Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b91773bc authored by Kenny Root's avatar Kenny Root
Browse files

Add argument to binder call to check key types 

Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.

Bug: 10600582
Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
parent d2676f9b

core/java/android/security/IKeystoreService.java

+3 −2
Original line number Diff line number Diff line
@@ -444,12 +444,13 @@ public interface IKeystoreService extends IInterface { 
            }



            @Override

            public int is_hardware_backed() throws RemoteException {

            public int is_hardware_backed(String keyType) throws RemoteException {

                Parcel _data = Parcel.obtain();

                Parcel _reply = Parcel.obtain();

                int _result;

                try {

                    _data.writeInterfaceToken(DESCRIPTOR);

                    _data.writeString(keyType);

                    mRemote.transact(Stub.TRANSACTION_is_hardware_backed, _data, _reply, 0);

                    _reply.readException();

                    _result = _reply.readInt();
@@ -593,7 +594,7 @@ public interface IKeystoreService extends IInterface { 
    public int duplicate(String srcKey, int srcUid, String destKey, int destUid)

            throws RemoteException;



    public int is_hardware_backed() throws RemoteException;

    public int is_hardware_backed(String string) throws RemoteException;



    public int clear_uid(long uid) throws RemoteException;

}

keystore/java/android/security/KeyChain.java

+4 −2
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ import java.security.cert.CertificateException; 
import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.util.List;

import java.util.Locale;

import java.util.concurrent.BlockingQueue;

import java.util.concurrent.LinkedBlockingQueue;
@@ -364,7 +365,8 @@ public final class KeyChain { 
     * "RSA").

     */

    public static boolean isKeyAlgorithmSupported(String algorithm) {

        return "RSA".equals(algorithm);

        final String algUpper = algorithm.toUpperCase(Locale.US);

        return "DSA".equals(algUpper) || "EC".equals(algUpper) || "RSA".equals(algUpper);

    }



    /**
@@ -379,7 +381,7 @@ public final class KeyChain { 
            return false;

        }



        return KeyStore.getInstance().isHardwareBacked();

        return KeyStore.getInstance().isHardwareBacked(algorithm);

    }



    private static X509Certificate toCertificate(byte[] bytes) {

keystore/java/android/security/KeyStore.java

+8 −1
Original line number Diff line number Diff line
@@ -22,6 +22,8 @@ import android.os.RemoteException; 
import android.os.ServiceManager;

import android.util.Log;



import java.util.Locale;



/**

 * @hide This should not be made public in its present form because it

 * assumes that private and secret key bytes are available and would
@@ -306,9 +308,14 @@ public class KeyStore { 
        }

    }



    // TODO remove this when it's removed from Settings

    public boolean isHardwareBacked() {

        return isHardwareBacked("RSA");

    }



    public boolean isHardwareBacked(String keyType) {

        try {

            return mBinder.is_hardware_backed() == NO_ERROR;

            return mBinder.is_hardware_backed(keyType.toUpperCase(Locale.US)) == NO_ERROR;

        } catch (RemoteException e) {

            Log.w(TAG, "Cannot connect to keystore", e);

            return false;