Keystore 2.0: Fix loading of unencrypted legacy super keys.
In 2019 we had a bug that caused super keys to remain unencrypted.
This CL accounts for the existance of such unencrypted keys.
Bug: 183591049
Bug: 141955555
Change-Id: I2ebca684e7d5bd1269c26cf3d06ed380d1ee4770
diff --git a/keystore2/src/legacy_blob.rs b/keystore2/src/legacy_blob.rs
index 5f40ece..6f2cdd0 100644
--- a/keystore2/src/legacy_blob.rs
+++ b/keystore2/src/legacy_blob.rs
@@ -216,7 +216,7 @@
// flags (1 Byte)
// info (1 Byte)
// initialization_vector (16 Bytes)
- // integrity (MD5 digest or gcb tag) (16 Bytes)
+ // integrity (MD5 digest or gcm tag) (16 Bytes)
// length (4 Bytes)
const COMMON_HEADER_SIZE: usize = 4 + Self::IV_SIZE + Self::GCM_TAG_LENGTH + 4;
@@ -1043,16 +1043,22 @@
let blob = match blob {
Some(blob) => match blob {
- Blob {
- value: BlobValue::PwEncrypted { iv, tag, data, salt, key_size }, ..
- } => {
- let key = pw
- .derive_key(Some(&salt), key_size)
- .context("In load_super_key: Failed to derive key from password.")?;
- let blob = aes_gcm_decrypt(&data, &iv, &tag, &key).context(
- "In load_super_key: while trying to decrypt legacy super key blob.",
- )?;
- Some(blob)
+ Blob { flags, value: BlobValue::PwEncrypted { iv, tag, data, salt, key_size } } => {
+ if (flags & flags::ENCRYPTED) != 0 {
+ let key = pw
+ .derive_key(Some(&salt), key_size)
+ .context("In load_super_key: Failed to derive key from password.")?;
+ let blob = aes_gcm_decrypt(&data, &iv, &tag, &key).context(
+ "In load_super_key: while trying to decrypt legacy super key blob.",
+ )?;
+ Some(blob)
+ } else {
+ // In 2019 we had some unencrypted super keys due to b/141955555.
+ Some(
+ data.try_into()
+ .context("In load_super_key: Trying to convert key into ZVec")?,
+ )
+ }
}
_ => {
return Err(KsError::Rc(ResponseCode::VALUE_CORRUPTED)).context(