diff options
| author | Shawn Willden <swillden@google.com> | 2016-01-21 00:45:13 -0700 |
|---|---|---|
| committer | Shawn Willden <swillden@google.com> | 2016-01-26 06:54:03 -0700 |
| commit | 715d023c9294cf4860f73c8d83e82c5aa699add6 (patch) | |
| tree | 562f8c313cd6071882a86219a1a037d432ae1677 | |
| parent | 6507c27ab7ea34dd150d7ef9fda41878ed32547c (diff) | |
| download | security-715d023c9294cf4860f73c8d83e82c5aa699add6.tar.gz | |
Update Keystore to use keymaster2 HAL.
This CL doesn't wire in any of the new keymaster2 features, it just uses
the keymaster2 HAL rather than the keymaster1 HAL. This means that if
keymaster1 hardware is found, it is unconditionally wrapped in
SoftKeymasterDevice, so keymaster2 functionality can (eventually) be
provided.
Change-Id: Ica2cb0751e4e0a82c56c36b03f94da54ef62d9a3
| -rw-r--r-- | keystore/key_store_service.cpp | 100 | ||||
| -rw-r--r-- | keystore/key_store_service.h | 4 | ||||
| -rw-r--r-- | keystore/keystore.cpp | 4 | ||||
| -rw-r--r-- | keystore/keystore.h | 20 | ||||
| -rw-r--r-- | keystore/keystore_main.cpp | 77 | ||||
| -rw-r--r-- | keystore/operation.cpp | 31 | ||||
| -rw-r--r-- | keystore/operation.h | 12 |
7 files changed, 122 insertions, 126 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 9db333b6..9fbb6bc6 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -560,8 +560,8 @@ int32_t KeyStoreService::clear_uid(int64_t targetUid64) { } int32_t KeyStoreService::addRngEntropy(const uint8_t* data, size_t dataLength) { - const keymaster1_device_t* device = mKeyStore->getDevice(); - const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); + const auto* device = mKeyStore->getDevice(); + const auto* fallback = mKeyStore->getFallbackDevice(); int32_t devResult = KM_ERROR_UNIMPLEMENTED; int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED; if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && @@ -592,10 +592,10 @@ int32_t KeyStoreService::generateKey(const String16& name, const KeymasterArgume rc = KM_ERROR_UNIMPLEMENTED; bool isFallback = false; keymaster_key_blob_t blob; - keymaster_key_characteristics_t* out = NULL; + keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}}; - const keymaster1_device_t* device = mKeyStore->getDevice(); - const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); + const auto* device = mKeyStore->getDevice(); + const auto* fallback = mKeyStore->getFallbackDevice(); std::vector<keymaster_key_param_t> opParams(params.params); const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; if (device == NULL) { @@ -612,7 +612,8 @@ int32_t KeyStoreService::generateKey(const String16& name, const KeymasterArgume rc = KM_ERROR_UNIMPLEMENTED; } if (rc == KM_ERROR_OK) { - rc = device->generate_key(device, &inParams, &blob, &out); + rc = + device->generate_key(device, &inParams, &blob, outCharacteristics ? &out : nullptr); } } // If the HW device didn't support generate_key or generate_key failed @@ -628,17 +629,13 @@ int32_t KeyStoreService::generateKey(const String16& name, const KeymasterArgume rc = KM_ERROR_UNIMPLEMENTED; } if (rc == KM_ERROR_OK) { - rc = fallback->generate_key(fallback, &inParams, &blob, &out); + rc = fallback->generate_key(fallback, &inParams, &blob, + outCharacteristics ? &out : nullptr); } } - if (out) { - if (outCharacteristics) { - outCharacteristics->characteristics = *out; - } else { - keymaster_free_characteristics(out); - } - free(out); + if (outCharacteristics) { + outCharacteristics->characteristics = out; } if (rc) { @@ -679,18 +676,19 @@ int32_t KeyStoreService::getKeyCharacteristics(const String16& name, keymaster_key_blob_t key; key.key_material_size = keyBlob.getLength(); key.key_material = keyBlob.getValue(); - keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); - keymaster_key_characteristics_t* out = NULL; + auto* dev = mKeyStore->getDeviceForBlob(keyBlob); + keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}}; if (!dev->get_key_characteristics) { - ALOGW("device does not implement get_key_characteristics"); + ALOGE("device does not implement get_key_characteristics"); return