Merge "Add support for capability querying in the FLP HAL"
diff --git a/include/hardware/bluetooth.h b/include/hardware/bluetooth.h
index 74cd1fc..75c9e9c 100644
--- a/include/hardware/bluetooth.h
+++ b/include/hardware/bluetooth.h
@@ -143,14 +143,15 @@
typedef struct
{
+ uint16_t version_supported;
uint8_t local_privacy_enabled;
uint8_t max_adv_instance;
uint8_t rpa_offload_supported;
uint8_t max_irk_list_size;
uint8_t max_adv_filter_supported;
- uint8_t scan_result_storage_size_lobyte;
- uint8_t scan_result_storage_size_hibyte;
uint8_t activity_energy_info_supported;
+ uint16_t scan_result_storage_size;
+ uint16_t total_trackable_advertisers;
}bt_local_le_features_t;
/* Bluetooth Adapter and Remote Device property types */
diff --git a/include/hardware/bt_common_types.h b/include/hardware/bt_common_types.h
new file mode 100644
index 0000000..e30ac24
--- /dev/null
+++ b/include/hardware/bt_common_types.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/******************************************************************************
+ *
+ * This file contains constants and definitions that can be used commonly between JNI and stack layer
+ *
+ ******************************************************************************/
+#ifndef ANDROID_INCLUDE_BT_COMMON_TYPES_H
+#define ANDROID_INCLUDE_BT_COMMON_TYPES_H
+
+#include "bluetooth.h"
+
+typedef struct
+{
+ uint8_t client_if;
+ uint8_t filt_index;
+ uint8_t advertiser_state;
+ uint8_t advertiser_info_present;
+ uint8_t addr_type;
+ uint8_t tx_power;
+ int8_t rssi_value;
+ uint16_t time_stamp;
+ bt_bdaddr_t bd_addr;
+ uint8_t adv_pkt_len;
+ uint8_t *p_adv_pkt_data;
+ uint8_t scan_rsp_len;
+ uint8_t *p_scan_rsp_data;
+} btgatt_track_adv_info_t;
+
+#endif /* ANDROID_INCLUDE_BT_COMMON_TYPES_H */
diff --git a/include/hardware/bt_gatt_client.h b/include/hardware/bt_gatt_client.h
index 8073dd1..7881dc8 100644
--- a/include/hardware/bt_gatt_client.h
+++ b/include/hardware/bt_gatt_client.h
@@ -20,6 +20,7 @@
#include <stdint.h>
#include "bt_gatt_types.h"
+#include "bt_common_types.h"
__BEGIN_DECLS
@@ -69,6 +70,23 @@
typedef struct
{
+ uint8_t client_if;
+ uint8_t action;
+ uint8_t filt_index;
+ uint16_t feat_seln;
+ uint16_t list_logic_type;
+ uint8_t filt_logic_type;
+ uint8_t rssi_high_thres;
+ uint8_t rssi_low_thres;
+ uint8_t dely_mode;
+ uint16_t found_timeout;
+ uint16_t lost_timeout;
+ uint8_t found_timeout_cnt;
+ uint16_t num_of_tracking_entries;
+} btgatt_filt_param_setup_t;
+
+typedef struct
+{
bt_bdaddr_t *bda1;
bt_uuid_t *uuid1;
uint16_t u1;
@@ -202,8 +220,7 @@
typedef void (*batchscan_threshold_callback)(int client_if);
/** Track ADV VSE callback invoked when tracked device is found or lost */
-typedef void (*track_adv_event_callback)(int client_if, int filt_index, int addr_type,
- bt_bdaddr_t* bda, int adv_state);
+typedef void (*track_adv_event_callback)(btgatt_track_adv_info_t *p_track_adv_info);
typedef struct {
register_client_callback register_client_cb;
@@ -336,10 +353,7 @@
bt_status_t (*read_remote_rssi)( int client_if, const bt_bdaddr_t *bd_addr);
/** Setup scan filter params */
- bt_status_t (*scan_filter_param_setup)(int client_if, int action, int filt_index, int feat_seln,
- int list_logic_type, int filt_logic_type, int rssi_high_thres,
- int rssi_low_thres, int dely_mode, int found_timeout,
- int lost_timeout, int found_timeout_cnt);
+ bt_status_t (*scan_filter_param_setup)(btgatt_filt_param_setup_t filt_param);
/** Configure a scan filter condition */
diff --git a/include/hardware/fingerprint.h b/include/hardware/fingerprint.h
index 1fe8cc9..1d190a6 100644
--- a/include/hardware/fingerprint.h
+++ b/include/hardware/fingerprint.h
@@ -154,16 +154,26 @@
int (*enroll)(struct fingerprint_device *dev, uint32_t gid, uint32_t timeout_sec);
/*
- * Cancel fingerprint enroll request:
- * Switches the HAL state machine back to accept a fingerprint scan mode.
- * (fingerprint_msg.type == FINGERPRINT_TEMPLATE_ENROLLING &&
- * fingerprint_msg.data.enroll.samples_remaining == 0)
+ * Fingerprint pre-enroll enroll request:
+ * Generates a unique token to upper layers to indicate the start of an enrollment transaction.
+ * This token will be wrapped by security for verification and passed to enroll() for
+ * verification before enrollment will be allowed. This is to ensure adding a new fingerprint
+ * template was preceded by some kind of credential confirmation (e.g. device password).
+ *
+ * Function return: 0 if function failed
+ * otherwise, a uint64_t of token
+ */
+ uint64_t (*pre_enroll)(struct fingerprint_device *dev);
+
+ /*
+ * Cancel pending enroll or authenticate, sending FINGERPRINT_ERROR_CANCELED
+ * to all running clients. Switches the HAL state machine back to the idle state.
* will indicate switch back to the scan mode.
*
* Function return: 0 if cancel request is accepted
* -1 otherwise.
*/
- int (*enroll_cancel)(struct fingerprint_device *dev);
+ int (*cancel)(struct fingerprint_device *dev);
/*
* Fingerprint remove request:
@@ -193,7 +203,7 @@
* Authenticates an operation identifed by operation_id
*
* Function return: 0 on success
- * -1 if the size is out of bounds.
+ * -1 if the operation cannot be completed
*/
int (*authenticate)(struct fingerprint_device *dev, uint64_t operation_id, uint32_t gid);
@@ -206,8 +216,7 @@
* Function return: 0 if callback function is successfuly registered
* -1 otherwise.
*/
- int (*set_notify)(struct fingerprint_device *dev,
- fingerprint_notify_t notify);
+ int (*set_notify)(struct fingerprint_device *dev, fingerprint_notify_t notify);
/*
* Client provided callback function to receive notifications.
diff --git a/include/hardware/gatekeeper.h b/include/hardware/gatekeeper.h
index 7cc7f8d..89d96b1 100644
--- a/include/hardware/gatekeeper.h
+++ b/include/hardware/gatekeeper.h
@@ -103,6 +103,10 @@
* - dev: pointer to gatekeeper_device acquired via calls to gatekeeper_open
* - uid: the Android user identifier
*
+ * - challenge: An optional challenge to authenticate against, or 0. Used when a separate
+ * authenticator requests password verification, or for transactional
+ * password authentication.
+ *
* - enrolled_password_handle: the currently enrolled password handle that the
* user wishes to verify against.
* - enrolled_password_handle_length: the length in bytes of the buffer pointed
@@ -122,7 +126,7 @@
* Returns: 0 on success or an error code less than 0 on error
* On error, auth token will not be allocated
*/
- int (*verify)(const struct gatekeeper_device *dev, uint32_t uid,
+ int (*verify)(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge,
const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
const uint8_t *provided_password, uint32_t provided_password_length,
uint8_t **auth_token, uint32_t *auth_token_length);
diff --git a/include/hardware/hw_auth_token.h b/include/hardware/hw_auth_token.h
index 154c1fd..f471d1a 100644
--- a/include/hardware/hw_auth_token.h
+++ b/include/hardware/hw_auth_token.h
@@ -19,14 +19,16 @@
#ifndef ANDROID_HARDWARE_HW_AUTH_TOKEN_H
#define ANDROID_HARDWARE_HW_AUTH_TOKEN_H
-#ifndef __cplusplus
+#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
+const uint8_t HW_AUTH_TOKEN_VERSION = 0;
+
typedef enum {
HW_AUTH_NONE = 0,
- HW_AUTH_PASSWORD = 1 << 1,
- HW_AUTH_FINGERPRINT = 1 << 2,
+ HW_AUTH_PASSWORD = 1 << 0,
+ HW_AUTH_FINGERPRINT = 1 << 1,
// Additional entries should be powers of 2.
