11571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales/* 21571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Copyright (C) 2014 The Android Open Source Project 31571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 41571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Licensed under the Apache License, Version 2.0 (the "License"); 51571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * you may not use this file except in compliance with the License. 61571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * You may obtain a copy of the License at 71571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 81571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * http://www.apache.org/licenses/LICENSE-2.0 91571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 101571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Unless required by applicable law or agreed to in writing, software 111571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * distributed under the License is distributed on an "AS IS" BASIS, 121571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 131571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * See the License for the specific language governing permissions and 141571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * limitations under the License. 151571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales */ 161571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 171571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales#ifndef TRUSTY_GATEKEEPER_H 181571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales#define TRUSTY_GATEKEEPER_H 191571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 201571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales#include <hardware/gatekeeper.h> 211571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales#include <gatekeeper/gatekeeper_messages.h> 221571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 231571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales#include "gatekeeper_ipc.h" 241571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 251571f47f3c523be0cefc9dc341069085ad4deeddAndres Moralesnamespace gatekeeper { 261571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 271571f47f3c523be0cefc9dc341069085ad4deeddAndres Moralesclass TrustyGateKeeperDevice { 281571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales public: 291571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 30034c475931e8e4da54b499c0056121490f029865Chih-Hung Hsieh explicit TrustyGateKeeperDevice(const hw_module_t* module); 311571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales ~TrustyGateKeeperDevice(); 321571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 331571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales hw_device_t* hw_device(); 341571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 351571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales /** 361571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Enrolls password_payload, which should be derived from a user selected pin or password, 371571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * with the authentication factor private key used only for enrolling authentication 381571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * factor data. 391571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 401571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Returns: 0 on success or an error code less than 0 on error. 411571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * On error, enrolled_password will not be allocated. 421571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales */ 431571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales int Enroll(uint32_t uid, const uint8_t *current_password_handle, 441571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales uint32_t current_password_handle_length, const uint8_t *current_password, 451571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales uint32_t current_password_length, const uint8_t *desired_password, 461571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales uint32_t desired_password_length, uint8_t **enrolled_password_handle, 471571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales uint32_t *enrolled_password_handle_length); 481571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 491571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales /** 501571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Verifies provided_password matches expected_password after enrolling 511571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * with the authentication factor private key. 521571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 531571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Implementations of this module may retain the result of this call 541571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * to attest to the recency of authentication. 551571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 561571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * On success, writes the address of a verification token to verification_token, 571571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 581571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Returns: 0 on success or an error code less than 0 on error 591571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * On error, verification token will not be allocated 601571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales */ 611571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales int Verify(uint32_t uid, uint64_t challenge, const uint8_t *enrolled_password_handle, 621571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales uint32_t enrolled_password_handle_length, const uint8_t *provided_password, 631571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, 641571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales bool *request_reenroll); 651571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 661571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales private: 671571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 681571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales gatekeeper_error_t Send(uint32_t command, const GateKeeperMessage& request, 691571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales GateKeeperMessage* response); 701571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 711571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales gatekeeper_error_t Send(const EnrollRequest& request, EnrollResponse *response) { 721571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales return Send(GK_ENROLL, request, response); 731571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales } 741571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 751571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales gatekeeper_error_t Send(const VerifyRequest& request, VerifyResponse *response) { 761571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales return Send(GK_VERIFY, request, response); 771571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales } 781571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 791571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales // Static methods interfacing the HAL API with the TrustyGateKeeper device 801571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 811571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales /** 821571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Enrolls desired_password, which should be derived from a user selected pin or password, 831571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * with the authentication factor private key used only for enrolling authentication 841571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * factor data. 851571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 861571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * If there was already a password enrolled, it should be provided in 871571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * current_password_handle, along with the current password in current_password 881571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * that should validate against current_password_handle. 891571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 901571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Returns: 0 on success or an error code less than 0 on error. 911571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * On error, enrolled_password_handle will not be allocated. 921571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales */ 931571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales static int enroll(const struct gatekeeper_device *dev, uint32_t uid, 941571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales const uint8_t *current_password_handle, uint32_t current_password_handle_length, 951571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales const uint8_t *current_password, uint32_t current_password_length, 961571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales const uint8_t *desired_password, uint32_t desired_password_length, 971571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length); 981571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 991571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales /** 1001571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Verifies provided_password matches enrolled_password_handle. 1011571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 1021571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Implementations of this module may retain the result of this call 1031571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * to attest to the recency of authentication. 1041571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 1051571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * On success, writes the address of a verification token to auth_token, 1061571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * usable to attest password verification to other trusted services. Clients 1071571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * may pass NULL for this value. 1081571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * 1091571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * Returns: 0 on success or an error code less than 0 on error 1101571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales * On error, verification token will not be allocated 1111571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales */ 1121571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales static int verify(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge, 1131571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, 1141571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales const uint8_t *provided_password, uint32_t provided_password_length, 1151571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll); 1161571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 1171571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales static int close_device(hw_device_t* dev); 1181571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 1191571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales gatekeeper_device device_; 1201571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales int error_; 1211571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 1221571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales}; 1231571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales} 1241571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 1251571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales#endif 1261571f47f3c523be0cefc9dc341069085ad4deeddAndres Morales 127