diff options
author | Shawn Willden <swillden@google.com> | 2016-01-27 23:36:39 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2016-01-27 23:36:39 +0000 |
commit | fd50293cd5f91936ea954b0556f3f434243adf27 (patch) | |
tree | 562f8c313cd6071882a86219a1a037d432ae1677 | |
parent | e4f2fa54b009838f72219735d692d84d062a0177 (diff) | |
parent | 715d023c9294cf4860f73c8d83e82c5aa699add6 (diff) | |
download | security-fd50293cd5f91936ea954b0556f3f434243adf27.tar.gz |
Merge "Update Keystore to use keymaster2 HAL."
-rw-r--r-- | keystore/key_store_service.cpp | 100 | ||||
-rw-r--r-- | keystore/key_store_service.h | 4 | ||||
-rw-r--r-- | keystore/keystore.cpp | 4 | ||||
-rw-r--r-- | keystore/keystore.h | 20 | ||||
-rw-r--r-- | keystore/keystore_main.cpp | 77 | ||||
-rw-r--r-- | keystore/operation.cpp | 31 | ||||
-rw-r--r-- | keystore/operation.h | 12 |
7 files changed, 122 insertions, 126 deletions
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index 9db333b6..9fbb6bc6 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -560,8 +560,8 @@ int32_t KeyStoreService::clear_uid(int64_t targetUid64) { } int32_t KeyStoreService::addRngEntropy(const uint8_t* data, size_t dataLength) { - const keymaster1_device_t* device = mKeyStore->getDevice(); - const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); + const auto* device = mKeyStore->getDevice(); + const auto* fallback = mKeyStore->getFallbackDevice(); int32_t devResult = KM_ERROR_UNIMPLEMENTED; int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED; if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && @@ -592,10 +592,10 @@ int32_t KeyStoreService::generateKey(const String16& name, const KeymasterArgume rc = KM_ERROR_UNIMPLEMENTED; bool isFallback = false; keymaster_key_blob_t blob; - keymaster_key_characteristics_t* out = NULL; + keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}}; - const keymaster1_device_t* device = mKeyStore->getDevice(); - const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); + const auto* device = mKeyStore->getDevice(); + const auto* fallback = mKeyStore->getFallbackDevice(); std::vector<keymaster_key_param_t> opParams(params.params); const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; if (device == NULL) { @@ -612,7 +612,8 @@ int32_t KeyStoreService::generateKey(const String16& name, const KeymasterArgume rc = KM_ERROR_UNIMPLEMENTED; } if (rc == KM_ERROR_OK) { - rc = device->generate_key(device, &inParams, &blob, &out); + rc = + device->generate_key(device, &inParams, &blob, outCharacteristics ? &out : nullptr); } } // If the HW device didn't support generate_key or generate_key failed @@ -628,17 +629,13 @@ int32_t KeyStoreService::generateKey(const String16& name, const KeymasterArgume rc = KM_ERROR_UNIMPLEMENTED; } if (rc == KM_ERROR_OK) { - rc = fallback->generate_key(fallback, &inParams, &blob, &out); + rc = fallback->generate_key(fallback, &inParams, &blob, + outCharacteristics ? &out : nullptr); } } - if (out) { - if (outCharacteristics) { - outCharacteristics->characteristics = *out; - } else { - keymaster_free_characteristics(out); - } - free(out); + if (outCharacteristics) { + outCharacteristics->characteristics = out; } if (rc) { @@ -679,18 +676,19 @@ int32_t KeyStoreService::getKeyCharacteristics(const String16& name, keymaster_key_blob_t key; key.key_material_size = keyBlob.getLength(); key.key_material = keyBlob.getValue(); - keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); - keymaster_key_characteristics_t* out = NULL; + auto* dev = mKeyStore->getDeviceForBlob(keyBlob); + keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}}; if (!dev->get_key_characteristics) { - ALOGW("device does not implement get_key_characteristics"); + ALOGE("device does not implement get_key_characteristics"); return KM_ERROR_UNIMPLEMENTED; } rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out); - if (out) { - outCharacteristics->characteristics = *out; - free(out); + if (rc != KM_ERROR_OK) { + return rc; } - return rc ? rc : ::NO_ERROR; + + outCharacteristics->characteristics = out; + return ::NO_ERROR; } int32_t