HW_AUTH_ANY = UINT32_MAX,
} hw_authenticator_type_t;
@@ -40,11 +42,11 @@
uint64_t user_id; // secure user ID, not Android user ID
uint64_t authenticator_id; // secure authenticator ID
uint32_t authenticator_type; // hw_authenticator_type_t, in network order
- uint32_t timestamp; // in network order
+ uint64_t timestamp; // in network order
uint8_t hmac[32];
} hw_auth_token_t;
-#ifndef __cplusplus
+#ifdef __cplusplus
} // extern "C"
#endif // __cplusplus
diff --git a/include/hardware/keymaster1.h b/include/hardware/keymaster1.h
index dae3b8e..4227f57 100644
--- a/include/hardware/keymaster1.h
+++ b/include/hardware/keymaster1.h
@@ -466,10 +466,8 @@
* This function is optional and should be set to NULL if it is not implemented.
*
* \param[in] dev The keymaster device structure.
- *
- * Returns 0 on success or an error code less than 0.
*/
- int (*delete_all_keys)(const struct keymaster1_device* dev);
+ keymaster_error_t (*delete_all_keys)(const struct keymaster1_device* dev);
/**
* Begins a cryptographic operation using the specified key. If all is well, begin() will
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index dd2c764..81a62fe 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -55,13 +55,12 @@
KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */
KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */
KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */
- KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */
- KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */
- KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC or AEAD authentication tag length in bits. */
- KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */
- KM_TAG_RETURN_UNAUTHED = KM_BOOL | 8, /* Allow AEAD decryption to return plaintext before it has
+ KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */
+ KM_TAG_DIGEST = KM_ENUM_REP | 5, /* keymaster_digest_t. */
+ KM_TAG_PADDING = KM_ENUM_REP | 6, /* keymaster_padding_t. */
+ KM_TAG_RETURN_UNAUTHED = KM_BOOL | 7, /* Allow AEAD decryption to return plaintext before it has
been authenticated. WARNING: Not recommended. */
- KM_TAG_CALLER_NONCE = KM_BOOL | 9, /* Allow caller to specify nonce or IV. */
+ KM_TAG_CALLER_NONCE = KM_BOOL | 8, /* Allow caller to specify nonce or IV. */
/* Other hardware-enforced. */
KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */
@@ -70,11 +69,6 @@
/* Algorithm-specific. */
KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */
- KM_TAG_DSA_GENERATOR = KM_BIGNUM | 201,
- KM_TAG_DSA_P = KM_BIGNUM | 202,
- KM_TAG_DSA_Q = KM_BIGNUM | 203,
- /* Note there are no EC-specific params. Field size is defined by KM_TAG_KEY_SIZE, and the
- curve is chosen from NIST recommendations for field size */
/*
* Tags that should be semantically enforced by hardware if possible and will otherwise be
@@ -135,6 +129,7 @@
KM_TAG_AUTH_TOKEN = KM_BYTES | 1003, /* Authentication token that proves secure user
authentication has been performed. Structure
defined in hw_auth_token_t in hw_auth_token.h. */
+ KM_TAG_MAC_LENGTH = KM_INT | 1004, /* MAC or AEAD authentication tag length in bits. */
} keymaster_tag_t;
/**
@@ -143,60 +138,35 @@
*/
typedef enum {
/* Asymmetric algorithms. */
- KM_ALGORITHM_RSA = 1, /* required */
- KM_ALGORITHM_DSA = 2,
- KM_ALGORITHM_ECDSA = 3, /* required */
- KM_ALGORITHM_ECIES = 4,
- /* FIPS Approved Ciphers */
- KM_ALGORITHM_AES = 32, /* required */
- KM_ALGORITHM_3DES = 33,
- KM_ALGORITHM_SKIPJACK = 34,
- /* AES Finalists */
- KM_ALGORITHM_MARS = 48,
- KM_ALGORITHM_RC6 = 49,
- KM_ALGORITHM_SERPENT = 50,
- KM_ALGORITHM_TWOFISH = 51,
- /* Other common block ciphers */
- KM_ALGORITHM_IDEA = 52,
- KM_ALGORITHM_RC5 = 53,
- KM_ALGORITHM_CAST5 = 54,
- KM_ALGORITHM_BLOWFISH = 55,
- /* Common stream ciphers */
- KM_ALGORITHM_RC4 = 64,
- KM_ALGORITHM_CHACHA20 = 65,
+ KM_ALGORITHM_RSA = 1,
+ // KM_ALGORITHM_DSA = 2, -- Removed, do not re-use value 2.
