Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / 3b3599385a88ae26fce0484c20a34cc911fed000 / . / keystore / legacy_keymaster_device_wrapper.cpp
blob: 86d286e5c4e02d339e1d5dbba15430b318dcfb9b [file] [log] [blame]
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]1/*
2 **
3 ** Copyright 2016, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#define LOG_TAG "android.hardware.keymaster@3.0-impl"
19
20#include "legacy_keymaster_device_wrapper.h"
21
Logan Chiencdc813f2018-04-23 13:52:28 +0800[diff] [blame]22#include <log/log.h>
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]23
24#include <hardware/keymaster2.h>
25#include <hardware/keymaster_defs.h>
26#include <keymaster/keymaster_configuration.h>
27#include <keymaster/soft_keymaster_device.h>
28
29namespace android {
30namespace keystore {
31
32using ::keymaster::SoftKeymasterDevice;
33
34LegacyKeymasterDeviceWrapper::LegacyKeymasterDeviceWrapper(keymaster2_device_t* dev)
35 : keymaster_device_(dev) {}
36
37LegacyKeymasterDeviceWrapper::~LegacyKeymasterDeviceWrapper() {
38 if (keymaster_device_) keymaster_device_->common.close(&keymaster_device_->common);
39}
40
41static inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
42 return keymaster_tag_get_type(tag);
43}
44
45/**
46 * legacy_enum_conversion converts enums from hidl to keymaster and back. Currently, this is just a
47 * cast to make the compiler happy. One of two thigs should happen though:
48 * TODO The keymaster enums should become aliases for the hidl generated enums so that we have a
49 * single point of truth. Then this cast function can go away.
50 */
51inline static keymaster_tag_t legacy_enum_conversion(const Tag value) {
52 return keymaster_tag_t(value);
53}
54inline static Tag legacy_enum_conversion(const keymaster_tag_t value) {
55 return Tag(value);
56}
57inline static keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
58 return keymaster_purpose_t(value);
59}
60inline static keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
61 return keymaster_key_format_t(value);
62}
63inline static ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
64 return ErrorCode(value);
65}
66
67class KmParamSet : public keymaster_key_param_set_t {
68 public:
Chih-Hung Hsieh4fa39ef2019-01-04 13:34:17 -0800[diff] [blame]69 explicit KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]70 params = new keymaster_key_param_t[keyParams.size()];
71 length = keyParams.size();
72 for (size_t i = 0; i < keyParams.size(); ++i) {
73 auto tag = legacy_enum_conversion(keyParams[i].tag);
74 switch (typeFromTag(tag)) {
75 case KM_ENUM:
76 case KM_ENUM_REP:
77 params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
78 break;
79 case KM_UINT:
80 case KM_UINT_REP:
81 params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
82 break;
83 case KM_ULONG:
84 case KM_ULONG_REP:
85 params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
86 break;
87 case KM_DATE:
88 params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
89 break;
90 case KM_BOOL:
91 if (keyParams[i].f.boolValue)
92 params[i] = keymaster_param_bool(tag);
93 else
94 params[i].tag = KM_TAG_INVALID;
95 break;
96 case KM_BIGNUM:
97 case KM_BYTES:
98 params[i] =
99 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size());
100 break;
101 case KM_INVALID:
102 default:
103 params[i].tag = KM_TAG_INVALID;
