diff options
author | Shawn Willden <swillden@google.com> | 2020-01-08 10:26:40 -0700 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2020-01-17 15:52:07 -0700 |
commit | f3d741744a7fe05ff6031d61a234e869e848ab47 (patch) | |
tree | a84246de4508e29794069582be82a3003e5214dc /keymaster | |
parent | 384eb8a2bb035a1e9bf0a56d17e51670f1b09d6d (diff) | |
download | platform_hardware_interfaces-f3d741744a7fe05ff6031d61a234e869e848ab47.tar.gz platform_hardware_interfaces-f3d741744a7fe05ff6031d61a234e869e848ab47.tar.bz2 platform_hardware_interfaces-f3d741744a7fe05ff6031d61a234e869e848ab47.zip |
Updates to KM4.1
This CL adds:
- The IDENTITY_CREDENTIAL_KEY tag. This new tag is not actually used
by Keymaster at all. It's used by the new Identity Credential HAL in
its key attestations, which use the Keymaster format and the Keymaster
attestation key.
- A VerificationToken argument to deviceLocked, used for StrongBox
implementations.
- Some error codes, including one to diagnose unprovisioned
attestation keys/ids.
- Clarifications in the documentation.
Test: VtsHalKeymasterV41TargetTest
Change-Id: Iae7151e2d9b328dd73e5cd78e59687ef29bab4f0
Merged-In: Iae7151e2d9b328dd73e5cd78e59687ef29bab4f0
Diffstat (limited to 'keymaster')
-rw-r--r-- | keymaster/4.1/IKeymasterDevice.hal | 27 | ||||
-rw-r--r-- | keymaster/4.1/types.hal | 29 |
2 files changed, 49 insertions, 7 deletions
diff --git a/keymaster/4.1/IKeymasterDevice.hal b/keymaster/4.1/IKeymasterDevice.hal index 64d2c9fedd..1456abe038 100644 --- a/keymaster/4.1/IKeymasterDevice.hal +++ b/keymaster/4.1/IKeymasterDevice.hal @@ -22,6 +22,8 @@ import @4.0::IKeymasterDevice; import @4.0::KeyParameter; import @4.0::KeyPurpose; import @4.0::OperationHandle; +import @4.0::VerificationToken; + import IOperation; /** @@ -31,6 +33,11 @@ import IOperation; * - Device-unique attestaion; * - Early boot only keys; * - Better cleanup of operations when clients die without completing or aborting them. + * + * @4.1::IKeymasterDevice::attestKey() must produce attestations with keymasterVersion 41. An + * oversight in the original numbering left no room for minor versions, so starting with 4.1 the + * versions will be numbered as major_version * 10 + minor version. The addition of new attestable + * tags changes the attestation format again, slightly, so the attestationVersion must be 4. */ interface IKeymasterDevice extends @4.0::IKeymasterDevice { /** @@ -42,10 +49,28 @@ interface IKeymasterDevice extends @4.0::IKeymasterDevice { * set to true the sufficiently-recent authentication token must indicate that the user * authenticated with a password, not a biometric. * + * Note that the IKeymasterDevice UNLOCKED_DEVICE_REQUIRED semantics are slightly different from + * the UNLOCKED_DEVICE_REQUIRED semantics enforced by keystore. Keystore handles device locking + * on a per-user basis. Because auth tokens do not contain an Android user ID, it's not + * possible to replicate the keystore enformcement logic in IKeymasterDevice. So from the + * IKeymasterDevice perspective, any user unlock unlocks all UNLOCKED_DEVICE_REQUIRED keys. + * Keystore will continue enforcing the per-user device locking. + * * @param passwordOnly specifies whether the device must be unlocked with a password, rather * than a biometric, before UNLOCKED_DEVICE_REQUIRED keys can be used. + * + * @param verificationToken is used by StrongBox implementations of IKeymasterDevice. It + * provides the StrongBox IKeymasterDevice with a fresh, MACed timestamp which it can use as the + * device-lock time, for future comparison against auth tokens when operations using + * UNLOCKED_DEVICE_REQUIRED keys are attempted. Unless the auth token timestamp is newer than + * the timestamp in the verificationToken, the device is still considered to be locked. + * Crucially, if a StrongBox IKeymasterDevice receives a deviceLocked() call with a verification + * token timestamp that is less than the timestamp in the last deviceLocked() call, it must + * ignore the new timestamp. TEE IKeymasterDevice implementations will receive an empty + * verificationToken (zero values and empty vectors) and should use their own clock as the + * device-lock time. */ - deviceLocked(bool passwordOnly) generates (ErrorCode error); + deviceLocked(bool passwordOnly, VerificationToken verificationToken) generates (ErrorCode error); /** * Called by client to notify the IKeymasterDevice that the device has left the early boot diff --git a/keymaster/4.1/types.hal b/keymaster/4.1/types.hal index bdf173113f..9e8b30e590 100644 --- a/keymaster/4.1/types.hal +++ b/keymaster/4.1/types.hal @@ -26,17 +26,34 @@ enum Tag : @4.0::Tag { * IKeymasterDevice::earlyBootEnded() is called. */ EARLY_BOOT_ONLY = TagType:BOOL | 305, + /** * DEVICE_UNIQUE_ATTESTATION is an argument to IKeymasterDevice::attestKey(). It indicates that - * attestation using a device-unique key is requested, rather than a batch key. Only - * SecurityLevel::STRONGBOX IKeymasterDevices may support device-unique attestations. - * SecurityLevel::TRUSTED_ENVIRONMENT IKeymasterDevices must return ErrorCode::INVALID_ARGUMENT - * if they receive DEVICE_UNIQUE_ATTESTATION. SecurityLevel::STRONGBOX IKeymasterDevices need - * not support DEVICE_UNIQUE_ATTESTATION, and return ErrorCode::CANNOT_ATTEST_IDS if they do not - * support it. + * attestation using a device-unique key is requested, rather than a batch key. When a + * device-unique key is used, only the attestation certificate is returned; no additional + * chained certificates are provided. It's up to the caller to recognize the device-unique + * signing key. Only SecurityLevel::STRONGBOX IKeymasterDevices may support device-unique + * attestations. SecurityLevel::TRUSTED_ENVIRONMENT IKeymasterDevices must return + * ErrorCode::INVALID_ARGUMENT if they receive DEVICE_UNIQUE_ATTESTATION. + * SecurityLevel::STRONGBOX IKeymasterDevices need not support DEVICE_UNIQUE_ATTESTATION, and + * return ErrorCode::CANNOT_ATTEST_IDS if they do not support it. * * IKeymasterDevice implementations that support device-unique attestation MUST add the * DEVICE_UNIQUE_ATTESTATION tag to device-unique attestations. */ DEVICE_UNIQUE_ATTESTATION = TagType:BOOL | 720, + + /** + * IDENTITY_CREDENTIAL_KEY is never used by IKeymasterDevice, is not a valid argument to key + * generation or any operation, is never returned by any method and is never used in a key + * attestation. It is used in attestations produced by the IIdentityCredential HAL when that + * HAL attests to Credential Keys. IIdentityCredential produces Keymaster-style attestations. + */ + IDENTITY_CREDENTIAL_KEY = TagType:BOOL | 721, +}; + +enum ErrorCode : @4.0::ErrorCode { + EARLY_BOOT_ENDED = -73, + ATTESTATION_KEYS_NOT_PROVISIONED = -74, + ATTESTATION_IDS_NOT_PROVISIONED = -75, }; |