133dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales/* 233dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Copyright 2015 The Android Open Source Project 333dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * 433dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Licensed under the Apache License, Version 2.0 (the "License"); 533dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * you may not use this file except in compliance with the License. 633dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * You may obtain a copy of the License at 733dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * 833dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * http://www.apache.org/licenses/LICENSE-2.0 933dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * 1033dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Unless required by applicable law or agreed to in writing, software 1133dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * distributed under the License is distributed on an "AS IS" BASIS, 1233dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1333dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * See the License for the specific language governing permissions and 1433dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * limitations under the License. 1533dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales */ 1633dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 1733dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales#ifndef SOFT_GATEKEEPER_DEVICE_H_ 1833dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales#define SOFT_GATEKEEPER_DEVICE_H_ 1933dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 20ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales#include "SoftGateKeeper.h" 21ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales 2233dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales#include <UniquePtr.h> 2333dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 2433dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Moralesusing namespace gatekeeper; 2533dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 2633dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Moralesnamespace android { 2733dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 2833dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales/** 2933dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Software based GateKeeper implementation 3033dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales */ 3133dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Moralesclass SoftGateKeeperDevice { 3233dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Moralespublic: 3333dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales SoftGateKeeperDevice() { 3433dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales impl_.reset(new SoftGateKeeper()); 3533dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales } 3633dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 3733dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales // Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API. 3833dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 3933dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales /** 4033dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Enrolls password_payload, which should be derived from a user selected pin or password, 4133dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * with the authentication factor private key used only for enrolling authentication 4233dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * factor data. 4333dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * 4433dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Returns: 0 on success or an error code less than 0 on error. 4533dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * On error, enrolled_password_handle will not be allocated. 4633dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales */ 4733dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales int enroll(uint32_t uid, 4833dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales const uint8_t *current_password_handle, uint32_t current_password_handle_length, 4933dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales const uint8_t *current_password, uint32_t current_password_length, 5033dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales const uint8_t *desired_password, uint32_t desired_password_length, 5133dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length); 5233dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 5333dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales /** 5433dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Verifies provided_password matches enrolled_password_handle. 5533dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * 5633dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Implementations of this module may retain the result of this call 5733dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * to attest to the recency of authentication. 5833dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * 5933dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * On success, writes the address of a verification token to auth_token, 6033dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * usable to attest password verification to other trusted services. Clients 6133dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * may pass NULL for this value. 6233dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * 6333dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * Returns: 0 on success or an error code less than 0 on error 6433dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales * On error, verification token will not be allocated 6533dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales */ 6633dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales int verify(uint32_t uid, uint64_t challenge, 6733dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, 6833dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales const uint8_t *provided_password, uint32_t provided_password_length, 69ae242929da80d88a7db223984ec9baa5fd5949e6Andres Morales uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll); 7033dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Moralesprivate: 71c7ab1e81776876d226174248593c6d0f2a65892bAndres Morales UniquePtr<SoftGateKeeper> impl_; 7233dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales}; 7333dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 7433dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales} // namespace gatekeeper 7533dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales 7633dfdc7bbc48911a8a5324b16b05e492ae653d76Andres Morales#endif //SOFT_GATEKEEPER_DEVICE_H_ 77