diff options
author | Shawn Willden <swillden@google.com> | 2015-03-14 07:54:52 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2015-03-18 19:25:07 -0600 |
commit | 4719acae0218b38226b6479a400efdcbb3593f21 (patch) | |
tree | ab622f9ac390939feff6725250918e54855b6f6f /include/hardware/keymaster_defs.h | |
parent | c51d01ed029458e8809eeb9c16f9ed2dbe755be4 (diff) | |
download | hardware_libhardware-4719acae0218b38226b6479a400efdcbb3593f21.zip hardware_libhardware-4719acae0218b38226b6479a400efdcbb3593f21.tar.gz hardware_libhardware-4719acae0218b38226b6479a400efdcbb3593f21.tar.bz2 |
Add KM_TAG_USER_SECURE_ID.
This tag identifies the user authorized to use the key. Unlike
KM_TAG_USER_ID, its value does not reference the Linux-side user ID, but
a secure-world user ID, generated and managed by secure-world
authentication apps.
Bug: 19511945
Change-Id: I629ab2c47ee6d42de20a963ef283e330364c8ee7
Diffstat (limited to 'include/hardware/keymaster_defs.h')
-rw-r--r-- | include/hardware/keymaster_defs.h | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h index 664d3a7..dd2c764 100644 --- a/include/hardware/keymaster_defs.h +++ b/include/hardware/keymaster_defs.h @@ -41,6 +41,7 @@ typedef enum { KM_BOOL = 7 << 28, KM_BIGNUM = 8 << 28, KM_BYTES = 9 << 28, + KM_LONG_REP = 10 << 28, /* Repeatable long value */ } keymaster_tag_type_t; typedef enum { @@ -92,20 +93,23 @@ typedef enum { boot. */ /* User authentication */ - KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */ - KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if - KM_TAG_ALL_USERS is present. */ - KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 502, /* If key is usable without authentication. */ - KM_TAG_USER_AUTH_ID = KM_INT_REP | 503, /* ID of the authenticator to use (e.g. password, - fingerprint, etc.). Repeatable to support - multi-factor auth. Disallowed if - KM_TAG_NO_AUTH_REQUIRED is present. */ - KM_TAG_AUTH_TIMEOUT = KM_INT | 504, /* Required freshness of user authentication for - private/secret key operations, in seconds. - Public key operations require no authentication. - If absent, authentication is required for every - use. Authentication state is lost when the - device is powered off. */ + KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */ + KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if + KM_TAG_ALL_USERS is present. */ + KM_TAG_USER_SECURE_ID = KM_LONG_REP | 502, /* Secure ID of authorized user or authenticator(s). + Disallowed if KM_TAG_ALL_USERS or + KM_TAG_NO_AUTH_REQUIRED is present. */ + KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503, /* If key is usable without authentication. */ + KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504, /* Bitmask of authenticator types allowed when + * KM_TAG_USER_SECURE_ID contains a secure user ID, + * rather than a secure authenticator ID. Defined in + * hw_authenticator_type_t in hw_auth_token.h. */ + KM_TAG_AUTH_TIMEOUT = KM_INT | 505, /* Required freshness of user authentication for + private/secret key operations, in seconds. + Public key operations require no authentication. + If absent, authentication is required for every + use. Authentication state is lost when the + device is powered off. */ /* Application access control */ KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */ @@ -486,6 +490,7 @@ inline int keymaster_param_compare(const keymaster_key_param_t* a, const keymast case KM_INT_REP: return KEYMASTER_SIMPLE_COMPARE(a->integer, b->integer); case KM_LONG: + case KM_LONG_REP: return KEYMASTER_SIMPLE_COMPARE(a->long_integer, b->long_integer); case KM_DATE: return KEYMASTER_SIMPLE_COMPARE(a->date_time, b->date_time); |