Add KM_TAG_AUTH_TOKEN and corresponding auth token structure.
We may want to put the auth token structure elsewhere; it's consumed by
keymaster but produced by other components.
Bug: 19511945
Change-Id: Id9a22ad32137f3e0380c2812f790bbecab511d11
diff --git a/include/hardware/hw_auth_token.h b/include/hardware/hw_auth_token.h
new file mode 100644
index 0000000..ffb72a9
--- /dev/null
+++ b/include/hardware/hw_auth_token.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+
+#ifndef ANDROID_HARDWARE_HW_AUTH_TOKEN_H
+#define ANDROID_HARDWARE_HW_AUTH_TOKEN_H
+
+__BEGIN_DECLS
+
+typedef enum {
+ HW_AUTH_NONE = 0,
+ HW_AUTH_PASSWORD = 1 << 1,
+ HW_AUTH_FINGERPRINT = 1 << 2,
+ // Additional entries should be powers of 2.
+ HW_AUTH_ANY = UINT32_MAX,
+} hw_authenticator_type_t;
+
+/**
+ * Data format for an authentication record used to prove successful authentication.
+ */
+typedef struct __attribute__((__packed__)) {
+ uint8_t version; // Current version is 0
+ uint64_t challenge;
+ uint64_t user_id; // secure user ID, not Android user ID
+ uint64_t authenticator_id; // secure authenticator ID
+ uint32_t authenticator_type; // hw_authenticator_type_t, in network order
+ uint32_t timestamp; // in network order
+ uint8_t hmac[32];
+} hw_auth_token_t;
+
+__END_DECLS
+
+#endif // ANDROID_HARDWARE_HW_AUTH_TOKEN_H
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index 3b08ab8..e7ef5b5 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -21,9 +21,7 @@
#include <stdlib.h>
#include <string.h>
-#if defined(__cplusplus)
-extern "C" {
-#endif // defined(__cplusplus)
+__BEGIN_DECLS
/**
* Authorization tags each have an associated type. This enumeration facilitates tagging each with
@@ -128,6 +126,9 @@
KM_TAG_NONCE = KM_BYTES | 1001, /* Nonce or Initialization Vector */
KM_TAG_CHUNK_LENGTH = KM_INT | 1002, /* AEAD mode chunk size, in bytes. 0 means no limit,
which requires KM_TAG_RETURN_UNAUTHED. */
+ KM_TAG_AUTH_TOKEN = KM_BYTES | 1003, /* Authentication token that proves secure user
+ authentication has been performed. Structure
+ defined in hw_auth_token_t in hw_auth_token.h. */
} keymaster_tag_t;
/**
@@ -545,8 +546,6 @@
}
}
-#if defined(__cplusplus)
-} // extern "C"
-#endif // defined(__cplusplus)
+__END_DECLS
#endif // ANDROID_HARDWARE_KEYMASTER_DEFS_H