Replace an outdated TODO in Keystore::exportKey
The bug this TODO references has been closed, so replace the TODO with an explanation of why the code is correct. Bug: 185811713 Change-Id: I8f4230ab3e290f8ffa8ca25aaa188e8d7156cf8e
This commit is contained in:
parent
e7dbc48584
commit
3aa35ee431
1 changed files with 7 additions and 1 deletions
|
@ -166,7 +166,13 @@ bool Keystore::exportKey(const KeyBuffer& ksKey, std::string* key) {
|
||||||
*key = std::string(ephemeral_key_response.ephemeralKey.begin(),
|
*key = std::string(ephemeral_key_response.ephemeralKey.begin(),
|
||||||
ephemeral_key_response.ephemeralKey.end());
|
ephemeral_key_response.ephemeralKey.end());
|
||||||
|
|
||||||
// TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
|
// vold intentionally ignores ephemeral_key_response.upgradedBlob, since the
|
||||||
|
// concept of "upgrading" doesn't make sense for TAG_STORAGE_KEY keys
|
||||||
|
// (hardware-wrapped inline encryption keys). These keys are only meant as
|
||||||
|
// a substitute for raw keys; they still go through vold's usual layer of
|
||||||
|
// key wrapping, which already handles version binding. So, vold just keeps
|
||||||
|
// using the original blobs for TAG_STORAGE_KEY keys. If KeyMint "upgrades"
|
||||||
|
// them anyway, then they'll just get re-upgraded before each use.
|
||||||
|
|
||||||
ret = true;
|
ret = true;
|
||||||
out:
|
out:
|
||||||
|
|
Loading…
Reference in a new issue