Update Keystore to use keymaster2 HAL.

This CL doesn't wire in any of the new keymaster2 features, it just uses
the keymaster2 HAL rather than the keymaster1 HAL.  This means that if
keymaster1 hardware is found, it is unconditionally wrapped in
SoftKeymasterDevice, so keymaster2 functionality can (eventually) be
provided.

Change-Id: Ica2cb0751e4e0a82c56c36b03f94da54ef62d9a3
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 9db333b..9fbb6bc 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -560,8 +560,8 @@
 }
 
 int32_t KeyStoreService::addRngEntropy(const uint8_t* data, size_t dataLength) {
-    const keymaster1_device_t* device = mKeyStore->getDevice();
-    const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
+    const auto* device = mKeyStore->getDevice();
+    const auto* fallback = mKeyStore->getFallbackDevice();
     int32_t devResult = KM_ERROR_UNIMPLEMENTED;
     int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED;
     if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 &&
@@ -592,10 +592,10 @@
     rc = KM_ERROR_UNIMPLEMENTED;
     bool isFallback = false;
     keymaster_key_blob_t blob;
-    keymaster_key_characteristics_t* out = NULL;
+    keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}};
 
-    const keymaster1_device_t* device = mKeyStore->getDevice();
-    const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
+    const auto* device = mKeyStore->getDevice();
+    const auto* fallback = mKeyStore->getFallbackDevice();
     std::vector<keymaster_key_param_t> opParams(params.params);
     const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()};
     if (device == NULL) {
@@ -612,7 +612,8 @@
             rc = KM_ERROR_UNIMPLEMENTED;
         }
         if (rc == KM_ERROR_OK) {
-            rc = device->generate_key(device, &inParams, &blob, &out);
+            rc =
+                device->generate_key(device, &inParams, &blob, outCharacteristics ? &out : nullptr);
         }
     }
     // If the HW device didn't support generate_key or generate_key failed
@@ -628,17 +629,13 @@
             rc = KM_ERROR_UNIMPLEMENTED;
         }
         if (rc == KM_ERROR_OK) {
-            rc = fallback->generate_key(fallback, &inParams, &blob, &out);
+            rc = fallback->generate_key(fallback, &inParams, &blob,
+                                        outCharacteristics ? &out : nullptr);
         }
     }
 
-    if (out) {
-        if (outCharacteristics) {
-            outCharacteristics->characteristics = *out;
-        } else {
-            keymaster_free_characteristics(out);
-        }
-        free(out);
+    if (outCharacteristics) {
+        outCharacteristics->characteristics = out;
     }
 
     if (rc) {
@@ -679,18 +676,19 @@
     keymaster_key_blob_t key;
     key.key_material_size = keyBlob.getLength();
     key.key_material = keyBlob.getValue();
-    keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob);
-    keymaster_key_characteristics_t* out = NULL;
+    auto* dev = mKeyStore->getDeviceForBlob(keyBlob);
+    keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}};
     if (!dev->get_key_characteristics) {
-        ALOGW("device does not implement get_key_characteristics");
+        ALOGE("device does not implement get_key_characteristics");
         return KM_ERROR_UNIMPLEMENTED;
     }
     rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out);
-    if (out) {
-        outCharacteristics->characteristics = *out;
-        free(out);
+    if (rc != KM_ERROR_OK) {
+        return rc;
     }
-    return rc ? rc : ::NO_ERROR;
+
+    outCharacteristics->characteristics = out;
+    return ::NO_ERROR;
 }
 
 int32_t KeyStoreService::importKey(const String16& name, const KeymasterArguments& params,
@@ -706,10 +704,10 @@
     rc = KM_ERROR_UNIMPLEMENTED;
     bool isFallback = false;
     keymaster_key_blob_t blob;
-    keymaster_key_characteristics_t* out = NULL;
+    keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}};
 
