• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #include "SoftGateKeeper.h"
17 #include "SoftGateKeeperDevice.h"
18 
19 namespace cuttlefish {
20 
enroll(uint32_t uid,const uint8_t * current_password_handle,uint32_t current_password_handle_length,const uint8_t * current_password,uint32_t current_password_length,const uint8_t * desired_password,uint32_t desired_password_length,uint8_t ** enrolled_password_handle,uint32_t * enrolled_password_handle_length)21 int SoftGateKeeperDevice::enroll(uint32_t uid,
22             const uint8_t *current_password_handle, uint32_t current_password_handle_length,
23             const uint8_t *current_password, uint32_t current_password_length,
24             const uint8_t *desired_password, uint32_t desired_password_length,
25             uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) {
26 
27     if (enrolled_password_handle == NULL || enrolled_password_handle_length == NULL ||
28             desired_password == NULL || desired_password_length == 0)
29         return -EINVAL;
30 
31     // Current password and current password handle go together
32     if (current_password_handle == NULL || current_password_handle_length == 0 ||
33             current_password == NULL || current_password_length == 0) {
34         current_password_handle = NULL;
35         current_password_handle_length = 0;
36         current_password = NULL;
37         current_password_length = 0;
38     }
39 
40     SizedBuffer desired_password_buffer(desired_password_length);
41     memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length);
42 
43     SizedBuffer current_password_handle_buffer(current_password_handle_length);
44     if (current_password_handle) {
45         memcpy(current_password_handle_buffer.buffer.get(), current_password_handle,
46                 current_password_handle_length);
47     }
48 
49     SizedBuffer current_password_buffer(current_password_length);
50     if (current_password) {
51         memcpy(current_password_buffer.buffer.get(), current_password, current_password_length);
52     }
53 
54     EnrollRequest request(uid, &current_password_handle_buffer, &desired_password_buffer,
55             &current_password_buffer);
56     EnrollResponse response;
57 
58     impl_->Enroll(request, &response);
59 
60     if (response.error == ERROR_RETRY) {
61         return response.retry_timeout;
62     } else if (response.error != ERROR_NONE) {
63         return -EINVAL;
64     }
65 
66     *enrolled_password_handle = response.enrolled_password_handle.buffer.release();
67     gatekeeper::password_handle_t *handle =
68                     reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
69     //FIXIT: We need to move this module to host with gatekeeper pipe
70     handle->hardware_backed = true;
71 
72     *enrolled_password_handle_length = response.enrolled_password_handle.length;
73     return 0;
74 }
75 
verify(uint32_t uid,uint64_t challenge,const uint8_t * enrolled_password_handle,uint32_t enrolled_password_handle_length,const uint8_t * provided_password,uint32_t provided_password_length,uint8_t ** auth_token,uint32_t * auth_token_length,bool * request_reenroll)76 int SoftGateKeeperDevice::verify(uint32_t uid,
77         uint64_t challenge, const uint8_t *enrolled_password_handle,
78         uint32_t enrolled_password_handle_length, const uint8_t *provided_password,
79         uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length,
80         bool *request_reenroll) {
81 
82     if (enrolled_password_handle == NULL ||
83             provided_password == NULL) {
84         return -EINVAL;
85     }
86 
87     SizedBuffer password_handle_buffer(enrolled_password_handle_length);
88     memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle,
89             enrolled_password_handle_length);
90     SizedBuffer provided_password_buffer(provided_password_length);
91     memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length);
92 
93     VerifyRequest request(uid, challenge, &password_handle_buffer, &provided_password_buffer);
94     VerifyResponse response;
95 
96     impl_->Verify(request, &response);
97 
98     if (response.error == ERROR_RETRY) {
99         return response.retry_timeout;
100     } else if (response.error != ERROR_NONE) {
101         return -EINVAL;
102     }
103 
104     if (auth_token != NULL && auth_token_length != NULL) {
105        *auth_token = response.auth_token.buffer.release();
106        *auth_token_length = response.auth_token.length;
107     }
108 
109     if (request_reenroll != NULL) {
110         *request_reenroll = response.request_reenroll;
111     }
112 
113     return 0;
114 }
115 
116 } // namespace cuttlefish
117