Make vold use the updated keystore 2 API for storage keys.

This CL updates vold to use the updated storage key API that provides an
optional upgraded key blob. In this patch the upgraded key blob is not
yet stored by vold.

Bug: 185811713
Test: N/A
Change-Id: I39eeb20df0eb2b023479f3adebab264d29d00048

diff --git a/Keymaster.cpp b/Keymaster.cpp
index bb26b64..be282dd 100644 (file)
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -21,6 +21,7 @@
 #include <aidl/android/hardware/security/keymint/SecurityLevel.h>
 #include <aidl/android/security/maintenance/IKeystoreMaintenance.h>
 #include <aidl/android/system/keystore2/Domain.h>
+#include <aidl/android/system/keystore2/EphemeralStorageKeyResponse.h>
 #include <aidl/android/system/keystore2/KeyDescriptor.h>
 
 // Keep these in sync with system/security/keystore2/src/keystore2_main.rs
@@ -164,15 +165,19 @@ bool Keymaster::exportKey(const KeyBuffer& kmKey, std::string* key) {
             .nspace = VOLD_NAMESPACE,
     };
     storageKey.blob = std::make_optional<std::vector<uint8_t>>(kmKey.begin(), kmKey.end());
-    std::vector<uint8_t> ephemeral_key;
-    auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key);
+    ks2::EphemeralStorageKeyResponse ephemeral_key_response;
+    auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key_response);
 
     if (logKeystore2ExceptionIfPresent(rc, "exportKey")) goto out;
-    if (key) *key = std::string(ephemeral_key.begin(), ephemeral_key.end());
+    if (key)
+        *key = std::string(ephemeral_key_response.ephemeralKey.begin(),
+                           ephemeral_key_response.ephemeralKey.end());
+
+    // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
 
     ret = true;
 out:
-    zeroize_vector(ephemeral_key);
+    zeroize_vector(ephemeral_key_response.ephemeralKey);
     zeroize_vector(storageKey.blob.value());
     return ret;
 }