KeyStoreService::importKey(const String16& name, const KeymasterArguments& params, @@ -706,10 +704,10 @@ int32_t KeyStoreService::importKey(const String16& name, const KeymasterArgument rc = KM_ERROR_UNIMPLEMENTED; bool isFallback = false; keymaster_key_blob_t blob; - keymaster_key_characteristics_t* out = NULL; + keymaster_key_characteristics_t out = {{nullptr, 0}, {nullptr, 0}}; - const keymaster1_device_t* device = mKeyStore->getDevice(); - const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); + const auto* device = mKeyStore->getDevice(); + const auto* fallback = mKeyStore->getFallbackDevice(); std::vector<keymaster_key_param_t> opParams(params.params); const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; const keymaster_blob_t input = {keyData, keyLength}; @@ -718,21 +716,19 @@ int32_t KeyStoreService::importKey(const String16& name, const KeymasterArgument } if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && device->import_key != NULL) { - rc = device->import_key(device, &inParams, format, &input, &blob, &out); + rc = device->import_key(device, &inParams, format, &input, &blob, + outCharacteristics ? &out : nullptr); } if (rc && fallback->import_key != NULL) { ALOGW("Primary keymaster device failed to import key, falling back to SW."); isFallback = true; - rc = fallback->import_key(fallback, &inParams, format, &input, &blob, &out); + rc = fallback->import_key(fallback, &inParams, format, &input, &blob, + outCharacteristics ? &out : nullptr); } - if (out) { - if (outCharacteristics) { - outCharacteristics->characteristics = *out; - } else { - keymaster_free_characteristics(out); - } - free(out); + if (outCharacteristics) { + outCharacteristics->characteristics = out; } + if (rc) { return rc; } @@ -744,7 +740,7 @@ int32_t KeyStoreService::importKey(const String16& name, const KeymasterArgument keyBlob.setFallback(isFallback); keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); - free((void*)blob.key_material); + free(const_cast<uint8_t*>(blob.key_material)); return mKeyStore->put(filename.string(), &keyBlob, get_user_id(uid)); } @@ -768,7 +764,7 @@ void KeyStoreService::exportKey(const String16& name, keymaster_key_format_t for keymaster_key_blob_t key; key.key_material_size = keyBlob.getLength(); key.key_material = keyBlob.getValue(); - keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); + auto* dev = mKeyStore->getDeviceForBlob(keyBlob); if (!dev->export_key) { result->resultCode = KM_ERROR_UNIMPLEMENTED; return; @@ -806,7 +802,7 @@ void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, key.key_material_size = keyBlob.getLength(); key.key_material = keyBlob.getValue(); keymaster_operation_handle_t handle; - keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); + auto* dev = mKeyStore->getDeviceForBlob(keyBlob); keymaster_error_t err = KM_ERROR_UNIMPLEMENTED; std::vector<keymaster_key_param_t> opParams(params.params); Unique_keymaster_key_characteristics characteristics; @@ -915,7 +911,7 @@ void KeyStoreService::update(const sp<IBinder>& token, const KeymasterArguments& result->resultCode = KM_ERROR_INVALID_ARGUMENT; return; } - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; keymaster_purpose_t purpose; keymaster::km_id_t keyid; @@ -966,7 +962,7 @@ void KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& result->resultCode = KM_ERROR_INVALID_ARGUMENT; return; } - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; keymaster_purpose_t purpose; keymaster::km_id_t keyid; @@ -995,9 +991,10 @@ void KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& } keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; - keymaster_blob_t input = {signature, signatureLength}; - keymaster_blob_t output = {NULL, 0}; - keymaster_key_param_set_t outParams = {NULL, 0}; + keymaster_blob_t input = {nullptr, 0}; + keymaster_blob_t sig = {signature, signatureLength}; + keymaster_blob_t output = {nullptr, 0}; + keymaster_key_param_set_t outParams = {nullptr, 0}; // Check that all key authorization policy requirements are met. keymaster::AuthorizationSet key_auths(characteristics->hw_enforced); @@ -1010,7 +1007,9 @@ void KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& return; } - err = dev->finish(dev, handle, &inParams, &input, &outParams, &output); + err = + dev->finish(dev, handle, &inParams, &input /* TODO(swillden): wire up input to finish() */, + &sig, &outParams, &output); // Remove the operation regardless of the result mOperationMap.removeOperation(token); mAuthTokenTable.MarkCompleted(handle); @@ -1025,7 +1024,7 @@ void KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& } int32_t KeyStoreService::abort(const sp<IBinder>& token) { - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; keymaster_purpose_t purpose; keymaster::km_id_t keyid; @@ -1047,7 +1046,7 @@ int32_t KeyStoreService::abort(const sp<IBinder>& token) { } bool KeyStoreService::isOperationAuthorized(const sp<IBinder>& token) { - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; const keymaster_key_characteristics_t* characteristics; keymaster_purpose_t purpose; @@ -1185,7 +1184,7 @@ inline bool KeyStoreService::isKeystoreUnlocked(State state) { return false; } -bool KeyStoreService::isKeyTypeSupported(const keymaster1_device_t* device, +bool KeyStoreService::isKeyTypeSupported(const keymaster2_device_t* device, keymaster_keypair_t keyType) { const int32_t device_api = device->common.module->module_api_version; if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) { @@ -1231,7 +1230,7 @@ bool KeyStoreService::checkAllowedOperationParams( } keymaster_error_t KeyStoreService::getOperationCharacteristics( - const keymaster_key_blob_t& key, const keymaster1_device_t* dev, + const keymaster_key_blob_t& key, const keymaster2_device_t* dev, const std::vector<keymaster_key_param_t>& params, keymaster_key_characteristics_t* out) { UniquePtr<keymaster_blob_t> appId; UniquePtr<keymaster_blob_t> appData; @@ -1246,15 +1245,14 @@ keymaster_error_t KeyStoreService::getOperationCharacteristics( appData->data_length = param.blob.data_length; } } - keymaster_key_characteristics_t* result = NULL; + keymaster_key_characteristics_t result = {{nullptr, 0}, {nullptr, 0}}; if (!dev->get_key_characteristics) { return KM_ERROR_UNIMPLEMENTED; } keymaster_error_t error = dev->get_key_characteristics(dev, &key, appId.get(), appData.get(), &result); - if (result) { - *out = *result; - free(result); + if (error == KM_ERROR_OK) { + *out = result; } return error; } @@ -1324,7 +1322,7 @@ int32_t KeyStoreService::addOperationAuthTokenIfNeeded(sp<IBinder> token, const hw_auth_token_t* authToken = NULL; mOperationMap.getOperationAuthToken(token, &authToken); if (!authToken) { - const keymaster1_device_t* dev; + const keymaster2_device_t* dev; keymaster_operation_handle_t handle; const keymaster_key_characteristics_t* characteristics = NULL; keymaster_purpose_t purpose; diff --git a/keystore/key_store_service.h b/keystore/key_store_service.h index 1f0f2ccf..e61bdea1 100644 --- a/keystore/key_store_service.h +++ b/keystore/key_store_service.h @@ -162,7 +162,7 @@ class KeyStoreService : public BnKeystoreService, public IBinder::DeathRecipient bool isKeystoreUnlocked(State state); - bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType); + bool isKeyTypeSupported(const keymaster2_device_t* device, keymaster_keypair_t keyType); /** * Check that all keymaster_key_param_t's provided by the application are @@ -171,7 +171,7 @@ class KeyStoreService : public BnKeystoreService, public IBinder::DeathRecipient bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params); keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key, - const keymaster1_device_t* dev, + const keymaster2_device_t* dev, const std::vector<keymaster_key_param_t>& params, keymaster_key_characteristics_t* out); diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 0d8dc21b..457a60a9 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -34,7 +34,7 @@ const char* KeyStore::sMetaDataFile = ".metadata"; const android::String16 KeyStore::sRSAKeyType("RSA"); const android::String16 