int SoftGateKeeperDevice::enroll(uint32_t uid,
const uint8_t *current_password_handle, uint32_t current_password_handle_length,
const uint8_t *current_password, uint32_t current_password_length,
const uint8_t *desired_password, uint32_t desired_password_length,
uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) {
if (enrolled_password_handle == NULL || enrolled_password_handle_length == NULL ||
desired_password == NULL || desired_password_length == 0)
return -EINVAL;
// Current password and current password handle go together
if (current_password_handle == NULL || current_password_handle_length == 0 ||
current_password == NULL || current_password_length == 0) {
current_password_handle = NULL;
current_password_handle_length = 0;
current_password = NULL;
current_password_length = 0;
}
SizedBuffer desired_password_buffer(desired_password_length);
memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length);
SizedBuffer current_password_handle_buffer(current_password_handle_length);
if (current_password_handle) {
memcpy(current_password_handle_buffer.buffer.get(), current_password_handle,
current_password_handle_length);
}
SizedBuffer current_password_buffer(current_password_length);
if (current_password) {
memcpy(current_password_buffer.buffer.get(), current_password, current_password_length);
}
EnrollRequest request(uid, ¤t_password_handle_buffer, &desired_password_buffer,
¤t_password_buffer);
EnrollResponse response;
impl_->Enroll(request, &response);
if (response.error == ERROR_RETRY) {
return response.retry_timeout;
} else if (response.error != ERROR_NONE) {
return -EINVAL;
}
*enrolled_password_handle = response.enrolled_password_handle.buffer.release();
gatekeeper::password_handle_t *handle =
reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
//FIXIT: We need to move this module to host with gatekeeper pipe
handle->hardware_backed = true;
*enrolled_password_handle_length = response.enrolled_password_handle.length;
return 0;
}
int TrustyGateKeeperDevice::Enroll(uint32_t uid, const uint8_t *current_password_handle,
uint32_t current_password_handle_length, const uint8_t *current_password,
uint32_t current_password_length, const uint8_t *desired_password,
uint32_t desired_password_length, uint8_t **enrolled_password_handle,
uint32_t *enrolled_password_handle_length) {
if (error_ != 0) {
return error_;
}
SizedBuffer desired_password_buffer(desired_password_length);
memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length);
SizedBuffer current_password_handle_buffer(current_password_handle_length);
if (current_password_handle) {
memcpy(current_password_handle_buffer.buffer.get(), current_password_handle,
current_password_handle_length);
}
SizedBuffer current_password_buffer(current_password_length);
if (current_password) {
memcpy(current_password_buffer.buffer.get(), current_password, current_password_length);
}
EnrollRequest request(uid, ¤t_password_handle_buffer, &desired_password_buffer,
¤t_password_buffer);
EnrollResponse response;
gatekeeper_error_t error = Send(request, &response);
if (error == ERROR_RETRY) {
return response.retry_timeout;
} else if (error != ERROR_NONE) {
return -EINVAL;
}
*enrolled_password_handle = response.enrolled_password_handle.buffer.release();
*enrolled_password_handle_length = response.enrolled_password_handle.length;
return 0;
}
