Add new SecurityLevel::KEYSTORE
We need a way to distinguish between tags that are enforced by KeyMint
with security level "SOFTWARE" and tags that are not enforced by
KeyMint but are expected to be enforced by KEYSTORE.
Test: VtsAidlKeyMintTargetTest
Change-Id: I8a88d661bca0125ee149276f6b9cb0017a1c9b12
diff --git a/keystore2/src/km_compat/km_compat.cpp b/keystore2/src/km_compat/km_compat.cpp
index a27bfd1..9383c09 100644
--- a/keystore2/src/km_compat/km_compat.cpp
+++ b/keystore2/src/km_compat/km_compat.cpp
@@ -85,10 +85,19 @@
static std::vector<KeyCharacteristics>
convertKeyCharacteristicsFromLegacy(KeyMintSecurityLevel securityLevel,
const V4_0_KeyCharacteristics& legacyKc) {
- KeyCharacteristics kc;
- kc.securityLevel = securityLevel;
- kc.authorizations = convertKeyParametersFromLegacy(legacyKc.hardwareEnforced);
- return {kc};
+ if (securityLevel == KeyMintSecurityLevel::SOFTWARE) {
+ CHECK(legacyKc.hardwareEnforced.size() > 0);
+ KeyCharacteristics keystoreEnforced{
+ KeyMintSecurityLevel::KEYSTORE,
+ convertKeyParametersFromLegacy(legacyKc.softwareEnforced)};
+ return {keystoreEnforced};
+ }
+
+ KeyCharacteristics hwEnforced{securityLevel,
+ convertKeyParametersFromLegacy(legacyKc.hardwareEnforced)};
+ KeyCharacteristics keystoreEnforced{KeyMintSecurityLevel::KEYSTORE,
+ convertKeyParametersFromLegacy(legacyKc.softwareEnforced)};
+ return {hwEnforced, keystoreEnforced};
}
static V4_0_KeyFormat convertKeyFormatToLegacy(const KeyFormat& kf) {
diff --git a/keystore2/src/km_compat/km_compat_type_conversion.h b/keystore2/src/km_compat/km_compat_type_conversion.h
index db9d2a4..c0e872b 100644
--- a/keystore2/src/km_compat/km_compat_type_conversion.h
+++ b/keystore2/src/km_compat/km_compat_type_conversion.h
@@ -241,6 +241,8 @@
return V4_0::SecurityLevel::TRUSTED_ENVIRONMENT;
case KMV1::SecurityLevel::STRONGBOX:
return V4_0::SecurityLevel::STRONGBOX;
+ case KMV1::SecurityLevel::KEYSTORE:
+ return V4_0::SecurityLevel::SOFTWARE;
}
}