identity: Add multi-document presentation support.
This new IPresentationSession interface enables an application to do a
multi-document presentation, something which isn't possible with the
existing API. As a practical example of this consider presenting both
your Mobile Driving License and your Vaccination Certificate in a single
transaction.
Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I11712dca35df7f1224debf454731bc17ea9bfb37
diff --git a/identity/aidl/default/libeic/EicPresentation.c b/identity/aidl/default/libeic/EicPresentation.c
index 0d03ae9..104a559 100644
--- a/identity/aidl/default/libeic/EicPresentation.c
+++ b/identity/aidl/default/libeic/EicPresentation.c
@@ -16,11 +16,17 @@
#include "EicPresentation.h"
#include "EicCommon.h"
+#include "EicSession.h"
#include <inttypes.h>
-bool eicPresentationInit(EicPresentation* ctx, bool testCredential, const char* docType,
- size_t docTypeLength, const uint8_t* encryptedCredentialKeys,
+// Global used for assigning ids for presentation objects.
+//
+static uint32_t gPresentationLastIdAssigned = 0;
+
+bool eicPresentationInit(EicPresentation* ctx, uint32_t sessionId, bool testCredential,
+ const char* docType, size_t docTypeLength,
+ const uint8_t* encryptedCredentialKeys,
size_t encryptedCredentialKeysSize) {
uint8_t credentialKeys[EIC_CREDENTIAL_KEYS_CBOR_SIZE_FEATURE_VERSION_202101];
bool expectPopSha256 = false;
@@ -39,6 +45,13 @@
}
eicMemSet(ctx, '\0', sizeof(EicPresentation));
+ ctx->sessionId = sessionId;
+
+ if (!eicNextId(&gPresentationLastIdAssigned)) {
+ eicDebug("Error getting id for object");
+ return false;
+ }
+ ctx->id = gPresentationLastIdAssigned;
if (!eicOpsDecryptAes128Gcm(eicOpsGetHardwareBoundKey(testCredential), encryptedCredentialKeys,
encryptedCredentialKeysSize,
@@ -86,6 +99,23 @@
if (expectPopSha256) {
eicMemCpy(ctx->proofOfProvisioningSha256, credentialKeys + 54, EIC_SHA256_DIGEST_SIZE);
}
+
+ eicDebug("Initialized presentation with id %" PRIu32, ctx->id);
+ return true;
+}
+
+bool eicPresentationShutdown(EicPresentation* ctx) {
+ if (ctx->id == 0) {
+ eicDebug("Trying to shut down presentation with id 0");
+ return false;
+ }
+ eicDebug("Shut down presentation with id %" PRIu32, ctx->id);
+ eicMemSet(ctx, '\0', sizeof(EicPresentation));
+ return true;
+}
+
+bool eicPresentationGetId(EicPresentation* ctx, uint32_t* outId) {
+ *outId = ctx->id;
return true;
}
@@ -174,7 +204,7 @@
eicDebug("Failed generating random challenge");
return false;
}
- } while (ctx->authChallenge == 0);
+ } while (ctx->authChallenge == EIC_KM_AUTH_CHALLENGE_UNSET);
eicDebug("Created auth challenge %" PRIu64, ctx->authChallenge);
*authChallenge = ctx->authChallenge;
return true;
@@ -190,6 +220,24 @@
int coseSignAlg,
const uint8_t* readerSignatureOfToBeSigned,
size_t readerSignatureOfToBeSignedSize) {
+ if (ctx->sessionId != 0) {
+ EicSession* session = eicSessionGetForId(ctx->sessionId);
+ if (session == NULL) {
+ eicDebug("Error looking up session for sessionId %" PRIu32, ctx->sessionId);
+ return false;
+ }
+ EicSha256Ctx sha256;
+ uint8_t sessionTranscriptSha256[EIC_SHA256_DIGEST_SIZE];
+ eicOpsSha256Init(&sha256);
+ eicOpsSha256Update(&sha256, sessionTranscript, sessionTranscriptSize);
+ eicOpsSha256Final(&sha256, sessionTranscriptSha256);
+ if (eicCryptoMemCmp(sessionTranscriptSha256, session->sessionTranscriptSha256,
+ EIC_SHA256_DIGEST_SIZE) != 0) {
+ eicDebug("SessionTranscript mismatch");
+ return false;
+ }
+ }
+
if (ctx->readerPublicKeySize == 0) {
eicDebug("No public key for reader");
return false;
@@ -330,6 +378,20 @@
return true;
}
+static bool getChallenge(EicPresentation* ctx, uint64_t* outAuthChallenge) {
+ // Use authChallenge from session if applicable.
