Keystore 2.0: Store key parameters
We now store key parameters in the database and returns sets of
authorizations to the keystore client's.
We also switched to mostly using the SecurityLevel type from the KeyMint
AIDL spec, rather then the temporary one from the Keystore 2.0 AIDL
spec.
Test: This enables some of the CTS test e.g. from
atest android.keystore.cts.CipherTest
Change-Id: I0a13063b397a5ad835fecea0e6b44a98845c05be
diff --git a/keystore2/src/key_parameter.rs b/keystore2/src/key_parameter.rs
index 0d164f1..5355d93 100644
--- a/keystore2/src/key_parameter.rs
+++ b/keystore2/src/key_parameter.rs
@@ -23,9 +23,11 @@
Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
HardwareAuthenticatorType::HardwareAuthenticatorType, KeyOrigin::KeyOrigin,
KeyParameter::KeyParameter as KmKeyParameter, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode,
- Tag::Tag,
+ SecurityLevel::SecurityLevel, Tag::Tag,
};
-pub use android_system_keystore2::aidl::android::system::keystore2::SecurityLevel::SecurityLevel;
+use android_system_keystore2::aidl::android::system::keystore2::{
+ Authorization::Authorization, SecurityLevel::SecurityLevel as KsSecurityLevel,
+};
use anyhow::{Context, Result};
use rusqlite::types::{FromSql, Null, ToSql, ToSqlOutput};
use rusqlite::{Result as SqlResult, Row};
@@ -233,6 +235,18 @@
pub fn security_level(&self) -> &SecurityLevel {
&self.security_level
}
+
+ /// An authorization is a KeyParameter with an associated security level that is used
+ /// to convey the key characteristics to keystore clients. This function consumes
+ /// an internal KeyParameter representation to produce the Authorization wire type.
+ pub fn into_authorization(self) -> Authorization {
+ Authorization {
+ securityLevel: KsSecurityLevel(self.security_level.0),
+ keyParameter: crate::utils::keyparam_km_to_ks(
+ &self.key_parameter_value.convert_to_wire(),
+ ),
+ }
+ }
}
/// This struct is defined to postpone converting rusqlite column value to the