1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */
17 
18 #pragma once
19 
20 extern "C" {
21 #include <openssl/rand.h>
22 #include <openssl/sha.h>
23 
24 #include <crypto_scrypt.h>
25 }
26 
27 #include <android-base/memory.h>
28 #include <gatekeeper/gatekeeper.h>
29 
30 #include <iostream>
31 #include <memory>
32 #include <unordered_map>
33 
34 namespace gatekeeper {
35 
36 struct fast_hash_t {
37     uint64_t salt;
38     uint8_t digest[SHA256_DIGEST_LENGTH];
39 };
40 
41 class SoftGateKeeper : public GateKeeper {
42   public:
43     static const uint32_t SIGNATURE_LENGTH_BYTES = 32;
44 
45     // scrypt params
46     static const uint64_t N = 16384;
47     static const uint32_t r = 8;
48     static const uint32_t p = 1;
49 
50     static const int MAX_UINT_32_CHARS = 11;
51 
SoftGateKeeper()52     SoftGateKeeper() {
53         key_.reset(new uint8_t[SIGNATURE_LENGTH_BYTES]);
54         memset(key_.get(), 0, SIGNATURE_LENGTH_BYTES);
55     }
56 
~SoftGateKeeper()57     virtual ~SoftGateKeeper() {}
58 
GetAuthTokenKey(const uint8_t ** auth_token_key,uint32_t * length)59     virtual bool GetAuthTokenKey(const uint8_t** auth_token_key, uint32_t* length) const {
60         if (auth_token_key == NULL || length == NULL) return false;
61         *auth_token_key = key_.get();
62         *length = SIGNATURE_LENGTH_BYTES;
63         return true;
64     }
65 
GetPasswordKey(const uint8_t ** password_key,uint32_t * length)66     virtual void GetPasswordKey(const uint8_t** password_key, uint32_t* length) {
67         if (password_key == NULL || length == NULL) return;
68         *password_key = key_.get();
69         *length = SIGNATURE_LENGTH_BYTES;
70     }
71 
ComputePasswordSignature(uint8_t * signature,uint32_t signature_length,const uint8_t *,uint32_t,const uint8_t * password,uint32_t password_length,salt_t salt)72     virtual void ComputePasswordSignature(uint8_t* signature, uint32_t signature_length,
73                                           const uint8_t*, uint32_t, const uint8_t* password,
74                                           uint32_t password_length, salt_t salt) const {
75         if (signature == NULL) return;
76         crypto_scrypt(password, password_length, reinterpret_cast<uint8_t*>(&salt), sizeof(salt), N,
77                       r, p, signature, signature_length);
78     }
79 
GetRandom(void * random,uint32_t requested_length)80     virtual void GetRandom(void* random, uint32_t requested_length) const {
81         if (random == NULL) return;
82         RAND_pseudo_bytes((uint8_t*)random, requested_length);
83     }
84 
ComputeSignature(uint8_t * signature,uint32_t signature_length,const uint8_t *,uint32_t,const uint8_t *,const uint32_t)85     virtual void ComputeSignature(uint8_t* signature, uint32_t signature_length, const uint8_t*,
86                                   uint32_t, const uint8_t*, const uint32_t) const {
87         if (signature == NULL) return;
88         memset(signature, 0, signature_length);
89     }
90 
GetMillisecondsSinceBoot()91     virtual uint64_t GetMillisecondsSinceBoot() const {
92 #ifdef _WIN32
93         return GetTickCount64();
94 #else
95         struct timespec time;
96 #ifdef __linux__
97         int res = clock_gettime(CLOCK_BOOTTIME, &time);
98 #else
99         int res = clock_gettime(CLOCK_MONOTONIC, &time);
100 #endif
101         if (res < 0) return 0;
102         return (time.tv_sec * 1000) + (time.tv_nsec / 1000 / 1000);
103 #endif
104     }
105 
IsHardwareBacked()106     virtual bool IsHardwareBacked() const { return false; }
107 
GetFailureRecord(uint32_t uid,secure_id_t user_id,failure_record_t * record,bool)108     virtual bool GetFailureRecord(uint32_t uid, secure_id_t user_id, failure_record_t* record,
109                                   bool /* secure */) {
110         failure_record_t* stored = &failure_map_[uid];
111         if (user_id != stored->secure_user_id) {
112             stored->secure_user_id = user_id;
113             stored->last_checked_timestamp = 0;
114             stored->failure_counter = 0;
115         }
116         memcpy(record, stored, sizeof(*record));
117         return true;
118     }
119 
ClearFailureRecord(uint32_t uid,secure_id_t user_id,bool)120     virtual bool ClearFailureRecord(uint32_t uid, secure_id_t user_id, bool /* secure */) {
121         failure_record_t* stored = &failure_map_[uid];
122         stored->secure_user_id = user_id;
123         stored->last_checked_timestamp = 0;
124         stored->failure_counter = 0;
125         return true;
126     }
127 
WriteFailureRecord(uint32_t uid,failure_record_t * record,bool)128     virtual bool WriteFailureRecord(uint32_t uid, failure_record_t* record, bool /* secure */) {
129         failure_map_[uid] = *record;
130         return true;
131     }
132 
ComputeFastHash(const SizedBuffer & password,uint64_t salt)133     fast_hash_t ComputeFastHash(const SizedBuffer& password, uint64_t salt) {
134         fast_hash_t fast_hash;
135         size_t digest_size = password.size() + sizeof(salt);
136         std::unique_ptr<uint8_t[]> digest(new uint8_t[digest_size]);
137         memcpy(digest.get(), &salt, sizeof(salt));
138         memcpy(digest.get() + sizeof(salt), password.Data<uint8_t>(), password.size());
139 
140         SHA256(digest.get(), digest_size, (uint8_t*)&fast_hash.digest);
141 
142         fast_hash.salt = salt;
143         return fast_hash;
144     }
145 
VerifyFast(const fast_hash_t & fast_hash,const SizedBuffer & password)146     bool VerifyFast(const fast_hash_t& fast_hash, const SizedBuffer& password) {
147         fast_hash_t computed = ComputeFastHash(password, fast_hash.salt);
148         return memcmp(computed.digest, fast_hash.digest, SHA256_DIGEST_LENGTH) == 0;
149     }
150 
DoVerify(const password_handle_t * expected_handle,const SizedBuffer & password)151     bool DoVerify(const password_handle_t* expected_handle, const SizedBuffer& password) {
152         uint64_t user_id = android::base::get_unaligned<secure_id_t>(&expected_handle->user_id);
153         FastHashMap::const_iterator it = fast_hash_map_.find(user_id);
154         if (it != fast_hash_map_.end() && VerifyFast(it->second, password)) {
155             return true;
156         } else {
157             if (GateKeeper::DoVerify(expected_handle, password)) {
158                 uint64_t salt;
159                 GetRandom(&salt, sizeof(salt));
160                 fast_hash_map_[user_id] = ComputeFastHash(password, salt);
161                 return true;
162             }
163         }
164 
165         return false;
166     }
167 
168   private:
169     typedef std::unordered_map<uint32_t, failure_record_t> FailureRecordMap;
170     typedef std::unordered_map<uint64_t, fast_hash_t> FastHashMap;
171 
172     std::unique_ptr<uint8_t[]> key_;
173     FailureRecordMap failure_map_;
174     FastHashMap fast_hash_map_;
175 };
176 }  // namespace gatekeeper
177