Add support for upgrading key types

Old key types were not distinguished by the keystore itself. This change
takes some of the reserved fields in the old format and changes it to a
version number and key type.

Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996

2 files changed, 20 insertions, 4 deletions

diff --git a/softkeymaster/Android.mk b/softkeymaster/Android.mk
index 6becd785..59152081 100644
--- a/softkeymaster/Android.mk
+++ b/softkeymaster/Android.mk
@@ -23,12 +23,13 @@ LOCAL_MODULE_PATH := $(TARGET_OUT_SHARED_LIBRARIES)/hw
 LOCAL_SRC_FILES := keymaster_openssl.cpp
 
 LOCAL_C_INCLUDES := \
+	system/security/keystore \
 	libcore/include \
 	external/openssl/include
 
 LOCAL_C_FLAGS = -fvisibility=hidden -Wall -Werror
 
-LOCAL_SHARED_LIBRARIES := libcrypto liblog
+LOCAL_SHARED_LIBRARIES := libcrypto liblog libkeystore_client
 
 LOCAL_MODULE_TAGS := optional
 
diff --git a/softkeymaster/keymaster_openssl.cpp b/softkeymaster/keymaster_openssl.cpp
index 7be00eaa..fb5b9d0b 100644
--- a/softkeymaster/keymaster_openssl.cpp
+++ b/softkeymaster/keymaster_openssl.cpp
@@ -17,6 +17,8 @@
 #include <string.h>
 #include <stdint.h>
 
+#include <keystore.h>
+
 #include <hardware/hardware.h>
 #include <hardware/keymaster.h>
 
@@ -101,7 +103,8 @@ static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlob
     }
 
     /* int type + int size + private key data + int size + public key data */
-    *keyBlobLength = sizeof(int) + sizeof(int) + privateLen + sizeof(int) + publicLen;
+    *keyBlobLength = get_softkey_header_size() + sizeof(int) + sizeof(int) + privateLen
+            + sizeof(int) + publicLen;
 
     UniquePtr<unsigned char[]> derData(new unsigned char[*keyBlobLength]);
     if (derData.get() == NULL) {
@@ -110,6 +113,9 @@ static int wrap_key(EVP_PKEY* pkey, int type, uint8_t** keyBlob, size_t* keyBlob
     }
     unsigned char* p = derData.get();
 
+    /* Write the magic value for software keys. */
+    p = add_softkey_header(p, *keyBlobLength);
+
     /* Write key type to allocated buffer */
     for (int i = sizeof(int) - 1; i >= 0; i--) {
         *p++ = (type >> (8*i)) & 0xFF;
@@ -150,12 +156,19 @@ static EVP_PKEY* unwrap_key(const uint8_t* keyBlob, const size_t keyBlobLength)
     }
 
     // Should be large enough for:
-    // int32 type, int32 pubLen, char* pub, int32 privLen, char* priv
-    if (keyBlobLength < (sizeof(int) + sizeof(int) + 1 + sizeof(int) + 1)) {
+    // int32 magic, int32 type, int32 pubLen, char* pub, int32 privLen, char* priv
+    if (keyBlobLength < (get_softkey_header_size() + sizeof(int) + sizeof(int) + 1
+            + sizeof(int) + 1)) {
         ALOGE("key blob appears to be truncated");
         return NULL;
     }
 
+    if (!is_softkey(p, keyBlobLength)) {
+        ALOGE("cannot read key; it was not made by this keymaster");
+        return NULL;
+    }
+    p += get_softkey_header_size();
+
     int type = 0;
     for (size_t i = 0; i < sizeof(int); i++) {
         type = (type << 8) | *p++;
@@ -467,6 +480,8 @@ static int openssl_open(const hw_module_t* module, const char* name,
     dev->common.module = (struct hw_module_t*) module;
     dev->common.close = openssl_close;
 
+    dev->flags = KEYMASTER_SOFTWARE_ONLY;
+
     dev->generate_keypair = openssl_generate_keypair;
     dev->import_keypair = openssl_import_keypair;
     dev->get_keypair_public = openssl_get_keypair_public;