diff options
Diffstat (limited to 'crypto/ext4crypt/KeyStorage4.cpp')
-rw-r--r-- | crypto/ext4crypt/KeyStorage4.cpp | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/crypto/ext4crypt/KeyStorage4.cpp b/crypto/ext4crypt/KeyStorage4.cpp index cab88a19d..b91d6e46b 100644 --- a/crypto/ext4crypt/KeyStorage4.cpp +++ b/crypto/ext4crypt/KeyStorage4.cpp @@ -165,10 +165,28 @@ bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* k std::string key_temp; Keymaster keymaster; if (!keymaster) return false; - if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false; - *key = KeyBuffer(key_temp.size()); - memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size()); - return true; + + //Export once, if upgrade needed, upgrade and export again + bool export_again = true; + while (export_again) { + export_again = false; + auto ret = keymaster.exportKey(format, kmKey, "!", "!", &key_temp); + if (ret == km::ErrorCode::OK) { + *key = KeyBuffer(key_temp.size()); + memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size()); + return true; + } + if (ret != km::ErrorCode::KEY_REQUIRES_UPGRADE) return false; + LOG(DEBUG) << "Upgrading key"; + std::string kmKeyStr(reinterpret_cast<const char*>(kmKey.data()), kmKey.size()); + std::string newKey; + if (!keymaster.upgradeKey(kmKeyStr, km::AuthorizationSet(), &newKey)) return false; + memcpy(reinterpret_cast<void*>(kmKey.data()), newKey.c_str(), kmKey.size()); + LOG(INFO) << "Key upgraded"; + export_again = true; + } + //Should never come here + return false; } static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams( |