Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 11:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move [generate|revoke]Challenge under ISession.aidl

Browse Source 
Bug: 171002801
Test: m android.hardware.biometrics.fingerprint-update-api
Test: atest VtsHalBiometricsFingerprintTargetTest
Change-Id: I2aa266b7b81003b7fd0ab0328833e5500de99908
This commit is contained in:
Ilya Matyukhin
2020-10-15 17:32:09 -07:00
parent 674906314e
commit 3d54f4576c
17 changed files with 117 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/IFingerprint.aidl
View File

@@ -20,6 +20,4 @@ package android.hardware.biometrics.fingerprint;
interface IFingerprint {
android.hardware.biometrics.fingerprint.SensorProps[] getSensorProps();
android.hardware.biometrics.fingerprint.ISession createSession(in int sensorId, in int userId, in android.hardware.biometrics.fingerprint.ISessionCallback cb);
void generateChallenge(in int sensorId, in int userId, in int timeoutSec, in android.hardware.biometrics.fingerprint.IGenerateChallengeCallback cb);
void revokeChallenge(in int sensorId, in int userId, in long challenge, in android.hardware.biometrics.fingerprint.IRevokeChallengeCallback cb);
}

22
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/IGenerateChallengeCallback.aidl
View File

@@ -1,22 +0,0 @@
///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
//
// You must not make a backward incompatible changes to the AIDL files built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.biometrics.fingerprint;
@VintfStability
interface IGenerateChallengeCallback {
oneway void onChallengeGenerated(in int sensorId, in int userId, in long challenge);
}

22
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/IRevokeChallengeCallback.aidl
View File

@@ -1,22 +0,0 @@
///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
//
// You must not make a backward incompatible changes to the AIDL files built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.biometrics.fingerprint;
@VintfStability
interface IRevokeChallengeCallback {
oneway void onChallengeRevoked(in int sensorId, in int userId, in long challenge);
}

2
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISession.aidl
View File

@@ -18,6 +18,8 @@
package android.hardware.biometrics.fingerprint;
@VintfStability
interface ISession {
void generateChallenge(in int cookie, in int timeoutSec);
void revokeChallenge(in int cookie, in long challenge);
android.hardware.biometrics.common.ICancellationSignal enroll(in int cookie, in android.hardware.keymaster.HardwareAuthToken hat);
android.hardware.biometrics.common.ICancellationSignal authenticate(in int cookie, in long operationId);
android.hardware.biometrics.common.ICancellationSignal detectInteraction(in int cookie);

2
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISessionCallback.aidl
View File

@@ -19,6 +19,8 @@ package android.hardware.biometrics.fingerprint;
@VintfStability
interface ISessionCallback {
void onStateChanged(in int cookie, in android.hardware.biometrics.fingerprint.SessionState state);
void onChallengeGenerated(in long challenge);
void onChallengeRevoked(in long challenge);
void onAcquired(in android.hardware.biometrics.fingerprint.AcquiredInfo info, in int vendorCode);
void onError(in android.hardware.biometrics.fingerprint.Error error, in int vendorCode);
void onEnrollmentProgress(in int enrollmentId, int remaining);

18
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/SessionState.aidl
View File

@@ -19,12 +19,14 @@ package android.hardware.biometrics.fingerprint;
@Backing(type="byte") @VintfStability
enum SessionState {
IDLING = 0,
ENROLLING = 1,
AUTHENTICATING = 2,
DETECTING_INTERACTION = 3,
ENUMERATING_ENROLLMENTS = 4,
REMOVING_ENROLLMENTS = 5,
GETTING_AUTHENTICATOR_ID = 6,
INVALIDATING_AUTHENTICATOR_ID = 7,
RESETTING_LOCKOUT = 8,
GENERATING_CHALLENGE = 1,
REVOKING_CHALLENGE = 2,
ENROLLING = 3,
AUTHENTICATING = 4,
DETECTING_INTERACTION = 5,
ENUMERATING_ENROLLMENTS = 6,
REMOVING_ENROLLMENTS = 7,
GETTING_AUTHENTICATOR_ID = 8,
INVALIDATING_AUTHENTICATOR_ID = 9,
RESETTING_LOCKOUT = 10,
}

