Don't export storeKey(), and update comments storeKey() is no longer used outside KeyStorage.cpp, so make it a static function. Also fix the documentation for storeKey() (e.g. it's no longer safe to directly move/rename directories created by storeKey() -- one must use RenameKeyDir() instead). No functional changes. [ebiggers@ - cleaned up slightly from satyat@'s original change] Bug: 190398249 Change-Id: I85918359e77bef414dfddfe5ded30fcde6514013

commit: 351a4af7169c68385caa3f69ba801018131089ab [log] [tgz]
author: Satya Tangirala <satyat@google.com> Tue Jun 08 12:55:37 2021 -0700
committer: Eric Biggers <ebiggers@google.com> Tue Jun 08 15:57:31 2021 -0700
tree: e8316a9f0bed9955cacde3a7dbf2eb0cc2c1a631
parent: 0f890a93e191777f885590384c33139646ea26b8 [diff] [blame]
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 4893c2f..64b413a 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp

@@ -575,7 +575,12 @@
     return true;
 }
 
-bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key) {
+// Creates a directory at the given path |dir| and stores |key| in it, in such a
+// way that it can only be retrieved via Keymaster (if no secret is given in
+// |auth|) or with the given secret (if a secret is given in |auth|), and can be
+// securely deleted.  If a storage binding seed has been set, then the storage
+// binding seed will be required to retrieve the key as well.
+static bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key) {
     if (TEMP_FAILURE_RETRY(mkdir(dir.c_str(), 0700)) == -1) {
         PLOG(ERROR) << "key mkdir " << dir;
         return false;
commit	351a4af7169c68385caa3f69ba801018131089ab	[log] [tgz]
author	Satya Tangirala <satyat@google.com>	Tue Jun 08 12:55:37 2021 -0700
committer	Eric Biggers <ebiggers@google.com>	Tue Jun 08 15:57:31 2021 -0700
tree	e8316a9f0bed9955cacde3a7dbf2eb0cc2c1a631
parent	0f890a93e191777f885590384c33139646ea26b8 [diff] [blame]