1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef TRUSTY_GATEKEEPER_H 18 #define TRUSTY_GATEKEEPER_H 19 20 #include <android/hardware/gatekeeper/1.0/IGatekeeper.h> 21 #include <hidl/Status.h> 22 23 #include <memory> 24 25 #include <gatekeeper/gatekeeper_messages.h> 26 27 #include "gatekeeper_ipc.h" 28 29 namespace gatekeeper { 30 31 class TrustyGateKeeperDevice : public ::android::hardware::gatekeeper::V1_0::IGatekeeper { 32 public: 33 explicit TrustyGateKeeperDevice(); 34 ~TrustyGateKeeperDevice(); 35 /** 36 * Enrolls password_payload, which should be derived from a user selected pin or password, 37 * with the authentication factor private key used only for enrolling authentication 38 * factor data. 39 * 40 * Returns: 0 on success or an error code less than 0 on error. 41 * On error, enrolled_password_handle will not be allocated. 42 */ 43 ::android::hardware::Return<void> enroll( 44 uint32_t uid, const ::android::hardware::hidl_vec<uint8_t>& currentPasswordHandle, 45 const ::android::hardware::hidl_vec<uint8_t>& currentPassword, 46 const ::android::hardware::hidl_vec<uint8_t>& desiredPassword, 47 enroll_cb _hidl_cb) override; 48 49 /** 50 * Verifies provided_password matches enrolled_password_handle. 51 * 52 * Implementations of this module may retain the result of this call 53 * to attest to the recency of authentication. 54 * 55 * On success, writes the address of a verification token to auth_token, 56 * usable to attest password verification to other trusted services. Clients 57 * may pass NULL for this value. 58 * 59 * Returns: 0 on success or an error code less than 0 on error 60 * On error, verification token will not be allocated 61 */ 62 ::android::hardware::Return<void> verify( 63 uint32_t uid, uint64_t challenge, 64 const ::android::hardware::hidl_vec<uint8_t>& enrolledPasswordHandle, 65 const ::android::hardware::hidl_vec<uint8_t>& providedPassword, 66 verify_cb _hidl_cb) override; 67 68 ::android::hardware::Return<void> deleteUser(uint32_t uid, deleteUser_cb _hidl_cb) override; 69 70 ::android::hardware::Return<void> deleteAllUsers(deleteAllUsers_cb _hidl_cb) override; 71 72 private: 73 gatekeeper_error_t Send(uint32_t command, const GateKeeperMessage& request, 74 GateKeeperMessage* response); 75 Send(const EnrollRequest & request,EnrollResponse * response)76 gatekeeper_error_t Send(const EnrollRequest& request, EnrollResponse *response) { 77 return Send(GK_ENROLL, request, response); 78 } 79 Send(const VerifyRequest & request,VerifyResponse * response)80 gatekeeper_error_t Send(const VerifyRequest& request, VerifyResponse *response) { 81 return Send(GK_VERIFY, request, response); 82 } 83 Send(const DeleteUserRequest & request,DeleteUserResponse * response)84 gatekeeper_error_t Send(const DeleteUserRequest& request, DeleteUserResponse* response) { 85 return Send(GK_DELETE_USER, request, response); 86 } 87 Send(const DeleteAllUsersRequest & request,DeleteAllUsersResponse * response)88 gatekeeper_error_t Send(const DeleteAllUsersRequest& request, 89 DeleteAllUsersResponse* response) { 90 return Send(GK_DELETE_ALL_USERS, request, response); 91 } 92 93 int error_; 94 }; 95 96 } // namespace gatekeeper 97 98 #endif 99 100