diff options
| -rw-r--r-- | include/hardware/bluetooth.h | 5 | ||||
| -rw-r--r-- | include/hardware/bt_common_types.h | 44 | ||||
| -rw-r--r-- | include/hardware/bt_gatt_client.h | 26 | ||||
| -rw-r--r-- | include/hardware/fingerprint.h | 46 | ||||
| -rw-r--r-- | include/hardware/fused_location.h | 78 | ||||
| -rw-r--r-- | include/hardware/gatekeeper.h | 6 | ||||
| -rw-r--r-- | include/hardware/gps.h | 39 | ||||
| -rw-r--r-- | include/hardware/hw_auth_token.h | 12 | ||||
| -rw-r--r-- | include/hardware/keymaster1.h | 4 | ||||
| -rw-r--r-- | include/hardware/keymaster_defs.h | 131 | ||||
| -rw-r--r-- | modules/fingerprint/fingerprint.c | 5 | ||||
| -rw-r--r-- | tests/fingerprint/fingerprint_tests.cpp | 15 |
12 files changed, 279 insertions, 132 deletions
diff --git a/include/hardware/bluetooth.h b/include/hardware/bluetooth.h index 74cd1fc..75c9e9c 100644 --- a/include/hardware/bluetooth.h +++ b/include/hardware/bluetooth.h @@ -143,14 +143,15 @@ typedef struct typedef struct { + uint16_t version_supported; uint8_t local_privacy_enabled; uint8_t max_adv_instance; uint8_t rpa_offload_supported; uint8_t max_irk_list_size; uint8_t max_adv_filter_supported; - uint8_t scan_result_storage_size_lobyte; - uint8_t scan_result_storage_size_hibyte; uint8_t activity_energy_info_supported; + uint16_t scan_result_storage_size; + uint16_t total_trackable_advertisers; }bt_local_le_features_t; /* Bluetooth Adapter and Remote Device property types */ diff --git a/include/hardware/bt_common_types.h b/include/hardware/bt_common_types.h new file mode 100644 index 0000000..e30ac24 --- /dev/null +++ b/include/hardware/bt_common_types.h @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************************************************** + * + * This file contains constants and definitions that can be used commonly between JNI and stack layer + * + ******************************************************************************/ +#ifndef ANDROID_INCLUDE_BT_COMMON_TYPES_H +#define ANDROID_INCLUDE_BT_COMMON_TYPES_H + +#include "bluetooth.h" + +typedef struct +{ + uint8_t client_if; + uint8_t filt_index; + uint8_t advertiser_state; + uint8_t advertiser_info_present; + uint8_t addr_type; + uint8_t tx_power; + int8_t rssi_value; + uint16_t time_stamp; + bt_bdaddr_t bd_addr; + uint8_t adv_pkt_len; + uint8_t *p_adv_pkt_data; + uint8_t scan_rsp_len; + uint8_t *p_scan_rsp_data; +} btgatt_track_adv_info_t; + +#endif /* ANDROID_INCLUDE_BT_COMMON_TYPES_H */ diff --git a/include/hardware/bt_gatt_client.h b/include/hardware/bt_gatt_client.h index 8073dd1..7881dc8 100644 --- a/include/hardware/bt_gatt_client.h +++ b/include/hardware/bt_gatt_client.h @@ -20,6 +20,7 @@ #include <stdint.h> #include "bt_gatt_types.h" +#include "bt_common_types.h" __BEGIN_DECLS @@ -69,6 +70,23 @@ typedef struct typedef struct { + uint8_t client_if; + uint8_t action; + uint8_t filt_index; + uint16_t feat_seln; + uint16_t list_logic_type; + uint8_t filt_logic_type; + uint8_t rssi_high_thres; + uint8_t rssi_low_thres; + uint8_t dely_mode; + uint16_t found_timeout; + uint16_t lost_timeout; + uint8_t found_timeout_cnt; + uint16_t num_of_tracking_entries; +} btgatt_filt_param_setup_t; + +typedef struct +{ bt_bdaddr_t *bda1; bt_uuid_t *uuid1; uint16_t u1; @@ -202,8 +220,7 @@ typedef void (*batchscan_reports_callback)(int client_if, int status, int report typedef void (*batchscan_threshold_callback)(int client_if); /** Track ADV VSE callback invoked when tracked device is found or lost */ -typedef void (*track_adv_event_callback)(int client_if, int filt_index, int addr_type, - bt_bdaddr_t* bda, int adv_state); +typedef void (*track_adv_event_callback)(btgatt_track_adv_info_t *p_track_adv_info); typedef struct { register_client_callback register_client_cb; @@ -336,10 +353,7 @@ typedef struct { bt_status_t (*read_remote_rssi)( int client_if, const bt_bdaddr_t *bd_addr); /** Setup scan filter params */ - bt_status_t (*scan_filter_param_setup)(int client_if, int action, int filt_index, int feat_seln, - int list_logic_type, int filt_logic_type, int rssi_high_thres, - int rssi_low_thres, int dely_mode, int found_timeout, - int lost_timeout, int found_timeout_cnt); + bt_status_t (*scan_filter_param_setup)(btgatt_filt_param_setup_t filt_param); /** Configure a scan filter condition */ diff --git a/include/hardware/fingerprint.h b/include/hardware/fingerprint.h index 1fe8cc9..68687b2 100644 --- a/include/hardware/fingerprint.h +++ b/include/hardware/fingerprint.h @@ -17,6 +17,8 @@ #ifndef ANDROID_INCLUDE_HARDWARE_FINGERPRINT_H #define ANDROID_INCLUDE_HARDWARE_FINGERPRINT_H +#include <hardware/hw_auth_token.h> + #define FINGERPRINT_MODULE_API_VERSION_1_0 HARDWARE_MODULE_API_VERSION(1, 0) #define FINGERPRINT_MODULE_API_VERSION_2_0 HARDWARE_MODULE_API_VERSION(2, 0) #define FINGERPRINT_HARDWARE_MODULE_ID "fingerprint" @@ -24,7 +26,6 @@ typedef enum fingerprint_msg_type { FINGERPRINT_ERROR = -1, FINGERPRINT_ACQUIRED = 1, - FINGERPRINT_PROCESSED = 2, FINGERPRINT_TEMPLATE_ENROLLING = 3, FINGERPRINT_TEMPLATE_REMOVED = 4, FINGERPRINT_AUTHENTICATED = 5 @@ -97,19 +98,9 @@ typedef struct fingerprint_acquired { fingerprint_acquired_info_t acquired_info; /* information about the image */ } fingerprint_acquired_t; -typedef struct fingerprint_processed { - fingerprint_finger_id_t finger; /* all 0s is a special case and means no match */ -} fingerprint_processed_t; - typedef struct fingerprint_authenticated { - uint32_t user_id; - uint32_t auth_id; - uint32_t timestamp; - uint32_t app_id; - uint64_t crypto_op_id; - uint8_t hmac[16]; /* 128-bit */ - uint32_t auth_token_size; - uint8_t *auth_token; + fingerprint_finger_id_t finger; + hw_auth_token_t hat; } fingerprint_authenticated_t; typedef struct fingerprint_msg { @@ -119,7 +110,6 @@ typedef struct fingerprint_msg { fingerprint_enroll_t enroll; fingerprint_removed_t removed; fingerprint_acquired_t acquired; - fingerprint_processed_t processed; fingerprint_authenticated_t authenticated; } data; } fingerprint_msg_t; @@ -151,19 +141,30 @@ typedef struct fingerprint_device { * -1 otherwise. A notify() function may be called * indicating the error condition. */ - int (*enroll)(struct fingerprint_device *dev, uint32_t gid, uint32_t timeout_sec); + int (*enroll)(struct fingerprint_device *dev, const hw_auth_token_t *hat, + uint32_t gid, uint32_t timeout_sec); /* - * Cancel fingerprint enroll request: - * Switches the HAL state machine back to accept a fingerprint scan mode. - * (fingerprint_msg.type == FINGERPRINT_TEMPLATE_ENROLLING && - * fingerprint_msg.data.enroll.samples_remaining == 0) + * Fingerprint pre-enroll enroll request: + * Generates a unique token to upper layers to indicate the start of an enrollment transaction. + * This token will be wrapped by security for verification and passed to enroll() for + * verification before enrollment will be allowed. This is to ensure adding a new fingerprint + * template was preceded by some kind of credential confirmation (e.g. device password). + * + * Function return: 0 if function failed + * otherwise, a uint64_t of token + */ + uint64_t (*pre_enroll)(struct fingerprint_device *dev); + + /* + * Cancel pending enroll or authenticate, sending FINGERPRINT_ERROR_CANCELED + * to all running clients. Switches the HAL state machine back to the idle state. * will indicate switch back to the scan mode. * * Function return: 0 if cancel request is accepted * -1 otherwise. */ - int (*enroll_cancel)(struct fingerprint_device *dev); + int (*cancel)(struct fingerprint_device *dev); /* * Fingerprint remove request: @@ -193,7 +194,7 @@ typedef struct fingerprint_device { * Authenticates an operation identifed by operation_id * * Function return: 0 on success - * -1 if the size is out of bounds. + * -1 if the operation cannot be completed */ int (*authenticate)(struct fingerprint_device *dev, uint64_t operation_id, uint32_t gid); @@ -206,8 +207,7 @@ typedef struct fingerprint_device { * Function return: 0 if callback function is successfuly registered * -1 otherwise. */ - int (*set_notify)(struct fingerprint_device *dev, - fingerprint_notify_t notify); + int (*set_notify)(struct fingerprint_device *dev, fingerprint_notify_t notify); /* * Client provided callback function to receive notifications. diff --git a/include/hardware/fused_location.h b/include/hardware/fused_location.h index ff64aef..73360a1 100644 --- a/include/hardware/fused_location.h +++ b/include/hardware/fused_location.h @@ -72,6 +72,37 @@ __BEGIN_DECLS #define FLP_TECH_MASK_BLUETOOTH (1U<<4) /** + * Set when your implementation can produce GNNS-derived locations, + * for use with flp_capabilities_callback. + * + * GNNS is a required capability for a particular feature to be used + * (batching or geofencing). If not supported that particular feature + * won't be used by the upper layer. + */ +#define CAPABILITY_GNSS (1U<<0) +/** + * Set when your implementation can produce WiFi-derived locations, for + * use with flp_capabilities_callback. + */ +#define CAPABILITY_WIFI (1U<<1) +/** + * Set when your implementation can produce cell-derived locations, for + * use with flp_capabilities_callback. + */ +#define CAPABILITY_CELL (1U<<3) + +/** + * Status to return in flp_status_callback when your implementation transitions + * from being unsuccessful in determining location to being successful. + */ +#define FLP_STATUS_LOCATION_AVAILABLE 0 +/** + * Status to return in flp_status_callback when your implementation transitions + * from being successful in determining location to being unsuccessful. + */ +#define FLP_STATUS_LOCATION_UNAVAILABLE 1 + +/** * This constant is used with the batched locations * APIs. Batching is mandatory when FLP implementation * is supported. If the flag is set, the hardware implementation @@ -183,6 +214,33 @@ typedef void (*flp_release_wakelock)(); */ typedef int (*flp_set_thread_event)(ThreadEvent event); +/** + * Callback for technologies supported by this implementation. + * + * Parameters: capabilities is a bitmask of FLP_CAPABILITY_* values describing + * which features your implementation supports. You should support + * CAPABILITY_GNSS at a minimum for your implementation to be utilized. You can + * return 0 in FlpGeofenceCallbacks to indicate you don't support geofencing, + * or 0 in FlpCallbacks to indicate you don't support location batching. + */ +typedef void (*flp_capabilities_callback)(int capabilities); + +/** + * Callback with status information on the ability to compute location. + * To avoid waking up the application processor you should only send + * changes in status (you shouldn't call this method twice in a row + * with the same status value). As a guideline you should not call this + * more frequently then the requested batch period set with period_ns + * in FlpBatchOptions. For example if period_ns is set to 5 minutes and + * the status changes many times in that interval, you should only report + * one status change every 5 minutes. + * + * Parameters: + * status is one of FLP_STATUS_LOCATION_AVAILABLE + * or FLP_STATUS_LOCATION_UNAVAILABLE. + */ +typedef void (*flp_status_callback)(int32_t status); + /** FLP callback structure. */ typedef struct { /** set to sizeof(FlpCallbacks) */ @@ -191,6 +249,8 @@ typedef struct { flp_acquire_wakelock acquire_wakelock_cb; flp_release_wakelock release_wakelock_cb; flp_set_thread_event set_thread_event_cb; + flp_capabilities_callback