commit b42fc18d145a14894f8382927049536c4668fb83
author Janis Danisevskis <jdanis@google.com> Tue Dec 15 08:41:27 2020 -0800
committer Janis Danisevskis <jdanis@google.com> Tue Dec 22 12:06:58 2020 -0800
tree 585fa2d755ee8aa38197cca66bb8c2603c01d636
parent 2b541ec777d829e39d9cbbfe03a97afe8f25c4a9

Keystore 2.0: Add super encryption infrastructure.

Add super_key.rs a runtime key database for credential based keys and
the relevant metadata fields to the database.

Also in this patch:
* Add DateTime type to represent database wall clock time.
* Move creation time to key metadata.
* Add KeyType field to the keyentry table to accommodate super keys
  and attestation keys.

Test: keystore2_test
Bug: 173545997
Change-Id: I670898174fb0223bf1c910051dfd7ead80b2c1a9

keystore2/src/service.rs

diff --git a/keystore2/src/service.rs b/keystore2/src/service.rs
index cb04031..2abf9be 100644
--- a/keystore2/src/service.rs
+++ b/keystore2/src/service.rs
@@ -18,7 +18,6 @@
 //! This crate implement the core Keystore 2.0 service API as defined by the Keystore 2.0
 //! AIDL spec.
 
-use crate::database::{KeyEntryLoadBits, SubComponentType};
 use crate::error::{self, map_or_log_err, ErrorCode};
 use crate::globals::DB;
 use crate::permission;
@@ -28,6 +27,10 @@
     check_grant_permission, check_key_permission, check_keystore_permission,
     key_parameters_to_authorizations, Asp,
 };
+use crate::{
+    database::{KeyEntryLoadBits, KeyType, SubComponentType},
+    error::ResponseCode,
+};
 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::SecurityLevel::SecurityLevel;
 use android_system_keystore2::aidl::android::system::keystore2::{
     Domain::Domain, IKeystoreSecurityLevel::IKeystoreSecurityLevel,
@@ -77,6 +80,7 @@
             .with(|db| {
                 db.borrow_mut().load_key_entry(
                     key.clone(),
+                    KeyType::Client,
                     KeyEntryLoadBits::PUBLIC,
                     ThreadState::get_calling_uid(),
                     |k, av| check_key_permission(KeyPerm::get_info(), k, &av),
@@ -103,8 +107,13 @@
                 keySecurityLevel: key_entry.sec_level(),
                 certificate: key_entry.take_cert(),
                 certificateChain: key_entry.take_cert_chain(),
+                modificationTimeMs: key_entry
+                    .metadata()
+                    .creation_date()
+                    .map(|d| d.to_millis_epoch())
+                    .ok_or(Error::Rc(ResponseCode::VALUE_CORRUPTED))
+                    .context("In get_key_entry: Trying to get creation date.")?,
                 authorizations: key_parameters_to_authorizations(key_entry.into_key_parameters()),
-                ..Default::default()
             },
         })
     }
@@ -120,6 +129,7 @@
             let (key_id_guard, key_entry) = db
                 .load_key_entry(
                     key.clone(),
+                    KeyType::Client,
                     KeyEntryLoadBits::NONE,
                     ThreadState::get_calling_uid(),
                     |k, av| {