Home | History | Annotate | Download | only in keystore 
      1 <html devsite><head>
      2     <title></title>
      3     <meta name="project_path" value="/_project.yaml"/>
      4     <meta name="book_path" value="/_book.yaml"/>
      5   </head>
      6   <body>
      7   <!--
      8       Copyright 2017 The Android Open Source Project
      9 
     10       Licensed under the Apache License, Version 2.0 (the "License");
     11       you may not use this file except in compliance with the License.
     12       You may obtain a copy of the License at
     13 
     14           http://www.apache.org/licenses/LICENSE-2.0
     15 
     16       Unless required by applicable law or agreed to in writing, software
     17       distributed under the License is distributed on an "AS IS" BASIS,
     18       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     19       See the License for the specific language governing permissions and
     20       limitations under the License.
     21   -->
     22 
     23 <p> Android 6.0  <a href="index.html">Keystore</a> </p>
     24 
     25 <h2 id="cryptographic_primitives"></h2>
     26 
     27 <p>Keystore </p>
     28 
     29 <ul>
     30   <li></li><li></li><li></li><li></li><li></li><li> AEAD </li><li></li></ul>
     31 
     32 <p><a href="#key_access_control"></a></p>
     33 
     34 <p>Keymaster  API  (IV)</p>
     35 
     36 <h2 id="required_primitives"></h2>
     37 
     38 <p></p>
     39 
     40 <ul>
     41   <li><a href="http://en.wikipedia.org/wiki/RSA_(cryptosystem)">RSA</a>
     42   <ul>
     43     <li> 2048 3072  4096 </li><li> F4 (2^16+1)</li><li> RSA <ul>
     44       <li></li><li>RSASSA-PSS (<code>KM_PAD_RSA_PSS</code>)</li><li>RSASSA-PKCS1-v1_5 (<code>KM_PAD_RSA_PKCS1_1_5_SIGN</code>)</li></ul>
     45     </li><li> RSA <ul>
     46       <li></li><li>SHA-256</li></ul>
     47     </li><li> RSA /<ul>
     48       <li></li><li>RSAES-OAEP (<code>KM_PAD_RSA_OAEP</code>)</li><li>RSAES-PKCS1-v1_5 (<code>KM_PAD_RSA_PKCS1_1_5_ENCRYPT</code>)</li></ul>
     49   </li></ul>
     50   </li><li><a href="http://en.wikipedia.org/wiki/Elliptic_Curve_DSA">ECDSA</a>
     51   <ul>
     52     <li> 224 256 384  521  NIST P-224P-256P-384  P-521 </li><li> ECDSA<ul>
     53       <li></li><li>SHA-256</li></ul>
     54   </li></ul>
     55   </li><li><a href="http://en.wikipedia.org/wiki/Advanced_Encryption_Standard">AES</a>
     56   <ul>
     57     <li> 128  256 </li><li><a href="http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_chaining_.28CBC.29">CBC</a>CTRECB  GCMGCM  96  96 
     58     </li><li> CBC  ECB  <code>KM_PAD_NONE</code>  <code>KM_PAD_PKCS7</code>CBC  ECB 
     59   </li></ul>
     60   </li><li><a href="http://en.wikipedia.org/wiki/Hash-based_message_authentication_code">HMAC</a> <a href="http://en.wikipedia.org/wiki/SHA-2">SHA-256</a> 32 
     61 </li></ul>
     62 
     63 <p> SHA1 SHA2 SHA-224SHA384  SHA512 Keymaster Keystore </p>
     64 
     65 <p></p>
     66 
     67 <ul>
     68   <li> RSA </li><li> RSA </li></ul>
     69 
     70 <h2 id="key_access_control"></h2>
     71 
     72 <p><em></em>Keystore </p>
     73 
     74 <p>/ 32 Keymaster  Keystore  Blob </p>
     75 
     76 <p> <code>keymaster_authorization_tag_t</code>  <code>KM_TAG_</code>  ID </p>
     77 
     78 <p></p>
     79 
     80 <p><strong><code>KM_ENUM</code></strong><code>KM_TAG_PURPOSE</code>  <code>keymaster_purpose_t</code> </p>
     81 
     82 <p><strong><code>KM_ENUM_REP</code></strong> <code>KM_ENUM</code>  <code>KM_PURPOSE_ENCRYPT</code>  <code>KM_PURPOSE_DECRYPT</code></p>
     83 
     84 <p><strong><code>KM_UINT</code></strong>32 <code>KM_TAG_KEY_SIZE</code></p>
     85 
     86 <p><strong><code>KM_UINT_REP</code></strong> <code>KM_UINT</code> </p>
     87 
     88 <p><strong><code>KM_ULONG</code></strong>64 <code>KM_TAG_RSA_PUBLIC_EXPONENT</code></p>
     89 
     90 <p><strong><code>KM_ULONG_REP</code></strong> <code>KM_ULONG</code> </p>
     91 
     92 <p><strong><code>KM_DATE</code></strong>/ 1970  1  1 <code>KM_TAG_PRIVKEY_EXPIRE_DATETIME</code></p>
     93 
     94 <p><strong><code>KM_BOOL</code></strong>True  False <code>KM_BOOL</code> falsetrue<code>KM_TAG_ROLLBACK_RESISTANT</code></p>
     95 
