Always fall back to factory key on any RKP error am: 7361b10ce3

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/15325372 Change-Id: I5cda32a875785e13b8f674bf36a5c0a4b3e953fb
author: Max Bires <jbires@google.com> 2021-07-23 19:26:13 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2021-07-23 19:26:13 +0000
commit: 8491916cf971058b539a3d6ea33c48f513c5d0ff (patch)
tree: 7bf8d3d9f7d88ea52ff691f6de27a4d33d35faa2
parent: 6a35826a5385499299492bd9e9ba79064889a7f3 (diff)
parent: 7361b10ce363ad66c90d940a2682ac84f3c9642d (diff)
download: security-8491916cf971058b539a3d6ea33c48f513c5d0ff.tar.gz
1 files changed, 27 insertions, 16 deletions
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index 6666f416..1e5aeab8 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -180,23 +180,34 @@ impl RemProvState {
             // and therefore will not be attested.
             Ok(None)
         } else {
-            match self.get_rem_prov_attest_key(&key, caller_uid, db).context(concat!(
-                "In get_remote_provisioning_key_and_certs: Failed to get ",
-                "attestation key"
-            ))? {
-                Some(cert_chain) => Ok(Some((
-                    AttestationKey {
-                        keyBlob: cert_chain.private_key.to_vec(),
-                        attestKeyParams: vec![],
-                        issuerSubjectName: parse_subject_from_certificate(&cert_chain.batch_cert)
+            match self.get_rem_prov_attest_key(&key, caller_uid, db) {
+                Err(e) => {
+                    log::error!(
+                        concat!(
+                            "In get_remote_provisioning_key_and_certs: Failed to get ",
+                            "attestation key. {:?}"
+                        ),
+                        e
+                    );
+                    Ok(None)
+                }
+                Ok(v) => match v {
+                    Some(cert_chain) => Ok(Some((
+                        AttestationKey {
+                            keyBlob: cert_chain.private_key.to_vec(),
+                            attestKeyParams: vec![],
+                            issuerSubjectName: parse_subject_from_certificate(
+                                &cert_chain.batch_cert,
+                            )
                             .context(concat!(
-                            "In get_remote_provisioning_key_and_certs: Failed to ",
-                            "parse subject."
-                        ))?,
-                    },
-                    Certificate { encodedCertificate: cert_chain.cert_chain },
-                ))),
-                None => Ok(None),
+                                "In get_remote_provisioning_key_and_certs: Failed to ",
+                                "parse subject."
+                            ))?,
+                        },
+                        Certificate { encodedCertificate: cert_chain.cert_chain },
+                    ))),
+                    None => Ok(None),
+                },
             }
         }
     }
author	Max Bires <jbires@google.com>	2021-07-23 19:26:13 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2021-07-23 19:26:13 +0000
commit	8491916cf971058b539a3d6ea33c48f513c5d0ff (patch)
tree	7bf8d3d9f7d88ea52ff691f6de27a4d33d35faa2
parent	6a35826a5385499299492bd9e9ba79064889a7f3 (diff)
parent	7361b10ce363ad66c90d940a2682ac84f3c9642d (diff)
download	security-8491916cf971058b539a3d6ea33c48f513c5d0ff.tar.gz