commit 8fa2fb74cf85c9759f62e394154b05947b652ebf
author Andres Morales <anmorales@google.com> Thu Mar 19 08:40:41 2015 -0700
committer Andres Morales <anmorales@google.com> Thu Mar 19 08:40:41 2015 -0700
tree b95cc13f5fa6f60ffece7f44df8f579240774d3e
parent ee84ee01befd4dab7e7a2019143f18fbe2be8daa

Update keyguard API

Change-Id: I51f144134e58109ed6e9747926645bd956631ad4

include/hardware/keyguard.h

diff --git a/include/hardware/keyguard.h b/include/hardware/keyguard.h
index 88dcad1..a0600cd 100644
--- a/include/hardware/keyguard.h
+++ b/include/hardware/keyguard.h
@@ -46,15 +46,21 @@
     hw_device_t common;
 
     /**
-     * Enrolls password_payload, which should be derived from a user selected pin or password,
+     * Enrolls desired_password, which should be derived from a user selected pin or password,
      * with the authentication factor private key used only for enrolling authentication
      * factor data.
      *
+     * If there was already a password enrolled, it should be provided in
+     * current_password_handle, along with the current password in current_password
+     * that should validate against current_password_handle.
+     *
      * Returns: 0 on success or an error code less than 0 on error.
      * On error, enrolled_password_handle will not be allocated.
      */
     int (*enroll)(const struct keyguard_device *dev, uint32_t uid,
-            const uint8_t *password_payload, size_t password_payload_length,
+            const uint8_t *current_password_handle, size_t current_password_handle_length,
+            const uint8_t *current_password, size_t current_password_length,
+            const uint8_t *desired_password, size_t desired_password_length,
             uint8_t **enrolled_password_handle, size_t *enrolled_password_handle_length);
 
     /**
@@ -63,7 +69,7 @@
      * Implementations of this module may retain the result of this call
      * to attest to the recency of authentication.
      *
-     * On success, writes the address of a verification token to verification_token,
+     * On success, writes the address of a verification token to auth_token,
      * usable to attest password verification to other trusted services. Clients
      * may pass NULL for this value.
      *
@@ -73,7 +79,7 @@
     int (*verify)(const struct keyguard_device *dev, uint32_t uid,
             const uint8_t *enrolled_password_handle, size_t enrolled_password_handle_length,
             const uint8_t *provided_password, size_t provided_password_length,
-            uint8_t **verification_token, size_t *verification_token_length);
+            uint8_t **auth_token, size_t *auth_token_length);
 
 };
 typedef struct keyguard_device keyguard_device_t;