KM_ERROR_UNIMPLEMENTED; } rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out); - if (out) { - outCharacteristics->characteristics = *out; - free(out); + if (rc != KM_ERROR_OK) { + return rc; } - return rc ? rc : ::NO_ERROR; + + outCharacteristics->characteristics = out; + return ::NO_ERROR; } int32_t KeyStoreService::importKey(const String16& name, const KeymasterArguments& params, @@ -706,10 +704,10 @@ int32_t KeyStoreService::importKey(const String16& name, const KeymasterArgument rc = KM_ERROR_UNIMPLEMENTED; bool isFallback = false; keymaster_key_blob_t blob; - keymaster_key_characteristics_t* out = NULL; + keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}}; - const keymaster1_device_t* device = mKeyStore->getDevice(); - const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); + const auto* device = mKeyStore->getDevice(); + const auto* fallback = mKeyStore->getFallbackDevice(); std::vector<keymaster_key_param_t> opParams(params.params); const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; const keymaster_blob_t input = {keyData, keyLength}; @@ -718,21 +716,19 @@ int32_t KeyStoreService::importKey(const String16& name, const KeymasterArgument } if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && device->import_key != NULL) { - rc = device->import_key(device, &inParams, format, &input, &blob, &out); + rc = device->import_key(device, &inParams, format, &input, &blob, + outCharacteristics ? &out : nullptr); } if (rc && fallback->import_key != NULL) { ALOGW("Primary keymaster device failed to import key, falling back to SW."); isFallback = true; - rc = fallback->import_key(fallback, &inParams, format, &input, &blob, &out); + rc = fallback->import_key(fallback, &inParams, format, &input, &blob, + outCharacteristics ? &out : nullptr); } - if (out) { - if (outCharacteristics) { - outCharacteristics->characteristics = *out; - } else { - keymaster_free_characteristics(out); - } - free(out); + if (outCharacteristics) { + outCharacteristics->characteristics = out; } + if (rc) { return rc; } @@ -744,7 +740,7 @@ int32_t KeyStoreService::importKey(const String16& name, const KeymasterArgument keyBlob.setFallback(isFallback); keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); - free((void*)blob.key_material); + free(const_cast<uint8_t*>(blob.key_material)); return mKeyStore->put(filename.string(), &keyBlob, get_user_id(uid)); } @@ -768,7 +764,7 @@ void KeyStoreService::exportKey(const String16& name, keymaster_key_format_t for keymaster_key_blob_t key; key.key_material_size = keyBlob.getLength(); key.key_material = keyBlob.getValue(); - keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); + auto* dev = mKeyStore->getDeviceForBlob(keyBlob); if (!dev->export_key) { result->resultCode = KM_ERROR_UNIMPLEMENTED; return; @@ -806,7 +802,7 @@ void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, key.key_material_size = keyBlob.getLength(); key.key_material = keyBlob.getValue(); keymaster_operation_handle_t handle; - keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); + auto* dev = mKeyStore->getDeviceForBlob(keyBlob); keymaster_error_t err = KM_ERROR_UNIMPLEMENTED; std::vector<keymaster_key_param_t> opParams(params.params); Unique_keymaster_key_characteristics characteristics; @@ -915,7 +911,7 @@ void KeyStoreService::update(const sp<IBinder>& token, const KeymasterArguments& result->resultCode = KM_ERROR_INVALID_ARGUMENT; return; } - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; keymaster_purpose_t purpose; keymaster::km_id_t keyid; @@ -966,7 +962,7 @@ void KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& result->resultCode = KM_ERROR_INVALID_ARGUMENT; return; } - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; keymaster_purpose_t purpose; keymaster::km_id_t keyid; @@ -995,9 +991,10 @@ void KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& } keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; - keymaster_blob_t input = {signature, signatureLength}; - keymaster_blob_t output = {NULL, 0}; - keymaster_key_param_set_t outParams = {NULL, 0}; + keymaster_blob_t input = {nullptr, 0}; + keymaster_blob_t sig = {signature, signatureLength}; + keymaster_blob_t