diff options
| author | Andres Morales <anmorales@google.com> | 2015-04-10 21:03:07 -0700 |
|---|---|---|
| committer | Andres Morales <anmorales@google.com> | 2015-04-11 18:29:04 -0700 |
| commit | c828ae87768f3539cefadb7e485b877995918299 (patch) | |
| tree | f9dc4f6a289ec1d684172ed419483cf5829cba53 /gatekeeperd/gatekeeperd.cpp | |
| parent | 851b57c1f81bd3572cf5908611ba029be934c706 (diff) | |
| download | core-c828ae87768f3539cefadb7e485b877995918299.tar.gz core-c828ae87768f3539cefadb7e485b877995918299.tar.bz2 core-c828ae87768f3539cefadb7e485b877995918299.zip | |
Update verify API to return auth token blob
Change-Id: I853e61815458b54fb3b2f29e12a147b3b9aa3788
Diffstat (limited to 'gatekeeperd/gatekeeperd.cpp')
| -rw-r--r-- | gatekeeperd/gatekeeperd.cpp | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp index 2a435a9c7..ea7016e6e 100644 --- a/gatekeeperd/gatekeeperd.cpp +++ b/gatekeeperd/gatekeeperd.cpp @@ -71,9 +71,20 @@ public: return ret >= 0 ? NO_ERROR : UNKNOWN_ERROR; } - virtual status_t verify(uint32_t uid, uint64_t challenge, + virtual status_t verify(uint32_t uid, const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, const uint8_t *provided_password, uint32_t provided_password_length) { + uint8_t *auth_token; + uint32_t auth_token_length; + return verifyChallenge(uid, 0, enrolled_password_handle, enrolled_password_handle_length, + provided_password, provided_password_length, + &auth_token, &auth_token_length); + } + + virtual status_t verifyChallenge(uint32_t uid, uint64_t challenge, + const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length, + const uint8_t *provided_password, uint32_t provided_password_length, + uint8_t **auth_token, uint32_t *auth_token_length) { IPCThreadState* ipc = IPCThreadState::self(); const int calling_pid = ipc->getCallingPid(); const int calling_uid = ipc->getCallingUid(); @@ -85,19 +96,17 @@ public: if ((enrolled_password_handle_length | provided_password_length) == 0) return -EINVAL; - uint8_t *auth_token; - uint32_t auth_token_length; int ret = device->verify(device, uid, challenge, enrolled_password_handle, enrolled_password_handle_length, - provided_password, provided_password_length, &auth_token, &auth_token_length); + provided_password, provided_password_length, auth_token, auth_token_length); - if (ret >= 0 && auth_token != NULL && auth_token_length > 0) { + if (ret >= 0 && *auth_token != NULL && *auth_token_length > 0) { // TODO: cache service? sp<IServiceManager> sm = defaultServiceManager(); sp<IBinder> binder = sm->getService(String16("android.security.keystore")); sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder); if (service != NULL) { - if (service->addAuthToken(auth_token, auth_token_length) != NO_ERROR) { + if (service->addAuthToken(*auth_token, *auth_token_length) != NO_ERROR) { ALOGE("Falure sending auth token to KeyStore"); } } else { |