-    const keymaster1_device_t* device = mKeyStore->getDevice();
-    const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
+    const auto* device = mKeyStore->getDevice();
+    const auto* fallback = mKeyStore->getFallbackDevice();
     std::vector<keymaster_key_param_t> opParams(params.params);
     const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()};
     const keymaster_blob_t input = {keyData, keyLength};
@@ -718,21 +716,19 @@
     }
     if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 &&
         device->import_key != NULL) {
-        rc = device->import_key(device, &inParams, format, &input, &blob, &out);
+        rc = device->import_key(device, &inParams, format, &input, &blob,
+                                outCharacteristics ? &out : nullptr);
     }
     if (rc && fallback->import_key != NULL) {
         ALOGW("Primary keymaster device failed to import key, falling back to SW.");
         isFallback = true;
-        rc = fallback->import_key(fallback, &inParams, format, &input, &blob, &out);
+        rc = fallback->import_key(fallback, &inParams, format, &input, &blob,
+                                  outCharacteristics ? &out : nullptr);
     }
-    if (out) {
-        if (outCharacteristics) {
-            outCharacteristics->characteristics = *out;
-        } else {
-            keymaster_free_characteristics(out);
-        }
-        free(out);
+    if (outCharacteristics) {
+        outCharacteristics->characteristics = out;
     }
+
     if (rc) {
         return rc;
     }
@@ -744,7 +740,7 @@
     keyBlob.setFallback(isFallback);
     keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
 
-    free((void*)blob.key_material);
+    free(const_cast<uint8_t*>(blob.key_material));
 
     return mKeyStore->put(filename.string(), &keyBlob, get_user_id(uid));
 }
@@ -768,7 +764,7 @@
     keymaster_key_blob_t key;
     key.key_material_size = keyBlob.getLength();
     key.key_material = keyBlob.getValue();
-    keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob);
+    auto* dev = mKeyStore->getDeviceForBlob(keyBlob);
     if (!dev->export_key) {
         result->resultCode = KM_ERROR_UNIMPLEMENTED;
         return;
@@ -806,7 +802,7 @@
     key.key_material_size = keyBlob.getLength();
     key.key_material = keyBlob.getValue();
     keymaster_operation_handle_t handle;
-    keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob);
+    auto* dev = mKeyStore->getDeviceForBlob(keyBlob);
     keymaster_error_t err = KM_ERROR_UNIMPLEMENTED;
     std::vector<keymaster_key_param_t> opParams(params.params);
     Unique_keymaster_key_characteristics characteristics;
@@ -915,7 +911,7 @@
         result->resultCode = KM_ERROR_INVALID_ARGUMENT;
         return;
     }
-    const keymaster1_device_t* dev;
+    const keymaster2_device_t* dev;
     keymaster_operation_handle_t handle;
     keymaster_purpose_t purpose;
     keymaster::km_id_t keyid;
@@ -966,7 +962,7 @@
         result->resultCode = KM_ERROR_INVALID_ARGUMENT;
         return;
     }
-    const keymaster1_device_t* dev;
+    const keymaster2_device_t* dev;
     keymaster_operation_handle_t handle;
     keymaster_purpose_t purpose;
     keymaster::km_id_t keyid;
@@ -995,9 +991,10 @@
     }
 
     keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()};
-    keymaster_blob_t input = {signature, signatureLength};
-    keymaster_blob_t output = {NULL, 0};
-    keymaster_key_param_set_t outParams = {NULL, 0};
+    keymaster_blob_t input = {nullptr, 0};
+    keymaster_blob_t sig = {signature, signatureLength};
+    keymaster_blob_t output = {nullptr, 0};
+    keymaster_key_param_set_t outParams = {nullptr, 0};
 
     // Check that all key authorization policy requirements are met.
     keymaster::AuthorizationSet key_auths(characteristics->hw_enforced);
@@ -1010,7 +1007,9 @@
         return;
     }
 
-    err = dev->finish(dev, handle, &inParams, &input, &outParams, &output);
+    err =
+        dev->finish(dev, handle, &inParams, &input /* TODO(swillden): wire up input to finish() */,
+                    &sig, &outParams, &output);
     // Remove the operation regardless of the result
     mOperationMap.removeOperation(token);
     mAuthTokenTable.MarkCompleted(handle);
@@ -1025,7 +1024,7 @@
 }
 
 int32_t KeyStoreService::abort(const sp<IBinder>& token) {
-    const keymaster1_device_t* dev;
+    const keymaster2_device_t* dev;
     keymaster_operation_handle_t handle;
     keymaster_purpose_t purpose;
     keymaster::km_id_t keyid;
@@ -1047,7 +1046,7 @@
 }
 
 bool KeyStoreService::isOperationAuthorized(const sp<IBinder>& token) {
-    const keymaster1_device_t* dev;
+    const keymaster2_device_t* dev;
     keymaster_operation_handle_t handle;
     const keymaster_key_characteristics_t* characteristics;
     keymaster_purpose_t purpose;
@@ -1185,7 +1184,7 @@
     return false;
 }
 