flp_capabilities_cb; + flp_status_callback flp_status_cb; } FlpCallbacks; @@ -266,7 +326,9 @@ typedef struct { /** * Opens the interface and provides the callback routines - * to the implemenation of this interface. + * to the implementation of this interface. Once called you should respond + * by calling the flp_capabilities_callback in FlpCallbacks to + * specify the capabilities that your implementation supports. */ int (*init)(FlpCallbacks* callbacks ); @@ -363,6 +425,15 @@ typedef struct { * Get a pointer to extension information. */ const void* (*get_extension)(const char* name); + + /** + * Retrieve all batched locations currently stored and clear the buffer. + * flp_location_callback MUST be called in response, even if there are + * no locations to flush (in which case num_locations should be 0). + * Subsequent calls to get_batched_location or flush_batched_locations + * should not return any of the locations returned in this call. + */ + void (*flush_batched_locations)(); } FlpLocationInterface; struct flp_device_t { @@ -615,6 +686,7 @@ typedef struct { flp_geofence_pause_callback geofence_pause_callback; flp_geofence_resume_callback geofence_resume_callback; flp_set_thread_event set_thread_event_cb; + flp_capabilities_callback flp_capabilities_cb; } FlpGeofenceCallbacks; @@ -695,7 +767,9 @@ typedef struct { /** * Opens the geofence interface and provides the callback routines - * to the implemenation of this interface. + * to the implemenation of this interface. Once called you should respond + * by calling the flp_capabilities_callback in FlpGeofenceCallbacks to + * specify the capabilities that your implementation supports. */ void (*init)( FlpGeofenceCallbacks* callbacks ); diff --git a/include/hardware/gatekeeper.h b/include/hardware/gatekeeper.h index 7cc7f8d..89d96b1 100644 --- a/include/hardware/gatekeeper.h +++ b/include/hardware/gatekeeper.h @@ -103,6 +103,10 @@ struct gatekeeper_device { * - dev: pointer to gatekeeper_device acquired via calls to gatekeeper_open * - uid: the Android user identifier * + * - challenge: An optional challenge to authenticate against, or 0. Used when a separate + * authenticator requests password verification, or for transactional + * password authentication. + * * - enrolled_password_handle: the currently enrolled password handle that the * user wishes to verify against. * - enrolled_password_handle_length: the length in bytes of the buffer pointed @@ -122,7 +126,7 @@ struct gatekeeper_device { * Returns: 0 on success or an error code less than 0 on error * On error, auth token will not be allocated */ - int (*verify)(const struct gatekeeper_device *dev, uint32_t uid, + int (*verify)(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge, const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, const uint8_t *provided_password, uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length); diff --git a/include/hardware/gps.h b/include/hardware/gps.h index e264cf5..937436b 100644 --- a/include/hardware/gps.h +++ b/include/hardware/gps.h @@ -293,6 +293,8 @@ typedef uint32_t GpsMeasurementFlags; #define GPS_MEASUREMENT_HAS_DOPPLER_SHIFT_UNCERTAINTY (1<<16) /** A valid 'used in fix' flag is stored in the data structure. */ #define GPS_MEASUREMENT_HAS_USED_IN_FIX (1<<17) +/** The value of 'pseudorange rate' is uncorrected. */ +#define GPS_MEASUREMENT_HAS_UNCORRECTED_PSEUDORANGE_RATE (1<<18) /** * Enumeration of the available values for the GPS Measurement's loss of lock. @@ -1353,6 +1355,9 @@ typedef struct { * * The value contains the 'drift uncertainty' in it. * If the data is available 'flags' must contain GPS_CLOCK_HAS_DRIFT. + * + * If GpsMeasurement's 'flags' field contains GPS_MEASUREMENT_HAS_UNCORRECTED_PSEUDORANGE_RATE, + * it is encouraged that this field is also provided. */ double drift_nsps; @@ -1416,11 +1421,15 @@ typedef struct { * * However, if there is any ambiguity in integer millisecond, * GPS_MEASUREMENT_STATE_MSEC_AMBIGUOUS should be set accordingly, in the 'state' field. + * + * This value must be populated if 'state' != GPS_MEASUREMENT_STATE_UNKNOWN. */ int64_t received_gps_tow_ns; /** * 1-Sigma uncertainty of the Received GPS Time-of-Week in nanoseconds. + * + * This value must be populated if 'state' != GPS_MEASUREMENT_STATE_UNKNOWN. */ int64_t received_gps_tow_uncertainty_ns; @@ -1434,11 +1443,23 @@ typedef struct { /** * Pseudorange rate at the timestamp in m/s. - * The value also includes the effects of the receiver clock frequency and satellite clock - * frequency errors. + * The effects of the receiver clock frequency and satellite clock frequency errors, are known + * as the correction of a given Pseudorange rate value. + * + * If GPS_MEASUREMENT_HAS_UNCORRECTED_PSEUDORANGE_RATE is set in 'flags' field, this field must + * be populated with the 'uncorrected' reading. + * If GPS_MEASUREMENT_HAS_UNCORRECTED_PSEUDORANGE_RATE is not set in 'flags' field, this field + * must be populated with the 'corrected' reading. This is the default behavior. + * + * It is encouraged to provide the 'uncorrected' 'pseudorange rate', and provide GpsClock's + * 'drift' field as well. * * The value includes the 'pseudorange rate uncertainty' in it. - * A positive value indicates that the pseudorange is getting larger. + * A positive 'uncorrected' value indicates that the SV is moving away from the receiver. + * + * The sign of the 'uncorrected' 'pseudorange rate' and its correlation to the sign of 'doppler + * shift' is given by the equation: + * pseudorange rate = -k * doppler shift * * This is a Mandatory value. */ @@ -1462,13 +1483,21 @@ typedef struct { /** * Accumulated delta range since the last channel reset in meters. - * The data is available if 'accumulated delta range state' != GPS_ADR_STATE_UNKNOWN. + * A positive value indicates that the SV is moving away fro the receiver. + * + * The sign of the 'accumulated delta range' and its correlation to the sign of 'carrier phase' + * is given by the equation: + * accumulated delta range = -k * carrier phase + * + * This value must be populated if 'accumulated delta range state' != GPS_ADR_STATE_UNKNOWN. + * However, it is expected that the data is only accurate when: + * 'accumulated delta range state' == GPS_ADR_STATE_VALID. */ double accumulated_delta_range_m; /** * 1-Sigma uncertainty of the accumulated delta range in meters. - * The data is available if 'accumulated delta range state' != GPS_ADR_STATE_UNKNOWN. + * This value must be populated if 'accumulated delta range state' != GPS_ADR_STATE_UNKNOWN. */ double accumulated_delta_range_uncertainty_m; diff --git a/include/hardware/hw_auth_token.h b/include/hardware/hw_auth_token.h index 154c1fd..f471d1a 100644 --- a/include/hardware/hw_auth_token.h +++ b/include/hardware/hw_auth_token.h @@ -19,14 +19,16 @@ #ifndef ANDROID_HARDWARE_HW_AUTH_TOKEN_H #define ANDROID_HARDWARE_HW_AUTH_TOKEN_H -#ifndef __cplusplus +#ifdef __cplusplus extern "C" { #endif // __cplusplus +const uint8_t HW_AUTH_TOKEN_VERSION = 0; + typedef enum { HW_AUTH_NONE = 0, - HW_AUTH_PASSWORD = 1 << 1, - HW_AUTH_FINGERPRINT = 1 << 2, + HW_AUTH_PASSWORD = 1 << 0, + HW_AUTH_FINGERPRINT = 1 << 1, // Additional entries should be powers of 2. HW_AUTH_ANY = UINT32_MAX, } hw_authenticator_type_t; @@ -40,11 +42,11 @@ typedef struct __attribute__((__packed__)) { uint64_t user_id; // secure user ID, not Android user ID uint64_t authenticator_id; // secure authenticator ID uint32_t authenticator_type; // hw_authenticator_type_t, in network order - uint32_t timestamp; // in network order + uint64_t timestamp; // in network order uint8_t