1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 #include <cstdint>
19 #include <chrono>
20 #include <unordered_set>
21 #include <vector>
22 
23 namespace aidl::android::hardware::biometrics::fingerprint {
24 
25 struct Storage {
26     enum class AuthResult {
27         OK,
28         FAILED,
29         LOCKED_OUT_TIMED,
30         LOCKED_OUT_PERMANENT,
31     };
32 
33     struct AuthToken {
34         int64_t userId = 0;
35         int64_t authenticatorId = 0;
36     };
37 
38     Storage(int32_t sensorId, int32_t userId);
39 
getMaxEnrollmentsPerUserStorage40     static constexpr int getMaxEnrollmentsPerUser() { return kMaxEnrollmentsPerUser; }
getAuthenticatorIdStorage41     int64_t getAuthenticatorId() const { return mAuthId; }
42     int64_t invalidateAuthenticatorId(int64_t newAuthId);
43     std::vector<int32_t> enumerateEnrollments() const;
44     bool enroll(int enrollmentId, int64_t secureUserId, int64_t newAuthId);
45     void removeEnrollments(const std::vector<int32_t>& enrollmentIds);
46     std::tuple<AuthResult, int32_t, AuthToken> authenticate(int32_t enrollmentId);
47     void resetLockout();
48     bool checkIfLockoutCleared();
49 
50     std::vector<uint8_t> serialize() const;
51     void save() const;
52 
53     static constexpr int kMaxEnrollmentsPerUser = 5;
54 
55     struct LockOut {
56         enum class State {
57             NO, TIMED, TIMED_LOCKED, PERMANENT
58         };
59 
60         std::chrono::steady_clock::time_point nextAttempt;
61         std::chrono::steady_clock::time_point expiration;
62         int failedAttempts = 0;
63         State state = State::NO;
64     };
65 
66     const int32_t mSensorId;
67     const int32_t mUserId;
68     int64_t mAuthId = 0;
69     int64_t mSecureUserId = 0;
70     std::unordered_set<int32_t> mEnrollments;
71     LockOut mLockOut;
72 };
73 
74 } // namespace aidl::android::hardware::biometrics::fingerprint
75