mirror of
https://github.com/Evolution-X/hardware_interfaces
synced 2026-02-01 11:36:00 +00:00
Revert "Add auth token parsing to IKeymasterDevice.hal"
This reverts commit 62f63c7ddb.
Reason for revert: b/36637075
Bug: 36637075
Change-Id: Ie0e8d0b480047a7c68f266e7e5d8a31722f85128
This commit is contained in:
Shawn Willden
@@ -58,22 +58,6 @@ interface IKeymasterDevice {
|
||||
bool supportsAttestation, bool supportsAllDigests, string keymasterName,
|
||||
string keymasterAuthorName);
|
||||
|
||||
/**
|
||||
* Parses a hardware authentication token blob to extract the details needed to determine if the
|
||||
* token is applicable to a given keymaster operation. This method is intended to be
|
||||
* implemented by the HAL, without requiring a call into the trusted hardware. It is not
|
||||
* necessary for this method to verify that the values in the blob are correct.
|
||||
*
|
||||
* @param token The token blob provided by the authentication app.
|
||||
*
|
||||
* @return error ErrorCode::OK or, if the blob is invalid, ErrorCode::INVALD_ARGUMENT if the
|
||||
* blob is the wrong size, the wrong version, or incorrectly structured.
|
||||
*
|
||||
* @return tokenInfo Information extracted from the auth token.
|
||||
*/
|
||||
parseHardwareAuthToken(vec<uint8_t> token)
|
||||
generates(ErrorCode error, HardwareAuthTokenInfo tokenInfo);
|
||||
|
||||
/**
|
||||
* Adds entropy to the RNG used by keymaster. Entropy added through this method is guaranteed
|
||||
* not to be the only source of entropy used, and the mixing function is required to be secure,
|
||||
|
||||
@@ -33,8 +33,6 @@ namespace implementation {
|
||||
|
||||
using ::keymaster::SoftKeymasterDevice;
|
||||
|
||||
namespace {
|
||||
|
||||
class SoftwareOnlyHidlKeymasterEnforcement : public ::keymaster::KeymasterEnforcement {
|
||||
public:
|
||||
SoftwareOnlyHidlKeymasterEnforcement() : KeymasterEnforcement(64, 64) {}
|
||||
@@ -62,7 +60,7 @@ class SoftwareOnlyHidlKeymasterContext : public ::keymaster::SoftKeymasterContex
|
||||
std::unique_ptr<::keymaster::KeymasterEnforcement> enforcement_;
|
||||
};
|
||||
|
||||
int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
|
||||
static int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
|
||||
assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0);
|
||||
ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version);
|
||||
|
||||
@@ -139,7 +137,7 @@ err:
|
||||
return rc;
|
||||
}
|
||||
|
||||
int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
|
||||
static int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
|
||||
assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_2_0);
|
||||
ALOGI("Found keymaster2 module %s, version %x", mod->name, mod->module_api_version);
|
||||
|
||||
@@ -193,30 +191,6 @@ static int keymaster_device_initialize(keymaster2_device_t** dev, uint32_t* vers
|
||||
}
|
||||
}
|
||||
|
||||
template <typename IntType, uint32_t byteOrder> struct choose_ntoh;
|
||||
|
||||
template <typename IntType> struct choose_ntoh<IntType, __ORDER_LITTLE_ENDIAN__> {
|
||||
inline static IntType ntoh(const IntType& value) {
|
||||
IntType result = 0;
|
||||
const unsigned char* inbytes = reinterpret_cast<const unsigned char*>(&value);
|
||||
unsigned char* outbytes = reinterpret_cast<unsigned char*>(&result);
|
||||
for (int i = sizeof(IntType) - 1; i >= 0; --i) {
|
||||
*(outbytes++) = inbytes[i];
|
||||
}
|
||||
return result;
|
||||
}
|
||||
};
|
||||
|
||||
template <typename IntType> struct choose_ntoh<IntType, __ORDER_BIG_ENDIAN__> {
|
||||
inline static IntType hton(const IntType& value) { return value; }
|
||||
};
|
||||
|
||||