104 /* just skip */
105 break;
106 }
107 }
108 }
Chih-Hung Hsiehf73b1982018-09-25 12:03:21 -0700[diff] [blame]109 KmParamSet(KmParamSet&& other) noexcept
110 : keymaster_key_param_set_t{other.params, other.length} {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]111 other.length = 0;
112 other.params = nullptr;
113 }
114 KmParamSet(const KmParamSet&) = delete;
115 ~KmParamSet() { delete[] params; }
116};
117
118inline static KmParamSet hidlParams2KmParamSet(const hidl_vec<KeyParameter>& params) {
119 return KmParamSet(params);
120}
121
122inline static keymaster_blob_t hidlVec2KmBlob(const hidl_vec<uint8_t>& blob) {
123 /* hidl unmarshals funny pointers if the the blob is empty */
124 if (blob.size()) return {&blob[0], blob.size()};
125 return {};
126}
127
128inline static keymaster_key_blob_t hidlVec2KmKeyBlob(const hidl_vec<uint8_t>& blob) {
129 /* hidl unmarshals funny pointers if the the blob is empty */
130 if (blob.size()) return {&blob[0], blob.size()};
131 return {};
132}
133
134inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]135 if (blob.key_material == nullptr || blob.key_material_size == 0) {
136 return {};
137 } else {
138 return hidl_vec<uint8_t>(blob.key_material, blob.key_material + blob.key_material_size);
139 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]140}
141inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]142 if (blob.data == nullptr || blob.data_length == 0) {
143 return {};
144 } else {
145 return hidl_vec<uint8_t>(blob.data, blob.data + blob.data_length);
146 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]147}
148
149inline static hidl_vec<hidl_vec<uint8_t>>
150kmCertChain2Hidl(const keymaster_cert_chain_t* cert_chain) {
151 hidl_vec<hidl_vec<uint8_t>> result;
152 if (!cert_chain || cert_chain->entry_count == 0 || !cert_chain->entries) return result;
153
154 result.resize(cert_chain->entry_count);
155 for (size_t i = 0; i < cert_chain->entry_count; ++i) {
156 auto& entry = cert_chain->entries[i];
157 result[i] = kmBlob2hidlVec(entry);
158 }
159
160 return result;
161}
162
163static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
164 hidl_vec<KeyParameter> result;
165 if (set.length == 0 || set.params == nullptr) return result;
166
167 result.resize(set.length);
168 keymaster_key_param_t* params = set.params;
169 for (size_t i = 0; i < set.length; ++i) {
170 auto tag = params[i].tag;
171 result[i].tag = legacy_enum_conversion(tag);
172 switch (typeFromTag(tag)) {
173 case KM_ENUM:
174 case KM_ENUM_REP:
175 result[i].f.integer = params[i].enumerated;
176 break;
177 case KM_UINT:
178 case KM_UINT_REP:
179 result[i].f.integer = params[i].integer;
180 break;
181 case KM_ULONG:
182 case KM_ULONG_REP:
183 result[i].f.longInteger = params[i].long_integer;
184 break;
185 case KM_DATE:
186 result[i].f.dateTime = params[i].date_time;
187 break;
188 case KM_BOOL:
189 result[i].f.boolValue = params[i].boolean;
190 break;
191 case KM_BIGNUM:
192 case KM_BYTES:
Rob Barnesbb6cabd2018-10-04 17:10:37 -0600[diff] [blame]193 result[i].blob = kmBlob2hidlVec(params[i].blob);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]194 break;
195 case KM_INVALID:
196 default:
197 params[i].tag = KM_TAG_INVALID;
198 /* just skip */
199 break;
200 }
201 }
202 return result;
203}
204
205// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow.
