Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / be32113307d67f54e594e5322f85b65e4e2c4fdb^! / . / identity / aidl / default / EicOpsImpl.cc
commitbe32113307d67f54e594e5322f85b65e4e2c4fdb[log] [tgz]
authorSeth Moore <sethmo@google.com>Tue Jan 25 22:44:24 2022 +0000
committerSeth Moore <sethmo@google.com>Tue Jan 25 22:44:24 2022 +0000
treea9b8786c217a28e6c47f127ae518109cc98c3a41
parentb5b69f0e009388fccb000a9a8aac5a38dbbd2726 [diff] [blame]
Revert "Add remote key provisioning to the IC HAL"

Revert "Add dependency on keymint cpp lib"

Revert "Allow default identity service to call keymint"

Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I76a898c04090c5befe5fb5a5d07ec2e397fdd8b3

diff --git a/identity/aidl/default/EicOpsImpl.cc b/identity/aidl/default/EicOpsImpl.cc
index 3fd9f1d..c98a91e 100644
--- a/identity/aidl/default/EicOpsImpl.cc
+++ b/identity/aidl/default/EicOpsImpl.cc

@@ -267,42 +267,25 @@
 
 bool eicOpsCreateCredentialKey(uint8_t privateKey[EIC_P256_PRIV_KEY_SIZE], const uint8_t* challenge,
                                size_t challengeSize, const uint8_t* applicationId,
-                               size_t applicationIdSize, bool testCredential,
-                               const uint8_t* attestationKeyBlob, size_t attestationKeyBlobSize,
-                               const uint8_t* attestationKeyCert, size_t attestationKeyCertSize,
-                               uint8_t* cert, size_t* certSize) {
-    vector<uint8_t> flatChain;
-    vector<uint8_t> keyPair;
-    vector<uint8_t> challengeVec(challenge, challenge + challengeSize);
-    vector<uint8_t> applicationIdVec(applicationId, applicationId + applicationIdSize);
-    if (attestationKeyBlob && attestationKeyBlobSize > 0 && attestationKeyCert &&
-        attestationKeyCertSize > 0) {
-        vector<uint8_t> attestationKeyBlobVec(attestationKeyBlob,
-                                              attestationKeyBlob + attestationKeyBlobSize);
-        vector<uint8_t> attestationKeyCertVec(attestationKeyCert,
-                                              attestationKeyCert + attestationKeyCertSize);
-        optional<std::pair<vector<uint8_t>, vector<uint8_t>>> keyAndCert =
-                android::hardware::identity::support::createEcKeyPairWithAttestationKey(
-                        challengeVec, applicationIdVec, attestationKeyBlobVec,
-                        attestationKeyCertVec, testCredential);
-        if (!keyAndCert) {
-            eicDebug("Error generating CredentialKey and attestation");
-            return false;
-        }
-        keyPair = std::move(keyAndCert->first);
-        flatChain = std::move(keyAndCert->second);
-    } else {
-        optional<std::pair<vector<uint8_t>, vector<vector<uint8_t>>>> ret =
-                android::hardware::identity::support::createEcKeyPairAndAttestation(
-                        challengeVec, applicationIdVec, testCredential);
-        if (!ret) {
-            eicDebug("Error generating CredentialKey and attestation");
-            return false;
-        }
-        keyPair = std::move(ret->first);
-        flatChain = android::hardware::identity::support::certificateChainJoin(ret->second);
+                               size_t applicationIdSize, bool testCredential, uint8_t* cert,
+                               size_t* certSize) {
+    vector<uint8_t> challengeVec(challengeSize);
+    memcpy(challengeVec.data(), challenge, challengeSize);
+
+    vector<uint8_t> applicationIdVec(applicationIdSize);
+    memcpy(applicationIdVec.data(), applicationId, applicationIdSize);
+
+    optional<std::pair<vector<uint8_t>, vector<vector<uint8_t>>>> ret =
+            android::hardware::identity::support::createEcKeyPairAndAttestation(
+                    challengeVec, applicationIdVec, testCredential);
+    if (!ret) {
+        eicDebug("Error generating CredentialKey and attestation");
+        return false;
     }
 
+    // Extract certificate chain.
+    vector<uint8_t> flatChain =
+            android::hardware::identity::support::certificateChainJoin(ret.value().second);
     if (*certSize < flatChain.size()) {
         eicDebug("Buffer for certificate is only %zd bytes long, need %zd bytes", *certSize,
                  flatChain.size());
@@ -313,7 +296,7 @@
 
     // Extract private key.
     optional<vector<uint8_t>> privKey =
-            android::hardware::identity::support::ecKeyPairGetPrivateKey(keyPair);
+            android::hardware::identity::support::ecKeyPairGetPrivateKey(ret.value().first);
     if (!privKey) {
         eicDebug("Error extracting private key");
         return false;
@@ -537,12 +520,10 @@
 #ifdef EIC_DEBUG
 
 void eicPrint(const char* format, ...) {
-    char buf[1024];
     va_list args;
     va_start(args, format);
-    vsnprintf(buf, sizeof(buf), format, args);
+    vfprintf(stderr, format, args);
     va_end(args);
-    LOG(INFO) << buf;
 }
 
 void eicHexdump(const char* message, const uint8_t* data, size_t dataSize) {