KeyStore::sECKeyType("EC"); -KeyStore::KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback) +KeyStore::KeyStore(Entropy* entropy, keymaster2_device_t* device, keymaster2_device_t* fallback) : mEntropy(entropy), mDevice(device), mFallbackDevice(fallback) { memset(&mMetaData, '\0', sizeof(mMetaData)); } @@ -293,7 +293,7 @@ ResponseCode KeyStore::del(const char* filename, const BlobType type, uid_t user } } if (keyBlob.getType() == ::TYPE_KEYMASTER_10) { - keymaster1_device_t* dev = getDeviceForBlob(keyBlob); + auto* dev = getDeviceForBlob(keyBlob); if (dev->delete_key) { keymaster_key_blob_t blob; blob.key_material = keyBlob.getValue(); diff --git a/keystore/keystore.h b/keystore/keystore.h index 5ef88426..62d72943 100644 --- a/keystore/keystore.h +++ b/keystore/keystore.h @@ -19,7 +19,7 @@ #include "user_state.h" -#include <hardware/keymaster1.h> +#include <hardware/keymaster2.h> #include <utils/Vector.h> @@ -32,20 +32,14 @@ typedef struct { class KeyStore { public: - KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback); + KeyStore(Entropy* entropy, keymaster2_device_t* device, keymaster2_device_t* fallback); ~KeyStore(); - /** - * Depending on the hardware keymaster version is this may return a - * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from - * keymaster0 are safe to call, calls to keymaster1_device_t methods should - * be guarded by a check on the device's version. - */ - keymaster1_device_t* getDevice() const { return mDevice; } + keymaster2_device_t* getDevice() const { return mDevice; } - keymaster1_device_t* getFallbackDevice() const { return mFallbackDevice; } + keymaster2_device_t* getFallbackDevice() const { return mFallbackDevice; } - keymaster1_device_t* getDeviceForBlob(const Blob& blob) const { + keymaster2_device_t* getDeviceForBlob(const Blob& blob) const { return blob.isFallback() ? mFallbackDevice : mDevice; } @@ -120,8 +114,8 @@ class KeyStore { static const android::String16 sECKeyType; Entropy* mEntropy; - keymaster1_device_t* mDevice; - keymaster1_device_t* mFallbackDevice; + keymaster2_device_t* mDevice; + keymaster2_device_t* mFallbackDevice; android::Vector<UserState*> mMasterKeys; diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp index 57b94b2c..a2b75f65 100644 --- a/keystore/keystore_main.cpp +++ b/keystore/keystore_main.cpp @@ -38,7 +38,7 @@ using keymaster::SoftKeymasterDevice; -static int keymaster0_device_initialize(const hw_module_t* mod, keymaster1_device_t** dev) { +static int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0); ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version); @@ -57,11 +57,11 @@ static int keymaster0_device_initialize(const hw_module_t* mod, keymaster1_devic km0_device->common.close(&km0_device->common); km0_device = NULL; // SoftKeymasterDevice will be deleted by keymaster_device_release() - *dev = soft_keymaster.release()->keymaster_device(); + *dev = soft_keymaster.release()->keymaster2_device(); return 0; } - ALOGE("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name); + ALOGD("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name); error = soft_keymaster->SetHardwareDevice(km0_device); km0_device = NULL; // SoftKeymasterDevice has taken ownership. if (error != KM_ERROR_OK) { @@ -70,8 +70,8 @@ static int keymaster0_device_initialize(const hw_module_t* mod, keymaster1_devic goto err; } - // SoftKeymasterDevice will be deleted by keymaster_device_release() - *dev = soft_keymaster.release()->keymaster_device(); + // SoftKeymasterDevice will be deleted by keymaster_device_release() + *dev = soft_keymaster.release()->keymaster2_device(); return 0; err: @@ -81,12 +81,12 @@ err: return rc; } -static int keymaster1_device_initialize(const hw_module_t* mod, keymaster1_device_t** dev) { +static int keymaster1_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0); ALOGI("Found keymaster1 module %s, version %x", mod->name, mod->module_api_version); UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice); - keymaster1_device_t* km1_device = NULL; + keymaster1_device_t* km1_device = nullptr; keymaster_error_t error = KM_ERROR_OK; int rc = keymaster1_open(mod, &km1_device); @@ -95,30 +95,18 @@ static int keymaster1_device_initialize(const hw_module_t* mod, keymaster1_devic goto err; } + ALOGD("Wrapping keymaster1 module %s with SofKeymasterDevice", mod->name); error = soft_keymaster->SetHardwareDevice(km1_device); - km1_device = NULL; // SoftKeymasterDevice has taken ownership. + km1_device = nullptr; // SoftKeymasterDevice has taken ownership. if (error != KM_ERROR_OK) { ALOGE("Got error %d from SetHardwareDevice", error); rc = error; goto err; } - if (!soft_keymaster->Keymaster1DeviceIsGood()) { - ALOGI("Keymaster1 module is incomplete, using SoftKeymasterDevice wrapper"); - // SoftKeymasterDevice will be deleted by keymaster_device_release() - *dev = soft_keymaster.release()->keymaster_device(); - return 0; - } else { - ALOGI("Keymaster1 module is good, destroying wrapper and re-opening"); - soft_keymaster.reset(NULL); - rc = keymaster1_open(mod, &km1_device); - if (rc) { - ALOGE("Error %d re-opening keystore keymaster1 device.", rc); - goto err; - } - *dev = km1_device; - return 0; - } + // SoftKeymasterDevice will be deleted by keymaster_device_release() + *dev = soft_keymaster.release()->keymaster2_device(); + return 0; err: if (km1_device) @@ -127,21 +115,46 @@ err: return rc; } -static int keymaster_device_initialize(keymaster1_device_t** dev) { +static int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { + assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_2_0); + ALOGI("Found keymaster2 module %s, version %x", mod->name, mod->module_api_version); + + UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice); + keymaster2_device_t* km2_device = nullptr; + + int rc = keymaster2_open(mod, &km2_device); + if (rc) { + ALOGE("Error %d opening keystore keymaster2 device", rc); + goto err; + } + + *dev = km2_device; + return 0; + +err: + if (km2_device) + km2_device->common.close(&km2_device->common); + *dev = nullptr; + return rc; +} + +static int keymaster_device_initialize(keymaster2_device_t** dev) { const hw_module_t* mod; int rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); if (rc) { ALOGI("Could not find any keystore module, using software-only implementation."); // SoftKeymasterDevice will be deleted by keymaster_device_release() - *dev = (new SoftKeymasterDevice)->keymaster_device(); + *dev = (new SoftKeymasterDevice)->keymaster2_device(); return 0; } if (mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0) { return keymaster0_device_initialize(mod, dev); - } else { + } else if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) { return keymaster1_device_initialize(mod, dev); + } else { + return keymaster2_device_initialize(mod, dev); } } @@ -149,13 +162,13 @@ static int keymaster_device_initialize(keymaster1_device_t** dev) { // logger used by SoftKeymasterDevice. static keymaster::SoftKeymasterLogger softkeymaster_logger; -static int fallback_keymaster_device_initialize(keymaster1_device_t** dev) { - *dev = (new SoftKeymasterDevice)->keymaster_device(); +static int fallback_keymaster_device_initialize(keymaster2_device_t** dev) { + *dev = (new SoftKeymasterDevice)->keymaster2_device(); // SoftKeymasterDevice will be deleted by keymaster_device_release() return 0; } -static void keymaster_device_release(keymaster1_device_t* dev) { +static void keymaster_device_release(keymaster2_device_t* dev) { dev->common.close(&dev->common); } @@ -174,13 +187,13 @@ int main(int argc, char* argv[]) { return 1; } - keymaster1_device_t* dev; + keymaster2_device_t* dev; if (keymaster_device_initialize(&dev)) { ALOGE("keystore keymaster could not be initialized; exiting"); return 1; } - keymaster1_device_t* fallback; + keymaster2_device_t* fallback; if (fallback_keymaster_device_initialize(&fallback)) { ALOGE("software keymaster could not be initialized; exiting"); return 1; diff --git a/keystore/operation.cpp b/keystore/operation.cpp index 3b381c43..72aa95f7 100644 --- a/keystore/operation.cpp +++ b/keystore/operation.cpp @@ -21,12 +21,10 @@ namespace android { OperationMap::OperationMap(IBinder::DeathRecipient* deathRecipient) - : mDeathRecipient(deathRecipient) { -} + : mDeathRecipient(deathRecipient) {} -sp<IBinder> OperationMap::addOperation(keymaster_operation_handle_t