Merge "Make vold use the updated keystore 2 API for storage keys." am: 68bdb45cf8
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1681547
Change-Id: Ib4156e85984c903cf521977e39522d013daf140c
diff --git a/Keymaster.cpp b/Keymaster.cpp
index bb26b64..be282dd 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -21,6 +21,7 @@
#include <aidl/android/hardware/security/keymint/SecurityLevel.h>
#include <aidl/android/security/maintenance/IKeystoreMaintenance.h>
#include <aidl/android/system/keystore2/Domain.h>
+#include <aidl/android/system/keystore2/EphemeralStorageKeyResponse.h>
#include <aidl/android/system/keystore2/KeyDescriptor.h>
// Keep these in sync with system/security/keystore2/src/keystore2_main.rs
@@ -164,15 +165,19 @@
.nspace = VOLD_NAMESPACE,
};
storageKey.blob = std::make_optional<std::vector<uint8_t>>(kmKey.begin(), kmKey.end());
- std::vector<uint8_t> ephemeral_key;
- auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key);
+ ks2::EphemeralStorageKeyResponse ephemeral_key_response;
+ auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key_response);
if (logKeystore2ExceptionIfPresent(rc, "exportKey")) goto out;
- if (key) *key = std::string(ephemeral_key.begin(), ephemeral_key.end());
+ if (key)
+ *key = std::string(ephemeral_key_response.ephemeralKey.begin(),
+ ephemeral_key_response.ephemeralKey.end());
+
+ // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
ret = true;
out:
- zeroize_vector(ephemeral_key);
+ zeroize_vector(ephemeral_key_response.ephemeralKey);
zeroize_vector(storageKey.blob.value());
return ret;
}