1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "SoftGateKeeperDevice.h"
18 #include "SoftGateKeeper.h"
19 
20 using ::android::hardware::hidl_vec;
21 using ::android::hardware::Return;
22 using ::android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
23 using ::gatekeeper::EnrollRequest;
24 using ::gatekeeper::EnrollResponse;
25 using ::gatekeeper::ERROR_INVALID;
26 using ::gatekeeper::ERROR_MEMORY_ALLOCATION_FAILED;
27 using ::gatekeeper::ERROR_NONE;
28 using ::gatekeeper::ERROR_RETRY;
29 using ::gatekeeper::SizedBuffer;
30 using ::gatekeeper::VerifyRequest;
31 using ::gatekeeper::VerifyResponse;
32 
33 #include <limits>
34 
35 namespace android {
36 
hidl_vec2sized_buffer(const hidl_vec<uint8_t> & vec)37 inline SizedBuffer hidl_vec2sized_buffer(const hidl_vec<uint8_t>& vec) {
38     if (vec.size() == 0 || vec.size() > std::numeric_limits<uint32_t>::max()) return {};
39     auto dummy = new uint8_t[vec.size()];
40     std::copy(vec.begin(), vec.end(), dummy);
41     return {dummy, static_cast<uint32_t>(vec.size())};
42 }
43 
enroll(uint32_t uid,const hidl_vec<uint8_t> & currentPasswordHandle,const hidl_vec<uint8_t> & currentPassword,const hidl_vec<uint8_t> & desiredPassword,enroll_cb _hidl_cb)44 Return<void> SoftGateKeeperDevice::enroll(uint32_t uid,
45                                           const hidl_vec<uint8_t>& currentPasswordHandle,
46                                           const hidl_vec<uint8_t>& currentPassword,
47                                           const hidl_vec<uint8_t>& desiredPassword,
48                                           enroll_cb _hidl_cb) {
49     if (desiredPassword.size() == 0) {
50         _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
51         return {};
52     }
53 
54     EnrollRequest request(uid, hidl_vec2sized_buffer(currentPasswordHandle),
55                           hidl_vec2sized_buffer(desiredPassword),
56                           hidl_vec2sized_buffer(currentPassword));
57     EnrollResponse response;
58     impl_->Enroll(request, &response);
59 
60     if (response.error == ERROR_RETRY) {
61         _hidl_cb({GatekeeperStatusCode::ERROR_RETRY_TIMEOUT, response.retry_timeout, {}});
62     } else if (response.error != ERROR_NONE) {
63         _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
64     } else {
65         hidl_vec<uint8_t> new_handle(response.enrolled_password_handle.Data<uint8_t>(),
66                                      response.enrolled_password_handle.Data<uint8_t>() +
67                                              response.enrolled_password_handle.size());
68         _hidl_cb({GatekeeperStatusCode::STATUS_OK, response.retry_timeout, new_handle});
69     }
70     return {};
71 }
72 
verify(uint32_t uid,uint64_t challenge,const::android::hardware::hidl_vec<uint8_t> & enrolledPasswordHandle,const::android::hardware::hidl_vec<uint8_t> & providedPassword,verify_cb _hidl_cb)73 Return<void> SoftGateKeeperDevice::verify(
74         uint32_t uid, uint64_t challenge,
75         const ::android::hardware::hidl_vec<uint8_t>& enrolledPasswordHandle,
76         const ::android::hardware::hidl_vec<uint8_t>& providedPassword, verify_cb _hidl_cb) {
77     if (enrolledPasswordHandle.size() == 0) {
78         _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
79         return {};
80     }
81 
82     VerifyRequest request(uid, challenge, hidl_vec2sized_buffer(enrolledPasswordHandle),
83                           hidl_vec2sized_buffer(providedPassword));
84     VerifyResponse response;
85 
86     impl_->Verify(request, &response);
87 
88     if (response.error == ERROR_RETRY) {
89         _hidl_cb({GatekeeperStatusCode::ERROR_RETRY_TIMEOUT, response.retry_timeout, {}});
90     } else if (response.error != ERROR_NONE) {
91         _hidl_cb({GatekeeperStatusCode::ERROR_GENERAL_FAILURE, 0, {}});
92     } else {
93         hidl_vec<uint8_t> auth_token(
94                 response.auth_token.Data<uint8_t>(),
95                 response.auth_token.Data<uint8_t>() + response.auth_token.size());
96 
97         _hidl_cb({response.request_reenroll ? GatekeeperStatusCode::STATUS_REENROLL
98                                             : GatekeeperStatusCode::STATUS_OK,
99                   response.retry_timeout, auth_token});
100     }
101     return {};
102 }
103 
deleteUser(uint32_t,deleteUser_cb _hidl_cb)104 Return<void> SoftGateKeeperDevice::deleteUser(uint32_t /*uid*/, deleteUser_cb _hidl_cb) {
105     _hidl_cb({GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED, 0, {}});
106     return {};
107 }
108 
deleteAllUsers(deleteAllUsers_cb _hidl_cb)109 Return<void> SoftGateKeeperDevice::deleteAllUsers(deleteAllUsers_cb _hidl_cb) {
110     _hidl_cb({GatekeeperStatusCode::ERROR_NOT_IMPLEMENTED, 0, {}});
111     return {};
112 }
113 
114 }  // namespace android
115