template <typename IntType> inline IntType ntoh(const IntType& value) {
|
||||
return choose_ntoh<IntType, __BYTE_ORDER__>::ntoh(value);
|
||||
}
|
||||
|
||||
} // anonymous namespace
|
||||
|
||||
KeymasterDevice::~KeymasterDevice() {
|
||||
if (keymaster_device_) keymaster_device_->common.close(&keymaster_device_->common);
|
||||
}
|
||||
@@ -402,34 +376,6 @@ Return<void> KeymasterDevice::getHardwareFeatures(getHardwareFeatures_cb _hidl_c
|
||||
return Void();
|
||||
}
|
||||
|
||||
Return<void> KeymasterDevice::parseHardwareAuthToken(const hidl_vec<uint8_t>& token,
|
||||
parseHardwareAuthToken_cb _hidl_cb) {
|
||||
HardwareAuthTokenInfo parsedToken;
|
||||
if (token.size() != sizeof(hw_auth_token_t)) {
|
||||
ALOGE("Received auth token of length %zu, expected %zu", token.size(),
|
||||
sizeof(hw_auth_token_t));
|
||||
_hidl_cb(ErrorCode::INVALID_ARGUMENT, parsedToken);
|
||||
return Void();
|
||||
}
|
||||
|
||||
const hw_auth_token_t* authToken = reinterpret_cast<const hw_auth_token_t*>(token.data());
|
||||
if (authToken->version != 0) {
|
||||
ALOGE("Auth token version %u, expected version ", authToken->version);
|
||||
_hidl_cb(ErrorCode::INVALID_ARGUMENT, parsedToken);
|
||||
return Void();
|
||||
}
|
||||
|
||||
parsedToken.challenge = authToken->challenge;
|
||||
parsedToken.userId = authToken->user_id;
|
||||
parsedToken.authenticatorId = authToken->authenticator_id;
|
||||
parsedToken.authenticatorType =
|
||||
static_cast<HardwareAuthenticatorType>(ntoh(authToken->authenticator_type));
|
||||
parsedToken.timestamp = ntoh(authToken->timestamp);
|
||||
|
||||
_hidl_cb(ErrorCode::OK, parsedToken);
|
||||
return Void();
|
||||
}
|
||||
|
||||
Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data) {
|
||||
if (!data.size()) return ErrorCode::OK;
|
||||
return legacy_enum_conversion(
|
||||
|
||||
@@ -53,8 +53,6 @@ class KeymasterDevice : public IKeymasterDevice {
|
||||
|
||||
// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow.
|
||||
Return<void> getHardwareFeatures(getHardwareFeatures_cb _hidl_cb);
|
||||
Return<void> parseHardwareAuthToken(const hidl_vec<uint8_t>& token,
|
||||
parseHardwareAuthToken_cb _hidl_cb);
|
||||
Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
|
||||
Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
|
||||
generateKey_cb _hidl_cb) override;
|
||||
|
||||
@@ -400,15 +400,19 @@ struct KeyCharacteristics {
|
||||
};
|
||||
|
||||
/**
|
||||
* Data used to describe an authentication. This data is retrieved from an authentication token by
|
||||
* calling the parseHardwareAuthToken method of the HAL.
|
||||
* Data used to prove successful authentication.
|
||||
*/
|
||||
struct HardwareAuthTokenInfo {
|
||||
struct HardwareAuthToken {
|
||||
uint64_t challenge;
|
||||
uint64_t userId; // Secure User ID, not Android user ID.
|
||||
uint64_t authenticatorId; // Secure authenticator ID.
|
||||
HardwareAuthenticatorType authenticatorType;
|
||||
uint64_t timestamp;
|
||||
uint64_t userId; // Secure User ID, not Android user ID.
|
||||
uint64_t authenticatorId; // Secure authenticator ID.
|
||||
uint32_t authenticatorType; // HardwareAuthenticatorType, in network order.
|
||||
uint64_t timestamp; // In network order.
|
||||
uint8_t[32] hmac; // HMAC is computed over 0 || challenge || user_id ||
|
||||
// authenticator_id || authenticator_type || timestamp, with a
|
||||
// prefixed 0 byte (which was a version field in Keymaster1 and
|
||||
// Keymaster2) and the fields packed (no padding; so you probably
|
||||
// can't just compute over the bytes of the struct).
|
||||
};
|
||||
|
||||
enum SecurityLevel : uint32_t {
|
||||
|
||||
Reference in New Issue
Block a user