-bool KeyStoreService::isKeyTypeSupported(const keymaster1_device_t* device,
+bool KeyStoreService::isKeyTypeSupported(const keymaster2_device_t* device,
                                          keymaster_keypair_t keyType) {
     const int32_t device_api = device->common.module->module_api_version;
     if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) {
@@ -1231,7 +1230,7 @@
 }
 
 keymaster_error_t KeyStoreService::getOperationCharacteristics(
-    const keymaster_key_blob_t& key, const keymaster1_device_t* dev,
+    const keymaster_key_blob_t& key, const keymaster2_device_t* dev,
     const std::vector<keymaster_key_param_t>& params, keymaster_key_characteristics_t* out) {
     UniquePtr<keymaster_blob_t> appId;
     UniquePtr<keymaster_blob_t> appData;
@@ -1246,15 +1245,14 @@
             appData->data_length = param.blob.data_length;
         }
     }
-    keymaster_key_characteristics_t* result = NULL;
+    keymaster_key_characteristics_t result = {{nullptr, 0}, {nullptr, 0}};
     if (!dev->get_key_characteristics) {
         return KM_ERROR_UNIMPLEMENTED;
     }
     keymaster_error_t error =
         dev->get_key_characteristics(dev, &key, appId.get(), appData.get(), &result);
-    if (result) {
-        *out = *result;
-        free(result);
+    if (error == KM_ERROR_OK) {
+        *out = result;
     }
     return error;
 }
@@ -1324,7 +1322,7 @@
     const hw_auth_token_t* authToken = NULL;
     mOperationMap.getOperationAuthToken(token, &authToken);
     if (!authToken) {
-        const keymaster1_device_t* dev;
+        const keymaster2_device_t* dev;
         keymaster_operation_handle_t handle;
         const keymaster_key_characteristics_t* characteristics = NULL;
         keymaster_purpose_t purpose;
diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h
index 1f0f2cc..e61bdea 100644
--- a/keystore/key_store_service.h
+++ b/keystore/key_store_service.h
@@ -162,7 +162,7 @@
 
     bool isKeystoreUnlocked(State state);
 
-    bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType);
+    bool isKeyTypeSupported(const keymaster2_device_t* device, keymaster_keypair_t keyType);
 
     /**
      * Check that all keymaster_key_param_t's provided by the application are
@@ -171,7 +171,7 @@
     bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params);
 
     keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key,
-                                                  const keymaster1_device_t* dev,
+                                                  const keymaster2_device_t* dev,
                                                   const std::vector<keymaster_key_param_t>& params,
                                                   keymaster_key_characteristics_t* out);
 
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 0d8dc21..457a60a 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -34,7 +34,7 @@
 const android::String16 KeyStore::sRSAKeyType("RSA");
 const android::String16 KeyStore::sECKeyType("EC");
 
-KeyStore::KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback)
+KeyStore::KeyStore(Entropy* entropy, keymaster2_device_t* device, keymaster2_device_t* fallback)
     : mEntropy(entropy), mDevice(device), mFallbackDevice(fallback) {
     memset(&mMetaData, '\0', sizeof(mMetaData));
 }
@@ -293,7 +293,7 @@
         }
     }
     if (keyBlob.getType() == ::TYPE_KEYMASTER_10) {
-        keymaster1_device_t* dev = getDeviceForBlob(keyBlob);
+        auto* dev = getDeviceForBlob(keyBlob);
         if (dev->delete_key) {
             keymaster_key_blob_t blob;
             blob.key_material = keyBlob.getValue();
diff --git a/keystore/keystore.h b/keystore/keystore.h
index 5ef8842..62d7294 100644
--- a/keystore/keystore.h
+++ b/keystore/keystore.h
@@ -19,7 +19,7 @@
 
