Merge "Merge Android 12 QPR1"
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index 3097bae..520237a 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -39,7 +39,7 @@
"android.security.maintenance-rust",
"android.security.metrics-rust",
"android.security.remoteprovisioning-rust",
- "android.system.keystore2-V1-rust",
+ "android.system.keystore2-V2-rust",
"libanyhow",
"libbinder_rs",
"libkeystore2_aaid-rust",
diff --git a/keystore2/aidl/Android.bp b/keystore2/aidl/Android.bp
index 35006be..7eb2b83 100644
--- a/keystore2/aidl/Android.bp
+++ b/keystore2/aidl/Android.bp
@@ -24,7 +24,7 @@
aidl_interface {
name: "android.security.attestationmanager",
srcs: [ "android/security/attestationmanager/*.aidl", ],
- imports: [ "android.hardware.security.keymint-V1" ],
+ imports: [ "android.hardware.security.keymint-V2" ],
unstable: true,
backend: {
java: {
@@ -45,7 +45,7 @@
name: "android.security.authorization",
srcs: [ "android/security/authorization/*.aidl" ],
imports: [
- "android.hardware.security.keymint-V1",
+ "android.hardware.security.keymint-V2",
"android.hardware.security.secureclock-V1",
],
unstable: true,
@@ -86,7 +86,7 @@
name: "android.security.compat",
srcs: [ "android/security/compat/*.aidl" ],
imports: [
- "android.hardware.security.keymint-V1",
+ "android.hardware.security.keymint-V2",
"android.hardware.security.secureclock-V1",
"android.hardware.security.sharedsecret-V1",
],
@@ -110,7 +110,7 @@
name: "android.security.remoteprovisioning",
srcs: [ "android/security/remoteprovisioning/*.aidl" ],
imports: [
- "android.hardware.security.keymint-V1",
+ "android.hardware.security.keymint-V2",
],
unstable: true,
backend: {
@@ -132,7 +132,7 @@
name: "android.security.maintenance",
srcs: [ "android/security/maintenance/*.aidl" ],
imports: [
- "android.system.keystore2-V1",
+ "android.system.keystore2-V2",
],
unstable: true,
backend: {
@@ -173,7 +173,7 @@
name: "android.security.metrics",
srcs: [ "android/security/metrics/*.aidl" ],
imports: [
- "android.system.keystore2-V1",
+ "android.system.keystore2-V2",
],
unstable: true,
backend: {
@@ -197,13 +197,13 @@
cc_defaults {
name: "keystore2_use_latest_aidl_ndk_static",
static_libs: [
- "android.system.keystore2-V1-ndk",
+ "android.system.keystore2-V2-ndk",
],
}
cc_defaults {
name: "keystore2_use_latest_aidl_ndk_shared",
shared_libs: [
- "android.system.keystore2-V1-ndk",
+ "android.system.keystore2-V2-ndk",
],
}
diff --git a/keystore2/aidl/android/security/metrics/EcCurve.aidl b/keystore2/aidl/android/security/metrics/EcCurve.aidl
index b190d83..7b1a5a2 100644
--- a/keystore2/aidl/android/security/metrics/EcCurve.aidl
+++ b/keystore2/aidl/android/security/metrics/EcCurve.aidl
@@ -29,4 +29,5 @@
P_256 = 2,
P_384 = 3,
P_521 = 4,
+ CURVE_25519 = 5,
}
\ No newline at end of file
diff --git a/keystore2/android.system.keystore2-service.xml b/keystore2/android.system.keystore2-service.xml
index 6b8d0cb..20c2fba 100644
--- a/keystore2/android.system.keystore2-service.xml
+++ b/keystore2/android.system.keystore2-service.xml
@@ -1,6 +1,7 @@
<manifest version="1.0" type="framework">
<hal format="aidl">
<name>android.system.keystore2</name>
+ <version>2</version>
<interface>
<name>IKeystoreService</name>
<instance>default</instance>
