Merge "Change struct offsets tests"
diff --git a/include/hardware/bluetooth.h b/include/hardware/bluetooth.h
index 74cd1fc..75c9e9c 100644
--- a/include/hardware/bluetooth.h
+++ b/include/hardware/bluetooth.h
@@ -143,14 +143,15 @@
typedef struct
{
+ uint16_t version_supported;
uint8_t local_privacy_enabled;
uint8_t max_adv_instance;
uint8_t rpa_offload_supported;
uint8_t max_irk_list_size;
uint8_t max_adv_filter_supported;
- uint8_t scan_result_storage_size_lobyte;
- uint8_t scan_result_storage_size_hibyte;
uint8_t activity_energy_info_supported;
+ uint16_t scan_result_storage_size;
+ uint16_t total_trackable_advertisers;
}bt_local_le_features_t;
/* Bluetooth Adapter and Remote Device property types */
diff --git a/include/hardware/bt_common_types.h b/include/hardware/bt_common_types.h
new file mode 100644
index 0000000..e30ac24
--- /dev/null
+++ b/include/hardware/bt_common_types.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/******************************************************************************
+ *
+ * This file contains constants and definitions that can be used commonly between JNI and stack layer
+ *
+ ******************************************************************************/
+#ifndef ANDROID_INCLUDE_BT_COMMON_TYPES_H
+#define ANDROID_INCLUDE_BT_COMMON_TYPES_H
+
+#include "bluetooth.h"
+
+typedef struct
+{
+ uint8_t client_if;
+ uint8_t filt_index;
+ uint8_t advertiser_state;
+ uint8_t advertiser_info_present;
+ uint8_t addr_type;
+ uint8_t tx_power;
+ int8_t rssi_value;
+ uint16_t time_stamp;
+ bt_bdaddr_t bd_addr;
+ uint8_t adv_pkt_len;
+ uint8_t *p_adv_pkt_data;
+ uint8_t scan_rsp_len;
+ uint8_t *p_scan_rsp_data;
+} btgatt_track_adv_info_t;
+
+#endif /* ANDROID_INCLUDE_BT_COMMON_TYPES_H */
diff --git a/include/hardware/bt_gatt_client.h b/include/hardware/bt_gatt_client.h
index 8073dd1..7881dc8 100644
--- a/include/hardware/bt_gatt_client.h
+++ b/include/hardware/bt_gatt_client.h
@@ -20,6 +20,7 @@
#include <stdint.h>
#include "bt_gatt_types.h"
+#include "bt_common_types.h"
__BEGIN_DECLS
@@ -69,6 +70,23 @@
typedef struct
{
+ uint8_t client_if;
+ uint8_t action;
+ uint8_t filt_index;
+ uint16_t feat_seln;
+ uint16_t list_logic_type;
+ uint8_t filt_logic_type;
+ uint8_t rssi_high_thres;
+ uint8_t rssi_low_thres;
+ uint8_t dely_mode;
+ uint16_t found_timeout;
+ uint16_t lost_timeout;
+ uint8_t found_timeout_cnt;
+ uint16_t num_of_tracking_entries;
+} btgatt_filt_param_setup_t;
+
+typedef struct
+{
bt_bdaddr_t *bda1;
bt_uuid_t *uuid1;
uint16_t u1;
@@ -202,8 +220,7 @@
typedef void (*batchscan_threshold_callback)(int client_if);
/** Track ADV VSE callback invoked when tracked device is found or lost */
-typedef void (*track_adv_event_callback)(int client_if, int filt_index, int addr_type,
- bt_bdaddr_t* bda, int adv_state);
+typedef void (*track_adv_event_callback)(btgatt_track_adv_info_t *p_track_adv_info);
typedef struct {
register_client_callback register_client_cb;
@@ -336,10 +353,7 @@
bt_status_t (*read_remote_rssi)( int client_if, const bt_bdaddr_t *bd_addr);
/** Setup scan filter params */
- bt_status_t (*scan_filter_param_setup)(int client_if, int action, int filt_index, int feat_seln,
- int list_logic_type, int filt_logic_type, int rssi_high_thres,
- int rssi_low_thres, int dely_mode, int found_timeout,
- int lost_timeout, int found_timeout_cnt);
+ bt_status_t (*scan_filter_param_setup)(btgatt_filt_param_setup_t filt_param);