 #include "user_state.h"
 
-#include <hardware/keymaster1.h>
+#include <hardware/keymaster2.h>
 
 #include <utils/Vector.h>
 
@@ -32,20 +32,14 @@
 
 class KeyStore {
   public:
-    KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback);
+    KeyStore(Entropy* entropy, keymaster2_device_t* device, keymaster2_device_t* fallback);
     ~KeyStore();
 
-    /**
-     * Depending on the hardware keymaster version is this may return a
-     * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from
-     * keymaster0 are safe to call, calls to keymaster1_device_t methods should
-     * be guarded by a check on the device's version.
-     */
-    keymaster1_device_t* getDevice() const { return mDevice; }
+    keymaster2_device_t* getDevice() const { return mDevice; }
 
-    keymaster1_device_t* getFallbackDevice() const { return mFallbackDevice; }
+    keymaster2_device_t* getFallbackDevice() const { return mFallbackDevice; }
 
-    keymaster1_device_t* getDeviceForBlob(const Blob& blob) const {
+    keymaster2_device_t* getDeviceForBlob(const Blob& blob) const {
         return blob.isFallback() ? mFallbackDevice : mDevice;
     }
 
@@ -120,8 +114,8 @@
     static const android::String16 sECKeyType;
     Entropy* mEntropy;
 
-    keymaster1_device_t* mDevice;
-    keymaster1_device_t* mFallbackDevice;
+    keymaster2_device_t* mDevice;
+    keymaster2_device_t* mFallbackDevice;
 
     android::Vector<UserState*> mMasterKeys;
 
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index 57b94b2..a2b75f6 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp
@@ -38,7 +38,7 @@
 
 using keymaster::SoftKeymasterDevice;
 
-static int keymaster0_device_initialize(const hw_module_t* mod, keymaster1_device_t** dev) {
+static int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
     assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0);
     ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version);
 
@@ -57,11 +57,11 @@
         km0_device->common.close(&km0_device->common);
         km0_device = NULL;
         // SoftKeymasterDevice will be deleted by keymaster_device_release()
-        *dev = soft_keymaster.release()->keymaster_device();
+        *dev = soft_keymaster.release()->keymaster2_device();
         return 0;
     }
 
-    ALOGE("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name);
+    ALOGD("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name);
     error = soft_keymaster->SetHardwareDevice(km0_device);
     km0_device = NULL;  // SoftKeymasterDevice has taken ownership.
     if (error != KM_ERROR_OK) {
@@ -70,8 +70,8 @@
         goto err;
     }
 
-    // SoftKeymasterDevice will be deleted by keymaster_device_release()
-    *dev = soft_keymaster.release()->keymaster_device();
+    // SoftKeymasterDevice will be deleted by  keymaster_device_release()
+    *dev = soft_keymaster.release()->keymaster2_device();
     return 0;
 
 err:
@@ -81,12 +81,12 @@
     return rc;
 }
 
-static int keymaster1_device_initialize(const hw_module_t* mod, keymaster1_device_t** dev) {
+static int keymaster1_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
     assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0);
     ALOGI("Found keymaster1 module %s, version %x", mod->name, mod->module_api_version);
 
     UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice);
-    keymaster1_device_t* km1_device = NULL;
+    keymaster1_device_t* km1_device = nullptr;
     keymaster_error_t error = KM_ERROR_OK;
 
     int rc = keymaster1_open(mod, &km1_device);
@@ -95,30 +95,18 @@
         goto err;
     }
 
+    ALOGD("Wrapping keymaster1 module %s with SofKeymasterDevice", mod->name);
     error = soft_keymaster->SetHardwareDevice(km1_device);
-    km1_device = NULL;  // SoftKeymasterDevice has taken ownership.
+    km1_device = nullptr;  // SoftKeymasterDevice has taken ownership.
     if (error != KM_ERROR_OK) {
         ALOGE("Got error %d from SetHardwareDevice", error);
         rc = error;
         goto err;
     }
 