+ KM_ALGORITHM_EC = 3,
+
+ /* Block ciphers algorithms */
+ KM_ALGORITHM_AES = 32,
+
/* MAC algorithms */
- KM_ALGORITHM_HMAC = 128, /* required */
+ KM_ALGORITHM_HMAC = 128,
} keymaster_algorithm_t;
/**
- * Symmetric block cipher modes that may be provided by keymaster implementations. Those that must
- * be provided by all implementations are tagged as "required". This type is new in 0_4.
+ * Symmetric block cipher modes provided by keymaster implementations.
*
- * KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes,
- * but markers used to separate the available modes into classes.
+ * KM_MODE_FIRST_UNAUTHENTICATED and KM_MODE_FIRST_AUTHENTICATED are not modes but markers used to
+ * separate the available modes into classes.
*/
typedef enum {
/* Unauthenticated modes, usable only for encryption/decryption and not generally recommended
* except for compatibility with existing other protocols. */
KM_MODE_FIRST_UNAUTHENTICATED = 1,
- KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */
- KM_MODE_CBC = 2, /* required */
- KM_MODE_CBC_CTS = 3, /* recommended */
- KM_MODE_CTR = 4, /* recommended */
- KM_MODE_OFB = 5,
- KM_MODE_CFB = 6,
- KM_MODE_XTS = 7, /* Note: requires double-length keys */
+ KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED,
+ KM_MODE_CBC = 2,
+ KM_MODE_CTR = 4,
+
/* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended
- * over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is
- * required. */
+ * over unauthenticated modes for all purposes. */
KM_MODE_FIRST_AUTHENTICATED = 32,
KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED,
- KM_MODE_OCB = 33,
- KM_MODE_CCM = 34,
- /* MAC modes -- only for signing/verification */
- KM_MODE_FIRST_MAC = 128,
- KM_MODE_CMAC = KM_MODE_FIRST_MAC,
- KM_MODE_POLY1305 = 129,
} keymaster_block_mode_t;
/**
@@ -206,43 +176,36 @@
* cryptographically-appropriate pairs.
*/
typedef enum {
- KM_PAD_NONE = 1, /* required, deprecated */
- KM_PAD_RSA_OAEP = 2, /* required */
- KM_PAD_RSA_PSS = 3, /* required */
+ KM_PAD_NONE = 1, /* deprecated */
+ KM_PAD_RSA_OAEP = 2,
+ KM_PAD_RSA_PSS = 3,
KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
- KM_PAD_ANSI_X923 = 32,
- KM_PAD_ISO_10126 = 33,
- KM_PAD_ZERO = 64, /* required */
- KM_PAD_PKCS7 = 65, /* required */
- KM_PAD_ISO_7816_4 = 66,
+ KM_PAD_PKCS7 = 64,
} keymaster_padding_t;
/**
- * Digests that may be provided by keymaster implementations. Those that must be provided by all
- * implementations are tagged as "required". Those that have been added since version 0_2 of the
- * API are tagged as "new".
+ * Digests provided by keymaster implementations.
*/
typedef enum {
- KM_DIGEST_NONE = 0, /* new, required */
- KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */
- KM_DIGEST_SHA1 = 2, /* new */
- KM_DIGEST_SHA_2_224 = 3, /* new */
- KM_DIGEST_SHA_2_256 = 4, /* new, required */
- KM_DIGEST_SHA_2_384 = 5, /* new, recommended */
- KM_DIGEST_SHA_2_512 = 6, /* new, recommended */
- KM_DIGEST_SHA_3_256 = 7, /* new */
- KM_DIGEST_SHA_3_384 = 8, /* new */
- KM_DIGEST_SHA_3_512 = 9, /* new */
+ KM_DIGEST_NONE = 0,
+ KM_DIGEST_MD5 = 1, /* Optional, may not be implemented in hardware, will be handled in software
+ * if needed. */
+ KM_DIGEST_SHA1 = 2,
+ KM_DIGEST_SHA_2_224 = 3,
+ KM_DIGEST_SHA_2_256 = 4,
+ KM_DIGEST_SHA_2_384 = 5,
+ KM_DIGEST_SHA_2_512 = 6,
} keymaster_digest_t;
/**
- * The origin of a key (or pair), i.e. where it was generated. Origin and can be used together to
- * determine whether a key may have existed outside of secure hardware. This type is new in 0_4.