/** Configure a scan filter condition */
diff --git a/include/hardware/fingerprint.h b/include/hardware/fingerprint.h
index 1fe8cc9..68687b2 100644
--- a/include/hardware/fingerprint.h
+++ b/include/hardware/fingerprint.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_INCLUDE_HARDWARE_FINGERPRINT_H
#define ANDROID_INCLUDE_HARDWARE_FINGERPRINT_H
+#include <hardware/hw_auth_token.h>
+
#define FINGERPRINT_MODULE_API_VERSION_1_0 HARDWARE_MODULE_API_VERSION(1, 0)
#define FINGERPRINT_MODULE_API_VERSION_2_0 HARDWARE_MODULE_API_VERSION(2, 0)
#define FINGERPRINT_HARDWARE_MODULE_ID "fingerprint"
@@ -24,7 +26,6 @@
typedef enum fingerprint_msg_type {
FINGERPRINT_ERROR = -1,
FINGERPRINT_ACQUIRED = 1,
- FINGERPRINT_PROCESSED = 2,
FINGERPRINT_TEMPLATE_ENROLLING = 3,
FINGERPRINT_TEMPLATE_REMOVED = 4,
FINGERPRINT_AUTHENTICATED = 5
@@ -97,19 +98,9 @@
fingerprint_acquired_info_t acquired_info; /* information about the image */
} fingerprint_acquired_t;
-typedef struct fingerprint_processed {
- fingerprint_finger_id_t finger; /* all 0s is a special case and means no match */
-} fingerprint_processed_t;
-
typedef struct fingerprint_authenticated {
- uint32_t user_id;
- uint32_t auth_id;
- uint32_t timestamp;
- uint32_t app_id;
- uint64_t crypto_op_id;
- uint8_t hmac[16]; /* 128-bit */
- uint32_t auth_token_size;
- uint8_t *auth_token;
+ fingerprint_finger_id_t finger;
+ hw_auth_token_t hat;
} fingerprint_authenticated_t;
typedef struct fingerprint_msg {
@@ -119,7 +110,6 @@
fingerprint_enroll_t enroll;
fingerprint_removed_t removed;
fingerprint_acquired_t acquired;
- fingerprint_processed_t processed;
fingerprint_authenticated_t authenticated;
} data;
} fingerprint_msg_t;
@@ -151,19 +141,30 @@
* -1 otherwise. A notify() function may be called
* indicating the error condition.
*/
- int (*enroll)(struct fingerprint_device *dev, uint32_t gid, uint32_t timeout_sec);
+ int (*enroll)(struct fingerprint_device *dev, const hw_auth_token_t *hat,
+ uint32_t gid, uint32_t timeout_sec);
/*
- * Cancel fingerprint enroll request:
- * Switches the HAL state machine back to accept a fingerprint scan mode.
- * (fingerprint_msg.type == FINGERPRINT_TEMPLATE_ENROLLING &&
- * fingerprint_msg.data.enroll.samples_remaining == 0)
+ * Fingerprint pre-enroll enroll request:
+ * Generates a unique token to upper layers to indicate the start of an enrollment transaction.
+ * This token will be wrapped by security for verification and passed to enroll() for
+ * verification before enrollment will be allowed. This is to ensure adding a new fingerprint
+ * template was preceded by some kind of credential confirmation (e.g. device password).
+ *
+ * Function return: 0 if function failed
+ * otherwise, a uint64_t of token
+ */
+ uint64_t (*pre_enroll)(struct fingerprint_device *dev);
+
+ /*
+ * Cancel pending enroll or authenticate, sending FINGERPRINT_ERROR_CANCELED
+ * to all running clients. Switches the HAL state machine back to the idle state.
* will indicate switch back to the scan mode.
*
* Function return: 0 if cancel request is accepted
* -1 otherwise.
*/
- int (*enroll_cancel)(struct fingerprint_device *dev);
+ int (*cancel)(struct fingerprint_device *dev);
/*
* Fingerprint remove request:
@@ -193,7 +194,7 @@
* Authenticates an operation identifed by operation_id
*
* Function return: 0 on success
- * -1 if the size is out of bounds.
