1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef KEYSTORE_KEYMASTER_ENFORCEMENT_H_ 18 #define KEYSTORE_KEYMASTER_ENFORCEMENT_H_ 19 20 #include <time.h> 21 22 #include <keymaster/keymaster_enforcement.h> 23 24 /** 25 * This is a specialization of the KeymasterEnforcement class to be used by Keystore to enforce 26 * keymaster requirements on all key operation. 27 */ 28 class KeystoreKeymasterEnforcement : public keymaster::KeymasterEnforcement { 29 public: KeystoreKeymasterEnforcement()30 KeystoreKeymasterEnforcement() : KeymasterEnforcement(64, 64) {} 31 get_current_time()32 uint32_t get_current_time() const override { 33 struct timespec tp; 34 int err = clock_gettime(CLOCK_MONOTONIC, &tp); 35 if (err || tp.tv_sec < 0) 36 return 0; 37 return static_cast<uint32_t>(tp.tv_sec); 38 } 39 activation_date_valid(uint64_t activation_date)40 bool activation_date_valid(uint64_t activation_date) const override { 41 time_t now = time(NULL); 42 if (now == static_cast<time_t>(-1)) { 43 // Failed to obtain current time -- fail safe: activation_date hasn't yet occurred. 44 return false; 45 } else if (now < 0) { 46 // Current time is prior to start of the epoch -- activation_date hasn't yet occurred. 47 return false; 48 } 49 50 // time(NULL) returns seconds since epoch and "loses" milliseconds information. We thus add 51 // 999 ms to now_date to avoid a situation where an activation_date of up to 999ms in the 52 // past may still be considered to still be in the future. This can be removed once 53 // time(NULL) is replaced by a millisecond-precise source of time. 54 uint64_t now_date = static_cast<uint64_t>(now) * 1000 + 999; 55 return now_date >= activation_date; 56 } 57 expiration_date_passed(uint64_t expiration_date)58 bool expiration_date_passed(uint64_t expiration_date) const override { 59 time_t now = time(NULL); 60 if (now == static_cast<time_t>(-1)) { 61 // Failed to obtain current time -- fail safe: expiration_date has passed. 62 return true; 63 } else if (now < 0) { 64 // Current time is prior to start of the epoch: expiration_date hasn't yet occurred. 65 return false; 66 } 67 68 // time(NULL) returns seconds since epoch and "loses" milliseconds information. As a result, 69 // expiration_date of up to 999 ms in the past may still be considered in the future. This 70 // is OK. 71 uint64_t now_date = static_cast<uint64_t>(now) * 1000; 72 return now_date > expiration_date; 73 } 74 auth_token_timed_out(const hw_auth_token_t &,uint32_t)75 bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const { 76 // Assume the token has not timed out, because AuthTokenTable would not have returned it if 77 // the timeout were past. Secure hardware will also check timeouts if it supports them. 78 return false; 79 } 80 ValidateTokenSignature(const hw_auth_token_t &)81 bool ValidateTokenSignature(const hw_auth_token_t&) const override { 82 // Non-secure world cannot validate token signatures because it doesn't have access to the 83 // signing key. Assume the token is good. 84 return true; 85 } 86 }; 87 88 #endif // KEYSTORE_KEYMASTER_ENFORCEMENT_H_ 89