     96 <p><strong><code>KM_BIGNUM</code></strong><code>KM_TAG_RSA_PUBLIC_EXPONENT</code></p>
     97 
     98 <p><strong><code>KM_BYTES</code></strong><code>KM_TAG_ROOT_OF_TRUST</code></p>
     99 
    100 <h3 id="hardware_vs_software_enforcement"></h3>
    101 
    102 <p>Keymaster 1.0 </p>
    103 
    104 <p></p>
    105 
    106 <ul>
    107 
    108   <li> Blob 
    109 
    110   </li><li>
    111 
    112 </li></ul>
    113 
    114 <p> API  <code>keymaster_key_characteristics_t</code> <code>hw_enforced</code>  <code>sw_enforced</code></p>
    115 
    116 <p>Keystore <em></em></p>
    117 
    118 <p> TrustZone  <code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code>  Keystore  <code>sw_enforced</code>  Keystore </p>
    119 
    120 <p> <code>hw_enforced</code>  <code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code> Keystore</p>
    121 
    122 <h3 id="cryptographic_message_construction_authorizations"></h3>
    123 
    124 <p><code>KM_TAG_ALGORITHM</code><code>KM_TAG_KEY_SIZE</code><code>KM_TAG_BLOCK_MODE</code><code>KM_TAG_PADDING</code><code>KM_TAG_CALLER_NONCE</code>  <code>KM_TAG_DIGEST</code></p>
    125 
    126 <p><code>KM_TAG_PADDING</code><code>KM_TAG_DIGEST</code>  <code>KM_PAD_BLOCK_MODE</code> </p>
    127 
    128 <h3 id="purpose"></h3>
    129 
    130 <p> <code>KM_TAG_PURPOSE</code> </p>
    131 
    132 <ul>
    133   <li><code>KM_PURPOSE_ENCRYPT</code>
    134   </li><li><code>KM_PURPOSE_DECRYPT</code>
    135   </li><li><code>KM_PURPOSE_SIGN</code>
    136   </li><li><code>KM_PURPOSE_VERIFY</code>
    137 </li></ul>
    138 
    139 <p> RSA </p>
    140 
    141 <h3 id="import_and_export"></h3>
    142 
    143 <p>Keymaster  X.509 </p>
    144 
    145 <ul>
    146   <li> DER  PKCS#8 </li><li></li></ul>
    147 
    148 <p> <code>KM_TAG_ORIGIN</code><code>hw_enforced</code>  <code>KM_ORIGIN_GENERATED</code>  <code>KM_TAG_ORIGIN</code> <code>KM_ORIGIN_IMPORTED</code></p>
    149 
    150 <h3 id="user_authentication"></h3>
    151 
    152 <p> Keymaster  Gatekeeper </p>
    153 
    154 <p></p>
    155 
    156 <ul>
    157   <li><code>KM_TAG_ALL_USERS</code>  <code>KM_TAG_USER_ID</code>  <code>KM_TAG_SECURE_USER_ID</code>
    158   </li><li><code>KM_TAG_USER_ID</code>  ID Android  ID UID <code>KM_TAG_ALL_USERS</code>
    159   </li><li><code>KM_TAG_SECURE_USER_ID</code>  64  ID ID
    160 </li></ul>
    161 
    162 <p> <code>KM_TAG_SECURE_USER_ID</code></p>
    163 
    164 <ul>
    165   <li><code>KM_NO_AUTHENTICATION_REQUIRED</code>  <code>KM_TAG_USER_ID</code> </li><li><code>KM_TAG_AUTH_TIMEOUT</code> /2^32  136 Android 
    166 </li></ul>
    167 
    168 <h3 id="client_binding"></h3>
    169 
    170 <p> ID  <code>KM_TAG_APPLICATION_ID</code>  <code>KM_TAG_APPLICATION_DATA</code>Keystore  Blob/ Blob  Keymaster </p>
    171 
    172 <p>
    173 
    174 </p><h3 id="expiration"></h3>
    175 
    176 <p>Keystore /Keymaster  <code>KM_TAG_ACTIVE_DATETIME</code><code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code>  <code>KM_TAG_USAGE_EXPIRE_DATETIME</code> ORIGINATIONUSAGE////</p>
    177 
    178 <p><code>KM_TAG_ACTIVE_DATETIME</code><code>KM_TAG_ORIGINATION_EXPIRE_DATETIME</code>  <code>KM_TAG_USAGE_EXPIRE_DATETIME</code> /</p>
    179 
    180 <p></p>
    181 
    182 <h3 id="root_of_trust_binding"></h3>
    183 
    184 <p>Keystore  Keymaster  Keymaster </p>
    185 
    186 <p> Keymaster  Keymaster </p>
    187 
    188 <h3 id="standalone_keys"></h3>
    189 
    190 <p> Keymaster Keymaster 1.0 HAL  <code>KM_TAG_STANDALONE</code>  Blob  Keymaster </p>
    191 
    192 <ul>
    193   <li><code>KM_BLOB_STANDALONE</code>
    194   </li><li><code>KM_BLOB_REQUIRES_FILE_SYSTEM</code>
    195 </li></ul>
    196 
    197 <p>
    198 
    199 </p><h3 id="velocity"></h3>
    200 
    201 <p> <code>KM_TAG_MIN_SECONDS_BETWEEN_OPS</code>  <code>KM_TAG_MIN_SECONDS_BETWEEN_OPS</code> TrustZone </p>
    202 
    203 <p> ID  16 </p>
    204 
    205 <p> <code>KM_TAG_MAX_USES_PER_BOOT</code>  n <em></em> 4  Keystore </p>
    206 
    207 <p></p>
    208 
    209 <h3 id="random_number_generator_re-seeding"></h3>
    210 
    211 <p> (IV) Keymaster HAL </p>
    212 
    213 <p> API </p>
    214 
    215 <p> Java SecureRandom 
    216 
    217 </p></body></html>