sign, and verify.
62      */
63     ErrorCode AuthorizeBegin(const KeyPurpose purpose, const km_id_t keyid,
64                              const AuthorizationSet& auth_set,
65                              const AuthorizationSet& operation_params,
66                              NullOr<const HardwareAuthToken&> auth_token);
67 
68     /**
69      * Iterates through the authorization set and returns the corresponding keymaster error. Will
70      * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
71      * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
72      */
AuthorizeUpdate(const AuthorizationSet & auth_set,const HardwareAuthToken & auth_token,uint64_t op_handle)73     ErrorCode AuthorizeUpdate(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
74                               uint64_t op_handle) {
75         return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle);
76     }
77 
78     /**
79      * Iterates through the authorization set and returns the corresponding keymaster error. Will
80      * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with
81      * the given operation params and handle. Used for encrypt, decrypt sign, and verify.
82      */
AuthorizeFinish(const AuthorizationSet & auth_set,const HardwareAuthToken & auth_token,uint64_t op_handle)83     ErrorCode AuthorizeFinish(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
84                               uint64_t op_handle) {
85         return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle);
86     }
87 
88     /**
89      * Creates a key ID for use in subsequent calls to AuthorizeOperation.  Clients needn't use this
90      * method of creating key IDs, as long as they use something consistent and unique.  This method
91      * hashes the key blob.
92      *
93      * Returns false if an error in the crypto library prevents creation of an ID.
94      */
95     static bool CreateKeyId(const hidl_vec<uint8_t>& key_blob, km_id_t* keyid);
96 
97     //
98     // Methods that must be implemented by subclasses
99     //
100     // The time-related methods address the fact that different enforcement contexts may have
101     // different time-related capabilities.  In particular:
102     //
103     // - They may or may not be able to check dates against real-world clocks.
104     //
105     // - They may or may not be able to check timestampls against authentication trustlets (minters
106     //   of hw_auth_token_t structs).
107     //
108     // - They must have some time source for relative times, but may not be able to provide more
109     //   than reliability and monotonicity.
110 
111     /*
112      * Returns true if the specified activation date has passed, or if activation cannot be
113      * enforced.
114      */
115     virtual bool activation_date_valid(uint64_t activation_date) const = 0;
116 
117     /*
118      * Returns true if the specified expiration date has passed.  Returns false if it has not, or if
119      * expiration cannot be enforced.
120      */
121     virtual bool expiration_date_passed(uint64_t expiration_date) const = 0;
122 
123     /*
124      * Returns true if the specified auth_token is older than the specified timeout.
125      */
126     virtual bool auth_token_timed_out(const HardwareAuthToken& token, uint32_t timeout) const = 0;
127 
128     /*
129      * Get current time in seconds from some starting point.  This value is used to compute relative
130      * times between events.  It must be monotonically increasing, and must not skip or lag.  It
131      * need not have any relation to any external time standard (other than the duration of
132      * "second").
133      *
134      * On POSIX systems, it's recommented to use clock_gettime(CLOCK_MONOTONIC, ...) to implement
135      * this method.
136      */
137     virtual uint32_t get_current_time() const = 0;
138 
139     /*
140      * Returns true if the specified auth_token has a valid signature, or if signature validation is
141      * not available.
142      */
143     virtual bool ValidateTokenSignature(const HardwareAuthToken& token) const = 0;
144 
145     /*
146      * Returns true if the device screen is currently locked for the specified user.
147      */
148     virtual bool is_device_locked(int32_t userId) const = 0;
149 
150   private:
151     ErrorCode AuthorizeUpdateOrFinish(const AuthorizationSet& auth_set,
152                                       const HardwareAuthToken& auth_token, uint64_t op_handle);
153 
154     bool MinTimeBetweenOpsPassed(uint32_t min_time_between, const km_id_t keyid);
155     bool MaxUsesPerBootNotExceeded(const km_id_t keyid, uint32_t max_uses);
156     bool AuthTokenMatches(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token,
157                           const uint64_t user_secure_id, const int auth_type_index,
158                           const int auth_timeout_index, const uint64_t op_handle,
159                           bool is_begin_operation) const;
160 
161     AccessTimeMap* access_time_map_;
162     AccessCountMap* access_count_map_;
163 };
164 
165 }; /* namespace keystore */
166 
167 #endif  // KEYSTORE_KEYMASTER_ENFORCEMENT_H
168