Cope with previously-emulated keys
If a device has upgraded Android versions then the KeyMint device
may also have been upgraded. If that's the case, then there may
be keyblobs that were created in software on the old device, because it
didn't support some feature.
Watch out for these keys, and if encountered, try to import them into
the current KeyMint device:
- extract the key material from the key blob
- add PKCS#8 wrapping for import
Bug: 283077822
Bug: 296403357
Test: tested with ARC upgrade, see b/296403357
Change-Id: I146f7cfdaac9fe22b7bb6850b7e48ea113945902
diff --git a/keystore2/src/km_compat.rs b/keystore2/src/km_compat.rs
index cd58fe4..03c9d02 100644
--- a/keystore2/src/km_compat.rs
+++ b/keystore2/src/km_compat.rs
@@ -37,6 +37,11 @@
/// final zero byte indicates that the blob is not software emulated.)
pub const KEYMASTER_BLOB_HW_PREFIX: &[u8] = b"pKMblob\x00";
+/// Magic prefix used by the km_compat C++ code to mark a key that is owned by an
+/// software emulation device that has been wrapped by km_compat. (The final one
+/// byte indicates that the blob is software emulated.)
+pub const KEYMASTER_BLOB_SW_PREFIX: &[u8] = b"pKMblob\x01";
+
/// Key data associated with key generation/import.
#[derive(Debug, PartialEq, Eq)]
pub enum KeyImportData<'a> {
@@ -94,7 +99,7 @@
/// Return an unwrapped version of the provided `keyblob`, which may or may
/// not be associated with the software emulation.
-fn unwrap_keyblob(keyblob: &[u8]) -> KeyBlob {
+pub fn unwrap_keyblob(keyblob: &[u8]) -> KeyBlob {
if !keyblob.starts_with(KEYBLOB_PREFIX) {
return KeyBlob::Raw(keyblob);
}