diff options
Diffstat (limited to 'include/hardware/gatekeeper.h')
l---------[-rw-r--r--] | include/hardware/gatekeeper.h | 191 |
1 files changed, 1 insertions, 190 deletions
diff --git a/include/hardware/gatekeeper.h b/include/hardware/gatekeeper.h index 2bb2b08c..e186e3ce 100644..120000 --- a/include/hardware/gatekeeper.h +++ b/include/hardware/gatekeeper.h @@ -1,190 +1 @@ -/* - * Copyright (C) 2015 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ANDROID_HARDWARE_GATEKEEPER_H -#define ANDROID_HARDWARE_GATEKEEPER_H - -#include <sys/cdefs.h> -#include <sys/types.h> -#include <hardware/hardware.h> - -__BEGIN_DECLS - -#define GATEKEEPER_HARDWARE_MODULE_ID "gatekeeper" - -#define GATEKEEPER_MODULE_API_VERSION_0_1 HARDWARE_MODULE_API_VERSION(0, 1) - -#define HARDWARE_GATEKEEPER "gatekeeper" - -struct gatekeeper_module { - /** - * Comon methods of the gatekeeper module. This *must* be the first member of - * gatekeeper_module as users of this structure will cast a hw_module_t to - * a gatekeeper_module pointer in the appropriate context. - */ - hw_module_t common; -}; - -struct gatekeeper_device { - /** - * Common methods of the gatekeeper device. As above, this must be the first - * member of keymaster_device. - */ - hw_device_t common; - - /** - * Enrolls desired_password, which should be derived from a user selected pin or password, - * with the authentication factor private key used only for enrolling authentication - * factor data. - * - * If there was already a password enrolled, it should be provided in - * current_password_handle, along with the current password in current_password - * that should validate against current_password_handle. - * - * Parameters: - * - dev: pointer to gatekeeper_device acquired via calls to gatekeeper_open - * - uid: the Android user identifier - * - * - current_password_handle: the currently enrolled password handle the user - * wants to replace. May be null if there's no currently enrolled password. - * - current_password_handle_length: the length in bytes of the buffer pointed - * at by current_password_handle. Must be 0 if current_password_handle is NULL. - * - * - current_password: the user's current password in plain text. If presented, - * it MUST verify against current_password_handle. - * - current_password_length: the size in bytes of the buffer pointed at by - * current_password. Must be 0 if the current_password is NULL. - * - * - desired_password: the new password the user wishes to enroll in plain-text. - * Cannot be NULL. - * - desired_password_length: the length in bytes of the buffer pointed at by - * desired_password. - * - * - enrolled_password_handle: on success, a buffer will be allocated with the - * new password handle referencing the password provided in desired_password. - * This buffer can be used on subsequent calls to enroll or verify. - * The caller is responsible for deallocating this buffer via a call to delete[] - * - enrolled_password_handle_length: pointer to the length in bytes of the buffer allocated - * by this function and pointed to by *enrolled_password_handle_length. - * - * Returns: - * - 0 on success - * - An error code < 0 on failure, or - * - A timeout value T > 0 if the call should not be re-attempted until T milliseconds - * have elapsed. - * - * On error, enrolled_password_handle will not be allocated. - */ - int (*enroll)(const struct gatekeeper_device *dev, uint32_t uid, - const uint8_t *current_password_handle, uint32_t current_password_handle_length, - const uint8_t *current_password, uint32_t current_password_length, - const uint8_t *desired_password, uint32_t desired_password_length, - uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length); - - /** - * Verifies provided_password matches enrolled_password_handle. - * - * Implementations of this module may retain the result of this call - * to attest to the recency of authentication. - * - * On success, writes the address of a verification token to auth_token, - * usable to attest password verification to other trusted services. Clients - * may pass NULL for this value. - * - * Parameters: - * - dev: pointer to gatekeeper_device acquired via calls to gatekeeper_open - * - uid: the Android user identifier - * - * - challenge: An optional challenge to authenticate against, or 0. Used when a separate - * authenticator requests password verification, or for transactional - * password authentication. - * - * - enrolled_password_handle: the currently enrolled password handle that the - * user wishes to verify against. - * - enrolled_password_handle_length: the length in bytes of the buffer pointed - * to by enrolled_password_handle - * - * - provided_password: the plaintext password to be verified against the - * enrolled_password_handle - * - provided_password_length: the length in bytes of the buffer pointed to by - * provided_password - * - * - auth_token: on success, a buffer containing the authentication token - * resulting from this verification is assigned to *auth_token. The caller - * is responsible for deallocating this memory via a call to delete[] - * - auth_token_length: on success, the length in bytes of the authentication - * token assigned to *auth_token will be assigned to *auth_token_length - * - * - request_reenroll: a request to the upper layers to re-enroll the verified - * password due to a version change. Not set if verification fails. - * - * Returns: - * - 0 on success - * - An error code < 0 on failure, or - * - A timeout value T > 0 if the call should not be re-attempted until T milliseconds - * have elapsed. - * On error, auth token will not be allocated - */ - int (*verify)(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge, - const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, - const uint8_t *provided_password, uint32_t provided_password_length, - uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll); - - /* - * Deletes the enrolled_password_handle associated wth the uid. Once deleted - * the user cannot be verified anymore. - * This function is optional and should be set to NULL if it is not implemented. - * - * Parameters - * - dev: pointer to gatekeeper_device acquired via calls to gatekeeper_open - * - uid: the Android user identifier - * - * Returns: - * - 0 on success - * - An error code < 0 on failure - */ - int (*delete_user)(const struct gatekeeper_device *dev, uint32_t uid); - - /* - * Deletes all the enrolled_password_handles for all uid's. Once called, - * no users will be enrolled on the device. - * This function is optional and should be set to NULL if it is not implemented. - * - * Parameters - * - dev: pointer to gatekeeper_device acquired via calls to gatekeeper_open - * - * Returns: - * - 0 on success - * - An error code < 0 on failure - */ - int (*delete_all_users)(const struct gatekeeper_device *dev); -}; - -typedef struct gatekeeper_device gatekeeper_device_t; - -static inline int gatekeeper_open(const struct hw_module_t *module, - gatekeeper_device_t **device) { - return module->methods->open(module, HARDWARE_GATEKEEPER, - (struct hw_device_t **) device); -} - -static inline int gatekeeper_close(gatekeeper_device_t *device) { - return device->common.close(&device->common); -} - -__END_DECLS - -#endif // ANDROID_HARDWARE_GATEKEEPER_H +../../include_all/hardware/gatekeeper.h
\ No newline at end of file |