Revert "Fix build: Revert "Use keymaster 1.0 softkeymaster""
This reverts commit d48cb24f77c1ddf8034c9aac4f5046f0f0c3f91f.
Change-Id: I774a418f30b1f57fbccdb06efe242b0212370f02
diff --git a/keystore/Android.mk b/keystore/Android.mk
index 42d05f7..dc161ce 100644
--- a/keystore/Android.mk
+++ b/keystore/Android.mk
@@ -31,9 +31,11 @@
liblog \
libsoftkeymaster \
libutils \
- libselinux
+ libselinux \
+ libsoftkeymasterdevice
LOCAL_MODULE := keystore
LOCAL_MODULE_TAGS := optional
+LOCAL_C_INCLUES := system/keymaster/
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
include $(BUILD_EXECUTABLE)
@@ -56,7 +58,7 @@
endif
LOCAL_CFLAGS := -Wall -Wextra -Werror
LOCAL_SRC_FILES := IKeystoreService.cpp keystore_get.cpp keyblob_utils.cpp
-LOCAL_SHARED_LIBRARIES := libbinder libutils liblog
+LOCAL_SHARED_LIBRARIES := libbinder libutils liblog libsoftkeymasterdevice
LOCAL_MODULE := libkeystore_binder
LOCAL_MODULE_TAGS := optional
LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 9aefd74..c10dbdf 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -44,6 +44,7 @@
#include <hardware/keymaster0.h>
#include <keymaster/softkeymaster.h>
+#include <keymaster/soft_keymaster_device.h>
#include <UniquePtr.h>
#include <utils/String8.h>
@@ -127,20 +128,12 @@
return rc;
}
-static int fallback_keymaster_device_initialize(keymaster0_device_t** dev) {
- int rc;
- rc = openssl_open(reinterpret_cast<hw_module_t*>(&softkeymaster_module),
- KEYSTORE_KEYMASTER,
- reinterpret_cast<hw_device_t**>(dev));
- if (rc) {
- ALOGE("could not open softkeymaster device (%s)",
- strerror(-rc));
- goto out;
- }
+static int fallback_keymaster_device_initialize(keymaster1_device_t** dev) {
+ keymaster::SoftKeymasterDevice* softkeymaster =
+ new keymaster::SoftKeymasterDevice();
+ // SoftKeymasterDevice is designed to make this cast safe.
+ *dev = reinterpret_cast<keymaster1_device_t*>(softkeymaster);
return 0;
-out:
- *dev = NULL;
- return rc;
}
static void keymaster_device_release(keymaster0_device_t* dev) {
@@ -964,7 +957,7 @@
class KeyStore {
public:
- KeyStore(Entropy* entropy, keymaster0_device_t* device, keymaster0_device_t* fallback)
+ KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback)
: mEntropy(entropy)
, mDevice(device)
, mFallbackDevice(fallback)
@@ -986,15 +979,21 @@
mMasterKeys.clear();
}
- keymaster0_device_t *getDevice() const {
+ /**
+ * Depending on the hardware keymaster version is this may return a
+ * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from
+ * keymaster0 are safe to call, calls to keymaster1_device_t methods should
+ * be guarded by a check on the device's version.
+ */
+ keymaster1_device_t *getDevice() const {
return mDevice;
}
- keymaster0_device_t *getFallbackDevice() const {
+ keymaster1_device_t *getFallbackDevice() const {
return mFallbackDevice;
}
- keymaster0_device_t *getDeviceForBlob(const Blob& blob) const {
+ keymaster1_device_t *getDeviceForBlob(const Blob& blob) const {
return blob.isFallback() ? mFallbackDevice: mDevice;
}
@@ -1392,8 +1391,8 @@
static const android::String16 sRSAKeyType;
Entropy* mEntropy;
- keymaster0_device_t* mDevice;
- keymaster0_device_t* mFallbackDevice;
+ keymaster1_device_t* mDevice;
+ keymaster1_device_t* mFallbackDevice;
android::Vector<UserState*> mMasterKeys;
@@ -1872,8 +1871,8 @@
int rc;
bool isFallback = false;
- const keymaster0_device_t* device = mKeyStore->getDevice();
- const keymaster0_device_t* fallback = mKeyStore->getFallbackDevice();
+ const keymaster1_device_t* device = mKeyStore->getDevice();
+ const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
if (device == NULL) {
return ::SYSTEM_ERROR;
}
@@ -2048,7 +2047,7 @@
return responseCode;
}
- const keymaster0_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
+ const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
if (device == NULL) {
ALOGE("no keymaster device; cannot sign");
return ::SYSTEM_ERROR;
@@ -2097,7 +2096,7 @@
return responseCode;
}
- const keymaster0_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
+ const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
if (device == NULL) {
return ::SYSTEM_ERROR;
}
@@ -2149,7 +2148,7 @@
return responseCode;
}
- const keymaster0_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
+ const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
if (device == NULL) {
return ::SYSTEM_ERROR;
}
@@ -2350,7 +2349,7 @@
return ::PERMISSION_DENIED;
}
- const keymaster0_device_t* device = mKeyStore->getDevice();
+ const keymaster1_device_t* device = mKeyStore->getDevice();
if (device == NULL) {
ALOGW("can't get keymaster device");
return ::SYSTEM_ERROR;
@@ -2498,7 +2497,7 @@
return false;
}
- bool isKeyTypeSupported(const keymaster0_device_t* device, keymaster_keypair_t keyType) {
+ bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType) {
const int32_t device_api = device->common.module->module_api_version;
if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) {
switch (keyType) {
@@ -2551,7 +2550,7 @@
return 1;
}
- keymaster0_device_t* fallback;
+ keymaster1_device_t* fallback;
if (fallback_keymaster_device_initialize(&fallback)) {
ALOGE("software keymaster could not be initialized; exiting");
return 1;
@@ -2570,7 +2569,7 @@
ALOGI("SELinux: Keystore SELinux is disabled.\n");
}
- KeyStore keyStore(&entropy, dev, fallback);
+ KeyStore keyStore(&entropy, reinterpret_cast<keymaster1_device_t*>(dev), fallback);
keyStore.initialize();
android::sp<android::IServiceManager> sm = android::defaultServiceManager();
android::sp<android::KeyStoreProxy> proxy = new android::KeyStoreProxy(&keyStore);