platform/hardware/amlogic/gatekeeper.git - Unnamed repository; edit this file 'description' to name the repository.

1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 #ifndef SOFT_GATEKEEPER_DEVICE_H_
18 #define SOFT_GATEKEEPER_DEVICE_H_
19
20 #include <hardware/gatekeeper.h>
21 #include "SoftGateKeeper.h"
22
23 #include <UniquePtr.h>
24
25 using namespace gatekeeper;
26
27 namespace android {
28
29 /**
30  * Software based GateKeeper implementation
31  */
32 class SoftGateKeeperDevice {
33 public:
34     SoftGateKeeperDevice(const hw_module_t *module);
35     ~SoftGateKeeperDevice();
36
37     hw_device_t* sw_device();
38
39    // Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API.
40
41    /**
42      * Enrolls password_payload, which should be derived from a user selected pin or password,
43      * with the authentication factor private key used only for enrolling authentication
44      * factor data.
45      *
46      * Returns: 0 on success or an error code less than 0 on error.
47      * On error, enrolled_password_handle will not be allocated.
48      */
49     int Enroll(uint32_t uid,
50             const uint8_t *current_password_handle, uint32_t current_password_handle_length,
51             const uint8_t *current_password, uint32_t current_password_length,
52             const uint8_t *desired_password, uint32_t desired_password_length,
53             uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length);
54
55     /**
56      * Verifies provided_password matches enrolled_password_handle.
57      *
58      * Implementations of this module may retain the result of this call
59      * to attest to the recency of authentication.
60      *
61      * On success, writes the address of a verification token to auth_token,
62      * usable to attest password verification to other trusted services. Clients
63      * may pass NULL for this value.
64      *
65      * Returns: 0 on success or an error code less than 0 on error
66      * On error, verification token will not be allocated
67      */
68     int Verify(uint32_t uid, uint64_t challenge,
69             const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
70             const uint8_t *provided_password, uint32_t provided_password_length,
71             uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll);
72
73     static int enroll(const struct gatekeeper_device *dev, uint32_t uid,
74             const uint8_t *current_password_handle, uint32_t current_password_handle_length,
75             const uint8_t *current_password, uint32_t current_password_length,
76             const uint8_t *desired_password, uint32_t desired_password_length,
77             uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length);
78
79     static int verify(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge,
80             const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
81             const uint8_t *provided_password, uint32_t provided_password_length,
82             uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll);
83
84     static int close_device(hw_device_t* dev);
85
86     gatekeeper_device deviceSoft;
87 private:
88     UniquePtr<SoftGateKeeper> implSoft;
89 };
90
91 } // namespace gatekeeper
92
93 #endif //SOFT_GATEKEEPER_DEVICE_H_
94
1	/*
2	* Copyright 2015 The Android Open Source Project
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* http://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*/
16
17	#ifndef SOFT_GATEKEEPER_DEVICE_H_
18	#define SOFT_GATEKEEPER_DEVICE_H_
19
20	#include <hardware/gatekeeper.h>
21	#include "SoftGateKeeper.h"
22
23	#include <UniquePtr.h>
24
25	using namespace gatekeeper;
26
27	namespace android {
28
29	/**
30	* Software based GateKeeper implementation
31	*/
32	class SoftGateKeeperDevice {
33	public:
34	SoftGateKeeperDevice(const hw_module_t *module);
35	~SoftGateKeeperDevice();
36
37	hw_device_t* sw_device();
38
39	// Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API.
40
41	/**
42	* Enrolls password_payload, which should be derived from a user selected pin or password,
43	* with the authentication factor private key used only for enrolling authentication
44	* factor data.
45	*
46	* Returns: 0 on success or an error code less than 0 on error.
47	* On error, enrolled_password_handle will not be allocated.
48	*/
49	int Enroll(uint32_t uid,
50	const uint8_t *current_password_handle, uint32_t current_password_handle_length,
51	const uint8_t *current_password, uint32_t current_password_length,
52	const uint8_t *desired_password, uint32_t desired_password_length,
53	uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length);
54
55	/**
56	* Verifies provided_password matches enrolled_password_handle.
57	*
58	* Implementations of this module may retain the result of this call
59	* to attest to the recency of authentication.
60	*
61	* On success, writes the address of a verification token to auth_token,
62	* usable to attest password verification to other trusted services. Clients
63	* may pass NULL for this value.
64	*
65	* Returns: 0 on success or an error code less than 0 on error
66	* On error, verification token will not be allocated
67	*/
68	int Verify(uint32_t uid, uint64_t challenge,
69	const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
70	const uint8_t *provided_password, uint32_t provided_password_length,
71	uint8_t *auth_token, uint32_t auth_token_length, bool *request_reenroll);
72
73	static int enroll(const struct gatekeeper_device *dev, uint32_t uid,
74	const uint8_t *current_password_handle, uint32_t current_password_handle_length,
75	const uint8_t *current_password, uint32_t current_password_length,
76	const uint8_t *desired_password, uint32_t desired_password_length,
77	uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length);
78
79	static int verify(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge,
80	const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
81	const uint8_t *provided_password, uint32_t provided_password_length,
82	uint8_t *auth_token, uint32_t auth_token_length, bool *request_reenroll);
83
84	static int close_device(hw_device_t* dev);
85
86	gatekeeper_device deviceSoft;
87	private:
88	UniquePtr<SoftGateKeeper> implSoft;
89	};
90
91	} // namespace gatekeeper
92
93	#endif //SOFT_GATEKEEPER_DEVICE_H_
94