62
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/IFingerprint.aidl
View File

@@ -16,8 +16,6 @@
package android.hardware.biometrics.fingerprint;
import android.hardware.biometrics.fingerprint.IGenerateChallengeCallback;
import android.hardware.biometrics.fingerprint.IRevokeChallengeCallback;
import android.hardware.biometrics.fingerprint.ISession;
import android.hardware.biometrics.fingerprint.ISessionCallback;
import android.hardware.biometrics.fingerprint.SensorProps;
@@ -63,64 +61,4 @@ interface IFingerprint {
* @return A new session
*/
ISession createSession(in int sensorId, in int userId, in ISessionCallback cb);
/**
* generateChallenge:
*
* Begins a secure transaction request. Note that the challenge by itself is not useful. It only
* becomes useful when wrapped in a verifiable message such as a HardwareAuthToken.
*
* Canonical example:
* 1) User requests an operation, such as fingerprint enrollment.
* 2) Fingerprint enrollment cannot happen until the user confirms their lockscreen credential
* (PIN/Pattern/Password).
* 3) However, the biometric subsystem does not want just "any" proof of credential
* confirmation. It needs proof that the user explicitly authenticated credential in order
* to allow addition of biometric enrollments.
* To secure this path, the following path is taken:
* 1) Upon user requesting fingerprint enroll, the framework requests
* IFingerprint#generateChallenge
* 2) Framework sends the challenge to the credential subsystem, and upon credential
* confirmation, a HAT is created, containing the challenge in the "challenge" field.
* 3) Framework sends the HAT to the HAL, e.g. ISession#enroll.
* 4) Implementation verifies the authenticity and integrity of the HAT.
* 5) Implementation now has confidence that the user entered their credential to allow
* biometric enrollment.
*
* Note that the interface allows multiple in-flight challenges. For example, invoking
* generateChallenge(0, 0, timeoutSec, cb) twice does not invalidate the first challenge. The
* challenge is invalidated only when:
* 1) The provided timeout expires, or
* 2) IFingerprint#revokeChallenge is invoked
*
* For example, the following is a possible table of valid challenges:
* ----------------------------------------------
* | SensorId | UserId | ValidUntil | Challenge |
* |----------|--------|------------|-----------|
* | 0 | 0 | <Time1> | <Random1> |
* | 0 | 0 | <Time2> | <Random2> |
* | 1 | 0 | <Time3> | <Random3> |
* | 0 | 10 | <Time4> | <Random4> |
* ----------------------------------------------
*
* @param sensorId Sensor to associate the challenge with
* @param userId User to associate the challenge with
* @param timeoutSec Duration for which the challenge is valid for
* @param cb Callback to notify the framework
*/
void generateChallenge(in int sensorId, in int userId, in int timeoutSec, in IGenerateChallengeCallback cb);
/**
* revokeChallenge:
*
* Revokes a challenge that was previously generated. Note that if an invalid combination of
* parameters is requested, the implementation must still notify the framework using the
* provided callback.
*
* @param sensorId Sensor that the revocation should apply to.
* @param userId User that the revocation should apply to.
* @param challenge Challenge that should be revoked.
* @param cb Used to notify the framework.
*/
void revokeChallenge(in int sensorId, in int userId, in long challenge, in IRevokeChallengeCallback cb);
}

26
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/IGenerateChallengeCallback.aidl
View File

@@ -1,26 +0,0 @@
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.biometrics.fingerprint;
@VintfStability
oneway interface IGenerateChallengeCallback {
/**
* Notifies the framework when a challenge is successfully generated.
*/
void onChallengeGenerated(in int sensorId, in int userId, in long challenge);
}

26
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/IRevokeChallengeCallback.aidl
View File

@@ -1,26 +0,0 @@
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.biometrics.fingerprint;
@VintfStability
oneway interface IRevokeChallengeCallback {
/**
* Notifies the framework when a challenge has been revoked.
*/
void onChallengeRevoked(in int sensorId, in int userId, in long challenge);
}

