Merge "Add argument to binder call to check key types" into klp-dev

2013-09-05 21:40:56 +00:00
parent 56960fbd39 b91773bce1
commit 040e68f026
3 changed files with 15 additions and 5 deletions
--- a/core/java/android/security/IKeystoreService.java
+++ b/core/java/android/security/IKeystoreService.java
@@ -444,12 +444,13 @@ public interface IKeystoreService extends IInterface {
            }

            @Override
-            public int is_hardware_backed() throws RemoteException {
+            public int is_hardware_backed(String keyType) throws RemoteException {
                Parcel _data = Parcel.obtain();
                Parcel _reply = Parcel.obtain();
                int _result;
                try {
                    _data.writeInterfaceToken(DESCRIPTOR);
+                    _data.writeString(keyType);
                    mRemote.transact(Stub.TRANSACTION_is_hardware_backed, _data, _reply, 0);
                    _reply.readException();
                    _result = _reply.readInt();
@@ -593,7 +594,7 @@ public interface IKeystoreService extends IInterface {
    public int duplicate(String srcKey, int srcUid, String destKey, int destUid)
            throws RemoteException;

-    public int is_hardware_backed() throws RemoteException;
+    public int is_hardware_backed(String string) throws RemoteException;

    public int clear_uid(long uid) throws RemoteException;
 }
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -34,6 +34,7 @@ import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.List;
+import java.util.Locale;
 import java.util.concurrent.BlockingQueue;
 import java.util.concurrent.LinkedBlockingQueue;

@@ -364,7 +365,8 @@ public final class KeyChain {
     * "RSA").
     */
    public static boolean isKeyAlgorithmSupported(String algorithm) {
-        return "RSA".equals(algorithm);
+        final String algUpper = algorithm.toUpperCase(Locale.US);
+        return "DSA".equals(algUpper) || "EC".equals(algUpper) || "RSA".equals(algUpper);
    }

    /**
@@ -379,7 +381,7 @@ public final class KeyChain {
            return false;
        }

-        return KeyStore.getInstance().isHardwareBacked();
+        return KeyStore.getInstance().isHardwareBacked(algorithm);
    }

    private static X509Certificate toCertificate(byte[] bytes) {
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -22,6 +22,8 @@ import android.os.RemoteException;
 import android.os.ServiceManager;
 import android.util.Log;

+import java.util.Locale;
+
 /**
 * @hide This should not be made public in its present form because it
 * assumes that private and secret key bytes are available and would
@@ -306,9 +308,14 @@ public class KeyStore {
        }
    }

+    // TODO remove this when it's removed from Settings
    public boolean isHardwareBacked() {
+        return isHardwareBacked("RSA");
+    }
+
+    public boolean isHardwareBacked(String keyType) {
        try {
-            return mBinder.is_hardware_backed() == NO_ERROR;
+            return mBinder.is_hardware_backed(keyType.toUpperCase(Locale.US)) == NO_ERROR;
        } catch (RemoteException e) {
            Log.w(TAG, "Cannot connect to keystore", e);
            return false;