1310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales/* 2310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * Copyright (C) 2015 The Android Open Source Project 3310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * 4310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * Licensed under the Apache License, Version 2.0 (the "License"); 5310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * you may not use this file except in compliance with the License. 6310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * You may obtain a copy of the License at 7310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * 8310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * http://www.apache.org/licenses/LICENSE-2.0 9310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * 10310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * Unless required by applicable law or agreed to in writing, software 11310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * distributed under the License is distributed on an "AS IS" BASIS, 12310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * See the License for the specific language governing permissions and 14310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales * limitations under the License. 15310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales */ 16310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 1766ce3e08c5632a20ea66bde6dd76397041edf034Mark Salyzyn#define LOG_TAG "TrustyGateKeeper" 1866ce3e08c5632a20ea66bde6dd76397041edf034Mark Salyzyn 1966ce3e08c5632a20ea66bde6dd76397041edf034Mark Salyzyn#include <assert.h> 20310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#include <errno.h> 21310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#include <stdio.h> 2230f991f251940be3ed11566fb71139852286f68aMark Salyzyn 23310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#include <type_traits> 24310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 2530f991f251940be3ed11566fb71139852286f68aMark Salyzyn#include <log/log.h> 2666ce3e08c5632a20ea66bde6dd76397041edf034Mark Salyzyn 27310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#include "trusty_gatekeeper.h" 28310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#include "trusty_gatekeeper_ipc.h" 29310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#include "gatekeeper_ipc.h" 30310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 31310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesnamespace gatekeeper { 32310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 33310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesconst uint32_t SEND_BUF_SIZE = 8192; 34310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesconst uint32_t RECV_BUF_SIZE = 8192; 35310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 36310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres MoralesTrustyGateKeeperDevice::TrustyGateKeeperDevice(const hw_module_t *module) { 37310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__) 38310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales static_assert(std::is_standard_layout<TrustyGateKeeperDevice>::value, 39310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales "TrustyGateKeeperDevice must be standard layout"); 40310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales static_assert(offsetof(TrustyGateKeeperDevice, device_) == 0, 41310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales "device_ must be the first member of TrustyGateKeeperDevice"); 42310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales static_assert(offsetof(TrustyGateKeeperDevice, device_.common) == 0, 43310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales "common must be the first member of gatekeeper_device"); 44310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#else 45310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales assert(reinterpret_cast<gatekeeper_device_t *>(this) == &device_); 46310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales assert(reinterpret_cast<hw_device_t *>(this) == &(device_.common)); 47310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales#endif 48310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 49310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales memset(&device_, 0, sizeof(device_)); 50310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales device_.common.tag = HARDWARE_DEVICE_TAG; 51310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales device_.common.version = 1; 52310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales device_.common.module = const_cast<hw_module_t *>(module); 53310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales device_.common.close = close_device; 54310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 55310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales device_.enroll = enroll; 56310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales device_.verify = verify; 57310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales device_.delete_user = nullptr; 58310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales device_.delete_all_users = nullptr; 59310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 60310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales int rc = trusty_gatekeeper_connect(); 61310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (rc < 0) { 62310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales ALOGE("Error initializing trusty session: %d", rc); 63310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 64310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 65310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales error_ = rc; 66310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 67310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 68310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 69310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moraleshw_device_t* TrustyGateKeeperDevice::hw_device() { 70310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return &device_.common; 71310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 72310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 73310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesint TrustyGateKeeperDevice::close_device(hw_device_t* dev) { 74310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales delete reinterpret_cast<TrustyGateKeeperDevice *>(dev); 75310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return 0; 76310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 77310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 78310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres MoralesTrustyGateKeeperDevice::~TrustyGateKeeperDevice() { 79310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales trusty_gatekeeper_disconnect(); 80310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 81310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 82310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesint TrustyGateKeeperDevice::Enroll(uint32_t uid, const uint8_t *current_password_handle, 83310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint32_t current_password_handle_length, const uint8_t *current_password, 84310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint32_t current_password_length, const uint8_t *desired_password, 85310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint32_t desired_password_length, uint8_t **enrolled_password_handle, 86310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint32_t *enrolled_password_handle_length) { 87310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 88310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (error_ != 0) { 89310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return error_; 90310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 91310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 92310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales SizedBuffer desired_password_buffer(desired_password_length); 93310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length); 94310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 95310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales SizedBuffer current_password_handle_buffer(current_password_handle_length); 96310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (current_password_handle) { 97310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales memcpy(current_password_handle_buffer.buffer.get(), current_password_handle, 98310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales current_password_handle_length); 99310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 100310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 101310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales SizedBuffer current_password_buffer(current_password_length); 102310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (current_password) { 103310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales memcpy(current_password_buffer.buffer.get(), current_password, current_password_length); 104310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 105310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 106310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales EnrollRequest request(uid, ¤t_password_handle_buffer, &desired_password_buffer, 107310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales ¤t_password_buffer); 108310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales EnrollResponse response; 109310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 110310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales gatekeeper_error_t error = Send(request, &response); 111310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 112310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (error == ERROR_RETRY) { 113310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return response.retry_timeout; 114310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } else if (error != ERROR_NONE) { 115310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return -EINVAL; 116310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 117310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 118310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales *enrolled_password_handle = response.enrolled_password_handle.buffer.release(); 119310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales *enrolled_password_handle_length = response.enrolled_password_handle.length; 120310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 121310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 122310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return 0; 123310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 124310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 125310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesint TrustyGateKeeperDevice::Verify(uint32_t uid, uint64_t challenge, 126310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, 127310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales const uint8_t *provided_password, uint32_t provided_password_length, 128310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll) { 129310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (error_ != 0) { 130310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return error_; 131310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 132310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 133310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales SizedBuffer password_handle_buffer(enrolled_password_handle_length); 134310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle, 135310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales enrolled_password_handle_length); 136310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales SizedBuffer provided_password_buffer(provided_password_length); 137310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length); 138310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 139310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales VerifyRequest request(uid, challenge, &password_handle_buffer, &provided_password_buffer); 140310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales VerifyResponse response; 141310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 142310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales gatekeeper_error_t error = Send(request, &response); 143310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 144310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (error == ERROR_RETRY) { 145310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return response.retry_timeout; 146310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } else if (error != ERROR_NONE) { 147310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return -EINVAL; 148310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 149310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 150310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (auth_token != NULL && auth_token_length != NULL) { 151310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales *auth_token = response.auth_token.buffer.release(); 152310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales *auth_token_length = response.auth_token.length; 153310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 154310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 155310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (request_reenroll != NULL) { 156310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales *request_reenroll = response.request_reenroll; 157310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 158310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 159310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return 0; 160310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 161310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 162310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesgatekeeper_error_t TrustyGateKeeperDevice::Send(uint32_t command, const GateKeeperMessage& request, 163310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales GateKeeperMessage *response) { 164310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint32_t request_size = request.GetSerializedSize(); 165310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (request_size > SEND_BUF_SIZE) 166310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return ERROR_INVALID; 167310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint8_t send_buf[SEND_BUF_SIZE]; 168310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales request.Serialize(send_buf, send_buf + request_size); 169310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 170310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales // Send it 171310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint8_t recv_buf[RECV_BUF_SIZE]; 172310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint32_t response_size = RECV_BUF_SIZE; 173310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales int rc = trusty_gatekeeper_call(command, send_buf, request_size, recv_buf, &response_size); 174310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (rc < 0) { 175310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales ALOGE("error (%d) calling gatekeeper TA", rc); 176310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return ERROR_INVALID; 177310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 178310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 179310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales const gatekeeper_message *msg = reinterpret_cast<gatekeeper_message *>(recv_buf); 180310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales const uint8_t *payload = msg->payload; 181310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 182310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return response->Deserialize(payload, payload + response_size); 183310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 184310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 185310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesstatic inline TrustyGateKeeperDevice *convert_device(const gatekeeper_device *dev) { 186310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return reinterpret_cast<TrustyGateKeeperDevice *>(const_cast<gatekeeper_device *>(dev)); 187310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 188310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 189310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales/* static */ 190310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesint TrustyGateKeeperDevice::enroll(const struct gatekeeper_device *dev, uint32_t uid, 191310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales const uint8_t *current_password_handle, uint32_t current_password_handle_length, 192310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales const uint8_t *current_password, uint32_t current_password_length, 193310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales const uint8_t *desired_password, uint32_t desired_password_length, 194310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) { 195310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 196310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (dev == NULL || 197310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales enrolled_password_handle == NULL || enrolled_password_handle_length == NULL || 198310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales desired_password == NULL || desired_password_length == 0) 199310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return -EINVAL; 200310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 201310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales // Current password and current password handle go together 202310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (current_password_handle == NULL || current_password_handle_length == 0 || 203310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales current_password == NULL || current_password_length == 0) { 204310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales current_password_handle = NULL; 205310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales current_password_handle_length = 0; 206310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales current_password = NULL; 207310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales current_password_length = 0; 208310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 209310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 210310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return convert_device(dev)->Enroll(uid, current_password_handle, current_password_handle_length, 211310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales current_password, current_password_length, desired_password, desired_password_length, 212310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales enrolled_password_handle, enrolled_password_handle_length); 213310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 214310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 215310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 216310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales/* static */ 217310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Moralesint TrustyGateKeeperDevice::verify(const struct gatekeeper_device *dev, uint32_t uid, 218310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint64_t challenge, const uint8_t *enrolled_password_handle, 219310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint32_t enrolled_password_handle_length, const uint8_t *provided_password, 220310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, 221310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales bool *request_reenroll) { 222310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 223310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales if (dev == NULL || enrolled_password_handle == NULL || 224310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales provided_password == NULL) { 225310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return -EINVAL; 226310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales } 227310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales 228310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales return convert_device(dev)->Verify(uid, challenge, enrolled_password_handle, 229310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales enrolled_password_handle_length, provided_password, provided_password_length, 230310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales auth_token, auth_token_length, request_reenroll); 231310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales} 232310dcffbe0c57b686f459c9961ae7b03a1c86a93Andres Morales}; 233