Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
(cherry picked from commit 1b0e3933900c7ea21189704d5db64e7346aee7af)
Bug: 10600582
Change-Id: I52418ade881d053229dd3c1d0cf438823468b51b
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index b4cb64d..c890537 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -1111,8 +1111,19 @@
return put(filename, &keyBlob, uid);
}
- bool isHardwareBacked() const {
- return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0;
+ bool isHardwareBacked(const android::String16& keyType) const {
+ if (mDevice == NULL) {
+ ALOGW("can't get keymaster device");
+ return false;
+ }
+
+ if (sRSAKeyType == keyType) {
+ return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0;
+ } else {
+ return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0
+ && (mDevice->common.module->module_api_version
+ >= KEYMASTER_MODULE_API_VERSION_0_2);
+ }
}
ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid,
@@ -1207,6 +1218,7 @@
private:
static const char* sOldMasterKey;
static const char* sMetaDataFile;
+ static const android::String16 sRSAKeyType;
Entropy* mEntropy;
keymaster_device_t* mDevice;
@@ -1423,6 +1435,8 @@
const char* KeyStore::sOldMasterKey = ".masterkey";
const char* KeyStore::sMetaDataFile = ".metadata";
+const android::String16 KeyStore::sRSAKeyType("RSA");
+
namespace android {
class KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient {
public:
@@ -2219,8 +2233,8 @@
return mKeyStore->put(targetFile.string(), &keyBlob, callingUid);
}
- int32_t is_hardware_backed() {
- return mKeyStore->isHardwareBacked() ? 1 : 0;
+ int32_t is_hardware_backed(const String16& keyType) {
+ return mKeyStore->isHardwareBacked(keyType) ? 1 : 0;
}
int32_t clear_uid(int64_t targetUid) {