diff --git a/keystore2/src/km_compat/km_compat_type_conversion.h b/keystore2/src/km_compat/km_compat_type_conversion.h
index de09477..33248a4 100644
--- a/keystore2/src/km_compat/km_compat_type_conversion.h
+++ b/keystore2/src/km_compat/km_compat_type_conversion.h
@@ -16,6 +16,9 @@
#pragma once
+#include <optional>
+
+#include <aidl/android/hardware/security/keymint/EcCurve.h>
#include <aidl/android/hardware/security/keymint/ErrorCode.h>
#include <keymasterV4_1/keymaster_tags.h>
#include <keymint_support/keymint_tags.h>
@@ -278,7 +281,7 @@
}
}
-static V4_0::EcCurve convert(KMV1::EcCurve e) {
+static std::optional<V4_0::EcCurve> convert(KMV1::EcCurve e) {
switch (e) {
case KMV1::EcCurve::P_224:
return V4_0::EcCurve::P_224;
@@ -288,7 +291,11 @@
return V4_0::EcCurve::P_384;
case KMV1::EcCurve::P_521:
return V4_0::EcCurve::P_521;
+ case KMV1::EcCurve::CURVE_25519:
+ // KeyMaster did not support curve 25519
+ return std::nullopt;
}
+ return std::nullopt;
}
static KMV1::EcCurve convert(V4_0::EcCurve e) {
@@ -490,7 +497,9 @@
break;
case KMV1::Tag::EC_CURVE:
if (auto v = KMV1::authorizationValue(KMV1::TAG_EC_CURVE, kp)) {
- return V4_0::makeKeyParameter(V4_0::TAG_EC_CURVE, convert(v->get()));
+ if (auto curve = convert(v->get())) {
+ return V4_0::makeKeyParameter(V4_0::TAG_EC_CURVE, curve.value());
+ }
}
break;
case KMV1::Tag::RSA_PUBLIC_EXPONENT:
diff --git a/keystore2/src/metrics_store.rs b/keystore2/src/metrics_store.rs
index 741d65e..b18d84c 100644
--- a/keystore2/src/metrics_store.rs
+++ b/keystore2/src/metrics_store.rs
@@ -17,7 +17,7 @@
//! stores them in an in-memory store.
//! 2. Returns the collected metrics when requested by the statsd proxy.
-use crate::error::get_error_code;
+use crate::error::{get_error_code, Error};
use crate::globals::DB;
use crate::key_parameter::KeyParameterValue as KsKeyParamValue;
use crate::operation::Outcome;
@@ -44,6 +44,7 @@
RkpPoolStats::RkpPoolStats, SecurityLevel::SecurityLevel as MetricsSecurityLevel,
Storage::Storage as MetricsStorage,
};
+use android_system_keystore2::aidl::android::system::keystore2::ResponseCode::ResponseCode;
use anyhow::{Context, Result};
use lazy_static::lazy_static;
use rustutils::system_properties::PropertyWatcherError;
@@ -287,6 +288,7 @@
EcCurve::P_256 => MetricsEcCurve::P_256,
EcCurve::P_384 => MetricsEcCurve::P_384,
EcCurve::P_521 => MetricsEcCurve::P_521,
+ EcCurve::CURVE_25519 => MetricsEcCurve::CURVE_25519,
_ => MetricsEcCurve::EC_CURVE_UNSPECIFIED,
}
}
@@ -560,10 +562,14 @@
fn pull_attestation_pool_stats() -> Result<Vec<KeystoreAtom>> {
let mut atoms = Vec::<KeystoreAtom>::new();
for sec_level in &[SecurityLevel::TRUSTED_ENVIRONMENT, SecurityLevel::STRONGBOX] {
+ // set the expired_by date to be three days from now
let expired_by = SystemTime::now()
+ .checked_add(Duration::from_secs(60 * 60 * 24 * 3))
+ .ok_or(Error::Rc(ResponseCode::SYSTEM_ERROR))
+ .context("In pull_attestation_pool_stats: Failed to compute expired by system time.")?
.duration_since(UNIX_EPOCH)
- .unwrap_or_else(|_| Duration::new(0, 0))
- .as_secs() as i64;
+ .context("In pull_attestation_pool_stats: Failed to compute expired by duration.")?
+ .as_millis() as i64;
let result = get_pool_status(expired_by, *sec_level);