system: vold: Upgrade the FBE key
During OTA upgrades if security state or ROT changes then Keymaster
keys requires upgrade. So for such usescases, if the FBE ephemeral
key export fails, check whether KM key requires upgrade and try for
exporting ephemeral key again.
Conflicts:
Keymaster.cpp
Keymaster.h
[wight554: Apply changes from CAF 12]
CRs-Fixed: 2632902
Change-Id: I3ee2fcd97a56b628dc4304867c8f2b8da875f883
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>
Signed-off-by: Volodymyr Zhdanov <wight554@gmail.com>
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 650222c..125ee2b 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -158,7 +158,24 @@
if (!keystore) return false;
std::string key_temp;
- if (!keystore.exportKey(ksKey, &key_temp)) return false;
+ auto ret = keystore.exportKey(ksKey, &key_temp);
+ if (ret != km::ErrorCode::OK) {
+ if (ret == km::ErrorCode::KEY_REQUIRES_UPGRADE) {
+ // TODO(b/187304488): Re-land the below logic. (keystore.upgradeKey() was removed)
+ return false;
+ /*
+ std::string kmKeyStr(reinterpret_cast<const char*>(ksKey.data()), ksKey.size());
+ std::string Keystr;
+ if (!keystore.upgradeKey(kmKeyStr, km::AuthorizationSet(), &Keystr)) return false;
+ KeyBuffer upgradedKey = KeyBuffer(Keystr.size());
+ memcpy(reinterpret_cast<void*>(upgradedKey.data()), Keystr.c_str(), upgradedKey.size());
+ ret = keystore.exportKey(upgradedKey, &key_temp);
+ if (ret != km::ErrorCode::OK) return false;
+ */
+ } else {
+ return false;
+ }
+ }
*key = KeyBuffer(key_temp.size());
memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
return true;