commit 9617fd9464be58c0a026f345756b5fd5732b235f
author Hasini Gunasinghe <hasinitg@google.com> Thu Apr 01 22:27:07 2021 +0000
committer Hasini Gunasinghe <hasinitg@google.com> Mon Apr 05 13:52:00 2021 +0000
tree 113bf85e2f801f4829585b91de35b12741d56114
parent 9be2d66777be9b4112139972f974e1717ad11896

Add SecurityLevel to key creation and operation logging.

This CL adds SecurityLevel to existing logging.

Test: android.keystore.cts.KeyGeneratorTest,
      android.keystore.cts.RSACipherTest
Bug: 184301651
Merged-In: Ie61ba7392f0afca2790daebd7a1907a42c1eaed6
Change-Id: Ie61ba7392f0afca2790daebd7a1907a42c1eaed6

keystore2/src/metrics.rs

diff --git a/keystore2/src/metrics.rs b/keystore2/src/metrics.rs
index 9524cb2..c5dd582 100644
--- a/keystore2/src/metrics.rs
+++ b/keystore2/src/metrics.rs
@@ -20,14 +20,16 @@
     Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
     HardwareAuthenticatorType::HardwareAuthenticatorType, KeyOrigin::KeyOrigin,
     KeyParameter::KeyParameter, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode,
+    SecurityLevel::SecurityLevel,
 };
 use statslog_rust::keystore2_key_creation_event_reported::{
     Algorithm as StatsdAlgorithm, EcCurve as StatsdEcCurve, KeyOrigin as StatsdKeyOrigin,
-    Keystore2KeyCreationEventReported, UserAuthType as StatsdUserAuthType,
+    Keystore2KeyCreationEventReported, SecurityLevel as StatsdKeyCreationSecurityLevel,
+    UserAuthType as StatsdUserAuthType,
 };
-
 use statslog_rust::keystore2_key_operation_event_reported::{
     Keystore2KeyOperationEventReported, Outcome as StatsdOutcome, Purpose as StatsdKeyPurpose,
+    SecurityLevel as StatsdKeyOperationSecurityLevel,
 };
 
 fn create_default_key_creation_atom() -> Keystore2KeyCreationEventReported {
@@ -52,6 +54,7 @@
         // as per keystore2/ResponseCode.aidl, 1 is reserved for NO_ERROR
         error_code: 1,
         attestation_requested: false,
+        security_level: StatsdKeyCreationSecurityLevel::SecurityLevelUnspecified,
     }
 }
 
@@ -64,12 +67,18 @@
         outcome: StatsdOutcome::OutcomeUnspecified,
         error_code: 1,
         key_upgraded: false,
+        security_level: StatsdKeyOperationSecurityLevel::SecurityLevelUnspecified,
     }
 }
 
 /// Log key creation events via statsd API.
-pub fn log_key_creation_event_stats<U>(key_params: &[KeyParameter], result: &anyhow::Result<U>) {
-    let key_creation_event_stats = construct_key_creation_event_stats(key_params, result);
+pub fn log_key_creation_event_stats<U>(
+    sec_level: SecurityLevel,
+    key_params: &[KeyParameter],
+    result: &anyhow::Result<U>,
+) {
+    let key_creation_event_stats =
+        construct_key_creation_event_stats(sec_level, key_params, result);
 
     let logging_result = key_creation_event_stats.stats_write();
 
@@ -83,13 +92,19 @@
 
 /// Log key operation events via statsd API.
 pub fn log_key_operation_event_stats(
+    sec_level: SecurityLevel,
     key_purpose: KeyPurpose,
     op_params: &[KeyParameter],
     op_outcome: &Outcome,
     key_upgraded: bool,
 ) {
-    let key_operation_event_stats =
-        construct_key_operation_event_stats(key_purpose, op_params, op_outcome, key_upgraded);
+    let key_operation_event_stats = construct_key_operation_event_stats(
+        sec_level,
+        key_purpose,
+        op_params,
+        op_outcome,
+        key_upgraded,
+    );
 
     let logging_result = key_operation_event_stats.stats_write();
 
@@ -102,6 +117,7 @@
 }
 
 fn construct_key_creation_event_stats<U>(
+    sec_level: SecurityLevel,
     key_params: &[KeyParameter],
     result: &anyhow::Result<U>,
 ) -> Keystore2KeyCreationEventReported {
@@ -111,6 +127,16 @@
         key_creation_event_atom.error_code = get_error_code(e);
     }
 
+    key_creation_event_atom.security_level = match sec_level {
+        SecurityLevel::SOFTWARE => StatsdKeyCreationSecurityLevel::SecurityLevelSoftware,
+        SecurityLevel::TRUSTED_ENVIRONMENT => {
+            StatsdKeyCreationSecurityLevel::SecurityLevelTrustedEnvironment
+        }
+        SecurityLevel::STRONGBOX => StatsdKeyCreationSecurityLevel::SecurityLevelStrongbox,
+        //KEYSTORE is not a valid variant here
+        _ => StatsdKeyCreationSecurityLevel::SecurityLevelUnspecified,
+    };
+
     for key_param in key_params.iter().map(KsKeyParamValue::from) {
         match key_param {
             KsKeyParamValue::Algorithm(a) => {
@@ -183,6 +209,7 @@
 }
 
 fn construct_key_operation_event_stats(
+    sec_level: SecurityLevel,
     key_purpose: KeyPurpose,
     op_params: &[KeyParameter],
     op_outcome: &Outcome,
@@ -190,6 +217,16 @@
 ) -> Keystore2KeyOperationEventReported {
     let mut key_operation_event_atom = create_default_key_operation_atom();
 
+    key_operation_event_atom.security_level = match sec_level {
+        SecurityLevel::SOFTWARE => StatsdKeyOperationSecurityLevel::SecurityLevelSoftware,
+        SecurityLevel::TRUSTED_ENVIRONMENT => {
+            StatsdKeyOperationSecurityLevel::SecurityLevelTrustedEnvironment
+        }
+        SecurityLevel::STRONGBOX => StatsdKeyOperationSecurityLevel::SecurityLevelStrongbox,
+        //KEYSTORE is not a valid variant here
+        _ => StatsdKeyOperationSecurityLevel::SecurityLevelUnspecified,
+    };
+
     key_operation_event_atom.key_upgraded = key_upgraded;
 
     key_operation_event_atom.purpose = match key_purpose {