Home | History | Annotate | Download | only in authentication 
      1 <html devsite><head>
      2     <title></title>
      3     <meta name="project_path" value="/_project.yaml"/>
      4     <meta name="book_path" value="/_book.yaml"/>
      5   </head>
      6   <body>
      7   <!--
      8       Copyright 2017 The Android Open Source Project
      9 
     10       Licensed under the Apache License, Version 2.0 (the "License");
     11       you may not use this file except in compliance with the License.
     12       You may obtain a copy of the License at
     13 
     14           http://www.apache.org/licenses/LICENSE-2.0
     15 
     16       Unless required by applicable law or agreed to in writing, software
     17       distributed under the License is distributed on an "AS IS" BASIS,
     18       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     19       See the License for the specific language governing permissions and
     20       limitations under the License.
     21   -->
     22 
     23 <h2 id="overview"></h2>
     24 
     25 <p>Android 6.0 /</p>
     26 
     27 <p>Android  Keystore  Keymaster  Keystore  <a href="https://developer.android.com/training/articles/keystore.html">Android Keystore </a> Android 6.0 Gatekeeper PIN // Fingerprint Keystore </p>
     28 
     29 <ul>
     30   <li><strong><a href="/security/keystore/index.html"> Keystore</a></strong> (TEE)</li>
     31   <li><strong><a href="gatekeeper.html">Gatekeeper</a></strong>  PIN </li>
     32   <li><strong><a href="fingerprint-hal.html">Fingerprint</a></strong> </li>
     33 </ul>
     34 
     35 <h2 id="architecture"></h2>
     36 
     37 <p>Gatekeeper  Fingerprint  Keystore <a href="#authentication_token_format"></a>AuthToken</p>
     38 
     39 <h3 id="enrollment"></h3>
     40 
     41 <p></p>
     42 
     43 <p> Gatekeeper  PIN // 64  SID SID  SID  Gatekeeper  SID  AuthToken</p>
     44 
     45 <p> SID  SID SID </p>
     46 
     47 <p>Android </p>
     48 
     49 <h3 id="authentication"></h3>
     50 
     51 <p> SID</p>
     52 
     53 <p> PIN  TEE </p>
     54 
     55 <img src="../images/authentication-flow.png" alt="" id="figure1"/>
     56 <p class="img-caption"><strong> 1. </strong> </p>
     57 
     58 <p> Android  TEE </p>
     59 
     60 <ol>
     61   <li> PIN <code>LockSettingsService</code>  <code>FingerprintService</code>  Binder  Android  Gatekeeperd  fingerprintd 
     62   </li><li> <strong></strong>Gatekeeperd 1<strong></strong> fingerprintd 2 PIN //
     63   <ul>
     64     <li>Gatekeeperd  1  PIN  TEE  (Gatekeeper) TEE TEE  Gatekeeper  SID  AuthToken HMAC  AuthToken  Android </li><li> fingerprintd  1  TEE  (Fingerprint) TEE TEE  Fingerprint  AuthToken HMAC  AuthToken  Android </li></ul>
     65   </li><li>Gatekeeperd  fingerprintd  AuthToken Keystore  Binder  AuthToken  Keystore Gatekeeperd  Keystore 
     66   </li><li>Keystore  Gatekeeperd  fingerprintd  AuthToken  Keymaster Gatekeeper  Fingerprint Trustlet  AuthTokenKeymaster 
     67 </li></ol>
     68 
     69 <p class="note"><strong></strong>AuthToken </p>
     70 
     71 <h2 id="authentication_token_format"></h2>
     72 
     73 <p> <a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/hw_auth_token.h"><code>hw_auth_token.h</code></a>  AuthToken </p>
     74 <pre>
     75 hardware/libhardware/include/hardware/hw_auth_token.h
     76 </pre>
     77 
     78 <p></p>
     79 
     80 <p></p>
     81 <table>
     82  <tbody><tr>
     83     <th><strong></strong></th>
     84     <th><strong></strong></th>
     85     <th><strong></strong></th>
     86  </tr>
     87  <tr>
     88     <td>AuthToken </td>
     89     <td>1 </td>
     90     <td></td>
     91  </tr>
     92  <tr>
     93     <td></td>
     94     <td>64 </td>
     95     <td></td>
     96  </tr>
     97  <tr>
     98     <td> SID</td>
     99     <td>64 </td>
    100     <td></td>
    101  </tr>
    102  <tr>
    103     <td> ID</td>
    104     <td>64 </td>
    105     <td></td>
    106  </tr>
    107  <tr>
    108     <td></td>
    109     <td>32 </td>
    110     <td></td>
    111  </tr>
    112  <tr>
    113     <td></td>
    114     <td>64 </td>
    115     <td></td>
    116  </tr>
    117  <tr>
    118     <td>AuthToken HMAC  (SHA-256)</td>
    119     <td>256  Blob</td>
    120     <td></td>
    121  </tr>
    122 </tbody></table>
    123 
    124 <h3 id="field_descriptions"></h3>
    125 
    126 <p> AuthToken </p>
    127 
    128 <p><strong>AuthToken </strong></p>
    129 
    130 <p><strong></strong> IDAuthToken </p>
    131 
    132 <p><strong> SID</strong> Gatekeeper </p>
    133 
    134 <p><strong> ID (ASID)</strong> ASID </p>
    135 
    136 <p><strong></strong>Gatekeeper  Fingerprint</p>
    137 <table>
    138  <tbody><tr>
    139     <th><strong></strong></th>
    140     <th><strong></strong></th>
    141  </tr>
    142  <tr>
    143     <td>0x00</td>
    144     <td>Gatekeeper</td>
    145  </tr>
    146  <tr>
    147     <td>0x01</td>
    148     <td>Fingerprint</td>
    149  </tr>
    150 </tbody></table>
    151 
    152 <p><strong></strong></p>
    153 
    154 <p><strong>AuthToken HMAC </strong> HMAC  SHA-256 MAC</p>
    155 
    156 <h2 id="device_boot_flow"></h2>
    157 
    158 <p> AuthToken HMAC  TEE GatekeeperFingerprint  Keymaster HMAC </p>
    159 
    160 <p> HMAC <strong></strong> TEE  TEE  (IPC)  TEE </p>
    161 
    162 <p> Android  <a href="/security/trusty/index.html">Trusty</a>  TEE TEETrusty  IPC  Keymaster  Fingerprint  Gatekeeper HMAC  Keymaster Fingerprint  Gatekeeper  Keymaster </p>
    163 
    164 <p>TEE  IPC  TEE Keystore  TEE  IPC</p>
    165 
    166 </body></html>