+ * -1 if the operation cannot be completed
*/
int (*authenticate)(struct fingerprint_device *dev, uint64_t operation_id, uint32_t gid);
@@ -206,8 +207,7 @@
* Function return: 0 if callback function is successfuly registered
* -1 otherwise.
*/
- int (*set_notify)(struct fingerprint_device *dev,
- fingerprint_notify_t notify);
+ int (*set_notify)(struct fingerprint_device *dev, fingerprint_notify_t notify);
/*
* Client provided callback function to receive notifications.
diff --git a/include/hardware/fused_location.h b/include/hardware/fused_location.h
index ff64aef..73360a1 100644
--- a/include/hardware/fused_location.h
+++ b/include/hardware/fused_location.h
@@ -72,6 +72,37 @@
#define FLP_TECH_MASK_BLUETOOTH (1U<<4)
/**
+ * Set when your implementation can produce GNNS-derived locations,
+ * for use with flp_capabilities_callback.
+ *
+ * GNNS is a required capability for a particular feature to be used
+ * (batching or geofencing). If not supported that particular feature
+ * won't be used by the upper layer.
+ */
+#define CAPABILITY_GNSS (1U<<0)
+/**
+ * Set when your implementation can produce WiFi-derived locations, for
+ * use with flp_capabilities_callback.
+ */
+#define CAPABILITY_WIFI (1U<<1)
+/**
+ * Set when your implementation can produce cell-derived locations, for
+ * use with flp_capabilities_callback.
+ */
+#define CAPABILITY_CELL (1U<<3)
+
+/**
+ * Status to return in flp_status_callback when your implementation transitions
+ * from being unsuccessful in determining location to being successful.
+ */
+#define FLP_STATUS_LOCATION_AVAILABLE 0
+/**
+ * Status to return in flp_status_callback when your implementation transitions
+ * from being successful in determining location to being unsuccessful.
+ */
+#define FLP_STATUS_LOCATION_UNAVAILABLE 1
+
+/**
* This constant is used with the batched locations
* APIs. Batching is mandatory when FLP implementation
* is supported. If the flag is set, the hardware implementation
@@ -183,6 +214,33 @@
*/
typedef int (*flp_set_thread_event)(ThreadEvent event);
+/**
+ * Callback for technologies supported by this implementation.
+ *
+ * Parameters: capabilities is a bitmask of FLP_CAPABILITY_* values describing
+ * which features your implementation supports. You should support
+ * CAPABILITY_GNSS at a minimum for your implementation to be utilized. You can
+ * return 0 in FlpGeofenceCallbacks to indicate you don't support geofencing,
+ * or 0 in FlpCallbacks to indicate you don't support location batching.
+ */
+typedef void (*flp_capabilities_callback)(int capabilities);
+
+/**
+ * Callback with status information on the ability to compute location.
+ * To avoid waking up the application processor you should only send
+ * changes in status (you shouldn't call this method twice in a row
+ * with the same status value). As a guideline you should not call this
+ * more frequently then the requested batch period set with period_ns
+ * in FlpBatchOptions. For example if period_ns is set to 5 minutes and
+ * the status changes many times in that interval, you should only report
+ * one status change every 5 minutes.
+ *
+ * Parameters:
+ * status is one of FLP_STATUS_LOCATION_AVAILABLE
+ * or FLP_STATUS_LOCATION_UNAVAILABLE.
+ */
+typedef void (*flp_status_callback)(int32_t status);
+
/** FLP callback structure. */
typedef struct {
/** set to sizeof(FlpCallbacks) */
@@ -191,6 +249,8 @@
flp_acquire_wakelock acquire_wakelock_cb;
flp_release_wakelock release_wakelock_cb;
flp_set_thread_event set_thread_event_cb;
+ flp_capabilities_callback flp_capabilities_cb;
+ flp_status_callback flp_status_cb;
} FlpCallbacks;
@@ -266,7 +326,9 @@
/**
* Opens the interface and provides the callback routines
- * to the implemenation of this interface.
+ * to the implementation of this interface. Once called you should respond
+ * by calling the flp_capabilities_callback in FlpCallbacks to
+ * specify the capabilities that your implementation supports.