+ *outAuthChallenge = ctx->authChallenge;
+ if (ctx->sessionId != 0) {
+ EicSession* session = eicSessionGetForId(ctx->sessionId);
+ if (session == NULL) {
+ eicDebug("Error looking up session for sessionId %" PRIu32, ctx->sessionId);
+ return false;
+ }
+ *outAuthChallenge = session->authChallenge;
+ }
+ return true;
+}
+
bool eicPresentationSetAuthToken(EicPresentation* ctx, uint64_t challenge, uint64_t secureUserId,
uint64_t authenticatorId, int hardwareAuthenticatorType,
uint64_t timeStamp, const uint8_t* mac, size_t macSize,
@@ -338,14 +400,19 @@
int verificationTokenSecurityLevel,
const uint8_t* verificationTokenMac,
size_t verificationTokenMacSize) {
+ uint64_t authChallenge;
+ if (!getChallenge(ctx, &authChallenge)) {
+ return false;
+ }
+
// It doesn't make sense to accept any tokens if eicPresentationCreateAuthChallenge()
// was never called.
- if (ctx->authChallenge == 0) {
- eicDebug("Trying validate tokens when no auth-challenge was previously generated");
+ if (authChallenge == EIC_KM_AUTH_CHALLENGE_UNSET) {
+ eicDebug("Trying to validate tokens when no auth-challenge was previously generated");
return false;
}
// At least the verification-token must have the same challenge as what was generated.
- if (verificationTokenChallenge != ctx->authChallenge) {
+ if (verificationTokenChallenge != authChallenge) {
eicDebug("Challenge in verification token does not match the challenge "
"previously generated");
return false;
@@ -354,6 +421,7 @@
challenge, secureUserId, authenticatorId, hardwareAuthenticatorType, timeStamp, mac,
macSize, verificationTokenChallenge, verificationTokenTimestamp,
verificationTokenSecurityLevel, verificationTokenMac, verificationTokenMacSize)) {
+ eicDebug("Error validating authToken");
return false;
}
ctx->authTokenChallenge = challenge;
@@ -377,11 +445,16 @@
// Only ACP with auth-on-every-presentation - those with timeout == 0 - need the
// challenge to match...
if (timeoutMillis == 0) {
- if (ctx->authTokenChallenge != ctx->authChallenge) {
+ uint64_t authChallenge;
+ if (!getChallenge(ctx, &authChallenge)) {
+ return false;
+ }
+
+ if (ctx->authTokenChallenge != authChallenge) {
eicDebug("Challenge in authToken (%" PRIu64
") doesn't match the challenge "
"that was created (%" PRIu64 ") for this session",
- ctx->authTokenChallenge, ctx->authChallenge);
+ ctx->authTokenChallenge, authChallenge);
return false;
}
}
@@ -490,6 +563,25 @@
const uint8_t signingKeyBlob[60], const char* docType,
size_t docTypeLength, unsigned int numNamespacesWithValues,
size_t expectedDeviceNamespacesSize) {
+ if (ctx->sessionId != 0) {
+ EicSession* session = eicSessionGetForId(ctx->sessionId);
+ if (session == NULL) {
+ eicDebug("Error looking up session for sessionId %" PRIu32, ctx->sessionId);
+ return false;
+ }
+ EicSha256Ctx sha256;
+ uint8_t sessionTranscriptSha256[EIC_SHA256_DIGEST_SIZE];
+ eicOpsSha256Init(&sha256);
+ eicOpsSha256Update(&sha256, sessionTranscript, sessionTranscriptSize);
+ eicOpsSha256Final(&sha256, sessionTranscriptSha256);
+ if (eicCryptoMemCmp(sessionTranscriptSha256, session->sessionTranscriptSha256,
+ EIC_SHA256_DIGEST_SIZE) != 0) {
+ eicDebug("SessionTranscript mismatch");
+ return false;
+ }
+ readerEphemeralPublicKey = session->readerEphemeralPublicKey;
+ }
+
uint8_t signingKeyPriv[EIC_P256_PRIV_KEY_SIZE];
if (!eicOpsDecryptAes128Gcm(ctx->storageKey, signingKeyBlob, 60, (const uint8_t*)docType,
docTypeLength, signingKeyPriv)) {