1*4d7e907cSAndroid Build Coastguard Worker /* 2*4d7e907cSAndroid Build Coastguard Worker * Copyright (C) 2014 The Android Open Source Project 3*4d7e907cSAndroid Build Coastguard Worker * 4*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*4d7e907cSAndroid Build Coastguard Worker * 8*4d7e907cSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*4d7e907cSAndroid Build Coastguard Worker * 10*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*4d7e907cSAndroid Build Coastguard Worker * limitations under the License. 15*4d7e907cSAndroid Build Coastguard Worker */ 16*4d7e907cSAndroid Build Coastguard Worker #pragma once 17*4d7e907cSAndroid Build Coastguard Worker 18*4d7e907cSAndroid Build Coastguard Worker #include <aidl/android/hardware/gatekeeper/BnGatekeeper.h> 19*4d7e907cSAndroid Build Coastguard Worker #include <gatekeeper/gatekeeper_messages.h> 20*4d7e907cSAndroid Build Coastguard Worker 21*4d7e907cSAndroid Build Coastguard Worker #include "SoftGateKeeper.h" 22*4d7e907cSAndroid Build Coastguard Worker 23*4d7e907cSAndroid Build Coastguard Worker namespace aidl::android::hardware::gatekeeper { 24*4d7e907cSAndroid Build Coastguard Worker 25*4d7e907cSAndroid Build Coastguard Worker class SoftGateKeeperDevice : public BnGatekeeper { 26*4d7e907cSAndroid Build Coastguard Worker public: 27*4d7e907cSAndroid Build Coastguard Worker SoftGateKeeperDevice(::gatekeeper::SoftGateKeeper&); 28*4d7e907cSAndroid Build Coastguard Worker /** 29*4d7e907cSAndroid Build Coastguard Worker * Enrolls password_payload, which should be derived from a user selected pin 30*4d7e907cSAndroid Build Coastguard Worker * or password, with the authentication factor private key used only for 31*4d7e907cSAndroid Build Coastguard Worker * enrolling authentication factor data. 32*4d7e907cSAndroid Build Coastguard Worker * 33*4d7e907cSAndroid Build Coastguard Worker * Returns: 0 on success or an error code less than 0 on error. 34*4d7e907cSAndroid Build Coastguard Worker * On error, enrolled_password_handle will not be allocated. 35*4d7e907cSAndroid Build Coastguard Worker */ 36*4d7e907cSAndroid Build Coastguard Worker ::ndk::ScopedAStatus enroll(int32_t uid, const std::vector<uint8_t>& currentPasswordHandle, 37*4d7e907cSAndroid Build Coastguard Worker const std::vector<uint8_t>& currentPassword, 38*4d7e907cSAndroid Build Coastguard Worker const std::vector<uint8_t>& desiredPassword, 39*4d7e907cSAndroid Build Coastguard Worker GatekeeperEnrollResponse* _aidl_return) override; 40*4d7e907cSAndroid Build Coastguard Worker /** 41*4d7e907cSAndroid Build Coastguard Worker * Verifies provided_password matches enrolled_password_handle. 42*4d7e907cSAndroid Build Coastguard Worker * 43*4d7e907cSAndroid Build Coastguard Worker * Implementations of this module may retain the result of this call 44*4d7e907cSAndroid Build Coastguard Worker * to attest to the recency of authentication. 45*4d7e907cSAndroid Build Coastguard Worker * 46*4d7e907cSAndroid Build Coastguard Worker * On success, writes the address of a verification token to auth_token, 47*4d7e907cSAndroid Build Coastguard Worker * usable to attest password verification to other trusted services. Clients 48*4d7e907cSAndroid Build Coastguard Worker * may pass NULL for this value. 49*4d7e907cSAndroid Build Coastguard Worker * 50*4d7e907cSAndroid Build Coastguard Worker * Returns: 0 on success or an error code less than 0 on error 51*4d7e907cSAndroid Build Coastguard Worker * On error, verification token will not be allocated 52*4d7e907cSAndroid Build Coastguard Worker */ 53*4d7e907cSAndroid Build Coastguard Worker ::ndk::ScopedAStatus verify(int32_t uid, int64_t challenge, 54*4d7e907cSAndroid Build Coastguard Worker const std::vector<uint8_t>& enrolledPasswordHandle, 55*4d7e907cSAndroid Build Coastguard Worker const std::vector<uint8_t>& providedPassword, 56*4d7e907cSAndroid Build Coastguard Worker GatekeeperVerifyResponse* _aidl_return) override; 57*4d7e907cSAndroid Build Coastguard Worker 58*4d7e907cSAndroid Build Coastguard Worker ::ndk::ScopedAStatus deleteAllUsers() override; 59*4d7e907cSAndroid Build Coastguard Worker 60*4d7e907cSAndroid Build Coastguard Worker ::ndk::ScopedAStatus deleteUser(int32_t uid) override; 61*4d7e907cSAndroid Build Coastguard Worker 62*4d7e907cSAndroid Build Coastguard Worker private: 63*4d7e907cSAndroid Build Coastguard Worker ::gatekeeper::SoftGateKeeper& impl_; 64*4d7e907cSAndroid Build Coastguard Worker }; 65*4d7e907cSAndroid Build Coastguard Worker 66*4d7e907cSAndroid Build Coastguard Worker } // namespace aidl::android::hardware::gatekeeper 67