+ * The origin of a key (or pair), i.e. where it was generated. Note that KM_TAG_ORIGIN can be found
+ * in either the hardware-enforced or software-enforced list for a key, indicating whether the key
+ * is hardware or software-based. Specifically, a key with KM_ORIGIN_GENERATED in the
+ * hardware-enforced list is guaranteed never to have existed outide the secure hardware.
*/
typedef enum {
- KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */
- KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */
+ KM_ORIGIN_GENERATED = 0, /* Generated in keymaster */
KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */
} keymaster_key_origin_t;
@@ -312,10 +275,9 @@
* In the future this list will expand greatly to accommodate asymmetric key import/export.
*/
typedef enum {
- KM_KEY_FORMAT_X509 = 0, /* for public key export, required */
- KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import, required */
- KM_KEY_FORMAT_PKCS12 = 2, /* for asymmetric key pair import, not required */
- KM_KEY_FORMAT_RAW = 3, /* for symmetric key import, required */
+ KM_KEY_FORMAT_X509 = 0, /* for public key export */
+ KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import */
+ KM_KEY_FORMAT_RAW = 3, /* for symmetric key import */
} keymaster_key_format_t;
/**
@@ -370,7 +332,6 @@
KM_ERROR_INVALID_TAG = -40,
KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
KM_ERROR_INVALID_RESCOPING = -42,
- KM_ERROR_INVALID_DSA_PARAMS = -43,
KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
KM_ERROR_OPERATION_CANCELLED = -46,
diff --git a/modules/fingerprint/fingerprint.c b/modules/fingerprint/fingerprint.c
index 0f11954..f9fd44b 100644
--- a/modules/fingerprint/fingerprint.c
+++ b/modules/fingerprint/fingerprint.c
@@ -38,7 +38,7 @@
return FINGERPRINT_ERROR;
}
-static int fingerprint_enroll_cancel(struct fingerprint_device __unused *dev) {
+static int fingerprint_cancel(struct fingerprint_device __unused *dev) {
return FINGERPRINT_ERROR;
}
@@ -81,7 +81,7 @@
dev->common.close = fingerprint_close;
dev->enroll = fingerprint_enroll;
- dev->enroll_cancel = fingerprint_enroll_cancel;
+ dev->cancel = fingerprint_cancel;
dev->remove = fingerprint_remove;
dev->set_active_group = fingerprint_set_active_group;
dev->authenticate = fingerprint_authenticate;
diff --git a/tests/fingerprint/fingerprint_tests.cpp b/tests/fingerprint/fingerprint_tests.cpp
index 4ae0d73..db7429c 100644
--- a/tests/fingerprint/fingerprint_tests.cpp
+++ b/tests/fingerprint/fingerprint_tests.cpp
@@ -24,6 +24,16 @@
<< "enroll() function is not implemented";
}
+TEST_F(FingerprintDevice, isTherePreEnroll) {
+ ASSERT_TRUE(NULL != fp_device()->pre_enroll)
+ << "pre_enroll() function is not implemented";
+}
+
+TEST_F(FingerprintDevice, isThereCancel) {
+ ASSERT_TRUE(NULL != fp_device()->cancel)
+ << "cancel() function is not implemented";
+}
+
TEST_F(FingerprintDevice, isThereRemove) {
ASSERT_TRUE(NULL != fp_device()->remove)
<< "remove() function is not implemented";
@@ -34,6 +44,11 @@
<< "authenticate() function is not implemented";
}
+TEST_F(FingerprintDevice, isThereSetActiveGroup) {
+ ASSERT_TRUE(NULL != fp_device()->set_active_group)
+ << "set_active_group() function is not implemented";
+}
+
TEST_F(FingerprintDevice, isThereSetNotify) {
ASSERT_TRUE(NULL != fp_device()->set_notify)
<< "set_notify() function is not implemented";