1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #pragma once
17 
18 #include <aidl/android/hardware/gatekeeper/BnGatekeeper.h>
19 #include <gatekeeper/gatekeeper_messages.h>
20 
21 #include "SoftGateKeeper.h"
22 
23 namespace aidl::android::hardware::gatekeeper {
24 
25 class SoftGateKeeperDevice : public BnGatekeeper {
26   public:
27     SoftGateKeeperDevice(::gatekeeper::SoftGateKeeper&);
28     /**
29      * Enrolls password_payload, which should be derived from a user selected pin
30      * or password, with the authentication factor private key used only for
31      * enrolling authentication factor data.
32      *
33      * Returns: 0 on success or an error code less than 0 on error.
34      * On error, enrolled_password_handle will not be allocated.
35      */
36     ::ndk::ScopedAStatus enroll(int32_t uid, const std::vector<uint8_t>& currentPasswordHandle,
37                                 const std::vector<uint8_t>& currentPassword,
38                                 const std::vector<uint8_t>& desiredPassword,
39                                 GatekeeperEnrollResponse* _aidl_return) override;
40     /**
41      * Verifies provided_password matches enrolled_password_handle.
42      *
43      * Implementations of this module may retain the result of this call
44      * to attest to the recency of authentication.
45      *
46      * On success, writes the address of a verification token to auth_token,
47      * usable to attest password verification to other trusted services. Clients
48      * may pass NULL for this value.
49      *
50      * Returns: 0 on success or an error code less than 0 on error
51      * On error, verification token will not be allocated
52      */
53     ::ndk::ScopedAStatus verify(int32_t uid, int64_t challenge,
54                                 const std::vector<uint8_t>& enrolledPasswordHandle,
55                                 const std::vector<uint8_t>& providedPassword,
56                                 GatekeeperVerifyResponse* _aidl_return) override;
57 
58     ::ndk::ScopedAStatus deleteAllUsers() override;
59 
60     ::ndk::ScopedAStatus deleteUser(int32_t uid) override;
61 
62   private:
63     ::gatekeeper::SoftGateKeeper& impl_;
64 };
65 
66 }  // namespace aidl::android::hardware::gatekeeper
67