hmac[32]; } hw_auth_token_t; -#ifndef __cplusplus +#ifdef __cplusplus } // extern "C" #endif // __cplusplus diff --git a/include/hardware/keymaster1.h b/include/hardware/keymaster1.h index dae3b8e..4227f57 100644 --- a/include/hardware/keymaster1.h +++ b/include/hardware/keymaster1.h @@ -466,10 +466,8 @@ struct keymaster1_device { * This function is optional and should be set to NULL if it is not implemented. * * \param[in] dev The keymaster device structure. - * - * Returns 0 on success or an error code less than 0. */ - int (*delete_all_keys)(const struct keymaster1_device* dev); + keymaster_error_t (*delete_all_keys)(const struct keymaster1_device* dev); /** * Begins a cryptographic operation using the specified key. If all is well, begin() will diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h index dd2c764..2b43f2c 100644 --- a/include/hardware/keymaster_defs.h +++ b/include/hardware/keymaster_defs.h @@ -55,13 +55,12 @@ typedef enum { KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */ KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */ KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */ - KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */ - KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */ - KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC or AEAD authentication tag length in bits. */ - KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */ - KM_TAG_RETURN_UNAUTHED = KM_BOOL | 8, /* Allow AEAD decryption to return plaintext before it has + KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */ + KM_TAG_DIGEST = KM_ENUM_REP | 5, /* keymaster_digest_t. */ + KM_TAG_PADDING = KM_ENUM_REP | 6, /* keymaster_padding_t. */ + KM_TAG_RETURN_UNAUTHED = KM_BOOL | 7, /* Allow AEAD decryption to return plaintext before it has been authenticated. WARNING: Not recommended. */ - KM_TAG_CALLER_NONCE = KM_BOOL | 9, /* Allow caller to specify nonce or IV. */ + KM_TAG_CALLER_NONCE = KM_BOOL | 8, /* Allow caller to specify nonce or IV. */ /* Other hardware-enforced. */ KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */ @@ -70,11 +69,6 @@ typedef enum { /* Algorithm-specific. */ KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */ - KM_TAG_DSA_GENERATOR = KM_BIGNUM | 201, - KM_TAG_DSA_P = KM_BIGNUM | 202, - KM_TAG_DSA_Q = KM_BIGNUM | 203, - /* Note there are no EC-specific params. Field size is defined by KM_TAG_KEY_SIZE, and the - curve is chosen from NIST recommendations for field size */ /* * Tags that should be semantically enforced by hardware if possible and will otherwise be @@ -135,6 +129,7 @@ typedef enum { KM_TAG_AUTH_TOKEN = KM_BYTES | 1003, /* Authentication token that proves secure user authentication has been performed. Structure defined in hw_auth_token_t in hw_auth_token.h. */ + KM_TAG_MAC_LENGTH = KM_INT | 1004, /* MAC or AEAD authentication tag length in bits. */ } keymaster_tag_t; /** @@ -143,60 +138,35 @@ typedef enum { */ typedef enum { /* Asymmetric algorithms. */ - KM_ALGORITHM_RSA = 1, /* required */ - KM_ALGORITHM_DSA = 2, - KM_ALGORITHM_ECDSA = 3, /* required */ - KM_ALGORITHM_ECIES = 4, - /* FIPS Approved Ciphers */ - KM_ALGORITHM_AES = 32, /* required */ - KM_ALGORITHM_3DES = 33, - KM_ALGORITHM_SKIPJACK = 34, - /* AES Finalists */ - KM_ALGORITHM_MARS = 48, - KM_ALGORITHM_RC6 = 49, - KM_ALGORITHM_SERPENT = 50, - KM_ALGORITHM_TWOFISH = 51, - /* Other common block ciphers */ - KM_ALGORITHM_IDEA = 52, - KM_ALGORITHM_RC5 = 53, - KM_ALGORITHM_CAST5 = 54, - KM_ALGORITHM_BLOWFISH = 55, - /* Common stream ciphers */ - KM_ALGORITHM_RC4 = 64, - KM_ALGORITHM_CHACHA20 = 65, + KM_ALGORITHM_RSA = 1, + // KM_ALGORITHM_DSA = 2, -- Removed, do not re-use value 2. + KM_ALGORITHM_EC = 3, + + /* Block ciphers algorithms */ + KM_ALGORITHM_AES = 32, + /* MAC algorithms */ - KM_ALGORITHM_HMAC = 128, /* required */ + KM_ALGORITHM_HMAC = 128, } keymaster_algorithm_t; /** - * Symmetric block cipher modes that may be provided by keymaster implementations. Those that must - * be provided by all implementations are tagged as "required". This type is new in 0_4. + * Symmetric block cipher modes provided by keymaster implementations. * - * KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes, - * but markers used to separate the available modes into classes. + * KM_MODE_FIRST_UNAUTHENTICATED and KM_MODE_FIRST_AUTHENTICATED are not modes but markers used to + * separate the available modes into classes. */ typedef enum { /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended * except for compatibility with existing other protocols. */ KM_MODE_FIRST_UNAUTHENTICATED = 1, - KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */ - KM_MODE_CBC = 2, /* required */ - KM_MODE_CBC_CTS = 3, /* recommended */ - KM_MODE_CTR = 4, /* recommended */ - KM_MODE_OFB = 5, - KM_MODE_CFB = 6, - KM_MODE_XTS = 7, /* Note: requires double-length keys */ + KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, + KM_MODE_CBC = 2, + KM_MODE_CTR = 4, + /* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended - * over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is - * required. */ + * over unauthenticated modes for all purposes. */ KM_MODE_FIRST_AUTHENTICATED = 32, KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED, - KM_MODE_OCB = 33, - KM_MODE_CCM = 34, - /* MAC modes -- only for signing/verification */ - KM_MODE_FIRST_MAC = 128, - KM_MODE_CMAC = KM_MODE_FIRST_MAC, - KM_MODE_POLY1305 = 129, } keymaster_block_mode_t; /** @@ -206,44 +176,41 @@ typedef enum { * cryptographically-appropriate pairs. */ typedef enum { - KM_PAD_NONE = 1, /* required, deprecated */ - KM_PAD_RSA_OAEP = 2, /* required */ - KM_PAD_RSA_PSS = 3, /* required */ + KM_PAD_NONE = 1, /* deprecated */ + KM_PAD_RSA_OAEP = 2, + KM_PAD_RSA_PSS = 3, KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4, KM_PAD_RSA_PKCS1_1_5_SIGN = 5, - KM_PAD_ANSI_X923 = 32, - KM_PAD_ISO_10126 = 33, - KM_PAD_ZERO = 64, /* required */ - KM_PAD_PKCS7 = 65, /* required */ - KM_PAD_ISO_7816_4 = 66, + KM_PAD_PKCS7 = 64, } keymaster_padding_t; /** - * Digests that may be provided by keymaster implementations. Those that must be provided by all - * implementations are tagged as "required". Those that have been added since version 0_2 of the - * API are tagged as "new". + * Digests provided by keymaster implementations. */ typedef enum { - KM_DIGEST_NONE = 0, /* new, required */ - KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */ - KM_DIGEST_SHA1 = 2, /* new */ - KM_DIGEST_SHA_2_224 = 3, /* new */ - KM_DIGEST_SHA_2_256 = 4, /* new, required */ - KM_DIGEST_SHA_2_384 = 5, /* new, recommended */ - KM_DIGEST_SHA_2_512 = 6, /* new, recommended */ - KM_DIGEST_SHA_3_256 = 7, /* new */ - KM_DIGEST_SHA_3_384 = 8, /* new */ - KM_DIGEST_SHA_3_512 = 9, /* new */ + KM_DIGEST_NONE = 0, + KM_DIGEST_MD5 = 1, /* Optional, may not be implemented in hardware, will be handled in software + * if needed. */ + KM_DIGEST_SHA1 = 2, + KM_DIGEST_SHA_2_224 = 3, + KM_DIGEST_SHA_2_256 = 4, + KM_DIGEST_SHA_2_384 = 5, + KM_DIGEST_SHA_2_512 = 6, } keymaster_digest_t; /** - * The origin of a key (or pair), i.e. where it was generated. Origin and can be used together to - * determine whether a key may have existed outside of secure hardware. This type is new in 0_4. + * The origin of a key (or pair), i.e. where it was generated. Note that KM_TAG_ORIGIN can be found + * in either the hardware-enforced or software-enforced list for a key, indicating whether the key + * is hardware or software-based. Specifically, a key with KM_ORIGIN_GENERATED in the + * hardware-enforced list is guaranteed never to have