Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp
index 21dce27..727e746 100644
--- a/keystore/IKeystoreService.cpp
+++ b/keystore/IKeystoreService.cpp
@@ -542,10 +542,11 @@
return ret;
}
- virtual int32_t is_hardware_backed()
+ virtual int32_t is_hardware_backed(const String16& keyType)
{
Parcel data, reply;
data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
+ data.writeString16(keyType);
status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
if (status != NO_ERROR) {
ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
@@ -860,7 +861,8 @@
} break;
case IS_HARDWARE_BACKED: {
CHECK_INTERFACE(IKeystoreService, data, reply);
- int32_t ret = is_hardware_backed();
+ String16 keyType = data.readString16();
+ int32_t ret = is_hardware_backed(keyType);
reply->writeNoException();
reply->writeInt32(ret);
return NO_ERROR;
diff --git a/keystore/include/keystore/IKeystoreService.h b/keystore/include/keystore/IKeystoreService.h
index 7c508a8..d7281e3 100644
--- a/keystore/include/keystore/IKeystoreService.h
+++ b/keystore/include/keystore/IKeystoreService.h
@@ -117,7 +117,7 @@
virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
int32_t destUid) = 0;
- virtual int32_t is_hardware_backed() = 0;
+ virtual int32_t is_hardware_backed(const String16& keyType) = 0;
virtual int32_t clear_uid(int64_t uid) = 0;
};
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index b4cb64d..c890537 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -1111,8 +1111,19 @@
return put(filename, &keyBlob, uid);
}
- bool isHardwareBacked() const {
- return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0;
+ bool isHardwareBacked(const android::String16& keyType) const {
+ if (mDevice == NULL) {
+ ALOGW("can't get keymaster device");
+ return false;
+ }
+
+ if (sRSAKeyType == keyType) {
+ return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0;
+ } else {
+ return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0
+ && (mDevice->common.module->module_api_version
+ >= KEYMASTER_MODULE_API_VERSION_0_2);
+ }
}
ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid,
@@ -1207,6 +1218,7 @@
private:
static const char* sOldMasterKey;
static const char* sMetaDataFile;
+ static const android::String16 sRSAKeyType;
Entropy* mEntropy;
keymaster_device_t* mDevice;
@@ -1423,6 +1435,8 @@
const char* KeyStore::sOldMasterKey = ".masterkey";
const char* KeyStore::sMetaDataFile = ".metadata";
+const android::String16 KeyStore::sRSAKeyType("RSA");
+
namespace android {
class KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient {
public:
@@ -2219,8 +2233,8 @@
return mKeyStore->put(targetFile.string(), &keyBlob, callingUid);
}
- int32_t is_hardware_backed() {
- return mKeyStore->isHardwareBacked() ? 1 : 0;
+ int32_t is_hardware_backed(const String16& keyType) {
+ return mKeyStore->isHardwareBacked(keyType) ? 1 : 0;
}
int32_t clear_uid(int64_t targetUid) {