-    if (!soft_keymaster->Keymaster1DeviceIsGood()) {
-        ALOGI("Keymaster1 module is incomplete, using SoftKeymasterDevice wrapper");
-        // SoftKeymasterDevice will be deleted by keymaster_device_release()
-        *dev = soft_keymaster.release()->keymaster_device();
-        return 0;
-    } else {
-        ALOGI("Keymaster1 module is good, destroying wrapper and re-opening");
-        soft_keymaster.reset(NULL);
-        rc = keymaster1_open(mod, &km1_device);
-        if (rc) {
-            ALOGE("Error %d re-opening keystore keymaster1 device.", rc);
-            goto err;
-        }
-        *dev = km1_device;
-        return 0;
-    }
+    // SoftKeymasterDevice will be deleted by keymaster_device_release()
+    *dev = soft_keymaster.release()->keymaster2_device();
+    return 0;
 
 err:
     if (km1_device)
@@ -127,21 +115,46 @@
     return rc;
 }
 
-static int keymaster_device_initialize(keymaster1_device_t** dev) {
+static int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
+    assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_2_0);
+    ALOGI("Found keymaster2 module %s, version %x", mod->name, mod->module_api_version);
+
+    UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice);
+    keymaster2_device_t* km2_device = nullptr;
+
+    int rc = keymaster2_open(mod, &km2_device);
+    if (rc) {
+        ALOGE("Error %d opening keystore keymaster2 device", rc);
+        goto err;
+    }
+
+    *dev = km2_device;
+    return 0;
+
+err:
+    if (km2_device)
+        km2_device->common.close(&km2_device->common);
+    *dev = nullptr;
+    return rc;
+}
+
+static int keymaster_device_initialize(keymaster2_device_t** dev) {
     const hw_module_t* mod;
 
     int rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
     if (rc) {
         ALOGI("Could not find any keystore module, using software-only implementation.");
         // SoftKeymasterDevice will be deleted by keymaster_device_release()
-        *dev = (new SoftKeymasterDevice)->keymaster_device();
+        *dev = (new SoftKeymasterDevice)->keymaster2_device();
         return 0;
     }
 
     if (mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0) {
         return keymaster0_device_initialize(mod, dev);
-    } else {
+    } else if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
         return keymaster1_device_initialize(mod, dev);
+    } else {
+        return keymaster2_device_initialize(mod, dev);
     }
 }
 
@@ -149,13 +162,13 @@
 // logger used by SoftKeymasterDevice.
 static keymaster::SoftKeymasterLogger softkeymaster_logger;
 
-static int fallback_keymaster_device_initialize(keymaster1_device_t** dev) {
-    *dev = (new SoftKeymasterDevice)->keymaster_device();
+static int fallback_keymaster_device_initialize(keymaster2_device_t** dev) {
+    *dev = (new SoftKeymasterDevice)->keymaster2_device();
     // SoftKeymasterDevice will be deleted by keymaster_device_release()
     return 0;
 }
 
-static void keymaster_device_release(keymaster1_device_t* dev) {
+static void keymaster_device_release(keymaster2_device_t* dev) {
     dev->common.close(&dev->common);
 }
 
@@ -174,13 +187,13 @@
         return 1;
     }
 
-    keymaster1_device_t* dev;
+    keymaster2_device_t* dev;
     if (keymaster_device_initialize(&dev)) {
         ALOGE("keystore keymaster could not be initialized; exiting");
         return 1;
     }
 
-    keymaster1_device_t* fallback;
+    keymaster2_device_t* fallback;
     if (fallback_keymaster_device_initialize(&fallback)) {
         ALOGE("software keymaster could not be initialized; exiting");
         return 1;
diff --git a/keystore/operation.cpp b/keystore/operation.cpp
index 3b381c4..72aa95f 100644
--- a/keystore/operation.cpp
+++ b/keystore/operation.cpp
@@ -21,12 +21,10 @@
 
 namespace android {
 OperationMap::OperationMap(IBinder::DeathRecipient* deathRecipient)
-        : mDeathRecipient(deathRecipient) {
-}
+    : mDeathRecipient(deathRecipient) {}
 