206Return<void> LegacyKeymasterDeviceWrapper::getHardwareFeatures(getHardwareFeatures_cb _hidl_cb) {
Shawn Willdenb8550a02017-02-23 11:06:05 -0700[diff] [blame]207 _hidl_cb(false, false, false, false, false, "Fallback Device", "Google Android Security");
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]208 return Void();
209}
210
211Return<ErrorCode> LegacyKeymasterDeviceWrapper::addRngEntropy(const hidl_vec<uint8_t>& data) {
212 return legacy_enum_conversion(
213 keymaster_device_->add_rng_entropy(keymaster_device_, &data[0], data.size()));
214}
215
216Return<void> LegacyKeymasterDeviceWrapper::generateKey(const hidl_vec<KeyParameter>& keyParams,
217 generateKey_cb _hidl_cb) {
218 // result variables for the wire
219 KeyCharacteristics resultCharacteristics;
220 hidl_vec<uint8_t> resultKeyBlob;
221
222 // result variables the backend understands
223 keymaster_key_blob_t key_blob{nullptr, 0};
224 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
225
226 // convert the parameter set to something our backend understands
227 auto kmParams = hidlParams2KmParamSet(keyParams);
228
229 auto rc = keymaster_device_->generate_key(keymaster_device_, &kmParams, &key_blob,
230 &key_characteristics);
231
232 if (rc == KM_ERROR_OK) {
233 // on success convert the result to wire format
234 resultKeyBlob = kmBlob2hidlVec(key_blob);
235 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
236 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
237 }
238
239 // send results off to the client
240 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics);
241
242 // free buffers that we are responsible for
243 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
244 keymaster_free_characteristics(&key_characteristics);
245
246 return Void();
247}
248
249Return<void> LegacyKeymasterDeviceWrapper::getKeyCharacteristics(
250 const hidl_vec<uint8_t>& keyBlob, const hidl_vec<uint8_t>& clientId,
251 const hidl_vec<uint8_t>& appData, getKeyCharacteristics_cb _hidl_cb) {
252 // result variables for the wire
253 KeyCharacteristics resultCharacteristics;
254
255 // result variables the backend understands
256 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
257
258 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
259 auto kmClientId = hidlVec2KmBlob(clientId);
260 auto kmAppData = hidlVec2KmBlob(appData);
261
262 auto rc = keymaster_device_->get_key_characteristics(
263 keymaster_device_, keyBlob.size() ? &kmKeyBlob : nullptr,
264 clientId.size() ? &kmClientId : nullptr, appData.size() ? &kmAppData : nullptr,
265 &key_characteristics);
266
267 if (rc == KM_ERROR_OK) {
268 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
269 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
270 }
271
272 _hidl_cb(legacy_enum_conversion(rc), resultCharacteristics);
273
274 keymaster_free_characteristics(&key_characteristics);
275
276 return Void();
277}
278
279Return<void> LegacyKeymasterDeviceWrapper::importKey(const hidl_vec<KeyParameter>& params,
280 KeyFormat keyFormat,
281 const hidl_vec<uint8_t>& keyData,
282 importKey_cb _hidl_cb) {
283 // result variables for the wire
284 KeyCharacteristics resultCharacteristics;
285 hidl_vec<uint8_t> resultKeyBlob;
286
287 // result variables the backend understands
288 keymaster_key_blob_t key_blob{nullptr, 0};
289 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
290
291 auto kmParams = hidlParams2KmParamSet(params);
292 auto kmKeyData = hidlVec2KmBlob(keyData);
293
294 auto rc = keymaster_device_->import_key(keymaster_device_, &kmParams,
295 legacy_enum_conversion(keyFormat), &kmKeyData,
296 &key_blob, &key_characteristics);
297
298 if (rc == KM_ERROR_OK) {
299 // on success convert the result to wire format
300 resultKeyBlob = kmBlob2hidlVec(key_blob);
301 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
302 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
303 }
304
305 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics);
306
307 // free buffers that we are responsible for
308 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
309 keymaster_free_characteristics(&key_characteristics);
310
311 return Void();
312}
313
314Return<void> LegacyKeymasterDeviceWrapper::exportKey(KeyFormat exportFormat,
315 const hidl_vec<uint8_t>& keyBlob,
316 const hidl_vec<uint8_t>& clientId,
317 const hidl_vec<uint8_t>& appData,
318 exportKey_cb _hidl_cb) {
319
320 // result variables for the wire
321 hidl_vec<uint8_t> resultKeyBlob;
322
323 // result variables the backend understands
324 keymaster_blob_t out_blob = {};
325
326 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
327 auto kmClientId = hidlVec2KmBlob(clientId);
328 auto kmAppData = hidlVec2KmBlob(appData);
329
330 auto rc = keymaster_device_->export_key(keymaster_device_, legacy_enum_conversion(exportFormat),
331 keyBlob.size() ? &kmKeyBlob : nullptr,
332 clientId.size() ? &kmClientId : nullptr,
333 appData.size() ? &kmAppData : nullptr, &out_blob);
334
335 if (rc == KM_ERROR_OK) {
336 // on success convert the result to wire format
337 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?)
