Identity Credential: Pass additional information to HAL. Without this extra information passed upfront it's not practical to implement a HAL which incrementally builds up cryptographically authenticated data. Two new methods are added to facilitate this and the HAL version number is bumped to 2. Bug: 154631410 Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: Iff63dfa2c4485c8768e06e7f6d70e940cfc8f68e

commit: 28edb103343576455941f39865a587d346476e65 [log] [tgz]
author: David Zeuthen <zeuthen@google.com> Tue Apr 28 18:54:55 2020 -0400
committer: David Zeuthen <zeuthen@google.com> Wed Apr 29 14:27:18 2020 -0400
tree: 77f28316d19fbb995b0249fe55a1f61002a8022e
parent: a0796e98c298fc1fc7df88f26c0d417454c34fea [diff] [blame]
diff --git a/identity/aidl/default/WritableIdentityCredential.cpp b/identity/aidl/default/WritableIdentityCredential.cpp
index b392444..8bc4b49 100644
--- a/identity/aidl/default/WritableIdentityCredential.cpp
+++ b/identity/aidl/default/WritableIdentityCredential.cpp

@@ -22,6 +22,7 @@
 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
 
 #include <android-base/logging.h>
+#include <android-base/stringprintf.h>
 
 #include <cppbor/cppbor.h>
 #include <cppbor/cppbor_parse.h>
@@ -34,6 +35,7 @@
 
 namespace aidl::android::hardware::identity {
 
+using ::android::base::StringPrintf;
 using ::std::optional;
 using namespace ::android::hardware::identity;
 
@@ -105,6 +107,12 @@
     return ndk::ScopedAStatus::ok();
 }
 
+ndk::ScopedAStatus WritableIdentityCredential::setExpectedProofOfProvisioningSize(
+        int32_t expectedProofOfProvisioningSize) {
+    expectedProofOfProvisioningSize_ = expectedProofOfProvisioningSize;
+    return ndk::ScopedAStatus::ok();
+}
+
 ndk::ScopedAStatus WritableIdentityCredential::startPersonalization(
         int32_t accessControlProfileCount, const vector<int32_t>& entryCounts) {
     if (startPersonalizationCalled_) {
@@ -382,6 +390,16 @@
             .add(testCredential_);
     vector<uint8_t> encodedCbor = popArray.encode();
 
+    if (encodedCbor.size() != expectedProofOfProvisioningSize_) {
+        LOG(ERROR) << "CBOR for proofOfProvisioning is " << encodedCbor.size() << " bytes, "
+                   << "was expecting " << expectedProofOfProvisioningSize_;
+        return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
+                IIdentityCredentialStore::STATUS_INVALID_DATA,
+                StringPrintf("Unexpected CBOR size %zd for proofOfProvisioning, was expecting %zd",
+                             encodedCbor.size(), expectedProofOfProvisioningSize_)
+                        .c_str()));
+    }
+
     optional<vector<uint8_t>> signature = support::coseSignEcDsa(credentialPrivKey_,
                                                                  encodedCbor,  // payload
                                                                  {},           // additionalData
commit	28edb103343576455941f39865a587d346476e65	[log] [tgz]
author	David Zeuthen <zeuthen@google.com>	Tue Apr 28 18:54:55 2020 -0400
committer	David Zeuthen <zeuthen@google.com>	Wed Apr 29 14:27:18 2020 -0400
tree	77f28316d19fbb995b0249fe55a1f61002a8022e
parent	a0796e98c298fc1fc7df88f26c0d417454c34fea [diff] [blame]