commit 0329a82c48aeea98b87a9ea4598a3a49619a482e
author Shawn Willden <swillden@google.com> Mon Dec 04 13:55:14 2017 -0700
committer Shawn Willden <swillden@google.com> Wed Dec 20 09:01:01 2017 -0700
tree cf6362ee88242a3f10c8f982d45294e4e623cdfe
parent c67a8aa3f536904264e64feca9009b79788ea2ae

Move keystore to Keymaster4

Test: CTS
Change-Id: I6b7fa300f505ee685b1fe503edea3188225a98e3

keystore/KeyStore.cpp

diff --git a/keystore/KeyStore.cpp b/keystore/KeyStore.cpp
index 4cdae1d..fd5b26d 100644
--- a/keystore/KeyStore.cpp
+++ b/keystore/KeyStore.cpp
@@ -35,10 +35,11 @@
 
 namespace keystore {
 
-const char* KeyStore::sOldMasterKey = ".masterkey";
-const char* KeyStore::sMetaDataFile = ".metadata";
+const char* KeyStore::kOldMasterKey = ".masterkey";
+const char* KeyStore::kMetaDataFile = ".metadata";
 
-const android::String16 KeyStore::sRSAKeyType("RSA");
+const android::String16 KeyStore::kRsaKeyType("RSA");
+const android::String16 KeyStore::kEcKeyType("EC");
 
 using android::String8;
 
@@ -548,23 +549,22 @@
     return put(filename, &keyBlob, userId);
 }
 
-bool KeyStore::isHardwareBacked(const android::String16& /*keyType*/) const {
-    using ::android::hardware::hidl_string;
+bool KeyStore::isHardwareBacked(const android::String16& keyType) const {
     if (mDevice == NULL) {
         ALOGW("can't get keymaster device");
         return false;
     }
 
-    bool isSecure = false;
-    auto hidlcb = [&](bool _isSecure, bool, bool, bool, bool, const hidl_string&,
-                      const hidl_string&) { isSecure = _isSecure; };
-    auto rc = mDevice->getHardwareFeatures(hidlcb);
-    if (!rc.isOk()) {
-        ALOGE("Communication with keymaster HAL failed while retrieving hardware features (%s)",
-              rc.description().c_str());
+    auto version = mDevice->halVersion();
+    if (version.error != ErrorCode::OK) {
+        ALOGE("Failed to get HAL version info");
         return false;
     }
-    return isSecure;
+
+    if (!version.isSecure) return false;
+
+    if (keyType == kRsaKeyType) return true;  // All versions support RSA
+    return keyType == kEcKeyType && version.supportsEc;
 }
 
 ResponseCode KeyStore::getKeyForName(Blob* keyBlob, const android::String8& keyName,
@@ -701,7 +701,7 @@
 }
 
 void KeyStore::readMetaData() {
-    int in = TEMP_FAILURE_RETRY(open(sMetaDataFile, O_RDONLY));
+    int in = TEMP_FAILURE_RETRY(open(kMetaDataFile, O_RDONLY));
     if (in < 0) {
         return;
     }
@@ -726,7 +726,7 @@
               sizeof(mMetaData));
     }
     close(out);
-    rename(tmpFileName, sMetaDataFile);
+    rename(tmpFileName, kMetaDataFile);
 }
 
 bool KeyStore::upgradeKeystore() {
@@ -739,8 +739,8 @@
         userState->initialize();
 
         // Migrate the old .masterkey file to user 0.
-        if (access(sOldMasterKey, R_OK) == 0) {
-            if (rename(sOldMasterKey, userState->getMasterKeyFileName()) < 0) {
+        if (access(kOldMasterKey, R_OK) == 0) {
+            if (rename(kOldMasterKey, userState->getMasterKeyFileName()) < 0) {
                 ALOGE("couldn't migrate old masterkey: %s", strerror(errno));
                 return false;
             }