精华内容
下载资源
问答
  • android keymaster

    千次阅读 2016-08-21 20:04:12
    keymaster is a newly instroduced key management hardware abstraction layer(hal) component. It defines all apis that must be supported by the OEM. the arm trustzone (TZ) keymaster application includes
    keymaster is a newly instroduced key management hardware abstraction layer(hal) component. 
    It defines all apis that must be supported by the OEM.
    the arm trustzone (TZ) keymaster application includes the following:
    1.generation of keys - this involves generating a public key and a private key for cryptography.
    2.signing and verification - this allows signing of given data with a key stored and accessible by TZ software as well as verifying signed data with a key that is also only accessible by TZ software.
    
    Types of keymaster HAL are as follows:
    - Software-based keymaster - uses the openssl software implementation.jelly bean comes with a default softkeymaster module that does all key operations in software only.
    - Hardware-based keymaster - uses TZ application apis(keymaster application).hardware keymaster
    support essentially ensures that the key stored is not accessible in HLOS.
    Regardless of key type(RSA/EC),the keyblob generated is encrypted by a key accessible by TZ software only and stored in the file system(FS) on the HLOS end.
    Commonly Hardware-based keymaster is used and enable by default.
    keystore.<chipset>.so is loaded during boot up. This lib may not open source to OEM. we can
    check property "sys.keymaster.loaded" value to know whether it is loaded success or not.
    property "sys.keymaster.loaded" is set to true after keystore.<chipset>.so is loaded success. by
    default, it is false.
    
    Hardware keymaster 1.0 implementaton on android marshmallow 
    key master is an access control-based key service with access to trusted hardware-bound crypto.
    It is implemented as a trustzone-based trusted appllication(TA).keymaster cannot be compromised by any kernel or userland bug.all keys generated are bound to the device cryptographically.
    keymaster support on android marshmallow requires the following modules:
    keymaster TA
    gatekeeper.<chipset>.so
    keystore.<chipset>.so
    
    gatekeeper is a trusted source to verify the authenticated state of the device.
    gatekeeper does the following:
    - provides apis to enroll and verify a password
    - returns a signed auth token with a timestamp to unlock keystore/keymaster
    - provides rollback protection on passwords
    
    the gatekeeper architecture includes the following:
    - gatekeeper daemon
    - gatekeeper HAL API
    - hardware gatekeeper
    
    展开全文
  • keymaster的使用

    2020-12-25 13:18:51
    npm intall keymaster -S 使用: import key from 'keymaster' key('a',function(){ console.log('您自定义了快捷键a) return false }) key('ctrl+a', function(){ console.log('您定义了组件快捷键 ctrl + a'...

    安装:

    npm intall keymaster -S
    

    使用:

    import key from 'keymaster'
    // 绑定快捷键
    key('a',function(){
    	console.log('您自定义了快捷键a)
    	return false	
    })
    key('ctrl+a', function(){
    	console.log('您定义了组件快捷键 ctrl + a')
    	return false
    })
    key('ctrl+a,command+a', function(){
    	console.log('您定义了组件快捷键 ctrl+a,command+a')
    	return false
    })
    // 快捷键解绑
    key.unbind('a')
    
    展开全文
  • Disabling the Keymaster TA

    2020-12-05 03:46:38
    I have never worked with a TEE before, and for my thesis I need to run this AOSP build <em>without</em> relying on a hardware backed Keymaster - the Keymaster Trusted Application. In theory disabling...
  • 前端项目-keymaster.zip

    2019-09-03 13:20:29
    前端项目-keymaster,library for defining and dispatching keyboard shortcuts
  • android_hardware_qcom_keymaster
  • <div><p>Android 9 uses Keymaster 4.0. Do you have plans to update OP-TEE to support all services of Keymaster 4.0 ? If yes, how long does it take ? <p>thanks.</p><p>该提问来源于开源项目:OP-TEE/...
  • keymaster官方文档 keymaster接口函数介绍

    快速链接:
    .
    👉👉👉 个人博客笔记导读目录(全部) 👈👈👈


    相关推荐:
    1、Android keymaster4.0- device集成笔记
    2、Android keystore/Keymaster的代码导读

