diff options
author | David Drysdale <drysdale@google.com> | 2023-11-09 08:32:02 +0000 |
---|---|---|
committer | David Drysdale <drysdale@google.com> | 2023-11-10 13:21:41 +0000 |
commit | 093811ef2221145defd1cd3621e813c6a7018f96 (patch) | |
tree | 2edd1f3f549456fb9e5111ebbac0fb5caa4332b4 /keystore2 | |
parent | 746e1be8ef78cf71effe9d4082a033be7fc8345f (diff) | |
download | security-093811ef2221145defd1cd3621e813c6a7018f96.tar.gz |
Flag for import of previously-emulated keys
Test: build
Bug: 283077822
Change-Id: I28f673b6eb905c2953fbb91f2658ff224ca0e21c
Diffstat (limited to 'keystore2')
-rw-r--r-- | keystore2/aconfig/flags.aconfig | 8 | ||||
-rw-r--r-- | keystore2/src/utils.rs | 11 |
2 files changed, 15 insertions, 4 deletions
diff --git a/keystore2/aconfig/flags.aconfig b/keystore2/aconfig/flags.aconfig index 5d2a422c..02716da5 100644 --- a/keystore2/aconfig/flags.aconfig +++ b/keystore2/aconfig/flags.aconfig @@ -15,3 +15,11 @@ flag { bug: "307460850" is_fixed_read_only: true } + +flag { + name: "import_previously_emulated_keys" + namespace: "hardware_backed_security" + description: "Include support for importing keys that were previously software-emulated into KeyMint" + bug: "283077822" + is_fixed_read_only: true +}
\ No newline at end of file diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs index 74a5ae6a..174a22ba 100644 --- a/keystore2/src/utils.rs +++ b/keystore2/src/utils.rs @@ -367,7 +367,9 @@ where km_op, new_blob_handler, ) - } else if key_blob.starts_with(km_compat::KEYMASTER_BLOB_SW_PREFIX) { + } else if keystore2_flags::import_previously_emulated_keys() + && key_blob.starts_with(km_compat::KEYMASTER_BLOB_SW_PREFIX) + { // 2) The keyblob was created in software by the km_compat C++ code because a prior // Keymaster implementation did not support ECDH (which was only added in KeyMint). // @@ -386,9 +388,10 @@ where km_op, new_blob_handler, ) - } else if let km_compat::KeyBlob::Wrapped(inner_keyblob) = - km_compat::unwrap_keyblob(key_blob) - { + } else if let (true, km_compat::KeyBlob::Wrapped(inner_keyblob)) = ( + keystore2_flags::import_previously_emulated_keys(), + km_compat::unwrap_keyblob(key_blob), + ) { // 3) The keyblob was created in software by km_compat.rs because a prior KeyMint // implementation did not support a feature present in the current KeyMint spec. // (For example, a curve 25519 key created when the device only supported KeyMint |