1c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis/* 2c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Copyright (C) 2014 The Android Open Source Project 3c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * 4c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Licensed under the Apache License, Version 2.0 (the "License"); 5c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * you may not use this file except in compliance with the License. 6c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * You may obtain a copy of the License at 7c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * 8c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * http://www.apache.org/licenses/LICENSE-2.0 9c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * 10c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Unless required by applicable law or agreed to in writing, software 11c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * distributed under the License is distributed on an "AS IS" BASIS, 12c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * See the License for the specific language governing permissions and 14c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * limitations under the License. 15c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 16c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 17c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#ifndef KEYSTORE_KEYMASTER_ENFORCEMENT_H 18c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#define KEYSTORE_KEYMASTER_ENFORCEMENT_H 19c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 20c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#include <stdio.h> 21c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 22bb22a6c50d609dffc7002f906f4d385d7c7cbfdcShawn Willden#include <keystore/keymaster_types.h> 23c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 24c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskisnamespace keystore { 25c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 26c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskistypedef uint64_t km_id_t; 27c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 28c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskisclass KeymasterEnforcementContext { 29c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis public: 30c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis virtual ~KeymasterEnforcementContext() {} 31c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /* 32c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Get current time. 33c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 34c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis}; 35c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 36c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskisclass AccessTimeMap; 37c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskisclass AccessCountMap; 38c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 39c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskisclass KeymasterEnforcement { 40c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis public: 41c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /** 42c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Construct a KeymasterEnforcement. 43c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 44c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeymasterEnforcement(uint32_t max_access_time_map_size, uint32_t max_access_count_map_size); 45c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis virtual ~KeymasterEnforcement(); 46c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 47c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /** 48c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Iterates through the authorization set and returns the corresponding keymaster error. Will 49c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with 50c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * the given operation params and handle. Used for encrypt, decrypt sign, and verify. 51c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 52c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis ErrorCode AuthorizeOperation(const KeyPurpose purpose, const km_id_t keyid, 53c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const AuthorizationSet& auth_set, 540329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden const AuthorizationSet& operation_params, 550329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden const HardwareAuthToken& auth_token, uint64_t op_handle, 56c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool is_begin_operation); 57c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 58c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /** 59c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Iterates through the authorization set and returns the corresponding keymaster error. Will 60c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with 61c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * the given operation params. Used for encrypt, decrypt sign, and verify. 62c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 63c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis ErrorCode AuthorizeBegin(const KeyPurpose purpose, const km_id_t keyid, 64c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const AuthorizationSet& auth_set, 650329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden const AuthorizationSet& operation_params, 660329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden NullOr<const HardwareAuthToken&> auth_token); 67c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 68c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /** 69c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Iterates through the authorization set and returns the corresponding keymaster error. Will 70c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with 71c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * the given operation params and handle. Used for encrypt, decrypt sign, and verify. 72c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 730329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden ErrorCode AuthorizeUpdate(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token, 740329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden uint64_t op_handle) { 750329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle); 76c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis } 77c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 78c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /** 79c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Iterates through the authorization set and returns the corresponding keymaster error. Will 80c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * return KM_ERROR_OK if all criteria is met for the given purpose in the authorization set with 81c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * the given operation params and handle. Used for encrypt, decrypt sign, and verify. 82c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 830329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden ErrorCode AuthorizeFinish(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token, 840329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden uint64_t op_handle) { 850329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle); 86c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis } 87c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 88c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /** 89c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Creates a key ID for use in subsequent calls to AuthorizeOperation. Clients needn't use this 90c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * method of creating key IDs, as long as they use something consistent and unique. This method 91c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * hashes the key blob. 92c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * 93c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Returns false if an error in the crypto library prevents creation of an ID. 94c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 95c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis static bool CreateKeyId(const hidl_vec<uint8_t>& key_blob, km_id_t* keyid); 96c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 97c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // 98c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // Methods that must be implemented by subclasses 99c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // 100c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // The time-related methods address the fact that different enforcement contexts may have 101c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // different time-related capabilities. In particular: 102c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // 103c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // - They may or may not be able to check dates against real-world clocks. 104c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // 105c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // - They may or may not be able to check timestampls against authentication trustlets (minters 106c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // of hw_auth_token_t structs). 107c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // 108c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // - They must have some time source for relative times, but may not be able to provide more 109c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis // than reliability and monotonicity. 110c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 111c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /* 112c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Returns true if the specified activation date has passed, or if activation cannot be 113c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * enforced. 114c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 115c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis virtual bool activation_date_valid(uint64_t activation_date) const = 0; 116c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 117c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /* 118c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Returns true if the specified expiration date has passed. Returns false if it has not, or if 119c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * expiration cannot be enforced. 120c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 121c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis virtual bool expiration_date_passed(uint64_t expiration_date) const = 0; 122c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 123c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /* 124c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Returns true if the specified auth_token is older than the specified timeout. 125c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 1268f737ad2c452d589a6670decaed52b00043d6785Janis Danisevskis virtual bool auth_token_timed_out(const HardwareAuthToken& token, uint32_t timeout) const = 0; 127c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 128c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /* 129c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Get current time in seconds from some starting point. This value is used to compute relative 130c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * times between events. It must be monotonically increasing, and must not skip or lag. It 131c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * need not have any relation to any external time standard (other than the duration of 132c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * "second"). 133c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * 134c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * On POSIX systems, it's recommented to use clock_gettime(CLOCK_MONOTONIC, ...) to implement 135c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * this method. 136c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 137c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis virtual uint32_t get_current_time() const = 0; 138c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 139c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis /* 140c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * Returns true if the specified auth_token has a valid signature, or if signature validation is 141c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis * not available. 142c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis */ 1438f737ad2c452d589a6670decaed52b00043d6785Janis Danisevskis virtual bool ValidateTokenSignature(const HardwareAuthToken& token) const = 0; 144c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 1459371e95bb0aa3df0a433c711de071f92be5de4d8Brian Young /* 1469371e95bb0aa3df0a433c711de071f92be5de4d8Brian Young * Returns true if the device screen is currently locked for the specified user. 1479371e95bb0aa3df0a433c711de071f92be5de4d8Brian Young */ 1489371e95bb0aa3df0a433c711de071f92be5de4d8Brian Young virtual bool is_device_locked(int32_t userId) const = 0; 1499371e95bb0aa3df0a433c711de071f92be5de4d8Brian Young 150c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis private: 151c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis ErrorCode AuthorizeUpdateOrFinish(const AuthorizationSet& auth_set, 1520329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden const HardwareAuthToken& auth_token, uint64_t op_handle); 153c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 154c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool MinTimeBetweenOpsPassed(uint32_t min_time_between, const km_id_t keyid); 155c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool MaxUsesPerBootNotExceeded(const km_id_t keyid, uint32_t max_uses); 1560329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden bool AuthTokenMatches(const AuthorizationSet& auth_set, const HardwareAuthToken& auth_token, 1570329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden const uint64_t user_secure_id, const int auth_type_index, 1580329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden const int auth_timeout_index, const uint64_t op_handle, 1590329a82c48aeea98b87a9ea4598a3a49619a482eShawn Willden bool is_begin_operation) const; 160c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 161c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis AccessTimeMap* access_time_map_; 162c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis AccessCountMap* access_count_map_; 163c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis}; 164c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 165c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis}; /* namespace keystore */ 166c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 167c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#endif // KEYSTORE_KEYMASTER_ENFORCEMENT_H 168