From 95b60a0f41ac639d243b7984f6018136c62e0562 Mon Sep 17 00:00:00 2001 From: Brian Young Date: Mon, 29 Jan 2018 23:59:48 +0000 Subject: [PATCH] Revert "Add "Unlocked device required" parameter to keys" This reverts commit 5fe872413b40eef05ea0fe6bd096bc57f3aa4b03. Reason for revert: Build breakages on elfin, gce_x86_phone. Bug: 72679761 Bug: 67752510 Change-Id: I2857b2a9b6ff26735bd4989a36c5e5deb4953904 --- .../include/keymasterV4_0/keymaster_tags.h | 28 ++++++++----------- keymaster/4.0/types.hal | 7 +---- 2 files changed, 12 insertions(+), 23 deletions(-) diff --git a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h index ce213bc127..9d6501b862 100644 --- a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h +++ b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h @@ -142,28 +142,24 @@ DECLARE_TYPED_TAG(ROOT_OF_TRUST); DECLARE_TYPED_TAG(RSA_PUBLIC_EXPONENT); DECLARE_TYPED_TAG(TRUSTED_CONFIRMATION_REQUIRED); DECLARE_TYPED_TAG(UNIQUE_ID); -DECLARE_TYPED_TAG(UNLOCKED_DEVICE_REQUIRED); DECLARE_TYPED_TAG(USAGE_EXPIRE_DATETIME); DECLARE_TYPED_TAG(USER_AUTH_TYPE); -DECLARE_TYPED_TAG(USER_ID); DECLARE_TYPED_TAG(USER_SECURE_ID); template struct MetaList {}; -using all_tags_t = - MetaList; +using all_tags_t = MetaList< + TAG_INVALID_t, TAG_KEY_SIZE_t, TAG_MAC_LENGTH_t, TAG_CALLER_NONCE_t, TAG_MIN_MAC_LENGTH_t, + TAG_RSA_PUBLIC_EXPONENT_t, TAG_INCLUDE_UNIQUE_ID_t, TAG_ACTIVE_DATETIME_t, + TAG_ORIGINATION_EXPIRE_DATETIME_t, TAG_USAGE_EXPIRE_DATETIME_t, TAG_MIN_SECONDS_BETWEEN_OPS_t, + TAG_MAX_USES_PER_BOOT_t, TAG_USER_SECURE_ID_t, TAG_NO_AUTH_REQUIRED_t, TAG_AUTH_TIMEOUT_t, + TAG_ALLOW_WHILE_ON_BODY_t, TAG_APPLICATION_ID_t, TAG_APPLICATION_DATA_t, + TAG_CREATION_DATETIME_t, TAG_ROLLBACK_RESISTANCE_t, TAG_ROOT_OF_TRUST_t, TAG_ASSOCIATED_DATA_t, + TAG_NONCE_t, TAG_BOOTLOADER_ONLY_t, TAG_OS_VERSION_t, TAG_OS_PATCHLEVEL_t, TAG_UNIQUE_ID_t, + TAG_ATTESTATION_CHALLENGE_t, TAG_ATTESTATION_APPLICATION_ID_t, TAG_RESET_SINCE_ID_ROTATION_t, + TAG_PURPOSE_t, TAG_ALGORITHM_t, TAG_BLOCK_MODE_t, TAG_DIGEST_t, TAG_PADDING_t, + TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t, TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t>; template struct TypedTag2ValueType; @@ -347,7 +343,6 @@ inline bool operator==(const KeyParameter& a, const KeyParameter& b) { case Tag::BOOTLOADER_ONLY: case Tag::NO_AUTH_REQUIRED: case Tag::ALLOW_WHILE_ON_BODY: - case Tag::UNLOCKED_DEVICE_REQUIRED: case Tag::ROLLBACK_RESISTANCE: case Tag::RESET_SINCE_ID_ROTATION: case Tag::TRUSTED_CONFIRMATION_REQUIRED: @@ -362,7 +357,6 @@ inline bool operator==(const KeyParameter& a, const KeyParameter& b) { case Tag::OS_VERSION: case Tag::OS_PATCHLEVEL: case Tag::MAC_LENGTH: - case Tag::USER_ID: case Tag::AUTH_TIMEOUT: case Tag::VENDOR_PATCHLEVEL: case Tag::BOOT_PATCHLEVEL: diff --git a/keymaster/4.0/types.hal b/keymaster/4.0/types.hal index 47fd1ed00e..91ec9bf576 100644 --- a/keymaster/4.0/types.hal +++ b/keymaster/4.0/types.hal @@ -118,8 +118,7 @@ enum Tag : uint32_t { * boot. */ /* User authentication */ - // 500 reserved - USER_ID = TagType:UINT | 501, /* Android ID of authorized user or authenticator(s), */ + // 500-501 reserved USER_SECURE_ID = TagType:ULONG_REP | 502, /* Secure ID of authorized user or authenticator(s). * Disallowed if NO_AUTH_REQUIRED is present. */ NO_AUTH_REQUIRED = TagType:BOOL | 503, /* If key is usable without authentication. */ @@ -192,9 +191,6 @@ enum Tag : uint32_t { * match the data described in the token, keymaster must return NO_USER_CONFIRMATION. */ TRUSTED_CONFIRMATION_REQUIRED = TagType:BOOL | 508, - UNLOCKED_DEVICE_REQUIRED = TagType:BOOL | 509, /* Require the device screen to be unlocked if - * the key is used. */ - /* Application access control */ APPLICATION_ID = TagType:BYTES | 601, /* Byte string identifying the authorized application. */ @@ -475,7 +471,6 @@ enum ErrorCode : int32_t { PROOF_OF_PRESENCE_REQUIRED = -69, CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = -70, NO_USER_CONFIRMATION = -71, - DEVICE_LOCKED = -72, UNIMPLEMENTED = -100, VERSION_MISMATCH = -101,