    一、keymaster需求/要求

    1、keymaster提供的功能:
    • Key generation
    • Import and export (public only) of asymmetric keys
    • Import of raw symmetric keys
    • Asymmetric encryption and decryption with appropriate padding modes
    • Asymmetric signing and verification with digesting and appropriate padding modes
    • Symmetric encryption and decryption in appropriate modes, including an AEAD mode
    • Generation and verification of symmetric message authentication codes
    • Attestation to the presence and configuration of asymmetric keys.
    2、keymaster执行环境要求:

    在这里插入图片描述

    • (1)、Isolated execution environments,例如:
      • a separate virtual machine
      • hypervisor
      • TEE
        总之需要独立于android Kernel/Userspace之外的地址空间
    • (2)、StrongBox (完全独立、特殊目的、经过认证的安全CPU),例如:
      • ese (embedded secure elements)
      • SPU (on-SOC secure processing unit)
    4、keymaster对算法的要求:

    (1)、RSA

    • must support 2048, 3072 and 4096-bit keys. If strongbox, must support 2048-bit keys
    • Public exponent F4 (2^16+1)
    • Unpadded, RSASSA-PSS and RSASSA-PKCS1-v1_5 padding modes for RSA signing
    • must support MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512 digest modes for RSA signing
    • Unpadded, RSAES-OAEP and RSAES-PKCS1-v1_5 padding modes for RSA encryption

    (2)、ECDSA

    • must support NIST curves P-224, P-256, P-384, P-521. If strongbox, must support NIST curve P-256
    • must support SHA1, SHA-2 224, SHA-2 256, SHA-2, 384 and SHA-2 512 digest modes. If strongbox, must support SHA-2 256

    (3)、AES

    • 128 and 256-bit keys
    • CBC, CTR, ECB and GCM modes
    • GCM mode的tags大于96,nonce长度不能是96
    • CBC and ECB modes must support unpadded and PKCS7 padding modes. 如果没有padding,且输入不是完整block,将报错:ErrorCode::INVALID_INPUT_LENGTH
    • With PKCS7 padding, GCM and CTR operations must fail with ErrorCode::INCOMPATIBLE_PADDING_MODE

    (4)、3DES

    • 168-bit keys.
    • CBC and ECB mode.
    • CBC and ECB modes must support unpadded and PKCS7 padding modes. 如果没有padding,且输入不是完整block,将报错:ErrorCode::INVALID_INPUT_LENGTH

    (5)、HMAC

    • keysize是64-512,必需是8的倍数
    • must support MD-5, SHA1, SHA-2-224, SHA-2-256, SHA-2-384 and SHA-2-512. If strongbox, must support SHA-2 256
    4、访问权限的约束:

    1、基于硬件的密钥永远不能导出来

    二、keymaster的实现(函数/结构体解读)

    1、HIDL实现(IKeymasterDevice.hal)
    
    getHardwareInfo() generates (SecurityLevel securityLevel, string keymasterName, string keymasterAuthorName);
    返回:securityLevel、keymasterName、keymasterAuthorName
    
    getHmacSharingParameters() generates (ErrorCode error, HmacSharingParameters params);
    computeSharedHmac(vec<HmacSharingParameters> params) generates (ErrorCode error, vec<uint8_t> sharingCheck);
    
    verifyAuthorization(uint64_t operationHandle, vec<KeyParameter> parametersToVerify,HardwareAuthToken authToken)
    	generates (ErrorCode error, VerificationToken token);
    验证authToken,返回token
    
    addRngEntropy(vec<uint8_t> data) generates (ErrorCode error);
    Keymaster使用的RNG增加熵
    
    generateKey(vec<KeyParameter> keyParams)
    	generates (ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
    
    importKey(vec<KeyParameter> keyParams, KeyFormat keyFormat, vec<uint8_t> keyData)
    	generates (ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
    
    importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob,
    	vec<uint8_t> maskingKey, vec<KeyParameter> unwrappingParams,
    	uint64_t passwordSid, uint64_t biometricSid)
    	generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
    
