commit d2bb3675491a293741650cc122c5221b5cc8034c
author Treehugger Robot <treehugger-gerrit@google.com> Mon Apr 26 18:51:13 2021 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Apr 26 18:51:13 2021 +0000
tree 57c148f5de6bfce01ae700f1048938f49c79476f
parent 68bdb45cf835bb0997b02c977a80b3f736db2806
parent 940c0e5f6ee357ea8b5cd426053fb5b3e4c05bf1

Merge "Fix cryptfs RSA signing with keystore2"

Keymaster.cpp

diff --git a/Keymaster.cpp b/Keymaster.cpp
index 08e06d1..1d69dde 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -21,6 +21,7 @@
 #include <aidl/android/hardware/security/keymint/SecurityLevel.h>
 #include <aidl/android/security/maintenance/IKeystoreMaintenance.h>
 #include <aidl/android/system/keystore2/Domain.h>
+#include <aidl/android/system/keystore2/EphemeralStorageKeyResponse.h>
 #include <aidl/android/system/keystore2/KeyDescriptor.h>
 
 // Keep these in sync with system/security/keystore2/src/keystore2_main.rs
@@ -157,15 +158,19 @@
             .nspace = VOLD_NAMESPACE,
     };
     storageKey.blob = std::make_optional<std::vector<uint8_t>>(kmKey.begin(), kmKey.end());
-    std::vector<uint8_t> ephemeral_key;
-    auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key);
+    ks2::EphemeralStorageKeyResponse ephemeral_key_response;
+    auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key_response);
 
     if (logKeystore2ExceptionIfPresent(rc, "exportKey")) goto out;
-    if (key) *key = std::string(ephemeral_key.begin(), ephemeral_key.end());
+    if (key)
+        *key = std::string(ephemeral_key_response.ephemeralKey.begin(),
+                           ephemeral_key_response.ephemeralKey.end());
+
+    // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
 
     ret = true;
 out:
-    zeroize_vector(ephemeral_key);
+    zeroize_vector(ephemeral_key_response.ephemeralKey);
     zeroize_vector(storageKey.blob.value());
     return ret;
 }