diff options
author | Bartosz Fabianowski <bartfab@google.com> | 2017-04-25 16:05:50 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-04-25 16:05:50 +0000 |
commit | 15d526ba94da0da75179c3ff142e0468ed1da19a (patch) | |
tree | af94db37c4224f593fe215eaef28a6f4907c71a3 /include/keymaster | |
parent | 4a2e6a8d78814ebcbd641001216b0a6ab0b44a66 (diff) | |
parent | 16869b93004868b4ae87486357d2b8af793eeaab (diff) | |
download | android_system_keymaster-15d526ba94da0da75179c3ff142e0468ed1da19a.tar.gz android_system_keymaster-15d526ba94da0da75179c3ff142e0468ed1da19a.tar.bz2 android_system_keymaster-15d526ba94da0da75179c3ff142e0468ed1da19a.zip |
Attest device IDs in default keymaster implementation
am: 16869b9300
Change-Id: I0719b091bb3c83115605e4ef6af469227a746ebd
Diffstat (limited to 'include/keymaster')
-rw-r--r-- | include/keymaster/keymaster_context.h | 9 | ||||
-rw-r--r-- | include/keymaster/soft_keymaster_context.h | 2 |
2 files changed, 11 insertions, 0 deletions
diff --git a/include/keymaster/keymaster_context.h b/include/keymaster/keymaster_context.h index 1f28efd..40b1c82 100644 --- a/include/keymaster/keymaster_context.h +++ b/include/keymaster/keymaster_context.h @@ -181,6 +181,15 @@ class KeymasterContext { bool reset_since_rotation, Buffer* unique_id) const = 0; + /** + * Verify that the device IDs provided in the attestation_params match the device's actual IDs + * and copy them to attestation. If *any* of the IDs do not match or verification is not + * possible, return KM_ERROR_CANNOT_ATTEST_IDS. If *all* IDs provided are successfully verified + * or no IDs were provided, return KM_ERROR_OK. + */ + virtual keymaster_error_t VerifyAndCopyDeviceIds(const AuthorizationSet& attestation_params, + AuthorizationSet* attestation) const = 0; + private: // Uncopyable. KeymasterContext(const KeymasterContext&); diff --git a/include/keymaster/soft_keymaster_context.h b/include/keymaster/soft_keymaster_context.h index eb10f44..befb00b 100644 --- a/include/keymaster/soft_keymaster_context.h +++ b/include/keymaster/soft_keymaster_context.h @@ -87,6 +87,8 @@ class SoftKeymasterContext : public KeymasterContext { keymaster_error_t GenerateUniqueId(uint64_t creation_date_time, const keymaster_blob_t& application_id, bool reset_since_rotation, Buffer* unique_id) const override; + keymaster_error_t VerifyAndCopyDeviceIds(const AuthorizationSet& attestation_params, + AuthorizationSet* attestation) const override; KeymasterEnforcement* enforcement_policy() override { // SoftKeymaster does no enforcement; it's all done by Keystore. |