output = {nullptr, 0}; + keymaster_key_param_set_t outParams = {nullptr, 0}; // Check that all key authorization policy requirements are met. keymaster::AuthorizationSet key_auths(characteristics->hw_enforced); @@ -1010,7 +1007,9 @@ void KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& return; } - err = dev->finish(dev, handle, &inParams, &input, &outParams, &output); + err = + dev->finish(dev, handle, &inParams, &input /* TODO(swillden): wire up input to finish() */, + &sig, &outParams, &output); // Remove the operation regardless of the result mOperationMap.removeOperation(token); mAuthTokenTable.MarkCompleted(handle); @@ -1025,7 +1024,7 @@ void KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& } int32_t KeyStoreService::abort(const sp<IBinder>& token) { - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; keymaster_purpose_t purpose; keymaster::km_id_t keyid; @@ -1047,7 +1046,7 @@ int32_t KeyStoreService::abort(const sp<IBinder>& token) { } bool KeyStoreService::isOperationAuthorized(const sp<IBinder>& token) { - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; const keymaster_key_characteristics_t* characteristics; keymaster_purpose_t purpose; @@ -1185,7 +1184,7 @@ inline bool KeyStoreService::isKeystoreUnlocked(State state) { return false; } -bool KeyStoreService::isKeyTypeSupported(const keymaster1_device_t* device, +bool KeyStoreService::isKeyTypeSupported(const keymaster2_device_t* device, keymaster_keypair_t keyType) { const int32_t device_api = device->common.module->module_api_version; if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) { @@ -1231,7 +1230,7 @@ bool KeyStoreService::checkAllowedOperationParams( } keymaster_error_t KeyStoreService::getOperationCharacteristics( - const keymaster_key_blob_t& key, const keymaster1_device_t* dev, + const keymaster_key_blob_t& key, const keymaster2_device_t* dev, const std::vector<keymaster_key_param_t>& params, keymaster_key_characteristics_t* out) { UniquePtr<keymaster_blob_t> appId; UniquePtr<keymaster_blob_t> appData; @@ -1246,15 +1245,14 @@ keymaster_error_t KeyStoreService::getOperationCharacteristics( appData->data_length = param.blob.data_length; } } - keymaster_key_characteristics_t* result = NULL; + keymaster_key_characteristics_t result = {{nullptr, 0}, {nullptr, 0}}; if (!dev->get_key_characteristics) { return KM_ERROR_UNIMPLEMENTED; } keymaster_error_t error = dev->get_key_characteristics(dev, &key, appId.get(), appData.get(), &result); - if (result) { - *out = *result; - free(result); + if (error == KM_ERROR_OK) { + *out = result; } return error; } @@ -1324,7 +1322,7 @@ int32_t KeyStoreService::addOperationAuthTokenIfNeeded(sp<IBinder> token, const hw_auth_token_t* authToken = NULL; mOperationMap.getOperationAuthToken(token, &authToken); if (!authToken) { - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; const keymaster_key_characteristics_t* characteristics = NULL; keymaster_purpose_t purpose; diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h index 1f0f2ccf..e61bdea1 100644 --- a/keystore/key_store_service.h +++ b/keystore/key_store_service.h @@ -162,7 +162,7 @@ class KeyStoreService : public BnKeystoreService, public IBinder::DeathRecipient bool isKeystoreUnlocked(State state); - bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType); + bool isKeyTypeSupported(const keymaster2_device_t* device, keymaster_keypair_t keyType); /** * Check that all keymaster_key_param_t's provided by the application are @@ -171,7 +171,7 @@ class KeyStoreService : public BnKeystoreService, public IBinder::DeathRecipient bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params); keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key, - const keymaster1_device_t* dev, + const keymaster2_device_t* dev, const std::vector<keymaster_key_param_t>& params, keymaster_key_characteristics_t* out); diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 0d8dc21b..457a60a9 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -34,7 +34,7 @@ const char* KeyStore::sMetaDataFile = ".metadata"; const android::String16 KeyStore::sRSAKeyType("RSA"); const