*/
int (*init)(FlpCallbacks* callbacks );
@@ -363,6 +425,15 @@
* Get a pointer to extension information.
*/
const void* (*get_extension)(const char* name);
+
+ /**
+ * Retrieve all batched locations currently stored and clear the buffer.
+ * flp_location_callback MUST be called in response, even if there are
+ * no locations to flush (in which case num_locations should be 0).
+ * Subsequent calls to get_batched_location or flush_batched_locations
+ * should not return any of the locations returned in this call.
+ */
+ void (*flush_batched_locations)();
} FlpLocationInterface;
struct flp_device_t {
@@ -615,6 +686,7 @@
flp_geofence_pause_callback geofence_pause_callback;
flp_geofence_resume_callback geofence_resume_callback;
flp_set_thread_event set_thread_event_cb;
+ flp_capabilities_callback flp_capabilities_cb;
} FlpGeofenceCallbacks;
@@ -695,7 +767,9 @@
/**
* Opens the geofence interface and provides the callback routines
- * to the implemenation of this interface.
+ * to the implemenation of this interface. Once called you should respond
+ * by calling the flp_capabilities_callback in FlpGeofenceCallbacks to
+ * specify the capabilities that your implementation supports.
*/
void (*init)( FlpGeofenceCallbacks* callbacks );
diff --git a/include/hardware/gatekeeper.h b/include/hardware/gatekeeper.h
index 7cc7f8d..89d96b1 100644
--- a/include/hardware/gatekeeper.h
+++ b/include/hardware/gatekeeper.h
@@ -103,6 +103,10 @@
* - dev: pointer to gatekeeper_device acquired via calls to gatekeeper_open
* - uid: the Android user identifier
*
+ * - challenge: An optional challenge to authenticate against, or 0. Used when a separate
+ * authenticator requests password verification, or for transactional
+ * password authentication.
+ *
* - enrolled_password_handle: the currently enrolled password handle that the
* user wishes to verify against.
* - enrolled_password_handle_length: the length in bytes of the buffer pointed
@@ -122,7 +126,7 @@
* Returns: 0 on success or an error code less than 0 on error
* On error, auth token will not be allocated
*/
- int (*verify)(const struct gatekeeper_device *dev, uint32_t uid,
+ int (*verify)(const struct gatekeeper_device *dev, uint32_t uid, uint64_t challenge,
const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
const uint8_t *provided_password, uint32_t provided_password_length,
uint8_t **auth_token, uint32_t *auth_token_length);
diff --git a/include/hardware/gps.h b/include/hardware/gps.h
index e264cf5..937436b 100644
--- a/include/hardware/gps.h
+++ b/include/hardware/gps.h
@@ -293,6 +293,8 @@
#define GPS_MEASUREMENT_HAS_DOPPLER_SHIFT_UNCERTAINTY (1<<16)
/** A valid 'used in fix' flag is stored in the data structure. */
#define GPS_MEASUREMENT_HAS_USED_IN_FIX (1<<17)
+/** The value of 'pseudorange rate' is uncorrected. */
+#define GPS_MEASUREMENT_HAS_UNCORRECTED_PSEUDORANGE_RATE (1<<18)
/**
* Enumeration of the available values for the GPS Measurement's loss of lock.
@@ -1353,6 +1355,9 @@
*
* The value contains the 'drift uncertainty' in it.
* If the data is available 'flags' must contain GPS_CLOCK_HAS_DRIFT.
+ *
+ * If GpsMeasurement's 'flags' field contains GPS_MEASUREMENT_HAS_UNCORRECTED_PSEUDORANGE_RATE,
+ * it is encouraged that this field is also provided.
*/
double drift_nsps;
@@ -1416,11 +1421,15 @@
*
* However, if there is any ambiguity in integer millisecond,
* GPS_MEASUREMENT_STATE_MSEC_AMBIGUOUS should be set accordingly, in the 'state' field.
+ *
+ * This value must be populated if 'state' != GPS_MEASUREMENT_STATE_UNKNOWN.
*/
int64_t received_gps_tow_ns;
/**
* 1-Sigma uncertainty of the Received GPS Time-of-Week in nanoseconds.
