1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef TRUSTY_GATEKEEPER_H 18 #define TRUSTY_GATEKEEPER_H 19 20 #include <memory> 21 22 #include <android/hardware/gatekeeper/1.0/IGatekeeper.h> 23 #include <hidl/Status.h> 24 #include <gatekeeper/gatekeeper_messages.h> 25 26 #include "common/libs/security/gatekeeper_channel.h" 27 28 namespace gatekeeper { 29 30 class RemoteGateKeeperDevice : public ::android::hardware::gatekeeper::V1_0::IGatekeeper { 31 public: 32 explicit RemoteGateKeeperDevice(cuttlefish::GatekeeperChannel* gatekeeper_channel); 33 ~RemoteGateKeeperDevice(); 34 /** 35 * Enrolls password_payload, which should be derived from a user selected pin or password, 36 * with the authentication factor private key used only for enrolling authentication 37 * factor data. 38 * 39 * Returns: 0 on success or an error code less than 0 on error. 40 * On error, enrolled_password_handle will not be allocated. 41 */ 42 ::android::hardware::Return<void> enroll( 43 uint32_t uid, const ::android::hardware::hidl_vec<uint8_t>& currentPasswordHandle, 44 const ::android::hardware::hidl_vec<uint8_t>& currentPassword, 45 const ::android::hardware::hidl_vec<uint8_t>& desiredPassword, 46 enroll_cb _hidl_cb) override; 47 48 /** 49 * Verifies provided_password matches enrolled_password_handle. 50 * 51 * Implementations of this module may retain the result of this call 52 * to attest to the recency of authentication. 53 * 54 * On success, writes the address of a verification token to auth_token, 55 * usable to attest password verification to other trusted services. Clients 56 * may pass NULL for this value. 57 * 58 * Returns: 0 on success or an error code less than 0 on error 59 * On error, verification token will not be allocated 60 */ 61 ::android::hardware::Return<void> verify( 62 uint32_t uid, uint64_t challenge, 63 const ::android::hardware::hidl_vec<uint8_t>& enrolledPasswordHandle, 64 const ::android::hardware::hidl_vec<uint8_t>& providedPassword, 65 verify_cb _hidl_cb) override; 66 67 ::android::hardware::Return<void> deleteUser(uint32_t uid, deleteUser_cb _hidl_cb) override; 68 69 ::android::hardware::Return<void> deleteAllUsers(deleteAllUsers_cb _hidl_cb) override; 70 71 private: 72 cuttlefish::GatekeeperChannel* gatekeeper_channel_; 73 74 gatekeeper_error_t Send(uint32_t command, const GateKeeperMessage& request, 75 GateKeeperMessage* response); 76 Send(const EnrollRequest & request,EnrollResponse * response)77 gatekeeper_error_t Send(const EnrollRequest& request, EnrollResponse *response) { 78 return Send(ENROLL, request, response); 79 } 80 Send(const VerifyRequest & request,VerifyResponse * response)81 gatekeeper_error_t Send(const VerifyRequest& request, VerifyResponse *response) { 82 return Send(VERIFY, request, response); 83 } 84 85 int error_; 86 }; 87 88 } // namespace gatekeeper 89 90 #endif 91