Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / e8ba1802a649ada4cea78af133ab4fb549eb57f5^! / . / keystore / keystore.h
commite8ba1802a649ada4cea78af133ab4fb549eb57f5[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Mon Jan 30 10:49:51 2017 +0000
committerJanis Danisevskis <jdanis@google.com>Mon Jan 30 11:49:14 2017 +0000
tree6c79931234889850dad1c774ff794a0d9e17a3ee
parent69c434aee7a02f66e9a7bcf8ce014f8c48066eb6 [diff] [blame]
Phase out keymaster fallback support

Keystore uses two different keymaster devices.
One device is provided by the OEM providing
hardware/trust zone backed functionality. The other
is a pure software implementation of keymaster.
The latter was used when a "hardware" implementation
failed generating or importing keys with certain
parameters.

This tolerance of misbehaving "hardware" implementations
had the effect that this behavior has done unnoticed for
too long. Therefore, we are phasing out the fallback
device.

This patch ensures that on devices with hardware
implementations supporting keymaster 2.0 and higher
there will be no fallback device papering over failures
in the underlying keymaster implementation.

Test: given a faulty KM2.0 implementation, import and generation
      of keys with otherwise supported parameters returns an error

Change-Id: I8c2118e72558c326031368df13e836c3ef6b1da1

diff --git a/keystore/keystore.h b/keystore/keystore.h
index 210d99d..8ff8899 100644
--- a/keystore/keystore.h
+++ b/keystore/keystore.h

@@ -24,24 +24,38 @@
 #include <utils/Vector.h>
 
 #include "blob.h"
+#include "include/keystore/keymaster_tags.h"
 
 typedef struct {
     uint32_t uid;
     const uint8_t* filename;
 } grant_t;
 
+using ::keystore::NullOr;
+
 class KeyStore {
     typedef ::android::sp<::android::hardware::keymaster::V3_0::IKeymasterDevice> km_device_t;
 
   public:
-    KeyStore(Entropy* entropy, const km_device_t& device, const km_device_t& fallback);
+    KeyStore(Entropy* entropy, const km_device_t& device, const km_device_t& fallback,
+             bool allowNewFallback);
     ~KeyStore();
 
     km_device_t& getDevice() { return mDevice; }
 
-    km_device_t& getFallbackDevice() { return mFallbackDevice; }
+    NullOr<km_device_t&> getFallbackDevice() {
+        // we only return the fallback device if the creation of new fallback key blobs is
+        // allowed. (also see getDevice below)
+        if (mAllowNewFallback) {
+            return mFallbackDevice;
+        } else {
+            return {};
+        }
+    }
 
     km_device_t& getDevice(const Blob& blob) {
+        // We return a device, based on the nature of the blob to provide backward
+        // compatibility with old key blobs generated using the fallback device.
         return blob.isFallback() ? mFallbackDevice : mDevice;
     }
 
@@ -119,6 +133,7 @@
 
     km_device_t mDevice;
     km_device_t mFallbackDevice;
+    bool mAllowNewFallback;
 
     android::Vector<UserState*> mMasterKeys;