fscrypt: change to upgrade key if export fails
Importing this commit:
https://github.com/mauronofrio/android_bootable_recovery/commit/f999d65b23f0cd36ee85995ac1601d1b2ab690e5
Change-Id: If73dc534ddf6c8b96ce2789789f25ce432428aa5
diff --git a/crypto/fscrypt/KeyStorage.cpp b/crypto/fscrypt/KeyStorage.cpp
index 766cc61..9457591 100755
--- a/crypto/fscrypt/KeyStorage.cpp
+++ b/crypto/fscrypt/KeyStorage.cpp
@@ -165,10 +165,28 @@
std::string key_temp;
Keymaster keymaster;
if (!keymaster) return false;
- if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false;
- *key = KeyBuffer(key_temp.size());
- memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
- return true;
+
+ //Export once, if upgrade needed, upgrade and export again
+ bool export_again = true;
+ while (export_again) {
+ export_again = false;
+ auto ret = keymaster.exportKey(format, kmKey, "!", "!", &key_temp);
+ if (ret == km::ErrorCode::OK) {
+ *key = KeyBuffer(key_temp.size());
+ memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
+ return true;
+ }
+ if (ret != km::ErrorCode::KEY_REQUIRES_UPGRADE) return false;
+ LOG(DEBUG) << "Upgrading key";
+ std::string kmKeyStr(reinterpret_cast<const char*>(kmKey.data()), kmKey.size());
+ std::string newKey;
+ if (!keymaster.upgradeKey(kmKeyStr, km::AuthorizationSet(), &newKey)) return false;
+ memcpy(reinterpret_cast<void*>(kmKey.data()), newKey.c_str(), kmKey.size());
+ LOG(INFO) << "Key upgraded";
+ export_again = true;
+ }
+ //Should never come here
+ return false;
}
static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(