include/gatekeeper/gatekeeper.h - platform/system/gatekeeper - Git at Google

 /*
  * Copyright 2015 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #ifndef GATEKEEPER_H_
 #define GATEKEEPER_H_

 #include <stdint.h>
 #include <UniquePtr.h>
 #include <hardware/hw_auth_token.h>

 #include "gatekeeper_messages.h"
 #include "password_handle.h"

 namespace gatekeeper {

 /**
  * Base class for gatekeeper implementations. Provides all functionality except
  * the ability to create/access keys and compute signatures. These are left up
  * to the platform-specific implementation.
  */
 class GateKeeper {
 public:
     GateKeeper() {}
     virtual ~GateKeeper() {}

     void Enroll(const EnrollRequest &request, EnrollResponse *response);
     void Verify(const VerifyRequest &request, VerifyResponse *response);

 protected:

     // The following methods are intended to be implemented by concrete subclasses

     /**
      * Retrieves the key used by GateKeeper::MintAuthToken to sign the payload
      * of the AuthToken. This is not cached as is may have changed due to an event such
      * as a password change.
      *
      * Writes the length in bytes of the returned key to length if it is not null.
      *
      * Ownership of the auth_token_key pointer is maintained by the implementor.
      *
      * Returns true if the key was successfully fetched.
      *
      */
     virtual bool GetAuthTokenKey(const uint8_t **auth_token_key, uint32_t *length)
             const = 0;

     /**
      * The key used to sign and verify password data.
      *
      * MUST be different from the AuthTokenKey.
      *
      * GetPasswordKey is not const because unlike AuthTokenKey,
      * this value can be cached.
      *
      * Ownership of the password_key pointer is maintained by the implementor.
      *
      */
     virtual void GetPasswordKey(const uint8_t **password_key, uint32_t *length) = 0;

     /**
      * Uses platform-specific routines to compute a signature on the provided password.
      *
      * This can be implemented as a simple pass-through to ComputeSignature, but is
      * available in case handling for password signatures is different from general
      * purpose signatures.
      *
      * Writes the signature_length size signature to the 'signature' pointer.
      */
     virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length,
             const uint8_t *key, uint32_t key_length, const uint8_t *password,
             uint32_t password_length, salt_t salt) const = 0;

     /**
      * Retrieves a unique, cryptographically randomly generated buffer for use in password
      * hashing, etc.
      *
      * Assings the random to the random UniquePtr, relinquishing ownership to the caller
      */
     virtual void GetRandom(void *random, uint32_t requested_size) const = 0;

     /**
      * Uses platform-specific routines to compute a signature on the provided message.
      *
      * Writes the signature_length size signature to the 'signature' pointer.
      */
     virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length,
             const uint8_t *key, uint32_t key_length, const uint8_t *message,
             const uint32_t length) const = 0;

     /**
      * Get the time since boot in milliseconds.
      *
      * Should return 0 on error.
      */
     virtual uint64_t GetMillisecondsSinceBoot() const = 0;

 private:
     /**
      * Generates a signed attestation of an authentication event and assings
      * to auth_token UniquePtr.
      * The format is consistent with that of hw_auth_token_t.
      * Also returns the length in length if it is not null.
      */
     void MintAuthToken(UniquePtr<uint8_t> *auth_token, uint32_t *length, uint64_t timestamp,
             secure_id_t user_id, secure_id_t authenticator_id, uint64_t challenge);

     /**
      * Verifies that handle matches password HMAC'ed with the password_key
      */
     bool DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password);

     /**
      * Populates password_handle with the data provided and computes HMAC.
      */
     bool CreatePasswordHandle(SizedBuffer *password_handle, salt_t salt,
         secure_id_t secure_id, secure_id_t authenticator_id, const uint8_t *password,
         uint32_t password_length);
 };

 }

 #endif // GATEKEEPER_H_
	/*
	* Copyright 2015 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#ifndef GATEKEEPER_H_
	#define GATEKEEPER_H_

