commit 7d5d8c0c403775bdec6281432372e788b1241f12
author Shawn Willden <swillden@google.com> Mon Jun 01 07:00:37 2015 -0600
committer Shawn Willden <swillden@google.com> Fri Jun 12 13:14:18 2015 -0600
tree 675084b4f946d1acea6db21fdc2363d2233c18c1
parent 7171dedb92e31eb2d75ca7667b8fefc340e958c1

Don't bother parsing keymaster0 signing params.

The keymaster0 signing API includes a void* to a structure that depends
on key type (RSA or EC).  Previously we've tried to determine what the
key type is and to extract proper parameters, by calling
get_key_characteristics and examining the result.  But this is all
pointless.  The possible contents of that signing structure is fixed, so
we may as well just set the values directly.  This does mean that we set
KM_TAG_PADDING for EC keys, even though ECDSA doesn't use padding.
That's okay, though.  Keymaster1 implementations should ignore
extraneous tags.  And in any case, we'll soon stop even providing the
keymaster0 APIs, so the issue will disappear.

Cherry-picked from internal.

Change-Id: I3228aa8c05a009f67e17b259544aa2481edace7c

include/keymaster/soft_keymaster_device.h

diff --git a/include/keymaster/soft_keymaster_device.h b/include/keymaster/soft_keymaster_device.h
index 9a710eb..ce1d5ad 100644
--- a/include/keymaster/soft_keymaster_device.h
+++ b/include/keymaster/soft_keymaster_device.h
@@ -56,10 +56,6 @@
     }
 
   private:
-    static keymaster_error_t ExtractSigningParams(const keymaster1_device_t* dev,
-                                                  const void* signing_params,
-                                                  const uint8_t* key_blob, size_t key_blob_length,
-                                                  AuthorizationSet* auth_set);
     static void StoreDefaultNewKeyParams(AuthorizationSet* auth_set);
     static keymaster_error_t GetPkcs8KeyAlgorithm(const uint8_t* key, size_t key_length,
                                                   keymaster_algorithm_t* algorithm);

soft_keymaster_device.cpp

diff --git a/soft_keymaster_device.cpp b/soft_keymaster_device.cpp
index 78dce57..baaae6b 100644
--- a/soft_keymaster_device.cpp
+++ b/soft_keymaster_device.cpp
@@ -352,10 +352,8 @@
     BeginOperationRequest begin_request;
     begin_request.purpose = KM_PURPOSE_SIGN;
     begin_request.SetKeyMaterial(key_blob, key_blob_length);
-    keymaster_error_t err = ExtractSigningParams(dev, params, key_blob, key_blob_length,
-                                                 &begin_request.additional_params);
-    if (err != KM_ERROR_OK)
-        return err;
+    begin_request.additional_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
+    begin_request.additional_params.push_back(TAG_PADDING, KM_PAD_NONE);
 
     BeginOperationResponse begin_response;
     convert_device(dev)->impl_->BeginOperation(begin_request, &begin_response);
@@ -405,10 +403,8 @@
     BeginOperationRequest begin_request;
     begin_request.purpose = KM_PURPOSE_VERIFY;
     begin_request.SetKeyMaterial(key_blob, key_blob_length);
-    keymaster_error_t err = ExtractSigningParams(dev, params, key_blob, key_blob_length,
-                                                 &begin_request.additional_params);
-    if (err != KM_ERROR_OK)
-        return err;
+    begin_request.additional_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
+    begin_request.additional_params.push_back(TAG_PADDING, KM_PAD_NONE);
 
     BeginOperationResponse begin_response;
     convert_device(dev)->impl_->BeginOperation(begin_request, &begin_response);
@@ -860,54 +856,6 @@
 }
 
 /* static */
-keymaster_error_t SoftKeymasterDevice::ExtractSigningParams(const keymaster1_device_t* dev,
-                                                            const void* signing_params,
-                                                            const uint8_t* key_blob,
-                                                            size_t key_blob_length,
-                                                            AuthorizationSet* auth_set) {
-    const keymaster_blob_t client_id = {nullptr, 0};
-    const keymaster_blob_t app_data = {nullptr, 0};
-    const keymaster_key_blob_t blob = {key_blob, key_blob_length};
-    keymaster_key_characteristics_t* characteristics;
-    keymaster_error_t error =
-        get_key_characteristics(dev, &blob, &client_id, &app_data, &characteristics);
-
-    if (error != KM_ERROR_OK)
-        return error;
-
-    AuthorizationSet auths(characteristics->hw_enforced);
-    auths.push_back(AuthorizationSet(characteristics->sw_enforced));
-    keymaster_algorithm_t algorithm;
-    if (!auths.GetTagValue(TAG_ALGORITHM, &algorithm))
-        return KM_ERROR_INVALID_KEY_BLOB;
-
-    switch (algorithm) {
-    case KM_ALGORITHM_RSA: {
-        const keymaster_rsa_sign_params_t* rsa_params =
-            reinterpret_cast<const keymaster_rsa_sign_params_t*>(signing_params);
-        if (rsa_params->digest_type != DIGEST_NONE)
-            return KM_ERROR_UNSUPPORTED_DIGEST;
-        if (rsa_params->padding_type != PADDING_NONE)
-            return KM_ERROR_UNSUPPORTED_PADDING_MODE;
-        if (!auth_set->push_back(TAG_DIGEST, KM_DIGEST_NONE) ||
-            !auth_set->push_back(TAG_PADDING, KM_PAD_NONE))
-            return KM_ERROR_MEMORY_ALLOCATION_FAILED;
-    } break;
-    case KM_ALGORITHM_EC: {
-        const keymaster_ec_sign_params_t* ecdsa_params =
-            reinterpret_cast<const keymaster_ec_sign_params_t*>(signing_params);
-        if (ecdsa_params->digest_type != DIGEST_NONE)
-            return KM_ERROR_UNSUPPORTED_DIGEST;
-        if (!auth_set->push_back(TAG_DIGEST, KM_DIGEST_NONE))
-            return KM_ERROR_MEMORY_ALLOCATION_FAILED;
-    } break;
-    default:
-        return KM_ERROR_UNSUPPORTED_ALGORITHM;
-    }
-    return KM_ERROR_OK;
-}
-
-/* static */
 void SoftKeymasterDevice::StoreDefaultNewKeyParams(AuthorizationSet* auth_set) {
     auth_set->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
     auth_set->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);