Merge "Fix cryptfs RSA signing with keystore2"
diff --git a/Keymaster.cpp b/Keymaster.cpp
index 08e06d1..1d69dde 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -21,6 +21,7 @@
#include <aidl/android/hardware/security/keymint/SecurityLevel.h>
#include <aidl/android/security/maintenance/IKeystoreMaintenance.h>
#include <aidl/android/system/keystore2/Domain.h>
+#include <aidl/android/system/keystore2/EphemeralStorageKeyResponse.h>
#include <aidl/android/system/keystore2/KeyDescriptor.h>
// Keep these in sync with system/security/keystore2/src/keystore2_main.rs
@@ -157,15 +158,19 @@
.nspace = VOLD_NAMESPACE,
};
storageKey.blob = std::make_optional<std::vector<uint8_t>>(kmKey.begin(), kmKey.end());
- std::vector<uint8_t> ephemeral_key;
- auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key);
+ ks2::EphemeralStorageKeyResponse ephemeral_key_response;
+ auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key_response);
if (logKeystore2ExceptionIfPresent(rc, "exportKey")) goto out;
- if (key) *key = std::string(ephemeral_key.begin(), ephemeral_key.end());
+ if (key)
+ *key = std::string(ephemeral_key_response.ephemeralKey.begin(),
+ ephemeral_key_response.ephemeralKey.end());
+
+ // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
ret = true;
out:
- zeroize_vector(ephemeral_key);
+ zeroize_vector(ephemeral_key_response.ephemeralKey);
zeroize_vector(storageKey.blob.value());
return ret;
}