	#include <stdint.h>
	#include <UniquePtr.h>
	#include <hardware/hw_auth_token.h>

	#include "gatekeeper_messages.h"
	#include "password_handle.h"

	namespace gatekeeper {

	/**
	* Base class for gatekeeper implementations. Provides all functionality except
	* the ability to create/access keys and compute signatures. These are left up
	* to the platform-specific implementation.
	*/
	class GateKeeper {
	public:
	GateKeeper() {}
	virtual ~GateKeeper() {}

	void Enroll(const EnrollRequest &request, EnrollResponse *response);
	void Verify(const VerifyRequest &request, VerifyResponse *response);

	protected:

	// The following methods are intended to be implemented by concrete subclasses

	/**
	* Retrieves the key used by GateKeeper::MintAuthToken to sign the payload
	* of the AuthToken. This is not cached as is may have changed due to an event such
	* as a password change.
	*
	* Writes the length in bytes of the returned key to length if it is not null.
	*
	* Ownership of the auth_token_key pointer is maintained by the implementor.
	*
	* Returns true if the key was successfully fetched.
	*
	*/
	virtual bool GetAuthTokenKey(const uint8_t *auth_token_key, uint32_t length)
	const = 0;

	/**
	* The key used to sign and verify password data.
	*
	* MUST be different from the AuthTokenKey.
	*
	* GetPasswordKey is not const because unlike AuthTokenKey,
	* this value can be cached.
	*
	* Ownership of the password_key pointer is maintained by the implementor.
	*
	*/
	virtual void GetPasswordKey(const uint8_t *password_key, uint32_t length) = 0;

	/**
	* Uses platform-specific routines to compute a signature on the provided password.
	*
	* This can be implemented as a simple pass-through to ComputeSignature, but is
	* available in case handling for password signatures is different from general
	* purpose signatures.
	*
	* Writes the signature_length size signature to the 'signature' pointer.
	*/
	virtual void ComputePasswordSignature(uint8_t *signature, uint32_t signature_length,
	const uint8_t key, uint32_t key_length, const uint8_t password,
	uint32_t password_length, salt_t salt) const = 0;

	/**
	* Retrieves a unique, cryptographically randomly generated buffer for use in password
	* hashing, etc.
	*
	* Assings the random to the random UniquePtr, relinquishing ownership to the caller
	*/
	virtual void GetRandom(void *random, uint32_t requested_size) const = 0;

	/**
	* Uses platform-specific routines to compute a signature on the provided message.
	*
	* Writes the signature_length size signature to the 'signature' pointer.
	*/
	virtual void ComputeSignature(uint8_t *signature, uint32_t signature_length,
	const uint8_t key, uint32_t key_length, const uint8_t message,
	const uint32_t length) const = 0;

	/**
	* Get the time since boot in milliseconds.
	*
	* Should return 0 on error.
	*/
	virtual uint64_t GetMillisecondsSinceBoot() const = 0;

	private:
	/**
	* Generates a signed attestation of an authentication event and assings
	* to auth_token UniquePtr.
	* The format is consistent with that of hw_auth_token_t.
	* Also returns the length in length if it is not null.
	*/
	void MintAuthToken(UniquePtr<uint8_t> auth_token, uint32_t length, uint64_t timestamp,
	secure_id_t user_id, secure_id_t authenticator_id, uint64_t challenge);

	/**
	* Verifies that handle matches password HMAC'ed with the password_key
	*/
	bool DoVerify(const password_handle_t *expected_handle, const SizedBuffer &password);

	/**
	* Populates password_handle with the data provided and computes HMAC.
	*/
	bool CreatePasswordHandle(SizedBuffer *password_handle, salt_t salt,
	secure_id_t secure_id, secure_id_t authenticator_id, const uint8_t *password,
	uint32_t password_length);
	};

	}

	#endif // GATEKEEPER_H_