Keystore 2.0: Add missing context in generated and import key.
Also small cleanup in enforcements.rs.
Test: N/A
Change-Id: If6afcb5e247402c1201a1a8719e35e369a38d99e
diff --git a/keystore2/src/enforcements.rs b/keystore2/src/enforcements.rs
index 22b4bed..387604e 100644
--- a/keystore2/src/enforcements.rs
+++ b/keystore2/src/enforcements.rs
@@ -392,13 +392,10 @@
user_auth_type = Some(*a);
}
KeyParameterValue::KeyPurpose(p) => {
- // Note: if there can be multiple KeyPurpose key parameters (TODO: confirm this),
- // following check has the effect of key_params.contains(purpose)
+ // The following check has the effect of key_params.contains(purpose)
// Also, authorizing purpose can not be completed here, if there can be multiple
- // key parameters for KeyPurpose
- if !key_purpose_authorized && *p == purpose {
- key_purpose_authorized = true;
- }
+ // key parameters for KeyPurpose.
+ key_purpose_authorized = key_purpose_authorized || *p == purpose;
}
KeyParameterValue::CallerNonce => {
caller_nonce_allowed = true;
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index d8787bd..d0972d1 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -321,8 +321,10 @@
check_key_permission(KeyPerm::rebind(), &key, &None).context("In generate_key.")?;
let km_dev: Box<dyn IKeyMintDevice> = self.keymint.get_interface()?;
- map_km_error(km_dev.addRngEntropy(entropy))?;
- let creation_result = map_km_error(km_dev.generateKey(¶ms))?;
+ map_km_error(km_dev.addRngEntropy(entropy))
+ .context("In generate_key: Trying to add entropy.")?;
+ let creation_result = map_km_error(km_dev.generateKey(¶ms))
+ .context("In generate_key: While generating Key")?;
let user_id = uid_to_android_user(caller_uid);
self.store_new_key(key, creation_result, user_id).context("In generate_key.")
@@ -371,8 +373,10 @@
})
.context("In import_key.")?;
- let km_dev: Box<dyn IKeyMintDevice> = self.keymint.get_interface()?;
- let creation_result = map_km_error(km_dev.importKey(¶ms, format, key_data))?;
+ let km_dev: Box<dyn IKeyMintDevice> =
+ self.keymint.get_interface().context("In import_key: Trying to get the KM device")?;
+ let creation_result = map_km_error(km_dev.importKey(¶ms, format, key_data))
+ .context("In import_key: Trying to call importKey")?;
let user_id = uid_to_android_user(caller_uid);
self.store_new_key(key, creation_result, user_id).context("In import_key.")
@@ -466,26 +470,29 @@
let masking_key = masking_key.unwrap_or(ZERO_BLOB_32);
let km_dev: Box<dyn IKeyMintDevice> = self.keymint.get_interface()?;
- let (creation_result, _) = self.upgrade_keyblob_if_required_with(
- &*km_dev,
- Some(wrapping_key_id_guard),
- wrapping_key_blob,
- &[],
- |wrapping_blob| {
- let creation_result = map_km_error(km_dev.importWrappedKey(
- wrapped_data,
- wrapping_key_blob,
- masking_key,
- ¶ms,
- pw_sid,
- fp_sid,
- ))?;
- Ok(creation_result)
- },
- )?;
+ let (creation_result, _) = self
+ .upgrade_keyblob_if_required_with(
+ &*km_dev,
+ Some(wrapping_key_id_guard),
+ wrapping_key_blob,
+ &[],
+ |wrapping_blob| {
+ let creation_result = map_km_error(km_dev.importWrappedKey(
+ wrapped_data,
+ wrapping_key_blob,
+ masking_key,
+ ¶ms,
+ pw_sid,
+ fp_sid,
+ ))?;
+ Ok(creation_result)
+ },
+ )
+ .context("In import_wrapped_key.")?;
let user_id = uid_to_android_user(caller_uid);
- self.store_new_key(key, creation_result, user_id).context("In import_wrapped_key.")
+ self.store_new_key(key, creation_result, user_id)
+ .context("In import_wrapped_key: Trying to store the new key.")
}
fn upgrade_keyblob_if_required_with<T, F>(