+ *
+ * This value must be populated if 'state' != GPS_MEASUREMENT_STATE_UNKNOWN.
*/
int64_t received_gps_tow_uncertainty_ns;
@@ -1434,11 +1443,23 @@
/**
* Pseudorange rate at the timestamp in m/s.
- * The value also includes the effects of the receiver clock frequency and satellite clock
- * frequency errors.
+ * The effects of the receiver clock frequency and satellite clock frequency errors, are known
+ * as the correction of a given Pseudorange rate value.
+ *
+ * If GPS_MEASUREMENT_HAS_UNCORRECTED_PSEUDORANGE_RATE is set in 'flags' field, this field must
+ * be populated with the 'uncorrected' reading.
+ * If GPS_MEASUREMENT_HAS_UNCORRECTED_PSEUDORANGE_RATE is not set in 'flags' field, this field
+ * must be populated with the 'corrected' reading. This is the default behavior.
+ *
+ * It is encouraged to provide the 'uncorrected' 'pseudorange rate', and provide GpsClock's
+ * 'drift' field as well.
*
* The value includes the 'pseudorange rate uncertainty' in it.
- * A positive value indicates that the pseudorange is getting larger.
+ * A positive 'uncorrected' value indicates that the SV is moving away from the receiver.
+ *
+ * The sign of the 'uncorrected' 'pseudorange rate' and its correlation to the sign of 'doppler
+ * shift' is given by the equation:
+ * pseudorange rate = -k * doppler shift
*
* This is a Mandatory value.
*/
@@ -1462,13 +1483,21 @@
/**
* Accumulated delta range since the last channel reset in meters.
- * The data is available if 'accumulated delta range state' != GPS_ADR_STATE_UNKNOWN.
+ * A positive value indicates that the SV is moving away fro the receiver.
+ *
+ * The sign of the 'accumulated delta range' and its correlation to the sign of 'carrier phase'
+ * is given by the equation:
+ * accumulated delta range = -k * carrier phase
+ *
+ * This value must be populated if 'accumulated delta range state' != GPS_ADR_STATE_UNKNOWN.
+ * However, it is expected that the data is only accurate when:
+ * 'accumulated delta range state' == GPS_ADR_STATE_VALID.
*/
double accumulated_delta_range_m;
/**
* 1-Sigma uncertainty of the accumulated delta range in meters.
- * The data is available if 'accumulated delta range state' != GPS_ADR_STATE_UNKNOWN.
+ * This value must be populated if 'accumulated delta range state' != GPS_ADR_STATE_UNKNOWN.
*/
double accumulated_delta_range_uncertainty_m;
diff --git a/include/hardware/hw_auth_token.h b/include/hardware/hw_auth_token.h
index 154c1fd..f471d1a 100644
--- a/include/hardware/hw_auth_token.h
+++ b/include/hardware/hw_auth_token.h
@@ -19,14 +19,16 @@
#ifndef ANDROID_HARDWARE_HW_AUTH_TOKEN_H
#define ANDROID_HARDWARE_HW_AUTH_TOKEN_H
-#ifndef __cplusplus
+#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
+const uint8_t HW_AUTH_TOKEN_VERSION = 0;
+
typedef enum {
HW_AUTH_NONE = 0,
- HW_AUTH_PASSWORD = 1 << 1,
- HW_AUTH_FINGERPRINT = 1 << 2,
+ HW_AUTH_PASSWORD = 1 << 0,
+ HW_AUTH_FINGERPRINT = 1 << 1,
// Additional entries should be powers of 2.
HW_AUTH_ANY = UINT32_MAX,
} hw_authenticator_type_t;
@@ -40,11 +42,11 @@
uint64_t user_id; // secure user ID, not Android user ID
uint64_t authenticator_id; // secure authenticator ID
uint32_t authenticator_type; // hw_authenticator_type_t, in network order
- uint32_t timestamp; // in network order
+ uint64_t timestamp; // in network order
uint8_t hmac[32];
} hw_auth_token_t;
-#ifndef __cplusplus
+#ifdef __cplusplus
} // extern "C"
#endif // __cplusplus
diff --git a/include/hardware/keymaster1.h b/include/hardware/keymaster1.h
index dae3b8e..4227f57 100644
--- a/include/hardware/keymaster1.h
+++ b/include/hardware/keymaster1.h
@@ -466,10 +466,8 @@
* This function is optional and should be set to NULL if it is not implemented.
