Update the security logs for better understanding
We have had a good deal of reports about the logs
that come out of the security_level file and these update
the logs where there have been bugs made for these in
the past.
Test: atest keystore2_test
Test: atest CtsKeystoreTestCases
Change-Id: I89ec4f7fde67e4db16c1102f815abda9ea796163
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 196cac5..c80bfa5 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs
@@ -551,8 +551,8 @@
items_to_return
}
-/// List all key aliases for a given domain + namespace. whose alias is greater
-/// than start_past_alias (if provided).
+/// Log the key parameters, excluding sensitive ones such as
+/// APPLICATION_DATA and APPLICATION_ID
pub fn list_key_entries(
db: &mut KeystoreDB,
domain: Domain,
@@ -591,6 +591,16 @@
Ok((legacy_keys.len() + num_keys_in_db) as i32)
}
+/// For params remove sensitive data before returning a string for logging
+pub fn log_security_safe_params(params: &[KmKeyParameter]) -> String {
+ format!(
+ "{:?}",
+ params
+ .iter()
+ .filter(|kp| (kp.tag != Tag::APPLICATION_ID && kp.tag != Tag::APPLICATION_DATA))
+ )
+}
+
/// Trait implemented by objects that can be used to decrypt cipher text using AES-GCM.
pub trait AesGcm {
/// Deciphers `data` using the initialization vector `iv` and AEAD tag `tag`