Keystore 2.0: Handle new upgradedBlob field in CreateOperationResponse A new optional field upgradedBlob has been added to CreateOperationResponse that allows keystore2 to send back the upgraded key (if one exists) on calls to create_operation. Update keystore2 to return this field. Bug: 173546754 Bug: 181910578 Change-Id: I6bbb877489f3313e774de2795ce5bf8bc77a5ccf

commit: e2016a8fb426ef4f7a61e25eba030feee52c59b8 [log] [tgz]
author: Satya Tangirala <satyat@google.com> Fri Mar 05 09:28:30 2021 -0800
committer: Satya Tangirala <satyat@google.com> Sun Mar 21 14:14:18 2021 -0700
tree: 964d732db154cb26d64670caafdaf1c352d4c9c9
parent: 9e2c27ec4dbdfaa3d4a2b4393d86125979be3246 [diff] [blame]
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 2ad8fe1..d7a0a12 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs

@@ -341,6 +341,10 @@
                 0 => None,
                 _ => Some(KeyParameters { keyParameter: begin_result.params }),
             },
+            // An upgraded blob should only be returned if the caller has permission
+            // to use Domain::BLOB keys. If we got to this point, we already checked
+            // that the caller had that permission.
+            upgradedBlob: if key.domain == Domain::BLOB { upgraded_blob } else { None },
         })
     }
commit	e2016a8fb426ef4f7a61e25eba030feee52c59b8	[log] [tgz]
author	Satya Tangirala <satyat@google.com>	Fri Mar 05 09:28:30 2021 -0800
committer	Satya Tangirala <satyat@google.com>	Sun Mar 21 14:14:18 2021 -0700
tree	964d732db154cb26d64670caafdaf1c352d4c9c9
parent	9e2c27ec4dbdfaa3d4a2b4393d86125979be3246 [diff] [blame]