Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 16:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Move [generate|revoke]Challenge under ISession.aidl"

Browse Source
This commit is contained in:
Ilya Matyukhin
2020-10-17 00:10:47 +00:00
committed by Android (Google) Code Review
parent 7e71096486 3d54f4576c
commit ed282ac953
17 changed files with 117 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/IFingerprint.aidl
View File

@@ -20,6 +20,4 @@ package android.hardware.biometrics.fingerprint;
interface IFingerprint {
android.hardware.biometrics.fingerprint.SensorProps[] getSensorProps();
android.hardware.biometrics.fingerprint.ISession createSession(in int sensorId, in int userId, in android.hardware.biometrics.fingerprint.ISessionCallback cb);
void generateChallenge(in int sensorId, in int userId, in int timeoutSec, in android.hardware.biometrics.fingerprint.IGenerateChallengeCallback cb);
void revokeChallenge(in int sensorId, in int userId, in long challenge, in android.hardware.biometrics.fingerprint.IRevokeChallengeCallback cb);
}

22
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/IGenerateChallengeCallback.aidl
View File

@@ -1,22 +0,0 @@
///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
//
// You must not make a backward incompatible changes to the AIDL files built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.biometrics.fingerprint;
@VintfStability
interface IGenerateChallengeCallback {
oneway void onChallengeGenerated(in int sensorId, in int userId, in long challenge);
}

22
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/IRevokeChallengeCallback.aidl
View File

@@ -1,22 +0,0 @@
///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
//
// You must not make a backward incompatible changes to the AIDL files built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.biometrics.fingerprint;
@VintfStability
interface IRevokeChallengeCallback {
oneway void onChallengeRevoked(in int sensorId, in int userId, in long challenge);
}

2
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISession.aidl
View File

@@ -18,6 +18,8 @@
package android.hardware.biometrics.fingerprint;
@VintfStability
interface ISession {
void generateChallenge(in int cookie, in int timeoutSec);
void revokeChallenge(in int cookie, in long challenge);
android.hardware.biometrics.common.ICancellationSignal enroll(in int cookie, in android.hardware.keymaster.HardwareAuthToken hat);
android.hardware.biometrics.common.ICancellationSignal authenticate(in int cookie, in long operationId);
android.hardware.biometrics.common.ICancellationSignal detectInteraction(in int cookie);

2
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/ISessionCallback.aidl
View File

@@ -19,6 +19,8 @@ package android.hardware.biometrics.fingerprint;
@VintfStability
interface ISessionCallback {
void onStateChanged(in int cookie, in android.hardware.biometrics.fingerprint.SessionState state);
void onChallengeGenerated(in long challenge);
void onChallengeRevoked(in long challenge);
void onAcquired(in android.hardware.biometrics.fingerprint.AcquiredInfo info, in int vendorCode);
void onError(in android.hardware.biometrics.fingerprint.Error error, in int vendorCode);
void onEnrollmentProgress(in int enrollmentId, int remaining);

18
biometrics/fingerprint/aidl/aidl_api/android.hardware.biometrics.fingerprint/current/android/hardware/biometrics/fingerprint/SessionState.aidl
View File

@@ -19,12 +19,14 @@ package android.hardware.biometrics.fingerprint;
@Backing(type="byte") @VintfStability
enum SessionState {
IDLING = 0,
ENROLLING = 1,
AUTHENTICATING = 2,
DETECTING_INTERACTION = 3,
ENUMERATING_ENROLLMENTS = 4,
REMOVING_ENROLLMENTS = 5,
GETTING_AUTHENTICATOR_ID = 6,
INVALIDATING_AUTHENTICATOR_ID = 7,
RESETTING_LOCKOUT = 8,
GENERATING_CHALLENGE = 1,
REVOKING_CHALLENGE = 2,
ENROLLING = 3,
AUTHENTICATING = 4,
DETECTING_INTERACTION = 5,
ENUMERATING_ENROLLMENTS = 6,
REMOVING_ENROLLMENTS = 7,
GETTING_AUTHENTICATOR_ID = 8,
INVALIDATING_AUTHENTICATOR_ID = 9,
RESETTING_LOCKOUT = 10,
}

