/* * Copyright 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef SOFT_GATEKEEPER_DEVICE_H_ #define SOFT_GATEKEEPER_DEVICE_H_ #include "SoftGateKeeper.h" #include <memory> using namespace gatekeeper; namespace cuttlefish { /** * Software based GateKeeper implementation */ class SoftGateKeeperDevice { public: SoftGateKeeperDevice() { impl_.reset(new SoftGateKeeper()); } // Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API. /** * Enrolls password_payload, which should be derived from a user selected pin or password, * with the authentication factor private key used only for enrolling authentication * factor data. * * Returns: 0 on success or an error code less than 0 on error. * On error, enrolled_password_handle will not be allocated. */ int enroll(uint32_t uid, const uint8_t *current_password_handle, uint32_t current_password_handle_length, const uint8_t *current_password, uint32_t current_password_length, const uint8_t *desired_password, uint32_t desired_password_length, uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length); /** * Verifies provided_password matches enrolled_password_handle. * * Implementations of this module may retain the result of this call * to attest to the recency of authentication. * * On success, writes the address of a verification token to auth_token, * usable to attest password verification to other trusted services. Clients * may pass NULL for this value. * * Returns: 0 on success or an error code less than 0 on error * On error, verification token will not be allocated */ int verify(uint32_t uid, uint64_t challenge, const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, const uint8_t *provided_password, uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length, bool *request_reenroll); private: std::unique_ptr<SoftGateKeeper> impl_; }; } // namespace gatekeeper #endif //SOFT_GATEKEEPER_DEVICE_H_