handle, - uint64_t keyid, keymaster_purpose_t purpose, - const keymaster1_device_t* dev, +sp<IBinder> OperationMap::addOperation(keymaster_operation_handle_t handle, uint64_t keyid, + keymaster_purpose_t purpose, const keymaster2_device_t* dev, sp<IBinder> appToken, keymaster_key_characteristics_t* characteristics, bool pruneable) { @@ -44,7 +42,7 @@ sp<IBinder> OperationMap::addOperation(keymaster_operation_handle_t handle, bool OperationMap::getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle, uint64_t* outKeyid, keymaster_purpose_t* outPurpose, - const keymaster1_device_t** outDevice, + const keymaster2_device_t** outDevice, const keymaster_key_characteristics_t** outCharacteristics) { if (!outHandle || !outDevice) { return false; @@ -146,20 +144,13 @@ std::vector<sp<IBinder>> OperationMap::getOperationsForToken(sp<IBinder> appToke } } -OperationMap::Operation::Operation(keymaster_operation_handle_t handle_, - uint64_t keyid_, - keymaster_purpose_t purpose_, - const keymaster1_device_t* device_, +OperationMap::Operation::Operation(keymaster_operation_handle_t handle_, uint64_t keyid_, + keymaster_purpose_t purpose_, const keymaster2_device_t* device_, keymaster_key_characteristics_t* characteristics_, sp<IBinder> appToken_) - : handle(handle_), - keyid(keyid_), - purpose(purpose_), - device(device_), - characteristics(characteristics_), - appToken(appToken_) { -} + : handle(handle_), keyid(keyid_), purpose(purpose_), device(device_), + characteristics(characteristics_), appToken(appToken_) {} -OperationMap::Operation::Operation() : handle(0), device(NULL), characteristics(), appToken(NULL) { -} -} // namespace android +OperationMap::Operation::Operation() : handle(0), device(NULL), characteristics(), appToken(NULL) {} + +} // namespace android diff --git a/keystore/operation.h b/keystore/operation.h index d8d1b181..eb16257c 100644 --- a/keystore/operation.h +++ b/keystore/operation.h @@ -18,7 +18,7 @@ #define KEYSTORE_OPERATION_H_ #include <hardware/hw_auth_token.h> -#include <hardware/keymaster1.h> +#include <hardware/keymaster2.h> #include <binder/Binder.h> #include <binder/IBinder.h> #include <utils/LruCache.h> @@ -39,7 +39,7 @@ typedef std::unique_ptr<keymaster_key_characteristics_t, keymaster_key_character /** * OperationMap handles the translation of keymaster_operation_handle_t's and - * keymaster1_device_t's to opaque binder tokens that can be used to reference + * keymaster2_device_t's to opaque binder tokens that can be used to reference * that operation at a later time by applications. It also does LRU tracking * for operation pruning and keeps a mapping of clients to operations to allow * for graceful handling of application death. @@ -48,12 +48,12 @@ class OperationMap { public: OperationMap(IBinder::DeathRecipient* deathRecipient); sp<IBinder> addOperation(keymaster_operation_handle_t handle, uint64_t keyid, - keymaster_purpose_t purpose, const keymaster1_device_t* dev, + keymaster_purpose_t purpose, const keymaster2_device_t* dev, sp<IBinder> appToken, keymaster_key_characteristics_t* characteristics, bool pruneable); bool getOperation(sp<IBinder> token, keymaster_operation_handle_t* outHandle, uint64_t* outKeyid, keymaster_purpose_t* outPurpose, - const keymaster1_device_t** outDev, + const keymaster2_device_t** outDev, const keymaster_key_characteristics_t** outCharacteristics); bool removeOperation(sp<IBinder> token); bool hasPruneableOperation() const; @@ -70,12 +70,12 @@ private: struct Operation { Operation(); Operation(keymaster_operation_handle_t handle, uint64_t keyid, keymaster_purpose_t purpose, - const keymaster1_device_t* device, + const keymaster2_device_t* device, keymaster_key_characteristics_t* characteristics, sp<IBinder> appToken); keymaster_operation_handle_t handle; uint64_t keyid; keymaster_purpose_t purpose; - const keymaster1_device_t* device; + const keymaster2_device_t* device; Unique_keymaster_key_characteristics characteristics; sp<IBinder> appToken; std::unique_ptr<hw_auth_token_t> authToken; |