commit 8d5b2539464a0e198de24b01cc72d681cb302211
author Paul Crowley <paulcrowley@google.com> Fri Mar 19 10:53:07 2021 -0700
committer Paul Crowley <paulcrowley@google.com> Wed Mar 24 14:40:14 2021 -0700
tree 258d1a80737d8b2fe298480609b164f2fc590236
parent 7a65839abae7d6f425735b83602573e43824152a

Encrypt keys even when device locked

Use ECDH public-key encryption to encrypt unlockedDeviceRequired keys
even when the device is locked.

Bug: 163866361
Test: keystore2_test
Test: atest android.keystore.cts.CipherTest#testEmptyPlaintextEncryptsAndDecryptsWhenUnlockedRequired
Change-Id: Idbb3e02972aba021d97c5284c300d3b5e97756ae

keystore2/src/legacy_migrator.rs

diff --git a/keystore2/src/legacy_migrator.rs b/keystore2/src/legacy_migrator.rs
index fba33f1..e5bcae4 100644
--- a/keystore2/src/legacy_migrator.rs
+++ b/keystore2/src/legacy_migrator.rs
@@ -563,12 +563,18 @@
                 crate::super_key::SuperKeyManager::encrypt_with_password(&super_key, pw)
                     .context("In check_and_migrate_super_key: Trying to encrypt super key.")?;
 
-            self.db.store_super_key(user_id, &USER_SUPER_KEY, &blob, &blob_metadata).context(
-                concat!(
+            self.db
+                .store_super_key(
+                    user_id,
+                    &USER_SUPER_KEY,
+                    &blob,
+                    &blob_metadata,
+                    &KeyMetaData::new(),
+                )
+                .context(concat!(
                     "In check_and_migrate_super_key: ",
                     "Trying to insert legacy super_key into the database."
-                ),
-            )?;
+                ))?;
             self.legacy_loader.remove_super_key(user_id);
             self.recently_migrated_super_key.insert(user_id);
             Ok(())