Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / d0e0888e8979e2a30a06e251ae1fb07eb496a08c
commitd0e0888e8979e2a30a06e251ae1fb07eb496a08c[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Tue Jun 08 15:03:07 2021 -0700
committerJanis Danisevskis <jdanis@google.com>Wed Jun 09 10:59:08 2021 -0700
tree71dfca028bdc351b0892cfab3e8108eac7e0e5e4
parent8801c7c1b071f97640db4516315c59fdadee9d9f [diff]
Keystore 2.0: Fix shared secret negotiation for Keymaster 4.x

The km_compat legacy wrapper would only cache the first shared secret
participant and then return this participant regardless of which
security level was requested. As a result only one Keymaster instance
would take part in the shared secret negotiation.

This patch adds a per security level cache for ISharedSecret instances
to km_compat. It filters Keymaster instances in Keystore 2.0 to only
include the highest version of each HIDL Keymaster security level.

Bug: 190539964
Test: See b/190539964
Merged-In: I0b73da88d3e1b6900cfb332c1befc704eca59cc5
Change-Id: I0b73da88d3e1b6900cfb332c1befc704eca59cc5
3 files changed
tree: 71dfca028bdc351b0892cfab3e8108eac7e0e5e4
  1. fsverity_init/
  2. identity/
  3. keystore/
  4. keystore-engine/
  5. keystore2/
  6. ondevice-signing/
  7. provisioner/
  8. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  9. .clang-format
  10. .gitignore
  11. Android.bp
  12. METADATA
  13. MODULE_LICENSE_APACHE2
  14. NOTICE
  15. OWNERS
  16. PREUPLOAD.cfg