56
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISession.aidl
View File

@@ -46,6 +46,62 @@ interface ISession {
* Methods applicable to any fingerprint type.
*/
/**
* generateChallenge:
*
* Begins a secure transaction request. Note that the challenge by itself is not useful. It only
* becomes useful when wrapped in a verifiable message such as a HardwareAuthToken.
*
* Canonical example:
* 1) User requests an operation, such as fingerprint enrollment.
* 2) Fingerprint enrollment cannot happen until the user confirms their lockscreen credential
* (PIN/Pattern/Password).
* 3) However, the biometric subsystem does not want just "any" proof of credential
* confirmation. It needs proof that the user explicitly authenticated credential in order
* to allow addition of biometric enrollments.
* To secure this path, the following path is taken:
* 1) Upon user requesting fingerprint enroll, the framework requests
* IFingerprint#generateChallenge
* 2) Framework sends the challenge to the credential subsystem, and upon credential
* confirmation, a HAT is created, containing the challenge in the "challenge" field.
* 3) Framework sends the HAT to the HAL, e.g. ISession#enroll.
* 4) Implementation verifies the authenticity and integrity of the HAT.
* 5) Implementation now has confidence that the user entered their credential to allow
* biometric enrollment.
*
* Note that the interface allows multiple in-flight challenges. For example, invoking
* generateChallenge(0, 0, timeoutSec, cb) twice does not invalidate the first challenge. The
* challenge is invalidated only when:
* 1) The provided timeout expires, or
* 2) IFingerprint#revokeChallenge is invoked
*
* For example, the following is a possible table of valid challenges:
* ----------------------------------------------
* | SensorId | UserId | ValidUntil | Challenge |
* |----------|--------|------------|-----------|
* | 0 | 0 | <Time1> | <Random1> |
* | 0 | 0 | <Time2> | <Random2> |
* | 1 | 0 | <Time3> | <Random3> |
* | 0 | 10 | <Time4> | <Random4> |
* ----------------------------------------------
*
* @param cookie A unique number identifying this operation
* @param timeoutSec Duration for which the challenge is valid for
*/
void generateChallenge(in int cookie, in int timeoutSec);
/**
* revokeChallenge:
*
* Revokes a challenge that was previously generated. Note that if an invalid combination of
* parameters is requested, the implementation must still notify the framework using the
* provided callback.
*
* @param cookie A unique number identifying this operation
* @param challenge Challenge that should be revoked.
*/
void revokeChallenge(in int cookie, in long challenge);
/**
* enroll:
*

10
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISessionCallback.aidl
View File

@@ -28,6 +28,16 @@ interface ISessionCallback {
*/
void onStateChanged(in int cookie, in SessionState state);
/**
* Notifies the framework when a challenge is successfully generated.
*/
void onChallengeGenerated(in long challenge);
/**
* Notifies the framework when a challenge has been revoked.
*/
void onChallengeRevoked(in long challenge);
/**
* This method must only be used to notify the framework during the following states:
* 1) SessionState::ENROLLING

10
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/SessionState.aidl
View File

@@ -24,6 +24,16 @@ enum SessionState {
*/
IDLING,
/**
* The HAL is processing the ISession#generateChallenge request.
*/
GENERATING_CHALLENGE,
/**
* The HAL is processing the ISession#revokeChallenge request.
*/
REVOKING_CHALLENGE,
/**
* The HAL is processing the ISession#enroll request.
*/

13
biometrics/fingerprint/aidl/default/Fingerprint.cpp
View File

@@ -60,17 +60,4 @@ ndk::ScopedAStatus Fingerprint::createSession(int32_t /*sensorId*/, int32_t /*us
*return_val = SharedRefBase::make<Session>(cb);
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus Fingerprint::generateChallenge(
int32_t /*sensorId*/, int32_t /*userId*/, int32_t /*timeoutSec*/,
const std::shared_ptr<IGenerateChallengeCallback>& /*cb*/) {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus Fingerprint::revokeChallenge(
int32_t /*sensorId*/, int32_t /*userId*/, int64_t /*challenge*/,
const std::shared_ptr<IRevokeChallengeCallback>& /*cb*/) {
return ndk::ScopedAStatus::ok();
}
} // namespace aidl::android::hardware::biometrics::fingerprint