    getKeyCharacteristics(vec<uint8_t> keyBlob, vec<uint8_t> clientId, vec<uint8_t> appData)
    	generates (ErrorCode error, KeyCharacteristics keyCharacteristics);
    
    exportKey(KeyFormat keyFormat, vec<uint8_t> keyBlob, vec<uint8_t> clientId,
    	vec<uint8_t> appData) generates (ErrorCode error, vec<uint8_t> keyMaterial);
    
    attestKey(vec<uint8_t> keyToAttest, vec<KeyParameter> attestParams)
    	generates (ErrorCode error, vec<vec<uint8_t>> certChain);
    // 使用attestationkey生成一个签名
    
    upgradeKey(vec<uint8_t> keyBlobToUpgrade, vec<KeyParameter> upgradeParams)
    	generates (ErrorCode error, vec<uint8_t> upgradedKeyBlob);
    
    deleteKey(vec<uint8_t> keyBlob) generates (ErrorCode error);
    
    deleteAllKeys() generates (ErrorCode error);
    
    destroyAttestationIds() generates (ErrorCode error);
    
    begin(KeyPurpose purpose, vec<uint8_t> keyBlob, vec<KeyParameter> inParams,
    	HardwareAuthToken authToken)
    	generates (ErrorCode error, vec<KeyParameter> outParams, OperationHandle operationHandle);
    
    update(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input,
    	HardwareAuthToken authToken, VerificationToken verificationToken)
    	generates (ErrorCode error, uint32_t inputConsumed, vec<KeyParameter> outParams,
    	vec<uint8_t> output);
    
    finish(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input,
    	vec<uint8_t> signature, HardwareAuthToken authToken, VerificationToken verificationToken)
    	generates (ErrorCode error, vec<KeyParameter> outParams, vec<uint8_t> output);
    

    参考:
    keymaster官方文档
    keymaster接口函数介绍-hal
    keymaster接口函数介绍-type

    展开全文
  • Android TZ Keymaster

    千次阅读 2016-08-25 18:10:25
    keymaster is a newly instroduced key management hardware abstraction layer(hal) component. It defines all apis that must be supported by the OEM. the arm trustzone (TZ) keymaster applicati
    key-master is a newly introduced key management hardware abstraction layer(hal) component.It defines all apis that must be supported by the OEM. ARM trust zone (TZ) keymaster application includes the following:

    1.generation of keys - this involves generating a public keyand a private key for cryptography.
    2.signing and verification - this allows signingof given data with a key stored and accessible by TZ software as well as verifying signed data with a key that is also only accessible by TZ software.

    Types of keymaster HAL are as follows:
    - Software-based keymaster - uses openssl software implementation. Jelly bean comes with a default soft key-master module that does all key operations in software only.
    - Hardware-based keymaster - uses TZ application apis(keymasterapplication).hardware key master support essentially ensures that the key stored is not accessible in HLOS.
    Regardless of key type(RSA/EC),the key blob generate dis encrypted by a key accessible by TZ software only and stored in the file system (FS) on the HLOS end.

    Hardware key-master 1.0 implementation on android marshmallow 


    key master is an access control-based key service with access to trusted hardware-bound crypto.It is implemented as a trustzone-based trusted appllication(TA). Key master cannot be compromised by any kernel or userland bug.all keys generated are bound to the device cryptographically.
    keymaster support on android marshmallow requiresthe following modules:
    keymaster TA
    gatekeeper.<chipset>.so
    keystore.<chipset>.so


    Gatekeeper is a trusted source to verify the authenticated state of the device. gatekeeper does the following:

    - provides apis to enroll and verify a password

    - returns a signed auth token with a timestamp to unlock keystore/key-master

    - provides rollback protection on passwords


    The gatekeeper architecture includes the following:


