OSDN Git Service

(root) / android-x86 / hardware-interfaces.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d4417fb) | patch
Add auth token parsing to IKeymasterDevice.hal
authorShawn Willden <swillden@google.com>
Fri, 17 Feb 2017 19:23:51 +0000 (12:23 -0700)
committerShawn Willden <swillden@google.com>
Sat, 25 Mar 2017 04:22:34 +0000 (22:22 -0600)
commit62f63c7ddbd08737e298a97975754225e5da0126
treeee444e6f99a9b4fa3d6a3d26e9c7b09d5a1ad58btree | snapshot
parentd4417fb98233bf090755fb2eba580c8e33d1714bcommit | diff
Add auth token parsing to IKeymasterDevice.hal

Auth tokens have an unfortunate dual character. To most of the system
they are opaque blobs that are intended only to be obtained from one
HAL (e.g. gatekeeper or fingerprint) and passed to another
HAL (keymaster), but keystore actually needs to extract some bits of
information from them in order to determine which of the available blobs
should be provided for a given keymaster key operation.

This CL adds a method that resolves this dual nature by moving the
responsibility of parsing blobs to the HAL so that no component of the
framework has to make any assumptions about their content and all can
treat them as fully opaque. This still means that the various HAL
implementers have to agree on content, but they also have to agree on an
HMAC key which much be securely distributed to all at every boot, so
asking them to agree on an auth token format is perfectly
acceptable. But now the Android system doesn't have to care about the
format.

Bug: 32962548
Test: CTS tests pass, plus manual testing.
Change-Id: I78aa6e4ea9c5d8f34906b0969909387e2c5894e6
keymaster/3.0/IKeymasterDevice.hal diff | blob | history
keymaster/3.0/default/KeymasterDevice.cpp diff | blob | history
keymaster/3.0/default/KeymasterDevice.h diff | blob | history
keymaster/3.0/types.hal diff | blob | history
hardware/interfaces
About OSDN
Find Software
Develop Software
Help