*
* \param[in] dev The keymaster device structure.
- *
- * Returns 0 on success or an error code less than 0.
*/
- int (*delete_all_keys)(const struct keymaster1_device* dev);
+ keymaster_error_t (*delete_all_keys)(const struct keymaster1_device* dev);
/**
* Begins a cryptographic operation using the specified key. If all is well, begin() will
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index dd2c764..2b43f2c 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -55,13 +55,12 @@
KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */
KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */
KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */
- KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */
- KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */
- KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC or AEAD authentication tag length in bits. */
- KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */
- KM_TAG_RETURN_UNAUTHED = KM_BOOL | 8, /* Allow AEAD decryption to return plaintext before it has
+ KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */
+ KM_TAG_DIGEST = KM_ENUM_REP | 5, /* keymaster_digest_t. */
+ KM_TAG_PADDING = KM_ENUM_REP | 6, /* keymaster_padding_t. */
+ KM_TAG_RETURN_UNAUTHED = KM_BOOL | 7, /* Allow AEAD decryption to return plaintext before it has
been authenticated. WARNING: Not recommended. */
- KM_TAG_CALLER_NONCE = KM_BOOL | 9, /* Allow caller to specify nonce or IV. */
+ KM_TAG_CALLER_NONCE = KM_BOOL | 8, /* Allow caller to specify nonce or IV. */
/* Other hardware-enforced. */
KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */
@@ -70,11 +69,6 @@
/* Algorithm-specific. */
KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */
- KM_TAG_DSA_GENERATOR = KM_BIGNUM | 201,
- KM_TAG_DSA_P = KM_BIGNUM | 202,
- KM_TAG_DSA_Q = KM_BIGNUM | 203,
- /* Note there are no EC-specific params. Field size is defined by KM_TAG_KEY_SIZE, and the
- curve is chosen from NIST recommendations for field size */
/*
* Tags that should be semantically enforced by hardware if possible and will otherwise be
@@ -135,6 +129,7 @@
KM_TAG_AUTH_TOKEN = KM_BYTES | 1003, /* Authentication token that proves secure user
authentication has been performed. Structure
defined in hw_auth_token_t in hw_auth_token.h. */
+ KM_TAG_MAC_LENGTH = KM_INT | 1004, /* MAC or AEAD authentication tag length in bits. */
} keymaster_tag_t;
/**
@@ -143,60 +138,35 @@
*/
typedef enum {
/* Asymmetric algorithms. */
- KM_ALGORITHM_RSA = 1, /* required */
- KM_ALGORITHM_DSA = 2,
- KM_ALGORITHM_ECDSA = 3, /* required */
- KM_ALGORITHM_ECIES = 4,
- /* FIPS Approved Ciphers */
- KM_ALGORITHM_AES = 32, /* required */
- KM_ALGORITHM_3DES = 33,
- KM_ALGORITHM_SKIPJACK = 34,
- /* AES Finalists */
- KM_ALGORITHM_MARS = 48,
- KM_ALGORITHM_RC6 = 49,
- KM_ALGORITHM_SERPENT = 50,
- KM_ALGORITHM_TWOFISH = 51,
- /* Other common block ciphers */
- KM_ALGORITHM_IDEA = 52,
- KM_ALGORITHM_RC5 = 53,
- KM_ALGORITHM_CAST5 = 54,
- KM_ALGORITHM_BLOWFISH = 55,
- /* Common stream ciphers */
- KM_ALGORITHM_RC4 = 64,
- KM_ALGORITHM_CHACHA20 = 65,
+ KM_ALGORITHM_RSA = 1,
+ // KM_ALGORITHM_DSA = 2, -- Removed, do not re-use value 2.
+ KM_ALGORITHM_EC = 3,
+
+ /* Block ciphers algorithms */
+ KM_ALGORITHM_AES = 32,
+
/* MAC algorithms */
- KM_ALGORITHM_HMAC = 128, /* required */
+ KM_ALGORITHM_HMAC = 128,
} keymaster_algorithm_t;
/**
- * Symmetric block cipher modes that may be provided by keymaster implementations. Those that must
- * be provided by all implementations are tagged as "required". This type is new in 0_4.