android::String16 KeyStore::sECKeyType("EC"); -KeyStore::KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback) +KeyStore::KeyStore(Entropy* entropy, keymaster2_device_t* device, keymaster2_device_t* fallback) : mEntropy(entropy), mDevice(device), mFallbackDevice(fallback) { memset(&mMetaData, '\0', sizeof(mMetaData)); } @@ -293,7 +293,7 @@ ResponseCode KeyStore::del(const char* filename, const BlobType type, uid_t user } } if (keyBlob.getType() == ::TYPE_KEYMASTER_10) { - keymaster1_device_t* dev = getDeviceForBlob(keyBlob); + auto* dev = getDeviceForBlob(keyBlob); if (dev->delete_key) { keymaster_key_blob_t blob; blob.key_material = keyBlob.getValue(); diff --git a/keystore/keystore.h b/keystore/keystore.h index 5ef88426..62d72943 100644 --- a/keystore/keystore.h +++ b/keystore/keystore.h @@ -19,7 +19,7 @@ #include "user_state.h" -#include <hardware/keymaster1.h> +#include <hardware/keymaster2.h> #include <utils/Vector.h> @@ -32,20 +32,14 @@ typedef struct { class KeyStore { public: - KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback); + KeyStore(Entropy* entropy, keymaster2_device_t* device, keymaster2_device_t* fallback); ~KeyStore(); - /** - * Depending on the hardware keymaster version is this may return a - * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from - * keymaster0 are safe to call, calls to keymaster1_device_t methods should - * be guarded by a check on the device's version. - */ - keymaster1_device_t* getDevice() const { return mDevice; } + keymaster2_device_t* getDevice() const { return mDevice; } - keymaster1_device_t* getFallbackDevice() const { return mFallbackDevice; } + keymaster2_device_t* getFallbackDevice() const { return mFallbackDevice; } - keymaster1_device_t* getDeviceForBlob(const Blob& blob) const { + keymaster2_device_t* getDeviceForBlob(const Blob& blob) const { return blob.isFallback() ? mFallbackDevice : mDevice; } @@ -120,8 +114,8 @@ class KeyStore { static const android::String16 sECKeyType; Entropy* mEntropy; - keymaster1_device_t* mDevice; - keymaster1_device_t* mFallbackDevice; + keymaster2_device_t* mDevice; + keymaster2_device_t* mFallbackDevice; android::Vector<UserState*> mMasterKeys; diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp index 57b94b2c..a2b75f65 100644 --- a/keystore/keystore_main.cpp +++ b/keystore/keystore_main.cpp @@ -38,7 +38,7 @@ using keymaster::SoftKeymasterDevice; -static int keymaster0_device_initialize(const hw_module_t* mod, keymaster1_device_t** dev) { +static int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0); ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version); @@ -57,11 +57,11 @@ static int keymaster0_device_initialize(const hw_module_t* mod, keymaster1_devic km0_device->common.close(&km0_device->common); km0_device = NULL; // SoftKeymasterDevice will be deleted by keymaster_device_release() - *dev = soft_keymaster.release()->keymaster_device(); + *dev = soft_keymaster.release()->keymaster2_device(); return 0; } - ALOGE("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name); + ALOGD("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name); error = soft_keymaster->SetHardwareDevice(km0_device); km0_device = NULL; // SoftKeymasterDevice has taken ownership. if (error != KM_ERROR_OK) { @@ -70,8 +70,8 @@ static int keymaster0_device_initialize(const hw_module_t* mod, keymaster1_devic goto err; } - // SoftKeymasterDevice will be deleted by keymaster_device_release() - *dev = soft_keymaster.release()->keymaster_device(); + // SoftKeymasterDevice will be deleted by keymaster_device_release() + *dev = soft_keymaster.release()->keymaster2_device(); return 0; err: @@ -81,12 +81,12 @@ err: return rc; } -static int keymaster1_device_initialize(const hw_module_t* mod, keymaster1_device_t** dev) { +static int keymaster1_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0); ALOGI("Found keymaster1 module %s, version %x", mod->name, mod->module_api_version); UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice); - keymaster1_device_t* km1_device = NULL; + keymaster1_device_t* km1_device = nullptr; keymaster_error_t error = KM_ERROR_OK; int