keystore: add upgradeKeyBlob call into keystore exportKey.
For keymaster2, exportKey() will return need upgrade error when
using old patch_level keyblob, an upgradeKeyBlob() call needed in
exportKey(), like begin() and getKeyCharacteristics().
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 329898b..6eb4e83 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -806,6 +806,23 @@
}
keymaster_blob_t output = {NULL, 0};
rc = dev->export_key(dev, format, &key, clientId, appData, &output);
+ if (rc == KM_ERROR_KEY_REQUIRES_UPGRADE) {
+ AuthorizationSet upgradeParams;
+ if (clientId && clientId->data && clientId->data_length) {
+ upgradeParams.push_back(TAG_APPLICATION_ID, *clientId);
+ }
+ if (appData && appData->data && appData->data_length) {
+ upgradeParams.push_back(TAG_APPLICATION_DATA, *appData);
+ }
+ rc = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob);
+ if (rc != ::NO_ERROR) {
+ result->resultCode = rc;
+ return;
+ }
+ key = {keyBlob.getValue(), static_cast<size_t>(keyBlob.getLength())};
+ rc = dev->export_key(dev, format, &key, clientId, appData, &output);
+ }
+
result->exportData.reset(const_cast<uint8_t*>(output.data));
result->dataLength = output.data_length;
result->resultCode = rc ? rc : ::NO_ERROR;