Android keystore/Keymaster的代码导读

快速链接:
.
👉👉👉 个人博客笔记导读目录(全部) 👈👈👈


相关推荐:
1、Android keymaster的介绍和总结
2、Android keymaster4.0- device集成笔记

文章目录

• • • • 1、先上架构图:
      • 2、package android.security.keystore包含哪些API
      • 3、KeyStoreService包含哪些API
      • 4、keymaster HAL包含哪些API

1、先上架构图:

2、package android.security.keystore包含哪些API

public InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int uid,int errorCode) public static KeyStoreException getKeyStoreException(int errorCode) public boolean isConfirmationPromptSupported() public int cancelConfirmationPrompt(IBinder listener) public int presentConfirmationPrompt(IBinder listener, String promptText, byte[] extraData,String locale, int uiOptionsAsFlags) public void onDeviceOffBody() public int attestDeviceIds(KeymasterArguments params, KeymasterCertificateChain outChain) public int attestKey(String alias, KeymasterArguments params, KeymasterCertificateChain outChain) public boolean onUserPasswordChanged(String newPassword) public void onUserRemoved(int userId) public void onUserAdded(int userId) public boolean onUserPasswordChanged(int userId, String newPassword) public int addAuthToken(byte[] authToken) public int abort(IBinder token) public int getLastError() public boolean clearUid(int uid) public boolean isHardwareBacked(String keyType) public boolean isHardwareBacked() public long getmtime(String key) public boolean ungrant(String key, int uid) public String grant(String key, int uid) public boolean isEmpty() public boolean lock() public boolean unlock(String password) public String[] list(String prefix) public int[] listUidsOfAuthBoundKeys()begin、update、finish generateKey、exportKey、importWrappedKey、importKey、 getKeyCharacteristics、addRngEntropy、delete

3、KeyStoreService包含哪些API

（system/keymaster/include/keymaster/android_keymaster.h） class AndroidKeymaster {public:AndroidKeymaster(KeymasterContext* context, size_t operation_table_size);virtual ~AndroidKeymaster();AndroidKeymaster(AndroidKeymaster&&);void GetVersion(const GetVersionRequest& request, GetVersionResponse* response);void SupportedAlgorithms(const SupportedAlgorithmsRequest& request,SupportedAlgorithmsResponse* response);void SupportedBlockModes(const SupportedBlockModesRequest& request,SupportedBlockModesResponse* response);void SupportedPaddingModes(const SupportedPaddingModesRequest& request,SupportedPaddingModesResponse* response);void SupportedDigests(const SupportedDigestsRequest& request,SupportedDigestsResponse* response);void SupportedImportFormats(const SupportedImportFormatsRequest& request,SupportedImportFormatsResponse* response);void SupportedExportFormats(const SupportedExportFormatsRequest& request,SupportedExportFormatsResponse* response);GetHmacSharingParametersResponse GetHmacSharingParameters();ComputeSharedHmacResponse ComputeSharedHmac(const ComputeSharedHmacRequest& request);VerifyAuthorizationResponse VerifyAuthorization(const VerifyAuthorizationRequest& request);void AddRngEntropy(const AddEntropyRequest& request, AddEntropyResponse* response);void Configure(const ConfigureRequest& request, ConfigureResponse* response);void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,GetKeyCharacteristicsResponse* response);void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);void ImportWrappedKey(const ImportWrappedKeyRequest& request,ImportWrappedKeyResponse* response);void ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response);void AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response);void UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response);void DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response);void DeleteAllKeys(const DeleteAllKeysRequest& request, DeleteAllKeysResponse* response);void BeginOperation(const BeginOperationRequest& request, BeginOperationResponse* response);void UpdateOperation(const UpdateOperationRequest& request, UpdateOperationResponse* response);void FinishOperation(const FinishOperationRequest& request, FinishOperationResponse* response);void AbortOperation(const AbortOperationRequest& request, AbortOperationResponse* response);bool has_operation(keymaster_operation_handle_t op_handle) const;private:keymaster_error_t LoadKey(const keymaster_key_blob_t& key_blob,const AuthorizationSet& additional_params,const KeyFactory** factory, UniquePtr<Key>* key);UniquePtr<KeymasterContext> context_;UniquePtr<OperationTable> operation_table_; };

4、keymaster HAL包含哪些API

(IKeymasterDevice.hal)

getHardwareInfo() generates (SecurityLevel securityLevel, string keymasterName, string keymasterAuthorName); 返回:securityLevel、keymasterName、keymasterAuthorNamegetHmacSharingParameters() generates (ErrorCode error, HmacSharingParameters params); computeSharedHmac(vec<HmacSharingParameters> params) generates (ErrorCode error, vec<uint8_t> sharingCheck);verifyAuthorization(uint64_t operationHandle, vec<KeyParameter> parametersToVerify,HardwareAuthToken authToken)generates (ErrorCode error, VerificationToken token); 验证authToken，返回tokenaddRngEntropy(vec<uint8_t> data) generates (ErrorCode error); Keymaster使用的RNG增加熵generateKey(vec<KeyParameter> keyParams)generates (ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);importKey(vec<KeyParameter> keyParams, KeyFormat keyFormat, vec<uint8_t> keyData)generates (ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob,vec<uint8_t> maskingKey, vec<KeyParameter> unwrappingParams,uint64_t passwordSid, uint64_t biometricSid)generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);getKeyCharacteristics(vec<uint8_t> keyBlob, vec<uint8_t> clientId, vec<uint8_t> appData)generates (ErrorCode error, KeyCharacteristics keyCharacteristics);exportKey(KeyFormat keyFormat, vec<uint8_t> keyBlob, vec<uint8_t> clientId,vec<uint8_t> appData) generates (ErrorCode error, vec<uint8_t> keyMaterial);attestKey(vec<uint8_t> keyToAttest, vec<KeyParameter> attestParams)generates (ErrorCode error, vec<vec<uint8_t>> certChain); // 使用attestationkey生成一个签名upgradeKey(vec<uint8_t> keyBlobToUpgrade, vec<KeyParameter> upgradeParams)generates (ErrorCode error, vec<uint8_t> upgradedKeyBlob);deleteKey(vec<uint8_t> keyBlob) generates (ErrorCode error);deleteAllKeys() generates (ErrorCode error);destroyAttestationIds() generates (ErrorCode error);begin(KeyPurpose purpose, vec<uint8_t> keyBlob, vec<KeyParameter> inParams,HardwareAuthToken authToken)generates (ErrorCode error, vec<KeyParameter> outParams, OperationHandle operationHandle);update(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input,HardwareAuthToken authToken, VerificationToken verificationToken)generates (ErrorCode error, uint32_t inputConsumed, vec<KeyParameter> outParams,vec<uint8_t> output);finish(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input,vec<uint8_t> signature, HardwareAuthToken authToken, VerificationToken verificationToken)generates (ErrorCode error, vec<KeyParameter> outParams, vec<uint8_t> output);

总结

以上是生活随笔为你收集整理的Android keystore/Keymaster的代码导读的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。