62
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/IFingerprint.aidl
View File

@@ -16,8 +16,6 @@
package android.hardware.biometrics.fingerprint;
import android.hardware.biometrics.fingerprint.IGenerateChallengeCallback;
import android.hardware.biometrics.fingerprint.IRevokeChallengeCallback;
import android.hardware.biometrics.fingerprint.ISession;
import android.hardware.biometrics.fingerprint.ISessionCallback;
import android.hardware.biometrics.fingerprint.SensorProps;
@@ -63,64 +61,4 @@ interface IFingerprint {
* @return A new session
*/
ISession createSession(in int sensorId, in int userId, in ISessionCallback cb);
/**
* generateChallenge:
*
* Begins a secure transaction request. Note that the challenge by itself is not useful. It only
* becomes useful when wrapped in a verifiable message such as a HardwareAuthToken.
*
* Canonical example:
* 1) User requests an operation, such as fingerprint enrollment.
* 2) Fingerprint enrollment cannot happen until the user confirms their lockscreen credential
* (PIN/Pattern/Password).
* 3) However, the biometric subsystem does not want just "any" proof of credential
* confirmation. It needs proof that the user explicitly authenticated credential in order
* to allow addition of biometric enrollments.
* To secure this path, the following path is taken:
* 1) Upon user requesting fingerprint enroll, the framework requests
* IFingerprint#generateChallenge
* 2) Framework sends the challenge to the credential subsystem, and upon credential
* confirmation, a HAT is created, containing the challenge in the "challenge" field.
* 3) Framework sends the HAT to the HAL, e.g. ISession#enroll.
* 4) Implementation verifies the authenticity and integrity of the HAT.
* 5) Implementation now has confidence that the user entered their credential to allow
* biometric enrollment.
*
* Note that the interface allows multiple in-flight challenges. For example, invoking
* generateChallenge(0, 0, timeoutSec, cb) twice does not invalidate the first challenge. The
* challenge is invalidated only when:
* 1) The provided timeout expires, or
* 2) IFingerprint#revokeChallenge is invoked
*
* For example, the following is a possible table of valid challenges:
* ----------------------------------------------
* | SensorId | UserId | ValidUntil | Challenge |
* |----------|--------|------------|-----------|
* | 0 | 0 | <Time1> | <Random1> |
* | 0 | 0 | <Time2> | <Random2> |
* | 1 | 0 | <Time3> | <Random3> |
* | 0 | 10 | <Time4> | <Random4> |
* ----------------------------------------------
*
* @param sensorId Sensor to associate the challenge with
* @param userId User to associate the challenge with
* @param timeoutSec Duration for which the challenge is valid for
* @param cb Callback to notify the framework
*/
void generateChallenge(in int sensorId, in int userId, in int timeoutSec, in IGenerateChallengeCallback cb);
/**
* revokeChallenge:
*
* Revokes a challenge that was previously generated. Note that if an invalid combination of
* parameters is requested, the implementation must still notify the framework using the
* provided callback.
*
* @param sensorId Sensor that the revocation should apply to.
* @param userId User that the revocation should apply to.
* @param challenge Challenge that should be revoked.
* @param cb Used to notify the framework.
*/
void revokeChallenge(in int sensorId, in int userId, in long challenge, in IRevokeChallengeCallback cb);
}

26
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/IGenerateChallengeCallback.aidl
View File

@@ -1,26 +0,0 @@
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.biometrics.fingerprint;
@VintfStability
oneway interface IGenerateChallengeCallback {
/**
* Notifies the framework when a challenge is successfully generated.
*/
void onChallengeGenerated(in int sensorId, in int userId, in long challenge);
}

26
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/IRevokeChallengeCallback.aidl
View File

@@ -1,26 +0,0 @@
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.biometrics.fingerprint;
@VintfStability
oneway interface IRevokeChallengeCallback {
/**
* Notifies the framework when a challenge has been revoked.
*/
void onChallengeRevoked(in int sensorId, in int userId, in long challenge);
}

