diff options
author | Andres Morales <anmorales@google.com> | 2015-05-21 11:08:21 -0700 |
---|---|---|
committer | Andres Morales <anmorales@google.com> | 2015-05-26 18:00:31 -0700 |
commit | 4844fa6b05659190b6b6557442718d4568a0c68a (patch) | |
tree | e192923cc3ee5f7d68966ce545ad34ca1699451e | |
parent | 8aceb8fcd434ed95fb9b3d9bcfe2149a6adb1444 (diff) | |
download | gatekeeper-4844fa6b05659190b6b6557442718d4568a0c68a.tar.gz |
remove softgatekeeper device
now implemented directly in GateKeeperD
Change-Id: I1afda4a4d32b746bd7ab4079ad96f0dd4d9fdc6e
-rw-r--r-- | softgatekeeper/Android.mk | 32 | ||||
-rw-r--r-- | softgatekeeper/module.cpp | 21 | ||||
-rw-r--r-- | softgatekeeper/soft_gatekeeper_device.cpp | 171 | ||||
-rw-r--r-- | softgatekeeper/soft_gatekeeper_device.h | 82 |
4 files changed, 0 insertions, 306 deletions
diff --git a/softgatekeeper/Android.mk b/softgatekeeper/Android.mk deleted file mode 100644 index 7851ea2..0000000 --- a/softgatekeeper/Android.mk +++ /dev/null @@ -1,32 +0,0 @@ -# Copyright (C) 2012 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) -ifeq ($(USE_32_BIT_KEYSTORE), true) -LOCAL_MULTILIB := 32 -endif -LOCAL_MODULE := gatekeeper.default -LOCAL_MODULE_RELATIVE_PATH := hw -LOCAL_SRC_FILES := \ - module.cpp \ - soft_gatekeeper_device.cpp -LOCAL_CFLAGS = -fvisibility=hidden -Wall -Werror -LOCAL_SHARED_LIBRARIES := libcrypto libgatekeeper -LOCAL_STATIC_LIBRARIES := libscrypt_static -LOCAL_C_INCLUDES := external/scrypt/lib/crypto -LOCAL_MODULE_TAGS := optional -LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk -include $(BUILD_SHARED_LIBRARY) diff --git a/softgatekeeper/module.cpp b/softgatekeeper/module.cpp deleted file mode 100644 index 4c0b624..0000000 --- a/softgatekeeper/module.cpp +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include "soft_gatekeeper_device.h" - -extern struct gatekeeper_module soft_gatekeeper_device_module; - -struct gatekeeper_module HAL_MODULE_INFO_SYM __attribute__((visibility("default"))) - = soft_gatekeeper_device_module; diff --git a/softgatekeeper/soft_gatekeeper_device.cpp b/softgatekeeper/soft_gatekeeper_device.cpp deleted file mode 100644 index c16b639..0000000 --- a/softgatekeeper/soft_gatekeeper_device.cpp +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Copyright 2015 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "soft_gatekeeper_device.h" - -__attribute__((visibility("default"))) -int softgatekeeper_device_open(const hw_module_t *module, const char *name, hw_device_t **device) { - if (device == NULL || strcmp(name, HARDWARE_GATEKEEPER) != 0) - return -EINVAL; - - gatekeeper::SoftGateKeeperDevice *dev = new gatekeeper::SoftGateKeeperDevice(module); - if (dev == NULL) - return -ENOMEM; - - *device = reinterpret_cast<hw_device_t *>(dev); - return 0; -} - -static struct hw_module_methods_t gatekeeper_module_methods = { - .open = softgatekeeper_device_open, -}; - -__attribute__((visibility("default"))) -struct gatekeeper_module soft_gatekeeper_device_module = { - .common = - { - .tag = HARDWARE_MODULE_TAG, - .module_api_version = GATEKEEPER_MODULE_API_VERSION_0_1, - .hal_api_version = HARDWARE_HAL_API_VERSION, - .id = GATEKEEPER_HARDWARE_MODULE_ID, - .name = "GateKeeper SCrypt HAL", - .author = "The Android Open Source Project", - .methods = &gatekeeper_module_methods, - .dso = 0, - .reserved = {}, - }, -}; - -namespace gatekeeper { - -SoftGateKeeperDevice::SoftGateKeeperDevice(const hw_module_t *module) - : impl_(new SoftGateKeeper()) { -#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__) - static_assert(std::is_standard_layout<SoftGateKeeperDevice>::value, - "SoftGateKeeperDevice must be standard layout"); - static_assert(offsetof(SoftGateKeeperDevice, device_) == 0, - "device_ must be the first member of KeymasterOpenSsl"); - static_assert(offsetof(SoftGateKeeperDevice, device_.common) == 0, - "common must be the first member of keymaster_device"); -#else - assert(reinterpret_cast<gatekeeper_device*>(this) == &device_); - assert(reinterpret_cast<hw_device_t*>(this) == &(device_.common)); -#endif - - memset(&device_, 0, sizeof(device_)); - device_.common.tag = HARDWARE_DEVICE_TAG; - device_.common.version = 1; - device_.common.module = const_cast<hw_module_t *>(module); - device_.common.close = close_device; - - device_.verify = Verify; - device_.enroll = Enroll; -} - -hw_device_t *SoftGateKeeperDevice::hw_device() { - return &device_.common; -} - -static inline SoftGateKeeperDevice *convert_device(const struct gatekeeper_device *dev) { - return reinterpret_cast<SoftGateKeeperDevice *>(const_cast<gatekeeper_device *>(dev)); -} - -/* static */ -int SoftGateKeeperDevice::close_device(hw_device_t* dev) { - delete reinterpret_cast<SoftGateKeeperDevice *>(dev); - return 0; -} - -int SoftGateKeeperDevice::Enroll(const struct gatekeeper_device *dev, uint32_t uid, - const uint8_t *current_password_handle, uint32_t current_password_handle_length, - const uint8_t *current_password, uint32_t current_password_length, - const uint8_t *desired_password, uint32_t desired_password_length, - uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) { - - if (dev == NULL || - enrolled_password_handle == NULL || enrolled_password_handle_length == NULL || - desired_password == NULL || desired_password_length == 0) - return -EINVAL; - - // Current password and current password handle go together - if (current_password_handle == NULL || current_password_handle_length == 0 || - current_password == NULL || current_password_length == 0) { - current_password_handle = NULL; - current_password_handle_length = 0; - current_password = NULL; - current_password_length = 0; - } - - SizedBuffer desired_password_buffer(desired_password_length); - memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length); - - SizedBuffer current_password_handle_buffer(current_password_handle_length); - if (current_password_handle) { - memcpy(current_password_handle_buffer.buffer.get(), current_password_handle, - current_password_handle_length); - } - - SizedBuffer current_password_buffer(current_password_length); - if (current_password) { - memcpy(current_password_buffer.buffer.get(), current_password, current_password_length); - } - - EnrollRequest request(uid, ¤t_password_handle_buffer, &desired_password_buffer, - ¤t_password_buffer); - EnrollResponse response; - - convert_device(dev)->impl_->Enroll(request, &response); - - if (response.error != ERROR_NONE) - return -EINVAL; - - *enrolled_password_handle = response.enrolled_password_handle.buffer.release(); - *enrolled_password_handle_length = response.enrolled_password_handle.length; - return 0; -} - -int SoftGateKeeperDevice::Verify(const struct gatekeeper_device *dev, uint32_t uid, - uint64_t challenge, const uint8_t *enrolled_password_handle, - uint32_t enrolled_password_handle_length, const uint8_t *provided_password, - uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length) { - - if (dev == NULL || enrolled_password_handle == NULL || - provided_password == NULL) { - return -EINVAL; - } - - SizedBuffer password_handle_buffer(enrolled_password_handle_length); - memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle, - enrolled_password_handle_length); - SizedBuffer provided_password_buffer(provided_password_length); - memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length); - - VerifyRequest request(uid, challenge, &password_handle_buffer, &provided_password_buffer); - VerifyResponse response; - - convert_device(dev)->impl_->Verify(request, &response); - - if (response.error != ERROR_NONE) - return -EINVAL; - - if (auth_token != NULL && auth_token_length != NULL) { - *auth_token = response.auth_token.buffer.release(); - *auth_token_length = response.auth_token.length; - } - - return 0; -} -}; diff --git a/softgatekeeper/soft_gatekeeper_device.h b/softgatekeeper/soft_gatekeeper_device.h deleted file mode 100644 index 0b8a8aa..0000000 --- a/softgatekeeper/soft_gatekeeper_device.h +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2015 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SOFT_GATEKEEPER_DEVICE_H_ -#define SOFT_GATEKEEPER_DEVICE_H_ - -#include <gatekeeper/soft_gatekeeper.h> -#include <hardware/gatekeeper.h> -#include <UniquePtr.h> - -namespace gatekeeper { - -/** - * Software based GateKeeper implementation - * - * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t - * and gatekeeper. This means it must remain a standard layout class (no virtual functions and - * no data members which aren't standard layout), and device_ must be the first data member. - * Assertions in the constructor validate compliance with those constraints. - */ -class SoftGateKeeperDevice { -public: - SoftGateKeeperDevice(const hw_module_t *module); - - hw_device_t *hw_device(); - -private: - static int close_device(hw_device_t* dev); - - // Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API. - - /** - * Enrolls password_payload, which should be derived from a user selected pin or password, - * with the authentication factor private key used only for enrolling authentication - * factor data. - * - * Returns: 0 on success or an error code less than 0 on error. - * On error, enrolled_password_handle will not be allocated. - */ - static int Enroll(const struct gatekeeper_device *dev, uint32_t uid, - const uint8_t *current_password_handle, uint32_t current_password_handle_length, - const uint8_t *current_password, uint32_t current_password_length, - const uint8_t *desired_password, uint32_t desired_password_length, - uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length); - /** - * Verifies provided_password matches enrolled_password_handle. - * - * Implementations of this module may retain the result of this call - * to attest to the recency of authentication. - * - * On success, writes the address of a verification token to auth_token, - * usable to attest password verification to other trusted services. Clients - * may pass NULL for this value. - * - * Returns: 0 on success or an error code less than 0 on error - * On error, verification token will not be allocated - */ - static int Verify(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge, - const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, - const uint8_t *provided_password, uint32_t provided_password_length, - uint8_t **auth_token, uint32_t *auth_token_length); - - gatekeeper_device device_; - UniquePtr<GateKeeper> impl_; -}; - -} // namespace gatekeeper - -#endif //SOFT_GATEKEEPER_DEVICE_H_ |