existed outide the secure hardware. */ typedef enum { - KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */ - KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */ - KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */ + KM_ORIGIN_GENERATED = 0, /* Generated in keymaster */ + KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */ + KM_ORIGIN_UNKNOWN = 3, /* Keymaster did not record origin. This value can only be seen on + * keys in a keymaster0 implementation. The keymaster0 adapter uses + * this value to document the fact that it is unkown whether the key + * was generated inside or imported into keymaster. */ } keymaster_key_origin_t; /** @@ -312,10 +279,9 @@ typedef struct { * In the future this list will expand greatly to accommodate asymmetric key import/export. */ typedef enum { - KM_KEY_FORMAT_X509 = 0, /* for public key export, required */ - KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import, required */ - KM_KEY_FORMAT_PKCS12 = 2, /* for asymmetric key pair import, not required */ - KM_KEY_FORMAT_RAW = 3, /* for symmetric key import, required */ + KM_KEY_FORMAT_X509 = 0, /* for public key export */ + KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import */ + KM_KEY_FORMAT_RAW = 3, /* for symmetric key import */ } keymaster_key_format_t; /** @@ -370,7 +336,6 @@ typedef enum { KM_ERROR_INVALID_TAG = -40, KM_ERROR_MEMORY_ALLOCATION_FAILED = -41, KM_ERROR_INVALID_RESCOPING = -42, - KM_ERROR_INVALID_DSA_PARAMS = -43, KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44, KM_ERROR_SECURE_HW_ACCESS_DENIED = -45, KM_ERROR_OPERATION_CANCELLED = -46, diff --git a/modules/fingerprint/fingerprint.c b/modules/fingerprint/fingerprint.c index 0f11954..ac7e35b 100644 --- a/modules/fingerprint/fingerprint.c +++ b/modules/fingerprint/fingerprint.c @@ -33,12 +33,13 @@ static int fingerprint_close(hw_device_t *dev) } static int fingerprint_enroll(struct fingerprint_device __unused *dev, + const hw_auth_token_t __unused *hat, uint32_t __unused gid, uint32_t __unused timeout_sec) { return FINGERPRINT_ERROR; } -static int fingerprint_enroll_cancel(struct fingerprint_device __unused *dev) { +static int fingerprint_cancel(struct fingerprint_device __unused *dev) { return FINGERPRINT_ERROR; } @@ -81,7 +82,7 @@ static int fingerprint_open(const hw_module_t* module, const char __unused *id, dev->common.close = fingerprint_close; dev->enroll = fingerprint_enroll; - dev->enroll_cancel = fingerprint_enroll_cancel; + dev->cancel = fingerprint_cancel; dev->remove = fingerprint_remove; dev->set_active_group = fingerprint_set_active_group; dev->authenticate = fingerprint_authenticate; diff --git a/tests/fingerprint/fingerprint_tests.cpp b/tests/fingerprint/fingerprint_tests.cpp index 4ae0d73..db7429c 100644 --- a/tests/fingerprint/fingerprint_tests.cpp +++ b/tests/fingerprint/fingerprint_tests.cpp @@ -24,6 +24,16 @@ TEST_F(FingerprintDevice, isThereEnroll) { << "enroll() function is not implemented"; } +TEST_F(FingerprintDevice, isTherePreEnroll) { + ASSERT_TRUE(NULL != fp_device()->pre_enroll) + << "pre_enroll() function is not implemented"; +} + +TEST_F(FingerprintDevice, isThereCancel) { + ASSERT_TRUE(NULL != fp_device()->cancel) + << "cancel() function is not implemented"; +} + TEST_F(FingerprintDevice, isThereRemove) { ASSERT_TRUE(NULL != fp_device()->remove) << "remove() function is not implemented"; @@ -34,6 +44,11 @@ TEST_F(FingerprintDevice, isThereAuthenticate) { << "authenticate() function is not implemented"; } +TEST_F(FingerprintDevice, isThereSetActiveGroup) { + ASSERT_TRUE(NULL != fp_device()->set_active_group) + << "set_active_group() function is not implemented"; +} + TEST_F(FingerprintDevice, isThereSetNotify) { ASSERT_TRUE(NULL != fp_device()->set_notify) << "set_notify() function is not implemented"; |