diff options
author | Max Bires <jbires@google.com> | 2021-07-23 19:26:13 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-07-23 19:26:13 +0000 |
commit | 8491916cf971058b539a3d6ea33c48f513c5d0ff (patch) | |
tree | 7bf8d3d9f7d88ea52ff691f6de27a4d33d35faa2 | |
parent | 6a35826a5385499299492bd9e9ba79064889a7f3 (diff) | |
parent | 7361b10ce363ad66c90d940a2682ac84f3c9642d (diff) | |
download | security-8491916cf971058b539a3d6ea33c48f513c5d0ff.tar.gz |
Always fall back to factory key on any RKP error am: 7361b10ce3
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/15325372
Change-Id: I5cda32a875785e13b8f674bf36a5c0a4b3e953fb
-rw-r--r-- | keystore2/src/remote_provisioning.rs | 43 |
1 files changed, 27 insertions, 16 deletions
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs index 6666f416..1e5aeab8 100644 --- a/keystore2/src/remote_provisioning.rs +++ b/keystore2/src/remote_provisioning.rs @@ -180,23 +180,34 @@ impl RemProvState { // and therefore will not be attested. Ok(None) } else { - match self.get_rem_prov_attest_key(&key, caller_uid, db).context(concat!( - "In get_remote_provisioning_key_and_certs: Failed to get ", - "attestation key" - ))? { - Some(cert_chain) => Ok(Some(( - AttestationKey { - keyBlob: cert_chain.private_key.to_vec(), - attestKeyParams: vec![], - issuerSubjectName: parse_subject_from_certificate(&cert_chain.batch_cert) + match self.get_rem_prov_attest_key(&key, caller_uid, db) { + Err(e) => { + log::error!( + concat!( + "In get_remote_provisioning_key_and_certs: Failed to get ", + "attestation key. {:?}" + ), + e + ); + Ok(None) + } + Ok(v) => match v { + Some(cert_chain) => Ok(Some(( + AttestationKey { + keyBlob: cert_chain.private_key.to_vec(), + attestKeyParams: vec![], + issuerSubjectName: parse_subject_from_certificate( + &cert_chain.batch_cert, + ) .context(concat!( - "In get_remote_provisioning_key_and_certs: Failed to ", - "parse subject." - ))?, - }, - Certificate { encodedCertificate: cert_chain.cert_chain }, - ))), - None => Ok(None), + "In get_remote_provisioning_key_and_certs: Failed to ", + "parse subject." + ))?, + }, + Certificate { encodedCertificate: cert_chain.cert_chain }, + ))), + None => Ok(None), + }, } } } |