    - gatekeeper daemon

    - gatekeeper HAL API

    - hardware gatekeeper

    展开全文
  • 2. in android keymaster, it uses ocb ae(Authenticated Encryption) functions, but there is no ocb cipher in optee libtomcrypt, a. is there any plan to add ocb in optee ? b. which cipher I can use to ...
  • - KeyMaster produces reasonable files when given no keys - Those files syntax check with clang <p>The structure is in place to easily support testing actual key generation output with additional ...
  • 1、keymaster@4.0-service的集成 在device.mk中定义了需要集成的keymaster,多选一: android.hardware.keymaster@4.0-service.trustonic android.hardware.keymaster@4.0-service.beanpod android.hardware....
  • Android keystore/Keymaster的代码导读

    千次阅读 2020-08-05 13:48:29
    (system/keymaster/include/keymaster/android_keymaster.h) class AndroidKeymaster { public: AndroidKeymaster(KeymasterContext* context, size_t operation_table_size); virtual ~AndroidKeymaster(); ...
  • Can't resolve 'keymaster'

    2020-12-09 08:24:52
    <p>I tried re-installing <code>react-popup, but still <code>keymaster</code> wasn't downloaded. So, I installed keymaster separately and things worked. </p><p>该提问来源于开源项目:...
  • 它使用将身份验证和证书颁发活动收集到单个日志文件中,该日志文件可以从一个位置进行检索(将Keymaster日志与系统日志(syslog)组合以验证所有证书使用情况(至少针对SSH)可以归因于路线图上将有特定的Keymaster...
  • <div><p>该提问来源于开源项目:Symantec/keymaster</p></div>
  • Android——Keymaster安全检测

    千次阅读 2018-11-08 18:01:28
    Keymaster 概述 &nbsp;&nbsp;&nbsp;工作以来,一直在负责Android系统安全漏洞的跟踪以及修复。最近在处理Android O以上机器的时候遇到了一个坑。当你的升级系统时,如果后一个系统中修改了如:系统版本...
  • <div><p>keymaster插件没有unbind解除按键方法! <p>// set window.key and window.key.set/get/deleteScope, and the default filter global.key = assignKey; global.key.setScope = setScope; ...
  • <div><p>After updating to 0.9.0, got this issue when <code>npm start...keymaster' in '/my-project/node_modules/react-popup/dist' 该提问来源于开源项目:minutemailer/react-popup</p></div>
  • KeyMaster是一款自定义黑莓快捷键的软件,能够帮助扩展黑莓的快捷键,可以使用在BlackBerry ROM 4.2以上的机型
  • KeyMaster想必大家都用过,原理基本就是你安装了这个软件,软件自动从服务器中搜索你所在位置的WIFI的信号所对应的密码,同时将你手机曾经已经保存的SSID和其对应的密码上传到服务器端。虽然软件自带可以取消自己...
  • https://github.com/madrobby/keymaster // define short of 'a' key('a', function(){ alert('you pressed a!') }); // returning false stops the event and prevents default browser events key('ctrl+....
  • Keymaster/ROT/MOTA功能的关联

    千次阅读 2017-09-11 14:19:43
    Keymaster 实现由Android“keystore”守护进程提供的密钥管理API,它可以安全的生成和存储密钥,并运行用户使用这些密钥操作数据 目前KM在qualcomm上有三个版本,KM0.3、KM1.0以及KM2.0 由于2.0版本仅在高端平台...
  • Move keymaster to core

    2020-12-07 10:16:11
    <div><p>该提问来源于开源项目:librespot-org/librespot</p></div>
  • Keymaster是一个简单的微型库,用于在Web应用程序中定义和分派键盘快捷键。 它没有依赖关系。 用法 包含keymaster.js在您使用之前引入,照常加载: &lt; script src = “ keymaster.js ” &gt; &lt;...
  • 1>像往常一样,引入keymaster.js文件到你的项目中。 2>定义快捷键key('a', function(){ alert('you pressed a!') }); // returning false stops the event and prevents default browser events key('ctrl+r', ...
  • 黑莓手机(9780)应用热键软件key master的... 是开发者后来不再开发就把此软件给共享了出来。我有幸保存了一份。 所以共享出来,顺便为自己赚点下载积分。小弟实在是太穷,好多东西下不来。不过此工具很好,值5分。

空空如也

空空如也

1 2 3 4 5 ... 8
收藏数 155
精华内容 62
关键字:

keymaster