1*4d7e907cSAndroid Build Coastguard Worker /* 2*4d7e907cSAndroid Build Coastguard Worker * Copyright 2015 The Android Open Source Project 3*4d7e907cSAndroid Build Coastguard Worker * 4*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*4d7e907cSAndroid Build Coastguard Worker * 8*4d7e907cSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*4d7e907cSAndroid Build Coastguard Worker * 10*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*4d7e907cSAndroid Build Coastguard Worker * limitations under the License. 15*4d7e907cSAndroid Build Coastguard Worker */ 16*4d7e907cSAndroid Build Coastguard Worker 17*4d7e907cSAndroid Build Coastguard Worker #ifndef SOFT_GATEKEEPER_DEVICE_H_ 18*4d7e907cSAndroid Build Coastguard Worker #define SOFT_GATEKEEPER_DEVICE_H_ 19*4d7e907cSAndroid Build Coastguard Worker 20*4d7e907cSAndroid Build Coastguard Worker #include <android/hardware/gatekeeper/1.0/IGatekeeper.h> 21*4d7e907cSAndroid Build Coastguard Worker #include <hidl/Status.h> 22*4d7e907cSAndroid Build Coastguard Worker 23*4d7e907cSAndroid Build Coastguard Worker #include <memory> 24*4d7e907cSAndroid Build Coastguard Worker #include "SoftGateKeeper.h" 25*4d7e907cSAndroid Build Coastguard Worker 26*4d7e907cSAndroid Build Coastguard Worker namespace android { 27*4d7e907cSAndroid Build Coastguard Worker 28*4d7e907cSAndroid Build Coastguard Worker /** 29*4d7e907cSAndroid Build Coastguard Worker * Software based GateKeeper implementation 30*4d7e907cSAndroid Build Coastguard Worker */ 31*4d7e907cSAndroid Build Coastguard Worker class SoftGateKeeperDevice : public ::android::hardware::gatekeeper::V1_0::IGatekeeper { 32*4d7e907cSAndroid Build Coastguard Worker public: SoftGateKeeperDevice()33*4d7e907cSAndroid Build Coastguard Worker SoftGateKeeperDevice() { impl_.reset(new ::gatekeeper::SoftGateKeeper()); } 34*4d7e907cSAndroid Build Coastguard Worker 35*4d7e907cSAndroid Build Coastguard Worker // Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API. 36*4d7e907cSAndroid Build Coastguard Worker 37*4d7e907cSAndroid Build Coastguard Worker /** 38*4d7e907cSAndroid Build Coastguard Worker * Enrolls password_payload, which should be derived from a user selected pin or password, 39*4d7e907cSAndroid Build Coastguard Worker * with the authentication factor private key used only for enrolling authentication 40*4d7e907cSAndroid Build Coastguard Worker * factor data. 41*4d7e907cSAndroid Build Coastguard Worker * 42*4d7e907cSAndroid Build Coastguard Worker * Returns: 0 on success or an error code less than 0 on error. 43*4d7e907cSAndroid Build Coastguard Worker * On error, enrolled_password_handle will not be allocated. 44*4d7e907cSAndroid Build Coastguard Worker */ 45*4d7e907cSAndroid Build Coastguard Worker ::android::hardware::Return<void> enroll( 46*4d7e907cSAndroid Build Coastguard Worker uint32_t uid, const ::android::hardware::hidl_vec<uint8_t>& currentPasswordHandle, 47*4d7e907cSAndroid Build Coastguard Worker const ::android::hardware::hidl_vec<uint8_t>& currentPassword, 48*4d7e907cSAndroid Build Coastguard Worker const ::android::hardware::hidl_vec<uint8_t>& desiredPassword, 49*4d7e907cSAndroid Build Coastguard Worker enroll_cb _hidl_cb) override; 50*4d7e907cSAndroid Build Coastguard Worker 51*4d7e907cSAndroid Build Coastguard Worker /** 52*4d7e907cSAndroid Build Coastguard Worker * Verifies provided_password matches enrolled_password_handle. 53*4d7e907cSAndroid Build Coastguard Worker * 54*4d7e907cSAndroid Build Coastguard Worker * Implementations of this module may retain the result of this call 55*4d7e907cSAndroid Build Coastguard Worker * to attest to the recency of authentication. 56*4d7e907cSAndroid Build Coastguard Worker * 57*4d7e907cSAndroid Build Coastguard Worker * On success, writes the address of a verification token to auth_token, 58*4d7e907cSAndroid Build Coastguard Worker * usable to attest password verification to other trusted services. Clients 59*4d7e907cSAndroid Build Coastguard Worker * may pass NULL for this value. 60*4d7e907cSAndroid Build Coastguard Worker * 61*4d7e907cSAndroid Build Coastguard Worker * Returns: 0 on success or an error code less than 0 on error 62*4d7e907cSAndroid Build Coastguard Worker * On error, verification token will not be allocated 63*4d7e907cSAndroid Build Coastguard Worker */ 64*4d7e907cSAndroid Build Coastguard Worker ::android::hardware::Return<void> verify( 65*4d7e907cSAndroid Build Coastguard Worker uint32_t uid, uint64_t challenge, 66*4d7e907cSAndroid Build Coastguard Worker const ::android::hardware::hidl_vec<uint8_t>& enrolledPasswordHandle, 67*4d7e907cSAndroid Build Coastguard Worker const ::android::hardware::hidl_vec<uint8_t>& providedPassword, 68*4d7e907cSAndroid Build Coastguard Worker verify_cb _hidl_cb) override; 69*4d7e907cSAndroid Build Coastguard Worker 70*4d7e907cSAndroid Build Coastguard Worker ::android::hardware::Return<void> deleteUser(uint32_t uid, deleteUser_cb _hidl_cb) override; 71*4d7e907cSAndroid Build Coastguard Worker 72*4d7e907cSAndroid Build Coastguard Worker ::android::hardware::Return<void> deleteAllUsers(deleteAllUsers_cb _hidl_cb) override; 73*4d7e907cSAndroid Build Coastguard Worker 74*4d7e907cSAndroid Build Coastguard Worker private: 75*4d7e907cSAndroid Build Coastguard Worker std::unique_ptr<::gatekeeper::SoftGateKeeper> impl_; 76*4d7e907cSAndroid Build Coastguard Worker }; 77*4d7e907cSAndroid Build Coastguard Worker 78*4d7e907cSAndroid Build Coastguard Worker } // namespace android 79*4d7e907cSAndroid Build Coastguard Worker 80*4d7e907cSAndroid Build Coastguard Worker #endif // SOFT_GATEKEEPER_DEVICE_H_ 81