Merge "Replace an outdated TODO in Keystore::exportKey" am: aadef5cd8a

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2031283 Change-Id: I426731cf85fb49110ba7eac2ea472008495b756f
2022-03-19 04:08:41 +00:00 · 2022-03-19 04:08:41 +00:00 · 7ff572e24e
commit 7ff572e24e
parent a1f5053ea0 aadef5cd8a
1 changed files with 7 additions and 1 deletions
--- a/Keystore.cpp
+++ b/Keystore.cpp
@ -166,7 +166,13 @@ bool Keystore::exportKey(const KeyBuffer& ksKey, std::string* key) {
        *key = std::string(ephemeral_key_response.ephemeralKey.begin(),
                           ephemeral_key_response.ephemeralKey.end());

-    // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
+    // vold intentionally ignores ephemeral_key_response.upgradedBlob, since the
+    // concept of "upgrading" doesn't make sense for TAG_STORAGE_KEY keys
+    // (hardware-wrapped inline encryption keys).  These keys are only meant as
+    // a substitute for raw keys; they still go through vold's usual layer of
+    // key wrapping, which already handles version binding.  So, vold just keeps
+    // using the original blobs for TAG_STORAGE_KEY keys.  If KeyMint "upgrades"
+    // them anyway, then they'll just get re-upgraded before each use.

    ret = true;
 out: