commit 0c540aad5915e6aa34345049be96f28b64d0e84c
author Kenny Root <kroot@google.com> Wed Apr 03 09:22:15 2013 -0700
committer Kenny Root <kroot@google.com> Thu Apr 11 14:38:29 2013 -0700
tree a2b8c589f6356f839c42867e2e81a6f8f2023873
parent a6fe620941f04b55ecefb8f82d866a264cac9b9e

keystore: Add flag for blobs to be unencrypted

In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.

Bug: 8122243
Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd

keystore/IKeystoreService.cpp

diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp
index e899c12..46f7244 100644
--- a/keystore/IKeystoreService.cpp
+++ b/keystore/IKeystoreService.cpp
@@ -89,7 +89,8 @@
         return 0;
     }
 
-    virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid)
+    virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
+            int32_t flags)
     {
         Parcel data, reply;
         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
@@ -98,6 +99,7 @@
         void* buf = data.writeInplace(itemLength);
         memcpy(buf, item, itemLength);
         data.writeInt32(uid);
+        data.writeInt32(flags);
         status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
         if (status != NO_ERROR) {
             ALOGD("import() could not contact remote: %d\n", status);
@@ -268,12 +270,13 @@
         return ret;
     }
 
-    virtual int32_t generate(const String16& name, int uid)
+    virtual int32_t generate(const String16& name, int uid, int32_t flags)
     {
         Parcel data, reply;
         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
         data.writeString16(name);
         data.writeInt32(uid);
+        data.writeInt32(flags);
         status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
         if (status != NO_ERROR) {
             ALOGD("generate() could not contact remote: %d\n", status);
@@ -288,7 +291,8 @@
         return ret;
     }
 
-    virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid)
+    virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
+            int flags)
     {
         Parcel data, reply;
         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
@@ -297,6 +301,7 @@
         void* buf = data.writeInplace(keyLength);
         memcpy(buf, key, keyLength);
         data.writeInt32(uid);
+        data.writeInt32(flags);
         status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
         if (status != NO_ERROR) {
             ALOGD("import() could not contact remote: %d\n", status);
@@ -593,7 +598,8 @@
                 inSize = 0;
             }
             int uid = data.readInt32();
-            int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid);
+            int32_t flags = data.readInt32();
+            int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
             reply->writeNoException();
             reply->writeInt32(ret);
             return NO_ERROR;
@@ -672,7 +678,8 @@
             CHECK_INTERFACE(IKeystoreService, data, reply);
             String16 name = data.readString16();
             int uid = data.readInt32();
-            int32_t ret = generate(name, uid);
+            int32_t flags = data.readInt32();
+            int32_t ret = generate(name, uid, flags);
             reply->writeNoException();
             reply->writeInt32(ret);
             return NO_ERROR;
@@ -689,7 +696,8 @@
                 inSize = 0;
             }
             int uid = data.readInt32();
-            int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid);
+            int32_t flags = data.readInt32();
+            int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
             reply->writeNoException();
             reply->writeInt32(ret);
             return NO_ERROR;