-sp<IBinder> OperationMap::addOperation(keymaster_operation_handle_t handle,
-                                       uint64_t keyid, keymaster_purpose_t purpose,
-                                       const keymaster1_device_t* dev,
+sp<IBinder> OperationMap::addOperation(keymaster_operation_handle_t handle, uint64_t keyid,
+                                       keymaster_purpose_t purpose, const keymaster2_device_t* dev,
                                        sp<IBinder> appToken,
                                        keymaster_key_characteristics_t* characteristics,
                                        bool pruneable) {
@@ -44,7 +42,7 @@
 
 bool OperationMap::getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle,
                                 uint64_t* outKeyid, keymaster_purpose_t* outPurpose,
-                                const keymaster1_device_t** outDevice,
+                                const keymaster2_device_t** outDevice,
                                 const keymaster_key_characteristics_t** outCharacteristics) {
     if (!outHandle || !outDevice) {
         return false;
@@ -146,20 +144,13 @@
     }
 }
 
-OperationMap::Operation::Operation(keymaster_operation_handle_t handle_,
-                                   uint64_t keyid_,
-                                   keymaster_purpose_t purpose_,
-                                   const keymaster1_device_t* device_,
+OperationMap::Operation::Operation(keymaster_operation_handle_t handle_, uint64_t keyid_,
+                                   keymaster_purpose_t purpose_, const keymaster2_device_t* device_,
                                    keymaster_key_characteristics_t* characteristics_,
                                    sp<IBinder> appToken_)
-    : handle(handle_),
-      keyid(keyid_),
-      purpose(purpose_),
-      device(device_),
-      characteristics(characteristics_),
-      appToken(appToken_) {
-}
+    : handle(handle_), keyid(keyid_), purpose(purpose_), device(device_),
+      characteristics(characteristics_), appToken(appToken_) {}
 
-OperationMap::Operation::Operation() : handle(0), device(NULL), characteristics(), appToken(NULL) {
-}
-} // namespace android
+OperationMap::Operation::Operation() : handle(0), device(NULL), characteristics(), appToken(NULL) {}
+
+}  // namespace android
diff --git a/keystore/operation.h b/keystore/operation.h
index d8d1b18..eb16257 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h
@@ -18,7 +18,7 @@
 #define KEYSTORE_OPERATION_H_
 
 #include <hardware/hw_auth_token.h>
-#include <hardware/keymaster1.h>
+#include <hardware/keymaster2.h>
 #include <binder/Binder.h>
 #include <binder/IBinder.h>
 #include <utils/LruCache.h>
@@ -39,7 +39,7 @@
 
 /**
  * OperationMap handles the translation of keymaster_operation_handle_t's and
- * keymaster1_device_t's to opaque binder tokens that can be used to reference
+ * keymaster2_device_t's to opaque binder tokens that can be used to reference
  * that operation at a later time by applications. It also does LRU tracking
  * for operation pruning and keeps a mapping of clients to operations to allow
  * for graceful handling of application death.
@@ -48,12 +48,12 @@
 public:
     OperationMap(IBinder::DeathRecipient* deathRecipient);
     sp<IBinder> addOperation(keymaster_operation_handle_t handle, uint64_t keyid,
-                             keymaster_purpose_t purpose, const keymaster1_device_t* dev,
+                             keymaster_purpose_t purpose, const keymaster2_device_t* dev,
                              sp<IBinder> appToken, keymaster_key_characteristics_t* characteristics,
                              bool pruneable);
     bool getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle,
                       uint64_t* outKeyid, keymaster_purpose_t* outPurpose,
-                      const keymaster1_device_t** outDev,
+                      const keymaster2_device_t** outDev,
                       const keymaster_key_characteristics_t** outCharacteristics);
     bool removeOperation(sp<IBinder> token);
     bool hasPruneableOperation() const;
@@ -70,12 +70,12 @@
     struct Operation {
         Operation();
         Operation(keymaster_operation_handle_t handle, uint64_t keyid, keymaster_purpose_t purpose,
-                  const keymaster1_device_t* device,
+                  const keymaster2_device_t* device,
                   keymaster_key_characteristics_t* characteristics, sp<IBinder> appToken);
         keymaster_operation_handle_t handle;
         uint64_t keyid;
         keymaster_purpose_t purpose;
-        const keymaster1_device_t* device;
+        const keymaster2_device_t* device;
         Unique_keymaster_key_characteristics characteristics;
         sp<IBinder> appToken;
         std::unique_ptr<hw_auth_token_t> authToken;