338 resultKeyBlob = kmBlob2hidlVec(out_blob);
339 }
340
341 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob);
342
343 // free buffers that we are responsible for
344 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
345
346 return Void();
347}
348
349Return<void> LegacyKeymasterDeviceWrapper::attestKey(const hidl_vec<uint8_t>& keyToAttest,
350 const hidl_vec<KeyParameter>& attestParams,
351 attestKey_cb _hidl_cb) {
352
353 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
354
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]355 for (size_t i = 0; i < attestParams.size(); ++i) {
356 switch (attestParams[i].tag) {
357 case Tag::ATTESTATION_ID_BRAND:
358 case Tag::ATTESTATION_ID_DEVICE:
359 case Tag::ATTESTATION_ID_PRODUCT:
360 case Tag::ATTESTATION_ID_SERIAL:
361 case Tag::ATTESTATION_ID_IMEI:
362 case Tag::ATTESTATION_ID_MEID:
Bartosz Fabianowski634a1aa2017-03-20 14:02:32 +0100[diff] [blame]363 case Tag::ATTESTATION_ID_MANUFACTURER:
364 case Tag::ATTESTATION_ID_MODEL:
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]365 // Device id attestation may only be supported if the device is able to permanently
366 // destroy its knowledge of the ids. This device is unable to do this, so it must
367 // never perform any device id attestation.
368 _hidl_cb(ErrorCode::CANNOT_ATTEST_IDS, resultCertChain);
369 return Void();
370 default:
371 break;
372 }
373 }
374
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]375 keymaster_cert_chain_t cert_chain = {};
376
377 auto kmKeyToAttest = hidlVec2KmKeyBlob(keyToAttest);
378 auto kmAttestParams = hidlParams2KmParamSet(attestParams);
379
380 auto rc = keymaster_device_->attest_key(keymaster_device_, &kmKeyToAttest, &kmAttestParams,
381 &cert_chain);
382
383 if (rc == KM_ERROR_OK) {
384 resultCertChain = kmCertChain2Hidl(&cert_chain);
385 }
386
387 _hidl_cb(legacy_enum_conversion(rc), resultCertChain);
388
389 keymaster_free_cert_chain(&cert_chain);
390
391 return Void();
392}
393
394Return<void> LegacyKeymasterDeviceWrapper::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
395 const hidl_vec<KeyParameter>& upgradeParams,
396 upgradeKey_cb _hidl_cb) {
397
398 // result variables for the wire
399 hidl_vec<uint8_t> resultKeyBlob;
400
401 // result variables the backend understands
402 keymaster_key_blob_t key_blob = {};
403
404 auto kmKeyBlobToUpgrade = hidlVec2KmKeyBlob(keyBlobToUpgrade);
405 auto kmUpgradeParams = hidlParams2KmParamSet(upgradeParams);
406
407 auto rc = keymaster_device_->upgrade_key(keymaster_device_, &kmKeyBlobToUpgrade,
408 &kmUpgradeParams, &key_blob);
409
410 if (rc == KM_ERROR_OK) {
411 // on success convert the result to wire format
412 resultKeyBlob = kmBlob2hidlVec(key_blob);
413 }
414
415 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob);
416
417 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
418
419 return Void();
420}
421
422Return<ErrorCode> LegacyKeymasterDeviceWrapper::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
423 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
424 return legacy_enum_conversion(keymaster_device_->delete_key(keymaster_device_, &kmKeyBlob));
425}
426
427Return<ErrorCode> LegacyKeymasterDeviceWrapper::deleteAllKeys() {
428 return legacy_enum_conversion(keymaster_device_->delete_all_keys(keymaster_device_));
429}
430
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +0100[diff] [blame]431Return<ErrorCode> LegacyKeymasterDeviceWrapper::destroyAttestationIds() {
432 return ErrorCode::UNIMPLEMENTED;
433}
434
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]435Return<void> LegacyKeymasterDeviceWrapper::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
