commit 6745f53b4626639326f0cca69d05a969b5ed1b3c
author Eric Biggers <ebiggers@google.com> Fri Oct 27 03:55:28 2023 +0000
committer Eric Biggers <ebiggers@google.com> Thu Nov 02 21:19:31 2023 +0000
tree 52f71bba26b1c95fe662e4563516a7ab67710b99
parent 456a3a69749f72afea352e9a47366e13d988d6a0

keystore2: log super key creation

Log an informational message when creating each of a user's super keys,
as these are significant events.

Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2
Flag: exempt, just adds a log message
Change-Id: I9d76a0ec06fae208412f4c6cf1b7dd739b023a61

keystore2/src/database.rs

diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 08361b1..825a4b0 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -4890,11 +4890,13 @@
         let key_name_enc = SuperKeyType {
             alias: "test_super_key_1",
             algorithm: SuperEncryptionAlgorithm::Aes256Gcm,
+            name: "test_super_key_1",
         };
 
         let key_name_nonenc = SuperKeyType {
             alias: "test_super_key_2",
             algorithm: SuperEncryptionAlgorithm::Aes256Gcm,
+            name: "test_super_key_2",
         };
 
         // Install two super keys.

keystore2/src/super_key.rs

diff --git a/keystore2/src/super_key.rs b/keystore2/src/super_key.rs
index 25dc25b..898a8c2 100644
--- a/keystore2/src/super_key.rs
+++ b/keystore2/src/super_key.rs
@@ -78,26 +78,35 @@
     pub alias: &'a str,
     /// Encryption algorithm
     pub algorithm: SuperEncryptionAlgorithm,
+    /// What to call this key in log messages. Not used for anything else.
+    pub name: &'a str,
 }
 
 /// The user's AfterFirstUnlock super key. This super key is loaded into memory when the user first
 /// unlocks the device, and it remains in memory until the device reboots. This is used to encrypt
 /// keys that require user authentication but not an unlocked device.
-pub const USER_AFTER_FIRST_UNLOCK_SUPER_KEY: SuperKeyType =
-    SuperKeyType { alias: "USER_SUPER_KEY", algorithm: SuperEncryptionAlgorithm::Aes256Gcm };
+pub const USER_AFTER_FIRST_UNLOCK_SUPER_KEY: SuperKeyType = SuperKeyType {
+    alias: "USER_SUPER_KEY",
+    algorithm: SuperEncryptionAlgorithm::Aes256Gcm,
+    name: "AfterFirstUnlock super key",
+};
+
 /// The user's UnlockedDeviceRequired symmetric super key. This super key is loaded into memory each
 /// time the user unlocks the device, and it is cleared from memory each time the user locks the
 /// device. This is used to encrypt keys that use the UnlockedDeviceRequired key parameter.
 pub const USER_UNLOCKED_DEVICE_REQUIRED_SYMMETRIC_SUPER_KEY: SuperKeyType = SuperKeyType {
     alias: "USER_SCREEN_LOCK_BOUND_KEY",
     algorithm: SuperEncryptionAlgorithm::Aes256Gcm,
+    name: "UnlockedDeviceRequired symmetric super key",
 };
+
 /// The user's UnlockedDeviceRequired asymmetric super key. This is used to allow, while the device
 /// is locked, the creation of keys that use the UnlockedDeviceRequired key parameter. The private
 /// part of this key is loaded and cleared when the symmetric key is loaded and cleared.
 pub const USER_UNLOCKED_DEVICE_REQUIRED_P521_SUPER_KEY: SuperKeyType = SuperKeyType {
     alias: "USER_SCREEN_LOCK_BOUND_P521_KEY",
     algorithm: SuperEncryptionAlgorithm::EcdhP521,
+    name: "UnlockedDeviceRequired asymmetric super key",
 };
 
 /// Superencryption to apply to a new key.
@@ -725,6 +734,7 @@
         password: &Password,
         reencrypt_with: Option<Arc<SuperKey>>,
     ) -> Result<Arc<SuperKey>> {
+        log::info!("Creating {} for user {}", key_type.name, user_id);
         let (super_key, public_key) = match key_type.algorithm {
             SuperEncryptionAlgorithm::Aes256Gcm => {
                 (generate_aes256_key().context(ks_err!("Failed to generate AES-256 key."))?, None)