56
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISession.aidl
View File

@@ -46,6 +46,62 @@ interface ISession {
* Methods applicable to any fingerprint type.
*/
/**
* generateChallenge:
*
* Begins a secure transaction request. Note that the challenge by itself is not useful. It only
* becomes useful when wrapped in a verifiable message such as a HardwareAuthToken.
*
* Canonical example:
* 1) User requests an operation, such as fingerprint enrollment.
* 2) Fingerprint enrollment cannot happen until the user confirms their lockscreen credential
* (PIN/Pattern/Password).
* 3) However, the biometric subsystem does not want just "any" proof of credential
* confirmation. It needs proof that the user explicitly authenticated credential in order
* to allow addition of biometric enrollments.
* To secure this path, the following path is taken:
* 1) Upon user requesting fingerprint enroll, the framework requests
* IFingerprint#generateChallenge
* 2) Framework sends the challenge to the credential subsystem, and upon credential
* confirmation, a HAT is created, containing the challenge in the "challenge" field.
* 3) Framework sends the HAT to the HAL, e.g. ISession#enroll.
* 4) Implementation verifies the authenticity and integrity of the HAT.
* 5) Implementation now has confidence that the user entered their credential to allow
* biometric enrollment.
*
* Note that the interface allows multiple in-flight challenges. For example, invoking
* generateChallenge(0, 0, timeoutSec, cb) twice does not invalidate the first challenge. The
* challenge is invalidated only when:
* 1) The provided timeout expires, or
* 2) IFingerprint#revokeChallenge is invoked
*
* For example, the following is a possible table of valid challenges:
* ----------------------------------------------
* | SensorId | UserId | ValidUntil | Challenge |
* |----------|--------|------------|-----------|
* | 0 | 0 | <Time1> | <Random1> |
* | 0 | 0 | <Time2> | <Random2> |
* | 1 | 0 | <Time3> | <Random3> |
* | 0 | 10 | <Time4> | <Random4> |
* ----------------------------------------------
*
* @param cookie A unique number identifying this operation
* @param timeoutSec Duration for which the challenge is valid for
*/
void generateChallenge(in int cookie, in int timeoutSec);
/**
* revokeChallenge:
*
* Revokes a challenge that was previously generated. Note that if an invalid combination of
* parameters is requested, the implementation must still notify the framework using the
* provided callback.
*
* @param cookie A unique number identifying this operation
* @param challenge Challenge that should be revoked.
*/
void revokeChallenge(in int cookie, in long challenge);
/**
* enroll:
*

10
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/ISessionCallback.aidl
View File

@@ -28,6 +28,16 @@ interface ISessionCallback {
*/
void onStateChanged(in int cookie, in SessionState state);
/**
* Notifies the framework when a challenge is successfully generated.
*/
void onChallengeGenerated(in long challenge);
/**
* Notifies the framework when a challenge has been revoked.
*/
void onChallengeRevoked(in long challenge);
/**
* This method must only be used to notify the framework during the following states:
* 1) SessionState::ENROLLING

10
biometrics/fingerprint/aidl/android/hardware/biometrics/fingerprint/SessionState.aidl
View File

@@ -24,6 +24,16 @@ enum SessionState {
*/
IDLING,
/**
* The HAL is processing the ISession#generateChallenge request.
*/
GENERATING_CHALLENGE,
/**
* The HAL is processing the ISession#revokeChallenge request.
*/
REVOKING_CHALLENGE,
/**
* The HAL is processing the ISession#enroll request.
*/

13
biometrics/fingerprint/aidl/default/Fingerprint.cpp
View File

@@ -60,17 +60,4 @@ ndk::ScopedAStatus Fingerprint::createSession(int32_t /*sensorId*/, int32_t /*us
*return_val = SharedRefBase::make<Session>(cb);
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus Fingerprint::generateChallenge(
int32_t /*sensorId*/, int32_t /*userId*/, int32_t /*timeoutSec*/,
const std::shared_ptr<IGenerateChallengeCallback>& /*cb*/) {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus Fingerprint::revokeChallenge(
int32_t /*sensorId*/, int32_t /*userId*/, int64_t /*challenge*/,
const std::shared_ptr<IRevokeChallengeCallback>& /*cb*/) {
return ndk::ScopedAStatus::ok();
}
} // namespace aidl::android::hardware::biometrics::fingerprint

