Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / e8ba1802a649ada4cea78af133ab4fb549eb57f5^! / . / keystore / keystore_main.cpp
commite8ba1802a649ada4cea78af133ab4fb549eb57f5[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Mon Jan 30 10:49:51 2017 +0000
committerJanis Danisevskis <jdanis@google.com>Mon Jan 30 11:49:14 2017 +0000
tree6c79931234889850dad1c774ff794a0d9e17a3ee
parent69c434aee7a02f66e9a7bcf8ce014f8c48066eb6 [diff] [blame]
Phase out keymaster fallback support

Keystore uses two different keymaster devices.
One device is provided by the OEM providing
hardware/trust zone backed functionality. The other
is a pure software implementation of keymaster.
The latter was used when a "hardware" implementation
failed generating or importing keys with certain
parameters.

This tolerance of misbehaving "hardware" implementations
had the effect that this behavior has done unnoticed for
too long. Therefore, we are phasing out the fallback
device.

This patch ensures that on devices with hardware
implementations supporting keymaster 2.0 and higher
there will be no fallback device papering over failures
in the underlying keymaster implementation.

Test: given a faulty KM2.0 implementation, import and generation
      of keys with otherwise supported parameters returns an error

Change-Id: I8c2118e72558c326031368df13e836c3ef6b1da1

diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index c5b36fd..1416a2b 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp

@@ -29,6 +29,8 @@
 #include "keystore.h"
 #include "permissions.h"
 #include "legacy_keymaster_device_wrapper.h"
+#include "include/keystore/keystore_hidl_support.h"
+#include "include/keystore/keystore_return_types.h"
 
 /* KeyStore is a secured storage for key-value pairs. In this implementation,
  * each file stores one key-value pair. Keys are encoded in file names, and
@@ -68,7 +70,22 @@
         return -1;
     }
 
-    KeyStore keyStore(&entropy, dev, fallback);
+    bool allowNewFallbackDevice = false;
+
+    keystore::KeyStoreServiceReturnCode rc;
+    rc = KS_HANDLE_HIDL_ERROR(dev->getHardwareFeatures(
+            [&] (bool, bool, bool, bool supportsAttestation) {
+                // Attestation support indicates the hardware is keymaster 2.0 or higher.
+                // For these devices we will not allow the fallback device for import or generation
+                // of keys. The fallback device is only used for legacy keys present on the device.
+                allowNewFallbackDevice = !supportsAttestation;
+            }));
+
+    if (!rc.isOk()) {
+        return -1;
+    }
+
+    KeyStore keyStore(&entropy, dev, fallback, allowNewFallbackDevice);
     keyStore.initialize();
     android::sp<android::IServiceManager> sm = android::defaultServiceManager();
     android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore);