commit 0cabd71f515a70103c501de1a0b49ab67168fddd
author Janis Danisevskis <jdanis@google.com> Tue May 25 11:07:10 2021 -0700
committer Janis Danisevskis <jdanis@google.com> Tue Jun 01 14:30:27 2021 -0700
tree c3089e3e1a9dd8df7279c2410959904cdca8ab06
parent acebfa2471594c8971513064deacfec2efaad7bf

Keystore 2.0: Make key type an explict argument.

This refactor makes key type an explicit to relevant database function
to make it harder to implicitly use the wrong type.

Ignore-AOSP-First: No automerge path from AOSP.
Bug: 187862706
Bug: 189470584
Test: Regression tested with keystore2_test.
Change-Id: I9e1416743093f0a1ab86fd9351aed97f106ee819
Merged-In: I9e1416743093f0a1ab86fd9351aed97f106ee819

keystore2/src/raw_device.rs

diff --git a/keystore2/src/raw_device.rs b/keystore2/src/raw_device.rs
index 4e86d39..cd54915 100644
--- a/keystore2/src/raw_device.rs
+++ b/keystore2/src/raw_device.rs
@@ -101,6 +101,7 @@
         &self,
         db: &mut KeystoreDB,
         key_desc: &KeyDescriptor,
+        key_type: KeyType,
         creator: F,
     ) -> Result<()>
     where
@@ -120,6 +121,7 @@
 
         db.store_new_key(
             &key_desc,
+            key_type,
             &key_parameters,
             &(&creation_result.keyBlob, &blob_metadata),
             &CertificateInfo::new(None, None),
@@ -144,11 +146,10 @@
     fn lookup_from_desc(
         db: &mut KeystoreDB,
         key_desc: &KeyDescriptor,
+        key_type: KeyType,
     ) -> Result<(KeyIdGuard, KeyEntry)> {
-        db.load_key_entry(&key_desc, KeyType::Client, KeyEntryLoadBits::KM, AID_KEYSTORE, |_, _| {
-            Ok(())
-        })
-        .context("In lookup_from_desc: load_key_entry failed")
+        db.load_key_entry(&key_desc, key_type, KeyEntryLoadBits::KM, AID_KEYSTORE, |_, _| Ok(()))
+            .context("In lookup_from_desc: load_key_entry failed.")
     }
 
     /// Look up the key in the database, and return None if it is absent.
@@ -170,6 +171,7 @@
         &self,
         db: &mut KeystoreDB,
         key_desc: &KeyDescriptor,
+        key_type: KeyType,
         params: &[KeyParameter],
         validate_characteristics: F,
     ) -> Result<(KeyIdGuard, KeyBlob)>
@@ -181,7 +183,7 @@
         // - because the caller needs to hold a lock in any case
         // - because it avoids holding database locks during slow
         //   KeyMint operations
-        let lookup = Self::not_found_is_none(Self::lookup_from_desc(db, key_desc))
+        let lookup = Self::not_found_is_none(Self::lookup_from_desc(db, key_desc, key_type))
             .context("In lookup_or_generate_key: first lookup failed")?;
 
         if let Some((key_id_guard, mut key_entry)) = lookup {
@@ -226,9 +228,11 @@
             };
         }
 
-        self.create_and_store_key(db, &key_desc, |km_dev| km_dev.generateKey(&params, None))
-            .context("In lookup_or_generate_key: generate_and_store_key failed")?;
-        Self::lookup_from_desc(db, key_desc)
+        self.create_and_store_key(db, &key_desc, key_type, |km_dev| {
+            km_dev.generateKey(&params, None)
+        })
+        .context("In lookup_or_generate_key: generate_and_store_key failed")?;
+        Self::lookup_from_desc(db, key_desc, key_type)
             .and_then(|(key_id_guard, mut key_entry)| {
                 Ok((
                     key_id_guard,