Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f66777ad authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge changes from topic "add-km-41" 

* changes:
  Add Keymaster 4.1
  Add Keymaster 4.1 hashes
parents 942de9e6 94ad8917

compatibility_matrices/compatibility_matrix.current.xml

+2 −2
Original line number Diff line number Diff line
@@ -256,7 +256,7 @@ 
    <hal format="hidl" optional="false">

        <name>android.hardware.keymaster</name>

        <version>3.0</version>

        <version>4.0</version>

        <version>4.0-1</version>

        <interface>

            <name>IKeymasterDevice</name>

            <instance>default</instance>
@@ -264,7 +264,7 @@ 
    </hal>

    <hal format="hidl" optional="true">

        <name>android.hardware.keymaster</name>

        <version>4.0</version>

        <version>4.0-1</version>

        <interface>

            <name>IKeymasterDevice</name>

            <instance>strongbox</instance>

current.txt

+3 −0
Original line number Diff line number Diff line
@@ -591,6 +591,9 @@ fd65298e1e09e0e3c781ab18305920d757dbe55a3b459ce17814ec5cf6dfee99 android.hardwar 
ce8dbe76eb9ee94b46ef98f725be992e760a5751073d4f4912484026541371f3 android.hardware.health@2.1::IHealth

26f04510a0b57aba5167c5c0a7c2f077c2acbb98b81902a072517829fd9fd67f android.hardware.health@2.1::IHealthInfoCallback

db47f4ceceb1f06c656f39caa70c557b0f8471ef59fd58611bea667ffca20101 android.hardware.health@2.1::types

c228aaa27f66c48e147159a4f4996c5273191fece1b08de31bd171c61334855e android.hardware.keymaster@4.1::IKeymasterDevice

adb0efdf1462e9b2e742c0dcadd598666aac551f178be06e755bfcdf5797abd0 android.hardware.keymaster@4.1::IOperation

7a04ea5595ed418ca3e91c28b8bd7353dd988be9be7b0c8c9e64fb4b77bd4523 android.hardware.keymaster@4.1::types

9e59fffceed0dd72a9799e04505db5f777bbbea1af0695ba4107ef6d967c6fda android.hardware.neuralnetworks@1.3::IDevice

4a6c3b3556da951b4def21ba579a227c022980fe4465df6cdfbe20628fa75f5a android.hardware.neuralnetworks@1.3::IPreparedModel

94e803236398bed1febb11cc21051bc42ec003700139b099d6c479e02a7ca3c3 android.hardware.neuralnetworks@1.3::IPreparedModelCallback

keymaster/4.1/Android.bp

0 → 100644
+19 −0
Original line number Diff line number Diff line 
// This file is autogenerated by hidl-gen -Landroidbp.



hidl_interface {

    name: "android.hardware.keymaster@4.1",

    root: "android.hardware",

    vndk: {

        enabled: true,

    },

    srcs: [

        "types.hal",

        "IKeymasterDevice.hal",

        "IOperation.hal",

    ],

    interfaces: [

        "android.hardware.keymaster@4.0",

        "android.hidl.base@1.0",

    ],

    gen_java: false,

}

keymaster/4.1/IKeymasterDevice.hal

0 → 100644
+70 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.hardware.keymaster@4.1;



import @4.0::ErrorCode;

import @4.0::HardwareAuthToken;

import @4.0::IKeymasterDevice;

import @4.0::KeyParameter;

import @4.0::KeyPurpose;

import @4.0::OperationHandle;

import IOperation;



/**

 * @4.1::IKeymasterDevice is a minor extension to @4.0::IKeymasterDevice.  It adds support for

 *

 * - Partial hardware enforcment of UNLOCKED_DEVICE_REQUIRED keys;

 * - Device-unique attestaion;

 * - Early boot only keys;

 * - Better cleanup of operations when clients die without completing or aborting them.

 */

interface IKeymasterDevice extends @4.0::IKeymasterDevice {

    /**

     * Called by client to notify the IKeymasterDevice that the device is now locked, and keys with

     * the UNLOCKED_DEVICE_REQUIRED tag should no longer be usable.  When this function is called,

     * the IKeymasterDevice should note the current timestamp, and attempts to use

     * UNLOCKED_DEVICE_REQUIRED keys must be rejected with Error::DEVICE_LOCKED until an

     * authentication token with a later timestamp is presented.  If the `passwordOnly' argument is

     * set to true the sufficiently-recent authentication token must indicate that the user

     * authenticated with a password, not a biometric.

     *

     * @param passwordOnly specifies whether the device must be unlocked with a password, rather

     * than a biometric, before UNLOCKED_DEVICE_REQUIRED keys can be used.

     */

    deviceLocked(bool passwordOnly) generates (ErrorCode error);



    /**

     * Called by client to notify the IKeymasterDevice that the device has left the early boot

     * state, and that keys with the EARLY_BOOT_ONLY tag may no longer be used.  All attempts to use

     * an EARLY_BOOT_ONLY key after this method is called must fail with Error::INVALID_KEY_BLOB.

     */

    earlyBootEnded() generates (ErrorCode error);



    /**

     * Begins a cryptographic operation.  beginOp() is a variation on begin().  beginOp() has

     * identical functionality to begin, but instead of an OperationHandle it returns an IOperation

     * object.  An IKeymasterDevice HAL service must call linkToDeath() on the Operation before

     * returning it, and the provided hidl_death_recipient, if called, must abort() the operation.

     * This is to ensure that in the event a client crashes while an operation is in progress, the

     * operation slot is freed and available for use by other clients.

     *

     * @4.1::IKeymasterDevices must implement both beginOp() and begin().

     */

    beginOp(KeyPurpose purpose, vec<uint8_t> keyBlob, vec<KeyParameter> inParams,

        HardwareAuthToken authToken)

        generates (ErrorCode error, vec<KeyParameter> outParam, IOperation operation);

};

keymaster/4.1/IOperation.hal

0 → 100644
+31 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.hardware.keymaster@4.1;



import @4.0::ErrorCode;

import @4.0::OperationHandle;



/**

 * IOperation represents an in-progress IKeymasterDevice operation.  It is returned by

 * IKeymasterDevice.beginOp().

 */

interface IOperation {

    /**

     * Returns the operation handle to be used as an authentication challenge.

     */

    getOperationChallenge() generates (ErrorCode error, OperationHandle operation);

};