Home | History | Annotate | Download | only in gatekeeperd 
      1 /*
      2  * Copyright 2015 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #ifndef SOFT_GATEKEEPER_DEVICE_H_
     18 #define SOFT_GATEKEEPER_DEVICE_H_
     19 
     20 #include "SoftGateKeeper.h"
     21 
     22 #include <UniquePtr.h>
     23 
     24 using namespace gatekeeper;
     25 
     26 namespace android {
     27 
     28 /**
     29  * Software based GateKeeper implementation
     30  */
     31 class SoftGateKeeperDevice {
     32 public:
     33     SoftGateKeeperDevice() {
     34         impl_.reset(new SoftGateKeeper());
     35     }
     36 
     37    // Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API.
     38 
     39     /**
     40      * Enrolls password_payload, which should be derived from a user selected pin or password,
     41      * with the authentication factor private key used only for enrolling authentication
     42      * factor data.
     43      *
     44      * Returns: 0 on success or an error code less than 0 on error.
     45      * On error, enrolled_password_handle will not be allocated.
     46      */
     47     int enroll(uint32_t uid,
     48             const uint8_t *current_password_handle, uint32_t current_password_handle_length,
     49             const uint8_t *current_password, uint32_t current_password_length,
     50             const uint8_t *desired_password, uint32_t desired_password_length,
     51             uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length);
     52 
     53     /**
     54      * Verifies provided_password matches enrolled_password_handle.
     55      *
     56      * Implementations of this module may retain the result of this call
     57      * to attest to the recency of authentication.
     58      *
     59      * On success, writes the address of a verification token to auth_token,
     60      * usable to attest password verification to other trusted services. Clients
     61      * may pass NULL for this value.
     62      *
     63      * Returns: 0 on success or an error code less than 0 on error
     64      * On error, verification token will not be allocated
     65      */
     66     int verify(uint32_t uid, uint64_t challenge,
     67             const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
     68             const uint8_t *provided_password, uint32_t provided_password_length,
     69             uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll);
     70 private:
     71     UniquePtr<SoftGateKeeper> impl_;
     72 };
     73 
     74 } // namespace gatekeeper
     75 
     76 #endif //SOFT_GATEKEEPER_DEVICE_H_
     77