commit 5fad785a94716e4b71d51dcf2434ec09ff447b27
author Shawn Willden <swillden@google.com> Mon Jan 26 16:10:56 2015 -0700
committer Shawn Willden <swillden@google.com> Wed Mar 11 17:44:50 2015 -0600
tree dd85c201f38706f9d6535068fbf5b50662abe187
parent 2e849b94583c1503294b6cb325222abb4f6460da

Add initial support for rescoping.

This code does not yet validate that rescoping is authorized.  A future
CL will integrate rescoping enforcement.

Change-Id: Iff66860630eef717562bce7c534a09d80b85a7a3

rsa_key.cpp

diff --git a/rsa_key.cpp b/rsa_key.cpp
index f10b51b..aec0410 100644
--- a/rsa_key.cpp
+++ b/rsa_key.cpp
@@ -42,6 +42,8 @@
     virtual Key* LoadKey(const UnencryptedKeyBlob& blob, keymaster_error_t* error) {
         return new RsaKey(blob, error);
     }
+    virtual Key* RescopeKey(const UnencryptedKeyBlob& blob,
+                            const AuthorizationSet& new_authorizations, keymaster_error_t* error);
 };
 static KeyFactoryRegistry::Registration<RsaKeyFactory> registration;
 
@@ -147,6 +149,21 @@
     return new RsaKey(rsa_key.release(), authorizations);
 }
 
+Key* RsaKeyFactory::RescopeKey(const UnencryptedKeyBlob& blob,
+                               const AuthorizationSet& new_authorizations,
+                               keymaster_error_t* error) {
+    if (!error)
+        return NULL;
+
+    RsaKey original_key(blob, error);
+    if (*error != KM_ERROR_OK)
+        return NULL;
+
+    RsaKey* new_key = new RsaKey(original_key.rsa_key_.release(), new_authorizations);
+    *error = new_key ? KM_ERROR_OK : KM_ERROR_MEMORY_ALLOCATION_FAILED;
+    return new_key;
+}
+
 RsaKey::RsaKey(const UnencryptedKeyBlob& blob, keymaster_error_t* error) : AsymmetricKey(blob) {
     if (error)
         *error = LoadKey(blob);