Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
diff --git a/core/java/android/security/IKeystoreService.java b/core/java/android/security/IKeystoreService.java
index bf8d4e5..f8bf45b 100644
--- a/core/java/android/security/IKeystoreService.java
+++ b/core/java/android/security/IKeystoreService.java
@@ -444,12 +444,13 @@
}
@Override
- public int is_hardware_backed() throws RemoteException {
+ public int is_hardware_backed(String keyType) throws RemoteException {
Parcel _data = Parcel.obtain();
Parcel _reply = Parcel.obtain();
int _result;
try {
_data.writeInterfaceToken(DESCRIPTOR);
+ _data.writeString(keyType);
mRemote.transact(Stub.TRANSACTION_is_hardware_backed, _data, _reply, 0);
_reply.readException();
_result = _reply.readInt();
@@ -593,7 +594,7 @@
public int duplicate(String srcKey, int srcUid, String destKey, int destUid)
throws RemoteException;
- public int is_hardware_backed() throws RemoteException;
+ public int is_hardware_backed(String string) throws RemoteException;
public int clear_uid(long uid) throws RemoteException;
}
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index 9ea325a..8ad973d 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -34,6 +34,7 @@
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
+import java.util.Locale;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
@@ -364,7 +365,8 @@
* "RSA").
*/
public static boolean isKeyAlgorithmSupported(String algorithm) {
- return "RSA".equals(algorithm);
+ final String algUpper = algorithm.toUpperCase(Locale.US);
+ return "DSA".equals(algUpper) || "EC".equals(algUpper) || "RSA".equals(algUpper);
}
/**
@@ -379,7 +381,7 @@
return false;
}
- return KeyStore.getInstance().isHardwareBacked();
+ return KeyStore.getInstance().isHardwareBacked(algorithm);
}
private static X509Certificate toCertificate(byte[] bytes) {
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 9babb94..6ac49ee 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -22,6 +22,8 @@
import android.os.ServiceManager;
import android.util.Log;
+import java.util.Locale;
+
/**
* @hide This should not be made public in its present form because it
* assumes that private and secret key bytes are available and would
@@ -306,9 +308,14 @@
}
}
+ // TODO remove this when it's removed from Settings
public boolean isHardwareBacked() {
+ return isHardwareBacked("RSA");
+ }
+
+ public boolean isHardwareBacked(String keyType) {
try {
- return mBinder.is_hardware_backed() == NO_ERROR;
+ return mBinder.is_hardware_backed(keyType.toUpperCase(Locale.US)) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;