8
biometrics/fingerprint/aidl/default/Fingerprint.h
View File

@@ -27,14 +27,6 @@ class Fingerprint : public BnFingerprint {
ndk::ScopedAStatus createSession(int32_t sensorId, int32_t userId,
const std::shared_ptr<ISessionCallback>& cb,
std::shared_ptr<ISession>* _aidl_return) override;
ndk::ScopedAStatus generateChallenge(
int32_t sensorId, int32_t userId, int32_t timeoutSec,
const std::shared_ptr<IGenerateChallengeCallback>& cb) override;
ndk::ScopedAStatus revokeChallenge(
int32_t sensorId, int32_t userId, int64_t challenge,
const std::shared_ptr<IRevokeChallengeCallback>& cb) override;
};
} // namespace aidl::android::hardware::biometrics::fingerprint

11
biometrics/fingerprint/aidl/default/Session.cpp
View File

@@ -27,6 +27,14 @@ class CancellationSignal : public common::BnCancellationSignal {
Session::Session(std::shared_ptr<ISessionCallback> cb) : cb_(std::move(cb)) {}
ndk::ScopedAStatus Session::generateChallenge(int32_t /*cookie*/, int32_t /*timeoutSec*/) {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus Session::revokeChallenge(int32_t /*cookie*/, int64_t /*challenge*/) {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus Session::enroll(int32_t /*cookie*/, const keymaster::HardwareAuthToken& /*hat*/,
std::shared_ptr<common::ICancellationSignal>* /*return_val*/) {
return ndk::ScopedAStatus::ok();
@@ -60,7 +68,7 @@ ndk::ScopedAStatus Session::getAuthenticatorId(int32_t /*cookie*/) {
}
ndk::ScopedAStatus Session::invalidateAuthenticatorId(int32_t /*cookie*/,
const keymaster::HardwareAuthToken& /*hat*/) {
const keymaster::HardwareAuthToken& /*hat*/) {
return ndk::ScopedAStatus::ok();
}
@@ -81,5 +89,4 @@ ndk::ScopedAStatus Session::onPointerUp(int32_t /*pointerId*/) {
ndk::ScopedAStatus Session::onUiReady() {
return ndk::ScopedAStatus::ok();
}
} // namespace aidl::android::hardware::biometrics::fingerprint

15
biometrics/fingerprint/aidl/default/Session.h
View File

@@ -28,14 +28,19 @@ class Session : public BnSession {
public:
explicit Session(std::shared_ptr<ISessionCallback> cb);
ndk::ScopedAStatus generateChallenge(int32_t cookie, int32_t timeoutSec) override;
ndk::ScopedAStatus revokeChallenge(int32_t cookie, int64_t challenge) override;
ndk::ScopedAStatus enroll(int32_t cookie, const keymaster::HardwareAuthToken& hat,
std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus authenticate(int32_t cookie, int64_t keystoreOperationId,
std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus authenticate(
int32_t cookie, int64_t keystoreOperationId,
std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus detectInteraction(int32_t cookie,
std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus detectInteraction(
int32_t cookie, std::shared_ptr<common::ICancellationSignal>* return_val) override;
ndk::ScopedAStatus enumerateEnrollments(int32_t cookie) override;
@@ -45,7 +50,7 @@ class Session : public BnSession {
ndk::ScopedAStatus getAuthenticatorId(int32_t cookie) override;
ndk::ScopedAStatus invalidateAuthenticatorId(int32_t cookie,
const keymaster::HardwareAuthToken& hat) override;
const keymaster::HardwareAuthToken& hat) override;
ndk::ScopedAStatus resetLockout(int32_t cookie,
const keymaster::HardwareAuthToken& hat) override;

8
biometrics/fingerprint/aidl/vts/VtsHalBiometricsFingerprintTargetTest.cpp
View File

@@ -52,6 +52,14 @@ class SessionCallback : public BnSessionCallback {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onChallengeGenerated(int64_t /*challenge*/) override {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onChallengeRevoked(int64_t /*challenge*/) override {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus onAcquired(AcquiredInfo /*info*/, int32_t /*vendorCode*/) override {
return ndk::ScopedAStatus::ok();
}