rc = keymaster1_open(mod, &km1_device); @@ -95,30 +95,18 @@ static int keymaster1_device_initialize(const hw_module_t* mod, keymaster1_devic goto err; } + ALOGD("Wrapping keymaster1 module %s with SofKeymasterDevice", mod->name); error = soft_keymaster->SetHardwareDevice(km1_device); - km1_device = NULL; // SoftKeymasterDevice has taken ownership. + km1_device = nullptr; // SoftKeymasterDevice has taken ownership. if (error != KM_ERROR_OK) { ALOGE("Got error %d from SetHardwareDevice", error); rc = error; goto err; } - if (!soft_keymaster->Keymaster1DeviceIsGood()) { - ALOGI("Keymaster1 module is incomplete, using SoftKeymasterDevice wrapper"); - // SoftKeymasterDevice will be deleted by keymaster_device_release() - *dev = soft_keymaster.release()->keymaster_device(); - return 0; - } else { - ALOGI("Keymaster1 module is good, destroying wrapper and re-opening"); - soft_keymaster.reset(NULL); - rc = keymaster1_open(mod, &km1_device); - if (rc) { - ALOGE("Error %d re-opening keystore keymaster1 device.", rc); - goto err; - } - *dev = km1_device; - return 0; - } + // SoftKeymasterDevice will be deleted by keymaster_device_release() + *dev = soft_keymaster.release()->keymaster2_device(); + return 0; err: if (km1_device) @@ -127,21 +115,46 @@ err: return rc; } -static int keymaster_device_initialize(keymaster1_device_t** dev) { +static int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { + assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_2_0); + ALOGI("Found keymaster2 module %s, version %x", mod->name, mod->module_api_version); + + UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice); + keymaster2_device_t* km2_device = nullptr; + + int rc = keymaster2_open(mod, &km2_device); + if (rc) { + ALOGE("Error %d opening keystore keymaster2 device", rc); + goto err; + } + + *dev = km2_device; + return 0; + +err: + if (km2_device) + km2_device->common.close(&km2_device->common); + *dev = nullptr; + return rc; +} + +static int keymaster_device_initialize(keymaster2_device_t** dev) { const hw_module_t* mod; int rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); if (rc) { ALOGI("Could not find any keystore module, using software-only implementation."); // SoftKeymasterDevice will be deleted by keymaster_device_release() - *dev = (new SoftKeymasterDevice)->keymaster_device(); + *dev = (new SoftKeymasterDevice)->keymaster2_device(); return 0; } if (mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0) { return keymaster0_device_initialize(mod, dev); - } else { + } else if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) { return keymaster1_device_initialize(mod, dev); + } else { + return keymaster2_device_initialize(mod, dev); } } @@ -149,13 +162,13 @@ static int keymaster_device_initialize(keymaster1_device_t** dev) { // logger used by SoftKeymasterDevice. static keymaster::SoftKeymasterLogger softkeymaster_logger; -static int fallback_keymaster_device_initialize(keymaster1_device_t** dev) { - *dev = (new SoftKeymasterDevice)->keymaster_device(); +static int fallback_keymaster_device_initialize(keymaster2_device_t** dev) { + *dev = (new SoftKeymasterDevice)->keymaster2_device(); // SoftKeymasterDevice will be deleted by keymaster_device_release() return 0; } -static void keymaster_device_release(keymaster1_device_t* dev) { +static void keymaster_device_release(keymaster2_device_t* dev) { dev->common.close(&dev->common); } @@ -174,13 +187,13 @@ int main(int argc, char* argv[]) { return 1; } - keymaster1_device_t* dev; + keymaster2_device_t* dev; if (keymaster_device_initialize(&dev)) { ALOGE("keystore keymaster could not be initialized; exiting"); return 1; } - keymaster1_device_t* fallback; + keymaster2_device_t* fallback; if (fallback_keymaster_device_initialize(&fallback)) { ALOGE("software keymaster could not be initialized; exiting"); return 1; diff --git a/keystore/operation.cpp b/keystore/operation.cpp index 3b381c43..72aa95f7 100644 --- a/keystore/operation.cpp +++ b/keystore/operation.cpp @@ -21,12 +21,10 @@ namespace android { OperationMap::OperationMap(IBinder::DeathRecipient* deathRecipient) - : mDeathRecipient(deathRecipient) { -} + : mDeathRecipient(deathRecipient) {} -sp<IBinder> OperationMap::addOperation(keymaster_operation_handle_t handle, - uint64_t keyid, keymaster_purpose_t purpose, - const keymaster1_device_t* dev, +sp<IBinder> OperationMap::addOperation(keymaster_operation_handle_t handle, uint64_t keyid, + keymaster_purpose_t purpose, const keymaster2_device_t* dev, sp<IBinder> appToken, keymaster_key_characteristics_t* characteristics, bool pruneable) { @@ -44,7 +42,7 @@ sp<IBinder> OperationMap::addOperation(keymaster_operation_handle_t handle, bool OperationMap::getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle, uint64_t* outKeyid, keymaster_purpose_t* outPurpose, - const keymaster1_device_t** outDevice, + const keymaster2_device_t** outDevice, const keymaster_key_characteristics_t** outCharacteristics) { if (!outHandle || !outDevice) { return false; @@ -146,20 +144,13 @@ std::vector<sp<IBinder>> OperationMap::getOperationsForToken(sp<IBinder> appToke } } -OperationMap::Operation::Operation(keymaster_operation_handle_t handle_, - uint64_t keyid_, - keymaster_purpose_t purpose_, - const keymaster1_device_t* device_, +OperationMap::Operation::Operation(keymaster_operation_handle_t handle_, uint64_t keyid_, + keymaster_purpose_t purpose_, const keymaster2_device_t* device_, keymaster_key_characteristics_t* characteristics_, sp<IBinder> appToken_) - : handle(handle_), - keyid(keyid_), - purpose(purpose_), - device(device_), - characteristics(characteristics_), - appToken(appToken_) { -} + : handle(handle_), keyid(keyid_), purpose(purpose_), device(device_), + characteristics(characteristics_), appToken(appToken_) {} -OperationMap::Operation::Operation() : handle(0), device(NULL), characteristics(), appToken(NULL) { -} -} // namespace android +OperationMap::Operation::Operation() : handle(0), device(NULL), characteristics(), appToken(NULL) {} + +} // namespace android diff --git a/keystore/operation.h b/keystore/operation.h index d8d1b181..eb16257c 100644 --- a/keystore/operation.h +++ b/keystore/operation.h @@ -18,7 +18,7 @@ #define KEYSTORE_OPERATION_H_ #include <hardware/hw_auth_token.h> -#include <hardware/keymaster1.h> +#include <hardware/keymaster2.h> #include <binder/Binder.h> #include <binder/IBinder.h> #include <utils/LruCache.h> @@ -39,7 +39,7 @@ typedef std::unique_ptr<keymaster_key_characteristics_t, keymaster_key_character /** * OperationMap handles the translation of keymaster_operation_handle_t's and - * keymaster1_device_t's to opaque binder tokens that can be used to reference + * keymaster2_device_t's to opaque binder tokens that can be used to reference * that operation at a later time by applications. It also does LRU tracking * for operation pruning and keeps a mapping of clients to operations to allow * for graceful handling of application death. @@ -48,12 +48,12 @@ class OperationMap { public: OperationMap(IBinder::DeathRecipient* deathRecipient); sp<IBinder> addOperation(keymaster_operation_handle_t handle, uint64_t keyid, - keymaster_purpose_t purpose, const keymaster1_device_t* dev, + keymaster_purpose_t purpose, const keymaster2_device_t* dev, sp<IBinder> appToken, keymaster_key_characteristics_t* characteristics, bool pruneable); bool getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle, uint64_t* outKeyid, keymaster_purpose_t* outPurpose, - const keymaster1_device_t** outDev, + const keymaster2_device_t** outDev, const keymaster_key_characteristics_t** outCharacteristics); bool removeOperation(sp<IBinder> token); bool hasPruneableOperation() const; @@ -70,12 +70,12 @@ private: struct Operation { Operation(); Operation(keymaster_operation_handle_t handle, uint64_t keyid, keymaster_purpose_t purpose, - const keymaster1_device_t* device, + const keymaster2_device_t* device, keymaster_key_characteristics_t* characteristics, sp<IBinder> appToken); keymaster_operation_handle_t handle; uint64_t keyid; keymaster_purpose_t purpose; - const keymaster1_device_t* device; + const keymaster2_device_t* device; Unique_keymaster_key_characteristics characteristics; sp<IBinder> appToken; std::unique_ptr<hw_auth_token_t> authToken; |