identity: Add multi-document presentation support.
This new IPresentationSession interface enables an application to do a
multi-document presentation, something which isn't possible with the
existing API. As a practical example of this consider presenting both
your Mobile Driving License and your Vaccination Certificate in a single
transaction.
Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I11712dca35df7f1224debf454731bc17ea9bfb37
diff --git a/identity/aidl/default/FakeSecureHardwareProxy.h b/identity/aidl/default/FakeSecureHardwareProxy.h
index 6852c1a..df98c7a 100644
--- a/identity/aidl/default/FakeSecureHardwareProxy.h
+++ b/identity/aidl/default/FakeSecureHardwareProxy.h
@@ -27,21 +27,23 @@
//
class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy {
public:
- FakeSecureHardwareProvisioningProxy();
+ FakeSecureHardwareProvisioningProxy() = default;
virtual ~FakeSecureHardwareProvisioningProxy();
bool initialize(bool testCredential) override;
- bool initializeForUpdate(bool testCredential, string docType,
- vector<uint8_t> encryptedCredentialKeys) override;
+ bool initializeForUpdate(bool testCredential, const string& docType,
+ const vector<uint8_t>& encryptedCredentialKeys) override;
bool shutdown() override;
+ optional<uint32_t> getId() override;
+
// Returns public key certificate.
optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge,
const vector<uint8_t>& applicationId) override;
- bool startPersonalization(int accessControlProfileCount, vector<int> entryCounts,
+ bool startPersonalization(int accessControlProfileCount, const vector<int>& entryCounts,
const string& docType,
size_t expectedProofOfProvisioningSize) override;
@@ -67,21 +69,81 @@
optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override;
protected:
- EicProvisioning ctx_;
+ // See docs for id_.
+ //
+ bool validateId(const string& callerName);
+
+ // We use a singleton libeic object, shared by all proxy instances. This is to
+ // properly simulate a situation where libeic is used on constrained hardware
+ // with only enough RAM for a single instance of the libeic object.
+ //
+ static EicProvisioning ctx_;
+
+ // On the HAL side we keep track of the ID that was assigned to the libeic object
+ // created in secure hardware. For every call into libeic we validate that this
+ // identifier matches what is on the secure side. This is what the validateId()
+ // method does.
+ //
+ uint32_t id_ = 0;
+};
+
+// This implementation uses libEmbeddedIC in-process.
+//
+class FakeSecureHardwareSessionProxy : public SecureHardwareSessionProxy {
+ public:
+ FakeSecureHardwareSessionProxy() = default;
+ virtual ~FakeSecureHardwareSessionProxy();
+
+ bool initialize() override;
+
+ bool shutdown() override;
+
+ optional<uint32_t> getId() override;
+
+ optional<uint64_t> getAuthChallenge() override;
+
+ // Returns private key
+ optional<vector<uint8_t>> getEphemeralKeyPair() override;
+
+ bool setReaderEphemeralPublicKey(const vector<uint8_t>& readerEphemeralPublicKey) override;
+
+ bool setSessionTranscript(const vector<uint8_t>& sessionTranscript) override;
+
+ protected:
+ // See docs for id_.
+ //
+ bool validateId(const string& callerName);
+
+ // We use a singleton libeic object, shared by all proxy instances. This is to
+ // properly simulate a situation where libeic is used on constrained hardware
+ // with only enough RAM for a single instance of the libeic object.
+ //
+ static EicSession ctx_;
+
+ // On the HAL side we keep track of the ID that was assigned to the libeic object
+ // created in secure hardware. For every call into libeic we validate that this
+ // identifier matches what is on the secure side. This is what the validateId()
+ // method does.
+ //
+ uint32_t id_ = 0;
};
// This implementation uses libEmbeddedIC in-process.
//
class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy {
public:
- FakeSecureHardwarePresentationProxy();
+ FakeSecureHardwarePresentationProxy() = default;
virtual ~FakeSecureHardwarePresentationProxy();
- bool initialize(bool testCredential, string docType,
- vector<uint8_t> encryptedCredentialKeys) override;
+ bool initialize(uint32_t sessionId, bool testCredential, const string& docType,
+ const vector<uint8_t>& encryptedCredentialKeys) override;
+
+ bool shutdown() override;
+
+ optional<uint32_t> getId() override;
// Returns publicKeyCert (1st component) and signingKeyBlob (2nd component)
- optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(string docType,
+ optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(const string& docType,
time_t now) override;
// Returns private key
@@ -133,10 +195,23 @@
const vector<uint8_t>& challenge,
size_t proofOfOwnershipCborSize) override;
- bool shutdown() override;
-
protected:
- EicPresentation ctx_;
+ // See docs for id_.
+ //
+ bool validateId(const string& callerName);
+
+ // We use a singleton libeic object, shared by all proxy instances. This is to
+ // properly simulate a situation where libeic is used on constrained hardware
+ // with only enough RAM for a single instance of the libeic object.
+ //
+ static EicPresentation ctx_;
+
+ // On the HAL side we keep track of the ID that was assigned to the libeic object
+ // created in secure hardware. For every call into libeic we validate that this
+ // identifier matches what is on the secure side. This is what the validateId()
+ // method does.
+ //
+ uint32_t id_ = 0;
};
// Factory implementation.
@@ -150,6 +225,10 @@
return new FakeSecureHardwareProvisioningProxy();
}
+ sp<SecureHardwareSessionProxy> createSessionProxy() override {
+ return new FakeSecureHardwareSessionProxy();
+ }
+
sp<SecureHardwarePresentationProxy> createPresentationProxy() override {
return new FakeSecureHardwarePresentationProxy();
}