+ * Symmetric block cipher modes provided by keymaster implementations.
*
- * KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes,
- * but markers used to separate the available modes into classes.
+ * KM_MODE_FIRST_UNAUTHENTICATED and KM_MODE_FIRST_AUTHENTICATED are not modes but markers used to
+ * separate the available modes into classes.
*/
typedef enum {
/* Unauthenticated modes, usable only for encryption/decryption and not generally recommended
* except for compatibility with existing other protocols. */
KM_MODE_FIRST_UNAUTHENTICATED = 1,
- KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */
- KM_MODE_CBC = 2, /* required */
- KM_MODE_CBC_CTS = 3, /* recommended */
- KM_MODE_CTR = 4, /* recommended */
- KM_MODE_OFB = 5,
- KM_MODE_CFB = 6,
- KM_MODE_XTS = 7, /* Note: requires double-length keys */
+ KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED,
+ KM_MODE_CBC = 2,
+ KM_MODE_CTR = 4,
+
/* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended
- * over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is
- * required. */
+ * over unauthenticated modes for all purposes. */
KM_MODE_FIRST_AUTHENTICATED = 32,
KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED,
- KM_MODE_OCB = 33,
- KM_MODE_CCM = 34,
- /* MAC modes -- only for signing/verification */
- KM_MODE_FIRST_MAC = 128,
- KM_MODE_CMAC = KM_MODE_FIRST_MAC,
- KM_MODE_POLY1305 = 129,
} keymaster_block_mode_t;
/**
@@ -206,44 +176,41 @@
* cryptographically-appropriate pairs.
*/
typedef enum {
- KM_PAD_NONE = 1, /* required, deprecated */
- KM_PAD_RSA_OAEP = 2, /* required */
- KM_PAD_RSA_PSS = 3, /* required */
+ KM_PAD_NONE = 1, /* deprecated */
+ KM_PAD_RSA_OAEP = 2,
+ KM_PAD_RSA_PSS = 3,
KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
- KM_PAD_ANSI_X923 = 32,
- KM_PAD_ISO_10126 = 33,
- KM_PAD_ZERO = 64, /* required */
- KM_PAD_PKCS7 = 65, /* required */
- KM_PAD_ISO_7816_4 = 66,
+ KM_PAD_PKCS7 = 64,
} keymaster_padding_t;
/**
- * Digests that may be provided by keymaster implementations. Those that must be provided by all
- * implementations are tagged as "required". Those that have been added since version 0_2 of the
- * API are tagged as "new".
+ * Digests provided by keymaster implementations.
*/
typedef enum {
- KM_DIGEST_NONE = 0, /* new, required */
- KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */
- KM_DIGEST_SHA1 = 2, /* new */
- KM_DIGEST_SHA_2_224 = 3, /* new */
- KM_DIGEST_SHA_2_256 = 4, /* new, required */
- KM_DIGEST_SHA_2_384 = 5, /* new, recommended */
- KM_DIGEST_SHA_2_512 = 6, /* new, recommended */
- KM_DIGEST_SHA_3_256 = 7, /* new */
- KM_DIGEST_SHA_3_384 = 8, /* new */
- KM_DIGEST_SHA_3_512 = 9, /* new */
+ KM_DIGEST_NONE = 0,
+ KM_DIGEST_MD5 = 1, /* Optional, may not be implemented in hardware, will be handled in software
+ * if needed. */
+ KM_DIGEST_SHA1 = 2,
+ KM_DIGEST_SHA_2_224 = 3,
+ KM_DIGEST_SHA_2_256 = 4,
+ KM_DIGEST_SHA_2_384 = 5,
+ KM_DIGEST_SHA_2_512 = 6,
} keymaster_digest_t;
/**
- * The origin of a key (or pair), i.e. where it was generated. Origin and can be used together to
- * determine whether a key may have existed outside of secure hardware. This type is new in 0_4.
