Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Add KeystoreKeyEventReported atom for keystore logging." into rvc-dev

Browse Source
This commit is contained in:
Hasini Gunasinghe
2020-06-17 18:03:05 +00:00
committed by Android (Google) Code Review
parent 70f970f80b 7c336a66d9
commit dde631ac52
1 changed files with 109 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
cmds/statsd/src/atoms.proto
View File

@@ -482,6 +482,7 @@ message Atom {
BlobLeased blob_leased = 299 [(module) = "framework"];
BlobOpened blob_opened = 300 [(module) = "framework"];
ContactsProviderStatusReported contacts_provider_status_reported = 301;
KeystoreKeyEventReported keystore_key_event_reported = 302;
// StatsdStats tracks platform atoms with ids upto 500.
// Update StatsdStats::kMaxPushedAtomId when atom ids here approach that value.
@@ -10926,6 +10927,114 @@ message MediametricsAudioDeviceConnectionReported {
optional int32 connection_count = 6;
}
/**
* Logs: i) creation of different types of cryptographic keys in the keystore,
* ii) operations performed using the keys,
* iii) attestation of the keys
* Logged from: system/security/keystore/key_event_log_handler.cpp
*/
message KeystoreKeyEventReported {
enum Algorithm {
/** Asymmetric algorithms. */
RSA = 1;
// 2 removed, do not reuse.
EC = 3;
/** Block cipher algorithms */
AES = 32;
TRIPLE_DES = 33;
/** MAC algorithms */
HMAC = 128;
};
/** Algorithm associated with the key */
optional Algorithm algorithm = 1;
/** Size of the key */
optional int32 key_size = 2;
enum KeyOrigin {
/** Generated in keymaster. Should not exist outside the TEE. */
GENERATED = 0;
/** Derived inside keymaster. Likely exists off-device. */
DERIVED = 1;
/** Imported into keymaster. Existed as cleartext in Android. */
IMPORTED = 2;
/** Keymaster did not record origin. */
UNKNOWN = 3;
/** Securely imported into Keymaster. */
SECURELY_IMPORTED = 4;
};
/* Logs whether the key was generated, imported, securely imported, or derived.*/
optional KeyOrigin key_origin = 3;
enum HardwareAuthenticatorType {
NONE = 0;
PASSWORD = 1;
FINGERPRINT = 2;
// Additional entries must be powers of 2.
};
/**
* What auth types does this key require? If none,
* then no auth required.
*/
optional HardwareAuthenticatorType user_auth_type = 4;
/**
* If user authentication is required, is the requirement time based? If it
* is not time based then this field will not be used and the key is per
* operation. Per operation keys must be user authenticated on each usage.
*/
optional int32 user_auth_key_timeout_secs = 5;
/**
* padding mode, digest, block_mode and purpose should ideally be repeated
* fields. However, since statsd does not support repeated fields in
* pushed atoms, they are represented using bitmaps.
*/
/** Track which padding mode is being used.*/
optional int32 padding_mode_bitmap = 6;
/** Track which digest is being used. */
optional int32 digest_bitmap = 7;
/** Track what block mode is being used (for encryption). */
optional int32 block_mode_bitmap = 8;
/** Track what purpose is this key serving. */
optional int32 purpose_bitmap = 9;
enum EcCurve {
P_224 = 0;
P_256 = 1;
P_384 = 2;
P_521 = 3;
};
/** Which ec curve was selected if elliptic curve cryptography is in use **/
optional EcCurve ec_curve = 10;
enum KeyBlobUsageRequirements {
STANDALONE = 0;
REQUIRES_FILE_SYSTEM = 1;
};
/** Standalone or is a file system required */
optional KeyBlobUsageRequirements key_blob_usage_reqs = 11;
enum Type {
key_operation = 0;
key_creation = 1;
key_attestation = 2;
}
/** Key creation event, operation event or attestation event? */
optional Type type = 12;
/** Was the key creation, operation, or attestation successful? */
optional bool was_successful = 13;
/** Response code or error code */
optional int32 error_code = 14;
}
// Blob Committer stats
// Keep in sync between:
// frameworks/base/core/proto/android/server/blobstoremanagerservice.proto