Revert "Revert "Large refactor to move context out of AndroidKeymaster.""
This reverts commit 13fbe3e93247943c26e7ca2ed27b6d650282b8bf.
Bug: 20912868, 19799085
Change-Id: Iadd6ce5cbe94956c2a2fe277f1bf5b108e4bcf57
diff --git a/soft_keymaster_device.cpp b/soft_keymaster_device.cpp
index 18ac3e6..3e92061 100644
--- a/soft_keymaster_device.cpp
+++ b/soft_keymaster_device.cpp
@@ -33,16 +33,13 @@
#define LOG_TAG "SoftKeymasterDevice"
#include <cutils/log.h>
-#include <keymaster/authorization_set.h>
+#include <keymaster/android_keymaster.h>
#include <keymaster/android_keymaster_messages.h>
-#include <keymaster/key_blob.h>
+#include <keymaster/authorization_set.h>
+#include <keymaster/soft_keymaster_context.h>
#include <keymaster/soft_keymaster_logger.h>
-#include "aes_key.h"
-#include "ec_key.h"
-#include "android_softkeymaster.h"
-#include "hmac_key.h"
-#include "rsa_key.h"
+#include "openssl_utils.h"
struct keystore_module soft_keymaster_device_module = {
.common =
@@ -61,12 +58,8 @@
namespace keymaster {
-static KeyFactoryRegistry::Registration<AesKeyFactory> aes_registration;
-static KeyFactoryRegistry::Registration<EcdsaKeyFactory> ec_registration;
-static KeyFactoryRegistry::Registration<HmacKeyFactory> hmac_registration;
-static KeyFactoryRegistry::Registration<RsaKeyFactory> rsa_registration;
-
-SoftKeymasterDevice::SoftKeymasterDevice() : impl_(new AndroidSoftKeymaster(16)) {
+SoftKeymasterDevice::SoftKeymasterDevice()
+ : impl_(new AndroidKeymaster(new SoftKeymasterContext, 16)) {
#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__)
static_assert(std::is_standard_layout<SoftKeymasterDevice>::value,
"SoftKeymasterDevice must be standard layout");
@@ -265,14 +258,6 @@
return KM_ERROR_OK;
}
-struct EVP_PKEY_Delete {
- void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); }
-};
-
-struct PKCS8_PRIV_KEY_INFO_Delete {
- void operator()(PKCS8_PRIV_KEY_INFO* p) const { PKCS8_PRIV_KEY_INFO_free(p); }
-};
-
/* static */
keymaster_error_t SoftKeymasterDevice::GetPkcs8KeyAlgorithm(const uint8_t* key, size_t key_length,
keymaster_algorithm_t* algorithm) {
@@ -360,8 +345,8 @@
BeginOperationRequest begin_request;
begin_request.purpose = KM_PURPOSE_SIGN;
begin_request.SetKeyMaterial(key_blob, key_blob_length);
- keymaster_error_t err =
- ExtractSigningParams(params, key_blob, key_blob_length, &begin_request.additional_params);
+ keymaster_error_t err = ExtractSigningParams(dev, params, key_blob, key_blob_length,
+ &begin_request.additional_params);
if (err != KM_ERROR_OK)
return err;
@@ -413,12 +398,10 @@
BeginOperationRequest begin_request;
begin_request.purpose = KM_PURPOSE_VERIFY;
begin_request.SetKeyMaterial(key_blob, key_blob_length);
- {
- keymaster_error_t err = ExtractSigningParams(params, key_blob, key_blob_length,
- &begin_request.additional_params);
- if (err != KM_ERROR_OK)
- return err;
- }
+ keymaster_error_t err = ExtractSigningParams(dev, params, key_blob, key_blob_length,
+ &begin_request.additional_params);
+ if (err != KM_ERROR_OK)
+ return err;
BeginOperationResponse begin_response;
convert_device(dev)->impl_->BeginOperation(begin_request, &begin_response);
@@ -859,15 +842,28 @@
}
/* static */
-keymaster_error_t SoftKeymasterDevice::ExtractSigningParams(const void* signing_params,
+keymaster_error_t SoftKeymasterDevice::ExtractSigningParams(const keymaster1_device_t* dev,
+ const void* signing_params,
const uint8_t* key_blob,
size_t key_blob_length,
AuthorizationSet* auth_set) {
- KeyBlob blob(key_blob, key_blob_length);
- if (blob.error() != KM_ERROR_OK)
- return blob.error();
+ const keymaster_blob_t client_id = {nullptr, 0};
+ const keymaster_blob_t app_data = {nullptr, 0};
+ const keymaster_key_blob_t blob = {key_blob, key_blob_length};
+ keymaster_key_characteristics_t* characteristics;
+ keymaster_error_t error =
+ get_key_characteristics(dev, &blob, &client_id, &app_data, &characteristics);
- switch (blob.algorithm()) {
+ if (error != KM_ERROR_OK)
+ return error;
+
+ AuthorizationSet auths(characteristics->hw_enforced);
+ auths.push_back(AuthorizationSet(characteristics->sw_enforced));
+ keymaster_algorithm_t algorithm;
+ if (!auths.GetTagValue(TAG_ALGORITHM, &algorithm))
+ return KM_ERROR_INVALID_KEY_BLOB;
+
+ switch (algorithm) {
case KM_ALGORITHM_RSA: {
const keymaster_rsa_sign_params_t* rsa_params =
reinterpret_cast<const keymaster_rsa_sign_params_t*>(signing_params);