436 const hidl_vec<KeyParameter>& inParams,
437 begin_cb _hidl_cb) {
438
439 // result variables for the wire
440 hidl_vec<KeyParameter> resultParams;
441 uint64_t resultOpHandle = 0;
442
443 // result variables the backend understands
444 keymaster_key_param_set_t out_params{nullptr, 0};
445 keymaster_operation_handle_t& operation_handle = resultOpHandle;
446
447 auto kmKey = hidlVec2KmKeyBlob(key);
448 auto kmInParams = hidlParams2KmParamSet(inParams);
449
450 auto rc = keymaster_device_->begin(keymaster_device_, legacy_enum_conversion(purpose), &kmKey,
451 &kmInParams, &out_params, &operation_handle);
452
453 if (rc == KM_ERROR_OK) resultParams = kmParamSet2Hidl(out_params);
454
455 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultOpHandle);
456
457 keymaster_free_param_set(&out_params);
458
459 return Void();
460}
461
462Return<void> LegacyKeymasterDeviceWrapper::update(uint64_t operationHandle,
463 const hidl_vec<KeyParameter>& inParams,
464 const hidl_vec<uint8_t>& input,
465 update_cb _hidl_cb) {
466 // result variables for the wire
467 uint32_t resultConsumed = 0;
468 hidl_vec<KeyParameter> resultParams;
469 hidl_vec<uint8_t> resultBlob;
470
471 // result variables the backend understands
472 size_t consumed = 0;
473 keymaster_key_param_set_t out_params = {};
474 keymaster_blob_t out_blob = {};
475
476 auto kmInParams = hidlParams2KmParamSet(inParams);
477 auto kmInput = hidlVec2KmBlob(input);
478
479 auto rc = keymaster_device_->update(keymaster_device_, operationHandle, &kmInParams, &kmInput,
480 &consumed, &out_params, &out_blob);
481
482 if (rc == KM_ERROR_OK) {
483 resultConsumed = consumed;
484 resultParams = kmParamSet2Hidl(out_params);
485 resultBlob = kmBlob2hidlVec(out_blob);
486 }
487
488 _hidl_cb(legacy_enum_conversion(rc), resultConsumed, resultParams, resultBlob);
489
490 keymaster_free_param_set(&out_params);
491 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
492
493 return Void();
494}
495
496Return<void> LegacyKeymasterDeviceWrapper::finish(uint64_t operationHandle,
497 const hidl_vec<KeyParameter>& inParams,
498 const hidl_vec<uint8_t>& input,
499 const hidl_vec<uint8_t>& signature,
500 finish_cb _hidl_cb) {
501 // result variables for the wire
502 hidl_vec<KeyParameter> resultParams;
503 hidl_vec<uint8_t> resultBlob;
504
505 // result variables the backend understands
506 keymaster_key_param_set_t out_params = {};
507 keymaster_blob_t out_blob = {};
508
509 auto kmInParams = hidlParams2KmParamSet(inParams);
510 auto kmInput = hidlVec2KmBlob(input);
511 auto kmSignature = hidlVec2KmBlob(signature);
512
513 auto rc = keymaster_device_->finish(keymaster_device_, operationHandle, &kmInParams, &kmInput,
514 &kmSignature, &out_params, &out_blob);
515
516 if (rc == KM_ERROR_OK) {
517 resultParams = kmParamSet2Hidl(out_params);
518 resultBlob = kmBlob2hidlVec(out_blob);
519 }
520
521 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultBlob);
522
523 keymaster_free_param_set(&out_params);
524 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
525
526 return Void();
527}
528
529Return<ErrorCode> LegacyKeymasterDeviceWrapper::abort(uint64_t operationHandle) {
530 return legacy_enum_conversion(keymaster_device_->abort(keymaster_device_, operationHandle));
531}
532
533sp<IKeymasterDevice> makeSoftwareKeymasterDevice() {
534 keymaster2_device_t* dev = nullptr;
535 dev = (new SoftKeymasterDevice)->keymaster2_device();
536
537 auto kmrc = ::keymaster::ConfigureDevice(dev);
538 if (kmrc != KM_ERROR_OK) {
539 dev->common.close(&dev->common);
540 return nullptr;
541 }
542
543 return new LegacyKeymasterDeviceWrapper(dev);
544}
545
546} // namespace keystore
547} // namespace android