Merge changes Ib339bd0a,I4ff3ff91,I6863269e,I85d24118,Ic7ce23e2
* changes:
Keystore 2.0: Refactor permissions. 5/5
Keystore 2.0: Refactor permissions. 4/5
Keystore 2.0: Refactor permissions. 3/5
Keystore 2.0: Refactor permissions. 2/5
Keystore 2.0: Refactor permissions. 1/5
diff --git a/keystore/keystore_cli_v2.cpp b/keystore/keystore_cli_v2.cpp
index 43f72a9..1cfb4f6 100644
--- a/keystore/keystore_cli_v2.cpp
+++ b/keystore/keystore_cli_v2.cpp
@@ -616,9 +616,9 @@
return std::move(parameters);
}
-keymint::AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) {
+keymint::AuthorizationSet GetECDSAParameters(keymint::EcCurve curve, bool sha256_only) {
keymint::AuthorizationSetBuilder parameters;
- parameters.EcdsaSigningKey(key_size)
+ parameters.EcdsaSigningKey(curve)
.Digest(keymint::Digest::SHA_2_256)
.Authorization(keymint::TAG_NO_AUTH_REQUIRED);
if (!sha256_only) {
@@ -662,11 +662,12 @@
{"RSA-2048 Encrypt", true, GetRSAEncryptParameters(2048)},
{"RSA-3072 Encrypt", false, GetRSAEncryptParameters(3072)},
{"RSA-4096 Encrypt", false, GetRSAEncryptParameters(4096)},
- {"ECDSA-P256 Sign", true, GetECDSAParameters(256, true)},
- {"ECDSA-P256 Sign (more digests)", false, GetECDSAParameters(256, false)},
- {"ECDSA-P224 Sign", false, GetECDSAParameters(224, false)},
- {"ECDSA-P384 Sign", false, GetECDSAParameters(384, false)},
- {"ECDSA-P521 Sign", false, GetECDSAParameters(521, false)},
+ {"ECDSA-P256 Sign", true, GetECDSAParameters(keymint::EcCurve::P_256, true)},
+ {"ECDSA-P256 Sign (more digests)", false,
+ GetECDSAParameters(keymint::EcCurve::P_256, false)},
+ {"ECDSA-P224 Sign", false, GetECDSAParameters(keymint::EcCurve::P_224, false)},
+ {"ECDSA-P384 Sign", false, GetECDSAParameters(keymint::EcCurve::P_384, false)},
+ {"ECDSA-P521 Sign", false, GetECDSAParameters(keymint::EcCurve::P_521, false)},
{"AES-128", true, GetAESParameters(128, false)},
{"AES-256", true, GetAESParameters(256, false)},
{"AES-128-GCM", false, GetAESParameters(128, true)},
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index 7f1d15d..8efc330 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -48,11 +48,9 @@
"libkeystore2_vintf_rust",
"liblazy_static",
"liblibc",
- "liblibsqlite3_sys_noicu",
"liblog_event_list",
"liblog_rust",
"librand",
- "librusqlite_noicu",
"librustutils",
"libthiserror",
],
@@ -67,6 +65,19 @@
rust_library {
name: "libkeystore2",
defaults: ["libkeystore2_defaults"],
+ rustlibs: [
+ "liblibsqlite3_sys",
+ "librusqlite",
+ ],
+}
+
+rust_library {
+ name: "libkeystore2_noicu",
+ defaults: ["libkeystore2_defaults"],
+ rustlibs: [
+ "liblibsqlite3_sys_noicu",
+ "librusqlite_noicu",
+ ],
}
rust_library {
@@ -113,7 +124,9 @@
rustlibs: [
"libandroid_logger",
"libkeystore2_test_utils",
+ "liblibsqlite3_sys",
"libnix",
+ "librusqlite",
],
// The test should always include watchdog.
features: [
@@ -121,16 +134,13 @@
],
}
-rust_binary {
- name: "keystore2",
+rust_defaults {
+ name: "keystore2_defaults",
srcs: ["src/keystore2_main.rs"],
rustlibs: [
"libandroid_logger",
"libbinder_rs",
- "libkeystore2",
"liblog_rust",
- "liblegacykeystore-rust",
- "librusqlite",
],
init_rc: ["keystore2.rc"],
@@ -168,3 +178,28 @@
required: ["keystore_cli_v2"],
}
+
+rust_binary {
+ name: "keystore2",
+ defaults: ["keystore2_defaults"],
+ rustlibs: [
+ "libkeystore2",
+ "liblegacykeystore-rust",
+ "librusqlite",
+ ],
+}
+
+// Variant of keystore2 for use in microdroid. It doesn't depend on the ICU-enabled sqlite.
+// This can be used also in Android, but we choose not to because it will bring two
+// variants of sqlite to the system causing more RAM usage and CPU cycles when loading.
+rust_binary {
+ name: "keystore2_microdroid",
+ stem: "keystore2",
+ defaults: ["keystore2_defaults"],
+ rustlibs: [
+ "libkeystore2_noicu",
+ "liblegacykeystore-rust_noicu",
+ "librusqlite_noicu",
+ ],
+ installable: false, // don't install this to Android
+}
diff --git a/keystore2/legacykeystore/Android.bp b/keystore2/legacykeystore/Android.bp
index 62d593c..d407569 100644
--- a/keystore2/legacykeystore/Android.bp
+++ b/keystore2/legacykeystore/Android.bp
@@ -21,8 +21,8 @@
default_applicable_licenses: ["system_security_license"],
}
-rust_library {
- name: "liblegacykeystore-rust",
+rust_defaults {
+ name: "liblegacykeystore-rust_defaults",
crate_name: "legacykeystore",
srcs: [
"lib.rs",
@@ -31,14 +31,31 @@
"android.security.legacykeystore-rust",
"libanyhow",
"libbinder_rs",
- "libkeystore2",
"liblog_rust",
- "librusqlite_noicu",
+ "librusqlite",
"librustutils",
"libthiserror",
],
}
+rust_library {
+ name: "liblegacykeystore-rust",
+ defaults: ["liblegacykeystore-rust_defaults"],
+ rustlibs: [
+ "libkeystore2",
+ "librusqlite",
+ ],
+}
+
+rust_library {
+ name: "liblegacykeystore-rust_noicu",
+ defaults: ["liblegacykeystore-rust_defaults"],
+ rustlibs: [
+ "libkeystore2_noicu",
+ "librusqlite_noicu",
+ ],
+}
+
rust_test {
name: "legacykeystore_test",
crate_name: "legacykeystore",
@@ -52,7 +69,7 @@
"libkeystore2",
"libkeystore2_test_utils",
"liblog_rust",
- "librusqlite_noicu",
+ "librusqlite",
"librustutils",
"libthiserror",
],