Add KM_TAG_AUTH_TOKEN and corresponding auth token structure.

We may want to put the auth token structure elsewhere; it's consumed by keymaster but produced by other components. Bug: 19511945 Change-Id: Id9a22ad32137f3e0380c2812f790bbecab511d11
2015-03-14 08:23:41 -06:00 · 2015-03-14 08:23:41 -06:00 · c3ab05c3c4
commit c3ab05c3c4
parent ed94111cce
2 changed files with 52 additions and 6 deletions
--- a/include/hardware/hw_auth_token.h
+++ b/include/hardware/hw_auth_token.h
@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+
+#ifndef ANDROID_HARDWARE_HW_AUTH_TOKEN_H
+#define ANDROID_HARDWARE_HW_AUTH_TOKEN_H
+
+__BEGIN_DECLS
+
+typedef enum {
+    HW_AUTH_NONE = 0,
+    HW_AUTH_PASSWORD = 1 << 1,
+    HW_AUTH_FINGERPRINT = 1 << 2,
+    // Additional entries should be powers of 2.
+    HW_AUTH_ANY = UINT32_MAX,
+} hw_authenticator_type_t;
+
+/**
+ * Data format for an authentication record used to prove successful authentication.
+ */
+typedef struct __attribute__((__packed__)) {
+    uint8_t version;  // Current version is 0
+    uint64_t challenge;
+    uint64_t user_id;             // secure user ID, not Android user ID
+    uint64_t authenticator_id;    // secure authenticator ID
+    uint32_t authenticator_type;  // hw_authenticator_type_t, in network order
+    uint32_t timestamp;           // in network order
+    uint8_t hmac[32];
+} hw_auth_token_t;
+
+__END_DECLS
+
+#endif  // ANDROID_HARDWARE_HW_AUTH_TOKEN_H
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@ -21,9 +21,7 @@
 #include <stdlib.h>
 #include <string.h>

-#if defined(__cplusplus)
-extern "C" {
-#endif  // defined(__cplusplus)
+__BEGIN_DECLS

 /**
 * Authorization tags each have an associated type.  This enumeration facilitates tagging each with
@ -128,6 +126,9 @@ typedef enum {
    KM_TAG_NONCE = KM_BYTES | 1001,           /* Nonce or Initialization Vector */
    KM_TAG_CHUNK_LENGTH = KM_INT | 1002,      /* AEAD mode chunk size, in bytes.  0 means no limit,
                                                 which requires KM_TAG_RETURN_UNAUTHED. */
+    KM_TAG_AUTH_TOKEN = KM_BYTES | 1003,      /* Authentication token that proves secure user
+                                                 authentication has been performed.  Structure
+                                                 defined in hw_auth_token_t in hw_auth_token.h. */
 } keymaster_tag_t;

 /**
@ -545,8 +546,6 @@ inline void keymaster_free_characteristics(keymaster_key_characteristics_t* char
    }
 }

-#if defined(__cplusplus)
-}  // extern "C"
-#endif  // defined(__cplusplus)
+__END_DECLS

 #endif  // ANDROID_HARDWARE_KEYMASTER_DEFS_H