+ * The origin of a key (or pair), i.e. where it was generated. Note that KM_TAG_ORIGIN can be found
+ * in either the hardware-enforced or software-enforced list for a key, indicating whether the key
+ * is hardware or software-based. Specifically, a key with KM_ORIGIN_GENERATED in the
+ * hardware-enforced list is guaranteed never to have existed outide the secure hardware.
*/
typedef enum {
- KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */
- KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */
- KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */
+ KM_ORIGIN_GENERATED = 0, /* Generated in keymaster */
+ KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */
+ KM_ORIGIN_UNKNOWN = 3, /* Keymaster did not record origin. This value can only be seen on
+ * keys in a keymaster0 implementation. The keymaster0 adapter uses
+ * this value to document the fact that it is unkown whether the key
+ * was generated inside or imported into keymaster. */
} keymaster_key_origin_t;
/**
@@ -312,10 +279,9 @@
* In the future this list will expand greatly to accommodate asymmetric key import/export.
*/
typedef enum {
- KM_KEY_FORMAT_X509 = 0, /* for public key export, required */
- KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import, required */
- KM_KEY_FORMAT_PKCS12 = 2, /* for asymmetric key pair import, not required */
- KM_KEY_FORMAT_RAW = 3, /* for symmetric key import, required */
+ KM_KEY_FORMAT_X509 = 0, /* for public key export */
+ KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import */
+ KM_KEY_FORMAT_RAW = 3, /* for symmetric key import */
} keymaster_key_format_t;
/**
@@ -370,7 +336,6 @@
KM_ERROR_INVALID_TAG = -40,
KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
KM_ERROR_INVALID_RESCOPING = -42,
- KM_ERROR_INVALID_DSA_PARAMS = -43,
KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
KM_ERROR_OPERATION_CANCELLED = -46,
diff --git a/modules/fingerprint/fingerprint.c b/modules/fingerprint/fingerprint.c
index 0f11954..ac7e35b 100644
--- a/modules/fingerprint/fingerprint.c
+++ b/modules/fingerprint/fingerprint.c
@@ -33,12 +33,13 @@
}
static int fingerprint_enroll(struct fingerprint_device __unused *dev,
+ const hw_auth_token_t __unused *hat,
uint32_t __unused gid,
uint32_t __unused timeout_sec) {
return FINGERPRINT_ERROR;
}
-static int fingerprint_enroll_cancel(struct fingerprint_device __unused *dev) {
+static int fingerprint_cancel(struct fingerprint_device __unused *dev) {
return FINGERPRINT_ERROR;
}
@@ -81,7 +82,7 @@
dev->common.close = fingerprint_close;
dev->enroll = fingerprint_enroll;
- dev->enroll_cancel = fingerprint_enroll_cancel;
+ dev->cancel = fingerprint_cancel;
dev->remove = fingerprint_remove;
dev->set_active_group = fingerprint_set_active_group;
dev->authenticate = fingerprint_authenticate;
diff --git a/tests/fingerprint/fingerprint_tests.cpp b/tests/fingerprint/fingerprint_tests.cpp
index 4ae0d73..db7429c 100644
--- a/tests/fingerprint/fingerprint_tests.cpp
+++ b/tests/fingerprint/fingerprint_tests.cpp
@@ -24,6 +24,16 @@
<< "enroll() function is not implemented";
}
+TEST_F(FingerprintDevice, isTherePreEnroll) {
+ ASSERT_TRUE(NULL != fp_device()->pre_enroll)
+ << "pre_enroll() function is not implemented";
+}
+
+TEST_F(FingerprintDevice, isThereCancel) {
+ ASSERT_TRUE(NULL != fp_device()->cancel)
+ << "cancel() function is not implemented";
+}
+
TEST_F(FingerprintDevice, isThereRemove) {
ASSERT_TRUE(NULL != fp_device()->remove)
<< "remove() function is not implemented";
@@ -34,6 +44,11 @@
<< "authenticate() function is not implemented";
}
+TEST_F(FingerprintDevice, isThereSetActiveGroup) {
+ ASSERT_TRUE(NULL != fp_device()->set_active_group)
+ << "set_active_group() function is not implemented";
+}
+
TEST_F(FingerprintDevice, isThereSetNotify) {
ASSERT_TRUE(NULL != fp_device()->set_notify)
<< "set_notify() function is not implemented";