8
biometrics/fingerprint/aidl/default/Fingerprint.h
View File

@@ -27,14 +27,6 @@ class Fingerprint : public BnFingerprint {
ndk::ScopedAStatus createSession(int32_t sensorId, int32_t userId,
const std::shared_ptr<ISessionCallback>& cb,
std::shared_ptr<ISession>* _aidl_return) override;
ndk::ScopedAStatus generateChallenge(
int32_t sensorId, int32_t userId, int32_t timeoutSec,
const std::shared_ptr<IGenerateChallengeCallback>& cb) override;
ndk::ScopedAStatus revokeChallenge(
int32_t sensorId, int32_t userId, int64_t challenge,
const std::shared_ptr<IRevokeChallengeCallback>& cb) override;
};
} // namespace aidl::android::hardware::biometrics::fingerprint

11
biometrics/fingerprint/aidl/default/Session.cpp
View File

@@ -27,6 +27,14 @@ class CancellationSignal : public common::BnCancellationSignal {
Session::Session(std::shared_ptr<ISessionCallback> cb) : cb_(std::move(cb)) {}
ndk::ScopedAStatus Session::generateChallenge(int32_t /*cookie*/, int32_t /*timeoutSec*/) {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus Session::revokeChallenge(int32_t /*cookie*/, int64_t /*challenge*/) {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus Session::enroll(int32_t /*cookie*/, const keymaster::HardwareAuthToken& /*hat*/,
std::shared_ptr<common::ICancellationSignal>* /*return_val*/) {
return ndk::ScopedAStatus::ok();
@@ -60,7 +68,7 @@ ndk::ScopedAStatus Session::getAuthenticatorId(int32_t /*cookie*/) {
}
ndk::ScopedAStatus Session::invalidateAuthenticatorId(int32_t /*cookie*/,
const keymaster::HardwareAuthToken& /*hat*/) {
const keymaster::HardwareAuthToken& /*hat*/) {
return ndk::ScopedAStatus::ok();
}
@@ -81,5 +89,4 @@ ndk::ScopedAStatus Session::onPointerUp(int32_t /*pointerId*/) {
ndk::ScopedAStatus Session::onUiReady() {
return ndk::ScopedAStatus::ok();
}
} // namespace aidl::android::hardware::biometrics::fingerprint

15
biometrics/fingerprint/aidl/default/Session.h
View File

@@ -28,14 +28,19 @@ class Session : public BnSession {
public:
explicit Session(std::shared_ptr<ISessionCallback> cb);
ndk::ScopedAStatus generateChallenge(int32_t cookie, int32_t timeoutSec) override;
ndk::ScopedAStatus revokeChallenge(int32_t cookie, int64_t challenge) override;
ndk::ScopedAStatus enroll(int32_t cookie, const keymaster::HardwareAuthToken& hat,
std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus authenticate(int32_t cookie, int64_t keystoreOperationId,
std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus authenticate(
int32_t cookie, int64_t keystoreOperationId,
std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus detectInteraction(int32_t cookie,
std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus detectInteraction(
int32_t cookie, std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus enumerateEnrollments(int32_t cookie) override;
@@ -45,7 +50,7 @@ class Session : public BnSession {
ndk::ScopedAStatus getAuthenticatorId(int32_t cookie) override;
ndk::ScopedAStatus invalidateAuthenticatorId(int32_t cookie,
const keymaster::HardwareAuthToken& hat) override;
const keymaster::HardwareAuthToken& hat) override;
ndk::ScopedAStatus resetLockout(int32_t cookie,
const keymaster::HardwareAuthToken& hat) override;

8
biometrics/fingerprint/aidl/vts/VtsHalBiometricsFingerprintTargetTest.cpp
View File

@@ -52,6 +52,14 @@ class SessionCallback : public BnSessionCallback {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onChallengeGenerated(int64_t /*challenge*/) override {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onChallengeRevoked(int64_t /*challenge*/) override {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onAcquired(AcquiredInfo /*info*/, int32_t /*vendorCode*/) override {
return ndk::ScopedAStatus::ok();
}