Fallback to software keystore on import_key failure
This is to allow keymaster HAL 0.3 types to be able to fallback when
they don't support DSA or EC keys.
Bug: 17576126
Change-Id: I7e1e806e26fb61e2cd033d7d3a2c09560764ca42
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp
index 50e2ed4..b0a476e 100644
--- a/keystore/keystore.cpp
+++ b/keystore/keystore.cpp
@@ -1162,11 +1162,14 @@
bool isFallback = false;
rc = mDevice->import_keypair(mDevice, key, keyLen, &data, &dataLength);
if (rc) {
- // If this is an old device HAL, try to fall back to an old version
- if (mDevice->common.module->module_api_version < KEYMASTER_MODULE_API_VERSION_0_2) {
- rc = openssl_import_keypair(mDevice, key, keyLen, &data, &dataLength);
- isFallback = true;
- }
+ /*
+ * Maybe the device doesn't support this type of key. Try to use the
+ * software fallback keymaster implementation. This is a little bit
+ * lazier than checking the PKCS#8 key type, but the software
+ * implementation will do that anyway.
+ */
+ rc = openssl_import_keypair(mDevice, key, keyLen, &data, &dataLength);
+ isFallback = true;
if (rc) {
ALOGE("Error while importing keypair: %d", rc);