1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #include "SoftGateKeeper.h" 17 #include "SoftGateKeeperDevice.h" 18 19 namespace goldfish { 20 21 int SoftGateKeeperDevice::enroll(uint32_t uid, 22 const uint8_t *current_password_handle, uint32_t current_password_handle_length, 23 const uint8_t *current_password, uint32_t current_password_length, 24 const uint8_t *desired_password, uint32_t desired_password_length, 25 uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) { 26 27 if (enrolled_password_handle == NULL || enrolled_password_handle_length == NULL || 28 desired_password == NULL || desired_password_length == 0) 29 return -EINVAL; 30 31 // Current password and current password handle go together 32 if (current_password_handle == NULL || current_password_handle_length == 0 || 33 current_password == NULL || current_password_length == 0) { 34 current_password_handle = NULL; 35 current_password_handle_length = 0; 36 current_password = NULL; 37 current_password_length = 0; 38 } 39 40 SizedBuffer desired_password_buffer(desired_password_length); 41 memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length); 42 43 SizedBuffer current_password_handle_buffer(current_password_handle_length); 44 if (current_password_handle) { 45 memcpy(current_password_handle_buffer.buffer.get(), current_password_handle, 46 current_password_handle_length); 47 } 48 49 SizedBuffer current_password_buffer(current_password_length); 50 if (current_password) { 51 memcpy(current_password_buffer.buffer.get(), current_password, current_password_length); 52 } 53 54 EnrollRequest request(uid, ¤t_password_handle_buffer, &desired_password_buffer, 55 ¤t_password_buffer); 56 EnrollResponse response; 57 58 impl_->Enroll(request, &response); 59 60 if (response.error == ERROR_RETRY) { 61 return response.retry_timeout; 62 } else if (response.error != ERROR_NONE) { 63 return -EINVAL; 64 } 65 66 *enrolled_password_handle = response.enrolled_password_handle.buffer.release(); 67 gatekeeper::password_handle_t *handle = 68 reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle); 69 //FIXIT: We need to move this module to host with gatekeeper pipe 70 handle->hardware_backed = true; 71 72 *enrolled_password_handle_length = response.enrolled_password_handle.length; 73 return 0; 74 } 75 76 int SoftGateKeeperDevice::verify(uint32_t uid, 77 uint64_t challenge, const uint8_t *enrolled_password_handle, 78 uint32_t enrolled_password_handle_length, const uint8_t *provided_password, 79 uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, 80 bool *request_reenroll) { 81 82 if (enrolled_password_handle == NULL || 83 provided_password == NULL) { 84 return -EINVAL; 85 } 86 87 SizedBuffer password_handle_buffer(enrolled_password_handle_length); 88 memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle, 89 enrolled_password_handle_length); 90 SizedBuffer provided_password_buffer(provided_password_length); 91 memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length); 92 93 VerifyRequest request(uid, challenge, &password_handle_buffer, &provided_password_buffer); 94 VerifyResponse response; 95 96 impl_->Verify(request, &response); 97 98 if (response.error == ERROR_RETRY) { 99 return response.retry_timeout; 100 } else if (response.error != ERROR_NONE) { 101 return -EINVAL; 102 } 103 104 if (auth_token != NULL && auth_token_length != NULL) { 105 *auth_token = response.auth_token.buffer.release(); 106 *auth_token_length = response.auth_token.length; 107 } 108 109 if (request_reenroll != NULL) { 110 *request_reenroll = response.request_reenroll; 111 } 112 113 return 0; 114 } 115 116 } // namespace goldfish 117